Build installers #20
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Build installers | |
on: | |
workflow_dispatch: | |
jobs: | |
build: | |
runs-on: ubuntu-latest | |
outputs: | |
version: ${{ env.WEASIS_VERSION }} | |
cleanversion: ${{ env.WEASIS_CLEAN_VERSION }} | |
steps: | |
- uses: actions/checkout@v3 | |
- name: Set up JDK for compilation | |
uses: actions/setup-java@v3 | |
with: | |
distribution: 'temurin' | |
java-version: '21' | |
cache: 'maven' | |
- name: Build with Maven | |
shell: bash | |
run: | | |
mkdir -p $HOME/plugin-providers | |
# The provider file name should be the same returned by GuiEntry.getUIName() method | |
# See method AnimatiLicenseTabFactory#createInstance | |
echo "${{ secrets.ANIMATI_LICENSCE_CONFIG }}" > $HOME/plugin-providers/animati.properties | |
echo "${{ secrets.BOOT_URLS_ENCODING_KEY }}" > $HOME/plugin-providers/config-key.properties | |
INSTALLER_SUFFIX=${{ vars.INSTALLER_SUFFIX }} | |
if [[ -z "${INSTALLER_SUFFIX}" ]]; then | |
CHANGELIST= | |
else | |
CHANGELIST="-Dchangelist=-$INSTALLER_SUFFIX" | |
fi | |
echo "CHANGELIST=$CHANGELIST" | |
mvn -B $CHANGELIST clean install | |
mvn -B $CHANGELIST -P compressXZ -f weasis-distributions clean package | |
- name: Retrieve version | |
shell: bash | |
run: | | |
FVERSION=$(awk -F'[<>]' '/<revision>/{print $3}' weasis-parent/pom.xml)$(awk -F'[<>]' '/<changelist>/{print $3}' weasis-parent/pom.xml) | |
echo "WEASIS_VERSION=${FVERSION}" >> $GITHUB_ENV | |
- name: Set compatible version | |
shell: bash | |
run: | | |
CVERSION=$(echo $WEASIS_VERSION | sed -e 's/"//g' -e 's/-.*//') | |
echo "WEASIS_CLEAN_VERSION=${CVERSION}" >> $GITHUB_ENV | |
- name: Upload the weasis package for building the native distribution | |
uses: actions/upload-artifact@v3 | |
with: | |
name: weasis-native-${{ env.WEASIS_VERSION }} | |
path: weasis-distributions/target/native-dist/weasis-native.zip | |
- name: Upload the weasis web distribution | |
uses: actions/upload-artifact@v3 | |
with: | |
name: weasis-web-${{ env.WEASIS_VERSION }} | |
path: weasis-distributions/target/web-dist/weasis.war | |
jpackage: | |
env: | |
JDK_MODULES: "java.base,java.compiler,java.datatransfer,java.net.http,java.desktop,java.logging,java.management,java.prefs,java.xml,jdk.localedata,jdk.charsets,jdk.crypto.ec,jdk.crypto.cryptoki,jdk.unsupported,jdk.jdwp.agent,java.sql" | |
NAME: "Weasis" | |
IDENTIFIER: "org.weasis.launcher" | |
WEASIS_INPUT: "native-dist/weasis-native/bin-dist" | |
WEASIS_OUTPUT: "output-dist" | |
WEASIS_INPUT_BIN: "native-dist/weasis-native/bin-dist/weasis" | |
runs-on: ${{ matrix.os }} | |
needs: build | |
strategy: | |
fail-fast: false | |
matrix: | |
include: | |
- { os: ubuntu-latest, platform: x64, wsystem: linux, warc: x86-64 } | |
- { os: macos-latest, platform: x64, wsystem: macosx, warc: x86-64 } | |
- { os: macos-latest-xlarge, platform: arm64, wsystem: macosx, warc: aarch64 } | |
# - { os: windows-latest, platform: x86, wsystem: windows, warc: x86 } | |
- { os: windows-latest, platform: x64, wsystem: windows, warc: x86-64 } | |
steps: | |
- name: Set output version from build | |
shell: bash | |
run: | | |
echo ${{needs.build.outputs.version}} | |
echo ${{needs.build.outputs.cleanversion}} | |
echo "WEASIS_VERSION=${{needs.build.outputs.version}}" >> $GITHUB_ENV | |
