From 18b133550e12b1c6e4c5b85a77d46d1964ca3581 Mon Sep 17 00:00:00 2001 From: Michael Rittmeister Date: Fri, 28 Jun 2024 19:50:56 +0200 Subject: [PATCH] Update GitHub action - Update docker/build-push-action to v6 - Use oracle-actions/setup-java to install jextract - Move hotfix for build tool variable up - Remove old signing step --- .github/workflows/ci.yml | 54 +++++++------------------ .github/workflows/docker-publish.yml | 26 +----------- app/desktop/uwp_helper/build.gradle.kts | 10 ++--- 3 files changed, 18 insertions(+), 72 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 723d6b5..804b151 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -48,13 +48,13 @@ jobs: if: matrix.os == 'windows-latest' with: cache-workspaces: app/desktop/uwp_helper - - name: Setup jextract + - name: 'Set up latest JDK code tool jextract' + uses: oracle-actions/setup-java@v1 if: matrix.os == 'windows-latest' - shell: powershell - run: | - Invoke-WebRequest https://download.java.net/java/early_access/jextract/22/3/openjdk-22-jextract+3-13_windows-x64_bin.tar.gz -OutFile jextract.tar.gz - - tar xzvf jextract.tar.gz + with: + website: jdk.java.net + release: jextract + # https://docs.github.com/en/actions/deployment/deploying-xcode-applications/installing-an-apple-certificate-on-macos-runners-for-xcode-development#add-a-step-to-your-workflow - name: Setup MacOS signing if: matrix.os == 'macos-14' env: @@ -84,7 +84,7 @@ jobs: security list-keychain -d user -s $KEYCHAIN_PATH - name: Setup Gradle uses: gradle/actions/setup-gradle@v3 - - run: ./gradlew packageReleaseDistributionForCurrentOS -Pcompose.desktop.mac.sign=true --stacktrace + - run: ./gradlew packageReleaseDistributionForCurrentOS -Pcompose.desktop.mac.sign=true shell: bash - name: Package Linux Distribution if: matrix.os == 'ubuntu-latest' @@ -139,6 +139,13 @@ jobs: SIGNING_KEY_PASSWORD: ${{ secrets.KEY_PASSWORD }} SIGNING_STORE_PASSWORD: ${{ secrets.KEYSTORE_PASSWORD }} run: ./gradlew :app:android:bundleRelease :app:android:assembleRelease + # https://github.com/r0adkll/sign-android-release/issues/84#issuecomment-1889636075 + - name: Setup build tool version variable + shell: bash + run: | + BUILD_TOOL_VERSION=$(ls /usr/local/lib/android/sdk/build-tools/ | tail -n 1) + echo "BUILD_TOOL_VERSION=$BUILD_TOOL_VERSION" >> $GITHUB_ENV + echo Last build tool version is: $BUILD_TOOL_VERSION - uses: r0adkll/sign-android-release@v1 id: sign_bundle name: Sign AAB @@ -148,13 +155,6 @@ jobs: alias: ${{ secrets.KEY_ALIAS }} keyStorePassword: ${{ secrets.KEYSTORE_PASSWORD }} keyPassword: ${{ secrets.KEY_PASSWORD }} - # https://github.com/r0adkll/sign-android-release/issues/84#issuecomment-1889636075 - - name: Setup build tool version variable - shell: bash - run: | - BUILD_TOOL_VERSION=$(ls /usr/local/lib/android/sdk/build-tools/ | tail -n 1) - echo "BUILD_TOOL_VERSION=$BUILD_TOOL_VERSION" >> $GITHUB_ENV - echo Last build tool version is: $BUILD_TOOL_VERSION - uses: r0adkll/sign-android-release@v1 id: sign_apk name: Sign APK @@ -182,32 +182,6 @@ jobs: releaseFiles: app/android/build/outputs/bundle/release/tonbrett-app-release.aab #mappingFile: app/android/build/outputs/mapping/release/mapping.txt track: alpha - sign_windows_installer: - name: Sign windows installer - runs-on: windows-latest - needs: build_desktop_app - #if: startsWith(github.ref, 'refs/tags/') - steps: - - uses: actions/download-artifact@v4 - name: Download Artifacts from Windows - with: - name: desktopapp-windows-latest - path: artifact - - name: Upload Artifact - id: upload-unsigned-artifact - uses: actions/upload-artifact@v4 - with: - name: windows-unsigned - path: artifact/*.msix - - uses: SignPath/github-action-submit-signing-request@v0.4 - with: - api-token: ${{ secrets.SIGNPATH_KEY }} - organization-id: e6101c42-2f2b-468e-9bf4-225c01ba183f - project-slug: tonbrett - signing-policy-slug: test-signing - artifact-configuration-slug: tonbrett - github-artifact-id: ${{ steps.upload-unsigned-artifact.outputs.artifact-id }} - release_to_msstore: name: Publish to MSStore runs-on: windows-latest diff --git a/.github/workflows/docker-publish.yml b/.github/workflows/docker-publish.yml index 04125c0..1812cea 100644 --- a/.github/workflows/docker-publish.yml +++ b/.github/workflows/docker-publish.yml @@ -5,9 +5,7 @@ on: branches: [ "main" ] env: - # Use docker.io for Docker Hub if empty REGISTRY: ghcr.io - # github.repository as / IMAGE_NAME: ${{ github.repository }} @@ -24,20 +22,11 @@ jobs: steps: - name: Checkout repository uses: actions/checkout@v4 - - # Install the cosign tool except on PR - # https://github.com/sigstore/cosign-installer - name: Install cosign if: github.event_name != 'pull_request' uses: sigstore/cosign-installer@v3 - - - # Workaround: https://github.com/docker/build-push-action/issues/461 - name: Setup Docker buildx uses: docker/setup-buildx-action@v3 - - # Login against a Docker registry except on PR - # https://github.com/docker/login-action - name: Log into registry ${{ env.REGISTRY }} if: github.event_name != 'pull_request' uses: docker/login-action@v3 @@ -45,20 +34,14 @@ jobs: registry: ${{ env.REGISTRY }} username: ${{ github.actor }} password: ${{ secrets.GITHUB_TOKEN }} - - # Extract metadata (tags, labels) for Docker - # https://github.com/docker/metadata-action - name: Extract Docker metadata id: meta uses: docker/metadata-action@v5 with: images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} - - # Build and push Docker image with Buildx (don't push on PR) - # https://github.com/docker/build-push-action - name: Build and push Docker image id: build-and-push - uses: docker/build-push-action@v5 + uses: docker/build-push-action@v6 with: context: . push: ${{ github.event_name != 'pull_request' }} @@ -66,13 +49,6 @@ jobs: labels: ${{ steps.meta.outputs.labels }} cache-from: type=gha cache-to: type=gha,mode=max - - - # Sign the resulting Docker image digest except on PRs. - # This will only write to the public Rekor transparency log when the Docker - # repository is public to avoid leaking data. If you would like to publish - # transparency data even for private images, pass --force to cosign below. - # https://github.com/sigstore/cosign - name: Sign the published Docker image if: ${{ github.event_name != 'pull_request' }} env: diff --git a/app/desktop/uwp_helper/build.gradle.kts b/app/desktop/uwp_helper/build.gradle.kts index 3cb4017..779cd8a 100644 --- a/app/desktop/uwp_helper/build.gradle.kts +++ b/app/desktop/uwp_helper/build.gradle.kts @@ -27,14 +27,10 @@ tasks { outputs.dir(jextractOutput) // I cannot figure out how to change the path on GitHub Actions - val command = if (System.getenv("GITHUB_RUN_NUMBER") != null) { - rootProject.file("jextract-22/bin/jextract.bat").absolutePath + val command = if (OSUtils.IS_WINDOWS) { + "jextract.bat" } else { - if (OSUtils.IS_WINDOWS) { - "jextract.bat" - } else { - "jextract" - } + "jextract" } val libraryPath = if (System.getenv("GITHUB_REF") != null) {