ooni-probe-cli/.github/workflows/android.yml

306 lines
8.8 KiB
YAML
Raw Permalink Normal View History

# File generated by `go run ./GHGEN`; DO NOT EDIT.
name: android
on:
push:
branches:
- "release/**"
- "fullbuild"
- "androidbuild"
[forwardport] ci/cd: publish binaries onto a release when we create a tag (#609) (#611) This diff forwardports 856e436e20d511a4f0d618546da7921fa9f8c5f6 to the master branch Original commit message: - - - This pull request changes `mk` and github workflows to build and publish binaries on tag. We also update the documentation to explain this new branching model. Basically, we have release branches where we produce binary packages and we add extra code, on tag, to publish such packages inside a release. We discussed removing most secrets from builds in this repository and having a different tool/repository that takes in input also secrets for doing follow-up actions after publishing. As a consequence, this pull request also removes all pieces of code that require secrets. The next step is to reinstate this code in this new repository/tool. The existing code in `mk` also implemented caching. This feature was useful when doing local builds because it reduced the time required to obtain binary releases. With builds running as part of GitHub actions, we don't need caching because we spawn parallel machines to build binaries. Therefore, let us also remove caching, which makes the code simpler. (Caching in itself is hard and in https://github.com/ooni/probe/issues/1875 I noted that, for example, caching of the `ooni/go` repository was leading to some unwanted behaviour when changing the branch. Without caching, this behaviour is gone and we always generally use fresh information to produce builds.) Of course, this means that local builds are now slower, but I do not think this is a problem _because_ we want to use GitHub actions for building in the common case. Reference issues: https://github.com/ooni/probe/issues/1879 and https://github.com/ooni/probe/issues/1875. The final aspect to mention to conclude this description is an implementation one: ``` gh release create -p $tag --target $GITHUB_SHA || true ``` The code above uses `|| true` because there could already be a release. So, basically, it means that, if a release does not already exist, then we're going to create one. Otherwise, it does not matter because there's already a release.
2021-11-23 15:56:25 +01:00
tags:
- "v*"
schedule:
- cron: "17 1 * * *"
[forwardport] ci/cd: publish binaries onto a release when we create a tag (#609) (#611) This diff forwardports 856e436e20d511a4f0d618546da7921fa9f8c5f6 to the master branch Original commit message: - - - This pull request changes `mk` and github workflows to build and publish binaries on tag. We also update the documentation to explain this new branching model. Basically, we have release branches where we produce binary packages and we add extra code, on tag, to publish such packages inside a release. We discussed removing most secrets from builds in this repository and having a different tool/repository that takes in input also secrets for doing follow-up actions after publishing. As a consequence, this pull request also removes all pieces of code that require secrets. The next step is to reinstate this code in this new repository/tool. The existing code in `mk` also implemented caching. This feature was useful when doing local builds because it reduced the time required to obtain binary releases. With builds running as part of GitHub actions, we don't need caching because we spawn parallel machines to build binaries. Therefore, let us also remove caching, which makes the code simpler. (Caching in itself is hard and in https://github.com/ooni/probe/issues/1875 I noted that, for example, caching of the `ooni/go` repository was leading to some unwanted behaviour when changing the branch. Without caching, this behaviour is gone and we always generally use fresh information to produce builds.) Of course, this means that local builds are now slower, but I do not think this is a problem _because_ we want to use GitHub actions for building in the common case. Reference issues: https://github.com/ooni/probe/issues/1879 and https://github.com/ooni/probe/issues/1875. The final aspect to mention to conclude this description is an implementation one: ``` gh release create -p $tag --target $GITHUB_SHA || true ``` The code above uses `|| true` because there could already be a release. So, basically, it means that, if a release does not already exist, then we're going to create one. Otherwise, it does not matter because there's already a release.
