diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml new file mode 100644 index 000000000..520ff33fe --- /dev/null +++ b/.github/workflows/build.yml @@ -0,0 +1,276 @@ +name: Build Windows + +on: + push: + branches: atavism/ci-updates + workflow_call: + inputs: + version: + type: string + required: true + prefix: + type: string + required: true + build-suffix: # "64" or "" + type: string + required: false + dist-suffix: # "64-bit" or "32-bit" + type: string + required: true + update-suffix: # "x64" or "386" + type: string + required: true + arch: + type: string + required: true + installer-suffix: # "-x64" or "" + type: string + required: false + xcode_version: + type: string + required: true + +env: + GOPRIVATE: github.com/getlantern + S3_BUCKET: lantern +jobs: + build: + permissions: + contents: "read" + id-token: "write" + env: + version: ${{ inputs.version }} + prefix: ${{ inputs.prefix }} + strategy: + matrix: + include: + - os: macos-latest + platform: macos + - os: windows-latest + platform: windows + - os: ubuntu-latest + platform: android + - os: ubuntu-latest + platform: linux + #- os: macos-latest + # platform: macos + runs-on: ${{ matrix.os }} + steps: + - uses: actions/checkout@v4 + with: + lfs: true + + - name: Setup Go + uses: actions/setup-go@v5 + with: + go-version-file: "go.mod" + + - name: Install WebView2 Runtime + if: ${{ matrix.platform }} == 'windows' + shell: pwsh + run: | + Invoke-WebRequest -Uri "https://go.microsoft.com/fwlink/p/?LinkId=2124703" -OutFile "MicrosoftEdgeWebView2Setup.exe" + Start-Process -FilePath ".\MicrosoftEdgeWebView2Setup.exe" -ArgumentList "/silent", "/install" -Wait + + - name: Set up MinGW + if: ${{ matrix.platform }} == 'windows' + run: choco install mingw -y + + - name: Install dependencies + if: ${{ matrix.platform }} == 'linux' + run: | + sudo apt-get update + sudo apt-get install -y file build-essential pkg-config + sudo apt-get install -y libwebkit2gtk-4.1-dev + sudo apt-get install -y libunwind-dev libstdc++-12-dev libgstreamer1.0-dev libgstreamer-plugins-base1.0-d cmake + sudo apt-get install -y libgtk-3-0 libblkid1 liblzma5 + sudo apt-get install -y libpcap-dev libgtk-3-dev libayatana-appindicator3-dev ruby ruby-dev && sudo gem install bundler -v 2.2.26 + + - name: Setup Xcode + uses: maxim-lobanov/setup-xcode@v1 + with: + xcode-version: ${{ inputs.xcode_version }} + + - name: Install Flutter + uses: subosito/flutter-action@v2 + with: + channel: "stable" + + - run: flutter --version + + - name: Setup JDK + if: ${{ matrix.platform }} == 'android' + uses: actions/setup-java@v4 + with: + distribution: temurin + java-version: 17 + cache: 'gradle' + + - name: Set gradle properties + if: ${{ matrix.platform }} == 'android' + env: + GRADLE_PROPERTIES: ${{ secrets.GRADLE_PROPERTIES }} + run: | + mkdir -p ~/.gradle/ + echo "GRADLE_USER_HOME=${HOME}/.gradle" >> $GITHUB_ENV + echo "${GRADLE_PROPERTIES}" > ~/.gradle/gradle.properties + + - name: Decode Keystore + id: write_file + if: ${{ matrix.platform }} == 'android' + uses: timheuer/base64-to-file@v1.2 + with: + fileName: 'keystore.release.jks' + fileDir: './android/app' + encodedString: ${{ secrets.KEYSTORE }} + + - name: Generate app.env + env: + ANDROID_INTERSTITIAL_AD_ID: ${{ secrets.INTERSTITIAL_AD_UNIT_ID }} + IOS_INTERSTITIAL_AD_ID: ${{ secrets.INTERSTITIAL_AD_UNIT_ID_IOS }} + TAPSELL_VIDEO_INTERSTITIAL_ZONE_ID: ${{ secrets.TAPSELL_VIDEO_INTERSTITIAL_ZONE_ID }} + TAPSELL_INTERSTITIAL_ZONE_ID: ${{ secrets.TAPSELL_INTERSTITIAL_ZONE_ID }} + run: | + touch app.env + echo "Android_interstitialAd=$ANDROID_INTERSTITIAL_AD_ID" > app.env + echo "IOS_interstitialAd=$IOS_INTERSTITIAL_AD_ID" >> app.env + echo "VideoInterstitialZoneId=$TAPSELL_VIDEO_INTERSTITIAL_ZONE_ID" >> app.env + echo "InterstitialZoneId=$TAPSELL_INTERSTITIAL_ZONE_ID" >> app.env + + - name: Setup protoc + uses: arduino/setup-protoc@v2 + with: + repo-token: ${{ secrets.GITHUB_TOKEN }} + + - name: Build Lantern Library + shell: bash + run: | + touch app.env + mkdir -p "build/windows/${{inputs.arch}}/runner/Release" + make ${{matrix.platform}} + + - name: Activate plugins + run: | + dart pub global activate protoc_plugin + dart pub global activate flutter_distributor + + - name: Sign liblantern.dll with Azure Code Signing + if: ${{ matrix.platform }} == 'windows' + uses: getlantern/trusted-signing-action@main + with: + azure-tenant-id: ${{ secrets.AZURE_TENANT_ID }} + azure-client-id: ${{ secrets.AZURE_CLIENT_ID }} + azure-client-secret: ${{ secrets.AZURE_CLIENT_SECRET }} + endpoint: https://wus2.codesigning.azure.net/ + code-signing-account-name: code-signing + certificate-profile-name: Lantern + files-folder: ${{ github.workspace }}\ + files-folder-filter: dll + file-digest: SHA256 + timestamp-rfc3161: http://timestamp.acs.microsoft.com + timestamp-digest: SHA256 + + - name: Move liblantern.dll to release directory + if: ${{ matrix.platform }} == 'windows' + shell: bash + run: | + mv liblantern.dll "build/windows/${{inputs.arch}}/runner/Release" + + - name: Extract app version from pubspec.yaml + id: extract_version + shell: bash + run: | + APP_VERSION=$(grep '^version:' pubspec.yaml | sed 's/version: //') + echo "APP_VERSION=$APP_VERSION" >> $GITHUB_ENV + + - name: Build Flutter app + run: | + New-Item -Path "./dist/${{ env.APP_VERSION }}" -ItemType Directory -Force + flutter_distributor package --platform windows --targets exe --skip-clean + env: + INTERSTITIAL_AD_UNIT: "${{ secrets.INTERSTITIAL_AD_UNIT_ID }}" + SENTRY_AUTH_TOKEN: "${{ secrets.SENTRY_AUTH_TOKEN }}" + VERSION: "${{ env.version }}" + + - name: Install darwin installer dependencies + if: ${{ matrix.platform }} == 'macos' + run: | + npm install -g appdmg + brew tap joshdk/tap + brew install joshdk/tap/retry + brew install imagemagick || true + + - name: Build darwin installer + if: ${{ matrix.platform }} == 'macos' + run: | + echo $MACOS_CERTIFICATE | base64 --decode > certificate.p12 + security create-keychain -p temporaty-password build.keychain + security default-keychain -s build.keychain + security unlock-keychain -p temporaty-password build.keychain + security import certificate.p12 -k build.keychain -P $MACOS_CERTIFICATE_PWD -T /usr/bin/codesign + security set-key-partition-list -S apple-tool:,apple:,codesign: -s -k temporaty-password build.keychain + make package-darwin + env: + VERSION: "${{ env.version }}" + MACOS_CERTIFICATE: ${{ secrets.MACOS_BNS_CERT }} + MACOS_CERTIFICATE_PWD: ${{ secrets.MACOS_BNS_CERT_PASS }} + + - name: Build installer + if: ${{ matrix.platform }} == 'linux' + run: | + cp liblantern.so "build/linux/${{inputs.dist-suffix}}/release/bundle" + make package-linux + mv dist/${{ env.APP_VERSION }}/lantern-${{ env.APP_VERSION }}-linux.deb lantern_${{inputs.version}}_x64.deb + mv dist/${{ env.APP_VERSION }}/lantern-${{ env.APP_VERSION }}-linux.rpm lantern_${{inputs.version}}_x64.rpm + + - name: Rename installer + if: ${{ matrix.platform }} == 'windows' + shell: bash + run: | + mv "dist/${{ env.APP_VERSION }}/lantern-${{ env.APP_VERSION }}-windows-setup.exe" lantern-installer${{inputs.installer-suffix}}.exe + + - name: Sign EXE with Azure Code Signing + if: ${{ matrix.platform }} == 'windows' + uses: getlantern/trusted-signing-action@main + with: + azure-tenant-id: ${{ secrets.AZURE_TENANT_ID }} + azure-client-id: ${{ secrets.AZURE_CLIENT_ID }} + azure-client-secret: ${{ secrets.AZURE_CLIENT_SECRET }} + endpoint: https://wus2.codesigning.azure.net/ + code-signing-account-name: code-signing + certificate-profile-name: Lantern + files-folder: ${{ github.workspace }}/ + files-folder-filter: exe,dll,msix + file-digest: SHA256 + timestamp-rfc3161: http://timestamp.acs.microsoft.com + timestamp-digest: SHA256 + + - uses: actions/upload-artifact@v4 + if: ${{ matrix.platform }} == 'android' + with: + name: android-apk-build + retention-days: 2 + path: | + lantern-installer.apk + + - name: Upload EXE artifact + uses: actions/upload-artifact@v4 + if: ${{ matrix.platform }} == 'windows' + with: + name: windows${{inputs.build-suffix}}-installer-signed + path: | + lantern-installer${{inputs.installer-suffix}}.exe + + - uses: actions/upload-artifact@v4 + if: ${{ matrix.platform }} == 'linux' + with: + name: linux-deb-build + path: | + lantern_${{inputs.version}}_x64.deb + + - uses: actions/upload-artifact@v4 + if: ${{ matrix.platform }} == 'linux' + with: + name: linux-rpm-build + path: | + lantern_${{inputs.version}}_x64.rpm