-
-
Notifications
You must be signed in to change notification settings - Fork 44
151 lines (143 loc) · 5.55 KB
/
build-win.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
name: Java app image Windows
on:
release:
types: [published]
workflow_dispatch:
inputs:
sem-version:
description: 'Version'
required: false
permissions:
contents: write
packages: write
env:
JAVA_DIST: 'zulu'
JAVA_VERSION: '22.0.2+9'
defaults:
run:
shell: bash
jobs:
prepare:
name: Determines the versions strings for the binaries
runs-on: [ubuntu-latest]
outputs:
semVerStr: ${{ steps.determine-version.outputs.version }}
semVerNum: ${{steps.determine-number.outputs.number}}
steps:
- id: determine-version
shell: pwsh
run: |
if ( '${{github.event_name}}' -eq 'release') {
echo 'version=${{ github.event.release.tag_name}}' >> "$env:GITHUB_OUTPUT"
exit 0
} elseif ('${{inputs.sem-version}}') {
echo 'version=${{ inputs.sem-version}}' >> "$env:GITHUB_OUTPUT"
exit 0
}
Write-Error "Version neither via input nor by tag specified. Aborting"
exit 1
- id: determine-number
run: |
SEM_VER_NUM=$(echo "${{ steps.determine-version.outputs.version }}" | sed -E 's/([0-9]+\.[0-9]+\.[0-9]+).*/\1/')
echo "number=${SEM_VER_NUM}" >> "$GITHUB_OUTPUT"
build-binary:
name: Build java app image
needs: [prepare]
runs-on: windows-latest
env:
artifact-name: cryptomator-cli-${{ needs.prepare.outputs.semVerStr }}-win-x64.zip
steps:
- uses: actions/checkout@v4
- uses: actions/setup-java@v4
with:
java-version: ${{ env.JAVA_VERSION }}
distribution: ${{ env.JAVA_DIST }}
- name: Set version
run: mvn versions:set -DnewVersion=${{ needs.prepare.outputs.semVerStr }}
- name: Run maven
run: mvn -B clean package -DskipTests
- name: Patch target dir
run: |
cp LICENSE.txt target
cp target/cryptomator-*.jar target/mods
- name: Run jlink
run: |
envsubst < dist/jlink.args > target/jlink.args
"${JAVA_HOME}/bin/jlink" '@./target/jlink.args'
- name: Run jpackage
run: |
envsubst < dist/jpackage.args > target/jpackage.args
"${JAVA_HOME}/bin/jpackage" '@./target/jpackage.args' --win-console
env:
JP_APP_VERSION: ${{ needs.prepare.outputs.semVerNum }}
APP_VERSION: ${{ needs.prepare.outputs.semVerStr }}
NATIVE_ACCESS_PACKAGE: org.cryptomator.jfuse.win
- name: Fix permissions
run: attrib -r target/cryptomator-cli/cryptomator-cli.exe
shell: pwsh
- name: Extract jars with DLLs for Codesigning
shell: pwsh
run: |
Add-Type -AssemblyName "System.io.compression.filesystem"
$jarFolder = Resolve-Path ".\target\Cryptomator-cli\app\mods"
$jarExtractDir = New-Item -Path ".\target\jar-extract" -ItemType Directory
#for all jars inspect
Get-ChildItem -Path $jarFolder -Filter "*.jar" | ForEach-Object {
$jar = [Io.compression.zipfile]::OpenRead($_.FullName)
if (@($jar.Entries | Where-Object {$_.Name.ToString().EndsWith(".dll")} | Select-Object -First 1).Count -gt 0) {
#jars containing dlls extract
Set-Location $jarExtractDir
Expand-Archive -Path $_.FullName
}
$jar.Dispose()
}
- name: Codesign
uses: skymatic/code-sign-action@v3
with:
certificate: ${{ secrets.WIN_CODESIGN_P12_BASE64 }}
password: ${{ secrets.WIN_CODESIGN_P12_PW }}
certificatesha1: ${{ vars.WIN_CODESIGN_CERT_SHA1 }}
description: Cryptomator
timestampUrl: 'http://timestamp.digicert.com'
folder: target
recursive: true
- name: Replace DLLs inside jars with signed ones
shell: pwsh
run: |
$jarExtractDir = Resolve-Path ".\target\jar-extract"
$jarFolder = Resolve-Path ".\target\cryptomator-cli\app\mods"
Get-ChildItem -Path $jarExtractDir | ForEach-Object {
$jarName = $_.Name
$jarFile = "${jarFolder}\${jarName}.jar"
Set-Location $_
Get-ChildItem -Path $_ -Recurse -File "*.dll" | ForEach-Object {
# update jar with signed dll
jar --file="$jarFile" --update $(Resolve-Path -Relative -Path $_)
}
}
- name: Zip binary for release
shell: pwsh
run: Compress-Archive -Path .\target\cryptomator-cli -DestinationPath .\${{ env.artifact-name}}
- name: Create detached GPG signature with key 615D449FE6E6A235
run: |
echo "${GPG_PRIVATE_KEY}" | gpg --batch --quiet --import
echo "${GPG_PASSPHRASE}" | gpg --batch --quiet --passphrase-fd 0 --pinentry-mode loopback -u 615D449FE6E6A235 --detach-sign -a ./${{ env.artifact-name}}
env:
GPG_PRIVATE_KEY: ${{ secrets.RELEASES_GPG_PRIVATE_KEY }}
GPG_PASSPHRASE: ${{ secrets.RELEASES_GPG_PASSPHRASE }}
- uses: actions/upload-artifact@v4
with:
name: cryptomator-cli-win-x64
path: |
${{ env.artifact-name}}
*.asc
if-no-files-found: error
- name: Publish artefact on GitHub Releases
if: startsWith(github.ref, 'refs/tags/') && github.event.action == 'published'
uses: softprops/action-gh-release@v2
with:
fail_on_unmatched_files: true
token: ${{ secrets.CRYPTOBOT_RELEASE_TOKEN }}
files: |
${{ env.artifact-name}}
cryptomator-cli-*.asc