2021-11-23 15:56:25 +01:00
jobs:
build_android_mobile:
runs-on: ubuntu-20.04
steps:
- uses: actions/checkout@v2
with:
fetch-depth: 0
- name: Get GOVERSION content
id: goversion
run: echo ::set-output name=version::$(cat GOVERSION)
- uses: magnetikonline/action-golang-cache@v2
with:
go-version: "${{ steps.goversion.outputs.version }}"
cache-key-suffix: "-android-oonimkall-${{ steps.goversion.outputs.version }}"
- run: |
echo -n $PSIPHON_CONFIG_KEY > ./internal/engine/psiphon-config.key
echo $PSIPHON_CONFIG_JSON_AGE_BASE64 | base64 -d > ./internal/engine/psiphon-config.json.age
env:
PSIPHON_CONFIG_KEY: ${{ secrets.PSIPHON_CONFIG_KEY }}
PSIPHON_CONFIG_JSON_AGE_BASE64: ${{ secrets.PSIPHON_CONFIG_JSON_AGE_BASE64 }}
- run: make MOBILE/android
[forwardport] ci/cd: publish binaries onto a release when we create a tag (#609) (#611) This diff forwardports 856e436e20d511a4f0d618546da7921fa9f8c5f6 to the master branch Original commit message: - - - This pull request changes `mk` and github workflows to build and publish binaries on tag. We also update the documentation to explain this new branching model. Basically, we have release branches where we produce binary packages and we add extra code, on tag, to publish such packages inside a release. We discussed removing most secrets from builds in this repository and having a different tool/repository that takes in input also secrets for doing follow-up actions after publishing. As a consequence, this pull request also removes all pieces of code that require secrets. The next step is to reinstate this code in this new repository/tool. The existing code in `mk` also implemented caching. This feature was useful when doing local builds because it reduced the time required to obtain binary releases. With builds running as part of GitHub actions, we don't need caching because we spawn parallel machines to build binaries. Therefore, let us also remove caching, which makes the code simpler. (Caching in itself is hard and in https://github.com/ooni/probe/issues/1875 I noted that, for example, caching of the `ooni/go` repository was leading to some unwanted behaviour when changing the branch. Without caching, this behaviour is gone and we always generally use fresh information to produce builds.) Of course, this means that local builds are now slower, but I do not think this is a problem _because_ we want to use GitHub actions for building in the common case. Reference issues: https://github.com/ooni/probe/issues/1879 and https://github.com/ooni/probe/issues/1875. The final aspect to mention to conclude this description is an implementation one: ``` gh release create -p $tag --target $GITHUB_SHA || true ``` The code above uses `|| true` because there could already be a release. So, basically, it means that, if a release does not already exist, then we're going to create one. Otherwise, it does not matter because there's already a release.
2021-11-23 15:56:25 +01:00
- uses: actions/upload-artifact@v2
with:
name: oonimkall.aar
path: ./MOBILE/android/oonimkall.aar
- uses: actions/upload-artifact@v2
with:
name: oonimkall-sources.jar
path: ./MOBILE/android/oonimkall-sources.jar
- uses: actions/upload-artifact@v2
with:
name: oonimkall.pom
path: ./MOBILE/android/oonimkall.pom
publish_android_mobile:
runs-on: ubuntu-20.04
needs: build_android_mobile
permissions:
contents: write
steps:
- uses: actions/checkout@v2
with:
fetch-depth: 0
- uses: actions/download-artifact@v2
with:
name: oonimkall.aar
- uses: actions/download-artifact@v2
with:
name: oonimkall-sources.jar
- uses: actions/download-artifact@v2
with:
name: oonimkall.pom
- run: ./script/ghpublish.bash oonimkall.aar oonimkall-sources.jar oonimkall.pom
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
build_android_cli_386:
runs-on: ubuntu-20.04
steps:
