Skip to content

Merge branch 'main' into feature/disable-mr-boundary #4206

Merge branch 'main' into feature/disable-mr-boundary

Merge branch 'main' into feature/disable-mr-boundary #4206

Workflow file for this run

---
# yamllint disable rule:line-length
# yaml-language-server: $schema=https://json.schemastore.org/github-workflow.json
name: Builds
on: # yamllint disable-line rule:truthy
pull_request: {}
push:
branches:
- "**"
tags:
- "v*"
env:
UNITY_VERSION: "2022.3.34f1"
PHOTON_PAT: ${{ secrets.PHOTON_PAT }} # This needs to be here, since you can't use a ${{ secrets }} within an if: condition
jobs:
configuration:
if: |
(github.event_name == 'pull_request') ||
(
github.event_name == 'push' &&
(
github.ref == 'refs/heads/main' ||
contains(github.ref, 'refs/tags/v') ||
contains(github.event.head_commit.message, '[CI BUILD]')
)
)
name: Configure Build Parameters
runs-on: ubuntu-latest
outputs:
version: ${{ steps.version.outputs.version}}
androidVersionCode: ${{ steps.version.outputs.androidVersionCode }}
stamp: ${{ steps.version.outputs.stamp }}
prerelease: ${{ steps.version.outputs.prerelease }}
previousrelease: ${{ steps.rawchangelogdata.outputs.previousrelease }}
previousfullrelease: ${{ steps.rawchangelogdata.outputs.previousfullrelease }}
currentrelease: ${{ steps.rawchangelogdata.outputs.currentrelease }}
rawchangelog: ${{ steps.rawchangelogdata.outputs.rawchangelog}}
basename: ${{ steps.github.outputs.basename }}
description: ${{ steps.github.outputs.description}}
itchchannelname: ${{ steps.version.outputs.itchchannelname }}
fastlanelane: ${{ steps.version.outputs.fastlanelane}}
uid: ${{ steps.github.outputs.uid }}
gid: ${{ steps.github.outputs.gid }}
flavors: ${{ steps.flavors.outputs.flavors }}
steps:
- name: Checkout repository
uses: actions/checkout@v4
with:
fetch-depth: 0
lfs: true # We don't use LFS, but it adds no time, and leave it here in case we do at some point later
- name: Calculate version and stamp
id: version
run: |
# General note: for pull requests, we query github.event.pull_request.head.sha rather than the default sha, which is a merge commit of the target branch into the head. For pushes or tag commits, there's no additional commits made by the CI, so we can use the default, current, reference
# Get the first two numbers from the last tag, including a tag on the current commit (to handle the case of a formal build)
MAJOR_MINOR=$(git describe --tags --abbrev=0 --match "v[0-9]*.[0-9]*" ${{ github.event.pull_request.head.sha }})
# How many commits have been made since the last tag of the form vX.Y.
#
# We used to use this version, however, it couldn't handle these two cases at the same time:
# (v2.1)
# |
# /-c2..c4..c5-\
# / \
# c...c0..c1....c3.........m6..c7....c10.c11.....m13...c14 <- [main]
# ^ \ /
# (v2.0) \-c8..c9..c12-/
# If we use --first-parent, it wouldn't find a tag that was not a first parent, and so it'll think we're now in 2.0.8, though it skips the commits on the branches. If we did not use --first-parent, it gets the proper tag (v2.1), but counts each commit in the feature branch, and gives 2.1.10. While we almost always squash, if we ever do have an explicit merge commit, we don't want to count the commits on the feature branch. In this case, we actually want to get 2.1.7 (commits c3, m6, c7, c10, c11, m13, and c14).
######## OLD CODE ########
# # If the value is not equal to zero, git describe will give us a version in the form vX.Y-Z-gAAAAAAA, where Z is the count. If the current commit has a vX.Y tag, it'll just return that, so the 'cut' does nothing. We test for this below
# PATCH_VERSION=$(git describe --tags --match "v[0-9]*.[0-9]*" --first-parent ${{ github.event.pull_request.head.sha }} | cut -d'-' -f2)
######## END OLD CODE ########
# Instead, we'll find the last tag, wherever it is, and then count the --first-parent commits "since" then (i.e., not included; they might be historically behind it)
CLOSEST_TAG=$(git describe --tags --match "v[0-9]*.[0-9]*" --abbrev=0 HEAD)
PATCH_VERSION=$(git log ${CLOSEST_TAG}.. --oneline --first-parent | wc -l)
if [ $PATCH_VERSION == "0" ]
then
STAMP=""
echo "prerelease=false" >> $GITHUB_OUTPUT
echo "itchchannelname=release" >> $GITHUB_OUTPUT
echo "fastlanelane=beta" >> $GITHUB_OUTPUT
else
# This is the first 7 characters of the commit; we do it this way rather than via rev-parse to avoid an 'if' conditional depending on whether it's a PR or push. (unlike git describe, git rev-parse doesn't default to the current HEAD)
STAMP=$(git describe --tags --match "v[0-9]*.[0-9]*" ${{ github.event.pull_request.head.sha }} | cut -d'-' -f3)
echo "prerelease=true" >> $GITHUB_OUTPUT
echo "itchchannelname=beta" >> $GITHUB_OUTPUT
echo "fastlanelane=beta" >> $GITHUB_OUTPUT
fi
VERSION=$(echo "$MAJOR_MINOR.$PATCH_VERSION" | sed -e 's/^v//')
echo "version=$VERSION" >> $GITHUB_OUTPUT
echo "stamp=$STAMP" >> $GITHUB_OUTPUT
MAJOR=$(echo $VERSION | cut -d '.' -f 1)
MINOR=$(echo $VERSION | cut -d '.' -f 2)
ANDROID_VERSION_CODE=$((MAJOR * 1000000 + MINOR * 1000 + PATCH_VERSION))
echo "androidVersionCode=$ANDROID_VERSION_CODE" >> $GITHUB_OUTPUT
echo "Version $VERSION stamp=$STAMP androidVersionCode=$ANDROID_VERSION_CODE"
- name: Calculate Release tags for Changelog and raw changelog
id: rawchangelogdata
env:
PRERELEASE: ${{ steps.version.outputs.prerelease }}
VERSION: ${{ steps.version.outputs.version }}
run: |
if [ "$PRERELEASE" == "true" ]
then
PREV=$(git describe --tags --abbrev=0 HEAD^)
else
PREV=$(git describe --tags --match "v[0-9]*.[0-9]*" --first-parent --abbrev=0 HEAD^)
fi
PREVFULL=$(git describe --tags --match "v[0-9]*.[0-9]*" --first-parent --abbrev=0 HEAD^)
CUR="$(git rev-parse HEAD)"
echo "previousrelease=$PREV" >> $GITHUB_OUTPUT
echo "previousfullrelease=$PREVFULL" >> $GITHUB_OUTPUT
echo "currentrelease=$CUR" >> $GITHUB_OUTPUT
LAST_TAG=$(git describe --tags --match 'v[0-9]*.[0-9]*' --abbrev=0 HEAD^)
RAW_CHANGELOG=$(echo "$(git log --first-parent ${LAST_TAG}.. --pretty=format:'%D-g%h: %s' | sed -e 's/tag: //' -e 's/HEAD -> main, //')" | sed -e "s/origin\/main/$VERSION/" | tac)
echo "rawchangelog=${RAW_CHANGELOG//$'\n'/'\n'}" >> $GITHUB_OUTPUT
- name: Echo Changelog (for debugging purposes)
env:
CHANGELOG: ${{ steps.rawchangelogdata.outputs.rawchangelog}}
run: |
echo "CHANGELOG=$CHANGELOG"
- name: Set custom app name and package name, if relevant
id: github
env:
PRERELEASE: ${{ steps.version.outputs.prerelease }}
run: |
# For a PR action (i.e., syncronize / open), the value of github.ref will be refs/pull/1234/merge
# For a push action, it will be either refs/heads/foo_branch_name OR refs/tags/v1234.
# We want to use the base name for pushes of tags or to main, the PR number for PRs, and the branch name for named branches.
