mirror of
https://github.com/Frooodle/Stirling-PDF.git
synced 2025-12-18 20:04:17 +01:00
e56ef8019d
Bumps [softprops/action-gh-release](https://github.com/softprops/action-gh-release) from 2.4.1 to 2.4.2. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/softprops/action-gh-release/releases">softprops/action-gh-release's releases</a>.</em></p> <blockquote> <h2>v2.4.2</h2> <h2>What's Changed</h2> <h3>Exciting New Features 🎉</h3> <ul> <li>feat: Ensure generated release notes cannot be over 125000 characters by <a href="https://github.com/BeryJu"><code>@BeryJu</code></a> in <a href="https://redirect.github.com/softprops/action-gh-release/pull/684">softprops/action-gh-release#684</a></li> </ul> <h3>Other Changes 🔄</h3> <ul> <li>dependency updates</li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/BeryJu"><code>@BeryJu</code></a> made their first contribution in <a href="https://redirect.github.com/softprops/action-gh-release/pull/684">softprops/action-gh-release#684</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/softprops/action-gh-release/compare/v2.4.1...v2.4.2">https://github.com/softprops/action-gh-release/compare/v2.4.1...v2.4.2</a></p> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/softprops/action-gh-release/blob/master/CHANGELOG.md">softprops/action-gh-release's changelog</a>.</em></p> <blockquote> <h2>2.4.2</h2> <h2>What's Changed</h2> <h3>Exciting New Features 🎉</h3> <ul> <li>feat: Ensure generated release notes cannot be over 125000 characters by <a href="https://github.com/BeryJu"><code>@BeryJu</code></a> in <a href="https://redirect.github.com/softprops/action-gh-release/pull/684">softprops/action-gh-release#684</a></li> </ul> <h3>Other Changes 🔄</h3> <ul> <li>dependency updates</li> </ul> <h2>2.4.1</h2> <h2>What's Changed</h2> <h3>Other Changes 🔄</h3> <ul> <li>fix(util): support brace expansion globs containing commas in parseInputFiles by <a href="https://github.com/Copilot"><code>@Copilot</code></a> in <a href="https://redirect.github.com/softprops/action-gh-release/pull/672">softprops/action-gh-release#672</a></li> <li>fix: gracefully fallback to body when body_path cannot be read by <a href="https://github.com/Copilot"><code>@Copilot</code></a> in <a href="https://redirect.github.com/softprops/action-gh-release/pull/671">softprops/action-gh-release#671</a></li> </ul> <h2>2.4.0</h2> <h2>What's Changed</h2> <h3>Exciting New Features 🎉</h3> <ul> <li>feat(action): respect working_directory for files globs by <a href="https://github.com/stephenway"><code>@stephenway</code></a> in <a href="https://redirect.github.com/softprops/action-gh-release/pull/667">softprops/action-gh-release#667</a></li> </ul> <h2>2.3.4</h2> <h2>What's Changed</h2> <h3>Bug fixes 🐛</h3> <ul> <li>fix(action): handle 422 already_exists race condition by <a href="https://github.com/stephenway"><code>@stephenway</code></a> in <a href="https://redirect.github.com/softprops/action-gh-release/pull/665">softprops/action-gh-release#665</a></li> </ul> <h3>Other Changes 