# Copyright (C) 2021-2024 Saturneric # # This file is part of GpgFrontend. # # GpgFrontend is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # GpgFrontend is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with GpgFrontend. If not, see . # # The initial version of the source code is inherited from # the gpg4usb project, which is under GPL-3.0-or-later. # # All the source code of GpgFrontend was modified and released by # Saturneric starting on May 12, 2021. # # SPDX-License-Identifier: GPL-3.0-or-later name: Build Release on: push: branches: [main] paths-ignore: - "resource/lfs/locale/**" - "**.md" pull_request: branches: [main] paths-ignore: - "resource/lfs/locale/**" - "**.md" env: BUILD_TYPE: Release GNUPG_VERSION: "2.4.7" jobs: build: strategy: matrix: os: ["ubuntu-22.04", "macos-13", "macos-14", "macos-15", "windows-2019"] runs-on: ${{ matrix.os }} continue-on-error: true steps: - name: Set git to use LF(Windows) or CRLF(MacOS) line endings run: | git config --global core.autocrlf false git config --global core.eol lf if: runner.os == 'Windows' || runner.os == 'macOS' - uses: actions/checkout@v4 with: lfs: "false" submodules: recursive - name: Get Short SHA of Commit id: vars run: echo "sha_short=$(git rev-parse --short HEAD)" >> $GITHUB_ENV - name: Install Dependence (Linux) run: | sudo apt-get update sudo apt-get -y install build-essential binutils git autoconf automake gettext texinfo sudo apt-get -y install gcc g++ ninja-build sudo apt-get -y install libarchive-dev libssl-dev sudo apt-get -y install gpgsm libxcb-xinerama0 libxcb-icccm4-dev libcups2-dev libdrm-dev libegl1-mesa-dev sudo apt-get -y install libfuse2 libgcrypt20-dev libnss3-dev libpci-dev libpulse-dev libudev-dev libxtst-dev sudo apt-get -y install libglu1-mesa-dev libfontconfig1-dev libx11-xcb-dev libxcb-image0 gyp sudo apt-get -y install libglu1-mesa-dev libfontconfig1-dev libx11-xcb-dev libxcb-* libxkbcommon-x11-0 if: runner.os == 'Linux' - name: Codesign Configuration (macOS) run: | CERTIFICATE_PATH=$RUNNER_TEMP/build_certificate.p12 PP_PATH=$RUNNER_TEMP/${{secrets.GPGFRONTEND_XOCDE_PROVISIONING_PROFILE_UUID}}.provisionprofile KEYCHAIN_PATH=$RUNNER_TEMP/app-signing.keychain-db echo -n "${{secrets.MACOS_CERTIFICATE}}" | base64 --decode -o $CERTIFICATE_PATH echo -n "${{secrets.GPGFRONTEND_XOCDE_PROVISIONING_PROFILE_DATA}}" | base64 --decode -o $PP_PATH security create-keychain -p gpgfrontend build.keychain security default-keychain -s build.keychain security unlock-keychain -p gpgfrontend build.keychain security import $CERTIFICATE_PATH -k build.keychain -P ${{secrets.MAOS_CERTIFICATE_PWD}} -T /usr/bin/codesign security set-key-partition-list -S apple-tool:,apple:,codesign: -s -k gpgfrontend build.keychain security set-keychain-settings -lut 3600 mkdir -p ~/Library/MobileDevice/Provisioning\ Profiles cp $PP_PATH ~/Library/MobileDevice/Provisioning\ Profiles if: runner.os == 'macOS' - name: Install Qt6 uses: jurplel/install-qt-action@v3 with: version: "6.7.2" cache: "true" if: runner.os == 'Linux' || runner.os == 'macOS' - name: Install Dependence (macOS) run: | brew install cmake autoconf automake texinfo gettext openssl@3 brew install ninja libarchive gpgme googletest brew install create-dmg brew link openssl@3 --force if: runner.os == 'macOS' - name: Set up MinGW (Windows) uses: msys2/setup-msys2@v2 with: update: true release: false cache: true install: >- git msys2-devel base-devel binutils zip unzip libintl msys2-runtime-devel mingw-w64-x86_64-toolchain mingw-w64-x86_64-gcc mingw-w64-x86_64-make