debian.yml 7.2 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164
  1. name: Build Debian Package
  2. on:
  3. workflow_dispatch:
  4. inputs:
  5. semver:
  6. description: 'SemVer String (e.g. 1.7.0-beta1)'
  7. ppaver:
  8. description: 'Base PPA Version String (e.g. 1.6.16+1.7.0~beta1) without -0ppa1'
  9. dput:
  10. description: 'Upload to PPA'
  11. required: true
  12. default: false
  13. type: boolean
  14. push:
  15. branches-ignore:
  16. - 'dependabot/**'
  17. paths:
  18. - '.github/workflows/debian.yml'
  19. - 'dist/linux/debian/**'
  20. - 'dist/linux/common/**'
  21. - 'dist/linux/resources/**'
  22. env:
  23. JAVA_DIST: 'temurin'
  24. JAVA_VERSION: '24.0.1+9'
  25. COFFEELIBS_JDK: 24
  26. COFFEELIBS_JDK_VERSION: '24.0.1+9-0ppa3'
  27. OPENJFX_JMODS_AMD64: 'https://download2.gluonhq.com/openjfx/24.0.1/openjfx-24.0.1_linux-x64_bin-jmods.zip'
  28. OPENJFX_JMODS_AMD64_HASH: '425fac742b9fbd095b2ce868cff82d1024620f747c94a7144d0a4879e756146c'
  29. OPENJFX_JMODS_AARCH64: 'https://download2.gluonhq.com/openjfx/24.0.1/openjfx-24.0.1_linux-aarch64_bin-jmods.zip'
  30. OPENJFX_JMODS_AARCH64_HASH: '7e02edd0f4ee5527a27c94b0bbba66fcaaff41009119e45d0eca0f96ddfb6e7b'
  31. jobs:
  32. get-version:
  33. uses: ./.github/workflows/get-version.yml
  34. with:
  35. version: ${{ inputs.semver }} #okay if not defined
  36. build:
  37. name: Build Debian Package
  38. runs-on: ubuntu-22.04
  39. needs: [get-version]
  40. steps:
  41. - uses: actions/checkout@v4
  42. - id: deb-version
  43. name: Determine deb-version
  44. run: |
  45. if [ -n "${{inputs.ppaver}}" ]; then
  46. echo "debVersion=${{inputs.ppaver }}" >> "$GITHUB_OUTPUT"
  47. else
  48. echo "debVersion=${{needs.get-version.outputs.semVerStr}}" >> "$GITHUB_OUTPUT"
  49. fi
  50. - name: Install build tools
  51. run: |
  52. sudo add-apt-repository ppa:coffeelibs/openjdk
  53. sudo apt-get update
  54. sudo apt-get install debhelper devscripts dput coffeelibs-jdk-${{ env.COFFEELIBS_JDK }}=${{ env.COFFEELIBS_JDK_VERSION }}
  55. - name: Setup Java
  56. uses: actions/setup-java@v4
  57. with:
  58. distribution: ${{ env.JAVA_DIST }}
  59. java-version: ${{ env.JAVA_VERSION }}
  60. check-latest: true
  61. cache: 'maven'
  62. - name: Run maven
  63. run: mvn -B clean package -Plinux -Djavafx.platform=linux -DskipTests
  64. - name: Download OpenJFX jmods
  65. id: download-jmods
  66. run: |
  67. curl -L ${{ env.OPENJFX_JMODS_AMD64 }} -o openjfx-amd64.zip
  68. echo "${{ env.OPENJFX_JMODS_AMD64_HASH }} openjfx-amd64.zip" | shasum -a256 --check
  69. mkdir -p jmods/amd64
  70. unzip -j openjfx-amd64.zip \*/javafx.base.jmod \*/javafx.controls.jmod \*/javafx.fxml.jmod \*/javafx.graphics.jmod -d jmods/amd64
  71. curl -L ${{ env.OPENJFX_JMODS_AARCH64 }} -o openjfx-aarch64.zip
  72. echo "${{ env.OPENJFX_JMODS_AARCH64_HASH }} openjfx-aarch64.zip" | shasum -a256 --check
  73. mkdir -p jmods/aarch64
  74. unzip -j openjfx-aarch64.zip \*/javafx.base.jmod \*/javafx.controls.jmod \*/javafx.fxml.jmod \*/javafx.graphics.jmod -d jmods/aarch64
  75. - name: Ensure major jfx version in pom and in jmods is the same
  76. run: |
  77. JMOD_VERSION_AMD64=$(jmod describe jmods/amd64/javafx.base.jmod | head -1)
  78. JMOD_VERSION_AMD64=${JMOD_VERSION_AMD64#*@}
  79. JMOD_VERSION_AMD64=${JMOD_VERSION_AMD64%%.*}
  80. JMOD_VERSION_AARCH64=$(jmod describe jmods/aarch64/javafx.base.jmod | head -1)
  81. JMOD_VERSION_AARCH64=${JMOD_VERSION_AARCH64#*@}
  82. JMOD_VERSION_AARCH64=${JMOD_VERSION_AARCH64%%.*}
  83. POM_JFX_VERSION=$(mvn help:evaluate "-Dexpression=javafx.version" -q -DforceStdout)
  84. POM_JFX_VERSION=${POM_JFX_VERSION#*@}
  85. POM_JFX_VERSION=${POM_JFX_VERSION%%.*}
  86. if [ $POM_JFX_VERSION -ne $JMOD_VERSION_AMD64 ]; then
  87. >&2 echo "Major JavaFX version in pom.xml (${POM_JFX_VERSION}) != amd64 jmod version (${JMOD_VERSION_AMD64})"
  88. exit 1
  89. fi
  90. if [ $POM_JFX_VERSION -ne $JMOD_VERSION_AARCH64 ]; then
  91. >&2 echo "Major JavaFX version in pom.xml (${POM_JFX_VERSION}) != aarch64 jmod version (${JMOD_VERSION_AARCH64})"
  92. exit 1
  93. fi
  94. - name: Create orig.tar.gz with common/ libs/ mods/ jmods/
  95. run: |
  96. mkdir pkgdir
  97. cp -r target/libs pkgdir
  98. cp -r target/mods pkgdir
  99. cp -r jmods pkgdir
  100. cp -r dist/linux/common/ pkgdir
  101. cp target/cryptomator-*.jar pkgdir/mods
  102. tar -cJf cryptomator_${{ steps.deb-version.outputs.debVersion }}.orig.tar.xz -C pkgdir .
