name: Build on: workflow_dispatch: inputs: release_run: type: boolean description: Do a release of this build default: false pull_request: push: branches: ["main", "release/*", "project/*"] tags: ["Second_Life*"] jobs: # The whole point of the setvar job is that we want to set a variable once # that will be consumed by multiple subsequent jobs. We tried setting it in # the global env, but a job.env can't directly reference the global env # context. setvar: runs-on: ubuntu-latest outputs: release_run: ${{ steps.setvar.outputs.release_run }} branch: ${{ steps.which-branch.outputs.branch }} relnotes: ${{ steps.which-branch.outputs.relnotes }} env: # Build with a tag like "Second_Life#abcdef0" to generate a release page # (used for builds we are planning to deploy). # Even though inputs.release_run is specified with type boolean, which # correctly presents a checkbox, its *value* is a GH workflow string # 'true' or 'false'. If you simply test github.event.inputs.release_run, # it always evaluates as true because it's a non-empty string either way. # When you want to use a string variable as a workflow YAML boolean, it's # important to ensure it's the empty string when false. If you omit || '', # its value when false is "false", which (again) is interpreted as true. RELEASE_RUN: ${{ (github.event.inputs.release_run != 'false' || (github.ref_type == 'tag' && startsWith(github.ref_name, 'Second_Life'))) && 'Y' || '' }} steps: - name: Set Variable id: setvar shell: bash run: | echo "release_run=$RELEASE_RUN" >> "$GITHUB_OUTPUT" - name: Determine source branch id: which-branch uses: secondlife/viewer-build-util/which-branch@v2 with: token: ${{ github.token }} build: needs: setvar strategy: matrix: runner: [windows-large, macos-12-xl] configuration: [Release] Linden: [true] include: - runner: macos-12-xl developer_dir: "/Applications/Xcode_14.0.1.app/Contents/Developer" - runner: windows-large configuration: ReleaseOS Linden: false runs-on: ${{ matrix.runner }} outputs: viewer_channel: ${{ steps.build.outputs.viewer_channel }} viewer_version: ${{ steps.build.outputs.viewer_version }} imagename: ${{ steps.build.outputs.imagename }} env: AUTOBUILD_ADDRSIZE: 64 AUTOBUILD_BUILD_ID: ${{ github.run_id }} AUTOBUILD_CONFIGURATION: ${{ matrix.configuration }} # authorizes fetching private constituent packages AUTOBUILD_GITHUB_TOKEN: ${{ secrets.SHARED_AUTOBUILD_GITHUB_TOKEN }} AUTOBUILD_INSTALLABLE_CACHE: ${{ github.workspace }}/.autobuild-installables AUTOBUILD_VARIABLES_FILE: ${{ github.workspace }}/.build-variables/variables # Direct autobuild to store vcs_url, vcs_branch and vcs_revision in # autobuild-package.xml. AUTOBUILD_VCS_INFO: "true" AUTOBUILD_VSVER: "170" DEVELOPER_DIR: ${{ matrix.developer_dir }} # Ensure that Linden viewer builds engage Bugsplat. BUGSPLAT_DB: ${{ matrix.Linden && 'SecondLife_Viewer_2018' || '' }} # Run BUILD steps for Release configuration. # Run BUILD steps for ReleaseOS configuration only for release runs. BUILD: ${{ (matrix.Linden || needs.setvar.outputs.release_run) && 'Y' || '' }} build_coverity: false build_log_dir: ${{ github.workspace }}/.logs build_viewer: true BUILDSCRIPTS_SHARED: ${{ github.workspace }}/.shared # extracted and committed to viewer repo BUILDSCRIPTS_SUPPORT_FUNCTIONS: ${{ github.workspace }}/buildscripts_support_functions GIT_REF: ${{ github.head_ref || github.ref }} LL_SKIP_REQUIRE_SYSROOT: 1 # Setting this variable directs Linden's TUT test driver code to capture # test-program log output at the specified level, but to display it only if # the individual test fails. LOGFAIL: DEBUG master_message_template_checkout: ${{ github.workspace }}/.master-message-template # Only set variants to