echo "WEASIS_CLEAN_VERSION=${{needs.build.outputs.cleanversion}}" >> $GITHUB_ENV | |
- name: Set up JDK | |
uses: actions/setup-java@v3 | |
with: | |
distribution: 'temurin' | |
java-version: '21' | |
- name: Download weasis-native | |
uses: actions/download-artifact@v3 | |
with: | |
name: weasis-native-${{ env.WEASIS_VERSION }} | |
path: native-dist | |
- name: Unzip the native package version | |
shell: bash | |
run: | | |
unzip -o "native-dist/weasis-native.zip" -d "native-dist/weasis-native" | |
- name: Remove binaries not related to the current architecture | |
shell: bash | |
run: | | |
# Remove pack jar for launcher | |
rm -f ${{ env.WEASIS_INPUT_BIN }}/*.jar.pack.gz | |
# Remove the unrelated native packages | |
find ${{ env.WEASIS_INPUT_BIN }}/bundle/weasis-opencv-core-* -type f ! -name *weasis-opencv-core-${{ matrix.wsystem }}-${{ matrix.warc }}-* -exec rm -f {} \; | |
# Special case with 32-bit architecture, remove 64-bit lib | |
if [ "${{ matrix.warc }}" = "x86" ] ; then | |
rm -f ${{ env.WEASIS_INPUT_BIN }}/bundle/weasis-opencv-core-${{ matrix.wsystem }}-x86-64-* | |
fi | |
echo "$(ls ${{ env.WEASIS_INPUT_BIN }}/bundle/)" | |
- name: Import Developer Certificate | |
uses: apple-actions/import-codesign-certs@v2 | |
if: matrix.wsystem == 'macosx' | |
id: cert | |
with: | |
p12-file-base64: ${{ secrets.MACOS_CERTIFICATE_DEVELOPMENT }} | |
p12-password: ${{ secrets.MACOS_CERTIFICATE_PWD }} | |
- name: Import Installer Certificate | |
uses: apple-actions/import-codesign-certs@v2 | |
if: matrix.wsystem == 'macosx' | |
with: | |
create-keychain: "false" | |
keychain-password: ${{ steps.cert.outputs.keychain-password }} | |
p12-file-base64: ${{ secrets.MACOS_CERTIFICATE_INSTALLER }} | |
p12-password: ${{ secrets.MACOS_CERTIFICATE_PWD }} | |
- name: Build app binary with jpackage | |
shell: bash | |
env: | |
RES: "native-dist/weasis-native/build/script/resources/${{ matrix.wsystem }}" | |
run: | | |
machine=${{ matrix.wsystem }} | |
if [ "$machine" = "macosx" ] ; then | |
declare -a customOptions=("--java-options" "-splash:\$APPDIR/resources/images/about-round.png" "--java-options" "-Dapple.laf.useScreenMenuBar=true" "--java-options" "-Dapple.awt.application.appearance=NSAppearanceNameDarkAqua") | |
declare -a signArgs=("--mac-package-identifier" "${{ env.IDENTIFIER }}" "--mac-signing-keychain" "$HOME/Library/Keychains/signing_temp.keychain-db" "--mac-sign") | |
elif [ "$machine" = "windows" ] ; then | |
declare -a customOptions=("--java-options" "-splash:\$APPDIR\resources\images\about-round.png" ) | |
declare -a signArgs=() | |
else | |
declare -a customOptions=("--java-options" "-splash:\$APPDIR/resources/images/about-round.png" ) | |
declare -a signArgs=() | |
fi | |
declare -a commonOptions=("--java-options" "-Dgosh.port=17179" \ | |
"--java-options" "-Djavax.accessibility.assistive_technologies=org.weasis.launcher.EmptyAccessibilityProvider" \ | |
"--java-options" "-Djavax.accessibility.screen_magnifier_present=false" "--java-options" "--enable-preview" \ | |
"--java-options" "--add-exports=java.base/sun.net.www.protocol.http=ALL-UNNAMED" "--java-options" "--add-exports=java.base/sun.net.www.protocol.file=ALL-UNNAMED" \ | |
