Skip to content

Commit

Permalink
feat(rust): support https for outlets
Browse files Browse the repository at this point in the history
  • Loading branch information
etorreborre committed Apr 12, 2024
1 parent 2c660af commit 516c782
Show file tree
Hide file tree
Showing 39 changed files with 816 additions and 363 deletions.
2 changes: 1 addition & 1 deletion .github/actions/build_binaries/action.yml
Original file line number Diff line number Diff line change
Expand Up @@ -36,7 +36,7 @@ runs:
set -x
use_cross_build=${{ inputs.use_cross_build }}
if [[ $use_cross_build == true ]]; then
cargo install --version 0.2.4 cross
cargo install --version 0.2.5 cross
else
sudo apt-get update
sudo apt-get install -y --no-install-recommends xz-utils liblz4-tool musl-tools libwebkit2gtk-4.1-dev libgtk-3-dev libayatana-appindicator3-dev librsvg2-dev patchelf
Expand Down
318 changes: 159 additions & 159 deletions .github/workflows/release-draft-binaries.yml
Original file line number Diff line number Diff line change
Expand Up @@ -182,169 +182,169 @@ jobs:
strategy:
fail-fast: false
matrix:
build: [linux_arm64, linux_86, linux_armv7, macos_silicon, macos_86]
build: [ linux_arm64, linux_86, linux_armv7, macos_silicon, macos_86 ]
include:
- build: linux_arm64
os: ubuntu-22.04
toolchain: stable
target: aarch64-unknown-linux-musl
build_app: false
use-cross-build: true
- build: linux_armv7
os: ubuntu-22.04
toolchain: stable
target: armv7-unknown-linux-musleabihf
use-cross-build: true
build_app: false
- build: linux_86
os: ubuntu-22.04
toolchain: stable
target: x86_64-unknown-linux-musl
use-cross-build: true
build_app: false
- build: linux_86_gnu
os: ubuntu-22.04
toolchain: stable
target: x86_64-unknown-linux-gnu
use-cross-build: false
build_app: true
build_command: false
- build: macos_silicon
os: macos-14
toolchain: stable
target: aarch64-apple-darwin
use-cross-build: false
build_app: true
- build: macos_86
os: macos-14
toolchain: stable
target: x86_64-apple-darwin
use-cross-build: false
build_app: true
- build: linux_arm64
os: ubuntu-22.04
toolchain: stable
target: aarch64-unknown-linux-musl
build_app: false
use-cross-build: true
- build: linux_armv7
os: ubuntu-22.04
toolchain: stable
target: armv7-unknown-linux-musleabihf
use-cross-build: true
build_app: false
- build: linux_86
os: ubuntu-22.04
toolchain: stable
target: x86_64-unknown-linux-musl
use-cross-build: true
build_app: false
- build: linux_86_gnu
os: ubuntu-22.04
toolchain: stable
target: x86_64-unknown-linux-gnu
use-cross-build: false
build_app: true
build_command: false
- build: macos_silicon
os: macos-14
toolchain: stable
target: aarch64-apple-darwin
use-cross-build: false
build_app: true
- build: macos_86
os: macos-14
toolchain: stable
target: x86_64-apple-darwin
use-cross-build: false
build_app: true
runs-on: ${{ matrix.os }}
steps:
- name: Checkout repository
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11
with:
ref: ${{ github.event.inputs.release_branch }}

- name: Echo Link
run: echo "${{ needs.create_release.outputs.upload_url }}"