if [[ "$PRERELEASE" == "false" || ${{ github.ref }} == refs/heads/main ]]
then
echo "basename=OpenBrush" >> $GITHUB_OUTPUT
echo "description=" >> $GITHUB_OUTPUT
else
if [[ ${{ github.ref }} == refs/pull/* ]]
then
DESCRIPTION="PR#$(echo ${{ github.ref }} | sed -e 's#refs/pull/##' -e 's#/merge##')"
elif [[ ${{ github.ref }} == refs/heads/* ]]
then
DESCRIPTION="$(echo ${{ github.ref }} | sed -e 's#refs/heads/##')"
else
DESCRIPTION="Unknown"
fi
echo "description=-btb-description ${DESCRIPTION}" >> $GITHUB_OUTPUT
IDENTIFIER=$(echo ${DESCRIPTION} | sed -e 's/[\/#_-]//g')
echo "basename=OpenBrush-${IDENTIFIER}" >> $GITHUB_OUTPUT
fi
echo "uid=$(id -u)" >> $GITHUB_OUTPUT
echo "gid=$(id -g)" >> $GITHUB_OUTPUT
- name: Determine whether to build Development builds or not
id: flavors
run: |
set -x
if [[ $(git log --format=%B ${{ github.event.pull_request.head.sha }} -1) == *'[CI BUILD DEV]'* ]]
then
echo 'flavors=[{"development": true, "title": "Development"}, {"development": false}]' >> $GITHUB_OUTPUT
else
echo 'flavors=[{"development": false}]' >> $GITHUB_OUTPUT
fi
build:
name: ${{ matrix.name }} ${{ matrix.flavors.title }}
needs: configuration
runs-on: ubuntu-latest
strategy:
fail-fast: false
matrix:
flavors: ${{ fromJson(needs.configuration.outputs.flavors) }}
name: [Windows OpenXR, Windows Pimax, Windows Rift, Linux, MacOS, Android OpenXR, Oculus Quest (1), Oculus Quest (2+), Android Pico, Android Pico (CN), iOS Zapbox] # These will all be overwritten, but because we have the flavors matrix as well, we can't just add configurations via include; they'll overwrite each other. This way ensures that we get each one
include:
- name: Windows OpenXR
targetPlatform: StandaloneWindows64
vrsdk: OpenXR
cache: Windows
- name: Windows Pimax
targetPlatform: StandaloneWindows64
vrsdk: OpenXR
cache: Windows
extra_defines: PIMAX_SUPPORTED
- name: Windows Rift
targetPlatform: StandaloneWindows64
vrsdk: Oculus
cache: Windows
extra_defines: OCULUS_SUPPORTED
- name: Linux
targetPlatform: StandaloneLinux64
vrsdk: Monoscopic # All builds include monoscopic, but this one has no additional XrSdk, so we'll keep the name monoscopic
cache: Linux
- name: MacOS
targetPlatform: StandaloneOSX
vrsdk: Monoscopic
cache: MacOS
- name: Android OpenXR
targetPlatform: Android
vrsdk: OpenXR
cache: Android_Vulkan
extraoptions: -btb-il2cpp
versionSuffix: 0
- name: Oculus Quest (1)
targetPlatform: Android
vrsdk: OpenXR
cache: Android_Vulkan
extraoptions: -btb-il2cpp
versionSuffix: 0
extra_defines: USE_QUEST_PACKAGE_NAME FORCE_QUEST_SUPPORT_DEVICE FORCE_FOCUSAWARE FORCE_HEADTRACKING
packages_to_remove: com.meta.xr.sdk.platform com.meta.xr.sdk.utilities
- name: Oculus Quest (2+)
targetPlatform: Android
vrsdk: Oculus
cache: Android_Vulkan
extraoptions: -btb-il2cpp
versionSuffix: 1
extra_defines: OCULUS_SUPPORTED USE_QUEST_PACKAGE_NAME
- name: Android Pico
targetPlatform: Android
vrsdk: Pico
cache: Android_GLES
extraoptions: -btb-il2cpp
versionSuffix: 0
extra_defines: PICO_SUPPORTED
- name: Android Pico (CN)
targetPlatform: Android
vrsdk: Pico
cache: Android_GLES
# Pico requested Chinese build that doesn't have google/sketchfab login.
extraoptions: -btb-il2cpp -btb-disableAccountLogins
versionSuffix: 1
extra_defines: PICO_SUPPORTED
- name: iOS Zapbox
targetPlatform: iOS
vrsdk: Zapbox
cache: iOS
extraoptions: -btb-il2cpp
extra_defines: ZAPBOX_SUPPORTED
packages_to_remove: com.unity.formats.usd
steps:
- name: Set masking
run: echo "::add-mask::DoNotStealThis1"
- name: Free extra space
# As of 06/07/2024, this increases free space from 21GB to 38GB
run: |
echo "Initial free space"
df -h /
echo "Removing all pre-loaded docker images"
docker rmi $(docker image ls -aq) # Removes ~6GB
df -h /
echo "Listing 100 largest packages"
dpkg-query -Wf '${Installed-Size}\t${Package}\n' | sort -rn | head -n 100
echo "Removing unneeded large packages"
sudo apt update
sudo apt remove -y '^ghc-.*' '^dotnet-.*' azure-cli powershell google-chrome-stable firefox microsoft-edge-stable 'mongodb-*' 'mysql-*' 'mariadb-*' 'temurin-*' 'openjdk-*' default-jre-headless # Removes ~7GB # Adding 'google-cloud-*' removes another 750MB but takes about a minute; not worth it
sudo apt autoremove -y
sudo apt clean
df -h /
echo "Listing 100 largest remaining packages"
dpkg-query -Wf '${Installed-Size}\t${Package}\n' | sort -rn | head -n 100
echo "Removing remaining large directories"
df -h /
rm -rf /usr/share/dotnet/ # Removes ~1GB
rm -rf "$AGENT_TOOLSDIRECTORY" # Removes ~6GB
echo "Disk space after cleanup"
df -h /
- name: Checkout repository
uses: actions/checkout@v4
with:
lfs: true # We don't use LFS, but it adds no time, and leave it here in case we do at some point later
- name: Install Pimax unity package
if: startsWith(matrix.name, 'Windows Pimax')
run: |
# version 0.6.3
# Same as above, but adapted to work for Pimax instead.
wget -q https://dl.appstore.pimax.com/sdk/Pimax_Platform_Unity_SDK_v0.6.3.zip -O package.zip
unzip package.zip
mkdir tmp
tar -C tmp -xzf PimaxPlatform_v0.6.3.unitypackage
find tmp -type f | xargs chmod a-x
for pn in tmp/*/pathname; do
id=${pn%/*}
id=${id#*/}
p=$(head -1 $pn)
d=${p%/*}
mkdir -p "tmp/$d"
[ -f "tmp/$id/asset" ] && cp -v "tmp/$id/asset" "tmp/$p"
cp "tmp/$id/asset.meta" "tmp/${p}.meta"
done
cp -R tmp/Assets/Pimax Assets/
rm -rf tmp package.zip PimaxPlatform_v0.6.3.unitypackage Tools
- name: Install Pico unity package
if: matrix.vrsdk == 'Pico'
run: |
# version 2.1.1
mkdir Packages/com.unity.xr.picoxr
wget -q https://sdk.picovr.com/developer-platform/sdk/PICO%20Unity%20Integration%20SDK%20v211.zip -O package.zip
unzip package.zip -d Packages/com.unity.xr.picoxr
# Pico has a GUID conflict because they copied code from Oculus. Delete the offending .meta file from our mutable Pico SDK.
rm Packages/com.unity.xr.picoxr/Platform/Scripts/Models/Common.cs.meta
- name: Install TextMesh Pro package
run: |
# version 3.0.6; must be updated if the version changes
# This replaces the GUI's "Window -> TextMesh Pro -> Import TMP Essential Resources". I don't know why Unity makes this sort of thing so hard!
