mirror of
https://github.com/Cockatrice/Cockatrice.git
synced 2025-12-05 20:39:59 -08:00
518 lines
18 KiB
YAML
518 lines
18 KiB
YAML
name: Build Desktop
|
|
|
|
permissions:
|
|
contents: write
|
|
id-token: write
|
|
attestations: write
|
|
|
|
on:
|
|
push:
|
|
branches:
|
|
- master
|
|
paths:
|
|
- '*/**' # matches all files not in root
|
|
- '!**.md'
|
|
- '!.github/**'
|
|
- '!.husky/**'
|
|
- '!.tx/**'
|
|
- '!doc/**'
|
|
- '!webclient/**'
|
|
- '.github/workflows/desktop-build.yml'
|
|
- 'CMakeLists.txt'
|
|
- 'vcpkg.json'
|
|
- 'vcpkg'
|
|
tags:
|
|
- '*'
|
|
pull_request:
|
|
paths:
|
|
- '*/**' # matches all files not in root
|
|
- '!**.md'
|
|
- '!.github/**'
|
|
- '!.husky/**'
|
|
- '!.tx/**'
|
|
- '!doc/**'
|
|
- '!webclient/**'
|
|
- '.github/workflows/desktop-build.yml'
|
|
- 'CMakeLists.txt'
|
|
- 'vcpkg.json'
|
|
- 'vcpkg'
|
|
|
|
# Cancel earlier, unfinished runs of this workflow on the same branch (unless on master)
|
|
concurrency:
|
|
group: "${{ github.workflow }} @ ${{ github.ref_name }}"
|
|
cancel-in-progress: ${{ github.ref_name != 'master' }}
|
|
|
|
jobs:
|
|
configure:
|
|
name: Configure
|
|
runs-on: ubuntu-latest
|
|
outputs:
|
|
tag: ${{steps.configure.outputs.tag}}
|
|
sha: ${{steps.configure.outputs.sha}}
|
|
|
|
steps:
|
|
- name: Configure
|
|
id: configure
|
|
shell: bash
|
|
run: |
|
|
tag_regex='^refs/tags/'
|
|
if [[ $GITHUB_EVENT_NAME == pull-request ]]; then # pull request
|
|
sha="${{github.event.pull_request.head.sha}}"
|
|
elif [[ $GITHUB_REF =~ $tag_regex ]]; then # release
|
|
sha="$GITHUB_SHA"
|
|
tag="${GITHUB_REF/refs\/tags\//}"
|
|
echo "tag=$tag" >>"$GITHUB_OUTPUT"
|
|
else # push to branch
|
|
sha="$GITHUB_SHA"
|
|
fi
|
|
echo "sha=$sha" >>"$GITHUB_OUTPUT"
|
|
|
|
- name: Checkout
|
|
if: steps.configure.outputs.tag != null
|
|
uses: actions/checkout@v5
|
|
with:
|
|
fetch-depth: 0
|
|
|
|
- name: Prepare release parameters
|
|
id: prepare
|
|
if: steps.configure.outputs.tag != null
|
|
shell: bash
|
|
env:
|
|
TAG: ${{steps.configure.outputs.tag}}
|
|
run: .ci/prep_release.sh
|
|
|
|
- name: Create release
|
|
if: steps.configure.outputs.tag != null
|
|
id: create_release
|
|
shell: bash
|
|
env:
|
|
GH_TOKEN: ${{github.token}}
|
|
tag_name: ${{steps.configure.outputs.tag}}
|
|
target: ${{steps.configure.outputs.sha}}
|
|
release_name: ${{steps.prepare.outputs.title}}
|
|
body_path: ${{steps.prepare.outputs.body_path}}
|
|
prerelease: ${{steps.prepare.outputs.is_beta}}
|
|
run: |
|
|
if [[ $prerelease == yes ]]; then
|
|
args="--prerelease"
|
|
fi
|
|
gh release create "$tag_name" --draft --verify-tag $args \
|
|
--target "$target" --title "$release_name" \
|
|
--notes-file "$body_path"
|
|
|
|
build-linux:
|
|
strategy:
|
|
fail-fast: false
|
|
matrix:
|
|