- name: Apple Signing Initialization
if: ${{ matrix.os == 'macos-14' }}
shell: bash
env:
BUILD_CERTIFICATE_BASE64: ${{ secrets.BUILD_CERTIFICATE_BASE64 }}
P12_PASSWORD: ${{ secrets.P12_PASSWORD }}
BUILD_PROVISION_PROFILE_BASE64: ${{ secrets.BUILD_PROVISION_PROFILE_BASE64 }}
KEYCHAIN_PASSWORD: ${{ secrets.KEYCHAIN_PASSWORD }}
run: |
set -ex
# Switch to xcode 15
sudo xcode-select --switch /Applications/Xcode_15.0.app/
# create variables
CERTIFICATE_PATH=$RUNNER_TEMP/build_certificate.p12
PP_PATH=$RUNNER_TEMP/build_pp.provisionprofile
KEYCHAIN_PATH=$RUNNER_TEMP/app-signing.keychain-db
# import certificate and provisioning profile from secrets
echo -n "$BUILD_CERTIFICATE_BASE64" | base64 --decode -o $CERTIFICATE_PATH
echo -n "$BUILD_PROVISION_PROFILE_BASE64" | base64 --decode -o $PP_PATH
# create temporary keychain
security create-keychain -p "$KEYCHAIN_PASSWORD" $KEYCHAIN_PATH
security set-keychain-settings -lut 21600 $KEYCHAIN_PATH
security unlock-keychain -p "$KEYCHAIN_PASSWORD" $KEYCHAIN_PATH
# import certificate to keychain
security import $CERTIFICATE_PATH -P "$P12_PASSWORD" -A -t cert -f pkcs12 -k $KEYCHAIN_PATH
security list-keychain -d user -s $KEYCHAIN_PATH
# apply provisioning profile
mkdir -p ~/Library/MobileDevice/Provisioning\ Profiles
cp $PP_PATH ~/Library/MobileDevice/Provisioning\ Profiles
# Add keychain path to env
echo "KEYCHAIN_PATH=${KEYCHAIN_PATH}" >> "$GITHUB_ENV"
- uses: ./.github/actions/build_binaries
with:
use_cross_build: ${{ matrix.use-cross-build }}
toolchain: ${{ matrix.toolchain }}
target: ${{ matrix.target }}
platform_operating_system: ${{ matrix.os }}
build_app: ${{ matrix.build_app }}

- name: Copy Artifacts
run: |
set -x
cp target/${{ matrix.target }}/release/ockam_command ockam.${{ matrix.target }}
echo "ASSET_OCKAM_CLI=ockam.${{ matrix.target }}" >> $GITHUB_ENV
if [ -e "implementations/swift/build/Ockam.dmg" ]; then
cp "implementations/swift/build/Ockam.dmg" "ockam.app.${{ matrix.target }}.dmg"
echo "ASSET_OCKAM_APP_DMG=ockam.app.${{ matrix.target }}.dmg" >> $GITHUB_ENV
fi
ls $GITHUB_WORKSPACE
- name: Checkout repository
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11
with:
ref: ${{ github.event.inputs.release_branch }}

- name: Echo Link
run: echo "${{ needs.create_release.outputs.upload_url }}"

- name: Apple Signing Initialization
if: ${{ matrix.os == 'macos-14' }}
shell: bash
env:
BUILD_CERTIFICATE_BASE64: ${{ secrets.BUILD_CERTIFICATE_BASE64 }}
P12_PASSWORD: ${{ secrets.P12_PASSWORD }}
BUILD_PROVISION_PROFILE_BASE64: ${{ secrets.BUILD_PROVISION_PROFILE_BASE64 }}
KEYCHAIN_PASSWORD: ${{ secrets.KEYCHAIN_PASSWORD }}
run: |
set -ex
# Switch to xcode 15
sudo xcode-select --switch /Applications/Xcode_15.0.app/
# create variables
CERTIFICATE_PATH=$RUNNER_TEMP/build_certificate.p12
PP_PATH=$RUNNER_TEMP/build_pp.provisionprofile
KEYCHAIN_PATH=$RUNNER_TEMP/app-signing.keychain-db
# import certificate and provisioning profile from secrets
echo -n "$BUILD_CERTIFICATE_BASE64" | base64 --decode -o $CERTIFICATE_PATH
echo -n "$BUILD_PROVISION_PROFILE_BASE64" | base64 --decode -o $PP_PATH
# create temporary keychain
security create-keychain -p "$KEYCHAIN_PASSWORD" $KEYCHAIN_PATH
security set-keychain-settings -lut 21600 $KEYCHAIN_PATH
security unlock-keychain -p "$KEYCHAIN_PASSWORD" $KEYCHAIN_PATH
# import certificate to keychain
security import $CERTIFICATE_PATH -P "$P12_PASSWORD" -A -t cert -f pkcs12 -k $KEYCHAIN_PATH
security list-keychain -d user -s $KEYCHAIN_PATH
# apply provisioning profile
mkdir -p ~/Library/MobileDevice/Provisioning\ Profiles
cp $PP_PATH ~/Library/MobileDevice/Provisioning\ Profiles
# Add keychain path to env
echo "KEYCHAIN_PATH=${KEYCHAIN_PATH}" >> "$GITHUB_ENV"
- uses: ./.github/actions/build_binaries
with:
use_cross_build: ${{ matrix.use-cross-build }}
toolchain: ${{ matrix.toolchain }}
target: ${{ matrix.target }}
platform_operating_system: ${{ matrix.os }}
build_app: ${{ matrix.build_app }}

