diff --git a/.github/workflows/assets/linux.Dockerfile b/.github/workflows/assets/linux.Dockerfile index 35d546ca0..9124f0365 100644 --- a/.github/workflows/assets/linux.Dockerfile +++ b/.github/workflows/assets/linux.Dockerfile @@ -1,43 +1,28 @@ # The Arduino IDE Linux build workflow job runs in this container. # syntax=docker/dockerfile:1 -FROM ubuntu:18.04 - -# See: https://unofficial-builds.nodejs.org/download/release/ -ARG node_version="18.17.1" +# See: https://hub.docker.com/_/ubuntu/tags +FROM ubuntu:18.10 +# This is required in order to use the Ubuntu package repositories for EOL Ubuntu versions: +# https://help.ubuntu.com/community/EOLUpgrades#Update_sources.list RUN \ - apt-get \ - --yes \ - update + sed \ + --in-place \ + --regexp-extended \ + --expression='s/([a-z]{2}\.)?archive.ubuntu.com|security.ubuntu.com/old-releases.ubuntu.com/g' \ + "/etc/apt/sources.list" -# This is required to get add-apt-repository RUN \ apt-get \ --yes \ - install \ - "software-properties-common=0.96.24.32.22" + update -# Install Git -# The PPA is required to get a modern version of Git. The version in the Ubuntu 18.04 package repository is 2.17.1, -# while action/checkout@v3 requires 2.18 or higher. RUN \ - add-apt-repository \ - --yes \ - "ppa:git-core/ppa" && \ - apt-get \ - --yes \ - update && \ - \ apt-get \ --yes \ install \ - "git" && \ - \ - apt-get \ - --yes \ - purge \ - "software-properties-common" + "git" # The repository path must be added to safe.directory, otherwise any Git operations on it would fail with a # "dubious ownership" error. actions/checkout configures this, but it is not applied to containers. @@ -51,18 +36,12 @@ ENV \ # Install Python # The Python installed by actions/setup-python has dependency on a higher version of glibc than available in the -# ubuntu:18.04 container. +# container. RUN \ apt-get \ --yes \ install \ - "python3.8-minimal=3.8.0-3ubuntu1~18.04.2" && \ - \ - ln \ - --symbolic \ - --force \ - "$(which python3.8)" \ - "/usr/bin/python3" + "python3.7-minimal=3.7.3-2~18.10" # Install Theia's package dependencies # These are pre-installed in the GitHub Actions hosted runner machines. @@ -70,43 +49,15 @@ RUN \ apt-get \ --yes \ install \ - "libsecret-1-dev=0.18.6-1" \ - "libx11-dev=2:1.6.4-3ubuntu0.4" \ + "libsecret-1-dev=0.18.6-3" \ + "libx11-dev=2:1.6.7-1" \ "libxkbfile-dev=1:1.0.9-2" -# Install Node.js -# It is necessary to use the "unofficial" linux-x64-glibc-217 build because the official Node.js 18.x is dynamically -# linked against glibc 2.28, while Ubuntu 18.04 has glibc 2.27. -ARG node_installation_path="/tmp/node-installation" -ARG artifact_name="node-v${node_version}-linux-x64-glibc-217" -RUN \ - mkdir "$node_installation_path" && \ - cd "$node_installation_path" && \ - \ - apt-get \ - --yes \ - install \ - "wget=1.19.4-1ubuntu2.2" && \ - \ - archive_name="${artifact_name}.tar.xz" && \ - wget \ - "https://unofficial-builds.nodejs.org/download/release/v${node_version}/${archive_name}" && \ - \ - apt-get \ - --yes \ - purge \ - "wget" && \ - \ - tar \ - --file="$archive_name" \ - --extract && \ - rm "$archive_name" -ENV PATH="${PATH}:${node_installation_path}/${artifact_name}/bin" - -# Install Yarn -# Yarn is pre-installed in the GitHub Actions hosted runner machines. +# Target python3 