Build openssl framework #387

Workflow file for this run

.github/workflows/release.yml at 238ac6b

	name: "Build openssl framework"

	on:
	push:
	branches: ["main"]
	schedule:
	- cron: "18 18 * * *"
	workflow_dispatch:

	permissions:
	packages: read
	contents: write

	concurrency: single_compile

	jobs:
	query:
	name: "Check for updates"
	runs-on: macos-14
	outputs:
	openssl_version: ${{ steps.query.outputs.openssl_version }}
	needs_update: ${{ steps.query.outputs.needs_update }}
	steps:
	- name: "Get latest release"
	id: query
	env:
	GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
	run: \|
	LATEST_OFFICIAL_OPENSSL_RELEASE=$(gh api /repos/openssl/openssl/tags --jq '.[].name' \| egrep '^openssl-[0-9\.]+$' \| sort -nr \| head -n1 \| sed 's/openssl-//')
	LATEST_OPENSSL_IOS_RELEASE=$(gh api /repos/tls-inspector/openssl-ios/releases/latest --jq '.name')
	echo "::notice ::Latest openssl release: ${LATEST_OFFICIAL_OPENSSL_RELEASE}, last published framework: ${LATEST_OPENSSL_IOS_RELEASE}"
	echo "openssl_version=${LATEST_OFFICIAL_OPENSSL_RELEASE}" >> $GITHUB_OUTPUT
	if [[ "${LATEST_OPENSSL_IOS_RELEASE}" != "${LATEST_OFFICIAL_OPENSSL_RELEASE}" ]]; then
	echo "needs_update=yes" >> $GITHUB_OUTPUT
	else
	echo "needs_update=no" >> $GITHUB_OUTPUT
	fi
	cat $GITHUB_OUTPUT
	update:
	name: "Compile"
	needs: query
	if: needs.query.outputs.needs_update == 'yes'
	runs-on: macos-14
	outputs:
	framework_checksum: ${{ steps.prepare.outputs.framework_checksum }}
	steps:
	- name: Checkout Source
	id: checkout
	uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # pin@v4.1.1
	- name: Compile Framework
	id: compile
	run: \|
	gpg --import ./openssl.asc
	echo 'trusted-key 0xD5E9E43F7DF9EE8C' >> ~/.gnupg/gpg.conf
	echo 'trusted-key 0xD9C4D26D0E604491' >> ~/.gnupg/gpg.conf
	echo 'trusted-key 0xB8EF1A6BA9DA2D5C' >> ~/.gnupg/gpg.conf
	echo 'trusted-key 0x231C84CDDCC69C45' >> ~/.gnupg/gpg.conf
	echo 'trusted-key 0xD894E2CE8B3D79F5' >> ~/.gnupg/gpg.conf
	GPG_VERIFY=1 ./build-ios.sh ${{ needs.query.outputs.openssl_version }}
	zip -r openssl.xcframework.zip openssl.xcframework/
	- name: Capture Build Errors
	uses: actions/upload-artifact@26f96dfa697d77e81fd5907df203aa23a56210a8 # pin@v4.3.0
	if: failure()
	with:
	name: build_output
	path: build/*.log
	- name: Prepare Release
	id: prepare
	run: \|
	SHASUM=$(shasum -a 256 openssl.xcframework.zip \| cut -d ' ' -f1)
	echo "framework_checksum=${SHASUM}" >> $GITHUB_OUTPUT
	echo "::notice ::openssl.xcframework.zip checksum: ${SHASUM}"
	echo "-----BEGIN EC PRIVATE KEY-----" >> private_key.pem
	echo '${{ secrets.SIGNING_KEY }}' >> private_key.pem
	echo "-----END EC PRIVATE KEY-----" >> private_key.pem
	openssl dgst -sign private_key.pem -sha256 -out openssl.xcframework.zip.sig openssl.xcframework.zip
	rm -f private_key.pem
	- name: Make Release If Needed
	id: release
	uses: softprops/action-gh-release@de2c0eb89ae2a093876385947365aca7b0e5f844 # pin@v1
	with:
	name: ${{ needs.query.outputs.openssl_version }}
	body: "openssl.xcframework.zip SHA-256 `${{ steps.prepare.outputs.framework_checksum }}`"
	tag_name: ${{ needs.query.outputs.openssl_version }}
	files: \|
	openssl.xcframework.zip
	openssl.xcframework.zip.sig

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Build openssl framework #387

Workflow file

Build openssl framework #387

Jobs

Run details

Workflow file for this run