diff --git a/.github/workflows/distro-build.yml b/.github/workflows/distro-build.yml new file mode 100644 index 00000000..b9a44e54 --- /dev/null +++ b/.github/workflows/distro-build.yml @@ -0,0 +1,209 @@ +name: Build Void + +on: + push: + branches: [ main, release/* ] + workflow_dispatch: + +jobs: + build-linux: + runs-on: ubuntu-latest + steps: + - name: Checkout + uses: actions/checkout@v3 + + - name: Setup Node.js + uses: actions/setup-node@v3 + with: + node-version-file: '.nvmrc' + + - name: Install dependencies + run: | + sudo apt-get update + sudo apt-get install -y pkg-config libx11-dev libxkbfile-dev libsecret-1-dev libkrb5-dev + npm ci + + - name: Build + run: | + npm run gulp vscode-linux-x64-min + + - name: Package + run: | + mkdir -p .build/linux/client + ARCHIVE_PATH=".build/linux/client/void-linux-x64.tar.gz" + tar -czf $ARCHIVE_PATH -C .. VSCode-linux-x64 + + - name: Upload artifacts + uses: actions/upload-artifact@v3 + with: + name: void-linux-x64 + path: .build/linux/client/void-linux-x64.tar.gz + + build-windows: + runs-on: windows-latest + steps: + - name: Checkout + uses: actions/checkout@v3 + + - name: Setup Node.js + uses: actions/setup-node@v3 + with: + node-version-file: '.nvmrc' + + - name: Install dependencies + run: npm ci + + - name: Build + run: npm run gulp vscode-win32-x64-min + + - name: Package + run: | + mkdir -p .build/win32-x64 + Compress-Archive -Path ..\VSCode-win32-x64\* -DestinationPath .build\win32-x64\void-win32-x64.zip + shell: pwsh + + - name: Upload artifacts + uses: actions/upload-artifact@v3 + with: + name: void-win32-x64 + path: .build/win32-x64/void-win32-x64.zip + + build-macos: + runs-on: macos-latest + strategy: + matrix: + arch: [arm64, x64] + steps: + - name: Checkout + uses: actions/checkout@v3 + + - name: Setup Node.js + uses: actions/setup-node@v3 + with: + node-version-file: '.nvmrc' + + - name: Install dependencies + run: | + npm ci + npm install -g create-dmg + + - name: Build + run: | + npm run buildreact + npm run gulp vscode-darwin-${{ matrix.arch }}-min + + - name: Create temporary working directory + run: | + WORKING_DIR="${{ runner.temp }}/VoidSign-${{ matrix.arch }}" + KEYCHAIN_DIR="${WORKING_DIR}/1_Keychain" + SIGN_DIR="${WORKING_DIR}/2_Signed" + mkdir -p "${WORKING_DIR}" "${KEYCHAIN_DIR}" "${SIGN_DIR}" + cp -Rp "$(pwd)/../VSCode-darwin-${{ matrix.arch }}" "${SIGN_DIR}" + echo "WORKING_DIR=${WORKING_DIR}" >> $GITHUB_ENV + echo "KEYCHAIN_DIR=${KEYCHAIN_DIR}" >> $GITHUB_ENV + echo "SIGN_DIR=${SIGN_DIR}" >> $GITHUB_ENV + echo "SIGNED_DOTAPP_DIR=${SIGN_DIR}/VSCode-darwin-${{ matrix.arch }}" >> $GITHUB_ENV + echo "SIGNED_DOTAPP=${SIGN_DIR}/VSCode-darwin-${{ matrix.arch }}/Void.app" >> $GITHUB_ENV + + - name: Import certificate + env: + P12_BASE64: ${{ secrets.MACOS_CERTIFICATE }} + P12_PASSWORD: ${{ secrets.MACOS_CERTIFICATE_PWD }} + KEYCHAIN_PASSWORD: "temporary-password" + run: | + KEYCHAIN="${KEYCHAIN_DIR}/buildagent.keychain" + echo "KEYCHAIN=${KEYCHAIN}" >> $GITHUB_ENV + + # Create a new keychain + security create-keychain -p "${KEYCHAIN_PASSWORD}" "${KEYCHAIN}" + security