symlink to Python 3.7 installation. It would otherwise target version 3.6 due to the installation of +# the `python3` package as a transitive dependency. RUN \ - npm \ - install \ - --global \ - "yarn@1.22.19" + ln \ + --symbolic \ + --force \ + "$(which python3.7)" \ + "/usr/bin/python3" diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 535298d8e..e4e09b73f 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -48,9 +48,10 @@ env: GO_VERSION: '1.21' # See: https://github.com/actions/setup-node/#readme NODE_VERSION: '18.17' - JOB_TRANSFER_ARTIFACT: build-artifacts + YARN_VERSION: '1.22' + JOB_TRANSFER_ARTIFACT_PREFIX: build-artifacts- CHANGELOG_ARTIFACTS: changelog - STAGED_CHANNEL_FILES_ARTIFACT: staged-channel-files + STAGED_CHANNEL_FILE_ARTIFACT_PREFIX: staged-channel-file- BASE_BUILD_DATA: | - config: # Human identifier for the job. @@ -68,6 +69,8 @@ env: certificate-extension: pfx # Container for windows cert signing certificate-container: INSTALLER_CERT_WINDOWS_CONTAINER + # Arbitrary identifier used to give the workflow artifact uploaded by each "build" matrix job a unique name. + job-transfer-artifact-suffix: Windows_64bit # Quoting on the value is required here to allow the same comparison expression syntax to be used for this # and the companion needs.select-targets.outputs.merge-channel-files property (output values always have string # type). @@ -91,6 +94,7 @@ env: { \"image\": \"ghcr.io/arduino/arduino-ide/linux:main\" } + job-transfer-artifact-suffix: Linux_64bit mergeable-channel-file: 'false' artifacts: - path: '*Linux_64bit.zip' @@ -107,6 +111,7 @@ env: certificate-secret: APPLE_SIGNING_CERTIFICATE_P12 certificate-password-secret: KEYCHAIN_PASSWORD certificate-extension: p12 + job-transfer-artifact-suffix: macOS_64bit mergeable-channel-file: 'true' artifacts: - path: '*macOS_64bit.dmg' @@ -121,6 +126,7 @@ env: certificate-secret: APPLE_SIGNING_CERTIFICATE_P12 certificate-password-secret: KEYCHAIN_PASSWORD certificate-extension: p12 + job-transfer-artifact-suffix: macOS_arm64 mergeable-channel-file: 'true' artifacts: - path: '*macOS_arm64.dmg' @@ -233,7 +239,7 @@ jobs: ) | \ yq \ --output-format json \ - '[.[].artifacts.[]]' + 'map(.artifacts[] + (.config | pick(["job-transfer-artifact-suffix"])))' )" # The build matrix produces two macOS jobs (x86 and ARM) so the "channel update info files" @@ -252,7 +258,7 @@ jobs: echo "${{ env.BASE_BUILD_DATA }}" | \ yq \ --output-format json \ - '[.[].artifacts.[]]' + 'map(.artifacts[] + (.config | pick(["job-transfer-artifact-suffix"])))' )" merge_channel_files="false" @@ -311,21 +317,26 @@ jobs: if not exist "${{ matrix.config.working-directory }}" mklink /d "${{ matrix.config.working-directory }}" "C:\actions-runner\_work\arduino-ide\arduino-ide" - name: Checkout - if: fromJSON(matrix.config.container) == null uses: actions/checkout@v4 - - name: Checkout - # actions/checkout@v4 has dependency on a higher version of glibc than available in the Linux container. - if: fromJSON(matrix.config.container) != null - uses: actions/checkout@v3 - name: Install Node.js - if: fromJSON(matrix.config.container) == null && runner.name != 'WINDOWS-SIGN-PC' + if: runner.name != 'WINDOWS-SIGN-PC' uses: actions/setup-node@v4 with: node-version: ${{ env.NODE_VERSION }} registry-url: 