Sign PAF contents before packaging it #290
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Native CI/CD | |
| on: | |
| push: | |
| paths: | |
| - .github/workflows/native.yaml | |
| - native/** | |
| tags: | |
| - v* | |
| branches-ignore: | |
| - crowdin-* | |
| pull_request: | |
| paths: | |
| - .github/workflows/native.yaml | |
| - native/** | |
| defaults: | |
| run: | |
| shell: bash | |
| jobs: | |
| clippy: | |
| name: Clippy (${{ matrix.os }}) | |
| runs-on: ${{ matrix.os }} | |
| permissions: | |
| contents: read | |
| defaults: | |
| run: | |
| working-directory: native | |
| shell: bash | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| include: | |
| - os: ubuntu-latest | |
| - os: windows-latest | |
| - os: windows-latest | |
| flags: --features portable | |
| portable: true | |
| - os: macos-latest | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/checkout@v4 | |
| - name: Configure Rust and Clippy | |
| uses: actions-rust-lang/setup-rust-toolchain@v1 | |
| with: | |
| toolchain: stable | |
| components: clippy | |
| cache: false | |
| rustflags: '' | |
| - name: Configure cache | |
| uses: Swatinem/rust-cache@v2 | |
| with: | |
| workspaces: native | |
| cache-on-failure: true | |
| cache-all-crates: true | |
| key: ${{ matrix.portable == true }} | |
| - name: Run Clippy | |
| run: cargo clippy --all-targets ${{ matrix.flags }} -- -D warnings | |
| rustfmt: | |
| name: Rustfmt | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: read | |
| defaults: | |
| run: | |
| working-directory: native | |
| shell: bash | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/checkout@v4 | |
| - name: Configure Rust and Rustfmt | |
| uses: actions-rust-lang/setup-rust-toolchain@v1 | |
| with: | |
| toolchain: nightly | |
| components: rustfmt | |
| cache: false | |
| rustflags: '' | |
| - name: Configure cache | |
| uses: Swatinem/rust-cache@v2 | |
| with: | |
| workspaces: native | |
| cache-on-failure: true | |
| cache-all-crates: true | |
| - name: Run Rustfmt | |
| run: cargo fmt --all -- --check | |
| build: | |
| name: Build (${{ matrix.target }}, ${{ matrix.portable && 'portable' || 'normal' }}) | |
| runs-on: ${{ matrix.os }} | |
| permissions: | |
| actions: read | |
| contents: read | |
| attestations: write | |
| id-token: write | |
| defaults: | |
| run: | |
| working-directory: native | |
| shell: bash | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| include: | |
| # Normal builds for Linux | |
| - os: ubuntu-latest | |
| target: x86_64-unknown-linux-gnu | |
| flags: --features static | |
| - os: ubuntu-latest | |
| target: i686-unknown-linux-gnu | |
| flags: --features static | |
| - os: ubuntu-latest | |
| target: aarch64-unknown-linux-gnu | |
| flags: --features static | |
| - os: ubuntu-latest | |
| target: armv7-unknown-linux-gnueabihf | |
| flags: --features static | |
| # Normal builds for Windows | |
| - os: windows-latest | |
| target: x86_64-pc-windows-msvc | |
| - os: windows-latest | |
| target: i686-pc-windows-msvc | |
| # Portable builds for Windows | |
| - os: windows-latest | |
| target: x86_64-pc-windows-msvc | |
| flags: --features portable | |
| portable: true | |
| steps: | |
| # == Setting Environment | |
| - name: Checkout repository | |
| uses: actions/checkout@v4 | |
| - name: Configure Rust | |
