nikrozman/element-desktop
1
0
Fork 0
Code Issues Pull Requests 1 Actions 2 Packages Projects Releases Activity

Merge branch 'master' into staging

Browse Source
This commit is contained in:
RiotRobot
2023-03-31 10:56:21 +01:00
parent ae1998a024 62e6851250
commit a479c8607b
16 changed files with 295 additions and 140 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
.github/workflows/build_and_deploy.yaml vendored
View File

@@ -41,15 +41,14 @@ on:
default: true
concurrency: ${{ github.workflow }}
env:
# XXX: UPDATE THIS BEFORE WHEN GOING LIVE
R2_BUCKET: "packages-element-io-test"
R2_BUCKET: "packages-element-io"
jobs:
prepare:
uses: ./.github/workflows/build_prepare.yaml
with:
config: element.io/${{ inputs.mode || 'nightly' }}
version: ${{ inputs.mode == 'release' && '' || 'develop' }}
calculate-nightly-versions: ${{ inputs.mode != 'release' }}
nightly: ${{ inputs.mode != 'release' }}
secrets:
CF_R2_ACCESS_KEY_ID: ${{ secrets.CF_R2_ACCESS_KEY_ID }}
CF_R2_TOKEN: ${{ secrets.CF_R2_TOKEN }}
@@ -88,8 +87,7 @@ jobs:
with:
sign: true
deploy-mode: true
# XXX: UPDATE THIS BEFORE WHEN GOING LIVE
base-url: https://packages-element-io-test.element.io/${{ inputs.mode == 'release' && 'desktop' || 'nightly' }}
base-url: https://packages.element.io/${{ inputs.mode == 'release' && 'desktop' || 'nightly' }}
version: ${{ needs.prepare.outputs.macos-version }}
linux:
@@ -98,6 +96,7 @@ jobs:
name: Linux
uses: ./.github/workflows/build_linux.yaml
with:
config: element.io/${{ inputs.mode || 'nightly' }}
sqlcipher: system
version: ${{ needs.prepare.outputs.linux-version }}
@@ -111,7 +110,7 @@ jobs:
- windows_64bit
runs-on: ubuntu-latest
name: Deploy
if: github.event != 'workflow_dispatch' || (inputs.deploy && (inputs.macos || inputs.windows_32bit || inputs.windows_64bit))
if: github.event_name != 'workflow_dispatch' || (inputs.deploy && (inputs.macos || inputs.windows_32bit || inputs.windows_64bit))
environment: packages.element.io
steps:
- name: Download artifacts
@@ -135,7 +134,7 @@ jobs:
# We queue this after the other deploy stage as we want to abort if that fails
- deploy
name: Run reprepro
if: github.event != 'workflow_dispatch' || (inputs.deploy && inputs.linux)
if: github.event_name != 'workflow_dispatch' || (inputs.deploy && inputs.linux)
uses: ./.github/workflows/reprepro.yaml
secrets: inherit
with:

3
.github/workflows/build_and_test.yaml vendored
View File

@@ -31,6 +31,7 @@ jobs:
matrix:
sqlcipher: [system, static]
with:
config: ${{ github.event.pull_request.base.ref == 'develop' && 'element.io/nightly' || 'element.io/release' }}
sqlcipher: ${{ matrix.sqlcipher }}
macos:
@@ -91,7 +92,7 @@ jobs:
if: matrix.prepare_cmd
- name: Run tests
uses: GabrielBB/xvfb-action@v1
uses: coactions/setup-xvfb@b6b4fcfb9f5a895edadc3bc76318fae0ac17c8b3 # v1
timeout-minutes: 5
with:
run: "yarn test"

53
.github/workflows/build_keyring.yaml vendored Normal file
View File

@@ -0,0 +1,53 @@
name: Build Keyring package
on:
workflow_dispatch:
inputs:
deploy:
description: Deploy artifacts
required: true
type: boolean
default: true
fingerprint:
description: The expected gpg fingerprint
required: true
type: string
concurrency: ${{ github.workflow }}
jobs:
build:
name: Build Keyring package
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- name: Prepare
run: |
mkdir -p element-io-archive-keyring/usr/share/keyrings/
cp packages.element.io/debian/element-io-archive-keyring.gpg element-io-archive-keyring/usr/share/keyrings/element-io-archive-keyring.gpg
- name: Check fingerprint
run: |
gpg --import element-io-archive-keyring/usr/share/keyrings/element-io-archive-keyring.gpg
gpg --fingerprint "$FINGERPRINT"
env:
FINGERPRINT: ${{ inputs.fingerprint }}
- name: Build deb package
run: |
chmod u=rw,go=r element-io-archive-keyring/usr/share/keyrings/element-io-archive-keyring.gpg
dpkg-deb -Zxz --root-owner-group --build element-io-archive-keyring element-io-archive-keyring.deb
- name: Upload Artifact
uses: actions/upload-artifact@v3
with:
name: element-io-archive-keyring
path: "*.deb"
retention-days: 1
reprepro:
needs: build
name: Run reprepro
if: inputs.deploy
uses: ./.github/workflows/reprepro.yaml
secrets: inherit
with:
artifact-name: element-io-archive-keyring

