# Copyright (C) 2021-2024 Saturneric # # This file is part of GpgFrontend. # # GpgFrontend is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # GpgFrontend is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with GpgFrontend. If not, see . # # The initial version of the source code is inherited from # the gpg4usb project, which is under GPL-3.0-or-later. # # All the source code of GpgFrontend was modified and released by # Saturneric starting on May 12, 2021. # # SPDX-License-Identifier: GPL-3.0-or-later name: Build Nightly on: push: branches: ["develop"] env: BUILD_TYPE: Release GNUPG_VERSION: "2.4.7" jobs: build: strategy: matrix: os: ["ubuntu-20.04", "macos-13", "macos-14", "macos-15", "windows-2019"] runs-on: ${{ matrix.os }} continue-on-error: true steps: - name: Set git to use LF(Windows) or CRLF(MacOS) line endings run: | git config --global core.autocrlf false git config --global core.eol lf if: runner.os == 'Windows' || runner.os == 'macOS' - uses: actions/checkout@v4 with: ref: "develop" lfs: "false" submodules: recursive - name: Get Short SHA of Commit id: vars run: echo "sha_short=$(git rev-parse --short HEAD)" >> $GITHUB_ENV - name: Install Dependence (Linux) run: | sudo apt-get update sudo apt-get -y install build-essential binutils git autoconf automake gettext texinfo sudo apt-get -y install gcc g++ ninja-build sudo apt-get -y install libarchive-dev libssl-dev sudo apt-get -y install gpgsm libxcb-xinerama0 libxcb-icccm4-dev libcups2-dev libdrm-dev libegl1-mesa-dev sudo apt-get -y install libgcrypt20-dev libnss3-dev libpci-dev libpulse-dev libudev-dev libxtst-dev gyp sudo apt-get -y install libglu1-mesa-dev libfontconfig1-dev libx11-xcb-dev libxcb-image0 sudo apt-get -y install libglu1-mesa-dev libfontconfig1-dev libx11-xcb-dev libxcb-* libxkbcommon-x11-0 if: runner.os == 'Linux' - name: Codesign Configuration (macOS) run: | CERTIFICATE_PATH=$RUNNER_TEMP/build_certificate.p12 PP_PATH=$RUNNER_TEMP/${{secrets.GPGFRONTEND_XOCDE_PROVISIONING_PROFILE_UUID}}.provisionprofile KEYCHAIN_PATH=$RUNNER_TEMP/app-signing.keychain-db echo -n "${{secrets.MACOS_CERTIFICATE}}" | base64 --decode -o $CERTIFICATE_PATH echo -n "${{secrets.GPGFRONTEND_XOCDE_PROVISIONING_PROFILE_DATA}}" | base64 --decode -o $PP_PATH security create-keychain -p gpgfrontend build.keychain security default-keychain -s build.keychain security unlock-keychain -p gpgfrontend build.keychain security import $CERTIFICATE_PATH -k build.keychain -P ${{secrets.MAOS_CERTIFICATE_PWD}} -T /usr/bin/codesign security set-key-partition-list -S apple-tool:,apple:,codesign: -s -k gpgfrontend build.keychain security set-keychain-settings -lut 3600 mkdir -p ~/Library/MobileDevice/Provisioning\ Profiles cp $PP_PATH ~/Library/MobileDevice/Provisioning\ Profiles if: runner.os == 'macOS' - name: Install Qt6 uses: jurplel/install-qt-action@v3 with: version: "6.7.2" cache: "true" if: runner.os == 'Linux' || runner.os == 'macOS' - name: Install Dependence (macOS) run: | brew install cmake autoconf automake texinfo gettext openssl@3 brew install ninja libarchive gpgme googletest brew install create-dmg brew link