- name: Copy Artifacts
run: |
set -x
cp target/${{ matrix.target }}/release/ockam_command ockam.${{ matrix.target }}
echo "ASSET_OCKAM_CLI=ockam.${{ matrix.target }}" >> $GITHUB_ENV
if [ -e "implementations/swift/build/Ockam.dmg" ]; then
cp "implementations/swift/build/Ockam.dmg" "ockam.app.${{ matrix.target }}.dmg"
echo "ASSET_OCKAM_APP_DMG=ockam.app.${{ matrix.target }}.dmg" >> $GITHUB_ENV
fi
ls $GITHUB_WORKSPACE
- name: Install Cosign
uses: sigstore/cosign-installer@59acb6260d9c0ba8f4a2f9d9b48431a222b68e20
with:
cosign-release: 'v2.0.0'

- name: Sign Binaries
env:
PRIVATE_KEY: '${{ secrets.COSIGN_PRIVATE_KEY }}'
COSIGN_PASSWORD: '${{ secrets.COSIGN_PRIVATE_KEY_PASSWORD }}'
run: |
cosign sign-blob --yes --key env://PRIVATE_KEY "${{ env.ASSET_OCKAM_CLI }}" > "${{ env.ASSET_OCKAM_CLI }}.sig"
if [ -n "${{ env.ASSET_OCKAM_APP_DMG }}" ]; then
cosign sign-blob --yes --key env://PRIVATE_KEY "${{ env.ASSET_OCKAM_APP_DMG }}" > "${{ env.ASSET_OCKAM_APP_DMG }}.sig"
fi
- name: Upload CLI release archive
uses: actions/upload-release-asset@ef2adfe8cb8ebfa540930c452c576b3819990faa
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
upload_url: ${{ needs.create_release.outputs.upload_url }}
asset_path: ${{ env.ASSET_OCKAM_CLI }}
asset_name: ${{ env.ASSET_OCKAM_CLI }}
asset_content_type: application/octet-stream

- name: Upload CLI Signature
uses: actions/upload-release-asset@ef2adfe8cb8ebfa540930c452c576b3819990faa
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
upload_url: ${{ needs.create_release.outputs.upload_url }}
asset_path: ${{ env.ASSET_OCKAM_CLI }}.sig
asset_name: ${{ env.ASSET_OCKAM_CLI }}.sig
asset_content_type: application/octet-stream

- name: Upload MacOS App release
uses: actions/upload-release-asset@ef2adfe8cb8ebfa540930c452c576b3819990faa
if: ${{ env.ASSET_OCKAM_APP_DMG }}
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
upload_url: ${{ needs.create_release.outputs.upload_url }}
asset_path: ${{ env.ASSET_OCKAM_APP_DMG }}
asset_name: ${{ env.ASSET_OCKAM_APP_DMG }}
asset_content_type: application/octet-stream