17
.github/workflows/build_linux.yaml vendored
View File

@@ -4,6 +4,10 @@
on:
workflow_call:
inputs:
config:
type: string
required: true
description: "The config directory to use"
version:
type: string
required: false
@@ -58,12 +62,19 @@ jobs:
run: |
echo "config-args=--nightly '${{ inputs.version }}'" >> $GITHUB_OUTPUT
- name: Generate debian control file
- name: Generate debian files and arguments
id: debian
run: |
cp element.io/${{ inputs.version && 'nightly' || 'release' }}/control.template debcontrol
INPUT_VERSION="${{ inputs.version }}"
if [ -f changelog.Debian ]; then
echo "config-args=--deb-changelog changelog.Debian" >> $GITHUB_OUTPUT
fi
cp "$DIR/control.template" debcontrol
VERSION=${INPUT_VERSION:-$(cat package.json | jq -r .version)}
echo "Version: $VERSION" >> debcontrol
env:
DIR: ${{ inputs.config }}
INPUT_VERSION: ${{ inputs.version }}
- name: Build App
run: |

8
.github/workflows/build_macos.yaml vendored
View File

@@ -54,6 +54,7 @@ jobs:
if: steps.cache.outputs.cache-hit != 'true'
uses: actions-rs/toolchain@v1
with:
default: true
toolchain: stable
target: aarch64-apple-darwin
@@ -79,12 +80,11 @@ jobs:
- name: "[Signed] Build App"
if: inputs.sign != ''
run: |
scripts/generate-builder-config.ts ${{ steps.nightly.outputs.config-args }}
scripts/generate-builder-config.ts ${{ steps.nightly.outputs.config-args }} --notarytool-team-id='${{ secrets.APPLE_TEAM_ID }}'
yarn build:universal --publish never --config electron-builder.json
env:
NOTARIZE_APPLE_ID: ${{ secrets.APPLE_ID }}
NOTARIZE_APPLE_ID_PASSWORD: ${{ secrets.APPLE_ID_PASSWORD }}
NOTARIZE_TEAM_ID: ${{ secrets.APPLE_TEAM_ID }}
APPLE_ID: ${{ secrets.APPLE_ID }}
APPLE_APP_SPECIFIC_PASSWORD: ${{ secrets.APPLE_ID_PASSWORD }}
CSC_KEY_PASSWORD: ${{ secrets.APPLE_CSC_KEY_PASSWORD }}
CSC_LINK: ${{ secrets.APPLE_CSC_LINK }}

