v9.1.1498 #33
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Build Vim for Windows ARM (on Release) | |
| on: | |
| release: | |
| types: [published] | |
| permissions: | |
| id-token: write # needed for attestion | |
| attestations: write | |
| contents: write # needed for release update | |
| jobs: | |
| build-and-release-arm: | |
| runs-on: windows-11-arm | |
| env: | |
| ARCH: x64 | |
| DEPENDENCIES: c:\dependencies | |
| GH_TAG_NAME: ${{ github.ref_name }} | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/checkout@v4 | |
| - name: Set up MSVC Dev tools | |
| uses: ilammy/msvc-dev-cmd@v1 | |
| with: | |
| arch: amd64_arm64 | |
| - name: Cache dependencies | |
| uses: actions/cache@v4 | |
| with: | |
| path: | | |
| c:\dependencies | |
| c:\vcpkg | |
| downloads | |
| key: ${{ runner.os }} | |
| - name: Prepare Vim Build | |
| shell: cmd | |
| run: | | |
| set "PATH=C:\Program Files\Microsoft Visual Studio\2022\Enterprise\VC\Auxiliary\Build;%PATH%" | |
| call vcvarsall.bat x64_arm64 | |
| set "VCPKG_ROOT=c:\vcpkg" | |
| call appveyor.bat install | |
| - name: Build Vim (ARM) | |
| shell: cmd | |
| run: | | |
| set "PATH=C:\Program Files\Microsoft Visual Studio\2022\Enterprise\VC\Auxiliary\Build;%PATH%" | |
| call vcvarsall.bat x64_arm64 | |
| call appveyor.bat build | |
| # Skip the test for now, it still fails | |
| # - name: Test Vim | |
| # shell: cmd | |
| # run: | | |
| # call appveyor.bat test | |
| - name: Package Vim | |
| shell: cmd | |
| run: | | |
| set "VCPKG_ROOT=c:\vcpkg" | |
| call appveyor.bat package | |
| - name: upload Installer | |
| id: upload-installer | |
| uses: actions/upload-artifact@v4 | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| with: | |
| name: arm64-windows-installer.exe | |
| path: | | |
| gvim*.exe | |
| - name: Attest Installer | |
| uses: actions/attest-build-provenance@v2 | |
| with: | |
| subject-name: arm64-windows-installer.exe | |
| subject-digest: sha256:${{ steps.upload-installer.outputs.artifact-digest }} | |
| - name: upload Zip File | |
| id: upload-zip | |
| uses: actions/upload-artifact@v4 | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| with: | |
| name: arm64-windows-zip-archive.zip | |
| path: | | |
| gvim*.zip | |
| - name: Attest Zip File | |
| uses: actions/attest-build-provenance@v2 | |
| with: | |
| subject-name: arm64-windows-zip-archive.zip | |
| subject-digest: sha256:${{ steps.upload-zip.outputs.artifact-digest }} | |
| - name: upload Zip File for Signpath | |
| id: upload-unsigned-zip | |
| uses: actions/upload-artifact@v4 | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| with: | |
| name: arm64-windows-unsigned-archive | |
| path: | | |
| gvim*arm64.* | |
| - name: Attest Zip File for Signpath | |
| uses: actions/attest-build-provenance@v2 | |
| with: | |
| subject-name: arm64-windows-zip-archive.zip | |
| subject-digest: sha256:${{ steps.upload-unsigned-zip.outputs.artifact-digest }} | |
| # the release will be created by the appveyor CI, so we need to wait | |
| # until it exists before trying to push our release artifacts | |
| - name: Wait for Github Release | |
| shell: bash | |
| env: | |
| TAG_NAME: ${{ github.ref_name }} | |
| run: | | |
| echo "Waiting for release with tag $TAG_NAME..." | |
| for i in {1..30}; do | |
| STATUS=$(curl -s -o /dev/null -w "%{http_code}" \ | |
| -H "Authorization: Bearer ${{ secrets.GITHUB_TOKEN }}" \ | |
| https://api.github.com/repos/${{ github.repository }}/releases/tags/$TAG_NAME) | |
| if [ "$STATUS" -eq 200 ]; then | |
| echo "✅ Release $TAG_NAME exists!" | |
| exit 0 | |
| else | |
| echo "⏳ Attempt $i: Release not found yet. Waiting 60s..." | |
| sleep 60 | |
| fi | |
| done | |
| echo "❌ Timed out waiting for release $TAG_NAME" | |
| exit 1 | |
| - name: Upload to Github Release | |
| shell: bash | |
| env: | |
| GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| run: | | |
| for i in gvim*.exe gvim*.zip; do | |
| gh release upload "$GH_TAG_NAME" "$i" --clobber | |
| done | |
| - name: SignPath code signing | |
| uses: SignPath/github-action-submit-signing-request@v1.2 | |
| with: | |
| api-token: ${{ secrets.SIGNPATH_API_TOKEN }} | |
| organization-id: 47c0047c-0c1d-42b2-a16c-4ea6907dc813 | |
| project-slug: vim-win32-installer | |
| signing-policy-slug: release-signing | |
| github-artifact-id: '${{ steps.upload-unsigned-zip.outputs.artifact-id }}' | |
| wait-for-completion: false | |
| - name: Post Summary | |
| shell: bash | |
| run: | | |
| echo "## ✅ Windows ARM Build Summary" >> $GITHUB_STEP_SUMMARY | |
| echo "" >> $GITHUB_STEP_SUMMARY | |
| echo "**Tag:** \`$GH_TAG_NAME\`" >> $GITHUB_STEP_SUMMARY | |
| echo "**Repository:** \`${{ github.repository }}\`" >> $GITHUB_STEP_SUMMARY | |
| echo "**Artifacts Uploaded:**" >> $GITHUB_STEP_SUMMARY | |
| echo "- 🟩 [arm64-windows-installer.exe](https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }})" >> $GITHUB_STEP_SUMMARY | |
| echo "- 🟦 [arm64-windows-zip-archive.zip](https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }})" >> $GITHUB_STEP_SUMMARY | |
| echo "" >> $GITHUB_STEP_SUMMARY | |
| echo "**Release Status:**" >> $GITHUB_STEP_SUMMARY | |
| echo "- 🔁 Waited for tag \`$GH_TAG_NAME\` to become available as a release" >> $GITHUB_STEP_SUMMARY | |
| echo "- 📦 Uploaded artifacts to the release via \`gh release upload\`" >> $GITHUB_STEP_SUMMARY | |
| echo "" >> $GITHUB_STEP_SUMMARY | |
| echo "**Security Provenance:**" >> $GITHUB_STEP_SUMMARY | |
| echo "- 🔒 Attested \`arm64-windows-installer.exe\` and \`arm64-windows-zip-archive.zip\` using [actions/attest-build-provenance](https://github.com/actions/attest-build-provenance)" >> $GITHUB_STEP_SUMMARY |