201 lines
7.2 KiB
YAML
201 lines
7.2 KiB
YAML
name: ci
|
|
|
|
on:
|
|
push:
|
|
branches: [ main, release-* ]
|
|
tags:
|
|
'v*'
|
|
pull_request:
|
|
branches: [ main ]
|
|
env:
|
|
QT_VERSION: 6.5.2
|
|
jobs:
|
|
# This is a super hacky way to get this into a place that can actually be
|
|
# used by downstream jobs because YAML values don't allow shell
|
|
# interpolation, only github expression interpolation
|
|
run-info:
|
|
name: Gather Run Info
|
|
runs-on: ubuntu-latest
|
|
outputs:
|
|
sha8: ${{ steps.calc-info.outputs.sha8 }}
|
|
isRelease: ${{ steps.calc-info.outputs.isRelease }}
|
|
signMacRelease: ${{ steps.calc-info.outputs.signMacRelease }}
|
|
signWinRelease: ${{ steps.calc-info.outputs.signWinRelease }}
|
|
steps:
|
|
- name: CheckRun Info
|
|
env:
|
|
MCERT: ${{secrets.MACOS_CERT}}
|
|
WCERT: ${{ secrets.WINDOWS_CERT }}
|
|
id: calc-info
|
|
run: |
|
|
MSIGN="false"
|
|
WSIGN="false"
|
|
RELEASE="false"
|
|
if [[ "$GITHUB_REF" == *"tags/v"* || "$GITHUB_REF" == *"refs/heads/release" ]]; then
|
|
RELEASE="true"
|
|
NAME="$GITHUB_REF_NAME"
|
|
fi
|
|
if [[ "$MCERT" != "" ]]; then
|
|
MSIGN="true"
|
|
fi
|
|
if [[ "$WCERT" != "" ]]; then
|
|
WSIGN="true"
|
|
fi
|
|
if [[ "$NAME" == "" ]]; then
|
|
NAME="continuous"
|
|
fi
|
|
echo "signMacRelease=$MSIGN" >> $GITHUB_OUTPUT
|
|
echo "signWinRelease=$WSIGN" >> $GITHUB_OUTPUT
|
|
echo "sha8=$NAME" >> $GITHUB_OUTPUT
|
|
echo "isRelease=$RELEASE" >> $GITHUB_OUTPUT
|
|
|
|
build:
|
|
name: ${{ matrix.config.name }}
|
|
runs-on: ${{ matrix.config.os }}
|
|
needs: run-info
|
|
strategy:
|
|
fail-fast: false
|
|
matrix:
|
|
config:
|
|
- {
|
|
name: "Linux"
|
|
, os: ubuntu-20.04
|
|
, QT_INST_DIR: /opt
|
|
, extraCMakeConfig: "-DCMAKE_INSTALL_PREFIX=/usr"
|
|
}
|
|
- {
|
|
name: "Mac"
|
|
, os: macos-latest
|
|
, QT_INST_DIR: /Users/runner
|
|
, extraCMakeConfig: "-DCMAKE_OSX_ARCHITECTURES=\"arm64;x86_64\""
|
|
, cmakeSigning: "-DNOTARIZE_AS=\"John Kennedy\""
|
|
, buildTarget: "--target package"
|
|
}
|
|
- {
|
|
name: "Windows", WIN_ARCH: "x64"
|
|
, os: windows-2019
|
|
, QT_INST_DIR: "C:/", QT_ARCH: win64_msvc2019_64
|
|
, extraCMakeConfig: "-G Ninja"
|
|
, buildTarget: "--target package"
|
|
}
|
|
steps:
|
|
- name: Setup env
|
|
shell: bash
|
|
run: |
|
|
echo "name=ashirt-${{ needs.run-info.outputs.sha8 }}" >> $GITHUB_ENV
|
|
echo "githash=${{ needs.run-info.outputs.sha8 }}" >> $GITHUB_ENV
|
|
echo "signMacRelease=${{ needs.run-info.outputs.signMacRelease }}" >> $GITHUB_ENV
|
|
echo "signWinRelease=${{ needs.run-info.outputs.signWinRelease }}" >> $GITHUB_ENV
|
|
|
|
- name: Check out code
|
|
uses: actions/checkout@v4
|
|
with:
|
|
submodules: true
|
|
fetch-depth: 0
|
|
- run: git fetch --tags --force
|
|
|
|
- name: Env Script (windows)
|
|
uses: ilammy/msvc-dev-cmd@v1
|
|
if: runner.os == 'Windows'
|
|
with:
|
|
arch: ${{matrix.config.WIN_ARCH}}
|
|
|
|
- name: Import Signing Certificate ( windows )
|
|
if: runner.os == 'Windows' && env.signWinRelease == 'true'
|
|
run: |
|
|
New-Item -ItemType directory -Path build\certificate
|
|
Set-Content -Path build\certificate\certificate.txt -Value '${{ secrets.WINDOWS_CERT }}'
|
|
certutil -decode build\certificate\certificate.txt build\certificate\certificate.pfx
|
|
|
|
- name: Import Signing Certificate ( macos )
|
|
if: runner.os == 'macOS' && env.signMacRelease == 'true'
|
|
uses: Apple-Actions/import-codesign-certs@v2
