From beea0c55dd68a1584300a02333f8be9ffcac0476 Mon Sep 17 00:00:00 2001 From: Nat Goodspeed Date: Tue, 5 Mar 2024 13:36:18 -0500 Subject: Make signing and symbol posting jobs conditional on secrets. Specifically, when secrets aren't available (e.g. for external PRs), skip the affected steps. --- .github/workflows/build.yaml | 4 ++++ 1 file changed, 4 insertions(+) (limited to '.github/workflows/build.yaml') diff --git a/.github/workflows/build.yaml b/.github/workflows/build.yaml index 1dd2c1d5df..edb180a2d1 100644 --- a/.github/workflows/build.yaml +++ b/.github/workflows/build.yaml @@ -250,6 +250,7 @@ jobs: ${{ steps.build.outputs.physicstpv }} sign-and-package-windows: + if: secrets.AZURE_KEY_VAULT_URI && secrets.AZURE_CERT_NAME && secrets.AZURE_CLIENT_ID && secrets.AZURE_CLIENT_SECRET && secrets.AZURE_TENANT_ID needs: build runs-on: windows steps: @@ -263,6 +264,7 @@ jobs: tenant_id: "${{ secrets.AZURE_TENANT_ID }}" sign-and-package-mac: + if: secrets.NOTARIZE_CREDS_MACOS && secrets.SIGNING_CERT_MACOS && secrets.SIGNING_CERT_MACOS_IDENTITY && secrets.SIGNING_CERT_MACOS_PASSWORD needs: build runs-on: macos-latest steps: @@ -298,6 +300,7 @@ jobs: note_team: ${{ steps.note-creds.outputs.note_team }} post-windows-symbols: + if: secrets.BUGSPLAT_USER && secrets.BUGSPLAT_PASS needs: build runs-on: ubuntu-latest steps: @@ -311,6 +314,7 @@ jobs: version: ${{ needs.build.outputs.viewer_version }} post-mac-symbols: + if: secrets.BUGSPLAT_USER && secrets.BUGSPLAT_PASS needs: build runs-on: ubuntu-latest steps: -- cgit v1.2.3 From f738df6c147a84c17f28b8326c5bc1eb54e4519f Mon Sep 17 00:00:00 2001 From: Nat Goodspeed Date: Tue, 5 Mar 2024 13:50:38 -0500 Subject: Enclose 'if:' expressions in ${{ ... }}. The previous construct produced: Unrecognized named-value: 'secrets'. Located at position 1 within expression: secrets.AZURE_KEY_VAULT_URI && ... --- .github/workflows/build.yaml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) (limited to '.github/workflows/build.yaml') diff --git a/.github/workflows/build.yaml b/.github/workflows/build.yaml index edb180a2d1..5fad232203 100644 --- a/.github/workflows/build.yaml +++ b/.github/workflows/build.yaml @@ -250,7 +250,7 @@ jobs: ${{ steps.build.outputs.physicstpv }} sign-and-package-windows: - if: secrets.AZURE_KEY_VAULT_URI && secrets.AZURE_CERT_NAME && secrets.AZURE_CLIENT_ID && secrets.AZURE_CLIENT_SECRET && secrets.AZURE_TENANT_ID + if: ${{ secrets.AZURE_KEY_VAULT_URI && secrets.AZURE_CERT_NAME && secrets.AZURE_CLIENT_ID && secrets.AZURE_CLIENT_SECRET && secrets.AZURE_TENANT_ID }} needs: build runs-on: windows steps: @@ -264,7 +264,7 @@ jobs: tenant_id: "${{ secrets.AZURE_TENANT_ID }}" sign-and-package-mac: - if: secrets.NOTARIZE_CREDS_MACOS && secrets.SIGNING_CERT_MACOS && secrets.SIGNING_CERT_MACOS_IDENTITY && secrets.SIGNING_CERT_MACOS_PASSWORD + if: ${{ secrets.NOTARIZE_CREDS_MACOS && secrets.SIGNING_CERT_MACOS && secrets.SIGNING_CERT_MACOS_IDENTITY && secrets.SIGNING_CERT_MACOS_PASSWORD }} needs: build runs-on: macos-latest steps: @@ -300,7 +300,7 @@ jobs: note_team: ${{ steps.note-creds.outputs.note_team }} post-windows-symbols: - if: secrets.BUGSPLAT_USER && secrets.BUGSPLAT_PASS + if: ${{ secrets.BUGSPLAT_USER && secrets.BUGSPLAT_PASS }} needs: build runs-on: ubuntu-latest steps: @@ -314,7 +314,7 @@ jobs: version: ${{ needs.build.outputs.viewer_version }} post-mac-symbols: - if: secrets.BUGSPLAT_USER && secrets.BUGSPLAT_PASS + if: ${{ secrets.BUGSPLAT_USER && secrets.BUGSPLAT_PASS }} needs: build runs-on: ubuntu-latest steps: -- cgit v1.2.3 From c83d93becdee899736a121cbb8eae5c0c9d37c09 Mon Sep 17 00:00:00 2001 From: Nat Goodspeed Date: Tue, 5 Mar 2024 14:23:32 -0500 Subject: To test for presence of secrets, set environment variables. From https://docs.github.com/en/actions/security-guides/using-secrets-in-github-actions#using-secrets-in-a-workflow : "Secrets cannot be directly referenced in if: conditionals. Instead, consider setting secrets as job-level environment variables, then referencing the environment variables to conditionally run steps in the job." --- .github/workflows/build.yaml | 54 ++++++++++++++++++++++++++++---------------- 1 file changed, 35 insertions(+), 19 deletions(-) (limited to '.github/workflows/build.yaml') diff --git a/.github/workflows/build.yaml b/.github/workflows/build.yaml index 5fad232203..13798fc607 100644 --- a/.github/workflows/build.yaml +++ b/.github/workflows/build.yaml @@ -37,8 +37,6 @@ jobs: DEVELOPER_DIR: ${{ matrix.developer_dir }} # Ensure that Linden viewer builds engage Bugsplat. BUGSPLAT_DB: ${{ matrix.configuration != 'ReleaseOS' && 'SecondLife_Viewer_2018' || '' }} - BUGSPLAT_PASS: ${{ secrets.BUGSPLAT_PASS }} - BUGSPLAT_USER: ${{ secrets.BUGSPLAT_USER }} build_coverity: false build_log_dir: ${{ github.workspace }}/.logs build_viewer: true @@ -250,25 +248,36 @@ jobs: ${{ steps.build.outputs.physicstpv }} sign-and-package-windows: - if: ${{ secrets.AZURE_KEY_VAULT_URI && secrets.AZURE_CERT_NAME && secrets.AZURE_CLIENT_ID && secrets.AZURE_CLIENT_SECRET && secrets.AZURE_TENANT_ID }} + env: + AZURE_KEY_VAULT_URI: ${{ secrets.AZURE_KEY_VAULT_URI }} + AZURE_CERT_NAME: ${{ secrets.AZURE_CERT_NAME }} + AZURE_CLIENT_ID: ${{ secrets.AZURE_CLIENT_ID }} + AZURE_CLIENT_SECRET: ${{ secrets.AZURE_CLIENT_SECRET }} + AZURE_TENANT_ID: ${{ secrets.AZURE_TENANT_ID }} needs: build runs-on: windows steps: - name: Sign and package Windows viewer + if: env.AZURE_KEY_VAULT_URI && env.AZURE_CERT_NAME && env.AZURE_CLIENT_ID && env.AZURE_CLIENT_SECRET && env.AZURE_TENANT_ID uses: secondlife/viewer-build-util/sign-pkg-windows@v1 with: - vault_uri: "${{ secrets.AZURE_KEY_VAULT_URI }}" - cert_name: "${{ secrets.AZURE_CERT_NAME }}" - client_id: "${{ secrets.AZURE_CLIENT_ID }}" - client_secret: "${{ secrets.AZURE_CLIENT_SECRET }}" - tenant_id: "${{ secrets.AZURE_TENANT_ID }}" + vault_uri: "${{ env.AZURE_KEY_VAULT_URI }}" + cert_name: "${{ env.AZURE_CERT_NAME }}" + client_id: "${{ env.AZURE_CLIENT_ID }}" + client_secret: "${{ env.AZURE_CLIENT_SECRET }}" + tenant_id: "${{ env.AZURE_TENANT_ID }}" sign-and-package-mac: - if: ${{ secrets.NOTARIZE_CREDS_MACOS && secrets.SIGNING_CERT_MACOS && secrets.SIGNING_CERT_MACOS_IDENTITY && secrets.SIGNING_CERT_MACOS_PASSWORD }} + env: + NOTARIZE_CREDS_MACOS: ${{ secrets.NOTARIZE_CREDS_MACOS }} + SIGNING_CERT_MACOS: ${{ secrets.SIGNING_CERT_MACOS }} + SIGNING_CERT_MACOS_IDENTITY: ${{ secrets.SIGNING_CERT_MACOS_IDENTITY }} + SIGNING_CERT_MACOS_PASSWORD: ${{ secrets.SIGNING_CERT_MACOS_PASSWORD }} needs: build runs-on: macos-latest steps: - name: Unpack Mac notarization credentials + if: env.NOTARIZE_CREDS_MACOS id: note-creds shell: bash run: | @@ -276,7 +285,7 @@ jobs: # USERNAME="..." # PASSWORD="..." # TEAM_ID="..." - eval "${{ secrets.NOTARIZE_CREDS_MACOS }}" + eval "${{ env.NOTARIZE_CREDS_MACOS }}" echo "::add-mask::$USERNAME" echo "::add-mask::$PASSWORD" echo "::add-mask::$TEAM_ID" @@ -288,41 +297,48 @@ jobs: [[ -n "$USERNAME" && -n "$PASSWORD" && -n "$TEAM_ID" ]] - name: Sign and package Mac viewer + if: env.SIGNING_CERT_MACOS && env.SIGNING_CERT_MACOS_IDENTITY && env.SIGNING_CERT_MACOS_PASSWORD && steps.note-creds.outputs.note_user && steps.note-creds.outputs.note_pass && steps.note-creds.outputs.note_team uses: secondlife/viewer-build-util/sign-pkg-mac@v1 with: channel: ${{ needs.build.outputs.viewer_channel }} imagename: ${{ needs.build.outputs.imagename }} - cert_base64: ${{ secrets.SIGNING_CERT_MACOS }} - cert_name: ${{ secrets.SIGNING_CERT_MACOS_IDENTITY }} - cert_pass: ${{ secrets.SIGNING_CERT_MACOS_PASSWORD }} + cert_base64: ${{ env.SIGNING_CERT_MACOS }} + cert_name: ${{ env.SIGNING_CERT_MACOS_IDENTITY }} + cert_pass: ${{ env.SIGNING_CERT_MACOS_PASSWORD }} note_user: ${{ steps.note-creds.outputs.note_user }} note_pass: ${{ steps.note-creds.outputs.note_pass }} note_team: ${{ steps.note-creds.outputs.note_team }} post-windows-symbols: - if: ${{ secrets.BUGSPLAT_USER && secrets.BUGSPLAT_PASS }} + env: + BUGSPLAT_USER: ${{ secrets.BUGSPLAT_USER }} + BUGSPLAT_PASS: ${{ secrets.BUGSPLAT_PASS }} needs: build runs-on: ubuntu-latest steps: - name: Post Windows symbols + if: env.BUGSPLAT_USER && env.BUGSPLAT_PASS uses: secondlife/viewer-build-util/post-bugsplat-windows@v1 with: - username: ${{ secrets.BUGSPLAT_USER }} - password: ${{ secrets.BUGSPLAT_PASS }} + username: ${{ env.BUGSPLAT_USER }} + password: ${{ env.BUGSPLAT_PASS }} database: "SecondLife_Viewer_2018" channel: ${{ needs.build.outputs.viewer_channel }} version: ${{ needs.build.outputs.viewer_version }} post-mac-symbols: - if: ${{ secrets.BUGSPLAT_USER && secrets.BUGSPLAT_PASS }} + env: + BUGSPLAT_USER: ${{ secrets.BUGSPLAT_USER }} + BUGSPLAT_PASS: ${{ secrets.BUGSPLAT_PASS }} needs: build runs-on: ubuntu-latest steps: - name: Post Mac symbols + if: env.BUGSPLAT_USER && env.BUGSPLAT_PASS uses: secondlife/viewer-build-util/post-bugsplat-mac@v1 with: - username: ${{ secrets.BUGSPLAT_USER }} - password: ${{ secrets.BUGSPLAT_PASS }} + username: ${{ env.BUGSPLAT_USER }} + password: ${{ env.BUGSPLAT_PASS }} database: "SecondLife_Viewer_2018" channel: ${{ needs.build.outputs.viewer_channel }} version: ${{ needs.build.outputs.viewer_version }} -- cgit v1.2.3 From d3170e0033af174534e841e474f4155450343cc2 Mon Sep 17 00:00:00 2001 From: Andrey Lihatskiy Date: Sat, 9 Mar 2024 19:19:49 +0200 Subject: Revert "To test for presence of secrets, set environment variables." This reverts commit c83d93becdee899736a121cbb8eae5c0c9d37c09. --- .github/workflows/build.yaml | 54 ++++++++++++++++---------------------------- 1 file changed, 19 insertions(+), 35 deletions(-) (limited to '.github/workflows/build.yaml') diff --git a/.github/workflows/build.yaml b/.github/workflows/build.yaml index c7a758bd0f..6431b59366 100644 --- a/.github/workflows/build.yaml +++ b/.github/workflows/build.yaml @@ -42,6 +42,8 @@ jobs: DEVELOPER_DIR: ${{ matrix.developer_dir }} # Ensure that Linden viewer builds engage Bugsplat. BUGSPLAT_DB: ${{ matrix.configuration != 'ReleaseOS' && 'SecondLife_Viewer_2018' || '' }} + BUGSPLAT_PASS: ${{ secrets.BUGSPLAT_PASS }} + BUGSPLAT_USER: ${{ secrets.BUGSPLAT_USER }} build_coverity: false build_log_dir: ${{ github.workspace }}/.logs build_viewer: true @@ -260,36 +262,25 @@ jobs: ${{ steps.build.outputs.physicstpv }} sign-and-package-windows: - env: - AZURE_KEY_VAULT_URI: ${{ secrets.AZURE_KEY_VAULT_URI }} - AZURE_CERT_NAME: ${{ secrets.AZURE_CERT_NAME }} - AZURE_CLIENT_ID: ${{ secrets.AZURE_CLIENT_ID }} - AZURE_CLIENT_SECRET: ${{ secrets.AZURE_CLIENT_SECRET }} - AZURE_TENANT_ID: ${{ secrets.AZURE_TENANT_ID }} + if: ${{ secrets.AZURE_KEY_VAULT_URI && secrets.AZURE_CERT_NAME && secrets.AZURE_CLIENT_ID && secrets.AZURE_CLIENT_SECRET && secrets.AZURE_TENANT_ID }} needs: build runs-on: windows steps: - name: Sign and package Windows viewer - if: env.AZURE_KEY_VAULT_URI && env.AZURE_CERT_NAME && env.AZURE_CLIENT_ID && env.AZURE_CLIENT_SECRET && env.AZURE_TENANT_ID uses: secondlife/viewer-build-util/sign-pkg-windows@v1 with: - vault_uri: "${{ env.AZURE_KEY_VAULT_URI }}" - cert_name: "${{ env.AZURE_CERT_NAME }}" - client_id: "${{ env.AZURE_CLIENT_ID }}" - client_secret: "${{ env.AZURE_CLIENT_SECRET }}" - tenant_id: "${{ env.AZURE_TENANT_ID }}" + vault_uri: "${{ secrets.AZURE_KEY_VAULT_URI }}" + cert_name: "${{ secrets.AZURE_CERT_NAME }}" + client_id: "${{ secrets.AZURE_CLIENT_ID }}" + client_secret: "${{ secrets.AZURE_CLIENT_SECRET }}" + tenant_id: "${{ secrets.AZURE_TENANT_ID }}" sign-and-package-mac: - env: - NOTARIZE_CREDS_MACOS: ${{ secrets.NOTARIZE_CREDS_MACOS }} - SIGNING_CERT_MACOS: ${{ secrets.SIGNING_CERT_MACOS }} - SIGNING_CERT_MACOS_IDENTITY: ${{ secrets.SIGNING_CERT_MACOS_IDENTITY }} - SIGNING_CERT_MACOS_PASSWORD: ${{ secrets.SIGNING_CERT_MACOS_PASSWORD }} + if: ${{ secrets.NOTARIZE_CREDS_MACOS && secrets.SIGNING_CERT_MACOS && secrets.SIGNING_CERT_MACOS_IDENTITY && secrets.SIGNING_CERT_MACOS_PASSWORD }} needs: build runs-on: macos-latest steps: - name: Unpack Mac notarization credentials - if: env.NOTARIZE_CREDS_MACOS id: note-creds shell: bash run: | @@ -297,7 +288,7 @@ jobs: # USERNAME="..." # PASSWORD="..." # TEAM_ID="..." - eval "${{ env.NOTARIZE_CREDS_MACOS }}" + eval "${{ secrets.NOTARIZE_CREDS_MACOS }}" echo "::add-mask::$USERNAME" echo "::add-mask::$PASSWORD" echo "::add-mask::$TEAM_ID" @@ -309,48 +300,41 @@ jobs: [[ -n "$USERNAME" && -n "$PASSWORD" && -n "$TEAM_ID" ]] - name: Sign and package Mac viewer - if: env.SIGNING_CERT_MACOS && env.SIGNING_CERT_MACOS_IDENTITY && env.SIGNING_CERT_MACOS_PASSWORD && steps.note-creds.outputs.note_user && steps.note-creds.outputs.note_pass && steps.note-creds.outputs.note_team uses: secondlife/viewer-build-util/sign-pkg-mac@v1 with: channel: ${{ needs.build.outputs.viewer_channel }} imagename: ${{ needs.build.outputs.imagename }} - cert_base64: ${{ env.SIGNING_CERT_MACOS }} - cert_name: ${{ env.SIGNING_CERT_MACOS_IDENTITY }} - cert_pass: ${{ env.SIGNING_CERT_MACOS_PASSWORD }} + cert_base64: ${{ secrets.SIGNING_CERT_MACOS }} + cert_name: ${{ secrets.SIGNING_CERT_MACOS_IDENTITY }} + cert_pass: ${{ secrets.SIGNING_CERT_MACOS_PASSWORD }} note_user: ${{ steps.note-creds.outputs.note_user }} note_pass: ${{ steps.note-creds.outputs.note_pass }} note_team: ${{ steps.note-creds.outputs.note_team }} post-windows-symbols: - env: - BUGSPLAT_USER: ${{ secrets.BUGSPLAT_USER }} - BUGSPLAT_PASS: ${{ secrets.BUGSPLAT_PASS }} + if: ${{ secrets.BUGSPLAT_USER && secrets.BUGSPLAT_PASS }} needs: build runs-on: ubuntu-latest steps: - name: Post Windows symbols - if: env.BUGSPLAT_USER && env.BUGSPLAT_PASS uses: secondlife/viewer-build-util/post-bugsplat-windows@v1 with: - username: ${{ env.BUGSPLAT_USER }} - password: ${{ env.BUGSPLAT_PASS }} + username: ${{ secrets.BUGSPLAT_USER }} + password: ${{ secrets.BUGSPLAT_PASS }} database: "SecondLife_Viewer_2018" channel: ${{ needs.build.outputs.viewer_channel }} version: ${{ needs.build.outputs.viewer_version }} post-mac-symbols: - env: - BUGSPLAT_USER: ${{ secrets.BUGSPLAT_USER }} - BUGSPLAT_PASS: ${{ secrets.BUGSPLAT_PASS }} + if: ${{ secrets.BUGSPLAT_USER && secrets.BUGSPLAT_PASS }} needs: build runs-on: ubuntu-latest steps: - name: Post Mac symbols - if: env.BUGSPLAT_USER && env.BUGSPLAT_PASS uses: secondlife/viewer-build-util/post-bugsplat-mac@v1 with: - username: ${{ env.BUGSPLAT_USER }} - password: ${{ env.BUGSPLAT_PASS }} + username: ${{ secrets.BUGSPLAT_USER }} + password: ${{ secrets.BUGSPLAT_PASS }} database: "SecondLife_Viewer_2018" channel: ${{ needs.build.outputs.viewer_channel }} version: ${{ needs.build.outputs.viewer_version }} -- cgit v1.2.3 From 2e17fc6ac79638c765c0147485f7727744385763 Mon Sep 17 00:00:00 2001 From: Andrey Lihatskiy Date: Sat, 9 Mar 2024 19:19:49 +0200 Subject: Revert "Enclose 'if:' expressions in ${{ ... }}." This reverts commit f738df6c147a84c17f28b8326c5bc1eb54e4519f. --- .github/workflows/build.yaml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) (limited to '.github/workflows/build.yaml') diff --git a/.github/workflows/build.yaml b/.github/workflows/build.yaml index 6431b59366..43b17edf17 100644 --- a/.github/workflows/build.yaml +++ b/.github/workflows/build.yaml @@ -262,7 +262,7 @@ jobs: ${{ steps.build.outputs.physicstpv }} sign-and-package-windows: - if: ${{ secrets.AZURE_KEY_VAULT_URI && secrets.AZURE_CERT_NAME && secrets.AZURE_CLIENT_ID && secrets.AZURE_CLIENT_SECRET && secrets.AZURE_TENANT_ID }} + if: secrets.AZURE_KEY_VAULT_URI && secrets.AZURE_CERT_NAME && secrets.AZURE_CLIENT_ID && secrets.AZURE_CLIENT_SECRET && secrets.AZURE_TENANT_ID needs: build runs-on: windows steps: @@ -276,7 +276,7 @@ jobs: tenant_id: "${{ secrets.AZURE_TENANT_ID }}" sign-and-package-mac: - if: ${{ secrets.NOTARIZE_CREDS_MACOS && secrets.SIGNING_CERT_MACOS && secrets.SIGNING_CERT_MACOS_IDENTITY && secrets.SIGNING_CERT_MACOS_PASSWORD }} + if: secrets.NOTARIZE_CREDS_MACOS && secrets.SIGNING_CERT_MACOS && secrets.SIGNING_CERT_MACOS_IDENTITY && secrets.SIGNING_CERT_MACOS_PASSWORD needs: build runs-on: macos-latest steps: @@ -312,7 +312,7 @@ jobs: note_team: ${{ steps.note-creds.outputs.note_team }} post-windows-symbols: - if: ${{ secrets.BUGSPLAT_USER && secrets.BUGSPLAT_PASS }} + if: secrets.BUGSPLAT_USER && secrets.BUGSPLAT_PASS needs: build runs-on: ubuntu-latest steps: @@ -326,7 +326,7 @@ jobs: version: ${{ needs.build.outputs.viewer_version }} post-mac-symbols: - if: ${{ secrets.BUGSPLAT_USER && secrets.BUGSPLAT_PASS }} + if: secrets.BUGSPLAT_USER && secrets.BUGSPLAT_PASS needs: build runs-on: ubuntu-latest steps: -- cgit v1.2.3 From 90b27241f01a3e2e098f5d81ce554b842209b9e7 Mon Sep 17 00:00:00 2001 From: Andrey Lihatskiy Date: Sat, 9 Mar 2024 19:19:49 +0200 Subject: Revert "Make signing and symbol posting jobs conditional on secrets." This reverts commit beea0c55dd68a1584300a02333f8be9ffcac0476. --- .github/workflows/build.yaml | 4 ---- 1 file changed, 4 deletions(-) (limited to '.github/workflows/build.yaml') diff --git a/.github/workflows/build.yaml b/.github/workflows/build.yaml index 43b17edf17..8a066e7c79 100644 --- a/.github/workflows/build.yaml +++ b/.github/workflows/build.yaml @@ -262,7 +262,6 @@ jobs: ${{ steps.build.outputs.physicstpv }} sign-and-package-windows: - if: secrets.AZURE_KEY_VAULT_URI && secrets.AZURE_CERT_NAME && secrets.AZURE_CLIENT_ID && secrets.AZURE_CLIENT_SECRET && secrets.AZURE_TENANT_ID needs: build runs-on: windows steps: @@ -276,7 +275,6 @@ jobs: tenant_id: "${{ secrets.AZURE_TENANT_ID }}" sign-and-package-mac: - if: secrets.NOTARIZE_CREDS_MACOS && secrets.SIGNING_CERT_MACOS && secrets.SIGNING_CERT_MACOS_IDENTITY && secrets.SIGNING_CERT_MACOS_PASSWORD needs: build runs-on: macos-latest steps: @@ -312,7 +310,6 @@ jobs: note_team: ${{ steps.note-creds.outputs.note_team }} post-windows-symbols: - if: secrets.BUGSPLAT_USER && secrets.BUGSPLAT_PASS needs: build runs-on: ubuntu-latest steps: @@ -326,7 +323,6 @@ jobs: version: ${{ needs.build.outputs.viewer_version }} post-mac-symbols: - if: secrets.BUGSPLAT_USER && secrets.BUGSPLAT_PASS needs: build runs-on: ubuntu-latest steps: -- cgit v1.2.3 From 5d28e1b7e53f485a50410519faef8edd9c655bbf Mon Sep 17 00:00:00 2001 From: Andrey Lihatskiy Date: Tue, 2 Apr 2024 16:46:53 +0300 Subject: Fix wrong reverts from #958 --- .github/workflows/build.yaml | 50 +++++++++++++++++++++++++++++++------------- 1 file changed, 35 insertions(+), 15 deletions(-) (limited to '.github/workflows/build.yaml') diff --git a/.github/workflows/build.yaml b/.github/workflows/build.yaml index 8a066e7c79..c7a758bd0f 100644 --- a/.github/workflows/build.yaml +++ b/.github/workflows/build.yaml @@ -42,8 +42,6 @@ jobs: DEVELOPER_DIR: ${{ matrix.developer_dir }} # Ensure that Linden viewer builds engage Bugsplat. BUGSPLAT_DB: ${{ matrix.configuration != 'ReleaseOS' && 'SecondLife_Viewer_2018' || '' }} - BUGSPLAT_PASS: ${{ secrets.BUGSPLAT_PASS }} - BUGSPLAT_USER: ${{ secrets.BUGSPLAT_USER }} build_coverity: false build_log_dir: ${{ github.workspace }}/.logs build_viewer: true @@ -262,23 +260,36 @@ jobs: ${{ steps.build.outputs.physicstpv }} sign-and-package-windows: + env: + AZURE_KEY_VAULT_URI: ${{ secrets.AZURE_KEY_VAULT_URI }} + AZURE_CERT_NAME: ${{ secrets.AZURE_CERT_NAME }} + AZURE_CLIENT_ID: ${{ secrets.AZURE_CLIENT_ID }} + AZURE_CLIENT_SECRET: ${{ secrets.AZURE_CLIENT_SECRET }} + AZURE_TENANT_ID: ${{ secrets.AZURE_TENANT_ID }} needs: build runs-on: windows steps: - name: Sign and package Windows viewer + if: env.AZURE_KEY_VAULT_URI && env.AZURE_CERT_NAME && env.AZURE_CLIENT_ID && env.AZURE_CLIENT_SECRET && env.AZURE_TENANT_ID uses: secondlife/viewer-build-util/sign-pkg-windows@v1 with: - vault_uri: "${{ secrets.AZURE_KEY_VAULT_URI }}" - cert_name: "${{ secrets.AZURE_CERT_NAME }}" - client_id: "${{ secrets.AZURE_CLIENT_ID }}" - client_secret: "${{ secrets.AZURE_CLIENT_SECRET }}" - tenant_id: "${{ secrets.AZURE_TENANT_ID }}" + vault_uri: "${{ env.AZURE_KEY_VAULT_URI }}" + cert_name: "${{ env.AZURE_CERT_NAME }}" + client_id: "${{ env.AZURE_CLIENT_ID }}" + client_secret: "${{ env.AZURE_CLIENT_SECRET }}" + tenant_id: "${{ env.AZURE_TENANT_ID }}" sign-and-package-mac: + env: + NOTARIZE_CREDS_MACOS: ${{ secrets.NOTARIZE_CREDS_MACOS }} + SIGNING_CERT_MACOS: ${{ secrets.SIGNING_CERT_MACOS }} + SIGNING_CERT_MACOS_IDENTITY: ${{ secrets.SIGNING_CERT_MACOS_IDENTITY }} + SIGNING_CERT_MACOS_PASSWORD: ${{ secrets.SIGNING_CERT_MACOS_PASSWORD }} needs: build runs-on: macos-latest steps: - name: Unpack Mac notarization credentials + if: env.NOTARIZE_CREDS_MACOS id: note-creds shell: bash run: | @@ -286,7 +297,7 @@ jobs: # USERNAME="..." # PASSWORD="..." # TEAM_ID="..." - eval "${{ secrets.NOTARIZE_CREDS_MACOS }}" + eval "${{ env.NOTARIZE_CREDS_MACOS }}" echo "::add-mask::$USERNAME" echo "::add-mask::$PASSWORD" echo "::add-mask::$TEAM_ID" @@ -298,39 +309,48 @@ jobs: [[ -n "$USERNAME" && -n "$PASSWORD" && -n "$TEAM_ID" ]] - name: Sign and package Mac viewer + if: env.SIGNING_CERT_MACOS && env.SIGNING_CERT_MACOS_IDENTITY && env.SIGNING_CERT_MACOS_PASSWORD && steps.note-creds.outputs.note_user && steps.note-creds.outputs.note_pass && steps.note-creds.outputs.note_team uses: secondlife/viewer-build-util/sign-pkg-mac@v1 with: channel: ${{ needs.build.outputs.viewer_channel }} imagename: ${{ needs.build.outputs.imagename }} - cert_base64: ${{ secrets.SIGNING_CERT_MACOS }} - cert_name: ${{ secrets.SIGNING_CERT_MACOS_IDENTITY }} - cert_pass: ${{ secrets.SIGNING_CERT_MACOS_PASSWORD }} + cert_base64: ${{ env.SIGNING_CERT_MACOS }} + cert_name: ${{ env.SIGNING_CERT_MACOS_IDENTITY }} + cert_pass: ${{ env.SIGNING_CERT_MACOS_PASSWORD }} note_user: ${{ steps.note-creds.outputs.note_user }} note_pass: ${{ steps.note-creds.outputs.note_pass }} note_team: ${{ steps.note-creds.outputs.note_team }} post-windows-symbols: + env: + BUGSPLAT_USER: ${{ secrets.BUGSPLAT_USER }} + BUGSPLAT_PASS: ${{ secrets.BUGSPLAT_PASS }} needs: build runs-on: ubuntu-latest steps: - name: Post Windows symbols + if: env.BUGSPLAT_USER && env.BUGSPLAT_PASS uses: secondlife/viewer-build-util/post-bugsplat-windows@v1 with: - username: ${{ secrets.BUGSPLAT_USER }} - password: ${{ secrets.BUGSPLAT_PASS }} + username: ${{ env.BUGSPLAT_USER }} + password: ${{ env.BUGSPLAT_PASS }} database: "SecondLife_Viewer_2018" channel: ${{ needs.build.outputs.viewer_channel }} version: ${{ needs.build.outputs.viewer_version }} post-mac-symbols: + env: + BUGSPLAT_USER: ${{ secrets.BUGSPLAT_USER }} + BUGSPLAT_PASS: ${{ secrets.BUGSPLAT_PASS }} needs: build runs-on: ubuntu-latest steps: - name: Post Mac symbols + if: env.BUGSPLAT_USER && env.BUGSPLAT_PASS uses: secondlife/viewer-build-util/post-bugsplat-mac@v1 with: - username: ${{ secrets.BUGSPLAT_USER }} - password: ${{ secrets.BUGSPLAT_PASS }} + username: ${{ env.BUGSPLAT_USER }} + password: ${{ env.BUGSPLAT_PASS }} database: "SecondLife_Viewer_2018" channel: ${{ needs.build.outputs.viewer_channel }} version: ${{ needs.build.outputs.viewer_version }} -- cgit v1.2.3 From 6b4b33cc129e9482342c9280ae79c9c5ce427ef1 Mon Sep 17 00:00:00 2001 From: Nicky Dasmijn Date: Mon, 8 Apr 2024 22:39:20 +0200 Subject: Linux GHA builds (#1147) * Linux GHA builds Add Ubuntu 22.04 runner and Linux dependencies Do not even try to touch ReleaseFS for Linux yet (this needs KDU, Havok, FMOD) * Lets play a game of 'guess the