the one configuration: don't let build.sh loop # over variants, let GitHub distribute variants over multiple hosts. variants: ${{ matrix.configuration }} steps: - name: Checkout code if: env.BUILD uses: actions/checkout@v4 with: ref: ${{ github.event.pull_request.head.sha || github.sha }} - name: Setup python if: env.BUILD uses: actions/setup-python@v5 with: python-version: "3.11" - name: Checkout build variables if: env.BUILD uses: actions/checkout@v4 with: repository: secondlife/build-variables ref: master path: .build-variables - name: Checkout master-message-template if: env.BUILD uses: actions/checkout@v4 with: repository: secondlife/master-message-template path: .master-message-template - name: Install autobuild and python dependencies if: env.BUILD run: pip3 install autobuild llsd - name: Cache autobuild packages id: cache-installables if: env.BUILD uses: actions/cache@v4 with: path: .autobuild-installables key: ${{ runner.os }}-64-${{ matrix.configuration }}-${{ hashFiles('autobuild.xml') }} restore-keys: | ${{ runner.os }}-64-${{ matrix.configuration }}- ${{ runner.os }}-64- - name: Install windows dependencies if: env.BUILD && runner.os == 'Windows' run: choco install nsis-unicode - name: Build id: build if: env.BUILD shell: bash env: AUTOBUILD_VCS_BRANCH: ${{ needs.setvar.outputs.branch }} RUNNER_OS: ${{ runner.os }} run: | # set up things the viewer's build.sh script expects set -x mkdir -p "$build_log_dir" mkdir -p "$BUILDSCRIPTS_SHARED/packages/lib/python" source "$BUILDSCRIPTS_SUPPORT_FUNCTIONS" if [[ "$OSTYPE" =~ cygwin|msys ]] then native_path() { cygpath --windows "$1"; } shell_path() { cygpath --unix "$1"; } else native_path() { echo "$1"; } shell_path() { echo "$1"; } fi finalize() { case "$1" in true|0) record_success "Build Succeeded" ;; *) record_failure "Build Failed with $1" ;; esac } initialize_build() { echo "initialize_build" } initialize_version() { export revision="$AUTOBUILD_BUILD_ID" } python_cmd() { if [[ "x${1:0:1}" == "x-" ]] # -m, -c, etc. then # if $1 is a switch, don't try to twiddle paths "$(shell_path "$PYTHON_COMMAND")" "$@" elif [[ "$(basename "$1")" == "codeticket.py" ]] then # ignore any attempt to contact codeticket echo "## $@" else # running a script at an explicit path: fix path for Python local script="$1" shift "$(shell_path "$PYTHON_COMMAND")" "$(native_path "$script")" "$@" fi } repo_branch() { echo "$AUTOBUILD_VCS_BRANCH" } record_dependencies_graph() { echo "TODO: generate and post dependency graph" } # Since we're not uploading to codeticket, DO NOT sleep for minutes. sleep() { echo "Not sleeping for $1 seconds" } export -f native_path shell_path finalize initialize_build initialize_version export -f python_cmd repo_branch record_dependencies_graph sleep ## Useful for diagnosing Windows LLProcess/LLLeap test failures ##export APR_LOG="${RUNNER_TEMP}/apr.log" export arch=$(uname | cut -b-6) # Surprise! GH Windows runner's MINGW6 is a $arch value we've never # seen before, so numerous tests don't know about it. [[ "$arch" == "MINGW6" ]] && arch=CYGWIN export AUTOBUILD="$(which autobuild)" # determine the viewer channel from the branch name branch=$AUTOBUILD_VCS_BRANCH IFS='/' read -ra ba <<< "$branch" prefix=${ba[0]} if [ "$prefix" == "project" ]; then IFS='_' read -ra prj <<< "${ba[1]}" # uppercase first letter of each word export viewer_channel="Second Life Project ${prj[*]^}" elif [[ "$prefix" == "release" || "$prefix" == "main" ]]; then export viewer_channel="Second Life Release" else export viewer_channel="Second Life Test" fi echo "viewer_channel=$viewer_channel" >> "$GITHUB_OUTPUT" # On windows we need to point the build to the correct python # as neither CMake's