| uses: actions-rust-lang/setup-rust-toolchain@v1 | |
| with: | |
| toolchain: stable | |
| target: ${{ matrix.target }} | |
| cache: false | |
| rustflags: '' | |
| - name: Configure cache | |
| uses: Swatinem/rust-cache@v2 | |
| with: | |
| workspaces: | | |
| native | |
| native/packages/paf/PWAsForFirefoxHelpers | |
| cache-on-failure: true | |
| cache-all-crates: true | |
| key: ${{ matrix.target }}-${{ matrix.portable == true }} | |
| # == Setting Dependencies | |
| - name: Install cross (Linux) | |
| if: matrix.os == 'ubuntu-latest' | |
| run: | | |
| # Use cross 0.2.4 for now because newer versions require too new glibc versions | |
| # In the future, we should update cross and configure zig to link to older glibc | |
| cargo install cross --git https://github.com/cross-rs/cross.git --rev 4645d937bdae6952d9df38eff3ecb91fd719c3bd | |
| - name: Install Cargo DEB (Linux) | |
| if: matrix.os == 'ubuntu-latest' | |
| run: | | |
| cargo install cargo-deb --git https://github.com/kornelski/cargo-deb.git --rev 7e66d7f6162cc1cc2349c2abfb6258bf43eb6aa5 | |
| - name: Install Cargo RPM (Linux) | |
| if: matrix.os == 'ubuntu-latest' | |
| run: | | |
| cargo install cargo-rpm --git https://github.com/filips123/cargo-rpm.git --rev cf5e33de8e8dbb80103f81afc8a2bcd471ef6d31 | |
| - name: Install Cargo WiX (Windows) | |
| if: matrix.os == 'windows-latest' && matrix.portable != true | |
| run: | | |
| echo "${WIX}bin" >> $GITHUB_PATH | |
| cargo install cargo-wix --git https://github.com/volks73/cargo-wix.git --rev 032be8310f9aa9684e9524db54632792a9d85e28 | |
| - name: Install PortableApps.com (Windows) | |
| if: matrix.os == 'windows-latest' && matrix.portable == true | |
| run: | | |
| mkdir $TEMP/PortableAppsLauncher && cd $TEMP/PortableAppsLauncher | |
| curl -L "https://github.com/filips123/PortableAppsTools/releases/download/PortableAppsLauncher/2.2.9/PortableAppsLauncher.paf.exe" -o PortableAppsLauncher.paf.exe | |
| 7z x -y PortableAppsLauncher.paf.exe | |
| echo $TEMP/PortableAppsLauncher >> $GITHUB_PATH | |
| mkdir $TEMP/PortableAppsInstaller && cd $TEMP/PortableAppsInstaller | |
| curl -L "https://github.com/filips123/PortableAppsTools/releases/download/PortableAppsInstaller/3.8.12/PortableAppsInstaller.paf.exe" -o PortableAppsInstaller.paf.exe | |
| 7z x -y PortableAppsInstaller.paf.exe | |
| echo $TEMP/PortableAppsInstaller >> $GITHUB_PATH | |
| # == Building Project | |
| - name: Configure Linux builds | |
| if: matrix.os == 'ubuntu-latest' | |
| run: | | |
| # Replace completions paths with the correct paths for cross-compilation | |
| sed -i 's/..\/target\/release\/completions\//..\/target\/${{ matrix.target }}\/release\/completions\//g' Cargo.toml | |
| # Pin cross images to 0.2.4 as newer versions require too new glibc versions | |
| printf '[target.x86_64-unknown-linux-gnu]\nimage = "ghcr.io/cross-rs/x86_64-unknown-linux-gnu:0.2.4"\n\n' >> Cross.toml | |
| printf '[target.i686-unknown-linux-gnu]\nimage = "ghcr.io/cross-rs/i686-unknown-linux-gnu:0.2.4"\n\n' >> Cross.toml | |
| printf '[target.aarch64-unknown-linux-gnu]\nimage = "ghcr.io/cross-rs/aarch64-unknown-linux-gnu:0.2.4"\n\n' >> Cross.toml | |
| printf '[target.armv7-unknown-linux-gnueabihf]\nimage = "ghcr.io/cross-rs/armv7-unknown-linux-gnueabihf:0.2.4"\n\n' >> Cross.toml | |
