--- kind: pipeline type: docker name: linux-android-test clone: disable: true steps: - name: clone image: openpriv/flutter-desktop:linux-fstable-3.13.4 environment: buildbot_key_b64: from_secret: buildbot_key_b64 commands: - mkdir ~/.ssh - echo $buildbot_key_b64 > ~/.ssh/id_rsa.b64 - base64 -d ~/.ssh/id_rsa.b64 > ~/.ssh/id_rsa - chmod 400 ~/.ssh/id_rsa # force by pass of ssh host key check, less secure - ssh-keyscan -H git.openprivacy.ca >> ~/.ssh/known_hosts # use Drone ssh var instead of hardcode to allow forks to build (gogs@git.openprivacy.ca:cwtch.im/cwtch-ui.git) - git clone gogs@git.openprivacy.ca:$DRONE_REPO.git . - git checkout $DRONE_COMMIT - name: fetch image: openpriv/flutter-desktop:linux-fstable-3.13.4 volumes: - name: deps path: /root/.pub-cache commands: - ./fetch-tor.sh - echo `git describe --tags --abbrev=1` > VERSION - echo `git log -1 --format=%cd --date=format:%G-%m-%d-%H-%M` > COMMIT_DATE - flutter pub get - mkdir deploy - ./fetch-libcwtch-go.sh #- name: quality # image: golang # volumes: # - name: deps # path: /go # commands: # - go list ./... | xargs go vet # - go list ./... | xargs golint # #Todo: fix all the lint errors and add `-set_exit_status` above to enforce linting - name: build-linux image: openpriv/flutter-desktop:linux-fstable-3.13.4 volumes: - name: deps path: /root/.pub-cache commands: - flutter build linux --dart-define BUILD_VER=`cat VERSION` --dart-define BUILD_DATE=`cat COMMIT_DATE` - linux/package-release.sh - mkdir -p deploy/cwtch - mkdir -p deploy/deb/cwtch/usr - mkdir -p deploy/deb/cwtch/DEBIAN - export VERSION=`cat VERSION | tr -d 'v'` - sed "s|VERSION|$VERSION|g" linux/deb/control > deploy/deb/cwtch/DEBIAN/control - cp -r build/linux/x64/release/bundle/* deploy/cwtch - cd deploy - cd cwtch - INSTALL_PREFIX=./../deb/cwtch/usr DESKTOP_PREFIX=/usr/ ./install.sh - cd .. # we depend on tor, get it from the tor project apt repo - rm -r deb/cwtch/usr/lib/cwtch/Tor # Tar archives need a few tricks to make this deterministic, see https://reproducible-builds.org/docs/archives/ - tar --sort=name --mtime=`cat COMMIT_DATE` --owner=0 --group=0 --numeric-owner --pax-option=exthdr.name=%d/PaxHeaders/%f,delete=atime,delete=ctime -czf cwtch-`cat ../VERSION`.tar.gz cwtch - rm -r cwtch - cd deb - dpkg-deb --build cwtch - cd .. - mv deb/cwtch.deb cwtch-$VERSION.deb - rm -r deb - name: linux-ui-tests image: openpriv/flutter-desktop:linux-fstable-3.13.4 volumes: - name: deps path: /root/.pub-cache commands: # Run 01_general, 01_tor, 02_global_settings, and 04_profile_mgmt features... - ./run-tests-headless.sh "01_general|01_tor|02_global_settings|04_profile_mgmt" - name: test-build-android image: openpriv/flutter-desktop:linux-fstable-3.13.4 when: event: pull_request volumes: - name: deps path: /root/.pub-cache commands: - flutter build apk --debug - name: build-android image: openpriv/flutter-desktop:linux-fstable-3.13.4 when: event: push environment: upload_jks_file_b64: from_secret: upload_jks_file_b64 upload_jks_pass: from_secret: upload_jks_pass volumes: - name: deps path: /root/.pub-cache commands: - echo $upload_jks_file_b64 > upload-keystore.jks.b64 - base64 -i --decode upload-keystore.jks.b64 > android/app/upload-keystore.jks - sed -i "s/%jks-password%/$upload_jks_pass/g" android/key.properties - flutter build appbundle --dart-define BUILD_VER=`cat VERSION` --dart-define BUILD_DATE=`cat COMMIT_DATE` # cant do debug for final release, this is just a stop gap - flutter build apk --dart-define BUILD_VER=`cat VERSION` --dart-define BUILD_DATE=`cat COMMIT_DATE` # or build apk --split-per-abi ? - cp build/app/outputs/bundle/release/app-release.aab deploy/cwtch-`cat VERSION`.aab - cp build/app/outputs/apk/release/app-release.apk deploy/cwtch-`cat VERSION`.apk #- cp build/app/outputs/flutter-apk/app-debug.apk deploy/android - name: widget-tests image: openpriv/flutter-desktop:linux-fstable-3.13.4 volumes: - name: deps path: /root/.pub-cache commands: # - flutter config --enable-linux-desktop - flutter test --coverage - genhtml coverage/lcov.info -o coverage/html - name: upload-nightlies image: openpriv/flutter-desktop:linux-fstable-3.13.4 environment: GOGS_ACCOUNT_TOKEN: from_secret: gogs_account_token secrets: [gogs_account_token] volumes: - name: deps path: /root/.pub-cache when: event: push status: [ success ] commands: # TODO When we update Flutter Container to 3.19 migrate these calls... - apt update - apt install -y jq openssh-client ca-certificates curl - ./upload-releases.sh deploy/cwtch-`cat VERSION`.apk application/vnd.android.package-archive cwtch-`cat VERSION`.apk - name: deploy-buildfiles image: kroniak/ssh-client pull: if-not-exists environment: BUILDFILES_KEY: from_secret: buildfiles_key secrets: [gogs_account_token] when: event: push status: [ success ] commands: - echo $BUILDFILES_KEY > ~/id_rsab64 - base64 -d ~/id_rsab64 > ~/id_rsa - chmod 400 ~/id_rsa - export DIR=flwtch-`cat COMMIT_DATE`-`cat VERSION` - mv deploy $DIR - cp -r coverage/html $DIR/coverage-tests - cp -r test/failures $DIR/test-failures || true - cd $DIR - find . -type f -exec sha512sum {} \; > ./../sha512s.txt - mv ./../sha512s.txt . - cd .. - scp -r -o StrictHostKeyChecking=no -i ~/id_rsa $DIR buildfiles@build.openprivacy.ca:/home/buildfiles/buildfiles/ - ./gen-nightly-index.sh $DIR - scp -r -o StrictHostKeyChecking=no -i ~/id_rsa cwtch-nightly.html buildfiles@build.openprivacy.ca:/home/buildfiles/buildfiles/ - name: notify-gogs image: openpriv/drone-gogs pull: if-not-exists when: event: pull_request status: [ success, changed, failure ] environment: GOGS_ACCOUNT_TOKEN: from_secret: gogs_account_token settings: gogs_url: https://git.openprivacy.ca volumes: - name: deps temp: {} trigger: #repo: cwtch.im/cwtch-ui # allow forks to build? branch: trunk event: - push - pull_request --- kind: pipeline type: docker name: windows platform: os: windows #arch: amd64 version: 1809 clone: disable: true steps: - name: clone image: openpriv/flutter-desktop:windows-sdk30-fstable-3.13.4 environment: buildbot_key_b64: from_secret: buildbot_key_b64 commands: #- # force by pass of ssh host key check, less secure #- ssh-keyscan -H git.openprivacy.ca >> ..\known_hosts - echo $Env:buildbot_key_b64 > ..\id_rsa.b64 - certutil -decode ..\id_rsa.b64 ..