Add .desktop file keywords entries. #426
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: ci/gh-actions/guix | |
on: [push, pull_request] | |
jobs: | |
cache-sources: | |
runs-on: ubuntu-24.04 | |
steps: | |
- uses: actions/checkout@v4 | |
with: | |
fetch-depth: 0 | |
- name: depends sources cache | |
id: cache | |
uses: actions/cache@v4 | |
with: | |
path: contrib/depends/sources | |
key: sources-${{ hashFiles('contrib/depends/packages/*') }} | |
- name: download depends sources | |
if: steps.cache.outputs.cache-hit != 'true' | |
run: make -C contrib/depends download | |
build-guix: | |
runs-on: ubuntu-24.04 | |
needs: [cache-sources] | |
strategy: | |
fail-fast: false | |
matrix: | |
toolchain: | |
- target: "x86_64-linux-gnu" | |
- target: "x86_64-linux-gnu.no-tor-bundle" | |
- target: "x86_64-linux-gnu.pack" | |
- target: "aarch64-linux-gnu" | |
- target: "arm-linux-gnueabihf" | |
- target: "riscv64-linux-gnu" | |
- target: "x86_64-w64-mingw32" | |
- target: "x86_64-w64-mingw32.installer" | |
- target: "x86_64-apple-darwin" | |
- target: "arm64-apple-darwin" | |
outputs: | |
WIN_INSTALLER_ARTIFACT_ID: ${{ steps.win-installer.outputs.WIN_INSTALLER_ARTIFACT_ID }} | |
WIN_EXECUTABLE_ARTIFACT_ID: ${{ steps.win-executable.outputs.WIN_EXECUTABLE_ARTIFACT_ID }} | |
name: ${{ matrix.toolchain.target }} | |
steps: | |
- uses: actions/checkout@v4 | |
with: | |
fetch-depth: 0 | |
ref: ${{ github.ref }} | |
submodules: recursive | |
# https://github.com/actions/checkout/issues/1467 | |
- name: git fetch tags | |
run: git fetch --tags | |
- name: remove bundled packages | |
run: sudo rm -rf /usr/local | |
- name: depends sources cache | |
uses: actions/cache/restore@v4 | |
with: | |
path: contrib/depends/sources | |
key: sources-${{ hashFiles('contrib/depends/packages/*') }} | |
- name: install dependencies | |
run: sudo apt update; sudo apt -y install guix git ca-certificates apparmor-utils osslsigncode | |
- name: fix apparmor | |
run: sudo cp .github/workflows/guix /etc/apparmor.d/guix; sudo /etc/init.d/apparmor reload; sudo aa-enforce guix || echo "failed" | |
- name: purge apparmor | |
run: sudo apt purge apparmor | |
- name: build | |
run: SUBSTITUTE_URLS='http://bordeaux.guix.gnu.org' HOSTS="${{ matrix.toolchain.target }}" ./contrib/guix/guix-build | |
- name: virustotal scan | |
env: | |
VT_API_KEY: ${{ secrets.VT_API_KEY }} | |
if: ${{ matrix.toolchain.target == 'x86_64-w64-mingw32' && env.VT_API_KEY != '' }} | |
uses: crazy-max/ghaction-virustotal@v4 | |
with: | |
vt_api_key: ${{ secrets.VT_API_KEY }} | |
files: | | |
guix/guix-build-*/build/distsrc-*/build/bin/feather.exe | |
- uses: actions/upload-artifact@v4 | |
id: upload-artifact | |
with: | |
name: ${{ matrix.toolchain.target }} | |
path: | | |
guix/guix-build-*/output/${{ matrix.toolchain.target }}/* | |
guix/guix-build-*/logs/${{ matrix.toolchain.target }}/* | |
- if: ${{ matrix.toolchain.target == 'x86_64-w64-mingw32.installer' }} | |
