diff --git a/.github/actions/build_binaries/action.yml b/.github/actions/build_binaries/action.yml index b01258ac633..fa28966a390 100644 --- a/.github/actions/build_binaries/action.yml +++ b/.github/actions/build_binaries/action.yml @@ -4,10 +4,10 @@ description: Build Ockam Binaries For Different Architechtures inputs: build_command: description: Indicate if building the ockam command - default: 'true' + default: "true" build_app: description: Indicate if we are also building ockam app - default: 'false' + default: "false" use_cross_build: description: Indicate If Cross Should Be Used To Build Binary Instead Of Cargo required: true @@ -61,52 +61,3 @@ runs: fi cp target/${{ inputs.target }}/release/ockam target/${{ inputs.target }}/release/ockam_command - - - shell: bash - if: inputs.build_app == 'true' - run: | - set -x - - use_cross_build=${{ inputs.use_cross_build }} - - # depending on the target, we may build the x86 or arm variant - # regardless of the host machine - - # if any macos, also build the swiftui - if [[ ${{ inputs.target }} == *apple-darwin* ]]; then - - # first we build the rust library, cross compiling if needed - if [[ $use_cross_build == "true" ]]; then - cross build -p ockam_app_lib --target ${{ inputs.target }} --release --no-default-features -F aws-lc - else - cargo build -p ockam_app_lib --target ${{ inputs.target }} --release --no-default-features -F aws-lc - fi - - # copy the ockam_app_lib and ockam binary in target/release/ where xcode is expecting them - cp target/${{ inputs.target }}/release/ockam target/release/ - cp target/${{ inputs.target }}/release/libockam_app_lib.a target/release/ - cp target/${{ inputs.target }}/release/libockam_app_lib.d target/release/ - - # address dependencies for the swiftui app - brew install create-dmg - - if [[ ${{ inputs.target }} == *x86_64* ]]; then - make swift_xcode_build_signed \ - DEVELOPMENT_TEAM="${DEVELOPMENT_TEAM}" \ - PROVISIONING_PROFILE_SPECIFIER="${PROVISIONING_PROFILE_SPECIFIER}" \ - CODE_SIGN_IDENTITY="${CODE_SIGN_IDENTITY}" \ - KEYCHAIN_PROFILE="${KEYCHAIN_PATH}" \ - ARCH=x86_64 - else - make swift_xcode_build_signed \ - DEVELOPMENT_TEAM="${DEVELOPMENT_TEAM}" \ - PROVISIONING_PROFILE_SPECIFIER="${PROVISIONING_PROFILE_SPECIFIER}" \ - CODE_SIGN_IDENTITY="${CODE_SIGN_IDENTITY}" \ - KEYCHAIN_PROFILE="${KEYCHAIN_PATH}" \ - ARCH=arm64 - fi - - make swift_package_only - - xcrun notarytool submit implementations/swift/build/Ockam.dmg --team-id ${{ env.DEVELOPMENT_TEAM }} --apple-id ${{ env.NOTARIZATION_EMAIL }} --password ${{ env.NOTARIZATION_PASSWORD }} --wait - fi diff --git a/.github/workflows/release-draft-binaries.yml b/.github/workflows/release-draft-binaries.yml index 5757ed2f37f..070d0189583 100644 --- a/.github/workflows/release-draft-binaries.yml +++ b/.github/workflows/release-draft-binaries.yml @@ -219,7 +219,18 @@ jobs: target: x86_64-unknown-linux-gnu use-cross-build: false build_app: true - build_command: false + - build: linux_aarch64_gnu + os: ubuntu-22.04 + toolchain: stable + target: aarch64-unknown-linux-gnu + use-cross-build: true + build_app: true + - build: linux_armv7_gnu + os: ubuntu-22.04 + toolchain: stable + target: armv7-unknown-linux-gnueabihf + use-cross-build: true + build_app: true - build: macos_silicon os: macos-14 toolchain: stable @@ -242,44 +253,6 @@ jobs: - name: Echo Link run: echo "${{ needs.create_release.outputs.upload_url }}" - - name: Apple Signing Initialization - if: ${{ matrix.os == 'macos-14' }} - shell: bash - env: - BUILD_CERTIFICATE_BASE64: ${{ secrets.BUILD_CERTIFICATE_BASE64 }} - P12_PASSWORD: ${{ secrets.P12_PASSWORD }} - BUILD_PROVISION_PROFILE_BASE64: ${{ secrets.BUILD_PROVISION_PROFILE_BASE64 }} - KEYCHAIN_PASSWORD: ${{ secrets.KEYCHAIN_PASSWORD }} - run: | - set -ex - # Switch to xcode 15 - sudo xcode-select --switch /Applications/Xcode_15.0.app/ - - # create variables - CERTIFICATE_PATH=$RUNNER_TEMP/build_certificate.p12 - PP_PATH=$RUNNER_TEMP/build_pp.provisionprofile - KEYCHAIN_PATH=$RUNNER_TEMP/app-signing.keychain-db - - # import certificate and provisioning profile from secrets - echo -n "$BUILD_CERTIFICATE_BASE64" | base64 --decode -o $CERTIFICATE_PATH - echo -n "$BUILD_PROVISION_PROFILE_BASE64" | base64 --decode -o $PP_PATH - - # create temporary keychain - security create-keychain -p "$KEYCHAIN_PASSWORD" $KEYCHAIN_PATH - security set-keychain-settings -lut 21600 $KEYCHAIN_PATH - security unlock-keychain -p "$KEYCHAIN_PASSWORD" $KEYCHAIN_PATH - - # import certificate to keychain - security import $CERTIFICATE_PATH -P "$P12_PASSWORD" -A -t cert -f pkcs12 -k $KEYCHAIN_PATH - security list-keychain -d user -s $KEYCHAIN_PATH - - # apply provisioning profile - mkdir -p ~/Library/MobileDevice/Provisioning\ Profiles - cp $PP_PATH ~/Library/MobileDevice/Provisioning\ Profiles - - # Add keychain path to env - echo "KEYCHAIN_PATH=${KEYCHAIN_PATH}" >> "$GITHUB_ENV" - - uses: ./.github/actions/build_binaries with: use_cross_build: ${{ matrix.use-cross-build }} @@ -294,10 +267,6 @@ jobs: cp target/${{ matrix.target }}/release/ockam_command ockam.${{ matrix.target }} echo "ASSET_OCKAM_CLI=ockam.${{ matrix.target }}" >> $GITHUB_ENV - if [ -e "implementations/swift/build/Ockam.dmg" ]; then - cp "implementations/swift/build/Ockam.dmg" "ockam.app.${{ matrix.target }}.dmg" - echo "ASSET_OCKAM_APP_DMG=ockam.app.${{ matrix.target }}.dmg" >> $GITHUB_ENV - fi ls $GITHUB_WORKSPACE - name: Install Cosign @@ -311,9 +280,6 @@ jobs: COSIGN_PASSWORD: '${{ secrets.COSIGN_PRIVATE_KEY_PASSWORD }}' run: | cosign sign-blob --yes --key env://PRIVATE_KEY "${{ env.ASSET_OCKAM_CLI }}" > "${{ env.ASSET_OCKAM_CLI }}.sig" - if [ -n "${{ env.ASSET_OCKAM_APP_DMG }}" ]; then - cosign sign-blob --yes --key env://PRIVATE_KEY "${{ env.ASSET_OCKAM_APP_DMG }}" > "${{ env.ASSET_OCKAM_APP_DMG }}.sig" - fi - name: Upload CLI release archive to GitHub uses: actions/upload-release-asset@ef2adfe8cb8ebfa540930c452c576b3819990faa @@ -357,53 +323,6 @@ jobs: file_name: ${{ env.ASSET_OCKAM_CLI }}.sig release_version: "v${{ needs.create_release.outputs.version }}" - - name: Upload MacOS App release to GitHub - uses: actions/upload-release-asset@ef2adfe8cb8ebfa540930c452c576b3819990faa - if: ${{ env.ASSET_OCKAM_APP_DMG }} - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - with: - upload_url: ${{ needs.create_release.outputs.upload_url }} - asset_path: ${{ env.ASSET_OCKAM_APP_DMG }} - asset_name: ${{ env.ASSET_OCKAM_APP_DMG }} - asset_content_type: application/octet-stream - - - name: Upload MacOS App release Signature to GitHub - uses: actions/upload-release-asset@ef2adfe8cb8ebfa540930c452c576b3819990faa - if: ${{ env.ASSET_OCKAM_APP_DMG }} - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - with: - upload_url: ${{ needs.create_release.outputs.upload_url }} - asset_path: ${{ env.ASSET_OCKAM_APP_DMG }}.sig - asset_name: ${{ env.ASSET_OCKAM_APP_DMG }}.sig - asset_content_type: application/octet-stream - - - - name: Upload MacOS App release to AWS - uses: ./.github/actions/aws_upload - if: ${{ env.ASSET_OCKAM_APP_DMG }} - with: - aws_role: ${{ env.AWS_ROLE }} - aws_role_session_name: aws_upload - aws_region: ${{ env.AWS_REGION }} - bucket_name: ${{ env.BUCKET_NAME }} - file_name: ${{ env.ASSET_OCKAM_APP_DMG }} - release_version: "v${{ needs.create_release.outputs.version }}" - - - - name: Upload MacOS App release Signature to AWS - uses: ./.github/actions/aws_upload - if: ${{ env.ASSET_OCKAM_APP_DMG }} - with: - aws_role: ${{ env.AWS_ROLE }} - aws_role_session_name: aws_upload - aws_region: ${{ env.AWS_REGION }} - bucket_name: ${{ env.BUCKET_NAME }} - file_name: ${{ env.ASSET_OCKAM_APP_DMG }}.sig - release_version: "v${{ needs.create_release.outputs.version }}" - - build_elixir_nifs: name: Build Elixir NIFs needs: create_release diff --git a/tools/templates/ockam.dockerfile b/tools/templates/ockam.dockerfile index c0bdb4b7a04..ececafbcacb 100644 --- a/tools/templates/ockam.dockerfile +++ b/tools/templates/ockam.dockerfile @@ -7,16 +7,16 @@ RUN \ ls; \ case "$(uname -m)" in \ aarch64*) \ - echo "ockam.aarch64-unknown-linux-musl_sha256_value ockam.aarch64-unknown-linux-musl" | sha256sum -c; \ - mv ockam.aarch64-unknown-linux-musl /ockam; \ + echo "ockam.aarch64-unknown-linux-gnu_sha256_value ockam.aarch64-unknown-linux-gnu" | sha256sum -c; \ + mv ockam.aarch64-unknown-linux-gnu /ockam; \ ;; \ x86_64*) \ - echo "ockam.x86_64-unknown-linux-musl_sha256_value ockam.x86_64-unknown-linux-musl" | sha256sum -c; \ - mv ockam.x86_64-unknown-linux-musl /ockam; \ + echo "ockam.x86_64-unknown-linux-gnu_sha256_value ockam.x86_64-unknown-linux-gnu" | sha256sum -c; \ + mv ockam.x86_64-unknown-linux-gnu /ockam; \ ;; \ armv7l*) \ - echo "ockam.armv7-unknown-linux-musleabihf_sha256_value ockam.armv7-unknown-linux-musleabihf" | sha256sum -c; \ - mv ockam.armv7-unknown-linux-musleabihf /ockam; \ + echo "ockam.armv7-unknown-linux-gnueabihf_sha256_value ockam.armv7-unknown-linux-gnueabihf" | sha256sum -c; \ + mv ockam.armv7-unknown-linux-gnueabihf /ockam; \ ;; \ *) \ echo "unknown arch: $(uname -m)" \