-
Notifications
You must be signed in to change notification settings - Fork 45
359 lines (319 loc) · 14.8 KB
/
build-wsl.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
name: Build WSL
on:
workflow_dispatch:
inputs:
appID:
description: 'Release name to use for the bundle'
required: true
default: 'UbuntuPreview'
rootfses:
description: 'Ubuntu WSL rootfs urls, separated by a colon. Direct set of "tar.gz::arch" if arch is not in the filename'
required: true
default: ''
rootfseschecksum:
description: 'Should download a SHA256SUMS file to check the rootfs'
required: true
default: 'yes'
upload:
description: 'Should we upload the appxbundle to the store'
required: true
default: 'yes'
schedule:
- cron: '0 10 * * *'
env:
goversion: '1.21.4'
jobs:
build-matrix:
name: Build Matrix for AppIDs to run on with rootfses, which can be manually supplied or automatically.
runs-on: ubuntu-latest
outputs:
matrix: ${{ steps.build-matrix-release.outputs.matrix }}
steps:
- name: Install dependencies
run: |
sudo DEBIAN_FRONTEND=noninteractive apt update
sudo DEBIAN_FRONTEND=noninteractive apt install -y jq
- uses: actions/checkout@v3
- uses: actions/setup-go@v3
with:
go-version: ${{ env.goversion }}
- name: Build Matrix for AppIDs to run on with rootfses, which can be manually supplied or automatically
id: build-matrix-release
run: |
set -eux
# Manual build
if [ ${{ github.event_name }} = 'workflow_dispatch' ]; then
appID="${{ github.event.inputs.appID }}"
if [ -z "${appID}" ]; then
appID="UbuntuPreview"
fi
builds="$(cat <<-EOF|jq -c
{"include":
[
{
"AppID": "${appID}",
"Rootfses": "${{ github.event.inputs.rootfses }}",
"RootfsesChecksum": "${{ github.event.inputs.rootfseschecksum }}",
"Upload": "${{ github.event.inputs.upload }}"
}
]
}
EOF
)"
else
wsl-builder/lp-distro-info > /tmp/all-releases.csv
go build ./wsl-builder/prepare-build
builds_config="$(./prepare-build build-github-matrix /tmp/all-releases.csv)"
if [ "${builds_config}" == "null" ]; then
echo "No active application to build"
exit 0
fi
builds="{\"include\":${builds_config}}"
fi
echo "${builds}"
echo "::set-output name=matrix::${builds}"
echo "::notice::Building for: $(echo "${builds}" | jq '.include[] | "\(.AppID): \(.Rootfses). RootfsesChecksum: \(.RootfsesChecksum). Upload to store: \(.Upload)"')"
build-wsl:
name: Build ${{ matrix.AppID }}
runs-on: windows-latest
needs: build-matrix
strategy:
matrix: ${{fromJson(needs.build-matrix.outputs.matrix)}}
fail-fast: false
env:
buildInfoPath: 'wiki/build-info'
workDir: 'C:/Temp/builddir'
outputs:
has-changes: ${{ steps.detect-changes.outputs.has-changes }}
steps:
- name: Checkout WSL
shell: bash
run: |
mkdir -p ${{ env.workDir }}
git clone https://github.com/ubuntu/wsl.git ${{ env.workDir }}
cd ${{ env.workDir }}
git checkout "${GITHUB_SHA}"
git submodule update --init --recursive
- name: Checkout build-info
shell: bash
run: |
mkdir -p ${{ env.workDir }}/wiki/
git clone https://github.com/ubuntu/wsl.wiki ${{ env.workDir }}/wiki --depth 1
- uses: actions/setup-go@v3
with:
go-version: ${{ env.goversion }}
- name: Prepare project metadata, assets and download rootfses
working-directory: ${{ env.workDir }}
shell: bash
run: |
set -eu
# Download rootfses, checksum and place them at the correct place
go build ./wsl-builder/prepare-build
extraArgs=""
if [ ${{ matrix.RootfsesChecksum }} != "yes" ]; then
extraArgs="--no-checksum"
fi
archsBundle="$(./prepare-build prepare ${{ env.buildInfoPath }}/${{ matrix.AppID }}-buildid.md ${{ matrix.AppID }} ${{ matrix.Rootfses }} ${extraArgs})"
echo "AppxBundlePlatforms=${archsBundle}" >> $GITHUB_ENV
# Always StoreUpload mode to get appxupload file
buildMode="StoreUpload"
echo "UapAppxPackageBuildMode=${buildMode}" >> $GITHUB_ENV
