cryptomator/.github/workflows/build.yml

name: Build

on:
  [push]

env:
  JAVA_VERSION: 16

defaults:
  run:
    shell: bash

jobs: 
  test:
    name: Compile and Test
    runs-on: ubuntu-latest
    if: "!contains(github.event.head_commit.message, '[ci skip]') && !contains(github.event.head_commit.message, '[skip ci]')"
    steps:
      - uses: actions/checkout@v2
      - uses: actions/setup-java@v1
        with:
          java-version: ${{ env.JAVA_VERSION }}
      - uses: actions/cache@v2
        with:
          path: ~/.m2/repository
          key: ${{ runner.os }}-maven-${{ hashFiles('**/pom.xml') }}
          restore-keys: |
            ${{ runner.os }}-maven-
      - name: Ensure to use tagged version
        run: mvn versions:set -DnewVersion=${GITHUB_REF##*/} # use shell parameter expansion to strip of 'refs/tags'
        if: startsWith(github.ref, 'refs/tags/')
      - name: Build and Test
        run: mvn -B clean install jacoco:report -Pcoverage,dependency-check
      - name: Upload code coverage report
        id: codacyCoverageReporter
        run: bash <(curl -Ls https://coverage.codacy.com/get.sh)
        env:
          CODACY_PROJECT_TOKEN: ${{ secrets.CODACY_PROJECT_TOKEN }}
        continue-on-error: true

#
# Buildkit
#

  buildkit:
    name: Build buildkit-${{ matrix.profile }}
    needs: test
    runs-on: ${{ matrix.os }}
    strategy:
      fail-fast: true
      matrix:
        include:
        - os: ubuntu-latest
          profile: linux
          launcher: launcher-linux.sh
        - os: windows-latest
          profile: win
          launcher: launcher-win.bat
        - os: macOS-latest
          profile: mac
          launcher: launcher-mac.sh
    steps:
      - uses: actions/checkout@v2
      - uses: actions/setup-java@v1
        with:
          java-version: ${{ env.JAVA_VERSION }}
      - uses: actions/cache@v2
        with:
          path: ~/.m2/repository
          key: ${{ runner.os }}-maven-${{ hashFiles('**/pom.xml') }}
          restore-keys: |
            ${{ runner.os }}-maven-
      - name: Copy .jar files
        run: mvn -B clean package -DskipTests -P${{ matrix.profile }}
      - name: Archive buildkit-${{ matrix.profile }}.tar.gz
        run: |
          cp LICENSE.txt target
          cp dist/buildkit/${{ matrix.launcher }} target
          cp target/cryptomator-*.jar target/mods
      - name: Upload buildkit-${{ matrix.profile }}
        uses: actions/upload-artifact@v2
        with:
          name: buildkit-${{ matrix.profile }}
          path: |
            target/libs
            target/mods
            target/LICENSE.txt
            target/${{ matrix.launcher }}
          if-no-files-found: error

#
# jlink
#

  jlink:
    name: Create runtime-${{ matrix.profile }}
    needs: test
    runs-on: ${{ matrix.os }}
    strategy:
      fail-fast: true
      matrix:
        include:
        - os: ubuntu-latest
          profile: linux
        - os: windows-latest
          profile: win
        - os: macOS-latest
          profile: mac
    steps:
      - uses: actions/checkout@v2
      - uses: actions/setup-java@v1
        with:
          java-version: ${{ env.JAVA_VERSION }}
      - name: Create Runtime Image
        run: >
          ${JAVA_HOME}/bin/jlink
          --verbose
          --output runtime
          --module-path "${JAVA_HOME}/jmods"
          --add-modules java.base,java.desktop,java.logging,java.naming,java.net.http,java.scripting,java.sql,java.xml,jdk.unsupported,jdk.crypto.ec,jdk.accessibility
          --no-header-files
          --no-man-pages
          --strip-debug
          --compress=1
      - name: Upload runtime-${{ matrix.profile }}
        uses: actions/upload-artifact@v2
        with:
          name: runtime-${{ matrix.profile }}
          path: runtime
          if-no-files-found: error

