Skip to content

Commit dc95698

Browse files
vdyedscho
vdye
authored and
dscho
committed
release: create initial Windows installer build workflow
- trigger on tag matching basic "vfs" version pattern - validate tag is annotated & matches stricter checks - include `scalar` - build x86_64 & portable git installers, upload artifacts to workflow Update Apr 18, 2022: these steps are built explicitly on 'windows-2019' agents (rather than 'windows-latest') to ensure the correct version of Visual Studio is used (verified in the pipeline via 'type -p mspdb140.dll'). Additionally, due to a known (but not-yet-fixed) issue downloading the 'build-installers' flavor of the Git for Windows SDK with the 'git-for-windows/setup-git-for-windows-sdk' Action, the SDK used is the 'full' flavor. Signed-off-by: Victoria Dye <[email protected]> Signed-off-by: Johannes Schindelin <[email protected]>
1 parent b090149 commit dc95698

File tree

1 file changed

+314
-0
lines changed

1 file changed

+314
-0
lines changed

.github/workflows/build-git-installers.yml

Lines changed: 314 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,314 @@
1+
name: build-git-installers
2+
3+
on:
4+
push:
5+
tags:
6+
- 'v[0-9]*vfs*' # matches "v<number><any characters>vfs<any characters>"
7+
8+
jobs:
9+
# Check prerequisites for the workflow
10+
prereqs:
11+
runs-on: ubuntu-latest
12+
outputs:
13+
tag_name: ${{ steps.tag.outputs.name }} # The full name of the tag, e.g. v2.32.0.vfs.0.0
14+
tag_version: ${{ steps.tag.outputs.version }} # The version number (without preceding "v"), e.g. 2.32.0.vfs.0.0
15+
steps:
16+
- name: Validate tag
17+
run: |
18+
echo "$GITHUB_REF" |
19+
grep -E '^refs/tags/v2\.(0|[1-9][0-9]*)\.(0|[1-9][0-9]*)\.vfs\.0\.(0|[1-9][0-9]*)(\.rc[0-9])?$' || {
20+
echo "::error::${GITHUB_REF#refs/tags/} is not of the form v2.<X>.<Y>.vfs.0.<W>[.rc<N>]" >&2
21+
exit 1
22+
}
23+
- name: Determine tag to build
24+
run: |
25+
echo "name=${GITHUB_REF#refs/tags/}" >>$GITHUB_OUTPUT
26+
echo "version=${GITHUB_REF#refs/tags/v}" >>$GITHUB_OUTPUT
27+
id: tag
28+
- name: Clone git
29+
uses: actions/checkout@v4
30+
- name: Validate the tag identified with trigger
31+
run: |
32+
die () {
33+
echo "::error::$*" >&2
34+
exit 1
35+
}
36+
37+
# `actions/checkout` only downloads the peeled tag (i.e. the commit)
38+
git fetch origin +$GITHUB_REF:$GITHUB_REF
39+
40+
# Verify that the tag is annotated
41+
test $(git cat-file -t "$GITHUB_REF") == "tag" || die "Tag ${{ steps.tag.outputs.name }} is not annotated"
42+
43+
# Verify tag follows rules in GIT-VERSION-GEN (i.e., matches the specified "DEF_VER" in
44+
# GIT-VERSION-FILE) and matches tag determined from trigger
45+
make GIT-VERSION-FILE
46+
test "${{ steps.tag.outputs.version }}" == "$(sed -n 's/^GIT_VERSION *= *//p'< GIT-VERSION-FILE)" || die "GIT-VERSION-FILE tag ($(cat GIT-VERSION-FILE)) does not match ${{ steps.tag.outputs.name }}"
47+
# End check prerequisites for the workflow
48+
49+
# Build Windows installers (x86_64 & aarch64; installer & portable)
50+
windows_pkg:
51+
environment: release
52+
needs: prereqs
53+
strategy:
54+
fail-fast: false
55+
matrix:
56+
arch:
57+
- name: x86_64
58+
artifact: pkg-x86_64
59+
toolchain: x86_64
60+
mingwprefix: mingw64
61+
runner: windows-2019
62+
- name: aarch64
63+
artifact: pkg-aarch64
64+
toolchain: clang-aarch64
65+
mingwprefix: clangarm64
66+
runner: windows-11-arm
67+
runs-on: ${{ matrix.arch.runner }}
68+
env:
69+
