element-desktop/.github/workflows/build_linux.yaml

# This workflow relies on actions/cache to store the hak dependency artifacts as they take a long time to build
# Due to this extra care must be taken to only ever run all build_* scripts against the same branch to ensure
# the correct cache scoping, and additional care must be taken to not run untrusted actions on the develop branch.
on:
    workflow_call:
        secrets:
            GPG_PRIVATE_KEY:
                required: false
            GPG_PASSPHRASE:
                required: false
            CF_R2_ACCESS_KEY_ID:
                required: false
            CF_R2_TOKEN:
                required: false
            CF_R2_S3_API:
                required: false
        inputs:
            version:
                type: string
                required: false
                description: "Version string to override the one in package.json, used for non-release builds"
            sqlcipher:
                type: string
                required: true
                description: "How to link sqlcipher, one of 'system' | 'static'"
            deploy-mode:
                type: string
                required: false
                description: "Whether to arrange artifacts in the arrangement needed for deployment, skipping unrelated ones, this uses reprepro and requires 'packages.element.io' environment"
jobs:
    build:
        runs-on: ubuntu-latest
        environment: ${{ inputs.deploy-mode && 'packages.element.io' || '' }}
        steps:
            - uses: actions/checkout@v3

            - uses: actions/download-artifact@v3
              with:
                  name: webapp

            - name: Cache .hak
              id: cache
              uses: actions/cache@v3
              with:
                  key: ${{ runner.os }}-${{ hashFiles('hakDependencies.json', 'electronVersion') }}
                  path: |
                      ./.hak

            - name: Install Rust
              if: steps.cache.outputs.cache-hit != 'true'
              uses: actions-rs/toolchain@v1
              with:
                  toolchain: stable

            - name: Install libsqlcipher-dev
              if: steps.cache.outputs.cache-hit != 'true' && inputs.sqlcipher == 'system'
              run: sudo apt-get install -y libsqlcipher-dev

            - uses: actions/setup-node@v3
              with:
                  cache: "yarn"

            # Does not need branch matching as only analyses this layer
            - name: Install Deps
              run: "yarn install --pure-lockfile"

            - name: Build Natives
              if: steps.cache.outputs.cache-hit != 'true'
              run: "yarn build:native"
              env:
                  SQLCIPHER_STATIC: ${{ inputs.sqlcipher == 'static' && '1' || '' }}

            - name: '[Nightly] Resolve version'
              id: nightly
              if: inputs.version != ''
              run: |
                  echo "config-args=--nightly '${{ inputs.version }}'" >> $GITHUB_OUTPUT

            - name: Generate debian control file
              run: |
                  cp element.io/${{ inputs.version && 'nightly' || 'release' }}/control.template debcontrol
                  INPUT_VERSION="${{ inputs.version }}"
                  VERSION=${INPUT_VERSION:-$(cat package.json | jq -r .version)}
                  echo "Version: $VERSION" >> debcontrol

            - name: Build App
              run: |
                  scripts/generate-builder-config.ts ${{ steps.nightly.outputs.config-args }} --deb-custom-control=debcontrol
                  yarn build --publish never -l --config electron-builder.json

            - name: Load GPG key
              if: inputs.deploy-mode
              uses: crazy-max/ghaction-import-gpg@111c56156bcc6918c056dbef52164cfa583dc549 # v5
              with:
                  gpg_private_key: ${{ secrets.GPG_PRIVATE_KEY }}
                  passphrase: ${{ secrets.GPG_PASSPHRASE }}
                  fingerprint: 75741890063E5E9A46135D01C2850B265AC085BD

            - name: Prepare artifacts for deployment (reprepro)
              if: inputs.deploy-mode
              run: |
                  # Clear out the template packages.element.io directory, it has a dedicated deploy workflow
                  rm -R packages.element.io/*
                  
                  # Install reprepro
                  sudo apt-get install -y reprepro
                  
                  # Fetch reprepro database
                  aws s3 cp --recursive s3://$R2_BUCKET debian/db/ --endpoint-url $R2_URL --region auto
                  
                  grep Codename debian/conf/distributions | sed -n 's/Codename: //p' | while read -r target ; do
                      reprepro -b debian includedeb "$target" ./dist/*.deb
                  done
                  
                  # Store reprepro database
                  aws s3 cp --recursive debian/db/ s3://$R2_BUCKET --endpoint-url $R2_URL --region auto
              env:
                  R2_BUCKET: packages-element-io-db
                  AWS_ACCESS_KEY_ID: ${{ secrets.CF_R2_ACCESS_KEY_ID }}
                  AWS_SECRET_ACCESS_KEY: ${{ secrets.CF_R2_TOKEN }}
                  R2_URL: ${{ secrets.CF_R2_S3_API }}