havok source url' * Move to linux-large runner. * ReleaseOS used OpenAL, not fmod studio (which otherwise is the default) * - Correction for Linux build dir - HAVOK / CrashReporting wrestling. HAVOK is always turned on, even for OS builds Turn this off for Linux-ReleaseOS Same with crashreporting, we need it off for now * Add missing brace * When doing a GHA build pack right into RUNNER_TEMP and then signal the created archive as our "viewer_app" * Upload Linux-ReleaseOS after build * - Need to use os.path.join and not hyst join - set_github_output_path can be called unconditionally * Remove Linux GHA build example. --- .github/workflows/build.yaml | 24 ++++++++++++++++++++---- 1 file changed, 20 insertions(+), 4 deletions(-) (limited to '.github/workflows/build.yaml') diff --git a/.github/workflows/build.yaml b/.github/workflows/build.yaml index c7a758bd0f..3ac470b5ed 100644 --- a/.github/workflows/build.yaml +++ b/.github/workflows/build.yaml @@ -11,7 +11,7 @@ jobs: build: strategy: matrix: - runner: [windows-large, macos-12-xl] + runner: [windows-large, macos-12-xl, linux-large] configuration: [Release, ReleaseOS] python-version: ["3.11"] include: @@ -20,6 +20,8 @@ jobs: exclude: - runner: macos-12-xl configuration: ReleaseOS + - runner: linux-large + configuration: Release runs-on: ${{ matrix.runner }} outputs: viewer_channel: ${{ steps.build.outputs.viewer_channel }} @@ -95,6 +97,10 @@ jobs: ${{ runner.os }}-64-${{ matrix.configuration }}- ${{ runner.os }}-64- + - name: Install Linux dependencies + if: runner.os == 'linux' + run: sudo apt update && sudo apt install -y libfltk1.3-dev libunwind-dev libgl1-mesa-dev libglu1-mesa-dev libx11-dev libxrandr-dev libxinerama-dev libxcursor-dev libxi-dev libxext-dev libxrender-dev libxfixes-dev libxxf86vm-dev libxss-dev libdbus-1-dev libudev-dev libssl-dev libgstreamer1.0-dev libgstreamer-plugins-base1.0-dev libfreetype6-dev ninja-build libxft-dev + - name: Install windows dependencies if: runner.os == 'Windows' run: choco install nsis-unicode @@ -230,6 +236,16 @@ jobs: path: | ${{ steps.build.outputs.viewer_app }} + # ND: We only have ReleaseOS builds for Linux so far, thus upload what we have + # This steps can be deleted once "Release" is in place and makes "ReleaseOS" obsolete (for upload) + - name: Upload Linux ReleaseOS archive + if: matrix.configuration == 'ReleaseOS' && steps.build.outputs.viewer_app && matrix.os == 'linux' + uses: actions/upload-artifact@v3 + with: + name: "${{ steps.build.outputs.artifact }}-app" + path: | + ${{ steps.build.outputs.viewer_app }} + # The other upload of nontrivial size is the symbol file. Use a distinct # artifact for that too. - name: Upload symbol file @@ -372,7 +388,7 @@ jobs: with: name: Windows-metadata - - name: Rename windows metadata + - name: Rename windows metadata run: | mv autobuild-package.xml Windows-autobuild-package.xml mv newview/viewer_version.txt Windows-viewer_version.txt @@ -381,7 +397,7 @@ jobs: with: name: macOS-metadata - - name: Rename macOS metadata + - name: Rename macOS metadata run: | mv autobuild-package.xml macOS-autobuild-package.xml mv newview/viewer_version.txt macOS-viewer_version.txt @@ -407,7 +423,7 @@ jobs: append_body: true fail_on_unmatched_files: true files: | - *.dmg + *.dmg *.exe *-autobuild-package.xml *-viewer_version.txt -- cgit v1.2.3 From 37392be4171303db08a4842b7882b4cb758a8f8d Mon Sep 17 00:00:00 2001 From: Nicky Dasmijn Date: Tue, 9 Apr 2024 20:26:06 +0200 Subject: Update Linux media handling (#1146) * Enable CEF browser for Linux * Disable the update for Linux, we don't have that one right now * Update build_linux.yaml We need libpulse-dev for volume_catcher Linux * Add linux_volum_catcher* files * Enable OpenAL for Linux-ReleaseOS * Linux: Update OpenAL * Update SDL2 * Add libsndio-dev to the dependencies. * Update CEF to an official LL version * Remove dupe of emoji_shortcodes * Reording autobuild does because it can and wants to * Linux: Disable NDOF for the time being. After updating the ndof 3P needs to be rebuilt and we do not have a fresh one from LL yet. Forcefully undefine LIB_NDOF, it gets defined in the build variables no matter if it is safe to define. * Remove wrestling with mutliarch and LIBGL_DRIVERS_PATH * Remove tcmalloc snippet, tcmalloc is a very faint bad dream of the past * Putting out a warning this viewer ran on a x64 arch and then suggesting to install 32 bit compat packages makes no sense at all * CEF resources need to be in lib * It;'s okay to warn about missing plugins * Linux: CEF keyboard handling * Remove old gstreamer 0.10 implementation * Linux DSO loading always had been very peculiar due to macro magic. At least now it is peculiar shared magic with only one implementation. * Remove -fPIC. We get that one from LL_BUILD * /proc/cpuinfo is not reliable to detrmine the max CPU clock. Try to determine this by reading "/sys/devices/system/cpu/cpu0/cpufreq/cpuinfo_max_freq". Only if this fails go back to /proc/cpuinfo * Cleanup * Cleanup common linker and compiler flags, make it more obvious which flags are for which OS/compiler * Switch to correct plugin file * Install libpulse-dev for volume catcher. * And the runner needs libsndio-dev as well. * check for runner.os=='linux'. matrix.os is the full name of the image (limux-large). --- .github/workflows/build.