236 lines
6.7 KiB
YAML
236 lines
6.7 KiB
YAML
name: ci
|
|
|
|
on:
|
|
push:
|
|
branches:
|
|
- main
|
|
tags:
|
|
- "v*"
|
|
- "release-*"
|
|
- "[0-9]+.[0-9]+.[0-9]+*"
|
|
pull_request:
|
|
branches:
|
|
- main
|
|
|
|
permissions:
|
|
contents: write
|
|
|
|
env:
|
|
GO_VERSION: "1.26.1"
|
|
ANDROID_SDK_ROOT: /opt/android-sdk
|
|
ANDROID_NDK_ROOT: /opt/android-sdk/ndk
|
|
DIST_DIR: dist
|
|
|
|
jobs:
|
|
lint-test:
|
|
runs-on: keepassgo-android
|
|
steps:
|
|
- name: Checkout
|
|
uses: actions/checkout@v4
|
|
|
|
- name: Setup Go
|
|
uses: actions/setup-go@v5
|
|
with:
|
|
go-version: ${{ env.GO_VERSION }}
|
|
|
|
- name: Setup Java
|
|
uses: actions/setup-java@v4
|
|
with:
|
|
distribution: temurin
|
|
java-version: "25"
|
|
|
|
- name: Setup Node
|
|
uses: actions/setup-node@v4
|
|
with:
|
|
node-version: "22"
|
|
|
|
- name: Install native build dependencies
|
|
shell: bash
|
|
run: |
|
|
set -euo pipefail
|
|
export DEBIAN_FRONTEND=noninteractive
|
|
apt-get update
|
|
apt-get install -y --no-install-recommends \
|
|
zsh \
|
|
python3 \
|
|
pkg-config \
|
|
libx11-dev \
|
|
libx11-xcb-dev \
|
|
libxkbcommon-dev \
|
|
libxkbcommon-x11-dev \
|
|
libwayland-dev \
|
|
libvulkan-dev \
|
|
libegl1-mesa-dev \
|
|
libxcursor-dev \
|
|
libxfixes-dev
|
|
|
|
- name: Install web-ext
|
|
shell: bash
|
|
run: |
|
|
set -euo pipefail
|
|
npm install -g web-ext
|
|
|
|
- name: Lint
|
|
shell: bash
|
|
run: |
|
|
set -euo pipefail
|
|
state_dir="$(mktemp -d)"
|
|
trap 'rm -rf -- "$state_dir"' EXIT
|
|
KEEPASSGO_STATE_DIR="$state_dir" go tool golangci-lint run --build-tags nox11,nowayland,novulkan ./...
|
|
|
|
- name: Test
|
|
shell: bash
|
|
run: |
|
|
set -euo pipefail
|
|
state_dir="$(mktemp -d)"
|
|
trap 'rm -rf -- "$state_dir"' EXIT
|
|
KEEPASSGO_STATE_DIR="$state_dir" go test -tags nox11,nowayland,novulkan ./...
|
|
|
|
- name: Firefox extension lint
|
|
shell: bash
|
|
run: |
|
|
set -euo pipefail
|
|
make browser-extension-firefox-lint
|
|
|
|
build:
|
|
needs: lint-test
|
|
runs-on: keepassgo-android
|
|
steps:
|
|
- name: Checkout
|
|
uses: actions/checkout@v4
|
|
|
|
- name: Setup Go
|
|
uses: actions/setup-go@v5
|
|
with:
|
|
go-version: ${{ env.GO_VERSION }}
|
|
|
|
- name: Setup Java
|
|
uses: actions/setup-java@v4
|
|
with:
|
|
distribution: temurin
|
|
java-version: "25"
|
|
|
|
- name: Setup Node
|
|
uses: actions/setup-node@v4
|
|
with:
|
|
node-version: "22"
|
|
|
|
- name: Install native build dependencies
|
|
shell: bash
|
|
run: |
|
|
set -euo pipefail
|
|
export DEBIAN_FRONTEND=noninteractive
|
|
apt-get update
|
|
apt-get install -y --no-install-recommends \
|
|
zsh \
|
|
python3 \
|
|
pkg-config \
|
|
libx11-dev \
|
|
libx11-xcb-dev \
|
|
libxkbcommon-dev \
|
|
libxkbcommon-x11-dev \
|
|
libwayland-dev \
|
|
libvulkan-dev \
|
|
libegl1-mesa-dev \
|
|
libxcursor-dev \
|
|
libxfixes-dev
|
|
|
|
- name: Install web-ext
|
|
shell: bash
|
|
run: |
|
|
set -euo pipefail
|
|
npm install -g web-ext
|
|
|
|
- name: Prepare dist directory
|
|
shell: bash
|
|
run: |
|
|
set -euo pipefail
|
|
mkdir -p "${DIST_DIR}"
|
|
|
|
- name: Build desktop binaries
|
|
shell: bash
|
|
run: |
|
|
set -euo pipefail
|
|
app_version="$(git describe --tags --always --dirty)"