mingw-w64-x86_64-cmake mingw-w64-x86_64-qt6 mingw-w64-x86_64-icu mingw-w64-x86_64-ninja mingw-w64-x86_64-gnupg mingw-w64-x86_64-gpgme mingw-w64-x86_64-libarchive mingw-w64-x86_64-gtest mingw-w64-x86_64-autotools if: runner.os == 'Windows' - name: Build gpg-error (Linux) run: | git clone --depth 1 --branch libgpg-error-1.51 git://git.gnupg.org/libgpg-error.git ${{github.workspace}}/third_party/libgpg-error cd ${{github.workspace}}/third_party/libgpg-error ./autogen.sh ./configure --enable-maintainer-mode && make -j4 sudo make install cd ${{github.workspace}} if: runner.os == 'Linux' - name: Build assuan (Linux) run: | git clone --depth 1 --branch libassuan-2.5.7 git://git.gnupg.org/libassuan.git ${{github.workspace}}/third_party/libassuan cd ${{github.workspace}}/third_party/libassuan ./autogen.sh ./configure --enable-maintainer-mode && make -j4 sudo make install cd ${{github.workspace}} if: runner.os == 'Linux' - name: Build GpgME (Linux) run: | git clone --depth 1 --branch gpgme-1.24.2 git://git.gnupg.org/gpgme.git ${{github.workspace}}/third_party/gpgme cd ${{github.workspace}}/third_party/gpgme ./autogen.sh ./configure --enable-maintainer-mode --enable-languages=cpp && make -j4 sudo make install cd ${{github.workspace}} if: runner.os == 'Linux' - name: Build googletest (Linux) run: | git clone --depth 1 --branch v1.15.2 https://github.com/google/googletest.git ${{github.workspace}}/third_party/googletest cd ${{github.workspace}}/third_party/googletest mkdir build && cd build cmake -G Ninja -DBUILD_SHARED_LIBS=ON .. ninja sudo ninja install if: runner.os == 'Linux' - name: Build & Install Full SDK run: | cmake -B ${{github.workspace}}/build-full-sdk -G Ninja -DCMAKE_BUILD_TYPE=${{env.BUILD_TYPE}} -DGPGFRONTEND_BUILD_TYPE_FULL_SDK=ON cmake --build ${{github.workspace}}/build-full-sdk --config {{$env.BUILD_TYPE}} -- -v sudo cmake --install ${{github.workspace}}/build-full-sdk --config {{$env.BUILD_TYPE}} if: runner.os == 'Linux' || runner.os == 'macOS' - name: Build & Install Full SDK (Windows) shell: msys2 {0} run: | cd $(cygpath -u "${{github.workspace}}") mkdir build-full-sdk && cd build-full-sdk cmake -G Ninja -DCMAKE_BUILD_TYPE=${{env.BUILD_TYPE}} -DGPGFRONTEND_BUILD_TYPE_FULL_SDK=ON -DCMAKE_INSTALL_PREFIX=$MSYSTEM_PREFIX .. cmake --build . --config ${{env.BUILD_TYPE}} -- -j 4 cmake --install . --config {{$env.BUILD_TYPE}} if: runner.os == 'Windows' - name: Build Integrated Modules run: | cmake -S ${{github.workspace}}/modules -B ${{github.workspace}}/modules/build -G Ninja -DCMAKE_BUILD_TYPE=${{env.BUILD_TYPE}} -DCMAKE_INSTALL_PREFIX=${{github.workspace}}/modules/build/artifacts cmake --build ${{github.workspace}}/modules/build --config {{$env.BUILD_TYPE}} -- -v cmake --install ${{github.workspace}}/modules/build --config {{$env.BUILD_TYPE}} if: runner.os == 'Linux' || runner.os == 'macOS' - name: Build Integrated Modules (Windows) shell: msys2 {0} run: | cd $(cygpath -u "${{github.workspace}}") cd modules mkdir build && cd build cmake -G Ninja -DCMAKE_BUILD_TYPE=${{env.BUILD_TYPE}} -DGPGFRONTEND_BUILD_TYPE_STABLE=ON -DCMAKE_INSTALL_PREFIX=./artifacts .. cmake --build . --config ${{env.BUILD_TYPE}} -- -j 4 cmake --install . --config {{$env.BUILD_TYPE}} if: runner.os == 'Windows' - name: Build & Export GpgFrontend (macOS) # Build your GpgFrontend with the given configuration run: | cmake -B ${{github.workspace}}/build -G Xcode \ -DGPGFRONTEND_CONFIGURE_FOR_XCODE_BUILD=On \ -DCMAKE_BUILD_TYPE=${{env.BUILD_TYPE}} \ -DGPGFRONTEND_XOCDE_CODE_SIGN_IDENTITY="${{secrets.GPGFRONTEND_XOCDE_CODE_SIGN_IDENTITY}}" \ -DGPGFRONTEND_XCODE_TEAM_ID="${{secrets.GPGFRONTEND_XCODE_TEAM_ID}}" \ -DGPGFRONTEND_XOCDE_APPID="${{secrets.GPGFRONTEND_XOCDE_APPID}}" \ -DGPGFRONTEND_XOCDE_PROVISIONING_PROFILE_UUID="${{secrets.GPGFRONTEND_XOCDE_PROVISIONING_PROFILE_UUID}}" xcodebuild -list -project ${{github.workspace}}/build/GpgFrontend.xcodeproj cd ${{github.workspace}}/build/ xcodebuild -scheme GpgFrontend -configuration "${{env.BUILD_TYPE}}"\ -archivePath ${{github.workspace}}/build/GpgFrontend.xcarchive archive mkdir ${{github.workspace}}/build/package xcodebuild -exportArchive -archivePath ${{github.workspace}}/build/GpgFrontend.xcarchive \ -exportOptionsPlist ${{github.workspace}}/build/ExportOptions.plist \ -exportPath ${{github.workspace}}/build/package/ if: runner.os == 'macOS' - name: Copy Modules into Bundle & Deploy Qt & Code Sign (macOS) run: | codesign -s "${{secrets.GPGFRONTEND_XOCDE_CODE_SIGN_IDENTITY}}" -f --deep --options=runtime --timestamp ${{github.workspace}}/modules/build/artifacts/modules/* cmake -E copy_directory ${{github.workspace}}/modules/build/artifacts/modules ${{github.workspace}}/build/package/GpgFrontend.app/Contents/Modules macdeployqt ${{github.workspace}}/build/package/GpgFrontend.app -verbose=2 -appstore-compliant -always-overwrite codesign -s "${{secrets.GPGFRONTEND_XOCDE_CODE_SIGN_IDENTITY}}" -f --deep --options=runtime --timestamp ${{github.workspace}}/build/package/GpgFrontend.app if: runner.os == 'macOS' - name: Package & Sign App Bundle (macOS) run: | security -v unlock-keychain -p gpgfrontend ditto -c -k --keepParent ${{github.workspace}}/build/package/GpgFrontend.app ${{github.workspace}}/build/GpgFrontend.app.zip hdiutil create ${{github.workspace}}/build/tmp.dmg -ov \ -volname "GpgFrontend" -fs HFS+ -srcfolder ${{github.workspace}}/build/package/ mkdir ${{github.workspace}}/build/upload-artifact create-dmg --codesign "${{secrets.GPGFRONTEND_XOCDE_CODE_SIGN_IDENTITY}}" --volicon "${{github.workspace}}/resource/lfs/icns/GpgFrontend.icns" --volname GpgFrontend --app-drop-link 600 185 --window-size 800 400 ${{github.workspace}}/build/upload-artifact/GpgFrontend.dmg ${{github.workspace}}/build/package/GpgFrontend.app mv ${{github.workspace}}/build/upload-artifact/GpgFrontend.dmg \ ${{github.workspace}}/build/upload-artifact/GpgFrontend-${{matrix.os}}-${{env.sha_short}}-x86_64.dmg mv ${{github.workspace}}/build/GpgFrontend.app.zip \ ${{github.workspace}}/build/GpgFrontend-${{matrix.os}}-${{env.sha_short}}-x86_64.zip if: runner.os == 'macOS' - name: Notarize Release Build (macOS) run: | xcrun notarytool submit \ --apple-id ${{secrets.APPLE_DEVELOPER_ID}} \ --team-id ${{secrets.APPLE_DEVELOPER_TEAM_ID}} \ --password ${{secrets.APPLE_DEVELOPER_ID_SECRET}} \ ${{github.workspace}}/build/GpgFrontend-${{matrix.os}}-${{env.sha_short}}-x86_64.zip echo "BUILD_TYPE_LOWER=$(echo ${BUILD_TYPE} | tr '[:upper:]' '[:lower:]')" >> ${GITHUB_ENV} echo "SHORT_SHA=`echo ${GITHUB_SHA} | cut -c1-8`" >> ${GITHUB_ENV} if: runner.os == 'macOS' - name: Build GpgFrontend (Linux) # Build your GpgFrontend with the given configuration run: | cmake -B ${{github.workspace}}/build -G Ninja -DCMAKE_BUILD_TYPE=${{env.BUILD_TYPE}} -DDGPGFRONTEND_BUILD_TYPE_ONLY_APPLICATION=ON cmake --build ${{github.workspace}}/build --config {{$env.BUILD_TYPE}} -- -v if: runner.os == 'Linux' - name: Copy Modules & Package App Image (Linux) run: | cmake -E copy_directory ${{github.workspace}}/modules/build/artifacts/modules ${{github.workspace}}/build/artifacts/AppDir/usr/modules mkdir ${{github.workspace}}/build/upload-artifact