diff options
Diffstat (limited to '.github/workflows/build.yaml')
| -rw-r--r-- | .github/workflows/build.yaml | 155 |
1 files changed, 93 insertions, 62 deletions
diff --git a/.github/workflows/build.yaml b/.github/workflows/build.yaml index ee02ed58e8..813b6a96ef 100644 --- a/.github/workflows/build.yaml +++ b/.github/workflows/build.yaml @@ -12,18 +12,16 @@ jobs: strategy: matrix: runner: [windows-large, macos-12-xl] - configuration: [Release, ReleaseOS] - python-version: ["3.11"] + configuration: [Release] include: - runner: macos-12-xl developer_dir: "/Applications/Xcode_14.0.1.app/Contents/Developer" - exclude: - - runner: macos-12-xl - configuration: ReleaseOS runs-on: ${{ matrix.runner }} outputs: viewer_channel: ${{ steps.build.outputs.viewer_channel }} viewer_version: ${{ steps.build.outputs.viewer_version }} + viewer_branch: ${{ steps.which-branch.outputs.branch }} + relnotes: ${{ steps.which-branch.outputs.relnotes }} imagename: ${{ steps.build.outputs.imagename }} env: AUTOBUILD_ADDRSIZE: 64 @@ -33,12 +31,13 @@ jobs: AUTOBUILD_GITHUB_TOKEN: ${{ secrets.SHARED_AUTOBUILD_GITHUB_TOKEN }} AUTOBUILD_INSTALLABLE_CACHE: ${{ github.workspace }}/.autobuild-installables AUTOBUILD_VARIABLES_FILE: ${{ github.workspace }}/.build-variables/variables + # Direct autobuild to store vcs_url, vcs_branch and vcs_revision in + # autobuild-package.xml. + AUTOBUILD_VCS_INFO: "true" AUTOBUILD_VSVER: "170" DEVELOPER_DIR: ${{ matrix.developer_dir }} # Ensure that Linden viewer builds engage Bugsplat. BUGSPLAT_DB: ${{ matrix.configuration != 'ReleaseOS' && 'SecondLife_Viewer_2018' || '' }} - BUGSPLAT_PASS: ${{ secrets.BUGSPLAT_PASS }} - BUGSPLAT_USER: ${{ secrets.BUGSPLAT_USER }} build_coverity: false build_log_dir: ${{ github.workspace }}/.logs build_viewer: true @@ -67,15 +66,15 @@ jobs: run: echo "$GITHUB_CONTEXT" - name: Setup python - uses: actions/setup-python@v4 + uses: actions/setup-python@v5 with: - python-version: ${{ matrix.python-version }} + python-version: "3.11" - name: Checkout build variables uses: actions/checkout@v4 with: repository: secondlife/build-variables - ref: viewer + ref: master path: .build-variables - name: Checkout master-message-template @@ -88,7 +87,7 @@ jobs: run: pip3 install autobuild llsd - name: Cache autobuild packages - uses: actions/cache@v3 + uses: actions/cache@v4 id: cache-installables with: path: .autobuild-installables @@ -101,10 +100,17 @@ jobs: if: runner.os == 'Windows' run: choco install nsis-unicode + - name: Determine source branch + id: which-branch + uses: secondlife/viewer-build-util/which-branch@v2 + with: + token: ${{ github.token }} + - name: Build id: build shell: bash env: + AUTOBUILD_VCS_BRANCH: ${{ steps.which-branch.outputs.branch }} RUNNER_OS: ${{ runner.os }} run: | # set up things the viewer's build.sh script expects @@ -155,7 +161,7 @@ jobs: } repo_branch() { - git -C "$1" branch | grep '^* ' | cut -c 3- + echo "$AUTOBUILD_VCS_BRANCH" } record_dependencies_graph() { @@ -226,7 +232,7 @@ jobs: - name: Upload executable if: matrix.configuration != 'ReleaseOS' && steps.build.outputs.viewer_app - uses: actions/upload-artifact@v3 + uses: actions/upload-artifact@v4 with: name: "${{ steps.build.outputs.artifact }}-app" path: | @@ -236,7 +242,7 @@ jobs: # artifact for that too. - name: Upload symbol file if: matrix.configuration != 'ReleaseOS' - uses: actions/upload-artifact@v3 + uses: actions/upload-artifact@v4 with: name: "${{ steps.build.outputs.artifact }}-symbols" path: | @@ -244,7 +250,7 @@ jobs: - name: Upload metadata if: matrix.configuration != 'ReleaseOS' - uses: actions/upload-artifact@v3 + uses: actions/upload-artifact@v4 with: name: "${{ steps.build.outputs.artifact }}-metadata" # emitted by build.sh, possibly multiple lines @@ -252,7 +258,7 @@ jobs: ${{ steps.build.outputs.metadata }} - name: Upload physics package - uses: actions/upload-artifact@v3 + uses: actions/upload-artifact@v4 # should only be set for viewer-private if: matrix.configuration != 'ReleaseOS' && steps.build.outputs.physicstpv with: @@ -262,23 +268,36 @@ jobs: ${{ steps.build.outputs.physicstpv }} sign-and-package-windows: + env: + AZURE_KEY_VAULT_URI: ${{ secrets.AZURE_KEY_VAULT_URI }} + AZURE_CERT_NAME: ${{ secrets.AZURE_CERT_NAME }} + AZURE_CLIENT_ID: ${{ secrets.AZURE_CLIENT_ID }} + AZURE_CLIENT_SECRET: ${{ secrets.AZURE_CLIENT_SECRET }} + AZURE_TENANT_ID: ${{ secrets.AZURE_TENANT_ID }} needs: build runs-on: windows steps: - name: Sign and package Windows viewer - uses: secondlife/viewer-build-util/sign-pkg-windows@v1 + if: env.AZURE_KEY_VAULT_URI && env.AZURE_CERT_NAME && env.AZURE_CLIENT_ID && env.AZURE_CLIENT_SECRET && env.AZURE_TENANT_ID + uses: secondlife/viewer-build-util/sign-pkg-windows@v2 with: - vault_uri: "${{ secrets.AZURE_KEY_VAULT_URI }}" - cert_name: "${{ secrets.AZURE_CERT_NAME }}" - client_id: "${{ secrets.AZURE_CLIENT_ID }}" - client_secret: "${{ secrets.AZURE_CLIENT_SECRET }}" - tenant_id: "${{ secrets.AZURE_TENANT_ID }}" + vault_uri: "${{ env.AZURE_KEY_VAULT_URI }}" + cert_name: "${{ env.AZURE_CERT_NAME }}" + client_id: "${{ env.AZURE_CLIENT_ID }}" + client_secret: "${{ env.AZURE_CLIENT_SECRET }}" + tenant_id: "${{ env.AZURE_TENANT_ID }}" sign-and-package-mac: + env: + NOTARIZE_CREDS_MACOS: ${{ secrets.NOTARIZE_CREDS_MACOS }} + SIGNING_CERT_MACOS: ${{ secrets.SIGNING_CERT_MACOS }} + SIGNING_CERT_MACOS_IDENTITY: ${{ secrets.SIGNING_CERT_MACOS_IDENTITY }} + SIGNING_CERT_MACOS_PASSWORD: ${{ secrets.SIGNING_CERT_MACOS_PASSWORD }} needs: build runs-on: macos-latest steps: - name: Unpack Mac notarization credentials + if: env.NOTARIZE_CREDS_MACOS id: note-creds shell: bash run: | @@ -286,7 +305,7 @@ jobs: # USERNAME="..." # PASSWORD="..." # TEAM_ID="..." - eval "${{ secrets.NOTARIZE_CREDS_MACOS }}" + eval "${{ env.NOTARIZE_CREDS_MACOS }}" echo "::add-mask::$USERNAME" echo "::add-mask::$PASSWORD" echo "::add-mask::$TEAM_ID" @@ -298,87 +317,99 @@ jobs: [[ -n "$USERNAME" && -n "$PASSWORD" && -n "$TEAM_ID" ]] - name: Sign and package Mac viewer - uses: secondlife/viewer-build-util/sign-pkg-mac@v1 + if: env.SIGNING_CERT_MACOS && env.SIGNING_CERT_MACOS_IDENTITY && env.SIGNING_CERT_MACOS_PASSWORD && steps.note-creds.outputs.note_user && steps.note-creds.outputs.note_pass && steps.note-creds.outputs.note_team + uses: secondlife/viewer-build-util/sign-pkg-mac@v2 with: channel: ${{ needs.build.outputs.viewer_channel }} imagename: ${{ needs.build.outputs.imagename }} - cert_base64: ${{ secrets.SIGNING_CERT_MACOS }} - cert_name: ${{ secrets.SIGNING_CERT_MACOS_IDENTITY }} - cert_pass: ${{ secrets.SIGNING_CERT_MACOS_PASSWORD }} + cert_base64: ${{ env.SIGNING_CERT_MACOS }} + cert_name: ${{ env.SIGNING_CERT_MACOS_IDENTITY }} + cert_pass: ${{ env.SIGNING_CERT_MACOS_PASSWORD }} note_user: ${{ steps.note-creds.outputs.note_user }} note_pass: ${{ steps.note-creds.outputs.note_pass }} note_team: ${{ steps.note-creds.outputs.note_team }} post-windows-symbols: + env: + BUGSPLAT_USER: ${{ secrets.BUGSPLAT_USER }} + BUGSPLAT_PASS: ${{ secrets.BUGSPLAT_PASS }} needs: build runs-on: ubuntu-latest steps: - name: Post Windows symbols - uses: secondlife/viewer-build-util/post-bugsplat-windows@v1 + if: env.BUGSPLAT_USER && env.BUGSPLAT_PASS + uses: secondlife/viewer-build-util/post-bugsplat-windows@v2 with: - username: ${{ secrets.BUGSPLAT_USER }} - password: ${{ secrets.BUGSPLAT_PASS }} + username: ${{ env.BUGSPLAT_USER }} + password: ${{ env.BUGSPLAT_PASS }} database: "SecondLife_Viewer_2018" channel: ${{ needs.build.outputs.viewer_channel }} version: ${{ needs.build.outputs.viewer_version }} post-mac-symbols: + env: + BUGSPLAT_USER: ${{ secrets.BUGSPLAT_USER }} + BUGSPLAT_PASS: ${{ secrets.BUGSPLAT_PASS }} needs: build runs-on: ubuntu-latest steps: - name: Post Mac symbols - uses: secondlife/viewer-build-util/post-bugsplat-mac@v1 + if: env.BUGSPLAT_USER && env.BUGSPLAT_PASS + uses: secondlife/viewer-build-util/post-bugsplat-mac@v2 with: - username: ${{ secrets.BUGSPLAT_USER }} - password: ${{ secrets.BUGSPLAT_PASS }} + username: ${{ env.BUGSPLAT_USER }} + password: ${{ env.BUGSPLAT_PASS }} database: "SecondLife_Viewer_2018" channel: ${{ needs.build.outputs.viewer_channel }} version: ${{ needs.build.outputs.viewer_version }} release: - needs: [sign-and-package-windows, sign-and-package-mac] + needs: [build, sign-and-package-windows, sign-and-package-mac] runs-on: ubuntu-latest # Build with a tag like "Second_Life#abcdef0" to generate a release page (used for builds we are planning to deploy). if: github.ref_type == 'tag' && startsWith(github.ref_name, 'Second_Life') steps: - - uses: actions/download-artifact@v3 - with: - name: Windows-installer - - - uses: actions/download-artifact@v3 + - uses: actions/download-artifact@v4 with: - name: macOS-installer + pattern: "*-installer" - - uses: actions/download-artifact@v3 + - uses: actions/download-artifact@v4 with: - name: Windows-metadata - - - name: Rename windows metadata + pattern: "*-metadata" + + - name: Rename metadata run: | - mv autobuild-package.xml Windows-autobuild-package.xml - mv newview/viewer_version.txt Windows-viewer_version.txt - - - uses: actions/download-artifact@v3 - with: - name: macOS-metadata - - - name: Rename macOS metadata - run: | - mv autobuild-package.xml macOS-autobuild-package.xml - mv newview/viewer_version.txt macOS-viewer_version.txt + cp Windows-metadata/autobuild-package.xml Windows-autobuild-package.xml + cp Windows-metadata/newview/viewer_version.txt Windows-viewer_version.txt + cp macOS-metadata/autobuild-package.xml macOS-autobuild-package.xml + cp macOS-metadata/newview/viewer_version.txt macOS-viewer_version.txt # forked from softprops/action-gh-release - - uses: secondlife-3p/action-gh-release@v1 + - name: Create GitHub release + id: release + uses: secondlife-3p/action-gh-release@v1 with: - # name the release page for the build number so we can find it - # easily (analogous to looking up a codeticket build page) - name: "v${{ github.run_id }}" + # name the release page for the branch + name: "${{ needs.build.outputs.viewer_branch }}" + # SL-20546: want the channel and version to be visible on the + # release page + body: | + Build ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }} + ${{ needs.build.outputs.viewer_channel }} + ${{ needs.build.outputs.viewer_version }} + ${{ needs.build.outputs.relnotes }} prerelease: true generate_release_notes: true - # the only reason we generate a GH release is to post build products + target_commitish: ${{ github.sha }} + previous_tag: release + append_body: true fail_on_unmatched_files: true files: | - *.dmg - *.exe + macOS-installer/*.dmg + Windows-installer/*.exe *-autobuild-package.xml *-viewer_version.txt + + - name: post release URL + run: | + echo "::notice::Release ${{ steps.release.outputs.url }}" |