| # Manually specify minimum libc6 version as cargo-deb cannot determine it correctly when using cross | |
| sed -i '/\[package.metadata.deb\]/a depends = "libc6 (>= 2.18)"' Cargo.toml | |
| # Configure binutils for ARM targets | |
| if [[ ${{ matrix.target }} == aarch64-* ]] || [[ ${{ matrix.target }} == armv7-* ]] | |
| then | |
| sudo apt-get update | |
| sudo apt-get install binutils-aarch64-linux-gnu binutils-arm-linux-gnueabihf | |
| mkdir -p .cargo && touch .cargo/config | |
| printf '[target.aarch64-unknown-linux-gnu]\nstrip = { path = "aarch64-linux-gnu-strip" }\nobjcopy = { path = "aarch64-linux-gnu-objcopy" }\n\n' >> .cargo/config | |
| printf '[target.armv7-unknown-linux-gnueabihf]\nstrip = { path = "arm-linux-gnueabihf-strip" }\nobjcopy = { path = "arm-linux-gnueabihf-objcopy" }\n' >> .cargo/config | |
| fi | |
| - name: Determine the target architecture | |
| id: target | |
| env: | |
| TARGET: ${{ matrix.target }} | |
| run: echo "target=${TARGET%%-*}" >> $GITHUB_OUTPUT | |
| - name: Set the version | |
| run: | | |
| if [[ $GITHUB_REF == refs/tags/v* ]] | |
| then | |
| VERSION=${GITHUB_REF/refs\/tags\/v} | |
| echo "VERSION=$VERSION" >> $GITHUB_ENV | |
| sed -i "s/version = \"0.0.0\"/version = \"$VERSION\"/g" Cargo.toml | |
| sed -i "s/DISTRIBUTION_VERSION = '0.0.0'/DISTRIBUTION_VERSION = '$VERSION'/g" userchrome/profile/chrome/pwa/chrome.jsm | |
| else | |
| echo "VERSION=0.0.0" >> $GITHUB_ENV | |
| fi | |
| - name: Build the project | |
| run: | | |
| [[ ${{ matrix.os }} == ubuntu-latest ]] && CARGO="cross" || CARGO="cargo" | |
| $CARGO build --release --target ${{ matrix.target }} ${{ matrix.flags }} | |
| # == Packaging Shell Completions | |
| - name: Package shell completions | |
| if: matrix.target == 'x86_64-unknown-linux-gnu' | |
| run: | | |
| zip -rj target/completions.zip target/x86_64-unknown-linux-gnu/release/completions/* | |
| - name: Upload shell completions | |
| if: matrix.target == 'x86_64-unknown-linux-gnu' | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: build-artifacts-shell-completions | |
| path: native/target/completions.zip | |
| compression-level: 0 | |
| # == Packaging Linux DEB | |
| - name: Package DEB (Linux) | |
| if: matrix.os == 'ubuntu-latest' | |
| run: | | |
| cargo deb --verbose --no-build --target ${{ matrix.target }} | |
| mkdir -p target/debian/ && cp -r target/${{ matrix.target }}/debian/*.deb target/debian/ | |
| - name: Upload DEB (Linux) | |
| if: matrix.os == 'ubuntu-latest' | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: build-artifacts-linux-deb-${{ steps.target.outputs.target }} | |
| path: native/target/debian/*.deb | |
| compression-level: 0 | |
| # == Packaging Linux RPM | |
| - name: Package RPM (Linux) | |
| if: matrix.os == 'ubuntu-latest' | |
| run: | | |
| cargo rpm build --verbose --no-cargo-build --target ${{ matrix.target }} | |
| - name: Upload RPM (Linux) | |
| if: matrix.os == 'ubuntu-latest' | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: build-artifacts-linux-rpm-${{ steps.target.outputs.target }} | |
| path: native/target/rpm/*.rpm | |
| compression-level: 0 | |
| # == Packaging Windows MSI | |
| - name: Upload unsigned executables (Windows, MSI) | |
| id: unsigned-executables-normal | |
