mirror of
https://github.com/gwdevhub/Daybreak.git
synced 2026-07-15 15:19:57 +00:00
9d7f145c25
* Sign windows binaries * Fix temp test * Remove temporary test --------- Co-authored-by: Alexandru Macocian <amacocian@microsoft.com>
329 lines
12 KiB
YAML
329 lines
12 KiB
YAML
# Reusable CD pipeline with optional release publishing
|
|
name: Daybreak CD Template
|
|
|
|
on:
|
|
workflow_call:
|
|
inputs:
|
|
publishRelease:
|
|
description: "Whether to create and publish the GitHub release"
|
|
required: false
|
|
type: boolean
|
|
default: false
|
|
signBinaries:
|
|
description: "Whether to code-sign Windows binaries"
|
|
required: false
|
|
type: boolean
|
|
default: false
|
|
|
|
jobs:
|
|
# ───────────────────────────────────────────────────────
|
|
# Stage 1 — Build the x86 Windows-only components
|
|
# (Injector + API) that both platforms need.
|
|
# ───────────────────────────────────────────────────────
|
|
build-x86:
|
|
runs-on: windows-2025
|
|
|
|
outputs:
|
|
version: ${{ steps.get_version.outputs.version }}
|
|
|
|
env:
|
|
Configuration: Release
|
|
Actions_Allow_Unsecure_Commands: true
|
|
CERTUM_OTP_URI: ${{ secrets.CERTUM_OTP_URI }}
|
|
CERTUM_USERID: ${{ secrets.CERTUM_USERID }}
|
|
CERTUM_CERT_SHA1: ${{ secrets.CERTUM_CERT_SHA1 }}
|
|
|
|
steps:
|
|
- name: Checkout
|
|
uses: actions/checkout@v7
|
|
with:
|
|
fetch-depth: 0
|
|
submodules: recursive
|
|
|
|
- name: Get version
|
|
id: get_version
|
|
shell: pwsh
|
|
run: |
|
|
$version = (Select-String -Path Directory.Build.props -Pattern '<Version>(.*)</Version>').Matches.Groups[1].Value
|
|
echo "version=$version" >> $env:GITHUB_OUTPUT
|
|
|
|
- name: Install .NET
|
|
uses: actions/setup-dotnet@v5
|
|
with:
|
|
dotnet-version: "10.x"
|
|
|
|
- name: Publish x86 components
|
|
run: .\Scripts\PublishWindowsX86.ps1
|
|
shell: pwsh
|
|
|
|
# Certum SimplySign code signing. Binaries are signed only when explicitly
|
|
# requested and the Certum secrets are provisioned.
|
|
- name: Set up Certum SimplySign
|
|
if: inputs.signBinaries && env.CERTUM_OTP_URI != ''
|
|
shell: bash
|
|
run: |
|
|
chmod +x ./.github/scripts/install-simplysign.sh
|
|
./.github/scripts/install-simplysign.sh
|
|
powershell -ExecutionPolicy Bypass -File "./.github/scripts/configure-simplysign.ps1"
|
|
|
|
- name: Authenticate Certum SimplySign
|
|
if: inputs.signBinaries && env.CERTUM_OTP_URI != ''
|
|
shell: bash
|
|
run: powershell -ExecutionPolicy Bypass -File "./.github/scripts/connect-simplysign.ps1"
|
|
|
|
- name: Sign x86 binaries
|
|
if: inputs.signBinaries && env.CERTUM_OTP_URI != ''
|
|
run: |
|
|
./.github/scripts/sign-certum.ps1 -Files @(
|
|
"Publish/Injector/Daybreak.Injector.exe",
|
|
"Publish/Api/Daybreak.API.dll"
|
|
)
|
|
shell: pwsh
|
|
|
|
- name: Upload x86 artifacts
|
|
uses: actions/upload-artifact@v7
|
|
with:
|
|
name: x86-components
|
|
path: |
|
|
Publish/Injector/
|
|
Publish/Api/
|
|
retention-days: 1
|
|
|
|
# ───────────────────────────────────────────────────────
|
|
# Stage 2 — Platform builds (parallel)
|
|
# ───────────────────────────────────────────────────────
|
|
build-windows:
|
|
needs: build-x86
|
|
runs-on: windows-2025
|
|
|
|
env:
|
|
Configuration: Release
|
|
Actions_Allow_Unsecure_Commands: true
|
|
CERTUM_OTP_URI: ${{ secrets.CERTUM_OTP_URI }}
|
|
CERTUM_USERID: ${{ secrets.CERTUM_USERID }}
|
|
CERTUM_CERT_SHA1: ${{ secrets.CERTUM_CERT_SHA1 }}
|
|
|
|
steps:
|
|
- name: Checkout
|
|
uses: actions/checkout@v7
|
|
with:
|
|
fetch-depth: 0
|
|
submodules: recursive
|
|
|
|
- name: Install .NET
|
|
uses: actions/setup-dotnet@v5
|
|
with:
|
|
dotnet-version: "10.x"
|
|
|
|
- name: Setup project secrets
|
|
run: |
|
|
dotnet user-secrets --project Daybreak.Core\Daybreak.Core.csproj set AadApplicationId "${{ secrets.AadApplicationId }}"
|
|
dotnet user-secrets --project Daybreak.Core\Daybreak.Core.csproj set AadTenantId "${{ secrets.AadTenantId }}"