GPG_OPTIONS: "--batch --yes --no-tty --list-options no-show-photos --verify-options no-show-photos --pinentry-mode loopback"
70+
HOME: "${{github.workspace}}\\home"
71+
USERPROFILE: "${{github.workspace}}\\home"
72+
steps:
73+
- name: Configure user
74+
shell: bash
75+
run:
76+
USER_NAME="${{github.actor}}" &&
77+
USER_EMAIL="${{github.actor}}@users.noreply.github.com" &&
78+
mkdir -p "$HOME" &&
79+
git config --global user.name "$USER_NAME" &&
80+
git config --global user.email "$USER_EMAIL" &&
81+
echo "PACKAGER=$USER_NAME <$USER_EMAIL>" >>$GITHUB_ENV
82+
- uses: git-for-windows/setup-git-for-windows-sdk@v1
83+
with:
84+
flavor: build-installers
85+
architecture: ${{ matrix.arch.name }}
86+
- name: Clone build-extra
87+
shell: bash
88+
run: |
89+
git clone --filter=blob:none --single-branch -b main https://github.com/git-for-windows/build-extra /usr/src/build-extra
90+
- name: Clone git
91+
shell: bash
92+
run: |
93+
# Since we cannot directly clone a specified tag (as we would a branch with `git clone -b <branch name>`),
94+
# this clone has to be done manually (via init->fetch->reset).
95+
96+
tag_name="${{ needs.prereqs.outputs.tag_name }}" &&
97+
git -c init.defaultBranch=main init &&
98+
git remote add -f origin https://github.com/git-for-windows/git &&
99+
git fetch "https://github.com/${{github.repository}}" refs/tags/${tag_name}:refs/tags/${tag_name} &&
100+
git reset --hard ${tag_name}
101+
- name: Prepare home directory for code-signing
102+
env:
103+
CODESIGN_P12: ${{secrets.CODESIGN_P12}}
104+
CODESIGN_PASS: ${{secrets.CODESIGN_PASS}}
105+
if: env.CODESIGN_P12 != '' && env.CODESIGN_PASS != ''
106+
shell: bash
107+
run: |
108+
cd home &&
109+
mkdir -p .sig &&
110+
echo -n "$CODESIGN_P12" | tr % '\n' | base64 -d >.sig/codesign.p12 &&
111+
echo -n "$CODESIGN_PASS" >.sig/codesign.pass
112+
git config --global alias.signtool '!sh "/usr/src/build-extra/signtool.sh"'
113+
- name: Prepare home directory for GPG signing
114+
if: env.GPGKEY != ''
115+
shell: bash
116+
run: |
117+
# This section ensures that the identity for the GPG key matches the git user identity, otherwise
118+
# signing will fail
119+
120+
echo '${{secrets.PRIVGPGKEY}}' | tr % '\n' | gpg $GPG_OPTIONS --import &&
121+
info="$(gpg --list-keys --with-colons "${GPGKEY%% *}" | cut -d : -f 1,10 | sed -n '/^uid/{s|uid:||p;q}')" &&
122+
git config --global user.name "${info% <*}" &&
123+
git config --global user.email "<${info#*<}"
124+
env:
125+
GPGKEY: ${{secrets.GPGKEY}}
126+
- name: Build mingw-w64-${{matrix.arch.toolchain}}-git
127+
env:
128+
GPGKEY: "${{secrets.GPGKEY}}"
129+
shell: bash
130+
run: |
131+
set -x
132+
133+
# Make sure that there is a `/usr/bin/git` that can be used by `makepkg-mingw`
134+
printf '#!/bin/sh\n\nexec /${{matrix.arch.mingwprefix}}/bin/git.exe "$@"\n' >/usr/bin/git &&
135+
136+
sh -x /usr/src/build-extra/please.sh build-mingw-w64-git --only-${{matrix.arch.name}} --build-src-pkg -o artifacts HEAD &&
137+
if test -n "$GPGKEY"
138+
then
139+
for tar in artifacts/*.tar*
140+
do
141+
/usr/src/build-extra/gnupg-with-gpgkey.sh --detach-sign --no-armor $tar
142+
done
143+
fi &&
144+
145+
b=$PWD/artifacts &&
146+
version=${{ needs.prereqs.outputs.tag_name }} &&
147+
(cd /usr/src/MINGW-packages/mingw-w64-git &&
148+
cp PKGBUILD.$version PKGBUILD &&
149+
git commit -s -m "mingw-w64-git: new version ($version)" PKGBUILD &&
150+
git bundle create "$b"/MINGW-packages.bundle origin/main..main)
151+
- name: Publish mingw-w64-${{matrix.arch.toolchain}}-git
152+
uses: actions/upload-artifact@v4
153+
with:
154+
