Update GitHub action

- Update docker/build-push-action to v6 - Use oracle-actions/setup-java to install jextract - Move hotfix for build tool variable up - Remove old signing step
DRSchlaubi · Jun 28, 2024 · 18b1335 · 18b1335
1 parent 9e29c6b
commit 18b1335
Show file tree

Hide file tree

Showing 3 changed files with 18 additions and 72 deletions.
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -48,13 +48,13 @@ jobs:
         if: matrix.os == 'windows-latest'
         with:
           cache-workspaces: app/desktop/uwp_helper
-      - name: Setup jextract
+      - name: 'Set up latest JDK code tool jextract'
+        uses: oracle-actions/setup-java@v1
         if: matrix.os == 'windows-latest'
-        shell: powershell
-        run: |
-          Invoke-WebRequest https://download.java.net/java/early_access/jextract/22/3/openjdk-22-jextract+3-13_windows-x64_bin.tar.gz -OutFile jextract.tar.gz
-
-          tar xzvf jextract.tar.gz
+        with:
+          website: jdk.java.net
+          release: jextract
+      # https://docs.github.com/en/actions/deployment/deploying-xcode-applications/installing-an-apple-certificate-on-macos-runners-for-xcode-development#add-a-step-to-your-workflow
       - name: Setup MacOS signing
         if: matrix.os == 'macos-14'
         env:
@@ -84,7 +84,7 @@ jobs:
           security list-keychain -d user -s $KEYCHAIN_PATH
       - name: Setup Gradle
         uses: gradle/actions/setup-gradle@v3
-      - run: ./gradlew packageReleaseDistributionForCurrentOS -Pcompose.desktop.mac.sign=true --stacktrace
+      - run: ./gradlew packageReleaseDistributionForCurrentOS -Pcompose.desktop.mac.sign=true
         shell: bash
       - name: Package Linux Distribution
         if: matrix.os == 'ubuntu-latest'
@@ -139,6 +139,13 @@ jobs:
           SIGNING_KEY_PASSWORD: ${{ secrets.KEY_PASSWORD }}
           SIGNING_STORE_PASSWORD: ${{ secrets.KEYSTORE_PASSWORD }}
         run: ./gradlew :app:android:bundleRelease :app:android:assembleRelease
+      # https://github.com/r0adkll/sign-android-release/issues/84#issuecomment-1889636075
+      - name: Setup build tool version variable
+        shell: bash
+        run: |
+          BUILD_TOOL_VERSION=$(ls /usr/local/lib/android/sdk/build-tools/ | tail -n 1)
+          echo "BUILD_TOOL_VERSION=$BUILD_TOOL_VERSION" >> $GITHUB_ENV
+          echo Last build tool version is: $BUILD_TOOL_VERSION
       - uses: r0adkll/sign-android-release@v1
         id: sign_bundle
         name: Sign AAB
@@ -148,13 +155,6 @@ jobs:
           alias: ${{ secrets.KEY_ALIAS }}
           keyStorePassword: ${{ secrets.KEYSTORE_PASSWORD }}
           keyPassword: ${{ secrets.KEY_PASSWORD }}
-      # https://github.com/r0adkll/sign-android-release/issues/84#issuecomment-1889636075
-      - name: Setup build tool version variable
-        shell: bash
-        run: |
-          BUILD_TOOL_VERSION=$(ls /usr/local/lib/android/sdk/build-tools/ | tail -n 1)
-          echo "BUILD_TOOL_VERSION=$BUILD_TOOL_VERSION" >> $GITHUB_ENV
-          echo Last build tool version is: $BUILD_TOOL_VERSION
       - uses: r0adkll/sign-android-release@v1
         id: sign_apk
         name: Sign APK
@@ -182,32 +182,6 @@ jobs:
           releaseFiles: app/android/build/outputs/bundle/release/tonbrett-app-release.aab
           #mappingFile: app/android/build/outputs/mapping/release/mapping.txt
           track: alpha
-  sign_windows_installer:
-    name: Sign windows installer
-    runs-on: windows-latest
-    needs: build_desktop_app
-    #if: startsWith(github.ref, 'refs/tags/')
-    steps:
-      - uses: actions/download-artifact@v4
-        name: Download Artifacts from Windows
-        with:
-          name: desktopapp-windows-latest
-          path: artifact
-      - name: Upload Artifact
-        id: upload-unsigned-artifact
-        uses: actions/upload-artifact@v4
-        with:
-          name: windows-unsigned
-          path: artifact/*.msix
-      - uses: SignPath/github-action-submit-signing-request@v0.4
-        with:
-          api-token: ${{ secrets.SIGNPATH_KEY }}
-          organization-id: e6101c42-2f2b-468e-9bf4-225c01ba183f
-          project-slug: tonbrett
-          signing-policy-slug: test-signing
-          artifact-configuration-slug: tonbrett
-          github-artifact-id: ${{ steps.upload-unsigned-artifact.outputs.artifact-id }}
-
   release_to_msstore:
     name: Publish to MSStore
     runs-on: windows-latest