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to '.github/workflows/build.yaml') diff --git a/.github/workflows/build.yaml b/.github/workflows/build.yaml index 3ac470b5ed..5dce30705c 100644 --- a/.github/workflows/build.yaml +++ b/.github/workflows/build.yaml @@ -99,7 +99,7 @@ jobs: - name: Install Linux dependencies if: runner.os == 'linux' - run: sudo apt update && sudo apt install -y libfltk1.3-dev libunwind-dev libgl1-mesa-dev libglu1-mesa-dev libx11-dev libxrandr-dev libxinerama-dev libxcursor-dev libxi-dev libxext-dev libxrender-dev libxfixes-dev libxxf86vm-dev libxss-dev libdbus-1-dev libudev-dev libssl-dev libgstreamer1.0-dev libgstreamer-plugins-base1.0-dev libfreetype6-dev ninja-build libxft-dev + run: sudo apt update && sudo apt install -y libsndio-dev libpulse-dev libfltk1.3-dev libunwind-dev libgl1-mesa-dev libglu1-mesa-dev libx11-dev libxrandr-dev libxinerama-dev libxcursor-dev libxi-dev libxext-dev libxrender-dev libxfixes-dev libxxf86vm-dev libxss-dev libdbus-1-dev libudev-dev libssl-dev libgstreamer1.0-dev libgstreamer-plugins-base1.0-dev libfreetype6-dev ninja-build libxft-dev - name: Install windows dependencies if: runner.os == 'Windows' @@ -239,7 +239,7 @@ jobs: # ND: We only have ReleaseOS builds for Linux so far, thus upload what we have # This steps can be deleted once "Release" is in place and makes "ReleaseOS" obsolete (for upload) - name: Upload Linux ReleaseOS archive - if: matrix.configuration == 'ReleaseOS' && steps.build.outputs.viewer_app && matrix.os == 'linux' + if: matrix.configuration == 'ReleaseOS' && steps.build.outputs.viewer_app && runner.os == 'linux' uses: actions/upload-artifact@v3 with: name: "${{ steps.build.outputs.artifact }}-app" -- cgit v1.2.3 From 148f80f0779f42c1aa7d2f07c04a63507446662c Mon Sep 17 00:00:00 2001 From: Bennett Goble Date: Wed, 10 Apr 2024 19:54:10 -0700 Subject: Linux: build with clang, link with mold --- .github/workflows/build.yaml | 22 ++++++++++++++++++++-- 1 file changed, 20 insertions(+), 2 deletions(-) (limited to '.github/workflows/build.yaml') diff --git a/.github/workflows/build.yaml b/.github/workflows/build.yaml index 1f5d8ee47a..b5be5bb00c 100644 --- a/.github/workflows/build.yaml +++ b/.github/workflows/build.yaml @@ -98,8 +98,19 @@ jobs: ${{ runner.os }}-64- - name: Install Linux dependencies - if: runner.os == 'linux' - run: sudo apt update && sudo apt install -y libsndio-dev libpulse-dev libfltk1.3-dev libunwind-dev libgl1-mesa-dev libglu1-mesa-dev libx11-dev libxrandr-dev libxinerama-dev libxcursor-dev libxi-dev libxext-dev libxrender-dev libxfixes-dev libxxf86vm-dev libxss-dev libdbus-1-dev libudev-dev libssl-dev libgstreamer1.0-dev libgstreamer-plugins-base1.0-dev libfreetype6-dev ninja-build libxft-dev + if: runner.os == 'Linux' + run: | + sudo apt update + sudo apt install -y \ + libsndio-dev libpulse-dev libfltk1.3-dev \ + libunwind-dev libgl1-mesa-dev libglu1-mesa-dev \ + libx11-dev libxrandr-dev libxinerama-dev \ + libxcursor-dev libxi-dev libxext-dev \ + libxrender-dev libxfixes-dev libxxf86vm-dev \ + libxss-dev libdbus-1-dev libudev-dev \ + libssl-dev libgstreamer1.0-dev libgstreamer-plugins-base1.0-dev \ + libfreetype6-dev ninja-build libxft-dev \ + llvm mold - name: Install windows dependencies if: runner.os == 'Windows' @@ -208,6 +219,13 @@ jobs: fi export PYTHON_COMMAND_NATIVE="$(native_path "$PYTHON_COMMAND")" + # Compile with clang, link with mold on linux. + if [[ "$RUNNER_OS" == "Linux" ]]; then + export CC=clang + export CXX=clang++ + export CMAKE_OPTIONS='-DLINK_WITH_MOLD=ON' + fi + ./build.sh # Each artifact is downloaded as a distinct .zip file. Multiple jobs -- cgit v1.2.3 From 4bd4e08834289f567d453427c565a95b5f75d995 Mon Sep 17 00:00:00 2001 From: Bennett Goble Date: Fri, 12 Apr 2024 07:59:19 -0700 Subject: Fix syntax in build.yaml, merge fallout --- .github/workflows/build.