cd ${{github.workspace}}/build/upload-artifact wget -c -nv https://github.com/probonopd/linuxdeployqt/releases/download/continuous/linuxdeployqt-continuous-x86_64.AppImage chmod u+x linuxdeployqt-continuous-x86_64.AppImage export LD_LIBRARY_PATH=$LD_LIBRARY_PATH:/usr/local/lib ./linuxdeployqt-continuous-x86_64.AppImage ${{github.workspace}}/build/artifacts/AppDir/usr/share/applications/*.desktop -no-translations -extra-plugins=iconengines -appimage -executable-dir=${{github.workspace}}/build/artifacts/AppDir/usr/modules/ echo "BUILD_TYPE_LOWER=${BUILD_TYPE,,}" >> ${GITHUB_ENV} echo "SHORT_SHA=`echo ${GITHUB_SHA} | cut -c1-8`" >> ${GITHUB_ENV} if: runner.os == 'Linux' - name: Configure CMake & Build Application (Windows) shell: msys2 {0} run: | cd $(cygpath -u "${{github.workspace}}") mkdir build && cd build cmake -G Ninja -DCMAKE_BUILD_TYPE=${{env.BUILD_TYPE}} -DGPGFRONTEND_BUILD_TYPE_ONLY_APPLICATION=ON .. cmake --build . --config ${{env.BUILD_TYPE}} -- -j 4 if: runner.os == 'Windows' - name: Generate Env Vars (Windows) run: | echo "SHORT_SHA=$("${{ github.sha }}".SubString(0, 8))" >> $env:GITHUB_ENV echo "BUILD_TYPE_LOWER=$("${{env.BUILD_TYPE}}".ToLower())" >> $env:GITHUB_ENV if: runner.os == 'Windows' - name: Download GnuPG Binary Release (Windows) shell: msys2 {0} run: | export URL="https://ftp.bktus.com/GnuPG/${{env.GNUPG_VERSION}}" export FILE="gnupg.zip" export CHECKSUM_FILE="SHA256SUMS.txt" cd $(cygpath -u "${{github.workspace}}") mkdir -p build/downloads curl -o build/downloads/$FILE $URL/$FILE curl -o build/downloads/$CHECKSUM_FILE $URL/$CHECKSUM_FILE CHECKSUM=$(grep "$FILE" build/downloads/$CHECKSUM_FILE | awk '{print $1}') ACTUAL_CHECKSUM=$(sha256sum build/downloads/$FILE | awk '{print $1}') echo "Expected Checksum: $CHECKSUM" echo "Actual Checksum: $ACTUAL_CHECKSUM" if [ "$CHECKSUM" != "$ACTUAL_CHECKSUM" ]; then echo "Checksum verification failed!" >&2 exit 1 fi mkdir -p build/artifacts unzip build/downloads/$FILE -d build/artifacts/ ls -l build/artifacts/ if: runner.os == 'Windows' - name: Copy Modules & Package (Windows) shell: msys2 {0} run: | cd $(cygpath -u "${{github.workspace}}") cp PrivacyPolicy.md build/artifacts/ cp README.md build/artifacts/ cp SECURITY.md build/artifacts/ cp TRANSLATORS build/artifacts/ cp COPYING build/artifacts/ cp gpgfrontend.ico build/artifacts/bin/ touch build/artifacts/bin/PORTABLE.txt mkdir -p build/artifacts/modules cp -r modules/build/artifacts/bin/* build/artifacts/modules cd build windeployqt-qt6 --no-translations --force ./artifacts/bin/libgpgfrontend_core.dll windeployqt-qt6 --no-translations --force ./artifacts/bin/libgpgfrontend_ui.dll windeployqt-qt6 --no-translations --force ./artifacts/bin/GpgFrontend.exe mkdir upload-artifact cd artifacts zip -r ../upload-artifact/GpgFrontend-${{env.SHORT_SHA}}-x86_64.zip * if: runner.os == 'Windows' - name: Upload Artifact (Linux) uses: actions/upload-artifact@master with: name: gpgfrontend-${{matrix.os}}-${{env.BUILD_TYPE_LOWER}}-${{env.SHORT_SHA}} path: ${{github.workspace}}/build/upload-artifact/Gpg_Frontend*.AppImage* if: runner.os == 'Linux' - name: Upload Artifact (macOS) uses: actions/upload-artifact@master with: name: gpgfrontend-${{matrix.os}}-${{env.BUILD_TYPE_LOWER}}-${{env.SHORT_SHA}} path: ${{github.workspace}}/build/upload-artifact/* if: runner.os == 'macOS' - name: Upload Artifact (Windows) uses: actions/upload-artifact@master with: name: gpgfrontend-${{matrix.os}}-${{env.BUILD_TYPE_LOWER}}-${{env.SHORT_SHA}} path: ${{github.workspace}}/build/artifacts/* if: runner.os == 'Windows'