- name: Setup MSBuild (PATH)
uses: microsoft/[email protected]
- name: Install certificate
shell: powershell
working-directory: ${{ env.workDir }}
run: |
New-Item -ItemType directory -Path certificate
Set-Content -Path certificate\certificate.txt -Value '${{ secrets.CERTIFICATE }}'
certutil -decode certificate\certificate.txt certificate\certificate.pfx
$pwd = ConvertTo-SecureString '${{ secrets.CERTIFICATE_PASSWORD }}' -AsPlainText -Force
Import-PfxCertificate -Password $pwd -CertStoreLocation Cert:LocalMachine\Trust -FilePath certificate\certificate.pfx
Import-PfxCertificate -Password $pwd -CertStoreLocation Cert:CurrentUser\My -FilePath certificate\certificate.pfx
- name: Build Bundle
working-directory: ${{ env.workDir }}
run: msbuild .\DistroLauncher.sln /t:Build /m /nr:false /p:Configuration=Release /p:AppxBundle=Always /p:AppxBundlePlatforms="${{ env.AppxBundlePlatforms }}" /p:UapAppxPackageBuildMode=${{ env.UapAppxPackageBuildMode }} -verbosity:normal
- name: Collect the PDB files
working-directory: ${{ env.workDir }}
shell: bash
run: |
set -eu
# Launcher PDBs
for arch in "x64" "ARM64"; do
collectTo="debug-database-${{ matrix.AppID }}/launcher/$arch/"
mkdir -p "$collectTo"
findDir="ARM64/Release/"
if [ $arch == "x64" ]; then
findDir="ARM64/Release/DistroLauncher-Appx/x64/"
fi
find "$findDir" -maxdepth 1 -name "*.pdb" -exec cp '{}' "$collectTo" \;
done
- name: Allow downloading sideload appxbundle
uses: actions/upload-artifact@v4
with:
name: sideload-${{ matrix.AppID }}
path: |
${{ env.workDir }}/AppPackages/Ubuntu/Ubuntu_*/*
retention-days: 7
- name: Allow downloading store appxupload
uses: actions/upload-artifact@v4
with:
name: store-${{ matrix.AppID }}
path: |
${{ env.workDir }}/AppPackages/Ubuntu/Ubuntu_*.appxupload
retention-days: 7
- name: Allow downloading the program debug artifacts
uses: actions/upload-artifact@v4
with:
name: debug-database-${{ matrix.AppID }}
path: |
${{ env.workDir }}/debug-database-${{ matrix.AppID }}/
retention-days: 7
- name: Detect any potential changes and if we should upload automatically to the Store
id: detect-changes
working-directory: ${{ env.workDir }}
shell: bash
run: |
set -eux
build_id=$(cat "${{ env.buildInfoPath }}/${{ matrix.AppID }}-buildid.md")
echo "::set-output name=has-changes::false"
echo "::set-output name=should-upload::false"
# Store md5sum of rootfs, launcher and assets related code
fingerprint_file="${{ matrix.AppID }}-fingerprint.md"
fingerprint_filepath="${{ env.buildInfoPath }}/${fingerprint_file}"
first_upload="false"
if [ ! -f "${fingerprint_filepath}" ]; then
first_upload="true"
fi
# First. the rootfses
echo '```' > "${fingerprint_filepath}"
md5sum */install.tar.gz | sort -k2 >> "${fingerprint_filepath}"
# Launcher code
echo "$(find DistroLauncher -type f -not -path "*/ARM64/*" -not -path "*/x64/*" -exec md5sum {} \; | sort -k 2 | md5sum)DistroLauncher" >> "${fingerprint_filepath}"
# Build info and assets (without specific build number)
sed -i "s/\.${build_id}\./XXX/" DistroLauncher-Appx/MyDistro.appxmanifest
echo "$(find DistroLauncher-Appx -type f -not -path "*/ARM64/*" -not -path "*/x64/*" -not -path "*/BundleArtifacts/*" -not -name "Generated Files" -exec md5sum {} \; | sort -k 2 | md5sum)DistroLauncher-Appx" >> "${fingerprint_filepath}"
echo '```' >> "${fingerprint_filepath}"
cd "${{ env.buildInfoPath }}"
git add "${fingerprint_file}"
hasChanges="$(git diff --staged ${fingerprint_file})"
cd -
if [ -z "${hasChanges}" ]; then
exit 0
fi
echo "::set-output name=has-changes::true"
if [ ${{ matrix.Upload }} != "yes" ]; then
echo "::notice::${{ matrix.AppID }} build ${build_id} ready for sideload or manual submission to the Microsoft Store"
