summaryrefslogtreecommitdiff
path: root/.github/workflows
diff options
context:
space:
mode:
Diffstat (limited to '.github/workflows')
-rw-r--r--.github/workflows/build.yaml330
-rw-r--r--.github/workflows/pre-commit.yaml2
2 files changed, 302 insertions, 30 deletions
diff --git a/.github/workflows/build.yaml b/.github/workflows/build.yaml
index 77127856c3..88d17826ea 100644
--- a/.github/workflows/build.yaml
+++ b/.github/workflows/build.yaml
@@ -4,7 +4,7 @@ on:
workflow_dispatch:
pull_request:
push:
- branches: [main, contribute]
+ branches: ["*"]
tags: ["*"]
jobs:
@@ -12,47 +12,84 @@ jobs:
strategy:
matrix:
runner: [windows-large, macos-12-xl]
- configuration: [ReleaseOS]
- addrsize: [64]
+ configuration: [Release, ReleaseOS]
+ python-version: ["3.11"]
include:
- runner: macos-12-xl
developer_dir: "/Applications/Xcode_14.0.1.app/Contents/Developer"
+ exclude:
+ - runner: macos-12-xl
runs-on: ${{ matrix.runner }}
+ outputs:
+ viewer_channel: ${{ steps.build.outputs.viewer_channel }}
+ viewer_version: ${{ steps.build.outputs.viewer_version }}
+ imagename: ${{ steps.build.outputs.imagename }}
env:
+ AUTOBUILD_ADDRSIZE: 64
+ AUTOBUILD_BUILD_ID: ${{ github.run_id }}
AUTOBUILD_CONFIGURATION: ${{ matrix.configuration }}
- AUTOBUILD_ADDRSIZE: ${{ matrix.addrsize }}
+ # authorizes fetching private constituent packages
+ AUTOBUILD_GITHUB_TOKEN: ${{ secrets.SHARED_AUTOBUILD_GITHUB_TOKEN }}
AUTOBUILD_INSTALLABLE_CACHE: ${{ github.workspace }}/.autobuild-installables
AUTOBUILD_VARIABLES_FILE: ${{ github.workspace }}/.build-variables/variables
- AUTOBUILD_VSVER: "170" # vs2k22
+ AUTOBUILD_VSVER: "170"
DEVELOPER_DIR: ${{ matrix.developer_dir }}
- LOGFAIL: debug # Show details when tests fail
+ # Ensure that Linden viewer builds engage Bugsplat.
+ BUGSPLAT_DB: ${{ matrix.configuration != 'ReleaseOS' && 'SecondLife_Viewer_2018' || '' }}
+ BUGSPLAT_PASS: ${{ secrets.BUGSPLAT_PASS }}
+ BUGSPLAT_USER: ${{ secrets.BUGSPLAT_USER }}
+ build_coverity: false
+ build_log_dir: ${{ github.workspace }}/.logs
+ build_viewer: true
+ BUILDSCRIPTS_SHARED: ${{ github.workspace }}/.shared
+ # extracted and committed to viewer repo
+ BUILDSCRIPTS_SUPPORT_FUNCTIONS: ${{ github.workspace }}/buildscripts_support_functions
GIT_REF: ${{ github.head_ref || github.ref }}
LL_SKIP_REQUIRE_SYSROOT: 1
+ # Setting this variable directs Linden's TUT test driver code to capture
+ # test-program log output at the specified level, but to display it only if
+ # the individual test fails.
+ LOGFAIL: DEBUG
+ master_message_template_checkout: ${{ github.workspace }}/.master-message-template
+ # Only set variants to the one configuration: don't let build.sh loop
+ # over variants, let GitHub distribute variants over multiple hosts.