|
|
with:
|
|
p12-file-base64: ${{ secrets.MACOS_CERT }}
|
|
p12-password: ${{ secrets.MACOS_PASS }}
|
|
|
|
- name: Install Qt
|
|
uses: jurplel/install-qt-action@v3.3.0
|
|
with:
|
|
aqtversion: ==2.0.0
|
|
py7zrversion: ==0.16.2
|
|
dir: ${{matrix.config.QT_INST_DIR}}
|
|
arch: ${{ matrix.config.QT_ARCH }}
|
|
version: ${{ env.QT_VERSION }}
|
|
|
|
- name: Install Dependencies
|
|
shell: bash
|
|
run: |
|
|
if [ "$RUNNER_OS" == "Linux" ]; then
|
|
sudo apt-get update > /dev/null && sudo apt-get install -qqq libxcb-keysyms1-dev libxkbcommon-dev libxkbcommon-x11-dev libxcb-cursor0 > /dev/null
|
|
elif [ "$RUNNER_OS" == "Windows" ]; then
|
|
choco install ninja --ignore-checksums
|
|
fi
|
|
|
|
- name: Build
|
|
shell: bash
|
|
run: |
|
|
if [[ "${{ env.signMacRelease }}" == "true" ]]; then
|
|
cmake -S. -Bbuild -DCMAKE_BUILD_TYPE=Release -DCPACK_PACKAGE_VERSION="${{env.githash}}" ${{matrix.config.extraCMakeConfig}} ${{matrix.config.cmakeSigning}}
|
|
else
|
|
cmake -S. -Bbuild -DCMAKE_BUILD_TYPE=Release -DCPACK_PACKAGE_VERSION="${{env.githash}}" ${{matrix.config.extraCMakeConfig}}
|
|
fi
|
|
cmake --build build ${{ matrix.config.buildTarget }}
|
|
cd build
|
|
mkdir -p dist
|
|
if [ "$RUNNER_OS" == "Linux" ]; then
|
|
wget -qc "https://github.com/linuxdeploy/linuxdeploy/releases/download/continuous/linuxdeploy-x86_64.AppImage"
|
|
wget -qc "https://github.com/linuxdeploy/linuxdeploy-plugin-qt/releases/download/continuous/linuxdeploy-plugin-qt-x86_64.AppImage"
|
|
chmod a+x linuxdeploy*.AppImage
|
|
export VERSION=${{ env.githash }}
|
|
export PATH=$PATH:/opt/Qt/${{env.QT_VERSION}}/gcc_64/libexec
|
|
./linuxdeploy-x86_64.AppImage --appdir=appdir --output appimage \
|
|
-e src/ashirt \
|
|
-d ../deploy/ashirt.desktop \
|
|
-i ../deploy/hicolor/128x128/apps/ashirt.png \
|
|
--plugin=qt
|
|
elif [[ "$RUNNER_OS" == "macOS" && "${{ env.signMacRelease }}" == "true" ]]; then
|
|
brew tap mitchellh/gon
|
|
brew install mitchellh/gon/gon jq
|
|
export ID=${{ env.name }}.dmg
|
|
echo "${{ secrets.GON_CONF }}" | base64 -D -i - | jq '.notarize[0].path = env.ID' > notarize.json
|
|
gon notarize.json
|
|
elif [[ "$RUNNER_OS" == "Windows" && "${{ env.signWinRelease }}" == "true" ]]; then
|
|
signtool sign -f certificate\\certificate.pfx -fd certHash -p '${{ secrets.WIN_CERT_PASS }}' -t http://timestamp.digicert.com ${{env.name}}.exe
|
|
fi
|
|
mv ashirt*.* dist/
|
|
|
|
- name: Archive production artifacts
|
|
uses: actions/upload-artifact@v3
|
|
with:
|
|
name: ${{env.name}}
|
|
path: build/dist/ashirt*.*
|
|
|
|
release:
|
|
name: Release
|
|
needs: [run-info, build]
|
|
runs-on: ubuntu-latest
|
|
steps:
|
|
- name: Download Files
|
|
uses: actions/download-artifact@v3
|
|
|
|
- name: Deploy Continuous
|
|
if: github.ref == 'refs/heads/main'
|
|
uses: "marvinpinto/action-automatic-releases@latest"
|
|
with:
|
|
repo_token: "${{ secrets.GITHUB_TOKEN }}"
|
|
automatic_release_tag: "continuous"
|
|
prerelease: false
|
|
title: "Continuous Build"
|
|
files: ashirt-*/ashirt-*.*
|
|
|
|
- name: Deploy Tag
|
|
if: contains(github.ref, 'tags/v') || github.ref == 'refs/heads/release'
|
|
uses: "marvinpinto/action-automatic-releases@latest"
|
|
with:
|
|
repo_token: "${{ secrets.GITHUB_TOKEN }}"
|
|
automatic_release_tag: ${{ github.ref_name }}
|
|
prerelease: false
|
|
title: ${{ github.ref }}
|
|
files: ashirt-*/ashirt-*.*
|