\id_rsa - git init # -o UserKnownHostsFile=../known_hosts - git config core.sshCommand 'ssh -o StrictHostKeyChecking=no -i ../id_rsa' - git remote add origin gogs@git.openprivacy.ca:$Env:DRONE_REPO.git - git pull origin trunk - git fetch --tags - git checkout $Env:DRONE_COMMIT - name: fetch image: openpriv/flutter-desktop:windows-sdk30-fstable-3.10.2 commands: - git describe --tags --abbrev=1 > VERSION - git log -1 --format=%cd --date=format:'%Y-%m-%d-%H-%M' > COMMIT_DATE - .\fetch-tor-win.ps1 - .\fetch-libcwtch-go.ps1 - name: build-windows image: openpriv/flutter-desktop:windows-sdk30-fstable-3.13.4 commands: - flutter pub get - $Env:version += type .\VERSION - $Env:commitdate += type .\COMMIT_DATE - $Env:releasedir = "build\\windows\\runner\\Release\\" - flutter build windows --dart-define BUILD_VER=$Env:version --dart-define BUILD_DATE=$Env:commitdate - copy windows\libCwtch.dll $Env:releasedir # flutter hasn't worked out it's packaging of required dll's so we have to resort to this manual nonsense # https://github.com/google/flutter-desktop-embedding/issues/587 # https://github.com/flutter/flutter/issues/53167 - copy 'C:\Program Files (x86)\Microsoft Visual Studio\2022\BuildTools\VC\Redist\MSVC\14.36.32532\x64\Microsoft.VC143.CRT\vcruntime140.dll' $Env:releasedir - copy 'C:\Program Files (x86)\Microsoft Visual Studio\2022\BuildTools\VC\Redist\MSVC\14.36.32532\x64\Microsoft.VC143.CRT\vcruntime140_1.dll' $Env:releasedir - copy 'C:\Program Files (x86)\Microsoft Visual Studio\2022\BuildTools\VC\Redist\MSVC\14.36.32532\x64\Microsoft.VC143.CRT\msvcp140.dll' $Env:releasedir - copy README.md $Env:releasedir\ - copy windows\*.bat $Env:releasedir\ - powershell -command "Expand-Archive -Path tor.zip -DestinationPath $Env:releasedir\Tor" - name: package-windows image: openpriv/nsis pull: if-not-exists when: event: push status: [ success ] environment: pfx: from_secret: pfx2022_b64 pfx_pass: from_secret: pfx_pass commands: - $Env:version += type .\VERSION - $Env:commitdate += type .\COMMIT_DATE - $Env:releasedir = "build\\windows\\runner\\Release\\" - $Env:zip = 'cwtch-' + $Env:version + '.zip' - $Env:zipsha = $Env:zip + '.sha512.txt' - $Env:buildname = 'flwtch-' + $Env:commitdate + '-' + $Env:version - $Env:builddir = $Env:buildname - echo $Env:pfx > codesign.pfx.b64 - certutil -decode codesign.pfx.b64 codesign.pfx - signtool sign /v /fd sha256 /a /f codesign.pfx /p $Env:pfx_pass /tr http://timestamp.digicert.com $Env:releasedir\cwtch.exe - signtool sign /v /fd sha256 /a /f codesign.pfx /p $Env:pfx_pass /tr http://timestamp.digicert.com $Env:releasedir\libCwtch.dll - signtool sign /v /fd sha256 /a /f codesign.pfx /p $Env:pfx_pass /tr http://timestamp.digicert.com $Env:releasedir\flutter_windows.dll - copy windows\runner\resources\knot_128.ico $Env:releasedir\cwtch.ico - makensis windows\nsis\cwtch-installer.nsi - move windows\nsis\cwtch-installer.exe cwtch-installer.exe - signtool sign /v /fd sha256 /a /f codesign.pfx /p $Env:pfx_pass /tr http://timestamp.digicert.com cwtch-installer.exe - powershell -command "(Get-FileHash cwtch-installer.exe -Algorithm sha512).Hash" > cwtch-installer.sha512.txt - mkdir deploy - mkdir deploy\$Env:builddir - move $Env:releasedir $Env:builddir - powershell -command "Compress-Archive -Path $Env:builddir -DestinationPath cwtch.zip" - powershell -command "(Get-FileHash