Skip to content

RCM_CI

RCM_CI #81

Workflow file for this run

# This is a basic workflow to help you get started with Actions
name: RCM_CI
# Controls when the workflow will run
on:
# Triggers the workflow on push or pull request events but only for the "main" branch
push:
branches: [ "dev" ]
pull_request:
branches: [ "dev" ]
# Allows you to run this workflow manually from the Actions tab
workflow_dispatch:
env:
RCM_CHECKOUT: "RCM"
PYTHON_VERSION: "3.10.11"
PYENV_VERSION: "2.3.35"
TURBOVNC_DOWNLOAD: "https://github.com/TurboVNC/turbovnc/releases/download"
TURBOVNC_EXTERNAL: "rcm/client/external/turbovnc"
PARAMIKO_PULL: "2258"
PARAMIKO_COMMIT: "1a45c7ec74cf8ee1d537e3ca032e7fef40fa62b3"
# A workflow run is made up of one or more jobs that can run sequentially or in parallel
jobs:
# This workflow contains a single job called "build"
build:
strategy:
matrix:
os:
- ubuntu-latest
- ubuntu-20.04
turbovnc-version:
- '3.1'
- '2.2.7'
include:
- os: macos-latest
turbovnc-version: 'none'
# The type of runner that the job will run on
runs-on: ${{ matrix.os }}
# Steps represent a sequence of tasks that will be executed as part of the job
steps:
- name: Install missing Qt libraries ubuntu
if: ${{ contains(matrix.os, 'ubuntu') }}
run: |
sudo apt update
sudo apt install -y qtbase5-dev qt5-qmake
# skipping cmake qtcreator qtwayland5
# Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it
- name: Checkout RCM
uses: actions/[email protected]
with:
path: "${{ env.RCM_CHECKOUT }}"
# CACHE
- name: (GHO) Cache python
uses: actions/[email protected]
id: cache-python
with:
path: ~/.pyenv
key: pyenv-${{ env.PYENV_VERSION }}-python-${{ env.PYTHON_VERSION }}-${{ matrix.os }}
- name: (GHO) Cache venv
uses: actions/[email protected]
id: cache-venv
with:
path: venv
key: venv-${{ hashFiles( format('{0}/rcm/client/requirements.txt', env.RCM_CHECKOUT ) ) }}-paramiko-${{ env.PARAMIKO_PULL }}-${{env.PARAMIKO_COMMIT}}-${{ matrix.os }}
- name: (GHO) Cache turbovnc
uses: actions/[email protected]
id: cache-turbovnc
with:
path: turbovnc
key: turbovnc-${{ matrix.turbovnc-version }}-${{ matrix.os }}
# PYTHON
- name: Setup pyenv
run: |
export PYENV_ROOT=~/.pyenv
echo "PYENV_ROOT=${PYENV_ROOT}" >> "${GITHUB_ENV}"
echo "${PYENV_ROOT}/bin" >> "${GITHUB_PATH}"
echo "${PYENV_ROOT}/versions/${PYTHON_VERSION}/bin" >> "${GITHUB_PATH}"
- name: Install pyenv locally
if: ${{ steps.cache-python.outputs.cache-hit != 'true' }}
run: |
git clone -b "v${PYENV_VERSION}" "https://github.com/pyenv/pyenv.git" "${PYENV_ROOT:?}"
pyenv install "${PYTHON_VERSION}"
# VENV
- name: Install venv
if: ${{ steps.cache-venv.outputs.cache-hit != 'true' }}
run: |
python -m venv venv
source venv/bin/activate
pip install -r "${RCM_CHECKOUT}/rcm/client/requirements.txt"
wget "https://github.com/paramiko/paramiko/pull/${PARAMIKO_PULL}/commits/${PARAMIKO_COMMIT}.patch" -O paramiko.patch
PARAMIKO_FILE=$(python -c "import paramiko, os; print(os.path.join(os.path.dirname(paramiko.__file__), 'auth_handler.py'))")
patch -N $PARAMIKO_FILE -i paramiko.patch
# TURBOVNC
- name: Extract turbovnc
if: ${{ matrix.os != 'macos-latest' && steps.cache-turbovnc.outputs.cache-hit != 'true' }}
run: |
wget $TURBOVNC_DOWNLOAD/${{ matrix.turbovnc-version }}/turbovnc_${{ matrix.turbovnc-version }}_amd64.deb -O turbovnc.deb
dpkg-deb -x turbovnc.deb turbovnc
- name: Move turbovnc
if: ${{ matrix.os != 'macos-latest' }}
run: |
# Copy extracted file to `"${RCM_CHECKOUT}/${TURBOVNC_EXTERNAL}"`
cp -r turbovnc/opt/TurboVNC "${RCM_CHECKOUT}/${TURBOVNC_EXTERNAL}"
cp -r turbovnc/usr/share "${RCM_CHECKOUT}/${TURBOVNC_EXTERNAL}"
cp -r turbovnc/etc "${RCM_CHECKOUT}/${TURBOVNC_EXTERNAL}"
# PYINSTALLER
- name: Build pyinstaller
run: |
source venv/bin/activate
pyinstaller "${RCM_CHECKOUT}/rcm/client/rcm_client_qt.spec"
# ARTIFACT
- name: (GHO) Move preartifacts
run: |
find dist -name "RCM" -type f -exec cp '{}' RCM.exe \;
find dist -name "RCM.zip" -type f -exec unzip '{}' -d ./RCM-dir \;
- uses: sigstore/[email protected]
- name: Sign image with a key
run: |
cosign sign-blob --yes --key env://COSIGN_PRIVATE_KEY --output-signature "${{ env.FILE2SIGN }}.sig" "${{ env.FILE2SIGN }}.exe"
cosign verify-blob --key env://COSIGN_PUBLIC_KEY --signature "${{ env.FILE2SIGN }}.sig" "${{ env.FILE2SIGN }}.exe"
echo "${{ env.COSIGN_PUBLIC_KEY }}" > RCM.pub
env:
COSIGN_PRIVATE_KEY: ${{ secrets.COSIGN_PRIVATE_KEY }}
COSIGN_PUBLIC_KEY: ${{ secrets.COSIGN_PUBLIC_KEY }}
COSIGN_PASSWORD: ${{ secrets.COSIGN_PASSWORD }}
FILE2SIGN: "RCM"
- name: (GHO) Upload exe
uses: actions/[email protected]
with:
name: RCM-client-${{ matrix.os }}-turbovnc-${{ matrix.turbovnc-version }}
path: |
RCM.exe
RCM.sig
RCM.pub
- name: (GHO) Upload dir
uses: actions/[email protected]
with:
name: RCM-client-${{ matrix.os }}-turbovnc-${{ matrix.turbovnc-version }}-dir
path: |
RCM-dir