1+ name : build-git-installers
2+
3+ on :
4+ push :
5+ tags :
6+ - ' v[0-9]*vfs*' # matches "v<number><any characters>vfs<any characters>"
7+
8+ env :
9+ INCLUDE_SCALAR : 1
10+
11+ jobs :
12+ # Check prerequisites for the workflow
13+ prereqs :
14+ runs-on : ubuntu-latest
15+ env :
16+ AZ_SUB : ${{ secrets.AZURE_SUBSCRIPTION }}
17+ AZ_CREDS : ${{ secrets.AZURE_CREDENTIALS }}
18+ outputs :
19+ tag_name : ${{ steps.tag.outputs.name }} # The full name of the tag, e.g. v2.32.0.vfs.0.0
20+ tag_version : ${{ steps.tag.outputs.version }} # The version number (without preceding "v"), e.g. 2.32.0.vfs.0.0
21+ steps :
22+ - name : Determine tag to build
23+ run : |
24+ echo "::set-output name=name::${GITHUB_REF#refs/tags/}"
25+ echo "::set-output name=version::${GITHUB_REF#refs/tags/v}"
26+ id : tag
27+ - name : Clone git
28+ uses : actions/checkout@v2
29+ - name : Validate the tag identified with trigger
30+ run : |
31+ die () {
32+ echo "::error::$*" >&2
33+ exit 1
34+ }
35+
36+ # `actions/checkout` only downloads the peeled tag (i.e. the commit)
37+ git fetch origin +$GITHUB_REF:$GITHUB_REF
38+
39+ # Verify that the tag is annotated
40+ test $(git cat-file -t "$GITHUB_REF") == "tag" || die "Tag ${{ steps.tag.outputs.name }} is not annotated"
41+
42+ # Verify tag follows rules in GIT-VERSION-GEN (i.e., matches the specified "DEF_VER" in
43+ # GIT-VERSION-FILE) and matches tag determined from trigger
44+ make GIT-VERSION-FILE
45+ test "${{ steps.tag.outputs.version }}" == "$(sed -n 's/^GIT_VERSION = //p'< GIT-VERSION-FILE)" || die "GIT-VERSION-FILE tag does not match ${{ steps.tag.outputs.name }}"
46+ # End check prerequisites for the workflow
47+
48+ # Build Windows installers (x86_64 installer & portable)
49+ windows_pkg :
50+ runs-on : windows-latest
51+ needs : prereqs
52+ env :
53+ GPG_OPTIONS : " --batch --yes --no-tty --list-options no-show-photos --verify-options no-show-photos --pinentry-mode loopback"
54+ HOME : " ${{github.workspace}}\\ home"
55+ USERPROFILE : " ${{github.workspace}}\\ home"
56+ steps :
57+ - name : Configure user
58+ shell : bash
59+ run :
60+ USER_NAME="${{github.actor}}" &&
61+ USER_EMAIL="${{github.actor}}@users.noreply.github.com" &&
62+ mkdir -p "$HOME" &&
63+ git config --global user.name "$USER_NAME" &&
64+ git config --global user.email "$USER_EMAIL" &&
65+ echo "PACKAGER=$USER_NAME <$USER_EMAIL>" >>$GITHUB_ENV
66+ - uses : git-for-windows/setup-git-for-windows-sdk@v1
67+ with :
68+ flavor : build-installers
69+ - name : Clone build-extra
70+ shell : bash
71+ run : |
72+ git clone --single-branch -b main https://github.com/git-for-windows/build-extra /usr/src/build-extra
73+ name : Clone git
74+ shell : bash
75+ run : |
76+ # Since we cannot directly clone a specified tag (as we would a branch with `git clone -b <branch name>`),
77+ # this clone has to be done manually (via init->fetch->reset).
