mirror of
https://github.com/electron/electron.git
synced 2026-04-10 03:01:51 -04:00
cad033849b
* build: generate artifact attestions for released assets (#48239) * build: generate artifact attestions for released assets * chore: address review feedback --------- Co-authored-by: John Kleinschmidt <kleinschmidtorama@gmail.com> (cherry picked from commitdec7f937ae) * build: fixup attestation for release assets (#49732) * build: fixup attestation for release assets * Generate artifact attestation for generated artifacts * set id-token for attestation * Add artifact-metadata permission for attestation * add permissions for testing attestations * Revert "add permissions for testing attestations" This reverts commit0284bed175. * Revert "set id-token for attestation" This reverts commit69a1b13a18. * Revert "Generate artifact attestation for generated artifacts" This reverts commitee0536eceb. (cherry picked from commit0852893910) * chore: update publish workflow --------- Co-authored-by: Samuel Attard <sam@electronjs.org>
238 lines
9.6 KiB
YAML
238 lines
9.6 KiB
YAML
# AUTOGENERATED FILE - DO NOT EDIT MANUALLY
|
|
# ONLY EDIT .github/workflows/pipeline-segment-electron-build.yml
|
|
|
|
name: Pipeline Segment - Electron Build
|
|
on:
|
|
workflow_call:
|
|
inputs:
|
|
environment:
|
|
description: using the production or testing environment
|
|
required: false
|
|
type: string
|
|
target-platform:
|
|
type: string
|
|
description: Platform to run on, can be macos, win or linux
|
|
required: true
|
|
target-arch:
|
|
type: string
|
|
description: Arch to build for, can be x64, arm64, ia32 or arm
|
|
required: true
|
|
target-variant:
|
|
type: string
|
|
description: Variant to build for, no effect on non-macOS target platforms. Can
|
|
be darwin, mas or all.
|
|
default: all
|
|
build-runs-on:
|
|
type: string
|
|
description: What host to run the build
|
|
required: true
|
|
build-container:
|
|
type: string
|
|
description: JSON container information for aks runs-on
|
|
required: false
|
|
default: '{"image":null}'
|
|
is-release:
|
|
description: Whether this build job is a release job
|
|
required: true
|
|
type: boolean
|
|
default: false
|
|
gn-build-type:
|
|
description: The gn build type - testing or release
|
|
required: true
|
|
type: string
|
|
default: testing
|
|
generate-symbols:
|
|
description: Whether or not to generate symbols
|
|
required: true
|
|
type: boolean
|
|
default: false
|
|
upload-to-storage:
|
|
description: Whether or not to upload build artifacts to external storage
|
|
required: true
|
|
type: string
|
|
default: "0"
|
|
is-asan:
|
|
description: Building the Address Sanitizer (ASan) Linux build
|
|
required: false
|
|
type: boolean
|
|
default: false
|
|
enable-ssh:
|
|
description: Enable SSH debugging
|
|
required: false
|
|
type: boolean
|
|
default: false
|
|
permissions: {}
|
|
concurrency:
|
|
group: electron-build-${{ inputs.target-platform }}-${{ inputs.target-arch
|
|
}}-${{ inputs.target-variant }}-${{ inputs.is-asan }}-${{
|
|
github.ref_protected == true && github.run_id || github.ref }}
|
|
cancel-in-progress: ${{ github.ref_protected != true }}
|
|
env:
|
|
CHROMIUM_GIT_COOKIE: ${{ secrets.CHROMIUM_GIT_COOKIE }}
|
|
CHROMIUM_GIT_COOKIE_WINDOWS_STRING: ${{ secrets.CHROMIUM_GIT_COOKIE_WINDOWS_STRING }}
|
|
DD_API_KEY: ${{ secrets.DD_API_KEY }}
|
|