- uses: actions/checkout@v2
with:
fetch-depth: 0
- name: Get GOVERSION content
id: goversion
run: echo ::set-output name=version::$(cat GOVERSION)
- uses: magnetikonline/action-golang-cache@v2
with:
go-version: "${{ steps.goversion.outputs.version }}"
cache-key-suffix: "-android-cli-386-${{ steps.goversion.outputs.version }}"
- run: |
echo -n $PSIPHON_CONFIG_KEY > ./internal/engine/psiphon-config.key
echo $PSIPHON_CONFIG_JSON_AGE_BASE64 | base64 -d > ./internal/engine/psiphon-config.json.age
env:
PSIPHON_CONFIG_KEY: ${{ secrets.PSIPHON_CONFIG_KEY }}
PSIPHON_CONFIG_JSON_AGE_BASE64: ${{ secrets.PSIPHON_CONFIG_JSON_AGE_BASE64 }}
- run: make CLI/android-386
- uses: actions/upload-artifact@v2
with:
name: miniooni-android-386
path: ./CLI/miniooni-android-386
- uses: actions/upload-artifact@v2
with:
name: ooniprobe-android-386
path: ./CLI/ooniprobe-android-386
publish_android_cli_386:
runs-on: ubuntu-20.04
needs: build_android_cli_386
permissions:
contents: write
steps:
- uses: actions/checkout@v2
with:
fetch-depth: 0
- uses: actions/download-artifact@v2
with:
name: miniooni-android-386
- uses: actions/download-artifact@v2
with:
name: ooniprobe-android-386
- run: ./script/ghpublish.bash miniooni-android-386 ooniprobe-android-386
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
build_android_cli_amd64:
runs-on: ubuntu-20.04
steps:
- uses: actions/checkout@v2
with:
fetch-depth: 0
- name: Get GOVERSION content
id: goversion
run: echo ::set-output name=version::$(cat GOVERSION)
- uses: magnetikonline/action-golang-cache@v2
with:
go-version: "${{ steps.goversion.outputs.version }}"
cache-key-suffix: "-android-cli-amd64-${{ steps.goversion.outputs.version }}"
- run: |
echo -n $PSIPHON_CONFIG_KEY > ./internal/engine/psiphon-config.key
echo $PSIPHON_CONFIG_JSON_AGE_BASE64 | base64 -d > ./internal/engine/psiphon-config.json.age
env:
PSIPHON_CONFIG_KEY: ${{ secrets.PSIPHON_CONFIG_KEY }}
PSIPHON_CONFIG_JSON_AGE_BASE64: ${{ secrets.PSIPHON_CONFIG_JSON_AGE_BASE64 }}
- run: make CLI/android-amd64
- uses: actions/upload-artifact@v2
with:
name: miniooni-android-amd64
path: ./CLI/miniooni-android-amd64
- uses: actions/upload-artifact@v2
with:
name: ooniprobe-android-amd64
path: ./CLI/ooniprobe-android-amd64
publish_android_cli_amd64:
runs-on: ubuntu-20.04
needs: build_android_cli_amd64
permissions:
contents: write
steps:
- uses: actions/checkout@v2
with:
fetch-depth: 0
- uses: actions/download-artifact@v2
with:
name: miniooni-android-amd64
- uses: actions/download-artifact@v2
with:
name: ooniprobe-android-amd64
- run: ./script/ghpublish.bash miniooni-android-amd64 ooniprobe-android-amd64
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
build_android_cli_arm:
runs-on: ubuntu-20.04
steps:
- uses: actions/checkout@v2
with:
fetch-depth: 0
- name: Get GOVERSION content
id: goversion
run: echo ::set-output name=version::$(cat GOVERSION)
- uses: magnetikonline/action-golang-cache@v2
with:
go-version: "${{ steps.goversion.outputs.version }}"
cache-key-suffix: "-android-cli-arm-${{ steps.goversion.outputs.version }}"
- run: |
echo -n $PSIPHON_CONFIG_KEY > ./internal/engine/psiphon-config.key
echo $PSIPHON_CONFIG_JSON_AGE_BASE64 | base64 -d > ./internal/engine/psiphon-config.json.age
env:
PSIPHON_CONFIG_KEY: ${{ secrets.PSIPHON_CONFIG_KEY }}
PSIPHON_CONFIG_JSON_AGE_BASE64: ${{ secrets.PSIPHON_CONFIG_JSON_AGE_BASE64 }}
- run: make CLI/android-arm
- uses: actions/upload-artifact@v2
with:
name: miniooni-android-arm
path: ./CLI/miniooni-android-arm
- uses: actions/upload-artifact@v2
with:
name: ooniprobe-android-arm
path: ./CLI/ooniprobe-android-arm
publish_android_cli_arm:
runs-on: ubuntu-20.04
needs: build_android_cli_arm
permissions:
contents: write
steps:
- uses: actions/checkout@v2
with:
fetch-depth: 0
- uses: actions/download-artifact@v2
with:
name: miniooni-android-arm