openssl@3 --force if: runner.os == 'macOS' - name: Set up MinGW (Windows) uses: msys2/setup-msys2@v2 with: update: true release: false cache: true install: >- git msys2-devel base-devel binutils zip unzip libintl msys2-runtime-devel mingw-w64-x86_64-toolchain mingw-w64-x86_64-gcc mingw-w64-x86_64-make mingw-w64-x86_64-cmake mingw-w64-x86_64-qt6 mingw-w64-x86_64-icu mingw-w64-x86_64-ninja mingw-w64-x86_64-gnupg mingw-w64-x86_64-gpgme mingw-w64-x86_64-libarchive mingw-w64-x86_64-gtest if: runner.os == 'Windows' - name: Build gpg-error (Linux) run: | git clone --depth 1 --branch libgpg-error-1.51 git://git.gnupg.org/libgpg-error.git ${{github.workspace}}/third_party/libgpg-error cd ${{github.workspace}}/third_party/libgpg-error ./autogen.sh ./configure --enable-maintainer-mode && make -j4 sudo make install cd ${{github.workspace}} if: runner.os == 'Linux' - name: Build assuan (Linux) run: | git clone --depth 1 --branch libassuan-2.5.7 git://git.gnupg.org/libassuan.git ${{github.workspace}}/third_party/libassuan cd ${{github.workspace}}/third_party/libassuan ./autogen.sh ./configure --enable-maintainer-mode && make -j4 sudo make install cd ${{github.workspace}} if: runner.os == 'Linux' - name: Build GpgME (Linux) run: | git clone --depth 1 --branch gpgme-1.24.2 git://git.gnupg.org/gpgme.git ${{github.workspace}}/third_party/gpgme cd ${{github.workspace}}/third_party/gpgme ./autogen.sh ./configure --enable-maintainer-mode --enable-languages=cpp && make -j4 sudo make install cd ${{github.workspace}} if: runner.os == 'Linux' - name: Build GpgME (Windows) shell: msys2 {0} run: | git clone --depth 1 --branch gpgme-1.24.2 git://git.gnupg.org/gpgme.git ${{github.workspace}}/third_party/gpgme cd ${{github.workspace}}/third_party/gpgme ./autogen.sh ./configure --enable-maintainer-mode --enable-languages=cpp --disable-gpg-test && make -j4 make install if: runner.os == 'Windows' - name: Build googletest (Linux) run: | git clone --depth 1 --branch v1.15.2 https://github.com/google/googletest.git ${{github.workspace}}/third_party/googletest cd ${{github.workspace}}/third_party/googletest mkdir build && cd build cmake -G Ninja -DBUILD_SHARED_LIBS=ON .. ninja sudo ninja install if: runner.os == 'Linux' - name: Build & Install Full SDK run: | cmake -B ${{github.workspace}}/build-full-sdk -G Ninja -DCMAKE_BUILD_TYPE=${{env.BUILD_TYPE}} -DGPGFRONTEND_BUILD_TYPE_FULL_SDK=ON cmake --build ${{github.workspace}}/build-full-sdk --config {{$env.BUILD_TYPE}} -- -v sudo cmake --install ${{github.workspace}}/build-full-sdk --config {{$env.BUILD_TYPE}} if: runner.os == 'Linux' || runner.os == 'macOS' - name: Build & Install Full SDK (Windows) shell: msys2 {0} run: | cd $(cygpath -u "${{github.workspace}}") mkdir build-full-sdk && cd build-full-sdk cmake -G Ninja -DCMAKE_BUILD_TYPE=${{env.BUILD_TYPE}} -DGPGFRONTEND_BUILD_TYPE_FULL_SDK=ON -DCMAKE_INSTALL_PREFIX=$MSYSTEM_PREFIX .. cmake --build . --config ${{env.BUILD_TYPE}} -- -j 4 cmake --install . --config {{$env.BUILD_TYPE}} if: runner.os == 'Windows' - name: Build Integrated Modules run: | cmake -S ${{github.workspace}}/modules -B ${{github.workspace}}/modules/build -G Ninja -DCMAKE_BUILD_TYPE=${{env.BUILD_TYPE}} -DCMAKE_INSTALL_PREFIX=${{github.workspace}}/modules/build/artifacts cmake --build ${{github.workspace}}/modules/build --config {{$env.BUILD_TYPE}} -- -v cmake --install ${{github.workspace}}/modules/build --config {{$env.BUILD_TYPE}} if: runner.os == 'Linux' || runner.os == 'macOS' - name: Build Integrated Modules (Windows) shell: msys2 {0} run: | cd $(cygpath -u "${{github.workspace}}") cd modules mkdir build && cd build cmake -G Ninja -DCMAKE_BUILD_TYPE=${{env.BUILD_TYPE}} -DGPGFRONTEND_BUILD_TYPE_STABLE=ON -DCMAKE_INSTALL_PREFIX=./artifacts .. cmake --build . --config ${{env.BUILD_TYPE}} -- -j 4 cmake --install . --config {{$env.BUILD_TYPE}} if: runner.os == 'Windows' - name: Build & Export GpgFrontend (macOS) run: | cmake -B ${{github.workspace}}/build -G Xcode \ -DGPGFRONTEND_CONFIGURE_FOR_XCODE_BUILD=On \ -DCMAKE_BUILD_TYPE=${{env.BUILD_TYPE}} \ -DGPGFRONTEND_XOCDE_CODE_SIGN_IDENTITY="${{secrets.GPGFRONTEND_XOCDE_CODE_SIGN_IDENTITY}}" \ -DGPGFRONTEND_XCODE_TEAM_ID="${{secrets.GPGFRONTEND_XCODE_TEAM_ID}}" \ -DGPGFRONTEND_XOCDE_APPID="${{secrets.GPGFRONTEND_XOCDE_APPID}}" \ -DGPGFRONTEND_XOCDE_PROVISIONING_PROFILE_UUID="${{secrets.GPGFRONTEND_XOCDE_PROVISIONING_PROFILE_UUID}}" xcodebuild -list -project ${{github.workspace}}/build/GpgFrontend.xcodeproj cd ${{github.workspace}}/build/ xcodebuild -scheme GpgFrontend -configuration "${{env.BUILD_TYPE}}"\ -archivePath ${{github.workspace}}/build/GpgFrontend.xcarchive archive mkdir ${{github.workspace}}/build/package xcodebuild -exportArchive -archivePath ${{github.workspace}}/build/GpgFrontend.xcarchive \ -exportOptionsPlist ${{github.workspace}}/build/ExportOptions.plist \ -exportPath ${{github.workspace}}/build/package/ if: runner.os == 'macOS' - name: Copy Modules into Bundle & Deploy Qt & Code Sign (macOS) run: | codesign -s "${{secrets.GPGFRONTEND_XOCDE_CODE_SIGN_IDENTITY}}" -f --deep --options=runtime --timestamp ${{github.workspace}}/modules/build/artifacts/modules/* cmake -E copy_directory ${{github.workspace}}/modules/build/artifacts/modules ${{github.workspace}}/build/package/GpgFrontend.app/Contents/Modules macdeployqt ${{github.workspace}}/build/package/GpgFrontend.app -verbose=2 -appstore-compliant -always-overwrite codesign -s "${{secrets.GPGFRONTEND_XOCDE_CODE_SIGN_IDENTITY}}" -f --deep --options=runtime --timestamp ${{github.workspace}}/build/package/GpgFrontend.app if: runner.os == 'macOS' - name: Package & Sign App Bundle (macOS) run: | security -v unlock-keychain -p gpgfrontend ditto -c -k --keepParent ${{github.workspace}}/build/package/GpgFrontend.app ${{github.workspace}}/build/GpgFrontend.app.zip hdiutil create ${{github.workspace}}/build/tmp.dmg -ov \ -volname "GpgFrontend" -fs HFS+ -srcfolder ${{github.workspace}}/build/package/ mkdir ${{github.workspace}}/build/upload-artifact create-dmg --codesign "${{secrets.GPGFRONTEND_XOCDE_CODE_SIGN_IDENTITY}}" --volicon "${{github.workspace}}/resource/lfs/icns/GpgFrontend.icns" --volname GpgFrontend --app-drop-link 600 185 --window-size 800 400 ${{github.workspace}}/build/upload-artifact/GpgFrontend.dmg ${{github.workspace}}/build/package/GpgFrontend.app mv ${{github.workspace}}/build/upload-artifact/GpgFrontend.dmg \ ${{github.workspace}}/build/upload-artifact/GpgFrontend-${{matrix.os}}-${{env.sha_short}}.dmg mv ${{github.workspace}}/build/GpgFrontend.app.zip \ ${{github.workspace}}/build/GpgFrontend-${{matrix.os}}-${{env.sha_short}}.zip if: runner.os == 'macOS' - name: Notarize Release Build (macOS) run: | xcrun notarytool submit \ --apple-id ${{secrets.APPLE_DEVELOPER_ID}} \ --team-id ${{secrets.APPLE_DEVELOPER_TEAM_ID}} \ --password ${{secrets.APPLE_DEVELOPER_ID_SECRET}} \ ${{github.workspace}}/build/GpgFrontend-${{matrix.os}}-${{env.sha_short}}.zip echo "BUILD_TYPE_LOWER=$(echo ${BUILD_TYPE} | tr '[:upper:]' '[:lower:]')" >> ${GITHUB_ENV} echo "SHORT_SHA=`echo ${GITHUB_SHA} | cut -c1-8`" >> ${GITHUB_ENV} if: runner.os == 'macOS' - name: Build GpgFrontend (Linux) # Build your GpgFrontend with the given configuration run: | cmake -B ${{github.workspace}}/build -G Ninja -DCMAKE_BUILD_TYPE=${{env.BUILD_TYPE}} -DDGPGFRONTEND_BUILD_TYPE_ONLY_APPLICATION=ON cmake --build ${{github.workspace}}/build --config {{$env.BUILD_TYPE}} -- -v if: runner.os == 'Linux' - name: Copy Modules & Package App Image (Linux) run: | cmake -E copy_directory ${{github.workspace}}/modules/build/artifacts/modules ${{github.workspace}}/build/artifacts/AppDir/usr/modules mkdir ${{github.workspace}}/build/upload-artifact cd ${{github.workspace}}/build/upload-artifact wget -c -nv https://github.com/probonopd/linuxdeployqt/releases/download/continuous/linuxdeployqt-continuous-x86_64.AppImage chmod u+x linuxdeployqt-continuous-x86_64.AppImage export LD_LIBRARY_PATH=$LD_LIBRARY_PATH:/usr/local/lib ./linuxdeployqt-continuous-x86_64.AppImage ${{github.workspace}}/build/artifacts/AppDir/usr/share/applications/*.desktop -no-translations -extra-plugins=iconengines,platforms -appimage -executable-dir=${{github.workspace}}/build/artifacts/AppDir/usr/modules/ echo "BUILD_TYPE_LOWER=${BUILD_TYPE,,}" >> ${GITHUB_ENV} echo "SHORT_SHA=`echo ${GITHUB_SHA} | cut -c1-8`" >> ${GITHUB_ENV} if: runner.os == 'Linux' - name: Configure CMake & Build Application (Windows) shell: msys2 {0} run: | cd $(cygpath -u "${{github.workspace}}") mkdir build && cd build cmake -G Ninja -DCMAKE_BUILD_TYPE=${{env.BUILD_TYPE}} -DGPGFRONTEND_BUILD_TYPE_ONLY_APPLICATION=ON .. cmake --build . --config ${{env.BUILD_TYPE}} -- -j 4 if: runner.os == 'Windows' - name: Generate Env Vars (Windows) run: | echo "SHORT_SHA=$("${{ github.sha }}".SubString(0, 8))" >> $env:GITHUB_ENV echo "BUILD_TYPE_LOWER=$("${{env.BUILD_TYPE}}".ToLower())" >> $env:GITHUB_ENV if: runner.os == 'Windows' - name: Download GnuPG Binary Release (Windows) shell: msys2 {0} run: | export URL="https://ftp.bktus.com/GnuPG/${{env.GNUPG_VERSION}}" export FILE="gnupg.zip" export CHECKSUM_FILE="SHA256SUMS.txt" cd $(cygpath -u "${{github.workspace}}") mkdir -p build/downloads curl -o build/downloads/$FILE $URL/$FILE curl -o build/downloads/$CHECKSUM_FILE $URL/$CHECKSUM_FILE CHECKSUM=$(grep "$FILE" build/downloads/$CHECKSUM_FILE | awk '{print $1}') ACTUAL_CHECKSUM=$(sha256sum build/downloads/$FILE | awk '{print $1}') echo "Expected Checksum: $CHECKSUM" echo "Actual Checksum: $ACTUAL_CHECKSUM" if [ "$CHECKSUM" != "$ACTUAL_CHECKSUM" ]; then echo "Checksum verification failed!" >&2 exit 1 fi mkdir -p build/artifacts unzip build/downloads/$FILE -d build/artifacts/ ls -l build/artifacts/ if: runner.os == 'Windows' - name: Copy Modules & Package (Windows) shell: msys2 {0} run: | cd $(cygpath -u "${{github.workspace}}") cp PrivacyPolicy.md build/artifacts/ cp README.md build/artifacts/ cp SECURITY.md build/artifacts/ cp TRANSLATORS build/artifacts/ cp COPYING build/artifacts/ cp gpgfrontend.ico build/artifacts/bin/ touch build/artifacts/bin/PORTABLE.txt mkdir -p build/artifacts/modules cp -r modules/build/artifacts/bin/* build/artifacts/modules cd build windeployqt-qt6 --no-translations --force ./artifacts/bin/libgpgfrontend_core.dll windeployqt-qt6 --no-translations --force ./artifacts/bin/libgpgfrontend_ui.dll windeployqt-qt6 --no-translations --force ./artifacts/bin/GpgFrontend.exe mkdir upload-artifact cd artifacts zip -r ../upload-artifact/GpgFrontend-${{env.SHORT_SHA}}-x86_64.zip * if: runner.os == 'Windows' - name: Upload Artifact (Linux) uses: actions/upload-artifact@master with: name: gpgfrontend-${{matrix.os}}-${{env.BUILD_TYPE_LOWER}}-${{env.SHORT_SHA}} path: ${{github.workspace}}/build/upload-artifact/Gpg_Frontend*.AppImage* if: runner.os == 'Linux' - name: Upload Artifact (macOS) uses: actions/upload-artifact@master with: name: gpgfrontend-${{matrix.os}}-${{env.BUILD_TYPE_LOWER}}-${{env.SHORT_SHA}} path: ${{github.workspace}}/build/upload-artifact/* if: runner.os == 'macOS' - name: Upload Artifact (Windows) uses: actions/upload-artifact@master with: name: gpgfrontend-${{matrix.os}}-${{env.BUILD_TYPE_LOWER}}-${{env.SHORT_SHA}} path: ${{github.workspace}}/build/upload-artifact/* if: runner.os == 'Windows' release: needs: build runs-on: ubuntu-latest steps: - name: Download Artifacts uses: actions/download-artifact@v4 with: path: artifacts/ pattern: gpgfrontend-* merge-multiple: true - name: Generate SHA256 checksums run: | sha256sum artifacts/* > artifacts/SHA256SUMS.txt cat artifacts/SHA256SUMS.txt - name: List files run: ls -rl artifacts/ - name: Update Nightly Release uses: andelf/nightly-release@main env: GITHUB_TOKEN: ${{ secrets.USER_GITHUB_TOKEN }} with: tag_name: nightly name: "Nightly Release $$" draft: false prerelease: true body: | ### Nightly Release of GpgFrontend This is an **unstable nightly build** of GpgFrontend. It may contain new features or bug fixes that are under testing. Please note that this version is less stable compared to official releases and is intended for testing purposes **only**. #### Why Nightly Releases? This nightly release aims to provide users with early access to features or fixes they urgently need. Given that official releases are typically published at least two months apart, I understand that the wait may be too long for some users. #### Important Notes: - Use this version at your own risk; it is not recommended for production environments. files: | artifacts/*