Skip to content

Persistent draft PR to manage EDU viewer releases #6632

Persistent draft PR to manage EDU viewer releases

Persistent draft PR to manage EDU viewer releases #6632

Workflow file for this run

name: Build
on:
pull_request:
push:
branches: ["main", "release/*", "project/*"]
tags: ["Second_Life*"]
jobs:
# The whole point of the setup job is that we want to set variables once
# that will be consumed by multiple subsequent jobs.
setup:
runs-on: ubuntu-latest
outputs:
release_run: ${{ steps.setvar.outputs.release_run }}
configurations: ${{ steps.setvar.outputs.configurations }}
bugsplat_db: ${{ steps.setvar.outputs.bugsplat_db }}
env:
# Build with a tag like "Second_Life#abcdef0" to generate a release page
# (used for builds we are planning to deploy).
# When you want to use a string variable as a workflow YAML boolean, it's
# important to ensure it's the empty string when false. If you omit || '',
# its value when false is "false", which is interpreted as true.
RELEASE_RUN: ${{ (github.event.inputs.release_run || github.ref_type == 'tag' && startsWith(github.ref_name, 'Second_Life')) && 'Y' || '' }}
FROM_FORK: ${{ github.event.pull_request.head.repo.fork }}
steps:
- name: Set Variables
id: setvar
shell: bash
run: |
echo "release_run=$RELEASE_RUN" >> "$GITHUB_OUTPUT"
if [[ "$FROM_FORK" == "true" ]]; then
# PR from fork; don't build with Bugsplat, proprietary libs
echo 'configurations=["ReleaseOS"]' >> $GITHUB_OUTPUT
echo "bugsplat_db=" >> $GITHUB_OUTPUT
else
echo 'configurations=["Release"]' >> $GITHUB_OUTPUT
echo "bugsplat_db=SecondLife_Viewer_2018" >> $GITHUB_OUTPUT
fi
build:
needs: setup
strategy:
matrix:
runner: [windows-large, macos-12-large]
configuration: ${{ fromJSON(needs.setup.outputs.configurations) }}
runs-on: ${{ matrix.runner }}
outputs:
viewer_channel: ${{ steps.build.outputs.viewer_channel }}
viewer_version: ${{ steps.build.outputs.viewer_version }}
viewer_branch: ${{ steps.which-branch.outputs.branch }}
relnotes: ${{ steps.which-branch.outputs.relnotes }}
imagename: ${{ steps.build.outputs.imagename }}
configuration: ${{ matrix.configuration }}
env:
AUTOBUILD_ADDRSIZE: 64
AUTOBUILD_BUILD_ID: ${{ github.run_id }}
AUTOBUILD_CONFIGURATION: ${{ matrix.configuration }}
# authorizes fetching private constituent packages
AUTOBUILD_GITHUB_TOKEN: ${{ secrets.SHARED_AUTOBUILD_GITHUB_TOKEN }}
AUTOBUILD_INSTALLABLE_CACHE: ${{ github.workspace }}/.autobuild-installables
AUTOBUILD_VARIABLES_FILE: ${{ github.workspace }}/.build-variables/variables
# Direct autobuild to store vcs_url, vcs_branch and vcs_revision in
# autobuild-package.xml.
AUTOBUILD_VCS_INFO: "true"
AUTOBUILD_VSVER: "170"
DEVELOPER_DIR: "/Applications/Xcode_14.0.1.app/Contents/Developer"
# Ensure that Linden viewer builds engage Bugsplat.
BUGSPLAT_DB: ${{ needs.setup.outputs.bugsplat_db }}
build_coverity: false
build_log_dir: ${{ github.workspace }}/.logs
build_viewer: true
BUILDSCRIPTS_SHARED: ${{ github.workspace }}/.shared
# extracted and committed to viewer repo
BUILDSCRIPTS_SUPPORT_FUNCTIONS: ${{ github.workspace }}/buildscripts_support_functions