'https://registry.npmjs.org' - cache: 'yarn' + # Yarn is a prerequisite for the action's cache feature, so caching should be disabled when running in the + # container where Yarn is not pre-installed. + cache: ${{ fromJSON(matrix.config.container) == null && 'yarn' || null }} + + - name: Install Yarn + if: runner.name != 'WINDOWS-SIGN-PC' + run: | + npm \ + install \ + --global \ + "yarn@${{ env.YARN_VERSION }}" - name: Install Python 3.x if: fromJSON(matrix.config.container) == null && runner.name != 'WINDOWS-SIGN-PC' @@ -334,33 +345,18 @@ jobs: python-version: '3.11.x' - name: Install Go - if: fromJSON(matrix.config.container) == null && runner.name != 'WINDOWS-SIGN-PC' + if: runner.name != 'WINDOWS-SIGN-PC' uses: actions/setup-go@v5 with: go-version: ${{ env.GO_VERSION }} - - name: Install Go - # actions/setup-go@v5 has dependency on a higher version of glibc than available in the Linux container. - if: fromJSON(matrix.config.container) != null && runner.name != 'WINDOWS-SIGN-PC' - uses: actions/setup-go@v4 - with: - go-version: ${{ env.GO_VERSION }} - - name: Install Taskfile - if: fromJSON(matrix.config.container) == null && runner.name != 'WINDOWS-SIGN-PC' + if: runner.name != 'WINDOWS-SIGN-PC' uses: arduino/setup-task@v2 with: repo-token: ${{ secrets.GITHUB_TOKEN }} version: 3.x - - name: Install Taskfile - # actions/setup-task@v2 has dependency on a higher version of glibc than available in the Linux container. - if: fromJSON(matrix.config.container) != null && runner.name != 'WINDOWS-SIGN-PC' - uses: arduino/setup-task@v1 - with: - repo-token: ${{ secrets.GITHUB_TOKEN }} - version: 3.x - - name: Package env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} @@ -411,19 +407,19 @@ jobs: echo "STAGED_CHANNEL_FILES_PATH=$staged_channel_files_path" >> "$GITHUB_ENV" - name: Upload staged-for-merge channel file artifact - uses: actions/upload-artifact@v3 + uses: actions/upload-artifact@v4 if: > needs.select-targets.outputs.merge-channel-files == 'true' && matrix.config.mergeable-channel-file == 'true' with: if-no-files-found: error - name: ${{ env.STAGED_CHANNEL_FILES_ARTIFACT }} + name: ${{ env.STAGED_CHANNEL_FILE_ARTIFACT_PREFIX }}${{ matrix.config.job-transfer-artifact-suffix }} path: ${{ matrix.config.working-directory && format('{0}/{1}', matrix.config.working-directory, env.STAGED_CHANNEL_FILES_PATH) || env.STAGED_CHANNEL_FILES_PATH }} - - name: Upload [GitHub Actions] - uses: actions/upload-artifact@v3 + - name: Upload builds to job transfer artifact + uses: actions/upload-artifact@v4 with: - name: ${{ env.JOB_TRANSFER_ARTIFACT }} + name: ${{ env.JOB_TRANSFER_ARTIFACT_PREFIX }}${{ matrix.config.job-transfer-artifact-suffix }} path: ${{ matrix.config.working-directory && format('{0}/{1}', matrix.config.working-directory, env.BUILD_ARTIFACTS_PATH) || env.BUILD_ARTIFACTS_PATH }} - name: Manual Clean up for self-hosted runners @@ -449,16 +445,17 @@ jobs: - name: Checkout uses: actions/checkout@v4 - - name: Download staged-for-merge channel files artifact - uses: actions/download-artifact@v3 + - name: Download staged-for-merge channel file artifacts + uses: actions/download-artifact@v4 with: - name: ${{ env.STAGED_CHANNEL_FILES_ARTIFACT }} + merge-multiple: true path: ${{ env.CHANNEL_FILES_PATH }} + pattern: ${{ env.STAGED_CHANNEL_FILE_ARTIFACT_PREFIX }}* - - name: Remove no longer needed artifact - uses: geekyeggo/delete-artifact@v2 + - name: Remove no longer needed artifacts + uses: geekyeggo/delete-artifact@v5 with: - name: ${{ env.STAGED_CHANNEL_FILES_ARTIFACT }} + name: ${{ env.STAGED_CHANNEL_FILE_ARTIFACT_PREFIX }}* - name: Install Node.js uses: actions/setup-node@v4 @@ -488,11 +485,11 @@ jobs: --channel "${{ needs.build-type-determination.outputs.channel-name }}" \ --input "${{ env.CHANNEL_FILES_PATH }}" - - name: Upload merged channel files to job transfer artifact - uses: actions/upload-artifact@v3 + - name: Upload merged channel files job transfer artifact + uses: actions/upload-artifact@v4 with: if-no-files-found: error - name: ${{ env.JOB_TRANSFER_ARTIFACT }} + name: ${{ env.JOB_TRANSFER_ARTIFACT_PREFIX }}channel-files path: ${{ env.CHANNEL_FILES_PATH }} artifacts: @@ -503,22 +500,25 @@ jobs: if: always() && needs.build.result != 'skipped' runs-on: ubuntu-latest + env: + BUILD_ARTIFACTS_FOLDER: build-artifacts + strategy: matrix: artifact: ${{ fromJson(needs.select-targets.outputs.artifact-matrix) }} steps: - - name: Download job transfer artifact - uses: actions/download-artifact@v3 + - name: Download job transfer artifact that contains ${{ matrix.artifact.name }} tester build + uses: actions/download-artifact@v4 with: - name: ${{ env.JOB_TRANSFER_ARTIFACT }} - path: ${{ env.JOB_TRANSFER_ARTIFACT }} + name: ${{ env.JOB_TRANSFER_ARTIFACT_PREFIX }}${{ matrix.artifact.job-transfer-artifact-suffix }} + path: ${{ env.BUILD_ARTIFACTS_FOLDER }} - name: Upload tester build artifact - uses: actions/upload-artifact@v3 + uses: actions/upload-artifact@v4 with: name: ${{ matrix.artifact.name }} - path: ${{ env.JOB_TRANSFER_ARTIFACT }}/${{ matrix.artifact.path }} + path: ${{ env.BUILD_ARTIFACTS_FOLDER }}/${{ matrix.artifact.path }} changelog: needs: @@ -561,11 +561,11 @@ jobs: echo "$BODY" > CHANGELOG.txt - - name: Upload Changelog [GitHub Actions] + - name: Upload changelog job transfer artifact if: needs.build-type-determination.outputs.is-nightly == 'true' - uses: actions/upload-artifact@v3 + uses: actions/upload-artifact@v4 with: - name: ${{ env.JOB_TRANSFER_ARTIFACT }} + name: ${{ env.JOB_TRANSFER_ARTIFACT_PREFIX }}changelog path: CHANGELOG.txt publish: @@ -584,18 +584,23 @@ jobs: needs.build-type-determination.outputs.publish-to-s3 == 'true' && needs.build-type-determination.outputs.is-nightly == 'true' runs-on: ubuntu-latest + + env: + ARTIFACTS_FOLDER: build-artifacts + steps: - - name: Download [GitHub Actions] - uses: actions/download-artifact@v3 + - name: Download all job transfer artifacts + uses: actions/download-artifact@v4 with: - name: ${{ env.JOB_TRANSFER_ARTIFACT }} - path: ${{ env.JOB_TRANSFER_ARTIFACT }} + merge-multiple: true + path: ${{ env.ARTIFACTS_FOLDER }} + pattern: ${{ env.JOB_TRANSFER_ARTIFACT_PREFIX }}* - name: Publish Nightly [S3] uses: docker://plugins/s3 env: - PLUGIN_SOURCE: '${{ env.JOB_TRANSFER_ARTIFACT }}/*' - PLUGIN_STRIP_PREFIX: '${{ env.JOB_TRANSFER_ARTIFACT }}/' + PLUGIN_SOURCE: '${{ env.ARTIFACTS_FOLDER }}/*' + PLUGIN_STRIP_PREFIX: '${{ env.ARTIFACTS_FOLDER }}/' PLUGIN_TARGET: '/arduino-ide/nightly' PLUGIN_BUCKET: ${{ secrets.DOWNLOADS_BUCKET }} AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} @@ -616,12 +621,17 @@ jobs: needs.changelog.result == 'success' && needs.build-type-determination.outputs.is-release == 'true' runs-on: ubuntu-latest + + env: + ARTIFACTS_FOLDER: build-artifacts + steps: - - name: Download [GitHub Actions] - uses: actions/download-artifact@v3 + - name: Download all job transfer artifacts + uses: actions/download-artifact@v4 with: - name: ${{ env.JOB_TRANSFER_ARTIFACT }} - path: ${{ env.JOB_TRANSFER_ARTIFACT }} + merge-multiple: true + path: ${{ env.ARTIFACTS_FOLDER }} + pattern: ${{ env.JOB_TRANSFER_ARTIFACT_PREFIX }}* - name: Get Tag id: tag_name @@ -633,7 +643,7 @@ jobs: with: repo_token: ${{ secrets.GITHUB_TOKEN }} release_name: ${{ steps.tag_name.outputs.TAG_NAME }} - file: ${{ env.JOB_TRANSFER_ARTIFACT }}/* + file: ${{ env.ARTIFACTS_FOLDER }}/* tag: ${{ github.ref }} file_glob: true body: ${{ needs.changelog.outputs.BODY }} @@ -642,8 +652,8 @@ jobs: if: needs.build-type-determination.outputs.publish-to-s3 == 'true' uses: docker://plugins/s3 env: - PLUGIN_SOURCE: '${{ env.JOB_TRANSFER_ARTIFACT }}/*' - PLUGIN_STRIP_PREFIX: '${{ env.JOB_TRANSFER_ARTIFACT }}/' + PLUGIN_SOURCE: '${{ env.ARTIFACTS_FOLDER }}/*' + PLUGIN_STRIP_PREFIX: '${{ env.ARTIFACTS_FOLDER }}/' PLUGIN_TARGET: '/arduino-ide' PLUGIN_BUCKET: ${{ secrets.DOWNLOADS_BUCKET }} AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} @@ -661,7 +671,7 @@ jobs: runs-on: ubuntu-latest steps: - - name: Remove unneeded job transfer artifact - uses: geekyeggo/delete-artifact@v2 + - name: Remove unneeded job transfer artifacts + uses: geekyeggo/delete-artifact@v5 with: - name: ${{ env.JOB_TRANSFER_ARTIFACT }} + name: ${{ env.JOB_TRANSFER_ARTIFACT_PREFIX }}* diff --git a/.github/workflows/sync-labels.yml b/.github/workflows/sync-labels.yml index 0ec11e7f3..22fa0d0e9 100644 --- a/.github/workflows/sync-labels.yml +++ b/.github/workflows/sync-labels.yml @@ -19,7 +19,7 @@ on: env: CONFIGURATIONS_FOLDER: .github/label-configuration-files - CONFIGURATIONS_ARTIFACT: label-configuration-files + CONFIGURATIONS_ARTIFACT_PREFIX: label-configuration-file- jobs: check: @@ -71,13 +71,13 @@ jobs: file-url: https://raw.githubusercontent.com/arduino/tooling-project-assets/main/workflow-templates/assets/sync-labels/${{ matrix.filename }} - name: Pass configuration files to next job via workflow artifact - uses: actions/upload-artifact@v3 + uses: actions/upload-artifact@v4 with: path: | *.yaml *.yml if-no-files-found: error - name: ${{ env.CONFIGURATIONS_ARTIFACT }} + name: ${{ env.CONFIGURATIONS_ARTIFACT_PREFIX }}${{ matrix.filename }} sync: needs: download @@ -108,16 +108,17 @@ jobs: - name: Checkout repository uses: actions/checkout@v4 - - name: Download configuration files artifact - uses: actions/download-artifact@v3 + - name: Download configuration file artifacts + uses: actions/download-artifact@v4 with: - name: ${{ env.CONFIGURATIONS_ARTIFACT }} + merge-multiple: true + pattern: ${{ env.CONFIGURATIONS_ARTIFACT_PREFIX }}* path: ${{ env.CONFIGURATIONS_FOLDER }} - - name: Remove unneeded artifact - uses: geekyeggo/delete-artifact@v2 + - name: Remove unneeded artifacts + uses: geekyeggo/delete-artifact@v5 with: - name: ${{ env.CONFIGURATIONS_ARTIFACT }} + name: ${{ env.CONFIGURATIONS_ARTIFACT_PREFIX }}* - name: Merge label configuration files run: |