- uses: actions/download-artifact@v2
with:
name: ooniprobe-android-arm
- run: ./script/ghpublish.bash miniooni-android-arm ooniprobe-android-arm
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
build_android_cli_arm64:
runs-on: ubuntu-20.04
steps:
- uses: actions/checkout@v2
with:
fetch-depth: 0
- name: Get GOVERSION content
id: goversion
run: echo ::set-output name=version::$(cat GOVERSION)
- uses: magnetikonline/action-golang-cache@v2
with:
go-version: "${{ steps.goversion.outputs.version }}"
cache-key-suffix: "-android-cli-arm64-${{ steps.goversion.outputs.version }}"
- run: |
echo -n $PSIPHON_CONFIG_KEY > ./internal/engine/psiphon-config.key
echo $PSIPHON_CONFIG_JSON_AGE_BASE64 | base64 -d > ./internal/engine/psiphon-config.json.age
env:
PSIPHON_CONFIG_KEY: ${{ secrets.PSIPHON_CONFIG_KEY }}
PSIPHON_CONFIG_JSON_AGE_BASE64: ${{ secrets.PSIPHON_CONFIG_JSON_AGE_BASE64 }}
- run: make CLI/android-arm64
- uses: actions/upload-artifact@v2
with:
name: miniooni-android-arm64
path: ./CLI/miniooni-android-arm64
- uses: actions/upload-artifact@v2
with:
name: ooniprobe-android-arm64
path: ./CLI/ooniprobe-android-arm64
publish_android_cli_arm64:
runs-on: ubuntu-20.04
needs: build_android_cli_arm64
permissions:
contents: write
steps:
- uses: actions/checkout@v2
with:
fetch-depth: 0
- uses: actions/download-artifact@v2
with:
name: miniooni-android-arm64
- uses: actions/download-artifact@v2
with:
name: ooniprobe-android-arm64
- run: ./script/ghpublish.bash miniooni-android-arm64 ooniprobe-android-arm64
[forwardport] ci/cd: publish binaries onto a release when we create a tag (#609) (#611) This diff forwardports 856e436e20d511a4f0d618546da7921fa9f8c5f6 to the master branch Original commit message: - - - This pull request changes `mk` and github workflows to build and publish binaries on tag. We also update the documentation to explain this new branching model. Basically, we have release branches where we produce binary packages and we add extra code, on tag, to publish such packages inside a release. We discussed removing most secrets from builds in this repository and having a different tool/repository that takes in input also secrets for doing follow-up actions after publishing. As a consequence, this pull request also removes all pieces of code that require secrets. The next step is to reinstate this code in this new repository/tool. The existing code in `mk` also implemented caching. This feature was useful when doing local builds because it reduced the time required to obtain binary releases. With builds running as part of GitHub actions, we don't need caching because we spawn parallel machines to build binaries. Therefore, let us also remove caching, which makes the code simpler. (Caching in itself is hard and in https://github.com/ooni/probe/issues/1875 I noted that, for example, caching of the `ooni/go` repository was leading to some unwanted behaviour when changing the branch. Without caching, this behaviour is gone and we always generally use fresh information to produce builds.) Of course, this means that local builds are now slower, but I do not think this is a problem _because_ we want to use GitHub actions for building in the common case. Reference issues: https://github.com/ooni/probe/issues/1879 and https://github.com/ooni/probe/issues/1875. The final aspect to mention to conclude this description is an implementation one: ``` gh release create -p $tag --target $GITHUB_SHA || true ``` The code above uses `|| true` because there could already be a release. So, basically, it means that, if a release does not already exist, then we're going to create one. Otherwise, it does not matter because there's already a release.
2021-11-23 15:56:25 +01:00
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
# End of autogenerated file