diff --git a/.github/workflows/docker-publish.yml b/.github/workflows/docker-publish.yml
@@ -5,9 +5,7 @@ on:
     branches: [ "main" ]
 
 env:
-  # Use docker.io for Docker Hub if empty
   REGISTRY: ghcr.io
-  # github.repository as <account>/<repo>
   IMAGE_NAME: ${{ github.repository }}
 
 
@@ -24,55 +22,33 @@ jobs:
     steps:
       - name: Checkout repository
         uses: actions/checkout@v4
-
-      # Install the cosign tool except on PR
-      # https://github.com/sigstore/cosign-installer
       - name: Install cosign
         if: github.event_name != 'pull_request'
         uses: sigstore/cosign-installer@v3
-
-
-      # Workaround: https://github.com/docker/build-push-action/issues/461
       - name: Setup Docker buildx
         uses: docker/setup-buildx-action@v3
-
-      # Login against a Docker registry except on PR
-      # https://github.com/docker/login-action
       - name: Log into registry ${{ env.REGISTRY }}
         if: github.event_name != 'pull_request'
         uses: docker/login-action@v3
         with:
           registry: ${{ env.REGISTRY }}
           username: ${{ github.actor }}
           password: ${{ secrets.GITHUB_TOKEN }}
-
-      # Extract metadata (tags, labels) for Docker
-      # https://github.com/docker/metadata-action
       - name: Extract Docker metadata
         id: meta
         uses: docker/metadata-action@v5
         with:
           images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
-
-      # Build and push Docker image with Buildx (don't push on PR)
-      # https://github.com/docker/build-push-action
       - name: Build and push Docker image
         id: build-and-push
-        uses: docker/build-push-action@v5
+        uses: docker/build-push-action@v6
         with:
           context: .
           push: ${{ github.event_name != 'pull_request' }}
           tags: ${{ steps.meta.outputs.tags }}
           labels: ${{ steps.meta.outputs.labels }}
           cache-from: type=gha
           cache-to: type=gha,mode=max
-
-
-      # Sign the resulting Docker image digest except on PRs.
-      # This will only write to the public Rekor transparency log when the Docker
-      # repository is public to avoid leaking data.  If you would like to publish
-      # transparency data even for private images, pass --force to cosign below.
-      # https://github.com/sigstore/cosign
       - name: Sign the published Docker image
         if: ${{ github.event_name != 'pull_request' }}
         env:

diff --git a/app/desktop/uwp_helper/build.gradle.kts b/app/desktop/uwp_helper/build.gradle.kts
@@ -27,14 +27,10 @@ tasks {
         outputs.dir(jextractOutput)
 
         // I cannot figure out how to change the path on GitHub Actions
-        val command = if (System.getenv("GITHUB_RUN_NUMBER") != null) {
-            rootProject.file("jextract-22/bin/jextract.bat").absolutePath
+        val command = if (OSUtils.IS_WINDOWS) {
+            "jextract.bat"
         } else {
-            if (OSUtils.IS_WINDOWS) {
-                "jextract.bat"
-            } else {
-                "jextract"
-            }
+            "jextract"
         }
 
         val libraryPath = if (System.getenv("GITHUB_REF") != null) {