| if: matrix.os == 'windows-latest' && matrix.portable != true # && startsWith(github.ref, 'refs/tags/v') | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: unsigned-executables-normal-${{ steps.target.outputs.target }} | |
| path: native/target/${{ matrix.target }}/release/*.exe | |
| - name: Sign executables with SignPath (Windows, MSI) | |
| if: matrix.os == 'windows-latest' && matrix.portable != true # && startsWith(github.ref, 'refs/tags/v') | |
| uses: signpath/github-action-submit-signing-request@v1 | |
| with: | |
| api-token: ${{ secrets.SIGNPATH_TOKEN }} | |
| organization-id: ${{ vars.SIGNPATH_ORGANIZATION_ID }} | |
| project-slug: ${{ vars.SIGNPATH_PROJECT_SLUG }} | |
| signing-policy-slug: ${{ vars.SIGNPATH_POLICY_SLUG }} | |
| github-artifact-id: ${{ steps.unsigned-executables-normal.outputs.artifact-id }} | |
| artifact-configuration-slug: installer-contents | |
| output-artifact-directory: native/target/${{ matrix.target }}/release | |
| - name: Package MSI (Windows, MSI) | |
| if: matrix.os == 'windows-latest' && matrix.portable != true | |
| run: | | |
| heat dir userchrome -o packages/wix/userchrome.wxs -scom -srd -sreg -gg -cg UserChrome -dr UserChromeDir -var wix.UserChromeSource | |
| cargo wix --verbose --no-build --nocapture --target ${{ matrix.target }} | |
| - name: Upload unsigned MSI (Windows, MSI) | |
| id: artifact-unsigned-msi | |
| if: matrix.os == 'windows-latest' && matrix.portable != true | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: unsigned-artifacts-windows-msi-${{ steps.target.outputs.target }} | |
| path: native/target/wix/*.msi | |
| compression-level: 0 | |
| - name: Sign MSI with SignPath (Windows, MSI) | |
| if: matrix.os == 'windows-latest' && matrix.portable != true # && startsWith(github.ref, 'refs/tags/v') | |
| uses: signpath/github-action-submit-signing-request@v1 | |
| with: | |
| api-token: ${{ secrets.SIGNPATH_TOKEN }} | |
| organization-id: ${{ vars.SIGNPATH_ORGANIZATION_ID }} | |
| project-slug: ${{ vars.SIGNPATH_PROJECT_SLUG }} | |
| signing-policy-slug: ${{ vars.SIGNPATH_POLICY_SLUG }} | |
| github-artifact-id: ${{ steps.artifact-unsigned-msi.outputs.artifact-id }} | |
| artifact-configuration-slug: installer | |
| output-artifact-directory: signed/msi | |
| - name: Upload signed MSI (Windows, MSI) | |
| if: matrix.os == 'windows-latest' && matrix.portable != true # && startsWith(github.ref, 'refs/tags/v') | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: build-artifacts-windows-msi-${{ steps.target.outputs.target }} | |
| path: signed/msi/*.msi | |
| compression-level: 0 | |
| # == Packaging Windows PAF | |
| - name: Prepare portable package (Windows, PAF) | |
| if: matrix.os == 'windows-latest' && matrix.portable == true | |
| run: | | |
| # Build helper executables | |
| echo "::group::Building helpers" | |
| (cd packages/paf/PWAsForFirefoxHelpers && cargo build --release --target ${{ matrix.target }}) | |
| echo "::endgroup::" | |
| # Copy files to the portable app package | |
| echo "::group::Copying files to the package" | |
| mkdir -p packages/paf/PWAsForFirefoxPortable/App/PWAsForFirefox/ | |
| cp target/${{ matrix.target }}/release/firefoxpwa.exe packages/paf/PWAsForFirefoxPortable/App/PWAsForFirefox/ | |
| cp target/${{ matrix.target }}/release/firefoxpwa-connector.exe packages/paf/PWAsForFirefoxPortable/App/PWAsForFirefox/ | |