mkdir tmp.plugin
wget -q https://download.packages.unity.com/com.unity.textmeshpro/-/com.unity.textmeshpro-3.0.6.tgz -O tmp.plugin/plugin.tgz
tar -C tmp.plugin -xzf tmp.plugin/plugin.tgz
mkdir tmp.package
tar -C tmp.package -xzf 'tmp.plugin/package/Package Resources/TMP Essential Resources.unitypackage'
for pn in tmp.package/*/pathname; do
id=${pn%/*}
id=${id#*/}
p=$(head -1 $pn)
d=${p%/*}
mkdir -p "tmp.package/$d"
[ -f "tmp.package/$id/asset" ] && cp -v "tmp.package/$id/asset" "tmp.package/$p"
cp "tmp.package/$id/asset.meta" "tmp.package/${p}.meta"
done
mkdir -p 'Assets/TextMesh Pro'
cp -R 'tmp.package/Assets/TextMesh Pro' Assets/
rm -rf tmp.plugin tmp.package
- name: Checkout private photon repository if available
if: ${{ env.PHOTON_PAT }}
uses: actions/checkout@v4
with:
token: ${{ env.PHOTON_PAT }}
repository: icosa-mirror/photon-fusion
path: photon-fusion-mirror/
- name: Copy photon files
if: ${{ env.PHOTON_PAT }}
run: |
rsync -a --ignore-existing photon-fusion-mirror/ ./
echo "For debugging: these are the files in Assets/Photon:"
find Assets/Photon
- name: Restore Library/
id: cache_library
uses: actions/cache/restore@v4
env:
SEGMENT_DOWNLOAD_TIMEOUT_MINS: 10
with:
path: Library
# Some platforms share a cache; it's not a 1:1 mapping of either targetPlatform or vrsdk, so we have a distinct variable for which cache to use
key: Library_${{ matrix.cache }}_${{ env.UNITY_VERSION }}
- name: Restore Library/PackageCache
id: cache_packagecache
uses: actions/cache/restore@v4
env:
SEGMENT_DOWNLOAD_TIMEOUT_MINS: 10
with:
path: Library/PackageCache
key: Library_PackageCache_${{ env.UNITY_VERSION }}_${{ hashFiles('Packages/packages-lock.json') }}
restore-keys: |
Library_PackageCache_${{ env.UNITY_VERSION }}
Library_PackageCache
- name: Remove problematic packages
if: ${{ matrix.packages_to_remove }}
run: |
cp Packages/manifest.json{,.bak}
cp Packages/packages-lock.json{,.bak}
for PACKAGE in ${{ matrix.packages_to_remove }}; do
cat Packages/manifest.json | jq 'del( .dependencies ["'${PACKAGE}'"] )' > Packages/manifest.json.new
mv Packages/manifest.json.new Packages/manifest.json
cat Packages/packages-lock.json | jq 'del( .dependencies ["'${PACKAGE}'"] )' > Packages/packages-lock.json.new
mv Packages/packages-lock.json.new Packages/packages-lock.json
done
diff -u Packages/manifest.json.bak Packages/manifest.json || true
diff -u Packages/packages-lock.json.bak Packages/packages-lock.json || true
- name: Set output filename
env:
BASENAME: ${{ needs.configuration.outputs.basename }}
run: |
if [[ "${{ matrix.targetPlatform}}" == "StandaloneWindows64" ]]; then
echo "filename=$BASENAME.exe" >> $GITHUB_ENV
elif [[ "${{ matrix.targetPlatform}}" == "StandaloneLinux64" ]]; then
echo "filename=$BASENAME" >> $GITHUB_ENV
elif [[ "${{ matrix.targetPlatform}}" == "iOS" ]]; then
echo "filename=$BASENAME" >> $GITHUB_ENV
elif [[ "${{ matrix.targetPlatform}}" == "StandaloneOSX" ]]; then
echo "filename=$BASENAME.app" >> $GITHUB_ENV
elif [[ "${{ matrix.targetPlatform}}" == "Android" ]]; then
echo "filename=com.Icosa.$BASENAME.apk" >> $GITHUB_ENV
fi
- name: Set build stamp
if: ${{ needs.configuration.outputs.stamp }}
# We checkout the merge commit, but for the purpose of the tag, use the version from the PR, not the merge commit, which is rather hard to find later. We skip the version tag, since this comes from the code and can't be easily overwritten
run: |
echo "stamp=-btb-stamp ${{needs.configuration.outputs.stamp}}" >> $GITHUB_ENV
- name: Enable Development Mode
if: ${{ matrix.flavors.development == true }}
run: |
echo "btbbopts=-btb-bopt Development" >> $GITHUB_ENV
- name: Update version
env:
VERSION: ${{ needs.configuration.outputs.version}}
run: |
sed -e "s/m_VersionNumber:.*$/m_VersionNumber: $VERSION/" -i Assets/Scenes/Main.unity
sed -e "s/bundleVersion:.*$/bundleVersion: $VERSION/" -i ProjectSettings/ProjectSettings.asset
- name: Add secure secrets file
env:
SECRETS_ASSET: ${{ secrets.SECRETS_ASSET }}
SECRETS_ASSET_META: ${{ secrets.SECRETS_ASSET_META }}
if: |
env.SECRETS_ASSET != null &&
env.SECRETS_ASSET_META != null
run: |
echo "$SECRETS_ASSET" > Assets/Secrets.asset
echo "$SECRETS_ASSET_META" > Assets/Secrets.asset.meta
SECRETS_ASSET_META_GUID=$(grep "guid:" Assets/Secrets.asset.meta | cut -d" " -f2)
sed -e "s/Secrets:.*$/Secrets: {fileID: 11400000, guid: $SECRETS_ASSET_META_GUID, type: 2}/" -i Assets/Scenes/Main.unity
- name: Enable keystore
run: |
sed -e 's/androidUseCustomKeystore.*$/androidUseCustomKeystore: 1/' -i ProjectSettings/ProjectSettings.asset
- name: Update build matrix specific defines in csc.rsp
if: ${{ matrix.extra_defines }}
run: |
for DEFINE in ${{ matrix.extra_defines }}; do
echo -e "\n-define:$DEFINE" | tee -a Assets/csc.rsp
done
- name: Build project
uses: Wandalen/wretry.action@v3
env:
VERSION: ${{ needs.configuration.outputs.version}}
UNITY_EMAIL: ${{ fromJSON(format('["[email protected]", "{0}"]', vars.UNITY_EMAIL))[secrets.UNITY_SERIAL != null] }}
UNITY_SERIAL: ${{ secrets.UNITY_SERIAL }}
UNITY_PASSWORD: ${{ fromJSON(format('["DoNotStealThis1", "{0}"]', secrets.UNITY_PASSWORD))[secrets.UNITY_SERIAL != null] }}
UNITY_LICENSE: ${{ fromJSON('["<?xml version=\"1.0\" encoding=\"UTF-8\"?><root><TimeStamp Value=\"chxldhvc0zh5Vw==\"/>\n <License id=\"Terms\">\n <MachineBindings>\n <Binding Key=\"1\" Value=\"C372866C-B44C-5E48-806F-7583B55F04FB\"/>\n <Binding Key=\"2\" Value=\"C02F32Y5ML85\"/>\n </MachineBindings>\n <MachineID Value=\"LcL/yxIaeUG12OSX31mKDtxcVx8=\"/>\n <SerialHash Value=\"e25c63636985259e763d40cc9253cdfe6a862ceb\"/>\n <Features>\n <Feature Value=\"33\"/>\n <Feature Value=\"1\"/>\n <Feature Value=\"12\"/>\n <Feature Value=\"2\"/>\n <Feature Value=\"24\"/>\n <Feature Value=\"3\"/>\n <Feature Value=\"36\"/>\n <Feature Value=\"17\"/>\n <Feature Value=\"19\"/>\n <Feature Value=\"62\"/>\n </Features>\n <DeveloperData Value=\"AQAAAEY0LUtFWUItMzYyOC0zWEI3LVBZVVEtTUI5VQ==\"/>\n <SerialMasked Value=\"F4-KEYB-3628-3XB7-PYUQ-XXXX\"/>\n <StartDate Value=\"2023-11-21T00:00:00\"/>\n <UpdateDate Value=\"2023-11-22T06:03:23\"/>\n <InitialActivationDate Value=\"2023-11-21T06:03:21\"/>\n <LicenseVersion Value=\"6.x\"/>\n <ClientProvidedVersion Value=\"2017.2.0\"/>\n <AlwaysOnline Value=\"false\"/>\n <Entitlements>\n <Entitlement Ns=\"unity_editor\" Tag=\"UnityPersonal\" Type=\"EDITOR\" ValidTo=\"9999-12-31T00:00:00\"/>\n <Entitlement