#
# Release Metadata
#

  metadata:
    name: Determine Version Metadata
    runs-on: ubuntu-latest
    needs: test
    outputs:
      versionStr: ${{ steps.versions.outputs.versionStr }}
      versionNum: ${{ steps.versions.outputs.versionNum }}
      revNum: ${{ steps.versions.outputs.revNum }}
    steps:
      - uses: actions/checkout@v2
        with:
          fetch-depth: 0
      - id: versions
        run: |
          if [[ $GITHUB_REF == refs/tags/* ]]; then
            echo "::set-output name=versionStr::${GITHUB_REF##*/}"
            echo "::set-output name=versionNum::${GITHUB_REF##*/}"
          else
            echo "::set-output name=versionStr::SNAPSHOT"
            echo "::set-output name=versionNum::99.0.0"
          fi
          echo "::set-output name=revNum::`git rev-list --count HEAD`"
          
#
# Linux AppImage
# 

  linux-appimage:
    name: Build AppImage
    runs-on: ubuntu-latest
    needs: [buildkit, jlink, metadata]
    steps:
      - uses: actions/checkout@v2
      - name: Download buildkit-linux
        uses: actions/download-artifact@v2
        with:
          name: buildkit-linux
          path: Cryptomator.AppDir
      - name: Download runtime-linux
        uses: actions/download-artifact@v2
        with:
          name: runtime-linux
          path: Cryptomator.AppDir/runtime
      - name: Extract libjffi.so # workaround for https://github.com/cryptomator/cryptomator-linux/issues/27
        run: |
          JFFI_NATIVE_JAR=`ls libs/ | grep -e 'jffi-[1-9]\.[0-9]\{1,2\}.[0-9]\{1,2\}-native.jar'`
          ${JAVA_HOME}/bin/jar -xf libs/${JFFI_NATIVE_JAR} /jni/x86_64-Linux/
          mv jni/x86_64-Linux/* libs/libjffi.so
        working-directory: Cryptomator.AppDir
      - name: Patch Cryptomator.AppDir
        run: |
          cp -r dist/appimage/resources/AppDir/* Cryptomator.AppDir/
          chmod +x Cryptomator.AppDir/runtime/bin/java
          envsubst '${REVISION_NO}' < dist/appimage/resources/AppDir/bin/cryptomator.sh > Cryptomator.AppDir/bin/cryptomator.sh
          ln -s usr/share/icons/hicolor/scalable/apps/org.cryptomator.Cryptomator.svg Cryptomator.AppDir/org.cryptomator.Cryptomator.svg
          ln -s usr/share/icons/hicolor/scalable/apps/org.cryptomator.Cryptomator.svg Cryptomator.AppDir/Cryptomator.svg
          ln -s usr/share/icons/hicolor/scalable/apps/org.cryptomator.Cryptomator.svg Cryptomator.AppDir/.DirIcon
          ln -s usr/share/applications/org.cryptomator.Cryptomator.desktop Cryptomator.AppDir/Cryptomator.desktop
          ln -s bin/cryptomator.sh Cryptomator.AppDir/AppRun
        env:
          REVISION_NO: ${{ needs.metadata.outputs.revNum }}
      - name: Download AppImageKit
        run: |
          curl -L https://github.com/AppImage/AppImageKit/releases/download/13/appimagetool-x86_64.AppImage -o appimagetool.AppImage
          chmod +x appimagetool.AppImage
          ./appimagetool.AppImage --appimage-extract
      - name: Prepare GPG-Agent for signing with key 615D449FE6E6A235
        run: |
          echo "${GPG_PRIVATE_KEY}" | gpg --batch --quiet --import
          echo "${GPG_PASSPHRASE}" | gpg --batch --quiet --passphrase-fd 0 --pinentry-mode loopback -u 615D449FE6E6A235 --dry-run --sign Cryptomator.AppDir/AppRun
        env:
          GPG_PRIVATE_KEY: ${{ secrets.RELEASES_GPG_PRIVATE_KEY }}
          GPG_PASSPHRASE: ${{ secrets.RELEASES_GPG_PASSPHRASE }}
      - name: Build AppImage
        run: >
          ./squashfs-root/AppRun Cryptomator.AppDir cryptomator-${{ needs.metadata.outputs.versionStr }}-x86_64.AppImage
          -u 'gh-releases-zsync|cryptomator|cryptomator|latest|cryptomator-*-x86_64.AppImage.zsync'
          --sign --sign-key=615D449FE6E6A235 --sign-args="--batch --pinentry-mode loopback"
      - name: Create Detached GPG Signature
        run: |
          gpg --batch --quiet --pinentry-mode loopback -u 615D449FE6E6A235 --detach-sign -a cryptomator-${{ needs.metadata.outputs.versionStr }}-x86_64.AppImage
          gpg --batch --quiet --pinentry-mode loopback -u 615D449FE6E6A235 --detach-sign -a cryptomator-${{ needs.metadata.outputs.versionStr }}-x86_64.AppImage.zsync
      - name: Upload AppImage
        uses: actions/upload-artifact@v2
        with:
          name: appimage
          path: |
            cryptomator-${{ needs.metadata.outputs.versionStr }}-x86_64.AppImage
            cryptomator-${{ needs.metadata.outputs.versionStr }}-x86_64.AppImage.asc
            cryptomator-${{ needs.metadata.outputs.versionStr }}-x86_64.AppImage.zsync
            cryptomator-${{ needs.metadata.outputs.versionStr }}-x86_64.AppImage.zsync.asc
          if-no-files-found: error

