Skip to content
.github/workflows/windows-minimal.yml

temp #4

Sign in to view logs

temp

temp #4

Workflow file for this run

.github/workflows/windows-minimal.yml at ef559c6
name: windows-minimal
jobs:
# Check prerequisites for the workflow
prereqs:
runs-on: ubuntu-latest
environment: release
outputs:
tag_name: ${{ steps.tag.outputs.name }} # The full name of the tag, e.g. v2.32.0.vfs.0.0
tag_version: ${{ steps.tag.outputs.version }} # The version number (without preceding "v"), e.g. 2.32.0.vfs.0.0
steps:
- name: Validate tag
run: |
echo "$GITHUB_REF" |
grep '^refs/tags/v2\.\(0\|[1-9][0-9]*\)\.\(0\|[1-9][0-9]*\)\.vfs\.0\.\(0\|[1-9][0-9]*\)$' || {
echo "::error::${GITHUB_REF#refs/tags/} is not of the form v2.<X>.<Y>.vfs.0.<W>" >&2
exit 1
}
- name: Determine tag to build
run: |
echo "name=${GITHUB_REF#refs/tags/}" >>$GITHUB_OUTPUT
echo "version=${GITHUB_REF#refs/tags/v}" >>$GITHUB_OUTPUT
id: tag
- name: Clone git
uses: actions/checkout@v3
- name: Validate the tag identified with trigger
run: |
die () {
echo "::error::$*" >&2
exit 1
}
# `actions/checkout` only downloads the peeled tag (i.e. the commit)
git fetch origin +$GITHUB_REF:$GITHUB_REF
# Verify that the tag is annotated
test $(git cat-file -t "$GITHUB_REF") == "tag" || die "Tag ${{ steps.tag.outputs.name }} is not annotated"
# Verify tag follows rules in GIT-VERSION-GEN (i.e., matches the specified "DEF_VER" in
# GIT-VERSION-FILE) and matches tag determined from trigger
make GIT-VERSION-FILE
test "${{ steps.tag.outputs.version }}" == "$(sed -n 's/^GIT_VERSION = //p'< GIT-VERSION-FILE)" || die "GIT-VERSION-FILE tag does not match ${{ steps.tag.outputs.name }}"
# End check prerequisites for the workflow
# Build and sign Windows installers & upload artifacts
windows_pkg:
runs-on: windows-2019
environment: release
needs: prereqs
env:
GPG_OPTIONS: "--batch --yes --no-tty --list-options no-show-photos --verify-options no-show-photos --pinentry-mode loopback"
HOME: "${{github.workspace}}\\home"
USERPROFILE: "${{github.workspace}}\\home"
steps:
- name: Configure user
shell: bash
run:
USER_NAME="${{github.actor}}" &&
USER_EMAIL="${{github.actor}}@users.noreply.github.com" &&
mkdir -p "$HOME" &&
git config --global user.name "$USER_NAME" &&
git config --global user.email "$USER_EMAIL" &&
echo "PACKAGER=$USER_NAME <$USER_EMAIL>" >>$GITHUB_ENV
- uses: git-for-windows/setup-git-for-windows-sdk@v1
with:
flavor: build-installers
- name: Run tmate
shell: bash
run: |
# install tmate
pacman -Sy --noconfirm tmate openssh &&
# Generate an SSH key (needed for tmate)
echo -e 'y\n' | ssh-keygen -q -t rsa -N '' -f ~/.ssh/id_rsa &&
# Start tmate session
export CHERE_INVOKING=1 &&
tmate -S /tmp/tmate.sock new-session -d &&
tmate -S /tmp/tmate.sock wait tmate-ready &&
# Print SSH invocation every 5 seconds, until tmate session has terminated
tmate -S /tmp/tmate.sock display -p '#{tmate_ssh}'
- name: Clone build-extra
shell: bash
run: |
git clone --filter=blob:none --single-branch -b main https://github.com/git-for-windows/build-extra /usr/src/build-extra
- name: Clone git
shell: bash
run: |
# Since we cannot directly clone a specified tag (as we would a branch with `git clone -b <branch name>`),
# this clone has to be done manually (via init->fetch->reset).
tag_name="${{ needs.prereqs.outputs.tag_name }}" &&
git -c init.defaultBranch=main init &&
git remote add -f origin https://github.com/git-for-windows/git &&
git fetch "https://github.com/${{github.repository}}" refs/tags/${tag_name}:refs/tags/${tag_name} &&
git reset --hard ${tag_name}
- name: Log into Azure
uses: azure/login@v1
with:
creds: ${{ secrets.AZURE_CREDENTIALS }}
- name: Configure Azure Code Signing
shell: bash
run: |
git config alias.signtool '!f() { printf "%s\n" "$@" >./catalog && cat ./catalog && /c/Windows/System32/WindowsPowerShell/v1.0/powershell -command "Invoke-AzureCodeSigning -Endpoint https://wus2.codesigning.azure.net/ -CodeSigningAccountName git-fundamentals-signing -CertificateProfileName git-fundamentals-windows-signing -FilesCatalog ./catalog -FileDigest SHA256 -TimestampRfc3161 http://timestamp.acs.microsoft.com -TimestampDigest SHA256"; };f'
- name: Build mingw-w64-x86_64-git
env:
AZURE_VAULT: ${{ secrets.AZURE_VAULT }}
GPG_FINGERPRINT_SECRET_NAME: ${{secrets.GPG_FINGERPRINT_SECRET_NAME}}
shell: bash
run: |
set -x
# Get GPG key fingerprint from Azure Key Vault
GPGKEY=$(az keyvault secret show --name "$GPG_FINGERPRINT_SECRET_NAME" \
--vault-name "$AZURE_VAULT" --query "value" \
| sed -e 's/^"//' -e 's/"$//')
# Make sure that there is a `/usr/bin/git` that can be used by `makepkg-mingw`
printf '#!/bin/sh\n\nexec /mingw64/bin/git.exe "$@"\n' >/usr/bin/git &&
# Restrict `PATH` to MSYS2 and to Visual Studio (to let `cv2pdb` find the relevant DLLs)
PATH="/mingw64/bin:/usr/bin:/C/Program Files (x86)/Microsoft Visual Studio 14.0/VC/bin/amd64:/C/Windows/system32"
type -p mspdb140.dll || exit 1
# Install Azure Code Signing Module
/c/Windows/System32/WindowsPowerShell/v1.0/powershell -command "Install-Module -Name AzureCodeSigning -RequiredVersion 0.2.24 -Force -Repository PSGallery"
cp /mingw64/bin/git.exe ./g.exe && git signtool g.exe
sh -x /usr/src/build-extra/please.sh build-mingw-w64-git --only-64-bit --build-src-pkg -o artifacts HEAD
- name: wait for tmate to be done
if: always()
shell: bash
run: |
PATH=$HOME/bin:$PATH
while test -e /tmp/tmate.sock
do
tmate -S /tmp/tmate.sock display -p '#{tmate_ssh}'
sleep 5
done
# End build Windows installers