id: win-installer | |
run: echo "WIN_INSTALLER_ARTIFACT_ID=${{ steps.upload-artifact.outputs.artifact-id }}" >> "$GITHUB_OUTPUT" | |
- if: ${{ matrix.toolchain.target == 'x86_64-w64-mingw32' }} | |
id: win-executable | |
run: echo "WIN_EXECUTABLE_ARTIFACT_ID=${{ steps.upload-artifact.outputs.artifact-id }}" >> "$GITHUB_OUTPUT" | |
bundle-logs: | |
runs-on: ubuntu-24.04 | |
needs: [build-guix] | |
steps: | |
- uses: actions/download-artifact@v4 | |
with: | |
merge-multiple: true | |
- name: print hashes | |
run: | | |
echo '```' >> $GITHUB_STEP_SUMMARY | |
uname --machine && find **/output/ -type f -print0 | env LC_ALL=C sort -z | xargs -r0 sha256sum >> $GITHUB_STEP_SUMMARY | |
echo '```' >> $GITHUB_STEP_SUMMARY | |
- uses: actions/upload-artifact@v4 | |
with: | |
name: "logs" | |
path: '**/logs/**' | |
- uses: ncipollo/release-action@v1 | |
if: startsWith(github.ref, 'refs/tags/') | |
with: | |
artifacts: "**/*.AppImage,**/*-linux-arm.zip,**/*-linux-arm64.zip,**/*-linux-riscv64.zip,**/*-linux.zip,**/*-mac-arm64.zip,**/*-mac.zip,**/*-win.zip,**/FeatherWalletSetup-*.exe,**/feather-${{github.ref_name}}.tar.gz" | |
draft: true | |
name: v${{github.ref_name}} | |
codesigning: | |
runs-on: ubuntu-24.04 | |
needs: [build-guix, bundle-logs] | |
if: startsWith(github.ref, 'refs/tags/') | |
strategy: | |
fail-fast: false | |
matrix: | |
toolchain: | |
- target: "x86_64-w64-mingw32" | |
- target: "x86_64-w64-mingw32.installer" | |
steps: | |
- name: install dependencies | |
run: sudo apt update; sudo apt -y install osslsigncode | |
- name: "set artifact id" | |
run: | | |
if [ "${{ matrix.toolchain.target }}" == "x86_64-w64-mingw32" ]; then | |
echo "ARTIFACT_ID=${{ needs.build-guix.outputs.WIN_EXECUTABLE_ARTIFACT_ID }}" >> $GITHUB_ENV | |
echo "ARTIFACT_SLUG=executable" >> $GITHUB_ENV | |
elif [ "${{ matrix.toolchain.target }}" == "x86_64-w64-mingw32.installer" ]; then | |
echo "ARTIFACT_ID=${{ needs.build-guix.outputs.WIN_INSTALLER_ARTIFACT_ID }}" >> $GITHUB_ENV | |
echo "ARTIFACT_SLUG=installer" >> $GITHUB_ENV | |
fi | |
- uses: signpath/github-action-submit-signing-request@v1 | |
name: "request signature" | |
with: | |
api-token: '${{ secrets.SIGNPATH_API_KEY }}' | |
organization-id: 'd3e94749-9c69-44e9-82de-c65cb3832869' | |
project-slug: 'feather' | |
signing-policy-slug: 'release-signing' | |
artifact-configuration-slug: ${{ env.ARTIFACT_SLUG }} | |
github-artifact-id: ${{ env.ARTIFACT_ID }} | |
wait-for-completion: true | |
output-artifact-directory: codesigning/ | |
- name: "extract signature" | |
run: osslsigncode extract-signature -in codesigning/guix-build-*/output/${{ matrix.toolchain.target }}/*-unsigned.exe -out codesigning/${{ matrix.toolchain.target }}-${{github.ref_name}}.pem | |
- uses: actions/upload-artifact@v4 | |
name: "upload signature" | |
with: | |
name: ${{ matrix.toolchain.target }}.pem | |
path: | | |
codesigning/${{ matrix.toolchain.target }}-${{github.ref_name}}.pem |