+ variants: ${{ matrix.configuration }}
steps:
- name: Checkout code
- uses: actions/checkout@v3
+ uses: actions/checkout@v4
with:
ref: ${{ github.event.pull_request.head.sha || github.sha }}
+ - name: Setup python
+ uses: actions/setup-python@v4
+ with:
+ python-version: ${{ matrix.python-version }}
+
- name: Checkout build variables
- uses: actions/checkout@v3
+ uses: actions/checkout@v4
with:
repository: secondlife/build-variables
ref: viewer
path: .build-variables
+ - name: Checkout master-message-template
+ uses: actions/checkout@v4
+ with:
+ repository: secondlife/master-message-template
+ path: .master-message-template
+
- name: Install autobuild and python dependencies
- run: pip3 install autobuild llbase
+ run: pip3 install autobuild llsd
- name: Cache autobuild packages
uses: actions/cache@v3
id: cache-installables
with:
path: .autobuild-installables
- key: ${{ runner.os }}-${{ matrix.addrsize }}-${{ matrix.configuration }}-${{ hashFiles('autobuild.xml') }}
+ key: ${{ runner.os }}-64-${{ matrix.configuration }}-${{ hashFiles('autobuild.xml') }}
restore-keys: |
- ${{ runner.os }}-${{ matrix.addrsize }}-${{ matrix.configuration }}-
- ${{ runner.os }}-${{ matrix.addrsize }}-
+ ${{ runner.os }}-64-${{ matrix.configuration }}-
+ ${{ runner.os }}-64-
- name: Install windows dependencies
if: runner.os == 'Windows'
@@ -64,31 +101,266 @@ jobs:
env:
RUNNER_OS: ${{ runner.os }}
run: |
+ # set up things the viewer's build.sh script expects
+ set -x
+ mkdir -p "$build_log_dir"
+ mkdir -p "$BUILDSCRIPTS_SHARED/packages/lib/python"
+ source "$BUILDSCRIPTS_SUPPORT_FUNCTIONS"
+ if [[ "$OSTYPE" =~ cygwin|msys ]]
+ then
+ native_path() { cygpath --windows "$1"; }
+ shell_path() { cygpath --unix "$1"; }
+ else
+ native_path() { echo "$1"; }
+ shell_path() { echo "$1"; }
+ fi
+ finalize()
+ {
+ case "$1" in
+ true|0)
+ record_success "Build Succeeded"
+ ;;
+ *)
+ record_failure "Build Failed with $1"
+ ;;
+ esac
+ }
+ initialize_build()
+ {
+ echo "initialize_build"
+ }
+ initialize_version()
+ {
+ export revision="$AUTOBUILD_BUILD_ID"
+ }
+ python_cmd()
+ {
+ if [[ "x${1:0:1}" == "x-" ]] # -m, -c, etc.
+ then # if $1 is a switch, don't try to twiddle paths
+ "$(shell_path "$PYTHON_COMMAND")" "$@"
+ elif [[ "$(basename "$1")" == "codeticket.py" ]]
+ then # ignore any attempt to contact codeticket
+ echo "## $@"
+ else # running a script at an explicit path: fix path for Python
+ local script="$1"
+ shift
+ "$(shell_path "$PYTHON_COMMAND")" "$(native_path "$script")" "$@"
+ fi
+ }
+ repo_branch()
+ {
+ git -C "$1" branch | grep '^* ' | cut -c 3-
+ }
+ record_dependencies_graph()
+ {
+ echo "TODO: generate and post dependency graph"
+ }
+ # Since we're not uploading to codeticket, DO NOT sleep for minutes.
+ sleep()
+ {
+ echo "Not sleeping for $1 seconds"
+ }
+ export -f native_path shell_path finalize initialize_build initialize_version
+ export -f python_cmd repo_branch record_dependencies_graph sleep
+ ## Useful for diagnosing Windows LLProcess/LLLeap test failures
+ ##export APR_LOG="${RUNNER_TEMP}/apr.log"
+ export arch=$(uname | cut -b-6)
+ # Surprise! GH Windows runner's MINGW6 is a $arch value we've never
+ # seen before, so numerous tests don't know about it.
+ [[ "$arch" == "MINGW6" ]] && arch=CYGWIN
+ export AUTOBUILD="$(which autobuild)"
+ # Build with a tag like "Second_Life_Project_Shiny#abcdef0" to get a
+ # viewer channel "Second Life Project Shiny" (ignoring "#hash",
+ # needed to disambiguate tags).
+ if [[ "$GITHUB_REF_TYPE" == "tag" && "${GITHUB_REF_NAME:0:12}" == "Second_Life_" ]]
+ then viewer_channel="${GITHUB_REF_NAME%#*}"
+ export viewer_channel="${viewer_channel//_/ }"
+ else export viewer_channel="Second Life Test"
+ fi
+ echo "viewer_channel=$viewer_channel" >> "$GITHUB_OUTPUT"