🔄</h3> <ul> <li>dependency updates</li> </ul> <h2>2.3.3</h2> <h2>What's Changed</h2> <h3>Exciting New Features 🎉</h3> <ul> <li>feat: add input option <code>overwrite_files</code> by <a href="https://github.com/asfernandes"><code>@asfernandes</code></a> in <a href="https://redirect.github.com/softprops/action-gh-release/pull/343">softprops/action-gh-release#343</a></li> </ul> <h3>Other Changes 🔄</h3> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="5be0e66d93"><code>5be0e66</code></a> release 2.4.2</li> <li><a href="af658b4d5d"><code>af658b4</code></a> feat: Ensure generated release notes cannot be over 125000 characters (<a href="https://redirect.github.com/softprops/action-gh-release/issues/684">#684</a>)</li> <li><a href="237aaccf71"><code>237aacc</code></a> chore: bump node to 24.11.0</li> <li><a href="00362bea6f"><code>00362be</code></a> chore(deps): bump the npm group with 5 updates (<a href="https://redirect.github.com/softprops/action-gh-release/issues/687">#687</a>)</li> <li><a href="0adea5aa98"><code>0adea5a</code></a> chore(deps): bump the npm group with 3 updates (<a href="https://redirect.github.com/softprops/action-gh-release/issues/686">#686</a>)</li> <li><a href="aa05f9d779"><code>aa05f9d</code></a> chore(deps): bump actions/setup-node from 5.0.0 to 6.0.0 in the github-action...</li> <li><a href="bbaccb3a0c"><code>bbaccb3</code></a> chore(deps): bump <code>@types/node</code> from 20.19.21 to 20.19.22 in the npm group (<a href="https://redirect.github.com/softprops/action-gh-release/issues/682">#682</a>)</li> <li><a href="50fda3f773"><code>50fda3f</code></a> chore(deps): bump vite from 7.1.5 to 7.1.11 (<a href="https://redirect.github.com/softprops/action-gh-release/issues/681">#681</a>)</li> <li><a href="5434409c2b"><code>5434409</code></a> chore(deps): bump <code>@types/node</code> from 20.19.19 to 20.19.21 in the npm group (<a href="https://redirect.github.com/softprops/action-gh-release/issues/679">#679</a>)</li> <li>See full diff in <a href="6da8fa9354...5be0e66d93">compare view</a></li> </ul> </details> <br /> <details> <summary>Most Recent Ignore Conditions Applied to This Pull Request</summary> | Dependency Name | Ignore Conditions | | --- | --- | | softprops/action-gh-release | [>= 2.2.a, < 2.3] | </details> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
319 lines
11 KiB
YAML
319 lines
11 KiB
YAML
name: Test Installers Build
|
|
|
|
on:
|
|
workflow_dispatch:
|
|
inputs:
|
|
test_mode:
|
|
description: "Run in test mode (skip release step)"
|
|
required: false
|
|
default: "false"
|
|
release:
|
|
types: [created]
|
|
|
|
permissions:
|
|
contents: read
|
|
|
|
jobs:
|
|
read_versions:
|
|
runs-on: ubuntu-latest
|
|
outputs:
|
|
version: ${{ steps.versionNumber.outputs.versionNumber }}
|
|
versionMac: ${{ steps.versionNumberMac.outputs.versionNumberMac }}
|
|
steps:
|
|
- name: Harden Runner
|
|
uses: step-security/harden-runner@95d9a5deda9de15063e7595e9719c11c38c90ae2 # v2.13.2
|
|
with:
|
|
egress-policy: audit
|
|
|
|
- uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
|
|
|
|
- name: Set up JDK
|
|
uses: actions/setup-java@dded0888837ed1f317902acf8a20df0ad188d165 # v5.0.0
|
|
with:
|
|
distribution: 'temurin'
|
|
java-version: '21'
|
|
|
|
# ✅ Get version from Gradle
|
|
- name: Get version number
|
|
id: versionNumber
|
|
run: |
|
|
VERSION=$(./gradlew printVersion --quiet | tail -1)
|
|
echo "versionNumber=$VERSION" >> $GITHUB_OUTPUT
|
|
|
|
# ✅ Get Mac-specific version from Gradle
|
|
- name: Get version number mac
|
|
id: versionNumberMac
|
|
run: |
|
|
VERSION_MAC=$(./gradlew printMacVersion --quiet | tail -1)
|
|
echo "versionNumberMac=$VERSION_MAC" >> $GITHUB_OUTPUT
|
|
|
|
build-portable:
|
|
needs: read_versions
|
|
runs-on: ubuntu-latest
|
|
strategy:
|
|
matrix:
|
|
disable_security: [true, false]
|
|
include:
|
|
- disable_security: false
|
|
file_suffix: "-with-login"
|
|
- disable_security: true
|
|
file_suffix: ""
|
|
steps:
|
|
- name: Harden Runner
|
|
uses: step-security/harden-runner@95d9a5deda9de15063e7595e9719c11c38c90ae2 # v2.13.2
|
|
with:
|
|
egress-policy: audit
|
|
|
|
- uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
|
|
|
|
- name: Set up JDK 21
|
|
uses: actions/setup-java@dded0888837ed1f317902acf8a20df0ad188d165 # v5.0.0
|
|
with:
|
|
java-version: "21"
|
|
distribution: "temurin"
|
|
|
|
- uses: gradle/actions/setup-gradle@4d9f0ba0025fe599b4ebab900eb7f3a1d93ef4c2 # v5.0.0
|
|
with:
|
|
gradle-version: 8.14
|
|
|
|
- name: Generate jar (Disable Security=${{ matrix.disable_security }})
|
|
run: ./gradlew clean createExe
|
|
env:
|
|
DISABLE_ADDITIONAL_FEATURES: ${{ matrix.disable_security }}
|
|
STIRLING_PDF_DESKTOP_UI: false
|
|
|
|
- name: Rename binaries
|
|
run: |
|
|
mkdir ./binaries
|
|
mv ./build/launch4j/Stirling-PDF.exe ./binaries/win-Stirling-PDF-portable-Server${{ matrix.file_suffix }}.exe
|
|
mv ./app/core/build/libs/stirling-pdf-${{ needs.read_versions.outputs.version }}.jar ./binaries/Stirling-PDF${{ matrix.file_suffix }}.jar
|
|
|
|
- name: Upload build artifacts
|
|
uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0
|
|
with:
|
|
retention-days: 1
|
|
if-no-files-found: error
|
|
name: stirling${{ matrix.file_suffix }}-binaries
|
|
path: |
|
|
./binaries/*
|
|
|
|
sign_verify-portable:
|
|
needs: [build-portable, read_versions]
|
|
runs-on: ubuntu-latest
|
|
strategy:
|
|
matrix:
|
|
disable_security: [true, false]
|
|
include:
|
|
- disable_security: false
|
|
file_suffix: "with-login-"
|
|
- disable_security: true
|
|
file_suffix: ""
|
|
steps:
|
|
- name: Harden Runner
|
|
uses: step-security/harden-runner@95d9a5deda9de15063e7595e9719c11c38c90ae2 # v2.13.2
|
|
with:
|
|
egress-policy: audit
|
|
|
|
- name: Download build artifacts
|
|
uses: actions/download-artifact@018cc2cf5baa6db3ef3c5f8a56943fffe632ef53 # v6.0.0
|
|
with:
|
|
name: stirling-${{ matrix.file_suffix }}binaries
|
|
|
|
- name: Display structure of downloaded files
|
|
run: ls -R
|
|
|
|
- name: Upload signed artifacts
|
|
uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0
