diff --git a/.github/workflows/autobuild.yml b/.github/workflows/autobuild.yml index c88b65b709..643a5570f7 100644 --- a/.github/workflows/autobuild.yml +++ b/.github/workflows/autobuild.yml @@ -1,5 +1,6 @@ -#### Automatically build and upload releases to GitHub #### - +# This file builds the source and produces artifacts for every supported platform. +# For release tags it creates a Github release and uploads the binaries to that releases. +# The builds are instrumented with CodeQL. # see analyse_git_reference.py for implementation of the logic: # for every push to a branch starting with "autobuild": (can be used during development for tighter supervision of builds) @@ -14,8 +15,6 @@ # for every tag that starts with 'r' and does not have any suffix: # - do CodeQl while building for every platform # - publish the created binaries/packs only as artifacts/appendix as a release -# - on: workflow_dispatch: @@ -23,166 +22,160 @@ on: tags: - "r*" branches: - - "autobuild*" # for developers: branches starting with autobuild will be built and evaluated on each push - - "autobuild/*" # for developers: branches starting with autobuild will be built and evaluated on each push + # For developers: Branches starting with autobuild will be built and evaluated on each push. + - "autobuild**" + # CodeQL requires every branch from on.pull_request to be part of on.push as well in order to run comparisons. + # We also need master here to trigger builds on PR merge to master and manual pushes (e.g. as part of the release process): - "master" - # - "*" - pull_request: # The branches below must be a subset of the branches in "push" + pull_request: branches: - master name: Auto-Build jobs: create_release: - name: Prepare Auto-Build/Release - runs-on: ubuntu-20.04 - outputs: + # Check if we are doing a release or just a normal build. + # This must be done before actually building the app to find out where to upload the binaries and if we need to create a Github release. + name: Build vars & Github release (if required) + runs-on: ubuntu-20.04 + outputs: publish_to_release: ${{ steps.jamulus-build-vars.outputs.PUBLISH_TO_RELEASE }} upload_url: ${{ steps.create_release_step.outputs.upload_url }} version_name: ${{ steps.jamulus-build-vars.outputs.RELEASE_VERSION_NAME }} - steps: - # Checkout code - - name: Checkout code - uses: actions/checkout@v2 - - # Set variables - # Determine release / pre-release - - name: Get Jamulus build info, determine actions & variables - run: python3 ${{ github.workspace }}/.github/actions_scripts/analyse_git_reference.py - id: jamulus-build-vars - - # remove release, if it exists (with this releasetag) - - name: Remove release, if existing (for branches) - if: ${{ contains(steps.jamulus-build-vars.outputs.PUBLISH_TO_RELEASE, 'true') }} - continue-on-error: true - uses: dev-drprasad/delete-tag-and-release@v0.1.2 - with: - delete_release: true - tag_name: ${{ steps.jamulus-build-vars.outputs.RELEASE_TAG }} - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - # create release (empty, filled by next jobs) - - name: 'Create Release ${{steps.jamulus-build-vars.outputs.RELEASE_TAG}} {{steps.jamulus-build-vars.outputs.RELEASE_TITLE}}' - if: ${{ contains(steps.jamulus-build-vars.outputs.PUBLISH_TO_RELEASE, 'true') }} - id: create_release_step - uses: actions/create-release@v1 - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - with: - tag_name: ${{ steps.jamulus-build-vars.outputs.RELEASE_TAG }} - release_name: ${{ steps.jamulus-build-vars.outputs.RELEASE_TITLE }} - body_path: ${{ github.workspace }}/autoLatestChangelog.md - prerelease: ${{ steps.jamulus-build-vars.outputs.IS_PRERELEASE }} - draft: false - - - ### CANCEL ### can be used for development concerning release-creation - #- name: Cancelthrougherroe - # run: myundefinedfunction + steps: + - name: Checkout code + uses: actions/checkout@v2 + + - name: Determine release version, type and prerelease variables and generate Changelog + run: python3 ${{ github.workspace }}/.github/actions_scripts/analyse_git_reference.py + id: jamulus-build-vars + + - name: Remove release ${{steps.jamulus-build-vars.outputs.RELEASE_TAG}}, if existing + if: contains(steps.jamulus-build-vars.outputs.PUBLISH_TO_RELEASE, 'true') + continue-on-error: true + uses: dev-drprasad/delete-tag-and-release@v0.1.2 + with: + delete_release: true + tag_name: ${{ steps.jamulus-build-vars.outputs.RELEASE_TAG }} + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + + - name: Create Release ${{steps.jamulus-build-vars.outputs.RELEASE_TAG}} ${{steps.jamulus-build-vars.outputs.RELEASE_TITLE}} + if: contains(steps.jamulus-build-vars.outputs.PUBLISH_TO_RELEASE, 'true') + id: create_release_step + uses: actions/create-release@v1 + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + with: + tag_name: ${{ steps.jamulus-build-vars.outputs.RELEASE_TAG }} + release_name: ${{ steps.jamulus-build-vars.outputs.RELEASE_TITLE }} + body_path: ${{ github.workspace }}/autoLatestChangelog.md + prerelease: ${{ steps.jamulus-build-vars.outputs.IS_PRERELEASE }} + draft: false release_assets: - name: Build assets for ${{ matrix.config.config_name }} + name: Build for ${{ matrix.config.config_name }} needs: create_release strategy: fail-fast: false - matrix: # Think of this like a foreach loop. Basically runs the steps with every combination of the contents of this. More info: https://docs.github.com/en/actions/learn-github-actions/managing-complex-workflows#using-a-build-matrix + matrix: + # Think of this like a foreach loop. Basically runs the steps with every combination of + # the contents of this. config: - - config_name: AndroidAPK (artifact+codeQL) - target_os: android - building_on_os: ubuntu-20.04 - cmd1_prebuild: "./autobuild/android/autobuild_apk_1_prepare.sh" - cmd2_build: "./autobuild/android/autobuild_apk_2_build.sh" - cmd3_postbuild: "./autobuild/android/autobuild_apk_3_copy_files.sh" - uses_codeql: true - checkout_fetch_depth: '0' # Jamulus.pro needs to count git history length for android versioning - - - config_name: Linux (artifacts+codeQL) - target_os: linux - building_on_os: ubuntu-18.04 - cmd1_prebuild: "./autobuild/linux/autobuild_deb_1_prepare.sh" - cmd2_build: "./autobuild/linux/autobuild_deb_2_build.sh" - cmd3_postbuild: "./autobuild/linux/autobuild_deb_3_copy_files.sh" - uses_codeql: true - - - config_name: MacOS (codeQL) - target_os: macos - building_on_os: macos-10.15 - cmd1_prebuild: "./autobuild/mac/codeQL/autobuild_mac_1_prepare.sh 5.15.2" - cmd2_build: "./autobuild/mac/codeQL/autobuild_mac_2_build.sh" - cmd3_postbuild: false - uses_codeql: true - xcode_version: 12.1.1 - - - config_name: MacOS (artifacts) - target_os: macos - # Stay on 10.15 as long as we use dmgbuild which does not work with 11's hdiutil (?) - building_on_os: macos-10.15 - cmd1_prebuild: "./autobuild/mac/artifacts/autobuild_mac_1_prepare.sh 5.15.2" - cmd2_build: "./autobuild/mac/artifacts/autobuild_mac_2_build.sh