Build and push #64
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Build and push | |
| on: | |
| workflow_dispatch: | |
| push: | |
| branches: | |
| - master | |
| env: | |
| appid: com.ayugram.desktop | |
| jobs: | |
| flatpak: | |
| name: flatpak build | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: read | |
| steps: | |
| - name: Free up disk space | |
| run: | | |
| sudo rm -rf /opt/ghc /usr/local/.ghcup || true | |
| sudo rm -rf /opt/hostedtoolcache | |
| sudo rm -rf /usr/share/gradle-* | |
| sudo rm -rf /usr/local/julia* /usr/share/java /usr/share/kotlinc | |
| sudo rm -rf /opt/az /opt/microsoft /opt/pipx | |
| sudo rm -rf /usr/share/miniconda /home/runner/.rustup /home/packer/.rustup /home/runneradmin/.rustup | |
| sudo rm -rf /etc/skel/.rustup /opt/google-cloud-sdk | |
| sudo rm -rf /usr/share/az_* /opt/google /usr/lib/firefox /usr/local/aws-* | |
| sudo rm -rf /usr/libexec/gcc /opt/actionarchivecache | |
| sudo rm -rf /var/lib/mysql /usr/local/n | |
| sudo rm -rf /usr/local/lib/android | |
| sudo rm -rf /usr/share/dotnet /usr/share/swift | |
| sudo rm -rf /usr/local/share/boost /usr/local/share/powershell | |
| sudo rm -rf /usr/lib/google-cloud-sdk /usr/lib/jvm | |
| sudo rm -rf /usr/local/graalvm /usr/local/share/chromium | |
| sudo rm -rf /usr/local/lib/node_modules | |
| sudo rm -rf /usr/lib/dotnet /usr/lib/php /usr/share/mysql | |
| sudo rm -rf /usr/lib/llvm-* | |
| sudo rm -rf /usr/lib/mono | |
| sudo apt purge -y \ | |
| firefox \ | |
| google-chrome-stable \ | |
| microsoft-edge-stable | |
| sudo apt-get clean || true | |
| sudo rm -rf /var/lib/apt/lists/* | |
| - uses: actions/checkout@v4 | |
| with: | |
| submodules: 'true' | |
| persist-credentials: false | |
| - name: Restore cache | |
| id: cache | |
| uses: actions/cache/restore@v4 | |
| with: | |
| path: .flatpak-builder | |
| key: flatpak-${{ hashFiles('*.yml', '*.json') }} | |
| restore-keys: flatpak- | |
| - name: Enable unprivileged user namespaces | |
| run: | | |
| sudo aa-teardown >/dev/null 2>&1 || true | |
| sudo systemctl disable --now apparmor.service >/dev/null 2>&1 | |
| sudo sysctl -w kernel.apparmor_restrict_unprivileged_unconfined=0 | |
| sudo sysctl -w kernel.apparmor_restrict_unprivileged_userns=0 | |
| - name: Download sources | |
| run: | | |
| docker run --rm \ | |
| --security-opt seccomp=${GITHUB_WORKSPACE}/flatpak.seccomp.json \ | |
| --security-opt apparmor=unconfined \ | |
| --cap-drop all \ | |
| --entrypoint="" \ | |
| -v /proc:/host/proc \ | |
| -v "${GITHUB_WORKSPACE}:/work" \ | |
| -w /work \ | |
| ghcr.io/solopasha/flatpaks/buildroot:latest \ | |
| /bin/bash -c ' | |
| max_retries=5 | |
| sleep_seconds=7 | |
| for (( retry_count=0; retry_count<max_retries; retry_count++ )); do | |
| if flatpak-builder --force-clean --sandbox --download-only builddir ${{ env.appid }}.yml; then | |
| exit 0 | |
| fi | |
| if [[ $retry_count -lt $((max_retries - 1)) ]]; then | |
| echo "Attempt $((retry_count + 1)) failed. Retrying in $sleep_seconds seconds..." | |
| sleep $sleep_seconds | |
| fi | |
| done | |
| echo "Failed after $max_retries attempts" | |
| exit 1 | |
| ' | |
| - name: Build | |
| run: | | |
| mkdir -p ${GITHUB_WORKSPACE}/flatpak | |
| docker run --rm \ | |
| --security-opt seccomp=${GITHUB_WORKSPACE}/flatpak.seccomp.json \ | |
| --security-opt apparmor=unconfined \ | |
| --cap-drop all \ | |
| --entrypoint="" \ | |
| -v /proc:/host/proc \ | |
| -v "${GITHUB_WORKSPACE}:/work" \ | |
| -v "${GITHUB_WORKSPACE}/flatpak:/home/builduser/.local/share/flatpak" \ | |
| -w /work \ | |
| ghcr.io/solopasha/flatpaks/buildroot:latest \ | |
| /bin/bash -c ' | |
| flatpak remote-add --user --if-not-exists flathub https://dl.flathub.org/repo/flathub.flatpakrepo | |
| git config --global --add safe.directory "*" | |
| flatpak-builder \ | |
| --user \ | |
| --arch=x86_64 \ | |
| --ccache \ | |
| --default-branch=master \ | |
| --delete-build-dirs \ | |
| --disable-download \ | |
| --disable-rofiles-fuse \ | |
| --force-clean \ | |
| --install-deps-from=flathub \ | |
| --repo=repo \ | |
| --sandbox \ | |
| builddir ${{ env.appid }}.yml | |
| ' | |
| - name: Bundles | |
| run: | | |
| docker run --rm \ | |
| --cap-drop all \ | |
| --entrypoint="" \ | |
| -v "${GITHUB_WORKSPACE}:/work" \ | |
| -w /work \ | |
| ghcr.io/solopasha/flatpaks/buildroot:latest \ | |
| /bin/bash -c ' | |
| flatpak build-bundle repo ${{ env.appid }}.flatpak \ | |