78
.github/workflows/build_prepare.yaml vendored
View File

@@ -10,37 +10,38 @@ on:
type: string
required: false
description: "The version tag to fetch, or 'develop', will pick automatically if not passed"
calculate-nightly-versions:
type: string
nightly:
type: boolean
required: false
description: "Whether to calculate the version strings new Nightly builds should use"
default: false
description: "Whether the build is a Nightly and to calculate the version strings new builds should use"
secrets:
# Required if `calculate-nightly-versions` is set
# Required if `nightly` is set
CF_R2_ACCESS_KEY_ID:
required: false
# Required if `calculate-nightly-versions` is set
# Required if `nightly` is set
CF_R2_TOKEN:
required: false
# Required if `calculate-nightly-versions` is set
# Required if `nightly` is set
CF_R2_S3_API:
required: false
outputs:
macos-version:
description: "The version string the next macOS Nightly should use, only output for calculate-nightly-versions"
description: "The version string the next macOS Nightly should use, only output for nightly"
value: ${{ jobs.prepare.outputs.macos-version }}
linux-version:
description: "The version string the next Linux Nightly should use, only output for calculate-nightly-versions"
description: "The version string the next Linux Nightly should use, only output for nightly"
value: ${{ jobs.prepare.outputs.linux-version }}
win32-x64-version:
description: "The version string the next Windows x64 Nightly should use, only output for calculate-nightly-versions"
description: "The version string the next Windows x64 Nightly should use, only output for nightly"
value: ${{ jobs.prepare.outputs.win32-x64-version }}
win32-x86-version:
description: "The version string the next Windows x86 Nightly should use, only output for calculate-nightly-versions"
description: "The version string the next Windows x86 Nightly should use, only output for nightly"
value: ${{ jobs.prepare.outputs.win32-x86-version }}
jobs:
prepare:
name: Prepare
environment: ${{ inputs.calculate-nightly-versions && 'packages.element.io' || '' }}
environment: ${{ inputs.nightly && 'packages.element.io' || '' }}
runs-on: ubuntu-latest
outputs:
macos-version: ${{ steps.versions.outputs.macos }}
@@ -66,19 +67,9 @@ jobs:
yarn run --silent electron --version > electronVersion
cat package.json | jq -c .hakDependencies > hakDependencies.json
- uses: actions/upload-artifact@v3
with:
name: webapp
retention-days: 1
path: |
webapp.asar
package.json
electronVersion
hakDependencies.json
- name: Calculate Nightly versions
- name: "[Nightly] Calculate versions"
id: versions
if: inputs.calculate-nightly-versions
if: inputs.nightly
run: |
MACOS=$(aws s3 cp s3://$R2_BUCKET/nightly/update/macos/releases.json - --endpoint-url $R2_URL --region auto | jq -r .currentRelease)
echo "macos=$(scripts/generate-nightly-version.ts --latest $MACOS)" >> $GITHUB_OUTPUT
@@ -93,6 +84,43 @@ jobs:
env:
AWS_ACCESS_KEY_ID: ${{ secrets.CF_R2_ACCESS_KEY_ID }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.CF_R2_TOKEN }}
# XXX: UPDATE THIS BEFORE WHEN GOING LIVE
R2_BUCKET: "packages-element-io-test"
R2_BUCKET: "packages-element-io"
R2_URL: ${{ secrets.CF_R2_S3_API }}
- name: Check version
id: package
run: |
echo "version=$(cat package.json | jq -r .version)" >> $GITHUB_OUTPUT
- name: "[Release] Fetch release"
id: release
if: ${{ !inputs.nightly && inputs.version != 'develop' }}
uses: cardinalby/git-get-release-action@cedef2faf69cb7c55b285bad07688d04430b7ada # v1
env:
GITHUB_TOKEN: ${{ github.token }}
with:
tag: v${{ steps.package.outputs.version }}
- name: "[Release] Write changelog"
if: ${{ !inputs.nightly && inputs.version != 'develop' }}
run: |
TIME=$(date -d "$PUBLISHED_AT" -R)
echo "element-desktop ($VERSION) default; urgency=medium" >> changelog.Debian
echo "$BODY" | sed 's/^##/\n */g;s/^\*/ */g' | perl -pe 's/\[.+?]\((.+?)\)/\1/g' >> changelog.Debian
echo "" >> changelog.Debian
echo " -- ${{ github.actor }} <support@element.io> $TIME" >> changelog.Debian
env:
VERSION: v${{ steps.package.outputs.version }}
BODY: ${{ steps.release.outputs.body }}
PUBLISHED_AT: ${{ steps.release.outputs.published_at }}
- uses: actions/upload-artifact@v3
with:
name: webapp
retention-days: 1
path: |
webapp.asar
package.json
electronVersion
hakDependencies.json
changelog.Debian