cwtch.zip -Algorithm sha512).Hash" > $Env:zipsha - move cwtch-installer.exe deploy\$Env:builddir\cwtch-installer-$Env:version.exe - move cwtch.zip deploy\$Env:builddir\$Env:zip - move *.sha512.txt deploy\$Env:builddir - name: deploy-windows image: openpriv/flutter-desktop:windows-sdk30-fstable-3.13.4 when: event: push status: [ success ] environment: BUILDFILES_KEY: from_secret: buildfiles_key commands: - echo $Env:BUILDFILES_KEY > id_rsab64 - certutil -decode id_rsab64 id_rsa - scp -r -o StrictHostKeyChecking=no -i id_rsa deploy\\* buildfiles@build.openprivacy.ca:/home/buildfiles/buildfiles/ trigger: # repo: cwtch.im/cwtch-ui # allow forks to build? branch: trunk event: - push - pull_request --- kind: pipeline type: exec name: macos platform: os: darwin arch: amd64 clone: disable: true steps: - name: clone environment: buildbot_key_b64: from_secret: buildbot_key_b64 commands: - mkdir ~/.ssh - echo $buildbot_key_b64 > ~/.ssh/id_rsa.b64 - ls -lh ~/.ssh/id_rsa.b64 - base64 -d -i ~/.ssh/id_rsa.b64 -o ~/.ssh/id_rsa - chmod 400 ~/.ssh/id_rsa # force by pass of ssh host key check, less secure - ssh-keyscan -H git.openprivacy.ca >> ~/.ssh/known_hosts - git init - git config core.sshCommand 'ssh -o StrictHostKeyChecking=no -i ~/.ssh/id_rsa' - git remote add origin gogs@git.openprivacy.ca:$DRONE_REPO.git - git pull origin trunk - git fetch --tags - git checkout $DRONE_COMMIT # use Drone ssh var instead of hardcode to allow forks to build (gogs@git.openprivacy.ca:cwtch.im/cwtch-ui.git) #- git clone gogs@git.openprivacy.ca:$DRONE_REPO.git . #- git checkout $DRONE_COMMIT - name: fetch commands: - ./fetch-tor-macos.sh - echo `git describe --tags --abbrev=1` > VERSION - echo `git log -1 --format=%cd --date=format:%G-%m-%d-%H-%M` > COMMIT_DATE - export PATH=$PATH:/Users/drone/development/flutter/bin - flutter pub get - mkdir deploy - ./fetch-libcwtch-go-macos.sh # Drone builds in container directories and gem seems to have some weird side effects so have to manually re install these locally - gem install --user-install ffi -v 1.15.5 -- --enable-libffi-alloc # currently unneeded to reinstall but was, and may be again? so saving #- gem install --user-install cocoapods -v 1.11.3 - name: build-macos commands: - export PATH=$PATH:/Users/drone/bin/flutter/bin - export PATH=$GEM_HOME/ruby/2.6.0/bin:$PATH - flutter build macos --dart-define BUILD_VER=`cat VERSION` --dart-define BUILD_DATE=`cat COMMIT_DATE` - export PATH=$PATH:/opt/homebrew/bin/ #create-dmg - macos/package-release.sh - mkdir -p deploy - mv Cwtch.dmg deploy/Cwtch-`cat VERSION`.dmg - name: deploy-buildfiles environment: BUILDFILES_KEY: from_secret: buildfiles_key when: event: push status: [ success ] commands: - echo $BUILDFILES_KEY > ~/id_rsab64 - base64 -d -i ~/id_rsab64 -o ~/id_rsa - chmod 400 ~/id_rsa - export DIR=flwtch-`cat COMMIT_DATE`-`cat VERSION` - mv deploy $DIR - cd $DIR - find . -type f -exec shasum -a 512 {} \; > ./../Cwtch.dmg.sha512.txt - mv ./../Cwtch.dmg.sha512.txt . - cd .. - scp -r -o StrictHostKeyChecking=no -i ~/id_rsa $DIR buildfiles@build.openprivacy.ca:/home/buildfiles/buildfiles/ trigger: #repo: cwtch.im/cwtch-ui # allow forks to build? branch: trunk event: - push - pull_request