Ns=\"unity_editor\" Tag=\"DarkSkin\" Type=\"EDITOR_FEATURE\" ValidTo=\"9999-12-31T00:00:00\"/>\n </Entitlements>\n </License><Signature xmlns=\"http://www.w3.org/2000/09/xmldsig#\"><SignedInfo><CanonicalizationMethod Algorithm=\"http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments\"/><SignatureMethod Algorithm=\"http://www.w3.org/2000/09/xmldsig#rsa-sha1\"/><Reference URI=\"#Terms\"><Transforms><Transform Algorithm=\"http://www.w3.org/2000/09/xmldsig#enveloped-signature\"/></Transforms><DigestMethod Algorithm=\"http://www.w3.org/2000/09/xmldsig#sha1\"/><DigestValue>9DZF11miRAzx7TIuCxih78B6CXU=</DigestValue></Reference></SignedInfo><SignatureValue>weRQubqMNN61lSZtm/e7S+UDzTPNQjM5aQl/c4aKLH/b2khefpgLfdWneoxdnNopA6+rW6kBqxWt\nhMLdHY+oAOfDsfmMQRTnmQG0Y3G3xh6gjGP1RAIHoLDfFHf+0LQ3FakA2WehcFWPSYeVDrdxm3HW\nqMmdKWooD9i+J4s4rQFTDx9+/G6yjc5KGTyGxIz3c5kxTEkV2qsFPXsauomY9Z8YPKy+cZK7g+Ol\npO+LhtzetgTIlIN/qG8eByjlp6nOuVGdDOIrhNJW+vllNyx0qNWPREadVrhFViI4UXegMFRl5gJc\nrgcrlr/fD+NorDVLfcu7D863QXkkuriILUIq2Q==</SignatureValue></Signature></root>", null]')[secrets.UNITY_SERIAL != null] }}
with:
retry_condition: steps._this.outputs.engineExitCode == 1
action: game-ci/unity-builder@v4
with: |
allowDirtyBuild: true # Because of the OVR Update, the build tree might be dirty
unityVersion: ${{ env.UNITY_VERSION }}
targetPlatform: ${{ matrix.targetPlatform }}
customParameters: -btb-target ${{ matrix.targetPlatform }} -btb-display ${{ matrix.vrsdk }} -btb-out /github/workspace/build/${{ matrix.vrsdk }}/${{ matrix.targetPlatform }}/${{ env.filename }} ${{ needs.configuration.outputs.description}} ${{ env.stamp }} ${{ env.btbbopts }} ${{ matrix.extraoptions }}
versioning: Custom
androidVersionCode: "${{ needs.configuration.outputs.androidVersionCode }}${{ matrix.versionSuffix }}"
version: ${{ needs.configuration.outputs.version }}
buildName: ${{ needs.configuration.outputs.basename }}
buildsPath: build/${{ matrix.vrsdk }}
chownFilesTo: ${{ needs.configuration.outputs.uid }}:${{ needs.configuration.outputs.gid }}
buildMethod: BuildTiltBrush.CommandLine
androidKeystoreName: openbrush.keystore
androidKeystoreBase64: ${{ secrets.ANDROID_KEYSTORE_BASE64 || '/u3+7QAAAAIAAAABAAAAAQAWb3BlbmJydXNoLW5vbi1vZmZpY2lhbAAAAX66M2FtAAAFATCCBP0wDgYKKwYBBAEqAhEBAQUABIIE6Wufa9OVstw7Bu/gdATKqoPafXGefygChsN1d4LGY0SMLPORjHXiryEVMKi2rt61kNeXzeLkiM4yIQAam4HZtNTxgjoFQ6KB7uzkqMJYKViBUgg1HCAl2e+QpYjqG+YNJT67CiPgjpsJHNE628CwKAvjJ85FhqFz+MKzNF8BOpS5g5waqFda67oxaE4qO8eAL+F9P7us+ziY5B4O3EJC9s7xpT2GV2ro0m0fZI2dr3OO9UdUO72CYTg5qs250JiSij26Haf4t8Vq28F2S8rTcMUVtN4FRtzeR/wjeeZ3laER+WoxYni4MrZEXhYYCGhfor8Zcfi3p5ka8TJCQxywTKpghpSwgykgMJLn1HksxB0vhIMGTb87c2CTqS4t5Js/OPdcYS4Jnr7mHdQtOGfJCvl3TJC7NJwzLLOzUTmVIogaZCA9GlRballbD7XYbR8mcPxs+jLq5HJJk8/3B8ojAz/YA9vp6ml3RSYDA+yv9fBIefxNniAredJeqAnmH4o9er3+n0rKmpoqiXdzFkp1ywYbDDxrsFTiPrTc0gEiLRbfCERBx8GZ/7zGv6exKW1mc1L7QcFRmT1PRuJo6vRfCOtjdAdp0Mj1bllGGe9oBSKOxqtxs/NFygaVZjMDqryRvObKaJaj5CDhNdwsa21EsQ3+YvQWBzlcs5FTi5S2zG3W4+tMb+HoyV36SEV4yBLtqqrczhVCuPMlZu2p1iFLyODJJOxrWnmZy49BlQiudmiR7wILJoYKIFFvGv1jCJnTl9cI6UGX8IwSHYjGJIdLxaQM6c/7tw15+h+3jPajzZqkIQ7r0fyBp2TxE+QXMCP/knYu/dVzzQoBe5CgnAr5Fj60eEF78mJZbU3m9EjuVglURCTs2hDiyl3eRENgJjTc8p9iho4aK5eT5BVF7v2TAsTkfm+AwOq78chbWfh7J5OYnycG+v6S76LE6T8Yy0Arkk4lOF5SC05SmrDQpFcbRC9B7pR8XwJx3rabt4jvFsdqQtqv7TRasNQs95oROSC8335tzsaQfPwL/sGH4wi4zsH3YZ6As2V9myMEytqVEX5DdGBtzRr1opkx0aisyG48Evtk1UHMR9ROoZmkbNOIFNDUxCBvw7CU20aJSri4GX7kahg8Lj670Lfpx1C9OMwH0xRGUHE4e2ZWaw6Smkjc0Rru7j4YFKel0KtJgQaei2fz2i+6wOv1uz+H4j6f98pVMsf3HODmnh4x+qlUXaJWbNILQEGwv3zVReY123TPHIzkwImNLej62BLaqnEgiPkKr/gp/2MdrgepUEGC8FN0MTPbazDR4aE5XqLtnehhq8/9EfIk3b5WzNh00IAELwFrWnabkob5xmSLORBH8SpS3J6NwWa4jJMADRAGPYOUH7tYUM1/GRUK1HuboNP9v3KAny/k30CrxLvNHwe/zkXgoU9+M+gXVXL8pJJLMawVe/Dg13XyqTTa00UX7TsQFJZGm6lHrgeFIejKBEMLsMXNAIccphZe6sDnycDm/GY8vqmfjg9R05GwJOhBd46vhDi7Ph8YbLjohEoT4KfE5o8+Norzc/VHbRv5Y+G6JCL6hRV72meb3LswLYGUzGYP4nh2Y/yixg+rAtre80xjbXFfdvXVF6CuibKn5gmjCmiRN31rvEfdwVPIQDCaqv19Do2cQYDN+yGCo7yDHAAAAAEABVguNTA5AAADhzCCA4MwggJroAMCAQICBGNtJJswDQYJKoZIhvcNAQELBQAwcTELMAkGA1UEBhMCR0IxFzAVBgNVBAgTDldlc3QgWW9ya3NoaXJlMQ4wDAYDVQQHEwVMZWVkczEOMAwGA1UEChMFSWNvc2ExEzARBgNVBAsTCk9wZW4gQnJ1c2gxFDASBgNVBAMTC01pa2UgTWlsbGVyMCAXDTIyMDIwMjExMzAyNVoYDzIwNzIwMTIxMTEzMDI1WjBxMQswCQYDVQQGEwJHQjEXMBUGA1UECBMOV2VzdCBZb3Jrc2hpcmUxDjAMBgNVBAcTBUxlZWRzMQ4wDAYDVQQKEwVJY29zYTETMBEGA1UECxMKT3BlbiBCcnVzaDEUMBIGA1UEAxMLTWlrZSBNaWxsZXIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCZOlUSd2Z9VSuVE1NK2AKiKCYR3ADh3f3PN6ipTtqUdxP44l5jJnPVXc5YXJ4DyBsXHGTqCSiL9wiqdRCNTMcRf6vrpcuRWxqwMMu4bid0eDiFBU+wModQl70N0VblMolYZzD/y0NpXWh7VKPSXyA22ZwygeOPQFzxR4j2jRvM/g+9HeJeVN1p5f+6pvceg/9FBSCEOQg5fbDtO+ytZfMiawcyhSSwwlOzEOGT0Dq6d9xIs1/zTA8LxAlGYHLSpQCT/n3X27LNgUMNrCpWgLTtxH/qQ61NU3juqTqBBWT4nzTXl1J9JyPaHH1yzC908YiI5PQSFehX80KTvsf0B65DAgMBAAGjITAfMB0GA1UdDgQWBBTThSJ0yfVNgUC4h3Sa9o8aUmLY3jANBgkqhkiG9w0BAQsFAAOCAQEAUqE9NJA+PaMBrCcVHkxmk32DsVNIVCM/eaTPCyjBM3V5COgxscven160OKGHRn6Xhplr/UDy+StphE9Hwk8MAwSJ4reBdPiNMQvIsDEQ/aXSAyTiKQeIU5Zc+cYuJvHcyxIOVektDe8Er2AITvpXQDK1JRvYU6lFKym3j/CZ4comUwjdolB1C6fzlTkhP3ZuuFMfv543WyuVtb3A1mioLzQ5kfFlbTO0uXqEm+gltkK8AMqU6B5RJDYtQXIJkjR//UzNgpaILVvQ4pyyS6VvBNbUbrHaUKabtP3daDtQ0AQw3gSkCJ+QPpY9joIq38LMcVY5/x5/nbcxTuYvUlHozn/+qtNvA7MtikSNPcblNpmifg4o' }}
androidKeystorePass: ${{ secrets.ANDROID_KEYSTORE_PASS || 'FakeKey' }}
androidKeyaliasName: ${{ secrets.ANDROID_KEYALIAS_NAME || 'openbrush-non-official' }}
androidKeyaliasPass: ${{ secrets.ANDROID_KEYALIAS_PASS || 'FakeKey' }}
- name: Prepare for packaging (permissions and compression, OSX only)
if: matrix.targetPlatform == 'StandaloneOSX'
run: |
mv build/${{ matrix.vrsdk }}/${{ matrix.targetPlatform }}/Support "build/${{ matrix.vrsdk }}/${{ matrix.targetPlatform }}/${{ env.filename }}/Contents/"
find build -name 'UnityFbxSdkNative.bundle' -delete
# Compress, but skip the top directories
tar -c -v -z -f OpenBrush.tgz -C build/${{ matrix.vrsdk }} ${{ matrix.targetPlatform}}
rm -rf build/${{ matrix.vrsdk }}/*
mv OpenBrush.tgz build/${{ matrix.vrsdk }}/
- name: Upload build/
uses: actions/upload-artifact@v4
with:
name: ${{ matrix.name }} ${{ matrix.flavors.title }}
path: |
build/${{ matrix.vrsdk }}
!build/Pico/*.symbols.zip
!build/**/*_BackUpThisFolder_ButDontShipItWithYourGame
- name: Check if packages-lock.json has changed or if it's cacheable
id: check_packagecache
run: |
# Check if there are any changes to the packages-lock.json file
set +e
git diff --exit-code -- Packages/packages-lock.json
CHANGES="$?"