| cp packages/paf/PWAsForFirefoxHelpers/target/${{ matrix.target }}/release/firefoxpwa-background.exe packages/paf/PWAsForFirefoxPortable/App/PWAsForFirefox/ | |
| cp manifests/windows.json packages/paf/PWAsForFirefoxPortable/App/PWAsForFirefox/firefoxpwa.json | |
| cp -r userchrome/ packages/paf/PWAsForFirefoxPortable/App/PWAsForFirefox/ | |
| echo "::endgroup::" | |
| # Set the package version | |
| echo "::group::Setting the package versions" | |
| if [[ $VERSION != 0.0.0 ]] | |
| then | |
| sed -i "s/PackageVersion=0.0.0.0/PackageVersion=$VERSION.0/g" packages/paf/PWAsForFirefoxPortable/App/AppInfo/appinfo.ini | |
| sed -i "s/DisplayVersion=0.0.0/DisplayVersion=$VERSION/g" packages/paf/PWAsForFirefoxPortable/App/AppInfo/appinfo.ini | |
| fi | |
| echo "::endgroup::" | |
| # Generate the launcher | |
| echo "::group::Generating the launcher" | |
| (cd packages/paf && PortableApps.comLauncherGenerator.exe $(cygpath -d $(realpath PWAsForFirefoxPortable))) | |
| echo "::endgroup::" | |
| - name: Upload unsigned contents (Windows, PAF) | |
| id: unsigned-executables-portable | |
| if: matrix.os == 'windows-latest' && matrix.portable == true # && startsWith(github.ref, 'refs/tags/v') | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: unsigned-executables-portable-${{ steps.target.outputs.target }} | |
| path: native/packages/paf/PWAsForFirefoxPortable | |
| - name: Sign contents with SignPath (Windows, PAF) | |
| if: matrix.os == 'windows-latest' && matrix.portable == true # && startsWith(github.ref, 'refs/tags/v') | |
| uses: signpath/github-action-submit-signing-request@v1 | |
| with: | |
| api-token: ${{ secrets.SIGNPATH_TOKEN }} | |
| organization-id: ${{ vars.SIGNPATH_ORGANIZATION_ID }} | |
| project-slug: ${{ vars.SIGNPATH_PROJECT_SLUG }} | |
| signing-policy-slug: ${{ vars.SIGNPATH_POLICY_SLUG }} | |
| github-artifact-id: ${{ steps.unsigned-executables-portable.outputs.artifact-id }} | |
| artifact-configuration-slug: portable-contents | |
| output-artifact-directory: native/packages/paf/PWAsForFirefoxPortable | |
| - name: Generate portable package (Windows, PAF) | |
| if: matrix.os == 'windows-latest' && matrix.portable == true | |
| run: | | |
| # Generate the installer | |
| echo "::group::Generating the launcher" | |
| (cd packages/paf && PortableApps.comInstaller.exe $(cygpath -d $(realpath PWAsForFirefoxPortable))) | |
| echo "::endgroup::" | |
| # Rename the installer | |
| echo "::group::Renaming the installer" | |
| mkdir -p target/paf/ | |
| mv packages/paf/PWAsForFirefoxPortable_*.paf.exe target/paf/firefoxpwa_${VERSION}_online.paf.exe | |
| echo "::endgroup::" | |
| - name: Upload unsigned PAF (Windows, PAF) | |
| id: artifact-unsigned-paf | |
| if: matrix.os == 'windows-latest' && matrix.portable == true | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: unsigned-artifacts-windows-paf-${{ steps.target.outputs.target }} | |
| path: native/target/paf/*.paf.exe | |
| compression-level: 0 | |
| - name: Sign PAF with SignPath (Windows, PAF) | |
| if: matrix.os == 'windows-latest' && matrix.portable == true # && startsWith(github.ref, 'refs/tags/v') | |
| uses: signpath/github-action-submit-signing-request@v1 | |
| with: | |
| api-token: ${{ secrets.SIGNPATH_TOKEN }} | |
| organization-id: ${{ vars.SIGNPATH_ORGANIZATION_ID }} | |
| project-slug: ${{ vars.SIGNPATH_PROJECT_SLUG }} | |