+
# On windows we need to point the build to the correct python
# as neither CMake's FindPython nor our custom Python.cmake module
# will resolve the correct interpreter location.
if [[ "$RUNNER_OS" == "Windows" ]]; then
- export PYTHON="$(cygpath -m "$(which python)")"
+ export PYTHON="$(native_path "$(which python)")"
echo "Python location: $PYTHON"
+ export PYTHON_COMMAND="$PYTHON"
+ else
+ export PYTHON_COMMAND="python3"
fi
-
- autobuild configure -- -DVIEWER_CHANNEL="Second Life Test ${GIT_REF##*/}"
- autobuild build --no-configure
+ export PYTHON_COMMAND_NATIVE="$(native_path "$PYTHON_COMMAND")"
- # Find artifacts
- if [[ "$RUNNER_OS" == "Windows" ]]; then
- installer_path=$(find ./build-*/newview/ | grep '_Setup\.exe')
- installer_name="$(basename $installer_path)"
- elif [[ "$RUNNER_OS" == "macOS" ]]; then
- installer_path=$(find ./build-*/newview/ | grep '\.dmg')
- installer_name="$(basename $installer_path)"
+ ./build.sh
+
+ # Each artifact is downloaded as a distinct .zip file. Multiple jobs
+ # (per the matrix above) writing the same filepath to the same
+ # artifact name will *overwrite* that file. Moreover, they can
+ # interfere with each other, causing the upload to fail.
+ # https://github.com/actions/upload-artifact#uploading-to-the-same-artifact
+ # Given the size of our installers, and the fact that we typically
+ # only want to download just one instead of a single zip containing
+ # several, generate a distinct artifact name for each installer.
+ # If the matrix above can run multiple builds on the same
+ # platform, we must disambiguate on more than the platform name.
+ # e.g. if we were still running Windows 32-bit builds, we'd need to
+ # qualify the artifact with bit width.
+ if [[ "$AUTOBUILD_CONFIGURATION" == "ReleaseOS" ]]
+ then cfg_suffix='OS'
+ else cfg_suffix=''
fi
+ echo "artifact=$RUNNER_OS$cfg_suffix" >> $GITHUB_OUTPUT
- echo "installer_path=$installer_path" >> $GITHUB_OUTPUT
- echo "installer_name=$installer_name" >> $GITHUB_OUTPUT
-
- - name: Upload installer
+ - name: Upload executable
+ if: matrix.configuration != 'ReleaseOS' && steps.build.outputs.viewer_app
uses: actions/upload-artifact@v3
with:
- name: ${{ steps.build.outputs.installer_name }}
- path: ${{ steps.build.outputs.installer_path }}
+ name: "${{ steps.build.outputs.artifact }}-app"
+ path: |
+ ${{ steps.build.outputs.viewer_app }}
+
+ # The other upload of nontrivial size is the symbol file. Use a distinct
+ # artifact for that too.
+ - name: Upload symbol file
+ if: matrix.configuration != 'ReleaseOS'
+ uses: actions/upload-artifact@v3
+ with:
+ name: "${{ steps.build.outputs.artifact }}-symbols"
+ path: |
+ ${{ steps.build.outputs.symbolfile }}
+
+ - name: Upload metadata
+ if: matrix.configuration != 'ReleaseOS'
+ uses: actions/upload-artifact@v3
+ with:
+ name: "${{ steps.build.outputs.artifact }}-metadata"
+ # emitted by build.sh, possibly multiple lines
+ path: |
+ ${{ steps.build.outputs.metadata }}
+
+ - name: Upload physics package
+ uses: actions/upload-artifact@v3
+ # should only be set for viewer-private
+ if: matrix.configuration != 'ReleaseOS' && steps.build.outputs.physicstpv
+ with:
+ name: "${{ steps.build.outputs.artifact }}-physics"
+ # emitted by build.sh, zero or one lines
+ path: |
+ ${{ steps.build.outputs.physicstpv }}
+
+ sign-and-package-windows:
+ needs: build
+ runs-on: windows
+ steps:
+ - name: Sign and package Windows viewer
+ uses: secondlife/viewer-build-util/sign-pkg-windows@main
+ with:
+ vault_uri: "${{ secrets.AZURE_KEY_VAULT_URI }}"
+ cert_name: "${{ secrets.AZURE_CERT_NAME }}"
+ client_id: "${{ secrets.AZURE_CLIENT_ID }}"
+ client_secret: "${{ secrets.AZURE_CLIENT_SECRET }}"
+ tenant_id: "${{ secrets.AZURE_TENANT_ID }}"
+
+ sign-and-package-mac:
+ needs: build
+ runs-on: macos-latest
+ steps:
+ - name: Unpack Mac notarization credentials
+ id: note-creds
+ shell: bash
+ run: |
+ # In NOTARIZE_CREDS_MACOS we expect to find:
+ # USERNAME="..."
+ # PASSWORD="..."
+ # TEAM_ID="..."