set -e
echo "changes=$CHANGES" >> $GITHUB_OUTPUT
echo "diff returned: $CHANGES"
- name: Save Library/PackageCache cache
uses: actions/cache/save@v4
if: github.ref == 'refs/heads/main' && steps.check_packagecache.outputs.changes == 0 && steps.cache_packagecache.outputs.cache-hit != 'true' && ! matrix.packages_to_remove # Ideally, we'd save caches on branches, but they're too big, and branch caches can evict those from main, which is unacceptable.
env:
SEGMENT_DOWNLOAD_TIMEOUT_MINS: 10
with:
path: Library/PackageCache
key: Library_PackageCache_${{ env.UNITY_VERSION }}_${{ hashFiles('Packages/packages-lock.json') }}
- name: Clean Library before caching
if: github.ref == 'refs/heads/main' && steps.cache_library.outputs.cache-hit != 'true' # Ideally, we'd save caches on branches, but they're too big, and branch caches can evict those from main, which is unacceptable.
run: |
# Remove the large files from the Library directory that we know we'll rebuild. As our il2cpp caches are huge and barely fit in the Github quota, it's better not to save an unneeded 1GB of space (or so). If a new Unity version is taken, this may need to be updated
# Debugging
echo "Library/ directories"
du -mcsh Library/*
find Library -size +50M -exec ls -altrh {} \;
# chown all files, since some are owned by root after the docker run
docker run -v $(pwd)/Library:/mnt alpine chown $(id -u).$(id -g) -R /mnt/
# Print the files to be deleted
find Library/Bee/ -name 'symbols.zip' -or -name 'libil2cpp*.so' -or -name 'launcher-release.apk' | tee todelete.txt
cat todelete.txt | xargs -r rm
# The package cache is stored in a separate, shared, cache
rm -rf Library/PackageCache
echo "Final space used"
du -mcsh Library
- name: Save Library/ cache
uses: actions/cache/save@v4
if: github.ref == 'refs/heads/main' && steps.cache_library.outputs.cache-hit != 'true' # Ideally, we'd save caches on branches, but they're too big, and branch caches can evict those from main, which is unacceptable.
env:
SEGMENT_DOWNLOAD_TIMEOUT_MINS: 10
with:
path: Library
# Some platforms share a cache; it's not a 1:1 mapping of either targetPlatform or vrsdk, so we have a distinct variable for which cache to use
key: Library_${{ matrix.cache }}_${{ env.UNITY_VERSION }}
signmacos:
name: Sign the MacOS .app
needs: [build]
if: |
github.event_name == 'push' &&
github.repository == 'icosa-foundation/open-brush' &&
(github.ref == 'refs/heads/main' || contains(github.ref, 'refs/tags/v'))
runs-on: macos-latest
steps:
- name: Checkout repository
uses: actions/checkout@v4
with:
fetch-depth: 0
lfs: true # We don't use LFS, but it adds no time, and leave it here in case we do at some point later
sparse-checkout: |
Support/macos
- name: Download Build Artifacts
uses: actions/download-artifact@v4
with:
name: MacOS
path: build_macos
# See https://docs.github.com/en/actions/deployment/deploying-xcode-applications/installing-an-apple-certificate-on-macos-runners-for-xcode-development
- name: Install the Apple certificate and provisioning profile
env:
BUILD_CERTIFICATE_BASE64: ${{ secrets.APPLE_BUILD_CERTIFICATE_BASE64 }}
INSTALL_CERTIFICATE_BASE64: ${{ secrets.APPLE_INSTALL_CERTIFICATE_BASE64 }}
P12_PASSWORD: ${{ secrets.APPLE_P12_PASSWORD }}
BUILD_PROVISION_PROFILE_BASE64: ${{ secrets.APPLE_BUILD_PROVISION_PROFILE_BASE64 }}
KEYCHAIN_PASSWORD: ${{ secrets.APPLE_KEYCHAIN_PASSWORD }}
run: |
BUILD_CERTIFICATE_PATH=$RUNNER_TEMP/build_certificate.p12
INSTALL_CERTIFICATE_PATH=$RUNNER_TEMP/install_certificate.p12
PP_PATH=$RUNNER_TEMP/openbrushmac.provisionprofile
KEYCHAIN_PATH=$RUNNER_TEMP/app-signing.keychain-db
echo -n "$BUILD_CERTIFICATE_BASE64" | base64 --decode -o $BUILD_CERTIFICATE_PATH
echo -n "$INSTALL_CERTIFICATE_BASE64" | base64 --decode -o $INSTALL_CERTIFICATE_PATH
echo -n "$BUILD_PROVISION_PROFILE_BASE64" | base64 --decode -o $PP_PATH
# create temporary keychain
security create-keychain -p "$KEYCHAIN_PASSWORD" $KEYCHAIN_PATH
security set-keychain-settings -lut 21600 $KEYCHAIN_PATH
security unlock-keychain -p "$KEYCHAIN_PASSWORD" $KEYCHAIN_PATH
# import certificate to keychain
security import $BUILD_CERTIFICATE_PATH -P "$P12_PASSWORD" -A -t cert -f pkcs12 -k $KEYCHAIN_PATH
security import $INSTALL_CERTIFICATE_PATH -P "$P12_PASSWORD" -A -t cert -f pkcs12 -k $KEYCHAIN_PATH
security list-keychain -d user -s $KEYCHAIN_PATH
mkdir -p ~/Library/MobileDevice/Provisioning\ Profiles
cp $PP_PATH ~/Library/MobileDevice/Provisioning\ Profiles
- name: Sign the release
env:
VERSION: ${{ needs.configuration.outputs.version }}
run: |
tar xvfz build_macos/*tgz
export FILENAME=$(basename $(readlink -f StandaloneOSX/OpenBrush*.app))
cd StandaloneOSX/
codesign --deep --force --verify --verbose --timestamp --options runtime --entitlements ../Support/macos/OpenBrush.entitlements --sign "Developer ID Application: Icosa Gallery Ltd (${{ vars.APPLE_TEAM_ID }})" $FILENAME/Contents/Support/ThirdParty/ffmpeg/bin/ffmpeg
for bundle in $FILENAME/Contents/Plugins/*.bundle; do
codesign --deep --force --verify --verbose --timestamp --options runtime --entitlements ../Support/macos/OpenBrush.entitlements --sign "Developer ID Application: Icosa Gallery Ltd (${{ vars.APPLE_TEAM_ID }})" $bundle
done
codesign --deep --force --verify --verbose --timestamp --options runtime --entitlements ../Support/macos/OpenBrush.entitlements --sign "Developer ID Application: Icosa Gallery Ltd (${{ vars.APPLE_TEAM_ID }})" $FILENAME
cd -
tar -c -v -z -f OpenBrush.tgz StandaloneOSX
- name: Upload signed app
uses: actions/upload-artifact@v4
with:
name: MacOS (signed)
path: |
OpenBrush.tgz
createdmg:
name: Create and Notarize DMG
needs: [signmacos]
if: |
github.event_name == 'push' &&
github.repository == 'icosa-foundation/open-brush' &&
(github.ref == 'refs/heads/main' || contains(github.ref, 'refs/tags/v'))
runs-on: macos-latest
steps:
- name: Checkout repository
uses: actions/checkout@v4
with:
fetch-depth: 0
lfs: true # We don't use LFS, but it adds no time, and leave it here in case we do at some point later
sparse-checkout: |
Support/macos
- name: Download Build Artifacts
uses: actions/download-artifact@v4
with:
name: MacOS (signed)
path: build_macos
- name: Create a notarized DMG
env:
VERSION: ${{ needs.configuration.outputs.version }}
run: |
tar xvfz build_macos/*tgz
export FILENAME=$(basename $(readlink -f StandaloneOSX/OpenBrush*.app))
mkdir dist
cp Support/macos/background.png StandaloneOSX/
cp Support/macos/[email protected] StandaloneOSX/
pip install jinjanator
jinjanate Support/macos/openbrush-dmg.json.j2 > StandaloneOSX/openbrush-dmg.json
pushd StandaloneOSX/
npx appdmg openbrush-dmg.json ../dist/OpenBrush.dmg
popd
xcrun notarytool submit \
--team-id ${{ vars.APPLE_TEAM_ID }} \
--apple-id ${{ vars.APPLE_ID }} \
--password ${{ secrets.APPLE_APPLICATION_SPECIFIC_PASSWORD }} \
--wait \
dist/OpenBrush.dmg
xcrun stapler staple dist/OpenBrush.dmg
- name: Upload notarized dmg