name: "${{ matrix.arch.artifact }}"
155+
path: artifacts
156+
windows_artifacts:
157+
environment: release
158+
needs: [prereqs, windows_pkg]
159+
env:
160+
HOME: "${{github.workspace}}\\home"
161+
strategy:
162+
fail-fast: false
163+
matrix:
164+
arch:
165+
- name: x86_64
166+
artifact: pkg-x86_64
167+
toolchain: x86_64
168+
mingwprefix: mingw64
169+
runner: windows-2019
170+
- name: aarch64
171+
artifact: pkg-aarch64
172+
toolchain: clang-aarch64
173+
mingwprefix: clangarm64
174+
runner: windows-11-arm
175+
type:
176+
- name: installer
177+
fileprefix: Git
178+
- name: portable
179+
fileprefix: PortableGit
180+
runs-on: ${{ matrix.arch.runner }}
181+
steps:
182+
- name: Download ${{ matrix.arch.artifact }}
183+
uses: actions/download-artifact@v4
184+
with:
185+
name: ${{ matrix.arch.artifact }}
186+
path: ${{ matrix.arch.artifact }}
187+
- uses: git-for-windows/setup-git-for-windows-sdk@v1
188+
with:
189+
flavor: build-installers
190+
architecture: ${{ matrix.arch.name }}
191+
- name: Clone build-extra
192+
shell: bash
193+
run: |
194+
git clone --filter=blob:none --single-branch -b main https://github.com/git-for-windows/build-extra /usr/src/build-extra
195+
- name: Prepare home directory for code-signing
196+
env:
197+
CODESIGN_P12: ${{secrets.CODESIGN_P12}}
198+
CODESIGN_PASS: ${{secrets.CODESIGN_PASS}}
199+
if: env.CODESIGN_P12 != '' && env.CODESIGN_PASS != ''
200+
shell: bash
201+
run: |
202+
mkdir -p home/.sig &&
203+
echo -n "$CODESIGN_P12" | tr % '\n' | base64 -d >home/.sig/codesign.p12 &&
204+
echo -n "$CODESIGN_PASS" >home/.sig/codesign.pass &&
205+
git config --global alias.signtool '!sh "/usr/src/build-extra/signtool.sh"'
206+
- name: Retarget auto-update to microsoft/git
207+
shell: bash
208+
run: |
209+
set -x
210+
211+
b=/usr/src/build-extra &&
212+
213+
filename=$b/git-update-git-for-windows.config
214+
tr % '\t' >$filename <<-\EOF &&
215+
[update]
216+
%fromFork = microsoft/git
217+
EOF
218+
219+
sed -i -e '/^#include "file-list.iss"/a\
220+
Source: {#SourcePath}\\..\\git-update-git-for-windows.config; DestDir: {app}\\${{matrix.arch.mingwprefix}}\\bin; Flags: replacesameversion; AfterInstall: DeleteFromVirtualStore' \
221+
-e '/^Type: dirifempty; Name: {app}\\{#MINGW_BITNESS}$/i\
222+
Type: files; Name: {app}\\{#MINGW_BITNESS}\\bin\\git-update-git-for-windows.config\
223+
Type: dirifempty; Name: {app}\\{#MINGW_BITNESS}\\bin' \
224+
$b/installer/install.iss
225+
- name: Set the installer Publisher to the Git Client team
226+
shell: bash
227+
run: |
228+
b=/usr/src/build-extra &&
229+
sed -i -e 's/^\(AppPublisher=\).*/\1The Git Client Team at Microsoft/' $b/installer/install.iss
230+
- name: Let the installer configure Visual Studio to use the installed Git
231+
shell: bash
232+
run: |
233+
set -x
234+
235+
b=/usr/src/build-extra &&
236+
237+
sed -i -e '/^ *InstallAutoUpdater();$/a\
238+
CustomPostInstall();' \
239+
-e '/^ *UninstallAutoUpdater();$/a\
240+
CustomPostUninstall();' \
241+
$b/installer/install.iss &&
242+
243+
cat >>$b/installer/helpers.inc.iss <<\EOF
244+
245+
procedure CustomPostInstall();
246+
begin
247+
if not RegWriteStringValue(HKEY_CURRENT_USER,'Software\Microsoft\VSCommon\15.0\TeamFoundation\GitSourceControl','GitPath',ExpandConstant('{app}')) or
248+
not RegWriteStringValue(HKEY_CURRENT_USER,'Software\Microsoft\VSCommon\16.0\TeamFoundation\GitSourceControl','GitPath',ExpandConstant('{app}')) or
249+
not RegWriteStringValue(HKEY_CURRENT_USER,'Software\Microsoft\VSCommon\17.0\TeamFoundation\GitSourceControl','GitPath',ExpandConstant('{app}')) or