"--java-options" "--add-exports=java.base/sun.net.www.protocol.https=ALL-UNNAMED" "--java-options" "--add-exports=java.base/sun.net.www.protocol.ftp=ALL-UNNAMED" \ | |
"--java-options" "--add-exports=java.base/sun.net.www.protocol.jar=ALL-UNNAMED" "--java-options" "--add-exports=jdk.unsupported/sun.misc=ALL-UNNAMED" \ | |
"--java-options" "--add-opens=java.base/java.net=ALL-UNNAMED" "--java-options" "--add-opens=java.base/java.lang=ALL-UNNAMED" \ | |
"--java-options" "--add-opens=java.base/java.security=ALL-UNNAMED" "--java-options" "--add-opens=java.base/java.io=ALL-UNNAMED" \ | |
"--java-options" "--add-opens=java.desktop/javax.imageio.stream=ALL-UNNAMED" "--java-options" "--add-opens=java.desktop/javax.imageio=ALL-UNNAMED" \ | |
"--java-options" "--add-opens=java.desktop/com.sun.awt=ALL-UNNAMED" ) | |
jpackage --type app-image --input "${{ env.WEASIS_INPUT_BIN }}" --dest "${{ env.WEASIS_OUTPUT }}" --name "${{ env.NAME }}" \ | |
--main-jar weasis-launcher.jar --main-class org.weasis.launcher.AppLauncher --add-modules "${{ env.JDK_MODULES }}" \ | |
--resource-dir "${{ env.RES }}" --app-version "${{ env.WEASIS_CLEAN_VERSION }}" --add-launcher "Dicomizer=${{ env.RES }}/dicomizer-launcher.properties" \ | |
"${signArgs[@]}" "${customOptions[@]}" "${commonOptions[@]}" | |
if [ "$machine" = "macosx" ] ; then | |
codesign --timestamp --entitlements "${{ env.RES }}/uri-launcher.entitlements" --options runtime --force -vvv --keychain "$HOME/Library/Keychains/signing_temp.keychain-db" --sign "${{ secrets.MACOS__DEVELOPER_ID }}" "${{ env.RES }}/weasis-url-handler.app" | |
cp -Rf "${{ env.RES }}/weasis-url-handler.app" "${{ env.WEASIS_OUTPUT }}/${{ env.NAME }}.app/Contents/MacOS/" | |
codesign --timestamp --entitlements "${{ env.RES }}/uri-launcher.entitlements" --options runtime --force -vvv --keychain "$HOME/Library/Keychains/signing_temp.keychain-db" --sign "${{ secrets.MACOS__DEVELOPER_ID }}" "${{ env.WEASIS_OUTPUT }}/${{ env.NAME }}.app" | |
fi | |
echo "$(ls -la ${{ env.WEASIS_OUTPUT }})" | |
- name: Build package with jpackage | |
shell: bash | |
env: | |
RES: "native-dist/weasis-native/build/script/resources/${{ matrix.wsystem }}" | |
FILE_ASSOC: "native-dist/weasis-native/build/script/file-associations.properties" | |
VENDOR: "Weasis Team" | |
COPYRIGHT: "© 2009-2023 Weasis Team" | |
run: | | |
mkdir -p final-dist | |
machine=${{ matrix.wsystem }} | |
ARC_NAME=${{ matrix.warc }} | |
if [ "$machine" = "windows" ] ; then | |
[ "$ARC_NAME" = "x86" ] && UPGRADE_UID="3aedc24e-48a8-4623-ab39-0c3c01c7383b" || UPGRADE_UID="3aedc24e-48a8-4623-ab39-0c3c01c7383a" | |
jpackage --type "msi" --app-image "${{ env.WEASIS_OUTPUT }}/${{ env.NAME }}" --dest "${{ env.WEASIS_OUTPUT }}" --name "${{ env.NAME }}" --resource-dir "${{ env.RES }}/msi/${ARC_NAME}" \ | |
--license-file "${{ env.WEASIS_INPUT }}/Licence.txt" --description "Weasis DICOM viewer" --win-upgrade-uuid "$UPGRADE_UID" \ | |
--win-menu --win-menu-group "${{ env.NAME }}" --copyright "${{ env.COPYRIGHT }}" --app-version "${{ env.WEASIS_CLEAN_VERSION }}" \ | |
--vendor "${{ env.VENDOR }}" --file-associations "${{ env.FILE_ASSOC }}" --verbose | |
cp ${{ env.WEASIS_OUTPUT }}/*.msi final-dist/${{ env.NAME }}-${{ env.WEASIS_CLEAN_VERSION }}-${ARC_NAME}.msi | |
elif [ "$machine" = "linux" ] ; then | |
if [ "${ARC_NAME}" = "x86" ] ; then | |
declare -a installerTypes=("deb") | |