|
|
dotnet user-secrets --project Daybreak.Core\Daybreak.Core.csproj set ApmServiceAccount "${{ secrets.ApmServiceAccount }}"
|
|
dotnet user-secrets --project Daybreak.Core\Daybreak.Core.csproj set ApmServiceKey "${{ secrets.ApmServiceKey }}"
|
|
dotnet user-secrets --project Daybreak.Core\Daybreak.Core.csproj set ApmUri "${{ secrets.ApmUri }}"
|
|
|
|
- name: Download x86 artifacts
|
|
uses: actions/download-artifact@v8
|
|
with:
|
|
name: x86-components
|
|
path: Publish/
|
|
|
|
- name: Publish Windows x64
|
|
run: .\Scripts\PublishWindows.ps1
|
|
shell: pwsh
|
|
|
|
- name: Set up Certum SimplySign
|
|
if: inputs.signBinaries && env.CERTUM_OTP_URI != ''
|
|
shell: bash
|
|
run: |
|
|
chmod +x ./.github/scripts/install-simplysign.sh
|
|
./.github/scripts/install-simplysign.sh
|
|
powershell -ExecutionPolicy Bypass -File "./.github/scripts/configure-simplysign.ps1"
|
|
|
|
- name: Authenticate Certum SimplySign
|
|
if: inputs.signBinaries && env.CERTUM_OTP_URI != ''
|
|
shell: bash
|
|
run: powershell -ExecutionPolicy Bypass -File "./.github/scripts/connect-simplysign.ps1"
|
|
|
|
- name: Sign Windows build
|
|
if: inputs.signBinaries && env.CERTUM_OTP_URI != ''
|
|
run: |
|
|
./.github/scripts/sign-certum.ps1 -Files @(
|
|
"Publish/Daybreak.exe",
|
|
"Publish/Installer/Daybreak.Installer.exe"
|
|
)
|
|
shell: pwsh
|
|
|
|
- name: Upload Windows build
|
|
uses: actions/upload-artifact@v7
|
|
with:
|
|
name: windows-build
|
|
path: Publish/
|
|
retention-days: 1
|
|
|
|
build-linux:
|
|
needs: build-x86
|
|
runs-on: ubuntu-latest
|
|
|
|
env:
|
|
Configuration: Release
|
|
|
|
steps:
|
|
- name: Checkout
|
|
uses: actions/checkout@v7
|
|
with:
|
|
fetch-depth: 0
|
|
submodules: recursive
|
|
|
|
- name: Install .NET
|
|
uses: actions/setup-dotnet@v5
|
|
with:
|
|
dotnet-version: "10.x"
|
|
|
|
- name: Setup project secrets
|
|
run: |
|
|
dotnet user-secrets --project Daybreak.Core/Daybreak.Core.csproj set AadApplicationId "${{ secrets.AadApplicationId }}"
|
|
dotnet user-secrets --project Daybreak.Core/Daybreak.Core.csproj set AadTenantId "${{ secrets.AadTenantId }}"
|
|
dotnet user-secrets --project Daybreak.Core/Daybreak.Core.csproj set ApmServiceAccount "${{ secrets.ApmServiceAccount }}"
|
|
dotnet user-secrets --project Daybreak.Core/Daybreak.Core.csproj set ApmServiceKey "${{ secrets.ApmServiceKey }}"
|
|
dotnet user-secrets --project Daybreak.Core/Daybreak.Core.csproj set ApmUri "${{ secrets.ApmUri }}"
|
|
|
|
- name: Download x86 artifacts
|
|
uses: actions/download-artifact@v8
|
|
with:
|
|
name: x86-components
|
|
path: Publish/
|
|
|
|
- name: Publish Linux x64
|
|
run: pwsh ./Scripts/PublishLinux.ps1
|
|
shell: bash
|
|
|
|
- name: Set executable permissions
|
|
run: |
|
|
chmod +x Publish/Daybreak
|
|
chmod +x Publish/Daybreak.Wayland.sh
|
|
chmod +x Publish/Installer/Daybreak.Installer
|
|
|
|
- name: Upload Linux build
|
|
uses: actions/upload-artifact@v7
|
|
with:
|
|
name: linux-build
|
|
path: Publish/
|
|
retention-days: 1
|
|
|
|
# ───────────────────────────────────────────────────────
|
|
# Stage 3 — Package (always)
|
|
# ───────────────────────────────────────────────────────
|
|
package:
|
|
needs: [build-x86, build-windows, build-linux]
|
|
runs-on: ubuntu-latest
|
|
|
|
env:
|
|
Actions_Allow_Unsecure_Commands: true
|
|
Version: ${{ needs.build-x86.outputs.version }}
|
|
|
|
steps:
|
|
# ── Windows package ──
|
|
- name: Download Windows build
|
|
uses: actions/download-artifact@v8
|
|
with:
|
|
name: windows-build
|
|
path: windows-publish/
|
|
|
|
- name: Clean and zip Windows build
|
|
run: |
|
|
cd windows-publish
|
|
find . -name '*.pdb' -delete
|
|
find . -name '*.dbg' -delete
|
|
if [ -f Installer/Daybreak.Installer.exe ]; then
|
|
mv Installer/Daybreak.Installer.exe Installer/Daybreak.Installer.Temp.exe
|
|
fi
|
|
cd ..