# These names correspond to the files in ".ci/$distro$version"
|
|
include:
|
|
- distro: Arch
|
|
package: skip # We are packaged in Arch already
|
|
allow-failure: yes
|
|
|
|
- distro: Debian
|
|
version: 11
|
|
package: DEB
|
|
test: skip # Running tests on all distros is superfluous
|
|
|
|
- distro: Debian
|
|
version: 12
|
|
package: DEB
|
|
test: skip # Running tests on all distros is superfluous
|
|
|
|
- distro: Debian
|
|
version: 13
|
|
package: DEB
|
|
|
|
- distro: Fedora
|
|
version: 41
|
|
package: RPM
|
|
test: skip # Running tests on all distros is superfluous
|
|
|
|
- distro: Fedora
|
|
version: 42
|
|
package: RPM
|
|
|
|
- distro: Ubuntu
|
|
version: 22.04
|
|
package: DEB
|
|
test: skip # Running tests on all distros is superfluous
|
|
|
|
- distro: Ubuntu
|
|
version: 24.04
|
|
package: DEB
|
|
|
|
name: ${{matrix.distro}} ${{matrix.version}}
|
|
needs: configure
|
|
runs-on: ubuntu-latest
|
|
continue-on-error: ${{matrix.allow-failure == 'yes'}}
|
|
env:
|
|
NAME: ${{matrix.distro}}${{matrix.version}}
|
|
CACHE: ${{github.workspace}}/.cache/${{matrix.distro}}${{matrix.version}} # directory for caching docker image and ccache
|
|
# Cache size over the entire repo is 10Gi:
|
|
# https://docs.github.com/en/actions/using-workflows/caching-dependencies-to-speed-up-workflows#usage-limits-and-eviction-policy
|
|
CCACHE_SIZE: 500M
|
|
CMAKE_GENERATOR: 'Ninja'
|
|
|
|
steps:
|
|
- name: Checkout
|
|
uses: actions/checkout@v5
|
|
|
|
- name: Restore compiler cache (ccache)
|
|
id: ccache_restore
|
|
uses: actions/cache/restore@v4
|
|
env:
|
|
BRANCH_NAME: ${{ github.head_ref || github.ref_name }}
|
|
with:
|
|
path: ${{env.CACHE}}
|
|
key: ccache-${{matrix.distro}}${{matrix.version}}-${{env.BRANCH_NAME}}
|
|
restore-keys: ccache-${{matrix.distro}}${{matrix.version}}-
|
|
|
|
- name: Build ${{matrix.distro}} ${{matrix.version}} Docker image
|
|
shell: bash
|
|
run: source .ci/docker.sh --build
|
|
|
|
- name: Build debug and test
|
|
if: matrix.test != 'skip'
|
|
shell: bash
|
|
env:
|
|
CMAKE_GENERATOR: '${{env.CMAKE_GENERATOR}}'
|
|
run: |
|
|
source .ci/docker.sh
|
|
RUN --server --debug --test --ccache "$CCACHE_SIZE"
|
|
|
|
- name: Build release package
|
|
id: build
|
|
if: matrix.package != 'skip'
|
|
shell: bash
|
|
env:
|
|
BUILD_DIR: build
|
|
SUFFIX: '-${{matrix.distro}}${{matrix.version}}'
|
|
package: '${{matrix.package}}'
|
|
CMAKE_GENERATOR: '${{env.CMAKE_GENERATOR}}'
|
|
run: |
|
|
source .ci/docker.sh
|
|
RUN --server --release --package "$package" --dir "$BUILD_DIR" \
|
|
--ccache "$CCACHE_SIZE"
|
|
.ci/name_build.sh
|
|
|
|
- name: Save compiler cache (ccache)
|
|
if: github.ref == 'refs/heads/master'
|
|
uses: actions/cache/save@v4
|
|
with:
|
|
path: ${{env.CACHE}}
|
|