sign_if_possible" - cmd3_postbuild: "./autobuild/mac/artifacts/autobuild_mac_3_copy_files.sh" - uses_codeql: false - xcode_version: 12.1.1 - - - config_name: iOS (artifacts) - target_os: ios - building_on_os: macos-10.15 - cmd1_prebuild: "./autobuild/ios/artifacts/autobuild_ios_1_prepare.sh 5.15.2" - cmd2_build: "./autobuild/ios/artifacts/autobuild_ios_2_build.sh" - cmd3_postbuild: "./autobuild/ios/artifacts/autobuild_ios_3_copy_files.sh" - uses_codeql: false - xcode_version: 12.1.1 - - - config_name: MacOS Legacy (artifacts) - target_os: macos - building_on_os: macos-10.15 - cmd1_prebuild: "./autobuild/mac/artifacts/autobuild_mac_1_prepare.sh 5.9.9" - cmd2_build: "./autobuild/mac/artifacts/autobuild_mac_2_build.sh do_not_sign" - cmd3_postbuild: "./autobuild/mac/artifacts/autobuild_mac_3_copy_files.sh legacy" - uses_codeql: false - # For Qt5 on Mac, we need to ensure SDK 10.15 is used, and not SDK 11.x. - # Xcode 12.1 is the most-recent release which still ships SDK 10.15: - # https://developer.apple.com/support/xcode/ - # Xcode 12.1.1 is the most-recent 12.1.x release: - # https://xcodereleases.com/ - xcode_version: 12.1.1 - - - config_name: Windows (artifact+codeQL) - target_os: windows - building_on_os: windows-2019 - cmd1_prebuild: powershell .\autobuild\windows\autobuild_windowsinstaller_1_prepare.ps1 - cmd2_build: powershell .\autobuild\windows\autobuild_windowsinstaller_2_build.ps1 - cmd3_postbuild: powershell .\autobuild\windows\autobuild_windowsinstaller_3_copy_files.ps1 - uses_codeql: true - - - config_name: Windows JACK (artifact) - target_os: windows - building_on_os: windows-2019 - cmd1_prebuild: powershell .\autobuild\windows\autobuild_windowsinstaller_1_prepare.ps1 -BuildOption jackonwindows - cmd2_build: powershell .\autobuild\windows\autobuild_windowsinstaller_2_build.ps1 -BuildOption jackonwindows - cmd3_postbuild: powershell .\autobuild\windows\autobuild_windowsinstaller_3_copy_files.ps1 -BuildOption jackonwindows - uses_codeql: false + - config_name: AndroidAPK (artifact+codeQL) + target_os: android + building_on_os: ubuntu-20.04 + cmd1_prebuild: "./autobuild/android/autobuild_apk_1_prepare.sh" + cmd2_build: "./autobuild/android/autobuild_apk_2_build.sh" + cmd3_postbuild: "./autobuild/android/autobuild_apk_3_copy_files.sh" + run_codeql: true + # Jamulus.pro needs to count git history length for android versioning: + checkout_fetch_depth: '0' + + - config_name: Linux (artifacts+codeQL) + target_os: linux + building_on_os: ubuntu-18.04 + cmd1_prebuild: "./autobuild/linux/autobuild_deb_1_prepare.sh" + cmd2_build: "./autobuild/linux/autobuild_deb_2_build.sh" + cmd3_postbuild: "./autobuild/linux/autobuild_deb_3_copy_files.sh" + run_codeql: true + + - config_name: MacOS (codeQL) + target_os: macos + building_on_os: macos-10.15 + cmd1_prebuild: "./autobuild/mac/codeQL/autobuild_mac_1_prepare.sh 5.15.2" + cmd2_build: "./autobuild/mac/codeQL/autobuild_mac_2_build.sh" + cmd3_postbuild: false + run_codeql: true + xcode_version: 12.1.1 + + - config_name: MacOS (artifacts) + target_os: macos + # Stay on 10.15 as long as we use dmgbuild which does not work with 11's hdiutil (?) + building_on_os: macos-10.15 + cmd1_prebuild: "./autobuild/mac/artifacts/autobuild_mac_1_prepare.sh 5.15.2" + cmd2_build: "./autobuild/mac/artifacts/autobuild_mac_2_build.sh sign_if_possible" + cmd3_postbuild: "./autobuild/mac/artifacts/autobuild_mac_3_copy_files.sh" + run_codeql: false + xcode_version: 12.1.1 + + - config_name: iOS (artifacts) + target_os: ios + building_on_os: macos-10.15 + cmd1_prebuild: "./autobuild/ios/artifacts/autobuild_ios_1_prepare.sh 5.15.2" + cmd2_build: "./autobuild/ios/artifacts/autobuild_ios_2_build.sh" + cmd3_postbuild: "./autobuild/ios/artifacts/autobuild_ios_3_copy_files.sh" + run_codeql: false + xcode_version: 12.1.1 + + - config_name: MacOS Legacy (artifacts) + target_os: macos + building_on_os: macos-10.15 + cmd1_prebuild: "./autobuild/mac/artifacts/autobuild_mac_1_prepare.sh 5.9.9" + cmd2_build: "./autobuild/mac/artifacts/autobuild_mac_2_build.sh do_not_sign" + cmd3_postbuild: "./autobuild/mac/artifacts/autobuild_mac_3_copy_files.sh legacy" + run_codeql: false + # For Qt5 on Mac, we need to ensure SDK 10.15 is used, and not SDK 11.x. + # Xcode 12.1 is the most-recent release which still ships SDK 10.15: + # https://developer.apple.com/support/xcode/ + # Xcode 12.1.1 is the most-recent 12.1.x release: + # https://xcodereleases.com/ + xcode_version: 12.1.1 + + - config_name: Windows (artifact+codeQL) + target_os: windows + building_on_os: windows-2019 + cmd1_prebuild: powershell .\autobuild\windows\autobuild_windowsinstaller_1_prepare.ps1 + cmd2_build: powershell .\autobuild\windows\autobuild_windowsinstaller_2_build.ps1 + cmd3_postbuild: powershell .\autobuild\windows\autobuild_windowsinstaller_3_copy_files.ps1 + run_codeql: true + + - config_name: Windows JACK (artifact) + target_os: windows + building_on_os: windows-2019 + cmd1_prebuild: powershell .\autobuild\windows\autobuild_windowsinstaller_1_prepare.ps1 -BuildOption jackonwindows + cmd2_build: powershell .\autobuild\windows\autobuild_windowsinstaller_2_build.ps1 -BuildOption jackonwindows + cmd3_postbuild: powershell .\autobuild\windows\autobuild_windowsinstaller_3_copy_files.ps1 -BuildOption jackonwindows + run_codeql: false runs-on: ${{ matrix.config.building_on_os }} steps: - - name: Select Xcode version for Mac - if: ${{ matrix.config.target_os == 'macos' || matrix.config.target_os == 'ios' }} + if: matrix.config.target_os == 'macos' || matrix.config.target_os == 'ios' uses: maxim-lobanov/setup-xcode@v1 with: - xcode-version: ${{ matrix.config.xcode_version }} + xcode-version: ${{ matrix.config.xcode_version }} - # Checkout code - name: Checkout code uses: actions/checkout@v2 with: submodules: true fetch-depth: ${{ matrix.config.checkout_fetch_depth || '1' }} - # Enable caching of downloaded dependencies - - name: "Cache Mac dependencies" - if: ${{ matrix.config.target_os == 'macos' }} + - name: Cache Mac dependencies + if: matrix.config.target_os == 'macos' uses: actions/cache@v2 with: path: | @@ -191,8 +184,8 @@ jobs: ~/Library/Cache/jamulus-homebrew-bottles key: ${{ matrix.config.target_os }}-${{ hashFiles('.github/workflows/autobuild.yml', 'autobuild/mac/artifacts/autobuild_mac_1_prepare.sh', 'autobuild/mac/codeQL/autobuild_mac_1_prepare.sh', 'mac/deploy_mac.sh') }}-${{ matrix.config.cmd1_prebuild }} - - name: "Cache Windows dependencies" - if: ${{ matrix.config.target_os == 'windows' }} + - name: Cache Windows dependencies + if: matrix.config.target_os == 'windows' uses: actions/cache@v2 with: path: | @@ -203,8 +196,8 @@ jobs: ~\windows\ASIOSDK2 key: ${{ matrix.config.target_os }}-${{ hashFiles('.github/workflows/autobuild.yml', 'autobuild/windows/autobuild_windowsinstaller_1_prepare.ps1', 'windows/deploy_windows.ps1') }}-${{ matrix.config.cmd1_prebuild }} - - name: "Cache Android dependencies" - if: ${{ matrix.config.target_os == 'android' }} + - name: Cache Android dependencies + if: matrix.config.target_os == 'android' uses: actions/cache@v2 with: path: | @@ -213,29 +206,23 @@ jobs: /opt/android/android-ndk key: ${{ matrix.config.target_os }}-${{ hashFiles('.github/workflows/autobuild.yml', 'autobuild/android/autobuild_apk_1_prepare.sh', 'autobuild/android/install-qt.sh') }}-${{ matrix.config.cmd1_prebuild }} - # Prepare (install QT & dependencies) - - name: "Prepare for ${{ matrix.config.config_name }}" - if: ${{ matrix.config.cmd1_prebuild }} + - name: Set up build dependencies for ${{ matrix.config.config_name }} + if: matrix.config.cmd1_prebuild run: ${{ matrix.config.cmd1_prebuild }} env: ACTIONS_ALLOW_UNSECURE_COMMANDS: 'true' # allow setting environment variables jamulus_project_path: ${{ github.workspace }} jamulus_buildversionstring: ${{ needs.create_release.outputs.version_name }} - # Initialize CodeQL tools for code-scanning for security - name: Initialize CodeQL - if: matrix.config.uses_codeql + if: matrix.config.run_codeql uses: github/codeql-action/init@v1 with: languages: 'cpp' - # CodeQL supports [ 'cpp', 'csharp', 'go', 'java', 'javascript', 'python' ] - # Learn more: - # https://docs.github.com/en/free-pro-team@latest/github/finding-security-vulnerabilities-and-errors-in-your-code/configuring-code-scanning#changing-the-languages-that-are-analyzed - - # Build - - name: "Build for ${{ matrix.config.config_name }}" - id: step_macos_build - if: ${{ matrix.config.cmd2_build }} + + - name: Build for ${{ matrix.config.config_name }} + id: step_build + if: matrix.config.cmd2_build run: ${{ matrix.config.cmd2_build }} ${{ github.workspace }} env: jamulus_project_path: ${{ github.workspace }} @@ -246,79 +233,83 @@ jobs: NOTARIZATION_PASSWORD: ${{ secrets.NOTARIZATION_PASSWORD }} KEYCHAIN_PASSWORD: ${{ secrets.KEYCHAIN_PASSWORD }} - - name: "Post-Build for ${{ matrix.config.config_name }}" + - name: Post-Build for ${{ matrix.config.config_name }} id: step_cmd3_postbuild - if: ${{ matrix.config.cmd3_postbuild }} + if: matrix.config.cmd3_postbuild run: ${{ matrix.config.cmd3_postbuild }} ${{ github.workspace }} env: jamulus_project_path: ${{ github.workspace }} jamulus_buildversionstring: ${{ needs.create_release.outputs.version_name }} - # Upload Artifact to Job - name: Upload Artifact 1 to Job - if: ${{ steps.step_cmd3_postbuild.outputs.artifact_1 }} + if: steps.step_cmd3_postbuild.outputs.artifact_1 uses: actions/upload-artifact@v2 with: name: ${{ steps.step_cmd3_postbuild.outputs.artifact_1 }} path: deploy/${{ steps.step_cmd3_postbuild.outputs.artifact_1 }} retention-days: 31 - if-no-files-found: error # 'warn' or 'ignore' are also available, defaults to `warn` + if-no-files-found: error - # Upload Artifact to Job - name: Upload Artifact 2 to Job - if: ${{ steps.step_cmd3_postbuild.outputs.artifact_2 }} + if: steps.step_cmd3_postbuild.outputs.artifact_2 uses: actions/upload-artifact@v2 with: name: ${{ steps.step_cmd3_postbuild.outputs.artifact_2 }} path: deploy/${{ steps.step_cmd3_postbuild.outputs.artifact_2 }} retention-days: 31 - if-no-files-found: error # 'warn' or 'ignore' are also available, defaults to `warn` - - # Notarize macOS build, if needed - - name: "Notarize macOS Release Build" - if: ${{ (steps.step_cmd3_postbuild.outputs.artifact_1 != '') && (steps.step_macos_build.outputs.macos_signed == 'true') && contains(needs.create_release.outputs.publish_to_release, 'true') }} - id: notarize-macOS-app - uses: devbotsxyz/xcode-notarize@d7219e1c390b47db8bab0f6b4fc1e3b7943e4b3b + if-no-files-found: error + + - name: Notarize macOS Release Build + if: >- + steps.step_cmd3_postbuild.outputs.artifact_1 != '' && + steps.step_build.outputs.macos_signed == 'true' && + contains(needs.create_release.outputs.publish_to_release, 'true') + id: notarize-macOS-app + uses: devbotsxyz/xcode-notarize@d7219e1c390b47db8bab0f6b4fc1e3b7943e4b3b with: - product-path: deploy/${{ steps.step_cmd3_postbuild.outputs.artifact_1 }} - primary-bundle-id: io.jamulus.Jamulus + product-path: deploy/${{ steps.step_cmd3_postbuild.outputs.artifact_1 }} + primary-bundle-id: io.jamulus.Jamulus appstore-connect-username: ${{ secrets.NOTARIZATION_USERNAME }} appstore-connect-password: ${{ secrets.NOTARIZATION_PASSWORD }} - # Apply successful notarization - - name: "Staple macOS Release Build" - if: ${{ (steps.step_cmd3_postbuild.outputs.artifact_1 != '') && (steps.step_macos_build.outputs.macos_signed == 'true') && contains(needs.create_release.outputs.publish_to_release, 'true') }} - id: staple-macOS-app - uses: devbotsxyz/xcode-staple@v1 + + - name: Staple macOS Release Build + if: >- + steps.step_cmd3_postbuild.outputs.artifact_1 != '' && + steps.step_build.outputs.macos_signed == 'true' && + contains(needs.create_release.outputs.publish_to_release, 'true') + id: staple-macOS-app + uses: devbotsxyz/xcode-staple@v1 with: - product-path: deploy/${{ steps.step_cmd3_postbuild.outputs.artifact_1 }} + product-path: deploy/${{ steps.step_cmd3_postbuild.outputs.artifact_1 }} - # Upload Artifact to Release - name: Upload Artifact 1 to Release - if: ${{ (steps.step_cmd3_postbuild.outputs.artifact_1 != '') && contains(needs.create_release.outputs.publish_to_release, 'true') }} + if: >- + steps.step_cmd3_postbuild.outputs.artifact_1 != '' && + contains(needs.create_release.outputs.publish_to_release, 'true') id: upload-release-asset1 uses: actions/upload-release-asset@v1 env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} with: - upload_url: ${{ needs.create_release.outputs.upload_url }} # See this blog post for more info: https://jasonet.co/posts/new-features-of-github-actions/#passing-data-to-future-steps + upload_url: ${{ needs.create_release.outputs.upload_url }} asset_path: deploy/${{ steps.step_cmd3_postbuild.outputs.artifact_1 }} asset_name: ${{ steps.step_cmd3_postbuild.outputs.artifact_1 }} asset_content_type: application/octet-stream - # Upload Artifact to Release - name: Upload Artifact 2 to Release - if: ${{ (steps.step_cmd3_postbuild.outputs.artifact_2 != '') && contains(needs.create_release.outputs.publish_to_release, 'true') }} + if: >- + steps.step_cmd3_postbuild.outputs.artifact_2 != '' && + contains(needs.create_release.outputs.publish_to_release, 'true') id: upload-release-asset2 uses: actions/upload-release-asset@v1 env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} with: - upload_url: ${{ needs.create_release.outputs.upload_url }} # See this blog post for more info: https://jasonet.co/posts/new-features-of-github-actions/#passing-data-to-future-steps + upload_url: ${{ needs.create_release.outputs.upload_url }} asset_path: deploy/${{ steps.step_cmd3_postbuild.outputs.artifact_2 }} asset_name: ${{ steps.step_cmd3_postbuild.outputs.artifact_2 }} asset_content_type: application/octet-stream - # Run CodeQL tools for code-scanning for security - name: Perform CodeQL Analysis - if: matrix.config.uses_codeql + if: matrix.config.run_codeql uses: github/codeql-action/analyze@v1