|
|
cd windows-publish && zip -r ../daybreakv${{ env.Version }}.zip . && cd ..
|
|
|
|
# ── Linux package ──
|
|
- name: Download Linux build
|
|
uses: actions/download-artifact@v8
|
|
with:
|
|
name: linux-build
|
|
path: linux-publish/
|
|
|
|
- name: Clean and zip Linux build
|
|
run: |
|
|
cd linux-publish
|
|
find . -name '*.pdb' -delete
|
|
find . -name '*.dbg' -delete
|
|
if [ -f Installer/Daybreak.Installer ]; then
|
|
chmod +x Installer/Daybreak.Installer
|
|
mv Installer/Daybreak.Installer Installer/Daybreak.Installer.Temp
|
|
fi
|
|
chmod +x Daybreak Daybreak.Wayland.sh
|
|
cd ..
|
|
cd linux-publish && zip -r ../daybreakv${{ env.Version }}-linux.zip . && cd ..
|
|
|
|
- name: Upload release artifacts
|
|
uses: actions/upload-artifact@v7
|
|
with:
|
|
name: release-zips
|
|
path: |
|
|
daybreakv${{ env.Version }}.zip
|
|
daybreakv${{ env.Version }}-linux.zip
|
|
retention-days: 7
|
|
|
|
# ───────────────────────────────────────────────────────
|
|
# Stage 4 — Release (optional)
|
|
# ───────────────────────────────────────────────────────
|
|
release:
|
|
needs: [build-x86, package]
|
|
runs-on: ubuntu-latest
|
|
if: ${{ inputs.publishRelease }}
|
|
|
|
env:
|
|
Actions_Allow_Unsecure_Commands: true
|
|
Version: ${{ needs.build-x86.outputs.version }}
|
|
|
|
steps:
|
|
- name: Checkout
|
|
uses: actions/checkout@v7
|
|
with:
|
|
fetch-depth: 0
|
|
submodules: recursive
|
|
|
|
- name: Download release artifacts
|
|
uses: actions/download-artifact@v8
|
|
with:
|
|
name: release-zips
|
|
path: release-assets/
|
|
|
|
- name: Get Latest Tag
|
|
id: getLatestTag
|
|
uses: WyriHaximus/github-action-get-previous-tag@v2
|
|
|
|
- name: Generate changelog
|
|
id: changelog
|
|
run: |
|
|
changeLog=$(git log --no-merges --pretty="%h - %s (%an)<br />" ${{ steps.getLatestTag.outputs.tag }}..HEAD)
|
|
echo "content<<EOF" >> $GITHUB_OUTPUT
|
|
echo "$changeLog" >> $GITHUB_OUTPUT
|
|
echo "EOF" >> $GITHUB_OUTPUT
|
|
|
|
# ── Release ──
|
|
- name: Create release draft
|
|
uses: Xotl/cool-github-releases@v1.1.10
|
|
with:
|
|
mode: update
|
|
tag_name: v${{ env.Version }}
|
|
release_name: Daybreak v${{ env.Version }}
|
|
assets: release-assets/daybreakv${{ env.Version }}.zip;release-assets/daybreakv${{ env.Version }}-linux.zip
|
|
github_token: ${{ secrets.GITHUB_TOKEN }}
|
|
replace_assets: true
|
|
body_mrkdwn: |
|
|
${{ steps.changelog.outputs.content }}
|
|
isDraft: true
|
|
|
|
- name: Publish release
|
|
run: gh release edit v${{ env.Version }} --draft=false
|
|
env:
|
|
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
|