key: ${{ steps.ccache_restore.outputs.cache-primary-key }}
|
|
|
|
- name: Upload artifact
|
|
id: upload_artifact
|
|
if: matrix.package != 'skip'
|
|
uses: actions/upload-artifact@v4
|
|
with:
|
|
name: ${{matrix.distro}}${{matrix.version}}-package
|
|
path: ${{steps.build.outputs.path}}
|
|
if-no-files-found: error
|
|
|
|
- name: Upload to release
|
|
id: upload_release
|
|
if: matrix.package != 'skip' && needs.configure.outputs.tag != null
|
|
shell: bash
|
|
env:
|
|
GH_TOKEN: ${{github.token}}
|
|
tag_name: ${{needs.configure.outputs.tag}}
|
|
asset_path: ${{steps.build.outputs.path}}
|
|
asset_name: ${{steps.build.outputs.name}}
|
|
run: gh release upload "$tag_name" "$asset_path#$asset_name"
|
|
|
|
- name: Attest binary provenance
|
|
id: attestation
|
|
if: steps.upload_release.outcome == 'success'
|
|
uses: actions/attest-build-provenance@v3
|
|
with:
|
|
subject-name: ${{steps.build.outputs.name}}
|
|
subject-digest: sha256:${{ steps.upload_artifact.outputs.artifact-digest }}
|
|
|
|
- name: Verify binary attestation
|
|
if: steps.attestation.outcome == 'success'
|
|
shell: bash
|
|
env:
|
|
GH_TOKEN: ${{github.token}}
|
|
run: gh attestation verify ${{steps.build.outputs.path}} -R Cockatrice/Cockatrice
|
|
|
|
build-macos:
|
|
strategy:
|
|
fail-fast: false
|
|
matrix:
|
|
include:
|
|
- target: 13
|
|
soc: Intel
|
|
os: macos-13
|
|
xcode: "14.3.1"
|
|
type: Release
|
|
make_package: 1
|
|
|
|
- target: 14
|
|
soc: Apple
|
|
os: macos-14
|
|
xcode: "15.4"
|
|
type: Release
|
|
make_package: 1
|
|
|
|
- target: 15
|
|
soc: Apple
|
|
os: macos-15
|
|
xcode: "16.2"
|
|
type: Release
|
|
make_package: 1
|
|
|
|
- target: 15
|
|
soc: Apple
|
|
os: macos-15
|
|
xcode: "16.2"
|
|
type: Debug
|
|
|
|
name: macOS ${{matrix.target}}${{ matrix.soc == 'Intel' && ' Intel' || '' }}${{ matrix.type == 'Debug' && ' Debug' || '' }}
|
|
needs: configure
|
|
runs-on: ${{matrix.os}}
|
|
continue-on-error: ${{matrix.allow-failure == 'yes'}}
|
|
env:
|
|
# Common parameters for all macOS builds
|
|
QT_VERSION: 6.6.*
|
|
QT_ARCH: clang_64
|
|
QT_MODULES: "qtimageformats qtmultimedia qtwebsockets"
|
|
# Build-specific environment variables
|
|
CCACHE_DIR: ${{github.workspace}}/.ccache/${{matrix.os}}-${{matrix.type}}
|
|
CCACHE_SIZE: 500M
|
|
DEVELOPER_DIR:
|
|
/Applications/Xcode_${{matrix.xcode}}.app/Contents/Developer
|
|
CMAKE_GENERATOR: 'Ninja'
|
|
|
|
steps:
|
|
- name: Checkout
|
|
uses: actions/checkout@v5
|
|
with:
|
|
submodules: recursive
|
|
|
|
# Using jianmingyong/ccache-action to setup ccache without using brew
|
|
# It tries to download a binary of ccache from GitHub Release and falls back to building from source if it fails
|
|
- name: Setup ccache
|
|
uses: jianmingyong/ccache-action@v1
|
|
with:
|
|
install-type: "binary"
|
|