#
# Windows App Dir
#

  windows-appdir:
    name: Build Windows App Directory
    runs-on: windows-latest
    needs: [buildkit, jlink, metadata]
    steps:
      - uses: actions/checkout@v2
      - uses: actions/setup-java@v1
        with:
          java-version: ${{ env.JAVA_VERSION }}
      - name: Download buildkit-win
        uses: actions/download-artifact@v2
        with:
          name: buildkit-win
          path: buildkit
      - name: Download runtime-win
        uses: actions/download-artifact@v2
        with:
          name: runtime-win
          path: runtime
      - name: Create app directory
        run: >
          ${JAVA_HOME}/bin/jpackage
          --verbose
          --type app-image
          --runtime-image runtime
          --input buildkit/libs
          --module-path buildkit/mods
          --dest app
          --name Cryptomator
          --vendor "Skymatic GmbH"
          --copyright "(C) 2016 - 2021 Skymatic GmbH"
          --app-version "${{ needs.metadata.outputs.versionNum }}.${{ needs.metadata.outputs.revNum }}"
          --icon dist/msi/resources/app/Cryptomator.ico
          --java-options "-Dfile.encoding=\"utf-8\""
          --java-options "-Dcryptomator.logDir=\"~/AppData/Roaming/Cryptomator\""
          --java-options "-Dcryptomator.settingsPath=\"~/AppData/Roaming/Cryptomator/settings.json\""
          --java-options "-Dcryptomator.ipcPortPath=\"~/AppData/Roaming/Cryptomator/ipcPort.bin\""
          --java-options "-Dcryptomator.keychainPath=\"~/AppData/Roaming/Cryptomator/keychain.json\""
          --java-options "-Dcryptomator.mountPointsDir=\"~/Cryptomator\""
          --java-options "-Dcryptomator.showTrayIcon=true"
          --java-options "-Dcryptomator.buildNumber=\"msi-${{ needs.metadata.outputs.revNum }}\""
          --java-options "-Xss2m"
          --java-options "-Xmx256m"
          --module org.cryptomator.desktop/org.cryptomator.launcher.Cryptomator
      - name: Patch app directory
        run: |
          cp dist/msi/resources/app/dlls/* app/Cryptomator/
      - name: Upload app directory
        uses: actions/upload-artifact@v2
        with:
          name: win-appdir
          path: app/Cryptomator
          if-no-files-found: error