GIT_REF: ${{ github.head_ref || github.ref }}
LL_SKIP_REQUIRE_SYSROOT: 1
# Setting this variable directs Linden's TUT test driver code to capture
# test-program log output at the specified level, but to display it only if
# the individual test fails.
LOGFAIL: DEBUG
master_message_template_checkout: ${{ github.workspace }}/.master-message-template
# Only set variants to the one configuration: don't let build.sh loop
# over variants, let GitHub distribute variants over multiple hosts.
variants: ${{ matrix.configuration }}
steps:
- name: Checkout code
uses: actions/checkout@v4
with:
ref: ${{ github.event.pull_request.head.sha || github.sha }}
- name: Setup python
uses: actions/setup-python@v5
with:
python-version: "3.11"
- name: Checkout build variables
uses: actions/checkout@v4
with:
repository: secondlife/build-variables
ref: master
path: .build-variables
- name: Checkout master-message-template
uses: actions/checkout@v4
with:
repository: secondlife/master-message-template
path: .master-message-template
- name: Install autobuild and python dependencies
run: pip3 install autobuild llsd
- name: Cache autobuild packages
id: cache-installables
uses: actions/cache@v4
with:
path: .autobuild-installables
key: ${{ runner.os }}-64-${{ matrix.configuration }}-${{ hashFiles('autobuild.xml') }}
restore-keys: |
${{ runner.os }}-64-${{ matrix.configuration }}-
${{ runner.os }}-64-
- name: Determine source branch
id: which-branch
uses: secondlife/viewer-build-util/which-branch@v2
with:
token: ${{ github.token }}
- name: Build
id: build
shell: bash
env:
AUTOBUILD_VCS_BRANCH: ${{ steps.which-branch.outputs.branch }}
RUNNER_OS: ${{ runner.os }}
run: |
# set up things the viewer's build.sh script expects
set -x
mkdir -p "$build_log_dir"
mkdir -p "$BUILDSCRIPTS_SHARED/packages/lib/python"
source "$BUILDSCRIPTS_SUPPORT_FUNCTIONS"
if [[ "$OSTYPE" =~ cygwin|msys ]]
then
native_path() { cygpath --windows "$1"; }
shell_path() { cygpath --unix "$1"; }
else
native_path() { echo "$1"; }
shell_path() { echo "$1"; }
fi
finalize()
{
case "$1" in
true|0)
record_success "Build Succeeded"
;;
*)
record_failure "Build Failed with $1"
;;
esac
}
initialize_build()
{
echo "initialize_build"
}
initialize_version()
{
export revision="$AUTOBUILD_BUILD_ID"
}
python_cmd()
{
if [[ "x${1:0:1}" == "x-" ]] # -m, -c, etc.
then # if $1 is a switch, don't try to twiddle paths
"$(shell_path "$PYTHON_COMMAND")" "$@"
elif [[ "$(basename "$1")" == "codeticket.py" ]]
then # ignore any attempt to contact codeticket
echo "## $@"
else # running a script at an explicit path: fix path for Python
local script="$1"
shift
"$(shell_path "$PYTHON_COMMAND")" "$(native_path "$script")" "$@"
fi
}
repo_branch()
{
echo "$AUTOBUILD_VCS_BRANCH"
}
record_dependencies_graph()
{
echo "TODO: generate and post dependency graph"
}
# Since we're not uploading to codeticket, DO NOT sleep for minutes.
sleep()
{
echo "Not sleeping for $1 seconds"
}
export -f native_path shell_path finalize initialize_build initialize_version
export -f python_cmd repo_branch record_dependencies_graph sleep
## Useful for diagnosing Windows LLProcess/LLLeap test failures
##export APR_LOG="${RUNNER_TEMP}/apr.log"
export arch=$(uname | cut -b-6)
# Surprise! GH Windows runner's MINGW6 is a $arch value we've never
# seen before, so numerous tests don't know about it.
[[ "$arch" == "MINGW6" ]] && arch=CYGWIN
export AUTOBUILD="$(which autobuild)"
# For the EDU viewer, the channel is hardcoded
export viewer_channel="Second Life Release edu"
echo "viewer_channel=$viewer_channel"
echo "viewer_channel=$viewer_channel" >> "$GITHUB_OUTPUT"
# On windows we need to point the build to the correct python
# as neither CMake's FindPython nor our custom Python.cmake module
# will resolve the correct interpreter location.
if [[ "$RUNNER_OS" == "Windows" ]]; then
export PYTHON="$(native_path "$(which python)")"
echo "Python location: $PYTHON"
export PYTHON_COMMAND="$PYTHON"
else
export PYTHON_COMMAND="python3"
fi
export PYTHON_COMMAND_NATIVE="$(native_path "$PYTHON_COMMAND")"