ccache-key-prefix: ccache-${{matrix.os}}-${{matrix.soc}}-${{matrix.type}}
|
|
gh-token: ${{ secrets.GITHUB_TOKEN }}
|
|
|
|
# Using jurplel/install-qt-action to install Qt without using brew
|
|
# qt build using vcpkg either just fails or takes too long to build
|
|
- name: Install Qt ${{env.QT_VERSION}}
|
|
uses: jurplel/install-qt-action@v4
|
|
with:
|
|
cache: false # qt caches take too much space for macOS (1.1Gi)
|
|
version: ${{env.QT_VERSION}}
|
|
arch: ${{env.QT_ARCH}}
|
|
modules: ${{env.QT_MODULES}}
|
|
|
|
- name: Setup vcpkg cache
|
|
id: vcpkg-cache
|
|
uses: TAServers/vcpkg-cache@v3
|
|
with:
|
|
token: ${{ secrets.GITHUB_TOKEN }}
|
|
|
|
- name: Build on Xcode ${{matrix.xcode}}
|
|
shell: bash
|
|
id: build
|
|
env:
|
|
BUILDTYPE: '${{matrix.type}}'
|
|
MAKE_PACKAGE: '${{matrix.make_package}}'
|
|
PACKAGE_SUFFIX: '-macOS${{matrix.target}}_${{matrix.soc}}'
|
|
MACOS_CERTIFICATE: ${{ secrets.PROD_MACOS_CERTIFICATE }}
|
|
MACOS_CERTIFICATE_PWD: ${{ secrets.PROD_MACOS_CERTIFICATE_PWD }}
|
|
MACOS_CERTIFICATE_NAME: ${{ secrets.PROD_MACOS_CERTIFICATE_NAME }}
|
|
MACOS_CI_KEYCHAIN_PWD: ${{ secrets.PROD_MACOS_CI_KEYCHAIN_PWD }}
|
|
CMAKE_GENERATOR: '${{env.CMAKE_GENERATOR}}'
|
|
VCPKG_DISABLE_METRICS: 1
|
|
VCPKG_BINARY_SOURCES: 'clear;files,${{ steps.vcpkg-cache.outputs.path }},readwrite'
|
|
run: .ci/compile.sh --server --test --ccache "$CCACHE_SIZE" --vcpkg
|
|
|
|
- name: Sign app bundle
|
|
if: matrix.make_package && (github.ref == 'refs/heads/master' || needs.configure.outputs.tag != null)
|
|
env:
|
|
MACOS_CERTIFICATE_NAME: ${{ secrets.PROD_MACOS_CERTIFICATE_NAME }}
|
|
MACOS_CI_KEYCHAIN_PWD: ${{ secrets.PROD_MACOS_CI_KEYCHAIN_PWD }}
|
|
run: |
|
|
if [[ -n "$MACOS_CERTIFICATE_NAME" ]]
|
|
then
|
|
security unlock-keychain -p "$MACOS_CI_KEYCHAIN_PWD" build.keychain
|
|
/usr/bin/codesign --sign="$MACOS_CERTIFICATE_NAME" --entitlements=".ci/macos.entitlements" --options=runtime --force --deep --timestamp --verbose ${{steps.build.outputs.path}}
|
|
fi
|
|
|
|
- name: Notarize app bundle
|
|
if: matrix.make_package && (github.ref == 'refs/heads/master' || needs.configure.outputs.tag != null)
|
|
env:
|
|
MACOS_NOTARIZATION_APPLE_ID: ${{ secrets.PROD_MACOS_NOTARIZATION_APPLE_ID }}
|
|
MACOS_NOTARIZATION_TEAM_ID: ${{ secrets.PROD_MACOS_NOTARIZATION_TEAM_ID }}
|
|
MACOS_NOTARIZATION_PWD: ${{ secrets.PROD_MACOS_NOTARIZATION_PWD }}
|
|
run: |
|
|
if [[ -n "$MACOS_NOTARIZATION_APPLE_ID" ]]
|
|
then
|
|
# Store the notarization credentials so that we can prevent a UI password dialog from blocking the CI
|
|
echo "Create keychain profile"
|
|
xcrun notarytool store-credentials "notarytool-profile" --apple-id "$MACOS_NOTARIZATION_APPLE_ID" --team-id "$MACOS_NOTARIZATION_TEAM_ID" --password "$MACOS_NOTARIZATION_PWD"