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to '.github/workflows/build.yaml') diff --git a/.github/workflows/build.yaml b/.github/workflows/build.yaml index c61e969a02..7d0496793a 100644 --- a/.github/workflows/build.yaml +++ b/.github/workflows/build.yaml @@ -19,8 +19,8 @@ jobs: exclude: - runner: macos-12-xl configuration: ReleaseOS - - runner: windows-large - configuration: ReleaseOS + - runner: windows-large + configuration: ReleaseOS runs-on: ${{ matrix.runner }} outputs: viewer_channel: ${{ steps.build.outputs.viewer_channel }} -- cgit v1.2.3 From 286ef130349d45b13f613fd11eeb40f5fffdf259 Mon Sep 17 00:00:00 2001 From: Bennett Goble Date: Fri, 12 Apr 2024 08:04:11 -0700 Subject: Fix excludes following merge of build.yaml --- .github/workflows/build.yaml | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) (limited to '.github/workflows/build.yaml') diff --git a/.github/workflows/build.yaml b/.github/workflows/build.yaml index 7d0496793a..e2d84d29af 100644 --- a/.github/workflows/build.yaml +++ b/.github/workflows/build.yaml @@ -17,10 +17,12 @@ jobs: - runner: macos-12-xl developer_dir: "/Applications/Xcode_14.0.1.app/Contents/Developer" exclude: - - runner: macos-12-xl - configuration: ReleaseOS - runner: windows-large configuration: ReleaseOS + - runner: macos-12-xl + configuration: ReleaseOS + - runner: linux-large + configuration: Release runs-on: ${{ matrix.runner }} outputs: viewer_channel: ${{ steps.build.outputs.viewer_channel }} @@ -391,6 +393,10 @@ jobs: - uses: actions/download-artifact@v4 with: pattern: "*-metadata" + + - uses: actions/download-artifact@v4 + with: + pattern: "LinuxOS-app" - name: Rename metadata run: | -- cgit v1.2.3 From 7d2608947ccfa2215fa66d162134bf67bf27b383 Mon Sep 17 00:00:00 2001 From: AiraYumi Date: Tue, 16 Apr 2024 22:20:44 -0400 Subject: Cleanup Install Linux dependencies --- .github/workflows/build.yaml | 12 ++++-------- 1 file changed, 4 insertions(+), 8 deletions(-) (limited to '.github/workflows/build.yaml') diff --git a/.github/workflows/build.yaml b/.github/workflows/build.yaml index e2d84d29af..3f1ff1d8a6 100644 --- a/.github/workflows/build.yaml +++ b/.github/workflows/build.yaml @@ -103,14 +103,10 @@ jobs: run: | sudo apt update sudo apt install -y \ - libsndio-dev libpulse-dev libfltk1.3-dev \ - libunwind-dev libgl1-mesa-dev libglu1-mesa-dev \ - libx11-dev libxrandr-dev libxinerama-dev \ - libxcursor-dev libxi-dev libxext-dev \ - libxrender-dev libxfixes-dev libxxf86vm-dev \ - libxss-dev libdbus-1-dev libudev-dev \ - libssl-dev libgstreamer1.0-dev libgstreamer-plugins-base1.0-dev \ - libfreetype6-dev ninja-build libxft-dev \ + libsndio-dev libpulse-dev libunwind-dev \ + libgl1-mesa-dev libglu1-mesa-dev libxinerama-dev \ + libxcursor-dev libxfixes-dev libgstreamer1.0-dev \ + libgstreamer-plugins-base1.0-dev ninja-build libxft-dev \ llvm mold - name: Install windows dependencies -- cgit v1.2.3 From 2ab17fa3f991a71cdb83d6dba8e345e14f11514c Mon Sep 17 00:00:00 2001 From: Nicky Date: Thu, 18 Apr 2024 17:59:56 +0200 Subject: Update open_libndofdev and openal to latest versions. - With the updated openal the dependency on sndio can be dropped - The updated libndofdev is compiled against the correct version of SDL2 and thus NDOF can be enabled again --- .github/workflows/build.yaml | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) (limited to '.github/workflows/build.yaml') diff --git a/.github/workflows/build.yaml b/.github/workflows/build.yaml index 3f1ff1d8a6..42dc364ed3 100644 --- a/.github/workflows/build.yaml +++ b/.github/workflows/build.yaml @@ -19,10 +19,10 @@ jobs: exclude: - runner: windows-large configuration: ReleaseOS - - runner: macos-12-xl + - runner: macos-12-xl configuration: ReleaseOS - runner: linux-large - configuration: Release + configuration: Release runs-on: ${{ matrix.runner }} outputs: viewer_channel: ${{ steps.build.outputs.viewer_channel }} @@ -103,7 +103,7 @@ jobs: run: | sudo apt update sudo apt install -y \ - libsndio-dev libpulse-dev libunwind-dev \ + libpulse-dev libunwind-dev \ libgl1-mesa-dev libglu1-mesa-dev libxinerama-dev \ libxcursor-dev libxfixes-dev libgstreamer1.0-dev \ libgstreamer-plugins-base1.0-dev ninja-build libxft-dev \ @@ -221,7 +221,7 @@ jobs: export CC=clang export CXX=clang++ export CMAKE_OPTIONS='-DLINK_WITH_MOLD=ON' - fi + fi ./build.sh @@ -393,7 +393,7 @@ jobs: - uses: actions/download-artifact@v4 with: pattern: "LinuxOS-app" - + - name: Rename metadata run: | cp Windows-metadata/autobuild-package.xml Windows-autobuild-package.xml @@ -422,7 +422,7 @@ jobs: append_body: true fail_on_unmatched_files: true files: | - macOS-installer/*.dmg + macOS-installer/*.dmg Windows-installer/*.exe *-autobuild-package.xml *-viewer_version.txt -- cgit v1.2.3