enricobuehler
0205c7b8d6
ci / rust (push) Failing after 37s
apple / swift (push) Successful in 56s
ci / web (push) Successful in 42s
ci / docs-site (push) Failing after 27m33s
android / android (push) Failing after 28m53s
windows-host / package (push) Failing after 28m55s
deb / build-publish (push) Successful in 2m28s
decky / build-publish (push) Successful in 23s
docker / build-push (--build-arg FEDORA_VERSION=44, ci, ci/fedora-rpm.Dockerfile, punktfunk-fedora44-rpm) (push) Successful in 5s
docker / build-push (., web/Dockerfile, punktfunk-web) (push) Successful in 4s
docker / build-push (ci, ci/fedora-rpm.Dockerfile, punktfunk-fedora-rpm) (push) Successful in 5s
ci / bench (push) Successful in 4m34s
docker / build-push (docs-site, docs-site/Dockerfile, punktfunk-docs) (push) Successful in 46s
docker / build-push (ci, ci/rust-ci.Dockerfile, punktfunk-rust-ci) (push) Successful in 2m20s
rpm / build-publish (bazzite, punktfunk-fedora-rpm) (push) Failing after 4m4s
flatpak / build-publish (push) Successful in 4m19s
docker / deploy-docs (push) Successful in 24s
rpm / build-publish (fedora-44, punktfunk-fedora44-rpm) (push) Successful in 7m38s
release / apple (push) Successful in 4m36s
windows-msix / package (arm64, C:\Users\Public\ffmpeg-arm64, aarch64-pc-windows-msvc, C:\t-a64) (push) Successful in 1m48s
windows-msix / package (x64, C:\Users\Public\ffmpeg, x86_64-pc-windows-msvc, C:\t) (push) Successful in 1m25s
windows / build (aarch64-pc-windows-msvc) (push) Successful in 50s
windows / build (x86_64-pc-windows-msvc) (push) Successful in 1m6s
A push to main publishes canary builds to canary channels (fast iteration,
unchanged); a single vX.Y.Z tag releases every platform at one version to the
stable channels and attaches all artifacts (.deb/.rpm/.msix/.apk/.aab/.dmg +
flatpak/decky/host-installer) to one Gitea Release. Collapses the
host-v*/win-v*/host-win-v* tag namespaces into v* — the channel split makes the
version-shadow bug structurally impossible (canary and stable are separate repos,
never a shared version line).
- scripts/ci/gitea-release.{sh,ps1}: one idempotent release helper
(create-or-fetch + delete-before-upload), replacing 3 copy-pasted inline blocks
and fixing their latent 409-on-reupload bug; prerelease flag auto-derived from
the tag (an -rc tag won't shadow "Latest")
- channels: apt canary/stable distributions; rpm *-canary/base groups; flatpak
canary/stable OSTree branches + a 2nd .Canary.flatpakref; generic-registry
canary/ vs latest/ aliases; Play internal/alpha; Apple TestFlight vs notarized DMG
- android versionName threaded through gradle (versionCode stays run_number);