|
|
# Gio needs a Linux ARM64 cgo cross-toolchain for desktop builds.
|
|
# Keep the CI matrix to targets this runner can build reproducibly.
|
|
for target in \
|
|
"linux amd64" \
|
|
"windows amd64" \
|
|
"windows arm64"
|
|
do
|
|
set -- ${target}
|
|
goos="$1"
|
|
goarch="$2"
|
|
ext=""
|
|
cgo_enabled=0
|
|
if [[ "${goos}" == "linux" ]]; then
|
|
cgo_enabled=1
|
|
fi
|
|
if [[ "${goos}" == "windows" ]]; then
|
|
ext=".exe"
|
|
fi
|
|
out="${DIST_DIR}/keepassgo-${goos}-${goarch}${ext}"
|
|
GOOS="${goos}" GOARCH="${goarch}" CGO_ENABLED="${cgo_enabled}" \
|
|
go build -ldflags "-X git.julianfamily.org/keepassgo.appVersion=${app_version}" -o "${out}" ./cmd/keepassgo
|
|
done
|
|
|
|
- name: Build APK
|
|
shell: bash
|
|
run: |
|
|
set -euo pipefail
|
|
mkdir -p build/ci-signing
|
|
signkey_path="$(pwd)/build/ci-signing/android-release.keystore"
|
|
signpass_path="$(pwd)/build/ci-signing/android-release.pass"
|
|
trap 'rm -f -- "$signkey_path" "$signpass_path"' EXIT
|
|
printf '%s' '${{ secrets.APK_SIGNKEY_B64 }}' | base64 -d > "$signkey_path"
|
|
printf '%s' '${{ secrets.APK_SIGNPASS }}' > "$signpass_path"
|
|
export APP_VERSION="$(git describe --tags --always --dirty)"
|
|
make apk-release RELEASE_SIGNKEY="$signkey_path" RELEASE_SIGNPASS_FILE="$signpass_path"
|
|
cp build/keepassgo.apk "${DIST_DIR}/keepassgo.apk"
|
|
|
|
- name: Build Firefox extension
|
|
shell: bash
|
|
run: |
|
|
set -euo pipefail
|
|
make browser-extension-firefox-build
|
|
cp build/browser-extension/*.zip "${DIST_DIR}/"
|
|
|
|
- name: Upload CI artifacts
|
|
uses: christopherhx/gitea-upload-artifact@v4
|
|
env:
|
|
NODE_OPTIONS: --use-system-ca
|
|
SSL_CERT_FILE: /etc/ssl/certs/ca-certificates.crt
|
|
with:
|
|
name: keepassgo-${{ gitea.sha }}
|
|
path: |
|
|
dist/keepassgo-linux-amd64
|
|
dist/keepassgo-windows-amd64.exe
|
|
dist/keepassgo-windows-arm64.exe
|
|
dist/keepassgo.apk
|
|
dist/*.zip
|
|
retention-days: 30
|
|
|
|
- name: Publish release artifacts
|
|
if: startsWith(gitea.ref, 'refs/tags/')
|
|
env:
|
|
GITEA_TOKEN: ${{ secrets.GITEA_TOKEN }}
|
|
GITEA_SERVER_URL: ${{ gitea.server_url }}
|
|
GITEA_REPOSITORY: ${{ gitea.repository }}
|
|
GITEA_REF_NAME: ${{ gitea.ref_name }}
|
|
SSL_CERT_FILE: /etc/ssl/certs/ca-certificates.crt
|
|
REQUESTS_CA_BUNDLE: /etc/ssl/certs/ca-certificates.crt
|
|
shell: bash
|
|
run: |
|
|
set -euo pipefail
|
|
python3 scripts/gitea_release.py \
|
|
--server "${GITEA_SERVER_URL}" \
|
|
--repo "${GITEA_REPOSITORY}" \
|
|
--token "${GITEA_TOKEN}" \
|
|
--tag "${GITEA_REF_NAME}" \
|
|
"${DIST_DIR}/keepassgo-linux-amd64" \
|
|
"${DIST_DIR}/keepassgo-windows-amd64.exe" \
|
|
"${DIST_DIR}/keepassgo-windows-arm64.exe" \
|
|
"${DIST_DIR}/keepassgo.apk" \
|
|
"${DIST_DIR}"/*.zip
|