ELECTRON_ARTIFACTS_BLOB_STORAGE: ${{ secrets.ELECTRON_ARTIFACTS_BLOB_STORAGE }}
|
|
ELECTRON_RBE_JWT: ${{ secrets.ELECTRON_RBE_JWT }}
|
|
SUDOWOODO_EXCHANGE_URL: ${{ secrets.SUDOWOODO_EXCHANGE_URL }}
|
|
SUDOWOODO_EXCHANGE_TOKEN: ${{ secrets.SUDOWOODO_EXCHANGE_TOKEN }}
|
|
GCLIENT_EXTRA_ARGS: ${{ inputs.target-platform == 'macos' &&
|
|
'--custom-var=checkout_mac=True --custom-var=host_os=mac' ||
|
|
inputs.target-platform == 'win' && '--custom-var=checkout_win=True' ||
|
|
'--custom-var=checkout_arm=True --custom-var=checkout_arm64=True' }}
|
|
ELECTRON_OUT_DIR: Default
|
|
ACTIONS_STEP_DEBUG: ${{ secrets.ACTIONS_STEP_DEBUG }}
|
|
jobs:
|
|
build:
|
|
defaults:
|
|
run:
|
|
shell: bash
|
|
runs-on: ${{ inputs.build-runs-on }}
|
|
permissions:
|
|
artifact-metadata: write
|
|
attestations: write
|
|
contents: read
|
|
id-token: write
|
|
container: ${{ fromJSON(inputs.build-container) }}
|
|
environment: ${{ inputs.environment }}
|
|
env:
|
|
TARGET_ARCH: ${{ inputs.target-arch }}
|
|
TARGET_PLATFORM: ${{ inputs.target-platform }}
|
|
steps:
|
|
- name: Create src dir
|
|
run: |
|
|
mkdir src
|
|
- name: Checkout Electron
|
|
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683
|
|
with:
|
|
path: src/electron
|
|
fetch-depth: 0
|
|
ref: ${{ github.event.pull_request.head.sha }}
|
|
- name: Setup SSH Debugging
|
|
if: ${{ inputs.target-platform == 'macos' && (inputs.enable-ssh ||
|
|
env.ACTIONS_STEP_DEBUG == 'true') }}
|
|
uses: ./src/electron/.github/actions/ssh-debug
|
|
with:
|
|
tunnel: "true"
|
|
env:
|
|
CLOUDFLARE_TUNNEL_CERT: ${{ secrets.CLOUDFLARE_TUNNEL_CERT }}
|
|
CLOUDFLARE_TUNNEL_HOSTNAME: ${{ vars.CLOUDFLARE_TUNNEL_HOSTNAME }}
|
|
CLOUDFLARE_USER_CA_CERT: ${{ secrets.CLOUDFLARE_USER_CA_CERT }}
|
|
AUTHORIZED_USERS: ${{ secrets.SSH_DEBUG_AUTHORIZED_USERS }}
|
|
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
|
|
- name: Free up space (macOS)
|
|
if: ${{ inputs.target-platform == 'macos' }}
|
|
uses: ./src/electron/.github/actions/free-space-macos
|
|
- name: Check disk space after freeing up space
|
|
if: ${{ inputs.target-platform == 'macos' }}
|
|
run: df -h
|
|
- name: Setup Node.js/npm
|
|
if: ${{ inputs.target-platform == 'macos' }}
|
|
uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020
|
|
with:
|
|
node-version: 20.19.x
|
|
cache: yarn
|
|
cache-dependency-path: src/electron/yarn.lock
|
|
- name: Install Dependencies
|
|
uses: ./src/electron/.github/actions/install-dependencies
|
|
- name: Install AZCopy
|
|
if: ${{ inputs.target-platform == 'macos' }}
|
|
run: brew install azcopy
|
|
- name: Set GN_EXTRA_ARGS for Linux
|
|
if: ${{ inputs.target-platform == 'linux' }}
|
|
run: >
|
|
if [ "${{ inputs.target-arch }}" = "arm" ]; then
|
|
if [ "${{ inputs.is-release }}" = true ]; then
|
|
GN_EXTRA_ARGS='target_cpu="arm" build_tflite_with_xnnpack=false symbol_level=1'
|
|
else
|
|
GN_EXTRA_ARGS='target_cpu="arm" build_tflite_with_xnnpack=false'
|
|
fi
|
|
elif [ "${{ inputs.target-arch }}" = "arm64" ]; then
|
|
GN_EXTRA_ARGS='target_cpu="arm64" fatal_linker_warnings=false enable_linux_installer=false'
|
|
elif [ "${{ inputs.is-asan }}" = true ]; then
|
|
GN_EXTRA_ARGS='is_asan=true'
|
|
fi
|
|
|
|
echo "GN_EXTRA_ARGS=$GN_EXTRA_ARGS" >> $GITHUB_ENV
|
|
- name: Set Chromium Git Cookie
|
|
uses: ./src/electron/.github/actions/set-chromium-cookie
|
|
- name: Install Build Tools
|
|
uses: ./src/electron/.github/actions/install-build-tools