FindPython nor our custom Python.cmake module # will resolve the correct interpreter location. if [[ "$RUNNER_OS" == "Windows" ]]; then export PYTHON="$(native_path "$(which python)")" echo "Python location: $PYTHON" export PYTHON_COMMAND="$PYTHON" else export PYTHON_COMMAND="python3" fi export PYTHON_COMMAND_NATIVE="$(native_path "$PYTHON_COMMAND")" ./build.sh # Each artifact is downloaded as a distinct .zip file. Multiple jobs # (per the matrix above) writing the same filepath to the same # artifact name will *overwrite* that file. Moreover, they can # interfere with each other, causing the upload to fail. # https://github.com/actions/upload-artifact#uploading-to-the-same-artifact # Given the size of our installers, and the fact that we typically # only want to download just one instead of a single zip containing # several, generate a distinct artifact name for each installer. # If the matrix above can run multiple builds on the same # platform, we must disambiguate on more than the platform name. # e.g. if we were still running Windows 32-bit builds, we'd need to # qualify the artifact with bit width. if [[ "$AUTOBUILD_CONFIGURATION" == "ReleaseOS" ]] then cfg_suffix='OS' else cfg_suffix='' fi echo "artifact=$RUNNER_OS$cfg_suffix" >> $GITHUB_OUTPUT - name: Upload executable if: matrix.Linden && steps.build.outputs.viewer_app uses: actions/upload-artifact@v4 with: name: "${{ steps.build.outputs.artifact }}-app" path: | ${{ steps.build.outputs.viewer_app }} # The other upload of nontrivial size is the symbol file. Use a distinct # artifact for that too. - name: Upload symbol file if: matrix.Linden uses: actions/upload-artifact@v4 with: name: "${{ steps.build.outputs.artifact }}-symbols" path: | ${{ steps.build.outputs.symbolfile }} - name: Upload metadata if: matrix.Linden uses: actions/upload-artifact@v4 with: name: "${{ steps.build.outputs.artifact }}-metadata" # emitted by build.sh, possibly multiple lines path: | ${{ steps.build.outputs.metadata }} - name: Upload physics package uses: actions/upload-artifact@v4 # should only be set for viewer-private if: matrix.Linden && steps.build.outputs.physicstpv with: name: "${{ steps.build.outputs.artifact }}-physics" # emitted by build.sh, zero or one lines path: | ${{ steps.build.outputs.physicstpv }} sign-and-package-windows: env: AZURE_KEY_VAULT_URI: ${{ secrets.AZURE_KEY_VAULT_URI }} AZURE_CERT_NAME: ${{ secrets.AZURE_CERT_NAME }} AZURE_CLIENT_ID: ${{ secrets.AZURE_CLIENT_ID }} AZURE_CLIENT_SECRET: ${{ secrets.AZURE_CLIENT_SECRET }} AZURE_TENANT_ID: ${{ secrets.AZURE_TENANT_ID }} needs: build runs-on: windows steps: - name: Sign and package Windows viewer if: env.AZURE_KEY_VAULT_URI && env.AZURE_CERT_NAME && env.AZURE_CLIENT_ID && env.AZURE_CLIENT_SECRET && env.AZURE_TENANT_ID uses: secondlife/viewer-build-util/sign-pkg-windows@v2 with: vault_uri: "${{ env.AZURE_KEY_VAULT_URI }}" cert_name: "${{ env.AZURE_CERT_NAME }}" client_id: "${{ env.AZURE_CLIENT_ID }}" client_secret: "${{ env.AZURE_CLIENT_SECRET }}" tenant_id: "${{ env.AZURE_TENANT_ID }}" sign-and-package-mac: env: NOTARIZE_CREDS_MACOS: ${{ secrets.NOTARIZE_CREDS_MACOS }} SIGNING_CERT_MACOS: ${{ secrets.SIGNING_CERT_MACOS }} SIGNING_CERT_MACOS_IDENTITY: ${{ secrets.SIGNING_CERT_MACOS_IDENTITY }} SIGNING_CERT_MACOS_PASSWORD: ${{ secrets.SIGNING_CERT_MACOS_PASSWORD }} needs: build runs-on: macos-latest steps: - name: Unpack Mac notarization credentials if: env.NOTARIZE_CREDS_MACOS id: note-creds shell: bash run: | # In NOTARIZE_CREDS_MACOS we expect to find: # USERNAME="..." # PASSWORD="..." # TEAM_ID="..." eval "${{ env.NOTARIZE_CREDS_MACOS }}" echo "::add-mask::$USERNAME" echo "::add-mask::$PASSWORD" echo "::add-mask::$TEAM_ID" echo "note_user=$USERNAME" >> "$GITHUB_OUTPUT" echo "note_pass=$PASSWORD" >> "$GITHUB_OUTPUT" echo "note_team=$TEAM_ID" >> "$GITHUB_OUTPUT" # If we didn't manage to retrieve all of these credentials, better # find out sooner than later. [[ -n "$USERNAME" && -n "$PASSWORD" && -n "$TEAM_ID" ]] - name: Sign and package Mac viewer if: env.SIGNING_CERT_MACOS && env.SIGNING_CERT_MACOS_IDENTITY && env.SIGNING_CERT_MACOS_PASSWORD && steps.note-creds.outputs.note_user && steps.note-creds.outputs.note_pass && steps.note-creds.outputs.note_team uses: secondlife/viewer-build-util/sign-pkg-mac@v2 with: channel: ${{ needs.build.outputs.viewer_channel }} imagename: ${{ needs.build.outputs.imagename }} cert_base64: ${{ env.SIGNING_CERT_MACOS }} cert_name: ${{ env.SIGNING_CERT_MACOS_IDENTITY }} cert_pass: ${{ env.SIGNING_CERT_MACOS_PASSWORD }} note_user: ${{ steps.note-creds.outputs.note_user }} note_pass: ${{ steps.note-creds.outputs.note_pass }} note_team: ${{ steps.note-creds.outputs.note_team }} post-windows-symbols: env: BUGSPLAT_USER: ${{ secrets.BUGSPLAT_USER }} BUGSPLAT_PASS: ${{ secrets.BUGSPLAT_PASS }} needs: build runs-on: ubuntu-latest steps: - name: Post Windows symbols if: env.BUGSPLAT_USER && env.BUGSPLAT_PASS uses: secondlife/viewer-build-util/post-bugsplat-windows@v2 with: username: ${{ env.BUGSPLAT_USER }} password: ${{ env.BUGSPLAT_PASS }} database: "SecondLife_Viewer_2018" channel: ${{ needs.build.outputs.viewer_channel }} version: ${{ needs.build.outputs.viewer_version }} post-mac-symbols: env: BUGSPLAT_USER: ${{ secrets.BUGSPLAT_USER }} BUGSPLAT_PASS: ${{ secrets.BUGSPLAT_PASS }} needs: build runs-on: ubuntu-latest steps: - name: Post Mac symbols if: env.BUGSPLAT_USER && env.BUGSPLAT_PASS uses: secondlife/viewer-build-util/post-bugsplat-mac@v2 with: username: ${{ env.BUGSPLAT_USER }} password: ${{ env.BUGSPLAT_PASS }} database: "SecondLife_Viewer_2018" channel: ${{ needs.build.outputs.viewer_channel }} version: ${{ needs.build.outputs.viewer_version }} release: needs: [setvar, build, sign-and-package-windows, sign-and-package-mac] runs-on: ubuntu-latest # action-gh-release requires a tag (presumably for automatic generation of # release notes). Possible TODO: if we arrive here but do not have a # suitable tag for github.sha, create one? If we do that, of course remove # this == 'tag' condition. if: needs.setvar.outputs.release_run && github.ref_type == 'tag' steps: - uses: actions/download-artifact@v4 with: pattern: "*-installer" - uses: actions/download-artifact@v4 with: pattern: "*-metadata" - name: Rename metadata run: | cp Windows-metadata/autobuild-package.xml Windows-autobuild-package.xml cp Windows-metadata/newview/viewer_version.txt Windows-viewer_version.txt cp macOS-metadata/autobuild-package.xml macOS-autobuild-package.xml cp macOS-metadata/newview/viewer_version.txt macOS-viewer_version.txt # forked from softprops/action-gh-release - name: Create GitHub release id: release uses: secondlife-3p/action-gh-release@v1 with: # name the release page for the branch name: "${{ needs.build.outputs.viewer_branch }}" # SL-20546: want the channel and version to be visible on the # release page body: | Build ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }} ${{ needs.build.outputs.viewer_channel }} ${{ needs.build.outputs.viewer_version }} ${{ needs.setvar.outputs.relnotes }} prerelease: true generate_release_notes: true target_commitish: ${{ github.sha }} previous_tag: release append_body: true fail_on_unmatched_files: true files: | macOS-installer/*.dmg Windows-installer/*.exe *-autobuild-package.xml *-viewer_version.txt - name: post release URL run: | echo "::notice::Release ${{ steps.release.outputs.url }}"