78+
79+ tag_name="${{ needs.prereqs.outputs.tag_name }}" &&
80+ git -c init.defaultBranch=main init &&
81+ git remote add -f origin https://github.com/git-for-windows/git &&
82+ git fetch "https://github.com/${{github.repository}}" refs/tags/${tag_name}:refs/tags/${tag_name} &&
83+ git reset --hard ${tag_name}
84+ name : Prepare home directory for code-signing
85+ env :
86+ CODESIGN_P12 : ${{secrets.CODESIGN_P12}}
87+ CODESIGN_PASS : ${{secrets.CODESIGN_PASS}}
88+ if : env.CODESIGN_P12 != '' && env.CODESIGN_PASS != ''
89+ shell : bash
90+ run : |
91+ cd home &&
92+ mkdir -p .sig &&
93+ echo -n "$CODESIGN_P12" | tr % '\n' | base64 -d >.sig/codesign.p12 &&
94+ echo -n "$CODESIGN_PASS" >.sig/codesign.pass
95+ git config --global alias.signtool '!sh "/usr/src/build-extra/signtool.sh"'
96+ name : Prepare home directory for GPG signing
97+ if : env.GPGKEY != ''
98+ shell : bash
99+ run : |
100+ # This section ensures that the identity for the GPG key matches the git user identity, otherwise
101+ # signing will fail
102+
103+ echo '${{secrets.PRIVGPGKEY}}' | tr % '\n' | gpg $GPG_OPTIONS --import &&
104+ info="$(gpg --list-keys --with-colons "${GPGKEY%% *}" | cut -d : -f 1,10 | sed -n '/^uid/{s|uid:||p;q}')" &&
105+ git config --global user.name "${info% <*}" &&
106+ git config --global user.email "<${info#*<}"
107+ env :
108+ GPGKEY : ${{secrets.GPGKEY}}
109+ - name : Build mingw-w64-x86_64-git
110+ env :
111+ GPGKEY : " ${{secrets.GPGKEY}}"
112+ shell : bash
113+ run : |
114+ set -x
115+
116+ # Make sure that there is a `/usr/bin/git` that can be used by `makepkg-mingw`
117+ printf '#!/bin/sh\n\nexec /mingw64/bin/git.exe "$@"\n' >/usr/bin/git &&
118+
119+ # Restrict `PATH` to MSYS2 and to Visual Studio (to let `cv2pdb` find the relevant DLLs)
120+ PATH="/mingw64/bin:/usr/bin:/C/Program Files (x86)/Microsoft Visual Studio 14.0/VC/bin/amd64:/C/Windows/system32"
121+
122+ type -p mspdb140.dll || exit 1
123+
124+ sh -x /usr/src/build-extra/please.sh build-mingw-w64-git --only-64-bit --build-src-pkg -o artifacts HEAD &&
125+ if test -n "$GPGKEY"
126+ then
127+ for tar in artifacts/*.tar*
128+ do
129+ /usr/src/build-extra/gnupg-with-gpgkey.sh --detach-sign --no-armor $tar
130+ done
131+ fi &&
132+
133+ b=$PWD/artifacts &&
134+ version=${{ needs.prereqs.outputs.tag_name }} &&
135+ (cd /usr/src/MINGW-packages/mingw-w64-git &&
136+ cp PKGBUILD.$version PKGBUILD &&
137+ git commit -s -m "mingw-w64-git: new version ($version)" PKGBUILD &&
138+ git bundle create "$b"/MINGW-packages.bundle origin/main..main)
139+ name : Publish mingw-w64-x86_64-git
140+ uses : actions/upload-artifact@v2
141+ with :
142+ name : pkg-x86_64
143+ path : artifacts
144+ windows_artifacts :
145+ runs-on : windows-latest
146+ needs : [prereqs, windows_pkg]
147+ env :
148+ HOME : " ${{github.workspace}}\\ home"
149+ strategy :
150+ matrix :
151+ artifact :
152+ - name : installer
153+ fileprefix : Git
154+ - name : portable
155+ fileprefix : PortableGit
156+ fail-fast : false
157+ steps :
158+ - name : Download pkg-x86_64
159+ uses : actions/download-artifact@v2
160+ with :
161+ name : pkg-x86_64
162+ path : pkg-x86_64
163+ - uses : git-for-windows/setup-git-for-windows-sdk@v1
164+ with :
165+ flavor : build-installers
166+ - name : Clone build-extra
167+ shell : bash
168+ run : |
169+ git clone --single-branch -b main https://github.com/git-for-windows/build-extra /usr/src/build-extra
170+ name : Prepare home directory for code-signing
171+ env :
172+ CODESIGN_P12 : ${{secrets.CODESIGN_P12}}
173+ CODESIGN_PASS : ${{secrets.CODESIGN_PASS}}
174+ if : env.CODESIGN_P12 != '' && env.CODESIGN_PASS != ''
175+ shell : bash
176+ run : |
177+ mkdir -p home/.sig &&
178+ echo -n "$CODESIGN_P12" | tr % '\n' | base64 -d >home/.sig/codesign.p12 &&
179+ echo -n "$CODESIGN_PASS" >home/.sig/codesign.pass &&
180+ git config --global alias.signtool '!sh "/usr/src/build-extra/signtool.sh"'
181+ name : Build 64-bit ${{matrix.artifact.name}}
182+ shell : bash
183+ run : |
184+ set -x
185+
186+ # Copy the PDB archive to the directory where `--include-pdbs` expects it
187+ b=/usr/src/build-extra &&
188+ mkdir -p $b/cached-source-packages &&
189+ cp pkg-x86_64/*-pdb* $b/cached-source-packages/ &&
190+
191+ # Build the installer, embedding PDBs
192+ eval $b/please.sh make_installers_from_mingw_w64_git --include-pdbs \
193+ --version=${{ needs.prereqs.outputs.tag_version }} \
194+ -o artifacts --${{matrix.artifact.name}} \
195+ --pkg=pkg-x86_64/mingw-w64-x86_64-git-[0-9]*.tar.xz \
196+ --pkg=pkg-x86_64/mingw-w64-x86_64-git-doc-html-[0-9]*.tar.xz &&
197+
198+ if test portable = '${{matrix.artifact.name}}' && test -n "$(git config alias.signtool)"
199+ then
200+ git signtool artifacts/PortableGit-*.exe
201+ fi &&
202+ openssl dgst -sha256 artifacts/${{matrix.artifact.fileprefix}}-*.exe | sed "s/.* //" >artifacts/sha-256.txt
203+ name : Publish ${{matrix.artifact.name}}-x86_64
204+ uses : actions/upload-artifact@v2
205+ with :
206+ name : win-${{matrix.artifact.name}}-x86_64
207+ path : artifacts
208+ # End build Windows installers
0 commit comments