| signing-policy-slug: ${{ vars.SIGNPATH_POLICY_SLUG }} | |
| github-artifact-id: ${{ steps.artifact-unsigned-paf.outputs.artifact-id }} | |
| artifact-configuration-slug: portable | |
| output-artifact-directory: signed/paf | |
| - name: Upload signed PAF (Windows, PAF) | |
| if: matrix.os == 'windows-latest' && matrix.portable == true # && startsWith(github.ref, 'refs/tags/v') | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: build-artifacts-windows-paf-${{ steps.target.outputs.target }} | |
| path: signed/paf/*.paf.exe | |
| compression-level: 0 | |
| # == BUILD PROVENANCE | |
| - name: Attest artifacts | |
| # if: startsWith(github.ref, 'refs/tags/v') | |
| uses: actions/attest-build-provenance@v1 | |
| with: | |
| subject-path: | | |
| native/target/completions.zip | |
| native/target/debian/*.deb | |
| native/target/rpm/*.rpm | |
| native/target/wix/*.msi | |
| native/target/paf/*.paf.exe | |
| signed/msi/*.msi | |
| signed/paf/*.paf.exe | |
| release-github: | |
| name: Release on GitHub | |
| if: startsWith(github.ref, 'refs/tags/v') | |
| runs-on: ubuntu-latest | |
| permissions: | |
| actions: read | |
| contents: write | |
| needs: | |
| - clippy | |
| - rustfmt | |
| - build | |
| steps: | |
| - name: Download artifacts | |
| uses: actions/download-artifact@v4 | |
| with: | |
| pattern: build-artifact-* | |
| path: artifacts | |
| merge-multiple: true | |
| - name: Upload artifacts to GitHub Release | |
| uses: softprops/action-gh-release@c062e08bd532815e2082a85e87e3ef29c3e6d191 | |
| with: | |
| fail_on_unmatched_files: true | |
| files: | | |
| artifacts/completions.zip | |
| artifacts/*.deb | |
| artifacts/*.rpm | |
| artifacts/*.msi | |
| artifacts/*.paf.exe | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| release-packagecloud: | |
| name: Release on packagecloud.io | |
| if: startsWith(github.ref, 'refs/tags/v') | |
| runs-on: ubuntu-latest | |
| permissions: | |
| actions: read | |
| contents: read | |
| needs: | |
| - clippy | |
| - rustfmt | |
| - build | |
| steps: | |
| - name: Download artifacts | |
| uses: actions/download-artifact@v4 | |
| with: | |
| pattern: build-artifact-linux-* | |
| path: artifacts | |
| merge-multiple: true | |
| - name: Install packagecloud.io CLI | |
| run: sudo gem install package_cloud | |
| - name: Upload artifacts to packagecloud.io repositories | |
| env: | |
| PACKAGECLOUD_TOKEN: ${{ secrets.PACKAGECLOUD_TOKEN }} | |
| run: | | |
| package_cloud push filips/FirefoxPWA/any/any artifacts/*.deb | |
| package_cloud push filips/FirefoxPWA/rpm_any/rpm_any artifacts/*.rpm | |
| release-aur: | |
| name: Release on Arch User Repository | |
| if: startsWith(github.ref, 'refs/tags/v') | |
| runs-on: ubuntu-latest | |
| container: archlinux | |
| permissions: | |
| contents: read | |
| needs: | |
| - release-github | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/checkout@v4 | |
| - name: Install required packages | |
| run: pacman -Syu pacman-contrib pacman namcap sudo --noconfirm --needed | |
| - name: Prepare non-root user | |
| run: chown -R nobody . | |
| - name: Update PKGBUILDs | |
| run: | | |
| echo "::group::Setting the package versions" | |
| VERSION=${GITHUB_REF/refs\/tags\/v} | |
| echo "VERSION=$VERSION" >> $GITHUB_ENV | |
| sed -i "s/pkgver=\$VERSION/pkgver=\"$VERSION\"/g" native/packages/aur/firefox-pwa/PKGBUILD | |