uses: actions/upload-artifact@v4
with:
name: MacOS (DMG)
path: |
dist/OpenBrush.dmg
release:
name: Create Github Release
needs: [configuration, build, createdmg]
runs-on: ubuntu-latest
if: |
github.event_name == 'push' &&
github.repository == 'icosa-foundation/open-brush' &&
(github.ref == 'refs/heads/main' || contains(github.ref, 'refs/tags/v'))
steps:
- name: "Build Changelog"
id: changelog
uses: mikepenz/release-changelog-builder-action@v4
with:
fromTag: "${{ needs.configuration.outputs.previousrelease }}"
toTag: "${{ needs.configuration.outputs.currentrelease }}"
configurationJson: |
{
"categories": [
{
"title": "## 🚀 Features",
"labels": ["feature", "enhancement"]
},
{
"title": "## 🎨 UI / UX",
"labels": ["ux"]
},
{
"title": "## 🐛 Fixes",
"labels": ["fix", "bugfix"]
},
{
"title": "## 🛠️ Infrastructure",
"labels": ["infrastructure"]
},
{
"title": "## 📦 Dependencies / Maintenance",
"labels": ["dependencies", "maintenance"]
},
{
"title": "## 💬 Uncategorized",
"labels": []
}
],
"pr_template": "- #{{TITLE}} (PR ##{{NUMBER}} by @#{{AUTHOR}})"
}
- name: Echo Changelog (for debugging purposes)
env:
CHANGELOG: ${{ steps.changelog.outputs.changelog }}
run: echo "$CHANGELOG"
- name: Download Build Artifacts (Windows OpenXR)
uses: actions/download-artifact@v4
with:
name: Windows OpenXR
path: build_windows_openxr
- name: Download Build Artifacts (Windows Rift)
uses: actions/download-artifact@v4
with:
name: Windows Rift
path: build_windows_rift
- name: Download Build Artifacts (Android OpenXR)
uses: actions/download-artifact@v4
with:
name: Android OpenXR
path: build_android_openxr
- name: Download Build Artifacts (Oculus Quest 2+)
uses: actions/download-artifact@v4
with:
name: Oculus Quest (2+)
path: build_oculus_quest
- name: Download Build Artifacts (Pico)
uses: actions/download-artifact@v4
with:
name: Android Pico
path: build_android_pico
- name: Download Build Artifacts (Linux)
uses: actions/download-artifact@v4
with:
name: Linux
path: build_linux
- name: Download Build Artifacts (Mac)
uses: actions/download-artifact@v4
with:
name: MacOS (DMG)
path: build_macos
- name: Package Artifacts for release
env:
VERSION: ${{ needs.configuration.outputs.version }}
run: |
mkdir releases
mv build_oculus_quest/*/com.Icosa.OpenBrush*apk releases/OpenBrush_Quest_$VERSION.apk
mv build_android_openxr/*/com.Icosa.OpenBrush*apk releases/OpenBrush_OpenXR_$VERSION.apk
mv build_android_pico/*/com.Icosa.OpenBrush*apk releases/OpenBrush_Pico_$VERSION.apk
mv build_windows_openxr/StandaloneWindows64/ releases/OpenBrush_Desktop_$VERSION/
mv build_windows_rift/StandaloneWindows64/ releases/OpenBrush_Rift_$VERSION/
mv build_macos/*.dmg releases/OpenBrush_Mac_$VERSION.dmg
mv build_linux/StandaloneLinux64/ releases/OpenBrush_Linux_$VERSION/
cd releases
zip -r OpenBrush_Desktop_$VERSION.zip OpenBrush_Desktop_$VERSION/
rm -rf OpenBrush_Desktop_$VERSION
zip -r OpenBrush_Rift_$VERSION.zip OpenBrush_Rift_$VERSION/
rm -rf OpenBrush_Rift_$VERSION
zip -r OpenBrush_Linux_$VERSION.zip OpenBrush_Linux_$VERSION/
- name: Publish
uses: softprops/action-gh-release@v2
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
body: ${{ steps.changelog.outputs.changelog }}
prerelease: ${{ needs.configuration.outputs.prerelease }}
target_commitish: ${{ needs.configuration.outputs.currentrelease }}
tag_name: ${{ needs.configuration.outputs.version }}
files: releases/*
publish_gitbook:
name: Publish changelog from last major build to open-brush-docs
needs: [configuration, build]
runs-on: ubuntu-latest
if: |
github.event_name == 'push' &&
github.repository == 'icosa-foundation/open-brush' &&
(github.ref == 'refs/heads/main' || contains(github.ref, 'refs/tags/v'))
steps:
- name: "Build Changelog"
id: changelog
uses: mikepenz/release-changelog-builder-action@v4
with:
fromTag: "${{ needs.configuration.outputs.previousfullrelease }}"
toTag: "${{ needs.configuration.outputs.currentrelease }}"
configurationJson: |
{
"categories": [
{
"title": "## 🚀 Features",
"labels": ["feature", "enhancement"]
},
{
"title": "## 🎨 UI / UX",
"labels": ["ux"]
},
{
"title": "## 🐛 Fixes",
"labels": ["fix", "bugfix"]
},
{
"title": "## 🛠️ Infrastructure",
"labels": ["infrastructure"]
},
{
"title": "## 📦 Dependencies / Maintenance",
"labels": ["dependencies", "maintenance"]
},
{
"title": "## 💬 Uncategorized",
"labels": []
}
],
"template": "# Changelog since #{{FROM_TAG}}\n\n[Full release details](#{{RELEASE_DIFF}})\n\n#{{CHANGELOG}}\n\n",
"pr_template": "- #{{TITLE}} ([PR ##{{NUMBER}}](#{{URL}}) by @#{{AUTHOR}})\n"
}
- name: Get the current contents of the docs repository
uses: actions/checkout@v4
with:
repository: icosa-foundation/open-brush-docs
path: open-brush-docs
ref: master
fetch-depth: 0
sparse-checkout: |
release-history/
- name: Create Changelog file
env:
CHANGELOG: ${{ steps.changelog.outputs.changelog }}
run: |
echo "$CHANGELOG" | tee open-brush-docs/release-history/automatic-changelog.md
- name: Publish release notes
uses: cpina/[email protected]
env:
SSH_DEPLOY_KEY: ${{ secrets.OPENBRUSH_DOCS_SSH_DEPLOY_KEY }}
with:
source-directory: 'open-brush-docs/release-history/'
target-directory: 'release-history/'
destination-github-username: 'icosa-foundation'
destination-repository-name: 'open-brush-docs'
user-name: 'release-note-bot'
user-email: automatic-release@icosa
target-branch: master
publish_steam:
name: Publish Steam Release
needs: [build, signmacos]
if: |
github.event_name == 'push' &&
github.repository == 'icosa-foundation/open-brush' &&
(github.ref == 'refs/heads/main' || contains(github.ref, 'refs/tags/v'))
runs-on: ubuntu-latest
steps:
- name: Checkout repository
uses: actions/checkout@v4
with:
fetch-depth: 0
sparse-checkout: |
Support/steam
lfs: true # We don't use LFS, but it adds no time, and leave it here in case we do at some point later
- name: Setup steamcmd
uses: CyberAndrii/[email protected]
- name: Restore steam login config
run: |
mkdir -p /home/runner/Steam/config
echo "${{ secrets.STEAM_CONFIG_VDF}}" | base64 -d - > /home/runner/Steam/config/config.vdf
md5sum /home/runner/Steam/config/config.vdf
- name: Download Build Artifacts (Windows OpenXR)
uses: actions/download-artifact@v4
with:
name: Windows OpenXR
path: build_windows_openxr
- name: Download Build Artifacts (MacOS Signed)
uses: actions/download-artifact@v4
with:
name: MacOS (signed)
path: build_macos
- name: Download Build Artifacts (Linux)
uses: actions/download-artifact@v4
with:
name: Linux
path: build_linux
- name: Upload Build
run: |
cd build_macos
tar xvfz OpenBrush.tgz
cd -
pip install -U jinjanator
jinjanate Support/steam/app.vdf.j2 > app.vdf
jinjanate Support/steam/main_depot.win.vdf.j2 > build_windows_openxr/main_depot.vdf
jinjanate Support/steam/main_depot.mac.vdf.j2 > build_macos/main_depot.vdf
jinjanate Support/steam/main_depot.linux.vdf.j2 > build_linux/main_depot.vdf
jinjanate Support/steam/installscript_win.vdf.j2 > build_windows_openxr/installscript_win.vdf