|
|
with:
|
|
retention-days: 1
|
|
if-no-files-found: error
|
|
name: stirling-${{ matrix.file_suffix }}signed
|
|
path: |
|
|
./*
|
|
!cosign.*
|
|
|
|
build-installers:
|
|
needs: read_versions
|
|
strategy:
|
|
matrix:
|
|
include:
|
|
- os: windows-latest
|
|
platform: win-
|
|
- os: macos-latest
|
|
platform: mac-
|
|
# - os: ubuntu-latest
|
|
# platform: linux-
|
|
runs-on: ${{ matrix.os }}
|
|
permissions:
|
|
contents: write
|
|
steps:
|
|
- name: Harden Runner
|
|
uses: step-security/harden-runner@95d9a5deda9de15063e7595e9719c11c38c90ae2 # v2.13.2
|
|
with:
|
|
egress-policy: audit
|
|
|
|
- uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
|
|
|
|
- name: Set up JDK 21
|
|
uses: actions/setup-java@dded0888837ed1f317902acf8a20df0ad188d165 # v5.0.0
|
|
with:
|
|
java-version: "21"
|
|
distribution: "temurin"
|
|
|
|
- uses: gradle/actions/setup-gradle@4d9f0ba0025fe599b4ebab900eb7f3a1d93ef4c2 # v5.0.0
|
|
with:
|
|
gradle-version: 8.14
|
|
|
|
# Install Windows dependencies
|
|
- name: Install WiX Toolset
|
|
if: matrix.os == 'windows-latest'
|
|
run: |
|
|
curl -L -o wix.exe https://github.com/wixtoolset/wix3/releases/download/wix3141rtm/wix314.exe
|
|
.\wix.exe /install /quiet
|
|
|
|
# Build installer
|
|
- name: Build Installer
|
|
run: ./gradlew build jpackage -x test --info
|
|
env:
|
|
DISABLE_ADDITIONAL_FEATURES: true
|
|
STIRLING_PDF_DESKTOP_UI: true
|
|
BROWSER_OPEN: true
|
|
|
|
- name: Set up JDK (x86_64)
|
|
if: matrix.os == 'macos-latest'
|
|
run: |
|
|
curl -L -o jdk.tar.gz https://cdn.azul.com/zulu/bin/zulu17.56.15-ca-jdk17.0.14-macosx_x64.tar.gz
|
|
mkdir -p zulu17
|
|
tar -xzf jdk.tar.gz -C zulu17 --strip-components=1
|
|
echo "JAVA_HOME=$PWD/zulu17" >> $GITHUB_ENV
|
|
echo "$PWD/zulu17/bin" >> $GITHUB_PATH
|
|
|
|
- name: Verify JDK architecture
|
|
if: matrix.os == 'macos-latest'
|
|
run: file $JAVA_HOME/bin/java
|
|
|
|
- name: Build project and run jpackage (x86_64)
|
|
if: matrix.os == 'macos-latest'
|
|
run: arch -x86_64 ./gradlew jpackageMacX64
|
|
|
|
# Rename and collect artifacts based on OS
|
|
- name: Prepare artifacts
|
|
id: prepare
|
|
shell: bash
|
|
run: |
|
|
ls -lah ./build/jpackage/
|
|
mkdir ./binaries
|
|
if [ "${{ matrix.os }}" = "windows-latest" ]; then
|
|
mv "./build/jpackage/Stirling PDF-${{ needs.read_versions.outputs.version }}.exe" "./binaries/Stirling-PDF-win-installer.exe"
|
|
elif [ "${{ matrix.os }}" = "macos-latest" ]; then
|
|
mv "./build/jpackage/Stirling PDF-${{ needs.read_versions.outputs.versionMac }}.dmg" "./binaries/Stirling-PDF-mac-installer.dmg"
|
|
mv "./build/jpackage/x86_64/Stirling PDF (x86_64)-${{ needs.read_versions.outputs.versionMac }}.dmg" "./binaries/Stirling-PDF-mac-x86_64-installer.dmg"
|
|
else
|
|
mv "./build/jpackage/stirling-pdf_${{ needs.read_versions.outputs.version }}-1_amd64.deb" "./binaries/Stirling-PDF-linux-installer.deb"
|
|
fi
|
|
|
|
- name: Display structure of downloaded files
|
|
run: ls -R ./binaries
|
|
|
|
- name: Upload build artifacts
|
|
uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0
|
|
with:
|
|
retention-days: 1
|
|
if-no-files-found: error
|
|
name: ${{ matrix.platform }}binaries
|
|
path: |
|
|
./binaries/*
|
|
|
|
sign_verify:
|
|
needs: [read_versions, build-installers]
|
|
strategy:
|
|
matrix:
|
|
include:
|
|
- os: windows-latest
|
|
platform: win-
|
|
- os: macos-latest
|
|
platform: mac-
|
|
# - os: ubuntu-latest
|
|
# platform: linux-
|
|
runs-on: ubuntu-latest
|
|
steps:
|
|
- name: Harden Runner
|
|
uses: step-security/harden-runner@95d9a5deda9de15063e7595e9719c11c38c90ae2 # v2.13.2
|
|
with:
|
|
egress-policy: audit
|
|
|
|
- name: Download build artifacts
|
|
uses: actions/download-artifact@018cc2cf5baa6db3ef3c5f8a56943fffe632ef53 # v6.0.0
|
|
with:
|
|
name: ${{ matrix.platform }}binaries
|
|
|
|
- name: Display structure of downloaded files
|
|
run: ls -R
|
|
|
|
- name: Install Cosign
|
|
if: matrix.os == 'windows-latest'
|
|
uses: sigstore/cosign-installer@faadad0cce49287aee09b3a48701e75088a2c6ad # v4.0.0
|
|
|
|
- name: Generate key pair
|
|
if: matrix.os == 'windows-latest'
|
|
run: cosign generate-key-pair
|
|
|
|
- name: Sign and generate attestations
|
|
if: matrix.os == 'windows-latest'
|
|
run: |
|
|
cosign sign-blob \
|
|
--key ./cosign.key \
|
|
--yes \
|
|
--output-signature ./Stirling-PDF-win-installer.exe.sig \
|
|
./Stirling-PDF-win-installer.exe
|
|
|
|
cosign attest-blob \
|
|
--predicate - \
|
|
--key ./cosign.key \
|
|
--yes \
|
|
--output-attestation ./Stirling-PDF-win-installer.exe.intoto.jsonl \
|
|
./Stirling-PDF-win-installer.exe
|
|
|
|
cosign verify-blob \
|
|
--key ./cosign.pub \
|
|
--signature ./Stirling-PDF-win-installer.exe.sig \
|
|
./Stirling-PDF-win-installer.exe
|
|
|
|
- name: Display structure of downloaded files
|
|
run: ls -R
|
|
|
|
- name: Upload signed artifacts
|
|
uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0
|
|
with:
|
|
retention-days: 1
|
|
if-no-files-found: error
|
|
name: ${{ matrix.platform }}signed
|
|
path: |
|
|
./Stirling-PDF-${{ matrix.platform }}installer.*
|
|
./Stirling-PDF-${{ matrix.platform }}x86_64-installer.*
|
|
!cosign.*
|
|
|
|
create-release:
|
|
if: github.event_name != 'workflow_dispatch' || github.event.inputs.test_mode != 'true'
|
|
needs: [read_versions, sign_verify, sign_verify-portable]
|
|
runs-on: ubuntu-latest
|
|
permissions:
|
|
contents: write
|
|
steps:
|
|
- name: Harden Runner
|
|
uses: step-security/harden-runner@95d9a5deda9de15063e7595e9719c11c38c90ae2 # v2.13.2
|
|
with:
|
|
egress-policy: audit
|
|
|
|
- name: Download signed artifacts
|
|
uses: actions/download-artifact@018cc2cf5baa6db3ef3c5f8a56943fffe632ef53 # v6.0.0
|
|
- name: Display structure of downloaded files
|
|
run: ls -R
|
|
- name: Upload binaries, attestations and signatures to Release and create GitHub Release
|
|
uses: softprops/action-gh-release@5be0e66d93ac7ed76da52eca8bb058f665c3a5fe # v2.4.2
|
|
with:
|
|
tag_name: v${{ needs.read_versions.outputs.version }}
|
|
generate_release_notes: true
|
|
files: |
|
|
./*signed/*
|