exit 0
fi
# If we are doing a first build for this distro, we don’t want to submit it to the store as first submission
# is manual. We let the other steps and jobs happening to save artifacts (build-id, fingerprints) of
# the first build.
if [ "${first_upload}" = "true" ]; then
echo "::notice::This is the first build for ${{ matrix.AppID }}. It needs to be submitted manually to the Microsoft Store"
exit 0
fi
echo "::notice::Uploading to the store ${{ matrix.AppID }} build ${build_id}"
echo "::set-output name=should-upload::true"
echo "Uploading new version as some files have changed:"
echo "${hasChanges}"
- name: Install Store Broker
if: ${{ steps.detect-changes.outputs.should-upload == 'true' }}
working-directory: ${{ env.workDir }}
shell: powershell
run: |
Install-Module -Name StoreBroker -AcceptLicense -Force -Scope CurrentUser -Verbose
- name: Submit to Microsoft Store
if: ${{ steps.detect-changes.outputs.should-upload == 'true' }}
working-directory: ${{ env.workDir }}
shell: powershell
run: |
New-Item -ItemType directory -Path store -Force
# Authenticate against the store
$pass = ConvertTo-SecureString -String '${{ secrets.AZUREAD_APPKEY }}' -AsPlainText -Force
$cred = New-Object -TypeName System.Management.Automation.PSCredential -ArgumentList ${{ secrets.AZUREAD_APPID }},$pass
Set-StoreBrokerAuthentication -TenantId '${{ secrets.AZUREAD_TENANTID }}' -Credential $cred
# Get store app ID for AppID
$appid = (Get-Applications -GetAll | Where-Object PackageIdentityName -like '*${{ matrix.AppID }}').id
If($appid -eq '') {
echo "No app found for AppID: ${{ matrix.AppID }}"
exit 1
}
# We want to publish UbuntuPreview automatically
If('${{ matrix.AppID }}' -eq 'UbuntuPreview') {
((Get-Content -path meta\SBConfig.json -Raw) -replace 'Manual','Immediate') | Set-Content -Path meta\SBConfig.json
}
# Prepare and submit to the Store
cd store\
New-SubmissionPackage -ConfigPath ..\meta\SBConfig.json
Update-ApplicationSubmission -AppId $appid -SubmissionDataPath "out\appstore-submission.json" -PackagePath "out\appstore-submission.zip" -Force -Autocommit -ReplacePackages -UpdateListings -UpdatePublishModeAndVisibility -UpdatePricingAndAvailability -UpdateAppProperties -UpdateGamingOptions -UpdateTrailers -UpdateNotesForCertification
- name: Upload build artifacts
if: ${{ steps.detect-changes.outputs.has-changes == 'true' }}
uses: actions/upload-artifact@v4
with:
name: build-artifacts-${{ matrix.AppID }}
path: ${{ env.workDir }}/${{ env.buildInfoPath }}/${{ matrix.AppID }}-*
update-build-artifacts:
# TODO: download only artefacts for wiki (pattern not supported yet: https://github.com/actions/download-artifact/issues/103)
name: Store updated build artifacts in wiki for reuse in future workflow runs
runs-on: ubuntu-latest
if: always()
needs: build-wsl
env:
artifactsPath: '/tmp/artifacts'
codeDir: '/tmp/update-codedir'
steps:
- name: Checkout wiki
uses: actions/checkout@v3
with:
repository: ubuntu/wsl.wiki
- name: Download artifacts from all previous matrix runs
uses: actions/download-artifact@v4
with:
path: ${{ env.artifactsPath }}
- name: Copy modified artifacts to base wiki
id: modified-artifacts
run: |
set -eu
mkdir -p build-info/
cp -a ${{ env.artifactsPath }}/build-artifacts-*/*.md build-info/ || exit 0
echo "::set-output name=needs-wiki-update::true"
# Pushing PDB's to the wiki only makes sense if we uploaded new app versions to the store.
- name: Copy debug databases to base wiki
if: ${{ needs.build-wsl.outputs.has-changes == 'true' }}
id: pdb-artifacts
run: |
set -eu
mkdir -p debug-databases/
find ${{ env.artifactsPath }} -name "debug-database-*" -maxdepth 1 -exec sh -c 'tar -cavf debug-databases/"$(basename $1)".tar.zst' sh '{}' \; || \
exit 0
echo "::set-output name=needs-wiki-update::true"
- name: Sync wiki to repository documentation
if: ${{ steps.modified-artifacts.outputs.needs-wiki-update == 'true' }}
run: |
set -eux
git config user.name "github-actions[bot]"
git config user.email "41898282+github-actions[bot]@users.noreply.github.com"
git add .
git commit -m "Auto-update build info"
git push origin master
- name: Checkout repositories required by ISO Tracker notification
if: ${{ steps.modified-artifacts.outputs.needs-wiki-update == 'true' }}
run: |
mkdir -p ${{ env.codeDir }}
git clone https://github.com/ubuntu/wsl.git ${{ env.codeDir }} --depth 1
mkdir -p ${{ env.codeDir }}/uat
git clone https://git.launchpad.net/ubuntu-archive-tools ${{ env.codeDir }}/uat --depth 1
- name: Notify ISO Tracker
if: ${{ steps.modified-artifacts.outputs.needs-wiki-update == 'true' }}
env:
ISOTRACKER_USERNAME: ${{ secrets.ISOTRACKER_USERNAME }}
ISOTRACKER_PASSWORD: ${{ secrets.ISOTRACKER_PASSWORD }}
run: |
[ -f /tmp/all-releases.csv ] || ${{ env.codeDir }}/wsl-builder/lp-distro-info > /tmp/all-releases.csv
# There might have been more than one build in the latest commit
for build in $(git diff-tree --no-commit-id --name-only -r HEAD | grep buildid); do
AppID=$(basename $build);
AppID=${AppID%-buildid.md};
PYTHONPATH=${{ env.codeDir }}/uat ${{ env.codeDir }}/wsl-builder/notify-isotracker --debug $AppID $GITHUB_RUN_ID
done