| Age | Commit message (Collapse) | Author |
|---|
|
|
|
|
|
From https://docs.github.com/en/actions/security-guides/using-secrets-in-github-actions#using-secrets-in-a-workflow :
"Secrets cannot be directly referenced in if: conditionals. Instead, consider
setting secrets as job-level environment variables, then referencing the
environment variables to conditionally run steps in the job."
|
|
The previous construct produced:
Unrecognized named-value: 'secrets'. Located at position 1 within expression:
secrets.AZURE_KEY_VAULT_URI && ...
|
|
Specifically, when secrets aren't available (e.g. for external PRs), skip the
affected steps.
|
|
Mark issues as stale but do not close them.
|
|
|
|
instead of the branch that got pulled.
(cherry picked from commit b42e01d7acf5d4c55612c3a7df0e1ff6ee5ed951)
|
|
instead of on the current tag 7.1.2-release.
(cherry picked from commit 27b298d8bc720ff315c8e74cc5bff9ff9ead0552)
|
|
This should (!) allow us to generate full release notes relative to the
previous viewer release, instead of letting action-gh-release guess
incorrectly.
Also try again to add to the release page a back-link to the specific build.
(cherry picked from commit 88ebb92f05dade00cc8fc519cc062a458ecd48f2)
|
|
(cherry picked from commit 4edd78f2e54b3cd2e0b0a4b9300dfc669231dd98)
|
|
Using github.ref as action-gh-release's target_commitish produces:
⚠️ GitHub release failed with status: 422
[{"resource":"Release","code":"invalid","field":"target_commitish"}]
(cherry picked from commit c6a6db8488a8b3e7ea6534fbf5e2fe2b17864421)
|
|
Also try to cross-reference release page and build page.
(cherry picked from commit a908b4cfa98716d4a838fc1e5a6789faa15d16cf)
|
|
Put whatever release notes we retrieve into the generated release page.
(cherry picked from commit ff543b744ee0b0fd4dd90b46419ae50a570572ab)
|
|
Now that which_branch.py has moved to viewer-build-util, so has the PyGithub
dependency.
(cherry picked from commit dd0ec112fe5ded8ed5f69b72b3df26343ca12d35)
|
|
which_branch.py has moved to viewer-build-util as a reusable action.
(cherry picked from commit 09f66828ba573515c3766cce32f4746b8189efcf)
|
|
(cherry picked from commit 2c5066f1fcc0c9f145698ef3aaec72d27bce7181)
(cherry picked from commit ff1741cecae0fac6d94507fa4a6e4662219af707)
|
|
in viewer's autobuild-package.xml.
Ensure that AUTOBUILD_VCS_BRANCH is set before the build.
(cherry picked from commit b782ab73e640e434e4ed67fa8dfc951f09757585)
(cherry picked from commit 6e8d4f48466a5bbad2fcc27bc2877a30e575d4ce)
|
|
The release job has been dependent on sign-and-package-windows and
sign-and-package-mac, each of which depends on build. But that indirect
dependency doesn't convey access to ${{ needs.build.outputs.xxx }}. Add the
build job to direct dependencies so release can access its outputs.
(cherry picked from commit 819604d2cee6d4527cc436bebfacddf8642635ff)
|
|
(cherry picked from commit 6654ad14eed674e894d2903e0f2ea37c4e806c0f)
|
|
(cherry picked from commit 59eeaed1187e7592fd83380045916f2d8b9d58e7)
|
|
For a tag build that generates a release page, try to deduce the git branch to
which the tag we're building corresponds and add that to release notes.
(cherry picked from commit 9e99bb04a32f2ecc0f0b99686ce5a7adb356596d)
|
|
(cherry picked from commit f71662225eadf1589f5331e763e02e0bb1b72137)
|
|
|
|
We're currently building every single commit pushed to Github. This is
racking up $20k in build charges a month and is generally superfluous.
This changeset alters build triggers so that builds automatically run if
they are committed to a **shared branch**:
- `release/*` - A release stabilization branch
- `project/*` - A project viewer branch
- `main/*` - The default/stable branch
PR commits are also automatically built.
...need to build another commit? Developers can trigger one using a
manual workflow run.
|
|
|
|
Switch the build workflow from targeting the `main` branch of
viewer-build-util (which may receive breaking changes) to the stable
`v1` major version tag.
|
|
Only download and publish installers on public releases. This simplifies
the release process, as the flatten_files utility from
viewer-build-utils is not necessary this way. More importantly, it
doesn't clutter public releases with files that shouldn't be published
such as debug symbols.
|
|
|
|
|
|
|
|
|
|
|
|
for Mac and Windows. That's now done by subsequent jobs in the GitHub build.
Remove workflow step to upload installers before signing and packaging jobs.
Remove from viewer_manifest.py conditionals for 32-bit Windows or Mac.
Also bump to actions/checkout@v4, per dependabot.
|
|
"ASC Provider" was a credential accepted by altool, but switching from altool
to notarytool requires a Team ID instead.
Expect to find TEAM_ID in our repository secret NOTARIZE_CREDS_MACOS. Extract
it and pass it to sign-pkg-mac.
|
|
|
|
Add a Mac signing step to unpack the credentials bundled into
NOTARIZE_CREDS_MACOS so viewer-build-util/sign-pkg-mac need not know about
that peculiarity of our secrets formatting.
|
|
The viewer_manifest.py logic to determine the name of the viewer installer
.dmg is a little convoluted. Make it tell viewer-build-util/sign-pkg-mac that
name, rather than passing it all the relevant inputs and composing it
redundantly.
sign-pkg-mac also wants the viewer channel to determine the application name.
|
|
|
|
|
|
and uses new viewer-build-util/release-artifacts action.
|
|
|
|
instead of trying to checkout viewer-build-util (which doesn't work) and then
reference action subdirs from the filesystem.
Also engage (initial placeholder) actions to sign and package the
platform-specific application artifacts.
|
|
|
|
instead of having it implied by specifying the containing directory.
|
|
instead of distinct viewer-post-bugsplat-{windows,mac} repos.
|
|
In a Windows build tree, we don't actually have an app-named top directory, so
don't package its containing directory -- just the app dir itself, e.g.
"newview/Release".
In a Mac build tree, though we do have "Second Life Mumble.app", its parent
directory also contains other large stuff. Try posting a temp directory
containing a symlink to the .app.
Ditch the "!*.bat" exclusion: the presence of a second path (even an
exclusion) changes how upload-artifact nests its contents.
|
|
This unblocks ReleaseOS builds, and also preps for SL-19242.
Streamline build.sh's Uploads section.
|
|
Previously we posted Windows-exe, macOS-exe artifacts that were a little
inconsistent: Windows-exe contained just the Windows executable, whereas
macOS-exe contained the whole .app tree (but without the .app directory).
Change to post Windows-app, macOS-app artifacts that each contain the whole
viewer install image, including the top-level application name directory. This
is what we'll need to codesign and notarize.
|
|
|