19
.github/workflows/build_windows.yaml vendored
View File

@@ -14,7 +14,7 @@ on:
arch:
type: string
required: true
description: "The architecture to build for, one of 'x64' | 'x86'"
description: "The architecture to build for, one of 'x64' | 'x86' | 'arm64'"
version:
type: string
required: false
@@ -45,6 +45,12 @@ jobs:
"target": "x86_64-pc-windows-msvc",
"dir": "x64"
},
"arm64": {
"target": "aarch64-pc-windows-msvc",
"build-args": "--arm64",
"arch": "amd64_arm64",
"dir": "arm64"
},
"x86": {
"target": "i686-pc-windows-msvc",
"build-args": "--ia32",
@@ -62,14 +68,14 @@ jobs:
id: cache
uses: actions/cache@v3
with:
key: ${{ runner.os }}-${{ hashFiles('hakDependencies.json', 'electronVersion') }}
key: ${{ runner.os }}-${{ inputs.arch }}-${{ hashFiles('hakDependencies.json', 'electronVersion') }}
path: |
./.hak
- name: Set up build tools
uses: ilammy/msvc-dev-cmd@v1
with:
arch: ${{ inputs.arch }}
arch: ${{ steps.config.outputs.arch || inputs.arch }}
# ActiveTCL package on choco is from 2015,
# this one is newer but includes more than we need
@@ -91,6 +97,7 @@ jobs:
if: steps.cache.outputs.cache-hit != 'true'
uses: actions-rs/toolchain@v1
with:
default: true
toolchain: stable
target: ${{ steps.config.outputs.target }}
@@ -127,7 +134,7 @@ jobs:
$LogConfig | Set-Content -Path ${{ env.INSTALL_DIR }}/log4net.config
# Configure
${{ env.INSTALL_DIR }}/eSignerCKATool.exe config -mode "${{ env.MODE }}" -user "${{ secrets.ESIGNER_USER_NAME }}" -pass "${{ secrets.ESIGNER_USER_PASSWORD }}" -totp "${{ secrets.ESIGNER_USER_TOTP }}" -key "${{ env.MASTER_KEY_FILE }}" -r
${{ env.INSTALL_DIR }}/eSignerCKATool.exe config -mode product -user "${{ secrets.ESIGNER_USER_NAME }}" -pass "${{ secrets.ESIGNER_USER_PASSWORD }}" -totp "${{ secrets.ESIGNER_USER_TOTP }}" -key "${{ env.MASTER_KEY_FILE }}" -r
${{ env.INSTALL_DIR }}/eSignerCKATool.exe unload
${{ env.INSTALL_DIR }}/eSignerCKATool.exe load
@@ -140,8 +147,6 @@ jobs:
$SubjectName = ($CodeSigningCert.Subject -replace ", ?", "`n" | ConvertFrom-StringData).CN
echo "config-args=--signtool-thumbprint '$Thumbprint' --signtool-subject-name '$SubjectName'" >> $env:GITHUB_OUTPUT
env:
# XXX: UPDATE THIS BEFORE WHEN GOING LIVE
MODE: sandbox
INSTALL_DIR: C:\Users\runneradmin\eSignerCKA
MASTER_KEY_FILE: C:\Users\runneradmin\eSignerCKA\master.key
@@ -159,8 +164,6 @@ jobs:
- name: Check app was signed successfully
if: inputs.sign != ''
# XXX: UPDATE THIS BEFORE WHEN GOING LIVE
continue-on-error: true
run: |
. "$env:SIGNTOOL_PATH" verify /pa (get-item ./dist/squirrel-windows*/*.exe)

2
.github/workflows/packages_index.yaml vendored
View File

@@ -18,7 +18,7 @@ on:
jobs:
deploy:
name: "Deploy"
if: github.event != 'workflow_run' || github.event.workflow_run.conclusion == 'success'
if: github.event_name != 'workflow_run' || github.event.workflow_run.conclusion == 'success'
runs-on: ubuntu-latest
environment: packages.element.io
env:

7
.github/workflows/reprepro.yaml vendored
View File

@@ -24,8 +24,7 @@ jobs:
environment: packages.element.io
runs-on: ubuntu-latest
env:
# XXX: UPDATE THIS BEFORE WHEN GOING LIVE
R2_BUCKET: "packages-element-io-test"
R2_BUCKET: "packages-element-io"
R2_DB_BUCKET: packages-element-io-db
R2_URL: ${{ secrets.CF_R2_S3_API }}
steps:
@@ -64,10 +63,10 @@ jobs:
# Download signing keyring
sudo wget -O /usr/share/keyrings/element-io-archive-keyring.gpg https://packages.element.io/debian/element-io-archive-keyring.gpg
# Point apt at local apt repo
echo "deb [signed-by=/usr/share/keyrings/element-io-archive-keyring.gpg] http://localhost:8000/debian/ default main" | sudo tee /etc/apt/sources.list.d/element-io.list
echo "deb [signed-by=/usr/share/keyrings/element-io-archive-keyring.gpg] http://127.0.0.1:8000/debian/ default main" | sudo tee /etc/apt/sources.list.d/element-io.list
# Start http server and fetch from it via apt
python3 -m http.server 8000 &
python3 -m http.server 8000 --bind 127.0.0.1 &
sudo apt-get update --allow-insecure-repositories
killall python3