name: C/C++ CI on: push: branches: [master] paths-ignore: - '**.md' - '.github/**' pull_request: types: [opened, reopened, synchronize] release: types: [published] workflow_dispatch: jobs: windows: name: 'Windows' runs-on: windows-2025 env: solution: 'msvc/reapi.sln' buildPlatform: 'Win32' buildRelease: 'Release' steps: - name: Configure run: git config --global --add safe.directory "$GITHUB_WORKSPACE" - name: Checkout uses: actions/checkout@v4 with: fetch-depth: 0 - name: Setup MSBuild uses: microsoft/setup-msbuild@v2 # TODO: add support of 141_xp toolchain at VS2022+ # - name: Install v140, v141 and v142 toolsets # shell: cmd # run: | # "C:\Program Files (x86)\Microsoft Visual Studio\Installer\vs_installer.exe" modify ^ # --installPath "C:\Program Files\Microsoft Visual Studio\2022\Enterprise" ^ # --add Microsoft.VisualStudio.Component.WindowsXP ^ # --add Microsoft.VisualStudio.Component.VC.v140 ^ # --add Microsoft.VisualStudio.Component.VC.v140.x86.x64 ^ # --add Microsoft.VisualStudio.Component.VC.v140.xp ^ # --add Microsoft.VisualStudio.Component.VC.140.CRT ^ # --add Microsoft.VisualStudio.Component.VC.v141 ^ # --add Microsoft.VisualStudio.Component.VC.v141.x86.x64 ^ # --add Microsoft.VisualStudio.Component.VC.v141.xp ^ # --add Microsoft.VisualStudio.Component.VC.v142 ^ # --add Microsoft.VisualStudio.Component.VC.v142.x86.x64 ^ # --quiet --norestart - name: Select PlatformToolset id: select_toolset shell: pwsh run: | $vswhere = "${env:ProgramFiles(x86)}\Microsoft Visual Studio\Installer\vswhere.exe" $vs2019 = & $vswhere -products * -version "[16.0,17.0)" -property installationPath -latest $vs2022 = & $vswhere -products * -version "[17.0,)" -property installationPath -latest if ($vs2019) { "toolset=v140_xp" >> $env:GITHUB_OUTPUT Write-Host "Selected v140_xp toolset" } elseif ($vs2022) { "toolset=v143" >> $env:GITHUB_OUTPUT Write-Host "Selected v143 toolset" } else { Write-Error "No suitable Visual Studio installation found" exit 1 } - name: Build run: | $toolset = '${{ steps.select_toolset.outputs.toolset }}' msbuild ${{ env.solution }} -p:Configuration="${{ env.buildRelease }}" /t:Clean,Build /p:Platform=${{ env.buildPlatform }} /p:PlatformToolset=$toolset /p:XPDeprecationWarning=false # - name: Get rcedit from chocolatey # shell: pwsh # run: | # choco install rcedit -y - name: Move files run: | mkdir publish\debug mkdir publish\addons\amxmodx\modules move msvc\${{ env.buildRelease }}\reapi_amxx.dll publish\addons\amxmodx\modules\reapi_amxx.dll move msvc\${{ env.buildRelease }}\reapi_amxx.pdb publish\debug\reapi_amxx.pdb - name: Get app version id: get_version shell: pwsh run: | $versionFile = "reapi/version/appversion.h" if (-not (Test-Path $versionFile)) { Write-Error "Version file not found: $versionFile" exit 1 } $content = Get-Content $versionFile foreach ($line in $content) { if ($line -match '^\s*#define\s+APP_VERSION\s+"([^"]+)"') { $version = $matches[1] "version=$version" >> $env:GITHUB_OUTPUT Write-Host "Found version: $version" exit 0 } } Write-Error "APP_VERSION not found in file" exit 1 - name: Show version run: echo "Version is ${{ steps.get_version.outputs.version }}" - name: Import PFX and sign if: github.event_name != 'pull_request' env: KEY_PFX_PASS: ${{ secrets.KEY_PFX_PASS }} # https://github.com/actions/runner-images/blob/main/images/windows/Windows2025-Readme.md run: | $pfxBase64 = "${{ secrets.KEY_PFX_B64 }}" [IO.File]::WriteAllBytes("${{ github.workspace }}\signing-cert.pfx", [Convert]::FromBase64String($pfxBase64)) certutil -f -p "${{ secrets.KEY_PFX_PASS }}" -importPFX "${{ github.workspace }}\signing-cert.pfx" & 'C:\Program Files (x86)\Windows Kits\10\bin\10.0.26100.0\x86\signtool.exe' sign /a /f "${{ github.workspace }}\signing-cert.pfx" /p $env:KEY_PFX_PASS /d "ReAPI - AMX Mod X module, using API regamedll & rehlds" /du "https://rehlds.dev/" /tr "http://timestamp.digicert.com" /td sha256 /fd sha256 /v ${{ github.workspace }}\publish\addons\amxmodx\modules\reapi_amxx.dll Remove-Item -Recurse -Force "${{ github.workspace }}\signing-cert.pfx" shell: "pwsh" - name: Deploy artifacts uses: actions/upload-artifact@v4 with: name: win32 path: publish/* linux: name: 'Linux' runs-on: ubuntu-24.04 container: debian:11-slim outputs: app-version: ${{ steps.app-version.outputs.version }} steps: - name: Check dependencies run: | dpkg --add-architecture i386 apt-get update apt-get install -y \ gcc-multilib g++-multilib \ build-essential \ libc6-dev libc6-dev-i386 \ git cmake rsync \ g++ gcc - name: Configure run: git config --global --add safe.directory "$GITHUB_WORKSPACE" - name: Checkout uses: actions/checkout@v4 with: fetch-depth: 0 - name: GPG Import run: | echo "${{ secrets.PUB_ASC }}" > "${{ secrets.PUB_ASC_FILE }}" echo "${{ secrets.KEY_ASC }}" > "${{ secrets.KEY_ASC_FILE }}" # Import the public key gpg --batch --yes --import "${{ secrets.PUB_ASC_FILE }}" if [[ $? -ne 0 ]]; then echo "Error: Failed to import the public key" exit 1 fi # Import the private key gpg --batch --yes --import "${{ secrets.KEY_ASC_FILE }}" if [[ $? -ne 0 ]]; then echo "Error: Failed to import the private key" exit 2 fi # Extract the fingerprint of the imported public key GPG_LINUX_FINGERPRINT=$(gpg --list-keys --with-colons | grep '^fpr' | head -n 1 | cut -d: -f10) # Check if the fingerprint was extracted if [[ -z "$GPG_LINUX_FINGERPRINT" ]]; then echo "Error: Failed to extract the fingerprint of the key" exit 3 fi # Set the trust level for the key echo "$GPG_LINUX_FINGERPRINT:6:" | gpg --batch --import-ownertrust if [ $? -ne 0 ]; then echo "Error: Failed to set trust for the key $GPG_LINUX_FINGERPRINT" exit 4 fi echo "Key $GPG_LINUX_FINGERPRINT successfully imported and trusted" gpg --list-keys #export for global use echo "GPG_LINUX_FINGERPRINT=$GPG_LINUX_FINGERPRINT" >> $GITHUB_ENV shell: bash if: github.event_name != 'pull_request' - name: Build run: | rm -rf build && CC=gcc CXX=g++ cmake -B build && cmake --build build -j8 - name: Reading appversion.h id: app-version run: | if [ -e "reapi/version/appversion.h" ]; then APP_VERSION=$(cat "reapi/version/appversion.h" | grep -wi '#define APP_VERSION_STRD' | sed -e 's/#define APP_VERSION_STRD[ \t\r\n\v\f]\+\(.*\)/\1/i' -e 's/\r//g') if [ $? -ne 0 ]; then APP_VERSION="" else # Remove quotes APP_VERSION=$(echo $APP_VERSION | xargs) echo "APP_VERSION=${APP_VERSION}" >> $GITHUB_ENV fi fi echo "version=${APP_VERSION}" >> "$GITHUB_OUTPUT" shell: bash - name: Prepare AMXX run: | mkdir -p publish/addons/amxmodx/modules rsync -a reapi/extra/amxmodx/ publish/addons/amxmodx/ rsync -a reapi/version/reapi_version.inc publish/addons/amxmodx/scripting/include/ - name: Move files run: | mv build/reapi/reapi_amxx_i386.so publish/addons/amxmodx/modules/reapi_amxx_i386.so - name: Run GLIBC/ABI version compat test run: | binaries=( "publish/addons/amxmodx/modules/reapi_amxx_i386.so" ) bash ./reapi/version/glibc_test.sh ${binaries[@]} if [[ $? -ne 0 ]]; then exit 1 # Assertion failed fi shell: bash - name: Deploy artifacts uses: actions/upload-artifact@v4 id: upload-job with: name: linux32 path: publish/* publish: name: 'Publish' runs-on: ubuntu-latest needs: [windows, linux] steps: - name: Deploying linux artifacts uses: actions/download-artifact@v4 with: name: linux32 - name: Deploying windows artifacts uses: actions/download-artifact@v4 with: name: win32 - name: Packaging binaries id: packaging-job if: | github.event_name == 'release' && github.event.action == 'published' && startsWith(github.ref, 'refs/tags/') run: | # new runner, niw signs echo "${{ secrets.PUB_ASC }}" > "${{ secrets.PUB_ASC_FILE }}" echo "${{ secrets.KEY_ASC }}" > "${{ secrets.KEY_ASC_FILE }}" gpg --batch --yes --import "${{ secrets.PUB_ASC_FILE }}" gpg --batch --yes --import "${{ secrets.KEY_ASC_FILE }}" GPG_LINUX_FINGERPRINT=$(gpg --list-keys --with-colons | grep '^fpr' | head -n 1 | cut -d: -f10) echo "$GPG_LINUX_FINGERPRINT:6:" | gpg --batch --import-ownertrust echo "GPG_LINUX_FINGERPRINT=$GPG_LINUX_FINGERPRINT" >> $GITHUB_ENV sign_file() { local file=$1 gpg --batch --yes --detach-sign --armor -u "$GPG_LINUX_FINGERPRINT" "$file" if [ $? -ne 0 ]; then echo "Error: Failed to sign $file" exit 2 fi echo "$file signed successfully." } # Pack and sign final archive 7z a -tzip reapi-bin-${{ needs.linux.outputs.app-version }}.zip addons/ sign_file "reapi-bin-${{ env.APP_VERSION }}.zip" - name: Publish artifacts uses: softprops/action-gh-release@v2 id: publish-job if: | startsWith(github.ref, 'refs/tags/') && steps.packaging-job.outcome == 'success' with: files: | *.zip env: GITHUB_TOKEN: ${{ secrets.API_TOKEN }}