- name: Upload MacOS App release Signature
uses: actions/upload-release-asset@ef2adfe8cb8ebfa540930c452c576b3819990faa
if: ${{ env.ASSET_OCKAM_APP_DMG }}
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
upload_url: ${{ needs.create_release.outputs.upload_url }}
asset_path: ${{ env.ASSET_OCKAM_APP_DMG }}.sig
asset_name: ${{ env.ASSET_OCKAM_APP_DMG }}.sig
asset_content_type: application/octet-stream
- name: Sign Binaries
env:
PRIVATE_KEY: '${{ secrets.COSIGN_PRIVATE_KEY }}'
COSIGN_PASSWORD: '${{ secrets.COSIGN_PRIVATE_KEY_PASSWORD }}'
run: |
cosign sign-blob --yes --key env://PRIVATE_KEY "${{ env.ASSET_OCKAM_CLI }}" > "${{ env.ASSET_OCKAM_CLI }}.sig"
if [ -n "${{ env.ASSET_OCKAM_APP_DMG }}" ]; then
cosign sign-blob --yes --key env://PRIVATE_KEY "${{ env.ASSET_OCKAM_APP_DMG }}" > "${{ env.ASSET_OCKAM_APP_DMG }}.sig"
fi
- name: Upload CLI release archive
uses: actions/upload-release-asset@ef2adfe8cb8ebfa540930c452c576b3819990faa
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
upload_url: ${{ needs.create_release.outputs.upload_url }}
asset_path: ${{ env.ASSET_OCKAM_CLI }}
asset_name: ${{ env.ASSET_OCKAM_CLI }}
asset_content_type: application/octet-stream

- name: Upload CLI Signature
uses: actions/upload-release-asset@ef2adfe8cb8ebfa540930c452c576b3819990faa
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
upload_url: ${{ needs.create_release.outputs.upload_url }}
asset_path: ${{ env.ASSET_OCKAM_CLI }}.sig
asset_name: ${{ env.ASSET_OCKAM_CLI }}.sig
asset_content_type: application/octet-stream

- name: Upload MacOS App release
uses: actions/upload-release-asset@ef2adfe8cb8ebfa540930c452c576b3819990faa
if: ${{ env.ASSET_OCKAM_APP_DMG }}
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
upload_url: ${{ needs.create_release.outputs.upload_url }}
asset_path: ${{ env.ASSET_OCKAM_APP_DMG }}
asset_name: ${{ env.ASSET_OCKAM_APP_DMG }}
asset_content_type: application/octet-stream

- name: Upload MacOS App release Signature
uses: actions/upload-release-asset@ef2adfe8cb8ebfa540930c452c576b3819990faa
if: ${{ env.ASSET_OCKAM_APP_DMG }}
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
upload_url: ${{ needs.create_release.outputs.upload_url }}
asset_path: ${{ env.ASSET_OCKAM_APP_DMG }}.sig
asset_name: ${{ env.ASSET_OCKAM_APP_DMG }}.sig
asset_content_type: application/octet-stream


build_elixir_nifs:
Expand All @@ -359,9 +359,9 @@ jobs:
matrix:
job:
- { target: aarch64-unknown-linux-gnu , os: ubuntu-20.04 , use-cross: true }
- { target: x86_64-unknown-linux-gnu , os: ubuntu-20.04 }
- { target: aarch64-apple-darwin , os: macos-14 }
- { target: x86_64-apple-darwin , os: macos-14 }
- { target: x86_64-unknown-linux-gnu , os: ubuntu-20.04 }
- { target: aarch64-apple-darwin , os: macos-14 }
- { target: x86_64-apple-darwin , os: macos-14 }

runs-on: ${{ matrix.job.os }}
steps:
Expand All @@ -378,7 +378,7 @@ jobs:
- name: Install Cross
if: matrix.job.use-cross == true
run: cargo install --version 0.2.4 cross
run: cargo install --version 0.2.5 cross

- name: Build NIFs
run: |
Expand Down Expand Up @@ -445,7 +445,7 @@ jobs:

sign_release:
name: Sign All Assets
needs: [build_release, create_release, build_elixir_nifs]
needs: [ build_release, create_release, build_elixir_nifs ]
runs-on: ubuntu-20.04
environment: release
permissions:
Expand Down
Loading

0 comments on commit 516c782

Please sign in to comment.