| --runtime-repo=https://flathub.org/repo/flathub.flatpakrepo \ | |
| --arch=x86_64 \ | |
| ${{ env.appid }} | |
| flatpak build-bundle repo ${{ env.appid }}.Debug.flatpak \ | |
| --runtime-repo=https://flathub.org/repo/flathub.flatpakrepo \ | |
| --arch=x86_64 \ | |
| --runtime \ | |
| ${{ env.appid }}.Debug | |
| ' | |
| - name: Prune debuginfo from repo | |
| if: github.event_name == 'push' || github.event_name == 'workflow_dispatch' | |
| run: | | |
| docker run --rm \ | |
| --cap-drop all \ | |
| --entrypoint="" \ | |
| -v "${GITHUB_WORKSPACE}:/work" \ | |
| -w /work \ | |
| ghcr.io/solopasha/flatpaks/buildroot:latest \ | |
| /bin/bash -c ' | |
| for ref in $(ostree refs --repo=repo | grep '^runtime.*Debug'); do | |
| ostree refs --repo=repo --delete "$ref" | |
| done | |
| flatpak build-update-repo --generate-static-deltas --prune repo/ | |
| ' | |
| - name: Upload repo as artifact | |
| if: github.event_name == 'push' || github.event_name == 'workflow_dispatch' | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| path: repo | |
| name: ${{ env.appid }}_repo_artifact | |
| retention-days: 1 | |
| compression-level: 0 | |
| - name: Upload bundle | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: ${{ env.appid }}-bundle | |
| path: ${{ env.appid }}.flatpak | |
| retention-days: 1 | |
| compression-level: 0 | |
| - name: Upload debuginfo | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: ${{ env.appid }}-bundle.Debug | |
| path: ${{ env.appid }}.Debug.flatpak | |
| retention-days: 3 | |
| compression-level: 0 | |
| - name: Save cache | |
| id: cache-save | |
| uses: actions/cache/save@v4 | |
| if: always() && (github.event_name == 'push' || github.event_name == 'workflow_dispatch') | |
| with: | |
| path: .flatpak-builder | |
| key: ${{ steps.cache.outputs.cache-primary-key }} | |
| repo: | |
| if: ( github.event_name == 'push' || github.event_name == 'workflow_dispatch' ) && github.ref == 'refs/heads/master' | |
| needs: flatpak | |
| permissions: | |
| pages: write | |
| id-token: write | |
| concurrency: | |
| group: repo-update | |
| cancel-in-progress: false | |
| environment: | |
| name: github-pages | |
| url: ${{ steps.deployment.outputs.page_url }} | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Grab build artifacts | |
| uses: actions/download-artifact@v4 | |
| with: | |
| pattern: "*_repo_artifact" | |
| path: repo | |
| merge-multiple: true | |
| - name: flatpakrepo | |
| run: | | |
| cat << EOF > repo/index.flatpakrepo | |
| [Flatpak Repo] | |
| Title=${{ github.repository }} | |
| Url=https://${{ github.repository_owner }}.github.io/${{ github.event.repository.name }}/ | |
| Homepage=${{ github.repositoryUrl }} | |
| Description=${{ github.repository }} | |
| Icon=https://raw.githubusercontent.com/flatpak/flatpak/main/flatpak.png | |
| GPGKey=$(base64 --wrap=0 < RPM-GPG-KEY-${{ github.repository_owner }}) | |
| EOF | |
| - name: flatpakref | |
| run: | | |
| cat << EOF > repo/${{ env.appid }}.flatpakref | |
| [Flatpak Ref] | |
| Title=${{ env.appid }} from ${{ github.repository }} | |
| Name=${{ env.appid }} | |
| Branch=master | |
| Url=https://${{ github.repository_owner }}.github.io/${{ github.event.repository.name }}/ | |
| SuggestRemoteName=ayugram-${{ github.repository_owner }} | |
| Icon=https://raw.githubusercontent.com/AyuGram/AyuGramDesktop/master/.github/AyuGram.png | |
| RuntimeRepo=https://dl.flathub.org/repo/flathub.flatpakrepo | |
| IsRuntime=false | |
| GPGKey=$(base64 --wrap=0 < RPM-GPG-KEY-${{ github.repository_owner }}) | |
| EOF | |
| - name: Update repo metadata | |
| env: | |
| GPGKEY: ${{ secrets.gpgkey }} | |
| run: | | |
| docker run --rm \ | |
| --security-opt seccomp=${GITHUB_WORKSPACE}/flatpak.seccomp.json \ | |
| --security-opt apparmor=unconfined \ | |
| --cap-drop all \ | |
| --entrypoint="" \ | |
| --tmpfs /home/builduser/.gnupg:uid=1001,gid=1001,mode=0700 \ | |
| -e GPGKEY \ | |
| -v "${GITHUB_WORKSPACE}:/work" \ | |
| -w /work \ | |
| ghcr.io/solopasha/flatpaks/buildroot:latest \ | |
| /bin/bash -c ' | |
| mkdir -p repo/refs/remotes | |
| echo "${GPGKEY}" | gpg --import | |
| flatpak build-sign repo --gpg-sign=dc812d3cb7855746 | |
| flatpak build-update-repo --generate-static-deltas --prune repo --gpg-sign=dc812d3cb7855746 | |
| ' | |
| - name: Upload repo | |
| uses: actions/upload-pages-artifact@v3 | |
| with: | |
| path: repo/ | |
| - name: Deploy to GitHub Pages | |
| id: deployment | |
| uses: actions/deploy-pages@v4 |