  # release:
  #   name: Draft a Release on GitHub Releases
  #   runs-on: ubuntu-latest
  #   needs: test
  #   if: startsWith(github.ref, 'refs/tags/') && github.repository == 'cryptomator/cryptomator'
  #   steps:
  #     - uses: actions/checkout@v2
  #     - name: Download buildkit-linux.zip
  #       uses: actions/download-artifact@v1
  #       with:
  #         name: buildkit-linux.zip
  #         path: .
  #     - name: Download buildkit-mac.zip
  #       uses: actions/download-artifact@v1
  #       with:
  #         name: buildkit-mac.zip
  #         path: .
  #     - name: Download buildkit-win.zip
  #       uses: actions/download-artifact@v1
  #       with:
  #         name: buildkit-win.zip
  #         path: .
  #     - name: Create tarball
  #       run: git archive --prefix="cryptomator-${{ github.ref }}/" -o "cryptomator-${{ github.ref }}.tar.gz" ${{ github.ref }}
  #     - name: Sign tarball with key 615D449FE6E6A235
  #       run: |
  #         echo "${GPG_PRIVATE_KEY}" | gpg --batch --quiet --import
  #         echo "${GPG_PASSPHRASE}" | gpg --batch --quiet --passphrase-fd 0 --pinentry-mode loopback -u 615D449FE6E6A235 --detach-sign -a "cryptomator-${{ github.ref }}.tar.gz"
  #       env:
  #         GPG_PRIVATE_KEY: ${{ secrets.RELEASES_GPG_PRIVATE_KEY }}
  #         GPG_PASSPHRASE: ${{ secrets.RELEASES_GPG_PASSPHRASE }}
  #     - name: Create Release
  #       id: create_release
  #       uses: actions/create-release@v1
  #       env:
  #         GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
  #       with:
  #         tag_name: ${{ github.ref }}
  #         release_name: ${{ github.ref }}
  #         body: |
  #           :construction: Work in Progress

  #           TODO:
  #           * [ ] add Linux appimage, zsync file and signature file
  #           * [ ] add Windows installer and signature file
  #           * [ ] add MacOs disk image and signature file

  #           ## What's new

  #           ## Bugfixes

  #           ## Misc

  #           ---

  #           :scroll: A complete list of closed issues is available [here](LINK)
  #         draft: true
  #         prerelease: false
  #     - name: Upload buildkit-linux.zip to GitHub Releases
  #       uses: actions/upload-release-asset@v1.0.1
  #       env:
  #         GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
  #       with:
  #         upload_url: ${{ steps.create_release.outputs.upload_url }}
  #         asset_path: buildkit-linux.zip
  #         asset_name: buildkit-linux.zip
  #         asset_content_type: application/zip
  #     - name: Upload buildkit-mac.zip to GitHub Releases
  #       uses: actions/upload-release-asset@v1.0.1
  #       env:
  #         GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
  #       with:
  #         upload_url: ${{ steps.create_release.outputs.upload_url }}
  #         asset_path: buildkit-mac.zip
  #         asset_name: buildkit-mac.zip
  #         asset_content_type: application/zip
  #     - name: Upload buildkit-win.zip to GitHub Releases
  #       uses: actions/upload-release-asset@v1.0.1
  #       env:
  #         GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
  #       with:
  #         upload_url: ${{ steps.create_release.outputs.upload_url }}
  #         asset_path: buildkit-win.zip
  #         asset_name: buildkit-win.zip
  #         asset_content_type: application/zip
  #     - name: Upload tarball signature to GitHub Releases
  #       uses: actions/upload-release-asset@v1.0.1
  #       env:
  #         GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
  #       with:
  #         upload_url: ${{ steps.create_release.outputs.upload_url }}
  #         asset_path: "cryptomator-${{ github.ref }}.tar.gz.asc"
  #         asset_name: "cryptomator-${{ github.ref }}.tar.gz.asc"
  #         asset_content_type: application/octet-stream