|
|
- name: Generate DEPS Hash
|
|
run: |
|
|
node src/electron/script/generate-deps-hash.js
|
|
DEPSHASH=v1-src-cache-$(cat src/electron/.depshash)
|
|
echo "DEPSHASH=$DEPSHASH" >> $GITHUB_ENV
|
|
echo "CACHE_PATH=$DEPSHASH.tar" >> $GITHUB_ENV
|
|
- name: Restore src cache via AZCopy
|
|
if: ${{ inputs.target-platform != 'linux' }}
|
|
uses: ./src/electron/.github/actions/restore-cache-azcopy
|
|
with:
|
|
target-platform: ${{ inputs.target-platform }}
|
|
- name: Restore src cache via AKS
|
|
if: ${{ inputs.target-platform == 'linux' }}
|
|
uses: ./src/electron/.github/actions/restore-cache-aks
|
|
- name: Checkout Electron
|
|
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683
|
|
with:
|
|
path: src/electron
|
|
fetch-depth: 0
|
|
ref: ${{ github.event.pull_request.head.sha }}
|
|
- name: Fix Sync
|
|
if: ${{ inputs.target-platform != 'linux' }}
|
|
uses: ./src/electron/.github/actions/fix-sync
|
|
with:
|
|
target-platform: ${{ inputs.target-platform }}
|
|
env:
|
|
ELECTRON_DEPOT_TOOLS_DISABLE_LOG: true
|
|
- name: Init Build Tools
|
|
run: >
|
|
e init -f --root=$(pwd) --out=Default ${{ inputs.gn-build-type }}
|
|
--import ${{ inputs.gn-build-type }} --target-cpu ${{
|
|
inputs.target-arch }} --remote-build siso
|
|
- name: Run Electron Only Hooks
|
|
run: |
|
|
e d gclient runhooks --spec="solutions=[{'name':'src/electron','url':None,'deps_file':'DEPS','custom_vars':{'process_deps':False},'managed':False}]"
|
|
- name: Regenerate DEPS Hash
|
|
run: >
|
|
(cd src/electron && git checkout .) && node
|
|
src/electron/script/generate-deps-hash.js
|
|
|
|
echo "DEPSHASH=$(cat src/electron/.depshash)" >> $GITHUB_ENV
|
|
- name: Add CHROMIUM_BUILDTOOLS_PATH to env
|
|
run: echo "CHROMIUM_BUILDTOOLS_PATH=$(pwd)/src/buildtools" >> $GITHUB_ENV
|
|
- name: Free up space (macOS)
|
|
if: ${{ inputs.target-platform == 'macos' }}
|
|
uses: ./src/electron/.github/actions/free-space-macos
|
|
- name: Build Electron
|
|
if: ${{ inputs.target-platform != 'macos' || (inputs.target-variant == 'all' ||
|
|
inputs.target-variant == 'darwin') }}
|
|
uses: ./src/electron/.github/actions/build-electron
|
|
with:
|
|
target-arch: ${{ inputs.target-arch }}
|
|
target-platform: ${{ inputs.target-platform }}
|
|
artifact-platform: ${{ inputs.target-platform == 'macos' && 'darwin' ||
|
|
inputs.target-platform }}
|
|
is-release: ${{ inputs.is-release }}
|
|
generate-symbols: ${{ inputs.generate-symbols }}
|
|
upload-to-storage: ${{ inputs.upload-to-storage }}
|
|
is-asan: ${{ inputs.is-asan }}
|
|
- name: Set GN_EXTRA_ARGS for MAS Build
|
|
if: ${{ inputs.target-platform == 'macos' && (inputs.target-variant == 'all' ||
|
|
inputs.target-variant == 'mas') }}
|
|
run: |
|
|
echo "MAS_BUILD=true" >> $GITHUB_ENV
|
|
GN_EXTRA_ARGS='is_mas_build=true'
|
|
echo "GN_EXTRA_ARGS=$GN_EXTRA_ARGS" >> $GITHUB_ENV
|
|
- name: Build Electron (MAS)
|
|
if: ${{ inputs.target-platform == 'macos' && (inputs.target-variant == 'all' ||
|
|
inputs.target-variant == 'mas') }}
|
|
uses: ./src/electron/.github/actions/build-electron
|
|
with:
|
|
target-arch: ${{ inputs.target-arch }}
|
|
target-platform: ${{ inputs.target-platform }}
|
|
artifact-platform: mas
|
|
is-release: ${{ inputs.is-release }}
|
|
generate-symbols: ${{ inputs.generate-symbols }}
|
|
upload-to-storage: ${{ inputs.upload-to-storage }}
|
|
step-suffix: (mas)
|