From 7eb0bffd90d2efbe609283e47e6504a493fea9b7 Mon Sep 17 00:00:00 2001 From: Jon Seager Date: Wed, 1 Nov 2023 09:57:17 +0200 Subject: [PATCH 1/8] ci: bump nodejs parts when bumping signal version --- .github/workflows/sync-version-with-upstream.yml | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/.github/workflows/sync-version-with-upstream.yml b/.github/workflows/sync-version-with-upstream.yml index fb3d32686..83c394cd1 100644 --- a/.github/workflows/sync-version-with-upstream.yml +++ b/.github/workflows/sync-version-with-upstream.yml @@ -24,6 +24,17 @@ jobs: jq . | grep tag_name | grep -v beta | head -n 1 | cut -d'"' -f4 | tr -d 'v' ) sed -i 's/^\(version: \).*$/\1'"$VERSION"'/' snap/snapcraft.yaml + + # Fetch the upstream package.json for the fetched version + wget -qO package.json https://raw.githubusercontent.com/signalapp/Signal-Desktop/v${VERSION}/package.json + + # Update the @signalapp/ringrtc version if required + export RINGRTC_VERSION="$(cat package.json | jq -r '.dependencies."@signalapp/ringrtc"')" + sed -i -E "s|ringrtc-[0-9]+\.[0-9]+\.[0-9]+\.tgz|ringrtc-${RINGRTC_VERSION}.tgz|" snap/snapcraft.yaml + + # Update the @signalapp/bettersqlite version if required + BETTERSQLITE_VERSION="$(cat package.json | jq -r '.dependencies."@signalapp/better-sqlite3"')" + sed -i -E "s|better-sqlite3-[0-9]+\.[0-9]+\.[0-9]+\.tgz|better-sqlite3-${BETTERSQLITE_VERSION}.tgz|" snap/snapcraft.yaml - name: Check for modified files id: git-check run: | From 344306418bcf89290a71c228a56294968b529a0c Mon Sep 17 00:00:00 2001 From: Jon Seager Date: Sun, 5 Nov 2023 17:33:05 +0200 Subject: [PATCH 2/8] ci: update to use Launchpad remote build in a matrix --- .../snap-store-publish-to-candidate.yml | 35 ++++++++++++++++--- 1 file changed, 31 insertions(+), 4 deletions(-) diff --git a/.github/workflows/snap-store-publish-to-candidate.yml b/.github/workflows/snap-store-publish-to-candidate.yml index fef9b0819..bce84d23d 100644 --- a/.github/workflows/snap-store-publish-to-candidate.yml +++ b/.github/workflows/snap-store-publish-to-candidate.yml @@ -28,17 +28,44 @@ jobs: name: "Build and publish snap" environment: "Candidate Branch" runs-on: ubuntu-latest + strategy: + matrix: + arch: ["amd64", "arm64"] steps: - - uses: actions/checkout@v3 + - name: Checkout the source + uses: actions/checkout@v3 with: ref: ${{ env.CHANNEL }} - - uses: snapcore/action-build@v1 + + - name: Setup snapcraft + env: + LP_BUILD_SECRET: ${{ secrets.LP_BUILD_SECRET }} + SNAPCRAFT_STORE_CREDENTIALS: ${{ secrets.SNAP_STORE_CANDIDATE }} + run: | + sudo snap install snapcraft --classic + + # Setup Launchpad credentials + mkdir -p ~/.local/share/snapcraft/provider/launchpad + echo "$LP_BUILD_SECRET" > ~/.local/share/snapcraft/provider/launchpad/credentials + git config --global user.email "github-actions@github.com" + git config --global user.name "Github Actions" + + - name: Remote build the snap id: build - - uses: diddlesnaps/snapcraft-review-action@v1 + run : | + snapcraft remote-build --launchpad-accept-public-upload --build-for ${{ matrix.arch }} + + version="$(cat snap/snapcraft.yaml | yq -r '.version')" + echo "{snap}={signal_desktop_$version_${{ matrix.arch}}.snap}" >> "$GITHUB_OUTPUT" + + - name: Run the snapcraft review tools + uses: diddlesnaps/snapcraft-review-action@v1 with: snap: ${{ steps.build.outputs.snap }} isClassic: 'false' - - uses: snapcore/action-publish@v1 + + - name: Publish the snap + uses: snapcore/action-publish@v1 env: SNAPCRAFT_STORE_CREDENTIALS: ${{ secrets.SNAP_STORE_CANDIDATE }} with: From 60ef15e93242e757c9e1eee3c80443ad47864f86 Mon Sep 17 00:00:00 2001 From: Jon Seager Date: Sun, 5 Nov 2023 17:55:12 +0200 Subject: [PATCH 3/8] ci: upload build artefacts and logs after remote-build --- .github/workflows/snap-store-publish-to-candidate.yml | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/.github/workflows/snap-store-publish-to-candidate.yml b/.github/workflows/snap-store-publish-to-candidate.yml index bce84d23d..7c245854b 100644 --- a/.github/workflows/snap-store-publish-to-candidate.yml +++ b/.github/workflows/snap-store-publish-to-candidate.yml @@ -57,6 +57,15 @@ jobs: version="$(cat snap/snapcraft.yaml | yq -r '.version')" echo "{snap}={signal_desktop_$version_${{ matrix.arch}}.snap}" >> "$GITHUB_OUTPUT" + echo "{log}={signal_desktop_$version_${{ matrix.arch}}.txt}" >> "$GITHUB_OUTPUT" + + - name: Upload remote build snap artifacts and build logs + uses: actions/upload-artifact@v3 + with: + name: remote-build-snaps + path: | + ${{ steps.build.outputs.snap }} + ${{ steps.build.outputs.log }} - name: Run the snapcraft review tools uses: diddlesnaps/snapcraft-review-action@v1 From 623beba839d45b8b8528ae5475dbc38ec1f31cc0 Mon Sep 17 00:00:00 2001 From: Jon Seager Date: Wed, 8 Nov 2023 09:22:16 +0200 Subject: [PATCH 4/8] ci: don't upload build artifacts to Githubs artifact storage --- .github/workflows/snap-store-publish-to-candidate.yml | 9 --------- 1 file changed, 9 deletions(-) diff --git a/.github/workflows/snap-store-publish-to-candidate.yml b/.github/workflows/snap-store-publish-to-candidate.yml index 7c245854b..bce84d23d 100644 --- a/.github/workflows/snap-store-publish-to-candidate.yml +++ b/.github/workflows/snap-store-publish-to-candidate.yml @@ -57,15 +57,6 @@ jobs: version="$(cat snap/snapcraft.yaml | yq -r '.version')" echo "{snap}={signal_desktop_$version_${{ matrix.arch}}.snap}" >> "$GITHUB_OUTPUT" - echo "{log}={signal_desktop_$version_${{ matrix.arch}}.txt}" >> "$GITHUB_OUTPUT" - - - name: Upload remote build snap artifacts and build logs - uses: actions/upload-artifact@v3 - with: - name: remote-build-snaps - path: | - ${{ steps.build.outputs.snap }} - ${{ steps.build.outputs.log }} - name: Run the snapcraft review tools uses: diddlesnaps/snapcraft-review-action@v1 From f555f830949e96ec6f4dd90a4cb394f8c1c65936 Mon Sep 17 00:00:00 2001 From: Jon Seager Date: Wed, 8 Nov 2023 09:24:58 +0200 Subject: [PATCH 5/8] ci: update test-snap-can-build to use remote-build --- .github/workflows/test-snap-can-build.yml | 23 ++++++++++++++++++++++- 1 file changed, 22 insertions(+), 1 deletion(-) diff --git a/.github/workflows/test-snap-can-build.yml b/.github/workflows/test-snap-can-build.yml index 94d4e6419..a8c4a41c4 100644 --- a/.github/workflows/test-snap-can-build.yml +++ b/.github/workflows/test-snap-can-build.yml @@ -11,12 +11,33 @@ permissions: jobs: build: runs-on: ubuntu-latest + strategy: + matrix: + arch: ["amd64", "arm64"] steps: - uses: actions/checkout@v3 - - uses: snapcore/action-build@v1 + - name: Setup snapcraft + env: + LP_BUILD_SECRET: ${{ secrets.LP_BUILD_SECRET }} + SNAPCRAFT_STORE_CREDENTIALS: ${{ secrets.SNAP_STORE_CANDIDATE }} + run: | + sudo snap install snapcraft --classic + + # Setup Launchpad credentials + mkdir -p ~/.local/share/snapcraft/provider/launchpad + echo "$LP_BUILD_SECRET" > ~/.local/share/snapcraft/provider/launchpad/credentials + git config --global user.email "github-actions@github.com" + git config --global user.name "Github Actions" + + - name: Remote build the snap id: build + run : | + snapcraft