steamcmd +login $STEAM_USERNAME +run_app_build $(pwd)/app.vdf +quit
env:
STEAM_USERNAME: ${{ vars.STEAM_USERNAME }}
STEAM_PASSWORD: ${{ secrets.STEAM_PASSWORD }}
VERSION: ${{ needs.configuration.outputs.version }}
OPEN_BRUSH_APP_ID: ${{ vars.STEAM_APP_ID }}
OPEN_BRUSH_WINDOWS_DEPOT_ID: ${{ vars.STEAM_WINDOWS_DEPOT_ID }}
OPEN_BRUSH_MAC_DEPOT_ID: ${{ vars.STEAM_MAC_DEPOT_ID }}
OPEN_BRUSH_LINUX_DEPOT_ID: ${{ vars.STEAM_LINUX_DEPOT_ID }}
OPEN_BRUSH_WINDOWS_EXECUTABLE: ${{ needs.configuration.outputs.basename}}.exe
CHANNEL: beta
- name: Update steam login secret
run: |
base64 -i /home/runner/Steam/config/config.vdf | gh secret set -R icosa-foundation/open-brush STEAM_CONFIG_VDF
md5sum /home/runner/Steam/config/config.vdf
env:
GITHUB_TOKEN: ${{ secrets.SECRET_UPDATER_PAT }}
- name: Save logs
uses: actions/upload-artifact@v4
if: ${{ failure() }}
with:
name: steamcmd logs
path: build_output/
publish_pimax:
name: Publish Pimax Release
needs: [configuration, build]
runs-on: windows-latest
env:
PIMAX_APP_ID: ${{ vars.PIMAX_APP_ID }}
PIMAX_USERNAME: ${{ vars.PIMAX_USERNAME }}
PIMAX_PASSWORD: ${{ secrets.PIMAX_PASSWORD }}
VERSION: ${{ needs.configuration.outputs.version}}
if: |
github.event_name == 'push' &&
github.repository == 'icosa-foundation/open-brush' &&
contains(github.ref, 'refs/tags/v')
steps:
- name: Download Build Artifacts (Windows Pimax)
uses: actions/download-artifact@v4
with:
name: Windows Pimax
path: build_windows_pimax
- name: Publish Pimax Builds
run: |
New-Item "releases" -Type Directory
Move-Item -Path build_windows_pimax/StandaloneWindows64/* releases/
Set-Location -Path "releases"
Compress-Archive -Path ./* -DestinationPath OpenBrush_Pimax_${Env:VERSION}.zip
Invoke-WebRequest -Uri https://dl.appstore.pimax.com/tools/pimax-dev-util.exe -OutFile pimax-dev-util.exe
./pimax-dev-util.exe login -u $Env:PIMAX_USERNAME -p $Env:PIMAX_PASSWORD
./pimax-dev-util.exe upload-pc-build -a $Env:PIMAX_APP_ID -d OpenBrush_Pimax_${Env:VERSION}.zip
publish_viveport:
name: Publish Viveport Release
needs: [configuration, build]
runs-on: windows-latest
env:
VIVEPORT_EMAIL: ${{ vars.VIVEPORT_EMAIL }}
VIVEPORT_PASSWORD: ${{ secrets.VIVEPORT_PASSWORD }}
VIVEPORT_APP_ID: ${{ vars.VIVEPORT_APP_ID }}
VIVEPORT_ORG_ID: ${{ vars.VIVEPORT_ORG_ID }}
VERSION: ${{ needs.configuration.outputs.version}}
if: |
github.event_name == 'push' &&
github.repository == 'icosa-foundation/open-brush' &&
contains(github.ref, 'refs/tags/v')
steps:
- name: Download Build Artifacts (Windows OpenXR)
uses: actions/download-artifact@v4
with:
name: Windows OpenXR
path: build_windows_openxr
- name: Publish Viveport Builds
run: |
New-Item "releases" -Type Directory
Move-Item -Path build_windows_openxr/StandaloneWindows64/* releases/
Set-Location -Path "releases"
Compress-Archive -Path ./* -DestinationPath OpenBrush_Viveport_${Env:VERSION}.zip
Invoke-WebRequest -Uri https://assets-global.viveport.com/static-misc/developer-tool/ViveportUploader.exe -OutFile ViveportUploader.exe
./ViveportUploader.exe -email ${Env:VIVEPORT_EMAIL} -password ${Env:VIVEPORT_PASSWORD} -filepath OpenBrush_Viveport_${Env:VERSION}.zip -appid ${Env:VIVEPORT_APP_ID} -orgid ${Env:VIVEPORT_ORG_ID} -version ${VERSION}
publish_itch:
name: Publish Itch.io Release
needs: [configuration, build]
runs-on: ubuntu-latest
env:
ITCH_SUBCHANNEL_NAME: ${{ needs.configuration.outputs.itchchannelname }}
BUTLER_CREDENTIALS: ${{ secrets.BUTLER_CREDENTIALS }}
ITCH_GAME: openbrush
ITCH_USER: openbrush
VERSION: ${{ needs.configuration.outputs.version }}
if: |
github.event_name == 'push' &&
github.repository == 'icosa-foundation/open-brush' &&
(github.ref == 'refs/heads/main' || contains(github.ref, 'refs/tags/v'))
steps:
- name: Download Build Artifacts (Windows OpenXR)
uses: actions/download-artifact@v4
with:
name: Windows OpenXR
path: build_windows_openxr
- name: Download Build Artifacts (Oculus Quest 2+)
uses: actions/download-artifact@v4
with:
name: Oculus Quest (2+)
path: build_oculus_quest
- name: Package Artifacts for release
run: |
mkdir releases
mv build_oculus_quest/*/com.Icosa.OpenBrush*apk releases/OpenBrush_Quest_$VERSION.apk
mv build_windows_openxr/StandaloneWindows64/ releases/OpenBrush_Desktop_$VERSION/
- name: Publish Windows
uses: josephbmanley/butler-publish-itchio-action@master
env:
CHANNEL: windows-${{ env.ITCH_SUBCHANNEL_NAME }}
PACKAGE: releases/OpenBrush_Desktop_${{ needs.configuration.outputs.version }}
- name: Publish Quest
uses: josephbmanley/butler-publish-itchio-action@master
env:
CHANNEL: android-quest-${{ env.ITCH_SUBCHANNEL_NAME }}
PACKAGE: releases/OpenBrush_Quest_${{ needs.configuration.outputs.version }}.apk
publish_oculus_quest:
name: Publish Oculus Quest 2+ Release
needs: [configuration, build]
runs-on: ubuntu-latest
if: |
github.event_name == 'push' &&
github.repository == 'icosa-foundation/open-brush' &&
(github.ref == 'refs/heads/main' || contains(github.ref, 'refs/tags/v'))
steps:
- name: Download Build Artifacts (Oculus Quest 2+)
uses: actions/download-artifact@v4
with:
name: Oculus Quest (2+)
path: build_oculus_quest
- name: Publish Oculus Builds
env:
VERSION: ${{ needs.configuration.outputs.version }}
PRERELEASE: ${{ needs.configuration.outputs.prerelease }}
RAW_CHANGELOG: ${{ needs.configuration.outputs.rawchangelog }}
OCULUS_QUEST_APP_ID: ${{ vars.OCULUS_QUEST_APP_ID }}
OCULUS_QUEST_APP_SECRET: ${{ secrets.OCULUS_QUEST_APP_SECRET }}
run: |
mkdir releases
mv build_oculus_quest/*/com.Icosa.OpenBrush*apk releases/OpenBrush_Quest_$VERSION.apk
mv build_oculus_quest/*/com.Icosa.OpenBrush*.symbols.zip releases/symbols.zip
cd releases
unzip symbols.zip
curl -L 'https://www.oculus.com/download_app/?id=5159709737372459' -o ovr-platform-util
chmod 755 ovr-platform-util
if [ "$PRERELEASE" == "false" ]
then
./ovr-platform-util upload-quest-build --app-id ${OCULUS_QUEST_APP_ID} --app-secret ${OCULUS_QUEST_APP_SECRET} --apk OpenBrush_Quest_$VERSION.apk --channel LIVE:quest2+ --debug_symbols_dir ./arm64-v8a/ --debug-symbols-pattern '*.so' --age-group MIXED_AGES
else
CHANGELOG="${RAW_CHANGELOG}"
./ovr-platform-util upload-quest-build --app-id ${OCULUS_QUEST_APP_ID} --app-secret ${OCULUS_QUEST_APP_SECRET} --apk OpenBrush_Quest_$VERSION.apk --channel Beta:quest2+ --debug_symbols_dir ./arm64-v8a/ --debug-symbols-pattern '*.so' --notes "${CHANGELOG}" --age-group MIXED_AGES
fi
publish_oculus_quest1:
name: Publish Oculus Quest 1 Release
needs: [configuration, build]
runs-on: ubuntu-latest
if: |
github.event_name == 'push' &&
github.repository == 'icosa-foundation/open-brush' &&
(github.ref == 'refs/heads/main' || contains(github.ref, 'refs/tags/v'))
steps:
- name: Download Build Artifacts (Oculus Quest 1)
uses: actions/download-artifact@v4
with:
name: Oculus Quest (1)
path: build_oculus_quest1
- name: Publish Oculus Builds
env:
VERSION: ${{ needs.configuration.outputs.version }}