else | |
declare -a installerTypes=("deb" "rpm") | |
fi | |
for installerType in ${installerTypes[@]}; do | |
jpackage --type "${installerType}" --app-image "${{ env.WEASIS_OUTPUT }}/${{ env.NAME }}" --dest "${{ env.WEASIS_OUTPUT }}" --name "${{ env.NAME }}" --resource-dir "${{ env.RES }}" \ | |
--license-file "${{ env.WEASIS_INPUT }}/Licence.txt" --description "Weasis DICOM viewer" --vendor "${{ env.VENDOR }}" \ | |
--copyright "${{ env.COPYRIGHT }}" --app-version "${{ env.WEASIS_CLEAN_VERSION }}" --file-associations "${{ env.FILE_ASSOC }}" \ | |
--linux-app-release "1" --linux-package-name "weasis" --linux-deb-maintainer "Nicolas Roduit" --linux-rpm-license-type "EPL-2.0" \ | |
--linux-menu-group "Viewer;MedicalSoftware;Graphics;" --linux-app-category "science" --linux-package-deps "libstdc++6, libgcc1" --linux-shortcut --verbose | |
cp ${{ env.WEASIS_OUTPUT }}/*.${installerType} final-dist | |
done | |
elif [ "$machine" = "macosx" ] ; then | |
# Do not set verbose for public build | |
jpackage --type "pkg" --app-image "${{ env.WEASIS_OUTPUT }}/${{ env.NAME }}.app" --dest "${{ env.WEASIS_OUTPUT }}" --name "${{ env.NAME }}" --resource-dir "${{ env.RES }}" \ | |
--license-file "${{ env.WEASIS_INPUT }}/Licence.txt" --copyright "${{ env.COPYRIGHT }}" --app-version "${{ env.WEASIS_CLEAN_VERSION }}" --mac-package-identifier "${{ env.IDENTIFIER }}" \ | |
--mac-signing-keychain "$HOME/Library/Keychains/signing_temp.keychain-db" --mac-sign | |
cp ${{ env.WEASIS_OUTPUT }}/*.pkg final-dist/${{ env.NAME }}-${{ env.WEASIS_CLEAN_VERSION }}-${ARC_NAME}.pkg | |
fi | |
echo "APP_ARTIFACT=weasis-${machine}-${ARC_NAME}-${{ env.WEASIS_CLEAN_VERSION }}" >> $GITHUB_ENV | |
- name: Notarize Build | |
shell: bash | |
if: matrix.wsystem == 'macosx' | |
run: | | |
BUNDLE_PKG="final-dist/${{ env.NAME }}-${{ env.WEASIS_CLEAN_VERSION }}-${{ matrix.warc }}.pkg" | |
# create temporary files | |
NOTARIZE_APP_LOG=$(mktemp -t notarize-app) | |
NOTARIZE_INFO_LOG=$(mktemp -t notarize-info) | |
# delete temporary files on exit | |
function finish { | |
rm "$NOTARIZE_APP_LOG" "$NOTARIZE_INFO_LOG" | |
} | |
trap finish EXIT | |
# submit app for notarization | |
if xcrun altool --notarize-app --primary-bundle-id "org.test.${{ env.NAME }}" --username "${{ secrets.MACOS_NOTARIZATION_USER}}" --password "${{ secrets.MACOS_NOTARIZATION_PWD }}" -f "$BUNDLE_PKG" > "$NOTARIZE_APP_LOG" 2>&1; then | |
cat "$NOTARIZE_APP_LOG" | |
RequestUUID=$(awk -F ' = ' '/RequestUUID/ {print $2}' "$NOTARIZE_APP_LOG") | |
# check status periodically | |
while sleep 60 && date; do | |
# check notarization status | |
if xcrun altool --notarization-info "$RequestUUID" --username "${{ secrets.MACOS_NOTARIZATION_USER}}" --password "${{ secrets.MACOS_NOTARIZATION_PWD }}" > "$NOTARIZE_INFO_LOG" 2>&1; then | |
cat "$NOTARIZE_INFO_LOG" | |
# once notarization is complete, run stapler and exit | |
if ! grep -q "Status: in progress" "$NOTARIZE_INFO_LOG"; then | |
xcrun stapler staple "$BUNDLE_PKG" | |
exit $? | |
fi | |
else | |
cat "$NOTARIZE_INFO_LOG" 1>&2 | |
exit 1 | |
fi | |
done | |
else | |
cat "$NOTARIZE_APP_LOG" 1>&2 | |
exit 1 | |
fi | |
- name: Upload the installer | |
uses: actions/upload-artifact@v3 | |
with: | |
name: ${{ env.APP_ARTIFACT }} | |
path: final-dist |