|
|
|
|
# We can't notarize an app bundle directly, but we need to compress it as an archive.
|
|
# Therefore, we create a zip file containing our app bundle, so that we can send it to the
|
|
# notarization service
|
|
echo "Creating temp notarization archive"
|
|
ditto -c -k --keepParent ${{steps.build.outputs.path}} "notarization.zip"
|
|
|
|
# Here we send the notarization request to the Apple's Notarization service, waiting for the result.
|
|
# This typically takes a few seconds inside a CI environment, but it might take more depending on the App
|
|
# characteristics. Visit the Notarization docs for more information and strategies on how to optimize it if
|
|
# you're curious
|
|
echo "Notarize app"
|
|
xcrun notarytool submit "notarization.zip" --keychain-profile "notarytool-profile" --wait
|
|
|
|
# Finally, we need to "attach the staple" to our executable, which will allow our app to be
|
|
# validated by macOS even when an internet connection is not available.
|
|
echo "Attach staple"
|
|
xcrun stapler staple ${{steps.build.outputs.path}}
|
|
fi
|
|
|
|
- name: Upload artifact
|
|
id: upload_artifact
|
|
if: matrix.make_package
|
|
uses: actions/upload-artifact@v4
|
|
with:
|
|
name: macOS${{matrix.target}}${{ matrix.soc == 'Intel' && '_Intel' || '' }}${{ matrix.type == 'Debug' && '_Debug' || '' }}-package
|
|
path: ${{steps.build.outputs.path}}
|
|
if-no-files-found: error
|
|
|
|
- name: Upload to release
|
|
id: upload_release
|
|
if: matrix.make_package && needs.configure.outputs.tag != null
|
|
shell: bash
|
|
env:
|
|
GH_TOKEN: ${{github.token}}
|
|
tag_name: ${{needs.configure.outputs.tag}}
|
|
asset_path: ${{steps.build.outputs.path}}
|
|
asset_name: ${{steps.build.outputs.name}}
|
|
run: gh release upload "$tag_name" "$asset_path#$asset_name"
|
|
|
|
- name: Attest binary provenance
|
|
id: attestation
|
|
if: steps.upload_release.outcome == 'success'
|
|
uses: actions/attest-build-provenance@v3
|
|
with:
|
|
subject-name: ${{steps.build.outputs.name}}
|
|
subject-digest: sha256:${{ steps.upload_artifact.outputs.artifact-digest }}
|
|
|
|
- name: Verify binary attestation
|
|
if: steps.attestation.outcome == 'success'
|
|
shell: bash
|
|
env:
|
|
GH_TOKEN: ${{github.token}}
|
|
run: gh attestation verify ${{steps.build.outputs.path}} -R Cockatrice/Cockatrice
|
|
|
|
build-windows:
|
|
strategy:
|
|
fail-fast: false
|
|
matrix:
|
|
include:
|
|
- target: 7
|
|
qt_version: 5.15.*
|
|
qt_arch: msvc2019_64
|
|
|
|
- target: 10
|
|
qt_version: 6.6.*
|
|
qt_arch: msvc2019_64
|
|
qt_modules: "qtimageformats qtmultimedia qtwebsockets"
|
|
|
|
name: Windows ${{matrix.target}}
|
|
needs: configure
|
|
runs-on: windows-2022
|
|
env:
|
|