| sed -i "s/pkgver=\$VERSION/pkgver=\"$VERSION\"/g" native/packages/aur/firefox-pwa-bin/PKGBUILD | |
| echo "::endgroup::" | |
| echo "::group::Updating the package checksums" | |
| (cd native/packages/aur/firefox-pwa && sudo -u nobody updpkgsums) | |
| (cd native/packages/aur/firefox-pwa-bin && sudo -u nobody updpkgsums) | |
| echo "::endgroup::" | |
| - name: Verify PKGBUILDs | |
| run: | | |
| # Binary version is skipped because namcap doesn't work with arch-specific sources | |
| (cd native/packages/aur/firefox-pwa && namcap -i PKGBUILD) | |
| - name: Release firefox-pwa package | |
| uses: KSXGitHub/github-actions-deploy-aur@a97f56a8425a7a7f3b8c58607f769c69b089cadb | |
| with: | |
| pkgname: firefox-pwa | |
| pkgbuild: ./native/packages/aur/firefox-pwa/PKGBUILD | |
| assets: ./native/packages/aur/firefox-pwa/** | |
| commit_message: Update to ${{ env.VERSION }} | |
| commit_username: ${{ vars.AUR_USERNAME }} | |
| commit_email: ${{ vars.AUR_EMAIL }} | |
| ssh_private_key: ${{ secrets.AUR_PRIVATE_KEY }} | |
| ssh_keyscan_types: rsa,ecdsa,ed25519 | |
| - name: Release firefox-pwa-bin package | |
| uses: KSXGitHub/github-actions-deploy-aur@a97f56a8425a7a7f3b8c58607f769c69b089cadb | |
| with: | |
| pkgname: firefox-pwa-bin | |
| pkgbuild: ./native/packages/aur/firefox-pwa-bin/PKGBUILD | |
| assets: ./native/packages/aur/firefox-pwa-bin/** | |
| commit_message: Update to ${{ env.VERSION }} | |
| commit_username: ${{ vars.AUR_USERNAME }} | |
| commit_email: ${{ vars.AUR_EMAIL }} | |
| ssh_private_key: ${{ secrets.AUR_PRIVATE_KEY }} | |
| ssh_keyscan_types: rsa,ecdsa,ed25519 | |
| release-gentoo: | |
| name: Release on Gentoo GURU | |
| if: startsWith(github.ref, 'refs/tags/v') | |
| runs-on: ubuntu-latest | |
| container: ghcr.io/filips123/gentoo-pycargoebuild | |
| permissions: | |
| contents: read | |
| needs: | |
| - release-github | |
| steps: | |
| - name: Checkout project repository | |
| uses: actions/checkout@v4 | |
| - name: Checkout GURU repository | |
| uses: actions/checkout@v4 | |
| with: | |
| repository: gentoo/guru | |
| path: tmp/guru | |
| - name: Configure cache | |
| run: echo "CACHE_ID=$(date --utc '+%Y-%V')" >> $GITHUB_ENV | |
| - name: Configure cache | |
| uses: actions/cache@v3 | |
| with: | |
| path: /var/cache/distfiles | |
| key: gentoo-distfiles-${{ env.CACHE_ID }} | |
| restore-keys: gentoo-distfiles- | |
| - name: Import GPG key | |
| run: echo "${{ secrets.GENTOO_KEY_PRIVATE }}" | gpg --import --batch | |
| - name: Prepare Git user | |
| working-directory: tmp/guru | |
| run: | | |
| git config --local user.name "${{ vars.GENTOO_USERNAME }}" | |
| git config --local user.email "${{ vars.GENTOO_EMAIL }}" | |
| git config --local user.signingkey "${{ secrets.GENTOO_KEY_ID }}" | |
| - name: Prepare Git settings | |
| working-directory: tmp/guru | |
| run: | | |
| git config --local pull.ff only | |
| git config --local pull.rebase merges | |
| git config --local commit.gpgsign 1 | |
| - name: Set the version | |
| run: | | |
| VERSION=${GITHUB_REF/refs\/tags\/v} | |
| echo "VERSION=$VERSION" >> $GITHUB_ENV | |
| - name: Generate updated package | |
| working-directory: tmp/guru/www-plugins/firefoxpwa | |
| run: | | |
| echo "::group::Updating the package ebuild" | |
| cp "$GITHUB_WORKSPACE/native/packages/gentoo/firefoxpwa.ebuild" "firefoxpwa-$VERSION.ebuild" | |