PRERELEASE: ${{ needs.configuration.outputs.prerelease }}
RAW_CHANGELOG: ${{ needs.configuration.outputs.rawchangelog }}
OCULUS_QUEST_APP_ID: ${{ vars.OCULUS_QUEST_APP_ID }}
OCULUS_QUEST_APP_SECRET: ${{ secrets.OCULUS_QUEST_APP_SECRET }}
run: |
mkdir releases1
mv build_oculus_quest1/*/com.Icosa.OpenBrush*apk releases1/OpenBrush_Quest1_$VERSION.apk
mv build_oculus_quest1/*/com.Icosa.OpenBrush*.symbols.zip releases1/symbols.zip
cd releases1
unzip symbols.zip
curl -L 'https://www.oculus.com/download_app/?id=5159709737372459' -o ovr-platform-util
chmod 755 ovr-platform-util
if [ "$PRERELEASE" == "false" ]
then
./ovr-platform-util upload-quest-build --app-id ${OCULUS_QUEST_APP_ID} --app-secret ${OCULUS_QUEST_APP_SECRET} --apk OpenBrush_Quest1_$VERSION.apk --channel LIVE:quest1only --debug_symbols_dir ./arm64-v8a/ --debug-symbols-pattern '*.so' --age-group MIXED_AGES
else
CHANGELOG="${RAW_CHANGELOG}"
./ovr-platform-util upload-quest-build --app-id ${OCULUS_QUEST_APP_ID} --app-secret ${OCULUS_QUEST_APP_SECRET} --apk OpenBrush_Quest1_$VERSION.apk --channel Beta:quest1only --debug_symbols_dir ./arm64-v8a/ --debug-symbols-pattern '*.so' --notes "${CHANGELOG}" --age-group MIXED_AGES
fi
publish_oculus_rift:
name: Publish Oculus Rift Release
needs: [configuration, build]
runs-on: ubuntu-latest
if: |
github.event_name == 'push' &&
github.repository == 'icosa-foundation/open-brush' &&
(github.ref == 'refs/heads/main' || contains(github.ref, 'refs/tags/v'))
steps:
- name: Download Build Artifacts (Windows Rift)
uses: actions/download-artifact@v4
with:
name: Windows Rift
path: build_windows_rift
- name: Publish Oculus Builds
env:
VERSION: ${{ needs.configuration.outputs.version }}
PRERELEASE: ${{ needs.configuration.outputs.prerelease }}
RAW_CHANGELOG: ${{ needs.configuration.outputs.rawchangelog }}
OCULUS_RIFT_APP_ID: ${{ vars.OCULUS_RIFT_APP_ID }}
OCULUS_RIFT_APP_SECRET: ${{ secrets.OCULUS_RIFT_APP_SECRET }}
run: |
mkdir releases
mv build_windows_rift/StandaloneWindows64/ releases/OpenBrush_Rift_$VERSION/
cd releases
zip -r OpenBrush_Rift_$VERSION.zip OpenBrush_Rift_$VERSION/
curl -L 'https://www.oculus.com/download_app/?id=5159709737372459' -o ovr-platform-util
chmod 755 ovr-platform-util
if [ "$PRERELEASE" == "false" ]
then
./ovr-platform-util upload-rift-build --app-id ${OCULUS_RIFT_APP_ID} --app-secret ${OCULUS_RIFT_APP_SECRET} --build-dir OpenBrush_Rift_$VERSION --launch-file OpenBrush.exe --channel LIVE --version $VERSION --firewall_exceptions true --redistributables 822786567843179,1675031999409058,2657209094360789
else
CHANGELOG="${RAW_CHANGELOG}"
./ovr-platform-util upload-rift-build --app-id ${OCULUS_RIFT_APP_ID} --app-secret ${OCULUS_RIFT_APP_SECRET} --build-dir OpenBrush_Rift_$VERSION --launch-file OpenBrush.exe --channel BETA --version $VERSION --firewall_exceptions true --redistributables 822786567843179,1675031999409058,2657209094360789 --notes "${CHANGELOG}"
fi
publish_pico:
name: Publish Pico Releases
needs: [configuration, build]
runs-on: ubuntu-latest # the ovr-platform-util tool is only available for Mac and Windows
if: |
github.event_name == 'push' &&
github.repository == 'icosa-foundation/open-brush' &&
(github.ref == 'refs/heads/main' || contains(github.ref, 'refs/tags/v'))
steps:
- name: Download Build Artifacts (Android Pico)
uses: actions/download-artifact@v4
with:
name: Android Pico
path: build_android_pico
- name: Download Build Artifacts (Android Pico CN)
uses: actions/download-artifact@v4
with:
name: Android Pico (CN)
path: build_android_pico_cn
- name: Publish Pico Builds
env:
VERSION: ${{ needs.configuration.outputs.version }}
PRERELEASE: ${{ needs.configuration.outputs.prerelease }}
RAW_CHANGELOG: ${{ needs.configuration.outputs.rawchangelog }}
PICO_APP_ID: ${{ vars.PICO_APP_ID }}
PICO_APP_SECRET: ${{ secrets.PICO_APP_SECRET }}
run: |
mkdir releases
mv build_android_pico/*/com.Icosa.OpenBrush*apk releases/OpenBrush_Pico_$VERSION.apk
mv build_android_pico_cn/*/com.Icosa.OpenBrush*apk releases/OpenBrush_Pico_CN_$VERSION.apk
cd releases
# pico-cli v1.0.3
curl -L 'https://p16-platform-static-va.ibyteimg.com/tos-maliva-i-jo6vmmv194-us/linux-noncn/202304111056/pico-cli?r=1681181814847245000' -o pico-cli
chmod 755 pico-cli
if [ "$PRERELEASE" == "false" ]
then
# The order here matters, because the Chinese build has a slightly higher version code due to the suffix of 1 vs 0
./pico-cli upload-build --app-id $PICO_APP_ID --app-secret $PICO_APP_SECRET --region noncn --apk OpenBrush_Pico_$VERSION.apk --channel 2 --notes-en "Version $VERSION" --device 'PICO Neo3,PICO Neo3 Pro,PICO Neo3 Eye,PICO 4'
./pico-cli upload-build --app-id $PICO_APP_ID --app-secret $PICO_APP_SECRET --region noncn --apk OpenBrush_Pico_CN_$VERSION.apk --channel 1 --notes-en "Version $VERSION" --device 'PICO Neo3,PICO Neo3 Pro,PICO Neo3 Eye,PICO 4'
else
# For Pico, Beta channels can only get one build, not a separate China / non-China build
./pico-cli upload-build --app-id $PICO_APP_ID --app-secret $PICO_APP_SECRET --region noncn --apk OpenBrush_Pico_$VERSION.apk --channel 3 --notes-en "Version $VERSION" --device 'PICO Neo3,PICO Neo3 Pro,PICO Neo3 Eye,PICO 4'
fi
publish_ios_zapbox:
name: Publish Zapbox iOS
needs: [configuration, build]
runs-on: macos-14 # ARM64 workers. Change this back to -latest when they get promoted
if: |
github.event_name == 'push' &&
github.repository == 'icosa-foundation/open-brush' &&
(github.ref == 'refs/heads/main' || contains(github.ref, 'refs/tags/v'))
steps:
- name: Checkout Repository
uses: actions/checkout@v4
with:
fetch-depth: 0
sparse-checkout: |
Gemfile
Gemfile.lock
fastlane
- name: Download iOS Artifact
uses: actions/download-artifact@v4
with:
name: iOS Zapbox
path: build
- name: Fix File Permissions
run: |
export FILENAME=$(basename $(readlink -f build/iOS/OpenBrush*))
export IOS_BUILD_PATH=$(pwd)/build/iOS/${FILENAME}
find $IOS_BUILD_PATH -type f -name "*.sh" -exec chmod +x {} \;
- name: Run fastlane
env:
APPLE_CONNECT_EMAIL: ${{ secrets.APPLE_CONNECT_EMAIL }}
APPLE_DEVELOPER_EMAIL: ${{ secrets.APPLE_DEVELOPER_EMAIL }}
APPLE_TEAM_ID: ${{ vars.APPLE_TEAM_ID }}
MATCH_REPOSITORY: ${{ secrets.MATCH_REPOSITORY }}
MATCH_DEPLOY_KEY: ${{ secrets.MATCH_DEPLOY_KEY }}
MATCH_PASSWORD: ${{ secrets.MATCH_PASSWORD }}
APPSTORE_ISSUER_ID: ${{ secrets.APPSTORE_ISSUER_ID }}
APPSTORE_KEY_ID: ${{ secrets.APPSTORE_KEY_ID }}
APPSTORE_P8: ${{ secrets.APPSTORE_P8 }}
IOS_BUNDLE_ID: ${{ vars.IOS_ZAPBOX_BUNDLE_ID }}
PROJECT_NAME: Open Brush for Zapbox
FASTLANE_LANE: ${{ needs.configuration.outputs.fastlanelane }}
run: |
eval "$(ssh-agent -s)"
ssh-add - <<< "${MATCH_DEPLOY_KEY}"
export FILENAME=$(basename $(readlink -f build/iOS/OpenBrush*))
export IOS_BUILD_PATH=$(pwd)/build/iOS/${FILENAME}
bundle install
bundle exec fastlane ios ${FASTLANE_LANE}
- name: Save logs
uses: actions/upload-artifact@v4
if: ${{ failure() }}
with:
name: fastlane logs
path: /Users/runner/Library/Logs/gym/