remote-build --launchpad-accept-public-upload --build-for ${{ matrix.arch }} + + version="$(cat snap/snapcraft.yaml | yq -r '.version')" + echo "{snap}={signal_desktop_$version_${{ matrix.arch}}.snap}" >> "$GITHUB_OUTPUT" - uses: diddlesnaps/snapcraft-review-action@v1 with: From da6d3edc7e479abf7ec23645d550a888779e286e Mon Sep 17 00:00:00 2001 From: Jon Seager Date: Wed, 8 Nov 2023 09:43:42 +0200 Subject: [PATCH 6/8] ci: update promotion workflows to support multiple revisions --- .github/testing-issue-template.md | 12 +++++++++-- .../snap-store-promote-to-stable.yml | 20 ++++++++++++------- 2 files changed, 23 insertions(+), 9 deletions(-) diff --git a/.github/testing-issue-template.md b/.github/testing-issue-template.md index e27cddfff..7deb291ee 100644 --- a/.github/testing-issue-template.md +++ b/.github/testing-issue-template.md @@ -2,7 +2,10 @@ title: Call for testing `{{ env.SNAP_NAME }}` labels: testing --- -A new version of `{{ env.SNAP_NAME }}` was just pushed to the `{{ env.CHANNEL }}` channel [in the snap store](https://snapcraft.io/{{ env.SNAP_NAME }}). Please test it and add a comment to state whether everything works or not. + +A new version of `{{ env.SNAP_NAME }}` was just pushed to the `{{ env.CHANNEL }}` channel [in the +snap store](https://snapcraft.io/{{ env.SNAP_NAME }}). Please test it and add a comment to state +whether everything works or not. You can upgrade to this version by running @@ -10,4 +13,9 @@ You can upgrade to this version by running snap refresh {{ env.SNAP_NAME }} --{{ env.CHANNEL }} ``` -Maintainers can promote this to stable by commenting `/promote stable`. +Maintainers can promote this to stable by commenting `/promote [,] stable`. + +The `/promote` command must be issued with at least one revision and a channel, for example +`/promote 34 stable`. Multiple revisions can also be promoted at once where required (this is +useful where there are new arm64 and amd64 revisions at the same time), for example `/promote 34,35 +stable`. diff --git a/.github/workflows/snap-store-promote-to-stable.yml b/.github/workflows/snap-store-promote-to-stable.yml index afb8e53b1..86eba971a 100644 --- a/.github/workflows/snap-store-promote-to-stable.yml +++ b/.github/workflows/snap-store-promote-to-stable.yml @@ -38,10 +38,10 @@ jobs: revision=${arguments[0]} channel=${arguments[1]} - # Sanity checks - re='^[0-9]+$' + # Validation checks + re='^[0-9]+([,][0-9]+)*$' if [[ ! "$revision" =~ $re ]]; then - echo "revision must be a number, not '$revision'!" + echo "revision must be a number or a comma seperated list of numbers, not '$revision'!" exit 1 fi if [[ "$channel" != "stable" ]]; then @@ -53,10 +53,16 @@ jobs: sudo snap install --classic snapcraft sudo chown root:root / - # Release - snapcraft release $SNAP_NAME "$revision" "$channel" + # Iterate over each specified revision and release + revs=$(echo $revision | tr "," "\n") + released_revs=() + + for r in $revs; do + snapcraft release $SNAP_NAME "$r" "$channel" + released_revs+="$r" + done - echo "revision=$revision" >> $GITHUB_OUTPUT + echo "revisions=${released_revs[@]}" >> $GITHUB_OUTPUT echo "channel=$channel" >> $GITHUB_OUTPUT - uses: actions/github-script@v6 with: @@ -65,7 +71,7 @@ jobs: issue_number: context.issue.number, owner: context.repo.owner, repo: context.repo.repo, - body: 'Great, revision `${{ steps.promote.outputs.revision }}` version is now in `${{ steps.promote.outputs.channel }}`!' + body: 'The following revisions were released to the `${{ steps.promote.outputs.channel }}` channel: `${{ steps.promote.outputs.revisions }}`' }) github.rest.issues.update({ issue_number: context.issue.number, From b10c7548917814aa02bbb1a67ebcfb6382344f83 Mon Sep 17 00:00:00 2001 From: Jon Seager Date: Wed, 8 Nov 2023 09:54:53 +0200 Subject: [PATCH 7/8] ci: remote matrix builds due to incompatibility with snapcraft remote-build --- .../snap-store-publish-to-candidate.yml | 32 +++++++++++++------ .github/workflows/test-snap-can-build.yml | 25 +++++++++------ 2 files changed, 38 insertions(+), 19 deletions(-) diff --git a/.github/workflows/snap-store-publish-to-candidate.yml b/.github/workflows/snap-store-publish-to-candidate.yml index bce84d23d..52ccdfeb5 100644 --- a/.github/workflows/snap-store-publish-to-candidate.yml +++ b/.github/workflows/snap-store-publish-to-candidate.yml @@ -28,9 +28,6 @@ jobs: name: "Build and publish snap" environment: "Candidate Branch" runs-on: ubuntu-latest - strategy: - matrix: - arch: ["amd64", "arm64"] steps: - name: Checkout the source uses: actions/checkout@v3 @@ -53,23 +50,38 @@ jobs: - name: Remote build the snap id: build run : | - snapcraft remote-build --launchpad-accept-public-upload --build-for ${{ matrix.arch }} + snapcraft remote-build --launchpad-accept-public-upload version="$(cat snap/snapcraft.yaml | yq -r '.version')" - echo "{snap}={signal_desktop_$version_${{ matrix.arch}}.snap}" >> "$GITHUB_OUTPUT" + echo "{amd64_snap}={signal_desktop_$version_amd64.snap}" >> "$GITHUB_OUTPUT" + echo "{arm64_snap}={signal_desktop_$version_arm64.snap}" >> "$GITHUB_OUTPUT" - - name: Run the snapcraft review tools + - name: Review the built amd64 snap uses: diddlesnaps/snapcraft-review-action@v1 with: - snap: ${{ steps.build.outputs.snap }} + snap: ${{ steps.build.outputs.amd64_snap }} isClassic: 'false' - - - name: Publish the snap + + - name: Review the built arm64 snap + uses: diddlesnaps/snapcraft-review-action@v1 + with: + snap: ${{ steps.build.outputs.arm64_snap }} + isClassic: 'false' + + - name: Publish the amd64 snap + uses: snapcore/action-publish@v1 + env: + SNAPCRAFT_STORE_CREDENTIALS: ${{ secrets.SNAP_STORE_CANDIDATE }} + with: + snap: ${{ steps.build.outputs.amd64_snap }} + release: ${{ env.CHANNEL }} + + - name: Publish the arm64 snap uses: snapcore/action-publish@v1 env: SNAPCRAFT_STORE_CREDENTIALS: ${{ secrets.SNAP_STORE_CANDIDATE }} with: - snap: ${{ steps.build.outputs.snap }} + snap: ${{ steps.build.outputs.arm64_snap }} release: ${{ env.CHANNEL }} create_issue: diff --git a/.github/workflows/test-snap-can-build.yml b/.github/workflows/test-snap-can-build.yml index a8c4a41c4..2c3a5ec31 100644 --- a/.github/workflows/test-snap-can-build.yml +++ b/.github/workflows/test-snap-can-build.yml @@ -1,4 +1,4 @@ -name: 🧪 Test snap can be built on x86_64 +name: 🧪 Test snap can be built on: pull_request: @@ -11,10 +11,6 @@ permissions: jobs: build: runs-on: ubuntu-latest - strategy: - matrix: - arch: ["amd64", "arm64"] - steps: - uses: actions/checkout@v3 @@ -34,14 +30,25 @@ jobs: - name: Remote build the snap id: build run : | - snapcraft remote-build --launchpad-accept-public-upload --build-for ${{ matrix.arch }} + snapcraft remote-build --launchpad-accept-public-upload version="$(cat snap/snapcraft.yaml | yq -r '.version')" - echo "{snap}={signal_desktop_$version_${{ matrix.arch}}.snap}" >> "$GITHUB_OUTPUT" + echo "{amd64_snap}={signal_desktop_$version_amd64.snap}" >> "$GITHUB_OUTPUT" + echo "{arm64_snap}={signal_desktop_$version_arm64.snap}" >> "$GITHUB_OUTPUT" + + - name: Review the built amd64 snap + uses: diddlesnaps/snapcraft-review-action@v1 + with: + snap: ${{ steps.build.outputs.amd64_snap }} + isClassic: 'false' + # Plugs and Slots declarations to override default denial (requires store assertion to publish) + # plugs: ./plug-declaration.json + # slots: ./slot-declaration.json - - uses: diddlesnaps/snapcraft-review-action@v1 + - name: Review the built arm64 snap + uses: diddlesnaps/snapcraft-review-action@v1 with: - snap: ${{ steps.build.outputs.snap }} + snap: ${{ steps.build.outputs.arm64_snap }} isClassic: 'false' # Plugs and Slots declarations to override default denial (requires store assertion to publish) # plugs: ./plug-declaration.json From 8a42e199afe3255d1ee1ceeb280da43e497459cc Mon Sep 17 00:00:00 2001 From: Jon Seager Date: Wed, 8 Nov 2023 13:15:01 +0200 Subject: [PATCH 8/8] ci: update workflow_call for publish action; use Github builder for PRs --- .../snap-store-publish-to-candidate.yml | 2 + .github/workflows/test-snap-can-build.yml | 40 +++---------------- 2 files changed, 8 insertions(+), 34 deletions(-) diff --git a/.github/workflows/snap-store-publish-to-candidate.yml b/.github/workflows/snap-store-publish-to-candidate.yml index 52ccdfeb5..b68f30d89 100644 --- a/.github/workflows/snap-store-publish-to-candidate.yml +++ b/.github/workflows/snap-store-publish-to-candidate.yml @@ -11,6 +11,8 @@ on: secrets: SNAP_STORE_CANDIDATE: required: true + LP_BUILD_SECRET: + required: true # Permissions for GITHUB_TOKEN permissions: diff --git a/.github/workflows/test-snap-can-build.yml b/.github/workflows/test-snap-can-build.yml index 2c3a5ec31..63c8025a4 100644 --- a/.github/workflows/test-snap-can-build.yml +++ b/.github/workflows/test-snap-can-build.yml @@ -1,4 +1,4 @@ -name: 🧪 Test snap can be built +name: 🧪 Test snap can be built on x86_64 on: pull_request: @@ -11,45 +11,17 @@ permissions: jobs: build: runs-on: ubuntu-latest + steps: - uses: actions/checkout@v3 - - name: Setup snapcraft - env: - LP_BUILD_SECRET: ${{ secrets.LP_BUILD_SECRET }} - SNAPCRAFT_STORE_CREDENTIALS: ${{ secrets.SNAP_STORE_CANDIDATE }} - run: | - sudo snap install snapcraft --classic - - # Setup Launchpad credentials - mkdir -p ~/.local/share/snapcraft/provider/launchpad - echo "$LP_BUILD_SECRET" > ~/.local/share/snapcraft/provider/launchpad/credentials - git config --global user.email "github-actions@github.com" - git config --global user.name "Github Actions" - - - name: Remote build the snap + - uses: snapcore/action-build@v1 id: build - run : | - snapcraft remote-build --launchpad-accept-public-upload - - version="$(cat snap/snapcraft.yaml | yq -r '.version')" - echo "{amd64_snap}={signal_desktop_$version_amd64.snap}" >> "$GITHUB_OUTPUT" - echo "{arm64_snap}={signal_desktop_$version_arm64.snap}" >> "$GITHUB_OUTPUT" - - - name: Review the built amd64 snap - uses: diddlesnaps/snapcraft-review-action@v1 - with: - snap: ${{ steps.build.outputs.amd64_snap }} - isClassic: 'false' - # Plugs and Slots declarations to override default denial (requires store assertion to publish) - # plugs: ./plug-declaration.json - # slots: ./slot-declaration.json - - name: Review the built arm64 snap - uses: diddlesnaps/snapcraft-review-action@v1 + - uses: diddlesnaps/snapcraft-review-action@v1 with: - snap: ${{ steps.build.outputs.arm64_snap }} + snap: ${{ steps.build.outputs.snap }} isClassic: 'false' # Plugs and Slots declarations to override default denial (requires store assertion to publish) # plugs: ./plug-declaration.json - # slots: ./slot-declaration.json + # slots: ./slot-declaration.json \ No newline at end of file