+ eval "${{ secrets.NOTARIZE_CREDS_MACOS }}"
+ echo "::add-mask::$USERNAME"
+ echo "::add-mask::$PASSWORD"
+ echo "::add-mask::$TEAM_ID"
+ echo "note_user=$USERNAME" >> "$GITHUB_OUTPUT"
+ echo "note_pass=$PASSWORD" >> "$GITHUB_OUTPUT"
+ echo "note_team=$TEAM_ID" >> "$GITHUB_OUTPUT"
+ # If we didn't manage to retrieve all of these credentials, better
+ # find out sooner than later.
+ [[ -n "$USERNAME" && -n "$PASSWORD" && -n "$TEAM_ID" ]]
+
+ - name: Sign and package Mac viewer
+ uses: secondlife/viewer-build-util/sign-pkg-mac@main
+ with:
+ channel: ${{ needs.build.outputs.viewer_channel }}
+ imagename: ${{ needs.build.outputs.imagename }}
+ cert_base64: ${{ secrets.SIGNING_CERT_MACOS }}
+ cert_name: ${{ secrets.SIGNING_CERT_MACOS_IDENTITY }}
+ cert_pass: ${{ secrets.SIGNING_CERT_MACOS_PASSWORD }}
+ note_user: ${{ steps.note-creds.outputs.note_user }}
+ note_pass: ${{ steps.note-creds.outputs.note_pass }}
+ note_team: ${{ steps.note-creds.outputs.note_team }}
+
+ post-windows-symbols:
+ needs: build
+ runs-on: ubuntu-latest
+ steps:
+ - name: Post Windows symbols
+ uses: secondlife/viewer-build-util/post-bugsplat-windows@main
+ with:
+ username: ${{ secrets.BUGSPLAT_USER }}
+ password: ${{ secrets.BUGSPLAT_PASS }}
+ database: "SecondLife_Viewer_2018"
+ channel: ${{ needs.build.outputs.viewer_channel }}
+ version: ${{ needs.build.outputs.viewer_version }}
+
+ post-mac-symbols:
+ needs: build
+ runs-on: ubuntu-latest
+ steps:
+ - name: Post Mac symbols
+ uses: secondlife/viewer-build-util/post-bugsplat-mac@main
+ with:
+ username: ${{ secrets.BUGSPLAT_USER }}
+ password: ${{ secrets.BUGSPLAT_PASS }}
+ database: "SecondLife_Viewer_2018"
+ channel: ${{ needs.build.outputs.viewer_channel }}
+ version: ${{ needs.build.outputs.viewer_version }}
+
+ release:
+ needs: [sign-and-package-windows, sign-and-package-mac]
+ runs-on: ubuntu-latest
+ if: github.ref_type == 'tag' && startsWith(github.ref_name, 'Second_Life_')
+ steps:
+ - uses: actions/download-artifact@v3
+ with:
+ path: artifacts
+
+ - name: Reshuffle artifact files
+ uses: secondlife/viewer-build-util/release-artifacts@main
+ with:
+ input-path: artifacts
+ output-path: assets
+ # The *-app artifacts are for use only by the signing and
+ # packaging steps. Once we've generated signed installers, we no
+ # longer need them, and we CERTAINLY don't want to publish
+ # thousands of individual files as separate URLs.
+ exclude: |-
+ Windows-app
+ macOS-app
+ # Use just "Windows" or "macOS" prefix because these are the only
+ # artifacts in which we expect files from both platforms with
+ # colliding names (e.g. autobuild-package.xml). release-artifacts
+ # normally resolves collisions by prepending the artifact name, so
+ # when we anticipate collisions, it's good to keep the prefix
+ # short and sweet.
+ prefix: |-
+ Windows-metadata=Windows
+ macOS-metadata=macOS
+
+ # forked from softprops/action-gh-release
+ - uses: secondlife-3p/action-gh-release@v1
+ with:
+ # name the release page for the build number so we can find it
+ # easily (analogous to looking up a codeticket build page)
+ name: "v${{ github.run_id }}"
+ prerelease: true
+ generate_release_notes: true
+ # the only reason we generate a GH release is to post build products
+ fail_on_unmatched_files: true
+ files: "assets/*"
diff --git a/.github/workflows/pre-commit.yaml b/.github/workflows/pre-commit.yaml
index 17c0ace02f..d626eef38d 100644
--- a/.github/workflows/pre-commit.yaml
+++ b/.github/workflows/pre-commit.yaml
@@ -11,7 +11,7 @@ jobs:
pre-commit:
runs-on: ubuntu-latest
steps:
- - uses: actions/checkout@v3
+ - uses: actions/checkout@v4
- uses: actions/setup-python@v4
with:
python-version: 3.x