set-keychain-settings -lut 21600 "${KEYCHAIN}" + security unlock-keychain -p "${KEYCHAIN_PASSWORD}" "${KEYCHAIN}" + + # Import certificate + echo "${P12_BASE64}" | base64 --decode > "${KEYCHAIN_DIR}/certificate.p12" + security import "${KEYCHAIN_DIR}/certificate.p12" -k "${KEYCHAIN}" -P "${P12_PASSWORD}" -T /usr/bin/codesign + security set-key-partition-list -S apple-tool:,apple:,codesign: -s -k "${KEYCHAIN_PASSWORD}" "${KEYCHAIN}" > /dev/null + + # Add to keychain list + security list-keychains -d user -s "${KEYCHAIN}" $(security list-keychains -d user | sed s/\"//g) + + - name: Sign Application + env: + CODESIGN_IDENTITY: ${{ secrets.MACOS_SIGNING_IDENTITY }} + VSCODE_ARCH: ${{ matrix.arch }} + run: | + export AGENT_TEMPDIRECTORY="${KEYCHAIN_DIR}" + cd $(pwd)/build/darwin + node sign.js "${SIGN_DIR}" + codesign --verify --verbose=4 "${SIGNED_DOTAPP}" + + - name: Create DMG + run: | + cd "${SIGNED_DOTAPP_DIR}" + npx create-dmg --volname "Void Installer" "${SIGNED_DOTAPP}" . + GENERATED_DMG=$(ls *.dmg) + mv "${GENERATED_DMG}" "Void-Installer-darwin-${{ matrix.arch }}.dmg" + codesign --verify --verbose=4 "Void-Installer-darwin-${{ matrix.arch }}.dmg" + echo "SIGNED_DMG=${SIGNED_DOTAPP_DIR}/Void-Installer-darwin-${{ matrix.arch }}.dmg" >> $GITHUB_ENV + + - name: Notarize + env: + APPLE_ID: ${{ secrets.APPLE_ID }} + TEAM_ID: ${{ secrets.APPLE_TEAM_ID }} + APP_PASSWORD: ${{ secrets.APPLE_APP_PWD }} + KEYCHAIN_PASSWORD: "temporary-password" + run: | + # Store credentials for notarization + xcrun notarytool store-credentials "Void" \ + --apple-id "${APPLE_ID}" \ + --team-id "${TEAM_ID}" \ + --password "${APP_PASSWORD}" \ + --keychain "${KEYCHAIN}" + + # Submit for notarization with a timeout + xcrun notarytool submit "${SIGNED_DMG}" \ + --keychain-profile "Void" \ + --keychain "${KEYCHAIN}" \ + --wait --timeout 2h + + # Staple the notarization ticket + xcrun stapler staple "${SIGNED_DMG}" + + - name: Create Raw App Archive + run: | + cd "${SIGNED_DOTAPP_DIR}" + VOIDAPP=$(basename "${SIGNED_DOTAPP}") + ditto -c -k --sequesterRsrc --keepParent "${VOIDAPP}" "Void-RawApp-darwin-${{ matrix.arch }}.zip" + + - name: Generate Hash File + run: | + cd "${SIGNED_DOTAPP_DIR}" + SHA1=$(shasum -a 1 "Void-RawApp-darwin-${{ matrix.arch }}.zip" | cut -d' ' -f1) + SHA256=$(shasum -a 256 "Void-RawApp-darwin-${{ matrix.arch }}.zip" | cut -d' ' -f1) + TIMESTAMP=$(date +%s) + + cat > "Void-UpdJSON-darwin-${{ matrix.arch }}.json" << EOF + { + "sha256hash": "${SHA256}", + "hash": "${SHA1}", + "timestamp": ${TIMESTAMP} + } + EOF + + - name: Upload DMG + uses: actions/upload-artifact@v3 + with: + name: void-darwin-${{ matrix.arch }}-dmg + path: ${{ env.SIGNED_DMG }} + + - name: Upload Raw App + uses: actions/upload-artifact@v3 + with: + name: void-darwin-${{ matrix.arch }}-rawapp + path: ${{ env.SIGNED_DOTAPP_DIR }}/Void-RawApp-darwin-${{ matrix.arch }}.zip + + - name: Upload Hash File + uses: actions/upload-artifact@v3 + with: + name: void-darwin-${{ matrix.arch }}-hash + path: ${{ env.SIGNED_DOTAPP_DIR }}/Void-UpdJSON-darwin-${{ matrix.arch }}.json