Apple canary = TestFlight-only (no DMG/tvOS); canary base bumped to 0.3.0
- docs: new docs-site channels.md (subscribe table + cut-a-release runbook +
box migration), refreshed ci.md workflow table + packaging READMEs
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
146 lines
7.1 KiB
YAML
146 lines
7.1 KiB
YAML
# Build the punktfunk Windows client as signed MSIX packages (x64 + ARM64) and publish them to
|
|
# Gitea's generic package registry, so Windows boxes can download + install a real package (Start
|
|
# tile, clean install/uninstall) instead of a loose exe. Runs on the self-hosted Windows runner
|
|
# (host mode; scripts/ci/setup-windows-runner.ps1) — the MSVC/WinUI/FFmpeg toolchain + the Windows
|
|
# SDK's makeappx/signtool are baked into the runner's daemon env, same as windows.yml.
|
|
#
|
|
# Both arches come off the ONE x64 runner: x86_64 natively, aarch64 cross-compiled (the x64 MSVC
|
|
# toolset has the ARM64 cross compiler; the matrix points FFMPEG_DIR at the ARM64 FFmpeg tree). See
|
|
# windows.yml for the cross-build rationale + the BOM/MAX_PATH runner gotchas.
|
|
#
|
|
# Registry (public, unom org): https://git.unom.io/unom/-/packages (generic group)
|
|
# Packaging internals: clients/windows/packaging/README.md.
|
|
#
|
|
# Versioning — single project version; MSIX requires a strictly 4-part numeric version, so:
|
|
# vX.Y.Z tag -> X.Y.Z.0 (THE release; any -rc/+meta pre-release suffix is dropped for MSIX).
|
|
# Published to the generic registry + the stable `latest/` alias + attached to the
|
|
# unified Gitea Release alongside every other platform's artifact.
|
|
# main push / dispatch -> 0.3.<run_number>.0 (canary; climbs monotonically by run number).
|
|
# Published to the generic registry + the `canary/` alias.
|
|
# Both arches share the version; artifacts are arch-suffixed (..._x64.msix / ..._arm64.msix).
|
|
#
|
|
# Signing (packaging/pack-msix.ps1): if the MSIX_CERT_PFX_B64 / MSIX_CERT_PASSWORD Actions secrets
|
|
# are set (a real or shared code-signing .pfx whose subject DN == Publisher), the package is signed
|
|
# with them. Otherwise an ephemeral self-signed cert is generated and its public .cer is published
|
|
# next to the .msix (users import it to Trusted People before install). Drop in a real cert later
|
|
# with no workflow change — just add the secrets (+ pass -Publisher if its subject differs).
|
|
name: windows-msix
|
|
|
|
on:
|
|
push:
|
|
branches: [main]
|
|
paths:
|
|
- 'clients/windows/**'
|
|
- 'crates/punktfunk-core/**'
|
|
- 'Cargo.lock'
|
|
- 'Cargo.toml'
|
|
- '.gitea/workflows/windows-msix.yml'
|
|
tags: ['v*']
|
|
workflow_dispatch:
|
|
|
|
env:
|
|
REGISTRY: git.unom.io
|
|
OWNER: unom
|
|
PKG: punktfunk-client-windows
|
|
|
|
jobs:
|
|
package:
|
|
runs-on: windows-amd64
|
|
timeout-minutes: 90
|
|
strategy:
|
|
fail-fast: false
|
|
matrix:
|
|
include:
|
|
- arch: x64
|
|
target: x86_64-pc-windows-msvc
|
|
ffmpeg: C:\Users\Public\ffmpeg
|
|
td: C:\t
|
|
- arch: arm64
|
|
target: aarch64-pc-windows-msvc
|
|
ffmpeg: C:\Users\Public\ffmpeg-arm64
|
|
td: C:\t-a64
|
|
steps:
|
|
- uses: actions/checkout@v4
|
|
|
|
- name: Configure + version
|
|
shell: pwsh
|
|
run: |
|
|
# windows-reactor's build.rs unwraps CARGO_WORKSPACE_DIR; CARGO_TARGET_DIR (per-arch, short)
|
|
# dodges the MAX_PATH wall in the CMake-from-source crates (see windows.yml). FFMPEG_DIR
|
|
# selects the arch's import libs + is read by pack-msix.ps1 for the runtime DLLs. All via
|
|
# GITHUB_ENV.
|
|
"CARGO_WORKSPACE_DIR=$env:GITHUB_WORKSPACE" | Out-File -FilePath $env:GITHUB_ENV -Append -Encoding utf8
|
|
"CARGO_TARGET_DIR=${{ matrix.td }}" | Out-File -FilePath $env:GITHUB_ENV -Append -Encoding utf8
|
|
"FFMPEG_DIR=${{ matrix.ffmpeg }}" | Out-File -FilePath $env:GITHUB_ENV -Append -Encoding utf8
|
|
rustup target add ${{ matrix.target }}
|
|
$parts = if ($env:GITHUB_REF -like 'refs/tags/v*') {
|
|
# MSIX needs a purely-numeric 4-part version: drop any -rc/+meta pre-release suffix.
|
|
(($env:GITHUB_REF_NAME -replace '^v', '') -replace '[-+].*$', '').Split('.')
|
|
} else {
|
|
@('0', '3', $env:GITHUB_RUN_NUMBER)
|
|
}
|
|
while ($parts.Count -lt 4) { $parts += '0' }
|
|
$v = ($parts[0..3] -join '.')