  103. - name: Patch and rename pkgdir
  104. run: |
  105. cp -r dist/linux/debian/ pkgdir
  106. export RFC2822_TIMESTAMP=`date --rfc-2822`
  107. export DISABLE_UPDATE_CHECK=${{ inputs.dput }}
  108. envsubst '${SEMVER_STR} ${VERSION_NUM} ${REVISION_NUM} ${DISABLE_UPDATE_CHECK}' < dist/linux/debian/rules > pkgdir/debian/rules
  109. envsubst '${PPA_VERSION} ${RFC2822_TIMESTAMP}' < dist/linux/debian/changelog > pkgdir/debian/changelog
  110. find . -name "*.jar" >> pkgdir/debian/source/include-binaries
  111. mv pkgdir cryptomator_${{ steps.deb-version.outputs.debVersion }}
  112. env:
  113. SEMVER_STR: ${{ needs.get-version.outputs.semVerStr }}
  114. VERSION_NUM: ${{ needs.get-version.outputs.semVerNum }}
  115. REVISION_NUM: ${{ needs.get-version.outputs.revNum }}
  116. PPA_VERSION: ${{ steps.deb-version.outputs.debVersion }}-0ppa1
  117. - name: Prepare GPG-Agent for signing with key 615D449FE6E6A235
  118. run: |
  119. echo "${GPG_PRIVATE_KEY}" | gpg --batch --quiet --import
  120. echo "${GPG_PASSPHRASE}" | gpg --batch --quiet --passphrase-fd 0 --pinentry-mode loopback -u 615D449FE6E6A235 --dry-run --sign README.md
  121. env:
  122. GPG_PRIVATE_KEY: ${{ secrets.RELEASES_GPG_PRIVATE_KEY }}
  123. GPG_PASSPHRASE: ${{ secrets.RELEASES_GPG_PASSPHRASE }}
  124. - name: debuild
  125. run: |
  126. (sleep 8m; gpg --batch --quiet --pinentry-mode loopback -u 615D449FE6E6A235 --dry-run --sign README.md) &
  127. debuild -S -sa -d
  128. debuild -b -sa -d
  129. env:
  130. DEBSIGN_PROGRAM: gpg --batch --pinentry-mode loopback
  131. DEBSIGN_KEYID: 615D449FE6E6A235
  132. working-directory: cryptomator_${{ steps.deb-version.outputs.debVersion }}
  133. - name: Create detached GPG signatures
  134. run: |
  135. gpg --batch --quiet --passphrase-fd 0 --pinentry-mode loopback -u 615D449FE6E6A235 --detach-sign -a cryptomator_*_amd64.deb
  136. - name: Upload artifacts
  137. uses: actions/upload-artifact@v4
  138. with:
  139. name: linux-deb-package
  140. path: |
  141. cryptomator_*.dsc
  142. cryptomator_*.orig.tar.xz
  143. cryptomator_*.debian.tar.xz
  144. cryptomator_*_source.buildinfo
  145. cryptomator_*_source.changes
  146. cryptomator_*_amd64.deb
  147. cryptomator_*.asc
  148. - name: Publish on PPA
  149. if: inputs.dput && inputs.ppaver != ''
  150. run: dput ppa:sebastian-stenzel/cryptomator-beta cryptomator_*_source.changes
  151. # If ref is a tag, also upload to GitHub Releases:
  152. - name: Publish Debian package on GitHub Releases
  153. if: startsWith(github.ref, 'refs/tags/') && inputs.dput
  154. env:
  155. GITHUB_TOKEN: ${{ secrets.CRYPTOBOT_RELEASE_TOKEN }}
  156. run: |
  157. artifacts=$(ls | grep cryptomator*.deb)
  158. gh release upload ${{ github.ref_name }} $artifacts