./build.sh
# Each artifact is downloaded as a distinct .zip file. Multiple jobs
# (per the matrix above) writing the same filepath to the same
# artifact name will *overwrite* that file. Moreover, they can
# interfere with each other, causing the upload to fail.
# https://github.com/actions/upload-artifact#uploading-to-the-same-artifact
# Given the size of our installers, and the fact that we typically
# only want to download just one instead of a single zip containing
# several, generate a distinct artifact name for each installer.
# If the matrix above can run multiple builds on the same
# platform, we must disambiguate on more than the platform name.
# e.g. if we were still running Windows 32-bit builds, we'd need to
# qualify the artifact with bit width.
if [[ "$AUTOBUILD_CONFIGURATION" == "ReleaseOS" ]]
then cfg_suffix='OS'
else cfg_suffix=''
fi
echo "artifact=$RUNNER_OS$cfg_suffix" >> $GITHUB_OUTPUT
- name: Upload executable
if: steps.build.outputs.viewer_app
uses: actions/upload-artifact@v4
with:
name: "${{ steps.build.outputs.artifact }}-app"
path: |
${{ steps.build.outputs.viewer_app }}
# The other upload of nontrivial size is the symbol file. Use a distinct
# artifact for that too.
- name: Upload symbol file
if: steps.build.outputs.symbolfile
uses: actions/upload-artifact@v4
with:
name: "${{ steps.build.outputs.artifact }}-symbols"
path: ${{ steps.build.outputs.symbolfile }}
- name: Upload metadata
uses: actions/upload-artifact@v4
with:
name: "${{ steps.build.outputs.artifact }}-metadata"
# emitted by build.sh, possibly multiple lines
path: |
${{ steps.build.outputs.metadata }}
- name: Upload physics package
uses: actions/upload-artifact@v4
# should only be set for viewer-private
if: matrix.configuration == 'Release' && steps.build.outputs.physicstpv
with:
name: "${{ steps.build.outputs.artifact }}-physics"
# emitted by build.sh, zero or one lines
path: |
${{ steps.build.outputs.physicstpv }}
sign-and-package-windows:
env:
AZURE_KEY_VAULT_URI: ${{ secrets.AZURE_KEY_VAULT_URI }}
AZURE_CERT_NAME: ${{ secrets.AZURE_CERT_NAME }}
AZURE_CLIENT_ID: ${{ secrets.AZURE_CLIENT_ID }}
AZURE_CLIENT_SECRET: ${{ secrets.AZURE_CLIENT_SECRET }}
AZURE_TENANT_ID: ${{ secrets.AZURE_TENANT_ID }}
needs: build
runs-on: windows-large
steps:
- name: Sign and package Windows viewer
if: env.AZURE_KEY_VAULT_URI && env.AZURE_CERT_NAME && env.AZURE_CLIENT_ID && env.AZURE_CLIENT_SECRET && env.AZURE_TENANT_ID
uses: secondlife/viewer-build-util/sign-pkg-windows@v2
with:
vault_uri: "${{ env.AZURE_KEY_VAULT_URI }}"
cert_name: "${{ env.AZURE_CERT_NAME }}"
client_id: "${{ env.AZURE_CLIENT_ID }}"
client_secret: "${{ env.AZURE_CLIENT_SECRET }}"
tenant_id: "${{ env.AZURE_TENANT_ID }}"
sign-and-package-mac:
env:
NOTARIZE_CREDS_MACOS: ${{ secrets.NOTARIZE_CREDS_MACOS }}
SIGNING_CERT_MACOS: ${{ secrets.SIGNING_CERT_MACOS }}
SIGNING_CERT_MACOS_IDENTITY: ${{ secrets.SIGNING_CERT_MACOS_IDENTITY }}
SIGNING_CERT_MACOS_PASSWORD: ${{ secrets.SIGNING_CERT_MACOS_PASSWORD }}
needs: build
runs-on: macos-latest
steps:
- name: Unpack Mac notarization credentials
if: env.NOTARIZE_CREDS_MACOS
id: note-creds
shell: bash
run: |
# In NOTARIZE_CREDS_MACOS we expect to find:
# USERNAME="..."
# PASSWORD="..."
# TEAM_ID="..."
eval "${{ env.NOTARIZE_CREDS_MACOS }}"
echo "::add-mask::$USERNAME"
echo "::add-mask::$PASSWORD"
echo "::add-mask::$TEAM_ID"
echo "note_user=$USERNAME" >> "$GITHUB_OUTPUT"
echo "note_pass=$PASSWORD" >> "$GITHUB_OUTPUT"
echo "note_team=$TEAM_ID" >> "$GITHUB_OUTPUT"