CMAKE_GENERATOR: 'Visual Studio 17 2022'
|
|
|
|
steps:
|
|
- name: Add msbuild to PATH
|
|
id: add-msbuild
|
|
uses: microsoft/setup-msbuild@v2
|
|
with:
|
|
msbuild-architecture: x64
|
|
|
|
- name: Checkout
|
|
uses: actions/checkout@v5
|
|
with:
|
|
submodules: recursive
|
|
|
|
- name: Install Qt ${{matrix.qt_version}}
|
|
uses: jurplel/install-qt-action@v4
|
|
with:
|
|
cache: true
|
|
setup-python: true
|
|
version: ${{matrix.qt_version}}
|
|
arch: win64_${{matrix.qt_arch}}
|
|
modules: ${{matrix.qt_modules}}
|
|
|
|
- name: Setup vcpkg cache
|
|
id: vcpkg-cache
|
|
uses: TAServers/vcpkg-cache@v3
|
|
with:
|
|
token: ${{ secrets.GITHUB_TOKEN }}
|
|
|
|
- name: Build Cockatrice
|
|
id: build
|
|
shell: bash
|
|
env:
|
|
PACKAGE_SUFFIX: '-Win${{matrix.target}}'
|
|
CMAKE_GENERATOR: '${{env.CMAKE_GENERATOR}}'
|
|
CMAKE_GENERATOR_PLATFORM: 'x64'
|
|
QTDIR: '${{github.workspace}}\Qt\${{matrix.qt_version}}\win64_${{matrix.qt_arch}}'
|
|
VCPKG_DISABLE_METRICS: 1
|
|
VCPKG_BINARY_SOURCES: 'clear;files,${{ steps.vcpkg-cache.outputs.path }},readwrite'
|
|
# No need for --parallel flag, MTT is added in the compile script to let cmake/msbuild manage core count,
|
|
# project and process parallelism: https://devblogs.microsoft.com/cppblog/improved-parallelism-in-msbuild/
|
|
run: .ci/compile.sh --server --release --test --package
|
|
|
|
- name: Upload artifact
|
|
id: upload_artifact
|
|
uses: actions/upload-artifact@v4
|
|
with:
|
|
name: Windows${{matrix.target}}-installer
|
|
path: ${{steps.build.outputs.path}}
|
|
if-no-files-found: error
|
|
|
|
- name: Upload pdb database
|
|
uses: actions/upload-artifact@v4
|
|
with:
|
|
name: Windows${{matrix.target}}-debug-pdbs
|
|
path: |
|
|
build/cockatrice/Release/*.pdb
|
|
build/servatrice/Release/*.pdb
|
|
if-no-files-found: error
|
|
|
|
- name: Upload to release
|
|
id: upload_release
|
|
if: needs.configure.outputs.tag != null
|
|
shell: bash
|
|
env:
|
|
GH_TOKEN: ${{github.token}}
|
|
tag_name: ${{needs.configure.outputs.tag}}
|
|
asset_path: ${{steps.build.outputs.path}}
|
|
asset_name: ${{steps.build.outputs.name}}
|
|
run: gh release upload "$tag_name" "$asset_path#$asset_name"
|
|
|
|
- name: Attest binary provenance
|
|
id: attestation
|
|
if: steps.upload_release.outcome == 'success'
|
|
uses: actions/attest-build-provenance@v3
|
|
with:
|
|
subject-name: ${{steps.build.outputs.name}}
|
|
subject-digest: sha256:${{ steps.upload_artifact.outputs.artifact-digest }}
|
|
|
|
- name: Verify binary attestation
|
|
if: steps.attestation.outcome == 'success'
|
|
shell: bash
|
|
env:
|
|
GH_TOKEN: ${{github.token}}
|
|
run: gh attestation verify ${{steps.build.outputs.path}} -R Cockatrice/Cockatrice
|