            - name: Upload Artifacts
              uses: actions/upload-artifact@v3
              with:
                  name: ${{ inputs.deploy-mode && 'packages.element.io' || format('linux-sqlcipher-{0}', inputs.sqlcipher) }}
                  path: ${{ inputs.deploy-mode && 'packages.element.io' || 'dist' }}
                  retention-days: 1
Improve build time in CI through caching native modules (#482) * Improve caching of hak native modules * Avoid double-hashing * Skip native installs where cache is hit * Include Electron version in the hash, it affects the ABI * Add missing step IDs * Add comments 2022-12-13 15:12:40 +01:00			`# This workflow relies on actions/cache to store the hak dependency artifacts as they take a long time to build`
			`# Due to this extra care must be taken to only ever run all build_* scripts against the same branch to ensure`
			`# the correct cache scoping, and additional care must be taken to not run untrusted actions on the develop branch.`
Improve CI stability and tidy it up (#451) 2022-11-11 16:15:21 +01:00			`on:`
Format all files with prettier 2022-12-15 12:00:58 +01:00			`workflow_call:`
Build & Package signed Linux builds (#527) 2023-02-20 13:09:45 +01:00			`secrets:`
			`GPG_PRIVATE_KEY:`
			`required: false`
			`GPG_PASSPHRASE:`
			`required: false`
			`CF_R2_ACCESS_KEY_ID:`
			`required: false`
			`CF_R2_TOKEN:`
			`required: false`
			`CF_R2_S3_API:`
			`required: false`
Format all files with prettier 2022-12-15 12:00:58 +01:00			`inputs:`
Build & Package signed Linux builds (#527) 2023-02-20 13:09:45 +01:00			`version:`
			`type: string`
			`required: false`
			`description: "Version string to override the one in package.json, used for non-release builds"`
Format all files with prettier 2022-12-15 12:00:58 +01:00			`sqlcipher:`
			`type: string`
			`required: true`
			`description: "How to link sqlcipher, one of 'system' \| 'static'"`
Build & Package signed Linux builds (#527) 2023-02-20 13:09:45 +01:00			`deploy-mode:`
			`type: string`
			`required: false`
			`description: "Whether to arrange artifacts in the arrangement needed for deployment, skipping unrelated ones, this uses reprepro and requires 'packages.element.io' environment"`
Improve CI stability and tidy it up (#451) 2022-11-11 16:15:21 +01:00			`jobs:`
Format all files with prettier 2022-12-15 12:00:58 +01:00			`build:`
			`runs-on: ubuntu-latest`
Build & Package signed Linux builds (#527) 2023-02-20 13:09:45 +01:00			`environment: ${{ inputs.deploy-mode && 'packages.element.io' \|\| '' }}`
Format all files with prettier 2022-12-15 12:00:58 +01:00			`steps:`
			`- uses: actions/checkout@v3`
Improve CI stability and tidy it up (#451) 2022-11-11 16:15:21 +01:00
Format all files with prettier 2022-12-15 12:00:58 +01:00			`- uses: actions/download-artifact@v3`
			`with:`
			`name: webapp`
Improve CI stability and tidy it up (#451) 2022-11-11 16:15:21 +01:00
Format all files with prettier 2022-12-15 12:00:58 +01:00			`- name: Cache .hak`
			`id: cache`
			`uses: actions/cache@v3`
			`with:`
			`key: ${{ runner.os }}-${{ hashFiles('hakDependencies.json', 'electronVersion') }}`
			`path: \|`
			`./.hak`
Improve CI stability and tidy it up (#451) 2022-11-11 16:15:21 +01:00
Format all files with prettier 2022-12-15 12:00:58 +01:00			`- name: Install Rust`
			`if: steps.cache.outputs.cache-hit != 'true'`
			`uses: actions-rs/toolchain@v1`
			`with:`
			`toolchain: stable`
Improve CI stability and tidy it up (#451) 2022-11-11 16:15:21 +01:00
Format all files with prettier 2022-12-15 12:00:58 +01:00			`- name: Install libsqlcipher-dev`
			`if: steps.cache.outputs.cache-hit != 'true' && inputs.sqlcipher == 'system'`
			`run: sudo apt-get install -y libsqlcipher-dev`
Improve CI stability and tidy it up (#451) 2022-11-11 16:15:21 +01:00
Format all files with prettier 2022-12-15 12:00:58 +01:00			`- uses: actions/setup-node@v3`
			`with:`
			`cache: "yarn"`
Improve CI stability and tidy it up (#451) 2022-11-11 16:15:21 +01:00
Format all files with prettier 2022-12-15 12:00:58 +01:00			`# Does not need branch matching as only analyses this layer`
			`- name: Install Deps`
			`run: "yarn install --pure-lockfile"`
Improve CI stability and tidy it up (#451) 2022-11-11 16:15:21 +01:00
Format all files with prettier 2022-12-15 12:00:58 +01:00			`- name: Build Natives`
			`if: steps.cache.outputs.cache-hit != 'true'`
			`run: "yarn build:native"`
			`env:`
			`SQLCIPHER_STATIC: ${{ inputs.sqlcipher == 'static' && '1' \|\| '' }}`
Improve CI stability and tidy it up (#451) 2022-11-11 16:15:21 +01:00
Build & Package signed Linux builds (#527) 2023-02-20 13:09:45 +01:00			`- name: '[Nightly] Resolve version'`
			`id: nightly`
			`if: inputs.version != ''`
			`run: \|`
			`echo "config-args=--nightly '${{ inputs.version }}'" >> $GITHUB_OUTPUT`