# If we didn't manage to retrieve all of these credentials, better
# find out sooner than later.
[[ -n "$USERNAME" && -n "$PASSWORD" && -n "$TEAM_ID" ]]
- name: Sign and package Mac viewer
if: env.SIGNING_CERT_MACOS && env.SIGNING_CERT_MACOS_IDENTITY && env.SIGNING_CERT_MACOS_PASSWORD && steps.note-creds.outputs.note_user && steps.note-creds.outputs.note_pass && steps.note-creds.outputs.note_team
uses: secondlife/viewer-build-util/sign-pkg-mac@v2
with:
channel: ${{ needs.build.outputs.viewer_channel }}
imagename: ${{ needs.build.outputs.imagename }}
cert_base64: ${{ env.SIGNING_CERT_MACOS }}
cert_name: ${{ env.SIGNING_CERT_MACOS_IDENTITY }}
cert_pass: ${{ env.SIGNING_CERT_MACOS_PASSWORD }}
note_user: ${{ steps.note-creds.outputs.note_user }}
note_pass: ${{ steps.note-creds.outputs.note_pass }}
note_team: ${{ steps.note-creds.outputs.note_team }}
post-windows-symbols:
env:
BUGSPLAT_USER: ${{ secrets.BUGSPLAT_USER }}
BUGSPLAT_PASS: ${{ secrets.BUGSPLAT_PASS }}
needs: build
if: needs.build.outputs.configuration == 'Release'
runs-on: ubuntu-latest
steps:
- name: Download viewer exe
uses: actions/download-artifact@v4
with:
name: Windows-app
path: _artifacts
- name: Download Windows Symbols
if: env.BUGSPLAT_USER && env.BUGSPLAT_PASS
uses: actions/download-artifact@v4
with:
name: Windows-symbols
- name: Extract viewer pdb
if: env.BUGSPLAT_USER && env.BUGSPLAT_PASS
shell: bash
run: |
tar -xJf "${{ needs.build.outputs.viewer_channel }}.sym.tar.xz" -C _artifacts
- name: Post Windows symbols
if: env.BUGSPLAT_USER && env.BUGSPLAT_PASS
uses: secondlife-3p/symbol-upload@v10
with:
username: ${{ env.BUGSPLAT_USER }}
password: ${{ env.BUGSPLAT_PASS }}
database: "SecondLife_Viewer_2018"
application: ${{ needs.build.outputs.viewer_channel }}
version: ${{ needs.build.outputs.viewer_version }}
directory: _artifacts
files: "**/{SecondLifeViewer.exe,llwebrtc.dll,*.pdb}"
post-mac-symbols:
env:
BUGSPLAT_USER: ${{ secrets.BUGSPLAT_USER }}
BUGSPLAT_PASS: ${{ secrets.BUGSPLAT_PASS }}
needs: build
if: needs.build.outputs.configuration == 'Release'
runs-on: ubuntu-latest
steps:
- name: Download Mac Symbols
if: env.BUGSPLAT_USER && env.BUGSPLAT_PASS
uses: actions/download-artifact@v4
with:
name: macOS-symbols
- name: Post Mac symbols
if: env.BUGSPLAT_USER && env.BUGSPLAT_PASS
uses: secondlife-3p/symbol-upload@v10
with:
username: ${{ env.BUGSPLAT_USER }}
password: ${{ env.BUGSPLAT_PASS }}
database: "SecondLife_Viewer_2018"
application: ${{ needs.build.outputs.viewer_channel }}
version: ${{ needs.build.outputs.viewer_version }} (${{ needs.build.outputs.viewer_version }})
directory: .
files: "**/*.xcarchive.zip"
release:
needs: [setup, build, sign-and-package-windows, sign-and-package-mac]
runs-on: ubuntu-latest
if: needs.setup.outputs.release_run
steps:
- uses: actions/download-artifact@v4
with:
pattern: "*-installer"
- uses: actions/download-artifact@v4
with:
pattern: "*-metadata"
- name: Rename metadata
run: |
cp Windows-metadata/autobuild-package.xml Windows-autobuild-package.xml
cp Windows-metadata/newview/viewer_version.txt Windows-viewer_version.txt
cp macOS-metadata/autobuild-package.xml macOS-autobuild-package.xml
cp macOS-metadata/newview/viewer_version.txt macOS-viewer_version.txt
# forked from softprops/action-gh-release
- name: Create GitHub release
id: release
uses: secondlife-3p/action-gh-release@v1
with:
# name the release page for the branch
name: "${{ needs.build.outputs.viewer_branch }}"
# SL-20546: want the channel and version to be visible on the
# release page
body: |
Build ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}
${{ needs.build.outputs.viewer_channel }}
${{ needs.build.outputs.viewer_version }}
${{ needs.build.outputs.relnotes }}
prerelease: true
generate_release_notes: true
target_commitish: ${{ github.sha }}
previous_tag: release
append_body: true
fail_on_unmatched_files: true
files: |
macOS-installer/*.dmg
Windows-installer/*.exe
*-autobuild-package.xml
*-viewer_version.txt
- name: post release URL
run: |
echo "::notice::Release ${{ steps.release.outputs.url }}"