| pycargoebuild -i "firefoxpwa-$VERSION.ebuild" "$GITHUB_WORKSPACE/native" | |
| echo "::endgroup::" | |
| echo "::group::Updating the package manifest" | |
| ebuild "firefoxpwa-$VERSION.ebuild" manifest | |
| echo "::endgroup::" | |
| - name: Commit updated package | |
| working-directory: tmp/guru/www-plugins/firefoxpwa | |
| run: | | |
| git add -A | |
| pkgdev commit --signoff | |
| - name: Scan updated package | |
| working-directory: tmp/guru/www-plugins/firefoxpwa | |
| run: | | |
| git remote set-head origin master | |
| pkgcheck scan --net --commits | |
| - name: Push updated package | |
| uses: peter-evans/create-pull-request@8867c4aba1b742c39f8d0ba35429c2dfa4b6cb20 | |
| with: | |
| token: ${{ secrets.GH_TOKEN }} | |
| push-to-fork: filips123/gentoo-guru | |
| path: tmp/guru | |
| branch: "add-firefoxpwa-${{ env.VERSION }}" | |
| title: "www-plugins/firefoxpwa: add ${{ env.VERSION }}" | |
| body: "" | |
| release-winget: | |
| name: Release on Windows Package Manager | |
| if: startsWith(github.ref, 'refs/tags/v') | |
| runs-on: windows-latest | |
| permissions: | |
| contents: read | |
| needs: | |
| - release-github | |
| steps: | |
| - name: Install winget-create | |
| shell: powershell | |
| run: iwr https://aka.ms/wingetcreate/latest -OutFile wingetcreate.exe | |
| - name: Prepare Git user | |
| run: | | |
| git config --global user.name "${{ vars.WINGET_USERNAME }}" | |
| git config --global user.email "${{ vars.WINGET_EMAIL }}" | |
| - name: Update and release package manifest | |
| run: | | |
| VERSION=${GITHUB_REF/refs\/tags\/v} | |
| INSTALLER_64BIT="https://github.com/filips123/PWAsForFirefox/releases/download/v$VERSION/firefoxpwa-$VERSION-x86_64.msi" | |
| INSTALLER_32BIT="https://github.com/filips123/PWAsForFirefox/releases/download/v$VERSION/firefoxpwa-$VERSION-x86.msi" | |
| ./wingetcreate.exe update -s filips.FirefoxPWA -u $INSTALLER_64BIT $INSTALLER_32BIT -v $VERSION -t ${{ secrets.GH_TOKEN }} | |
| release-chocolatey: | |
| name: Release on Chocolatey | |
| if: startsWith(github.ref, 'refs/tags/v') | |
| runs-on: windows-latest | |
| permissions: | |
| actions: read | |
| contents: read | |
| needs: | |
| - release-github | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/checkout@v4 | |
| - name: Download artifacts | |
| uses: actions/download-artifact@v4 | |
| with: | |
| pattern: build-artifact-windows-msi-* | |
| path: artifacts | |
| merge-multiple: true | |
| - name: Calculate version and installer checksums | |
| run: | | |
| echo "::group::Copying installers to the package" | |
| cp -R artifacts/*.msi native/packages/choco/tools/ | |
| echo "::endgroup::" | |
| echo "::group::Setting the package version" | |
| VERSION=${GITHUB_REF/refs\/tags\/v} | |
| sed -i "s/{{PackageVersion}}/$VERSION/g" native/packages/choco/firefoxpwa.nuspec | |
| echo "::endgroup::" | |
| echo "::group::Updating installer checksums" | |
| cd native/packages/choco/tools/ | |
| echo "$(sha256sum *.msi --tag)" >> ../legal/VERIFICATION.txt | |
| echo "::endgroup::" | |
| - name: Prepare Chocolatey package | |
| run: | | |
| cd native/packages/choco/ | |
| choco pack | |
| - name: Release Chocolatey package | |
| run: choco push native/packages/choco/*.nupkg --source https://push.chocolatey.org/ --key ${{secrets.CHOCO_TOKEN}} |