250+
not RegWriteStringValue(HKEY_CURRENT_USER,'Software\Microsoft\VSCommon\18.0\TeamFoundation\GitSourceControl','GitPath',ExpandConstant('{app}')) or
251+
not RegWriteStringValue(HKEY_CURRENT_USER,'Software\Microsoft\VSCommon\19.0\TeamFoundation\GitSourceControl','GitPath',ExpandConstant('{app}')) or
252+
not RegWriteStringValue(HKEY_CURRENT_USER,'Software\Microsoft\VSCommon\20.0\TeamFoundation\GitSourceControl','GitPath',ExpandConstant('{app}')) then
253+
LogError('Could not register TeamFoundation\GitSourceControl');
254+
end;
255+
256+
procedure CustomPostUninstall();
257+
begin
258+
if not RegDeleteValue(HKEY_CURRENT_USER,'Software\Microsoft\VSCommon\15.0\TeamFoundation\GitSourceControl','GitPath') or
259+
not RegDeleteValue(HKEY_CURRENT_USER,'Software\Microsoft\VSCommon\16.0\TeamFoundation\GitSourceControl','GitPath') or
260+
not RegDeleteValue(HKEY_CURRENT_USER,'Software\Microsoft\VSCommon\17.0\TeamFoundation\GitSourceControl','GitPath') or
261+
not RegDeleteValue(HKEY_CURRENT_USER,'Software\Microsoft\VSCommon\18.0\TeamFoundation\GitSourceControl','GitPath') or
262+
not RegDeleteValue(HKEY_CURRENT_USER,'Software\Microsoft\VSCommon\19.0\TeamFoundation\GitSourceControl','GitPath') or
263+
not RegDeleteValue(HKEY_CURRENT_USER,'Software\Microsoft\VSCommon\20.0\TeamFoundation\GitSourceControl','GitPath') then
264+
LogError('Could not register TeamFoundation\GitSourceControl');
265+
end;
266+
EOF
267+
- name: Enable Scalar/C and the auto-updater in the installer by default
268+
shell: bash
269+
run: |
270+
set -x
271+
272+
b=/usr/src/build-extra &&
273+
274+
sed -i -e "/ChosenOptions:=''/a\\
275+
if (ExpandConstant('{param:components|/}')='/') then begin\n\
276+
WizardSelectComponents('autoupdate');\n\
277+
#ifdef WITH_SCALAR\n\
278+
WizardSelectComponents('scalar');\n\
279+
#endif\n\
280+
end;" $b/installer/install.iss
281+
- name: Build ${{matrix.type.name}} (${{matrix.arch.name}})
282+
shell: bash
283+
run: |
284+
set -x
285+
286+
# Copy the PDB archive to the directory where `--include-pdbs` expects it
287+
b=/usr/src/build-extra &&
288+
mkdir -p $b/cached-source-packages &&
289+
cp ${{matrix.arch.artifact}}/*-pdb* $b/cached-source-packages/ &&
290+
291+
# Build the installer, embedding PDBs
292+
eval $b/please.sh make_installers_from_mingw_w64_git --include-pdbs \
293+
--version=${{ needs.prereqs.outputs.tag_version }} \
294+
-o artifacts --${{matrix.type.name}} \
295+
--pkg=${{matrix.arch.artifact}}/mingw-w64-${{matrix.arch.toolchain}}-git-[0-9]*.tar.xz \
296+
--pkg=${{matrix.arch.artifact}}/mingw-w64-${{matrix.arch.toolchain}}-git-doc-html-[0-9]*.tar.xz &&
297+
298+
if test portable = '${{matrix.type.name}}' && test -n "$(git config alias.signtool)"
299+
then
300+
git signtool artifacts/PortableGit-*.exe
301+
fi &&
302+
openssl dgst -sha256 artifacts/${{matrix.type.fileprefix}}-*.exe | sed "s/.* //" >artifacts/sha-256.txt
303+
- name: Verify that .exe files are code-signed
304+
if: env.CODESIGN_P12 != '' && env.CODESIGN_PASS != ''
305+
shell: bash
306+
run: |
307+
PATH=$PATH:"/c/Program Files (x86)/Windows Kits/10/App Certification Kit/" \
308+
signtool verify //pa artifacts/${{matrix.type.fileprefix}}-*.exe
309+
- name: Publish ${{matrix.type.name}}-${{matrix.arch.name}}
310+
uses: actions/upload-artifact@v4
311+
with:
312+
name: win-${{matrix.type.name}}-${{matrix.arch.name}}
313+
path: artifacts
314+
# End build Windows installers

0 commit comments

Comments
 (0)