|
|
"MSIX_VERSION=$v" | Out-File -FilePath $env:GITHUB_ENV -Append -Encoding utf8
|
|
Write-Output "MSIX version $v arch ${{ matrix.arch }} target ${{ matrix.target }}"
|
|
|
|
- name: Build (release)
|
|
shell: pwsh
|
|
run: cargo build --release -p punktfunk-client-windows --target ${{ matrix.target }}
|
|
|
|
- name: Pack + sign MSIX
|
|
shell: pwsh
|
|
env:
|
|
MSIX_CERT_PFX_B64: ${{ secrets.MSIX_CERT_PFX_B64 }}
|
|
MSIX_CERT_PASSWORD: ${{ secrets.MSIX_CERT_PASSWORD }}
|
|
run: |
|
|
& clients/windows/packaging/pack-msix.ps1 `
|
|
-Version $env:MSIX_VERSION -Arch ${{ matrix.arch }} `
|
|
-TargetDir ${{ matrix.td }}\${{ matrix.target }}\release -OutDir ${{ matrix.td }}\msix
|
|
|
|
- name: Publish to Gitea generic registry
|
|
shell: pwsh
|
|
env:
|
|
REGISTRY_TOKEN: ${{ secrets.REGISTRY_TOKEN }}
|
|
run: |
|
|
$PSNativeCommandUseErrorActionPreference = $false
|
|
$base = "https://$($env:REGISTRY)/api/packages/$($env:OWNER)/generic/$($env:PKG)"
|
|
# stable release -> `latest/` alias; canary main build -> `canary/` alias.
|
|
$alias = if ($env:GITHUB_REF -like 'refs/tags/v*') { 'latest' } else { 'canary' }
|
|
# version-less, arch-suffixed alias names so each channel keeps one predictable URL.
|
|
$aliasNames = @{
|
|
"$($env:MSIX_PATH)" = "$($env:PKG)_${{ matrix.arch }}.msix"
|
|
"$($env:MSIX_CER_PATH)" = "$($env:PKG)_${{ matrix.arch }}.cer"
|
|
}
|
|
$files = @($env:MSIX_PATH, $env:MSIX_CER_PATH) | Where-Object { $_ -and (Test-Path $_) }
|
|
if (-not $files) { throw "pack produced no artifacts to publish" }
|
|
function Put($f, $url) {
|
|
curl.exe -fsS --user "enricobuehler:$($env:REGISTRY_TOKEN)" --upload-file "$f" "$url"
|
|
if ($LASTEXITCODE -ne 0) { throw "upload failed ($LASTEXITCODE): $url" }
|
|
Write-Output "published $url"
|
|
}
|
|
foreach ($f in $files) {
|
|
$name = Split-Path $f -Leaf
|
|
# 1) immutable, versioned path
|
|
Put $f "$base/$($env:MSIX_VERSION)/$name"
|
|
# 2) channel alias (delete-then-reupload; the generic registry 409s on an existing file)
|
|
$an = $aliasNames["$f"]
|
|
curl.exe -fsS -o NUL --user "enricobuehler:$($env:REGISTRY_TOKEN)" -X DELETE "$base/$alias/$an" 2>$null
|
|
Put $f "$base/$alias/$an"
|
|
}
|
|
|
|
# On a real release, also attach the MSIX (+ its .cer) to the unified Gitea Release. Both
|
|
# arch legs attach to the same release concurrently — the helper's create-or-fetch handles
|
|
# the race, and x64/arm64 filenames differ so the assets don't collide.
|
|
- name: Attach MSIX to the Gitea release (stable tags only)
|
|
if: startsWith(gitea.ref, 'refs/tags/v')
|
|
shell: pwsh
|
|
env:
|
|
GITEA_TOKEN: ${{ secrets.REGISTRY_TOKEN }}
|
|
run: |
|
|
. scripts/ci/gitea-release.ps1
|
|
$rid = Ensure-GiteaRelease -Tag $env:GITHUB_REF_NAME -Name $env:GITHUB_REF_NAME -Prerelease 'auto'
|
|
foreach ($f in @($env:MSIX_PATH, $env:MSIX_CER_PATH)) {
|
|
if ($f -and (Test-Path $f)) { Upsert-GiteaAsset -ReleaseId $rid -File $f }
|
|
}
|