			`- name: Generate debian control file`
			`run: \|`
			`cp element.io/${{ inputs.version && 'nightly' \|\| 'release' }}/control.template debcontrol`
			`INPUT_VERSION="${{ inputs.version }}"`
			`VERSION=${INPUT_VERSION:-$(cat package.json \| jq -r .version)}`
			`echo "Version: $VERSION" >> debcontrol`

Format all files with prettier 2022-12-15 12:00:58 +01:00			`- name: Build App`
Build & Package signed Linux builds (#527) 2023-02-20 13:09:45 +01:00			`run: \|`
			`scripts/generate-builder-config.ts ${{ steps.nightly.outputs.config-args }} --deb-custom-control=debcontrol`
			`yarn build --publish never -l --config electron-builder.json`
Improve CI stability and tidy it up (#451) 2022-11-11 16:15:21 +01:00
Build & Package signed Linux builds (#527) 2023-02-20 13:09:45 +01:00			`- name: Load GPG key`
			`if: inputs.deploy-mode`
			`uses: crazy-max/ghaction-import-gpg@111c56156bcc6918c056dbef52164cfa583dc549 # v5`
			`with:`
			`gpg_private_key: ${{ secrets.GPG_PRIVATE_KEY }}`
			`passphrase: ${{ secrets.GPG_PASSPHRASE }}`
			`fingerprint: 75741890063E5E9A46135D01C2850B265AC085BD`

			`- name: Prepare artifacts for deployment (reprepro)`
			`if: inputs.deploy-mode`
			`run: \|`
			`# Clear out the template packages.element.io directory, it has a dedicated deploy workflow`
			`rm -R packages.element.io/*`

			`# Install reprepro`
			`sudo apt-get install -y reprepro`

			`# Fetch reprepro database`
			`aws s3 cp --recursive s3://$R2_BUCKET debian/db/ --endpoint-url $R2_URL --region auto`

			`grep Codename debian/conf/distributions \| sed -n 's/Codename: //p' \| while read -r target ; do`
			`reprepro -b debian includedeb "$target" ./dist/*.deb`
			`done`

			`# Store reprepro database`
			`aws s3 cp --recursive debian/db/ s3://$R2_BUCKET --endpoint-url $R2_URL --region auto`
			`env:`
			`R2_BUCKET: packages-element-io-db`
			`AWS_ACCESS_KEY_ID: ${{ secrets.CF_R2_ACCESS_KEY_ID }}`
			`AWS_SECRET_ACCESS_KEY: ${{ secrets.CF_R2_TOKEN }}`
			`R2_URL: ${{ secrets.CF_R2_S3_API }}`
Improve CI stability and tidy it up (#451) 2022-11-11 16:15:21 +01:00
Format all files with prettier 2022-12-15 12:00:58 +01:00			`- name: Upload Artifacts`
			`uses: actions/upload-artifact@v3`
			`with:`
Build & Package signed Linux builds (#527) 2023-02-20 13:09:45 +01:00			`name: ${{ inputs.deploy-mode && 'packages.element.io' \|\| format('linux-sqlcipher-{0}', inputs.sqlcipher) }}`
			`path: ${{ inputs.deploy-mode && 'packages.element.io' \|\| 'dist' }}`
Format all files with prettier 2022-12-15 12:00:58 +01:00			`retention-days: 1`