mirror of
https://github.com/rehlds/reapi.git
synced 2025-07-23 13:41:50 +03:00
STAM
8a25d1e5e9
+ added signing + migrated to windows-2025 runner + wmic deprecated and migrated to ps
312 lines
11 KiB
YAML
312 lines
11 KiB
YAML
name: C/C++ CI
|
|
|
|
on:
|
|
push:
|
|
branches: [master]
|
|
paths-ignore:
|
|
- '**.md'
|
|
- '.github/**'
|
|
|
|
pull_request:
|
|
types: [opened, reopened, synchronize]
|
|
release:
|
|
types: [published]
|
|
workflow_dispatch:
|
|
|
|
jobs:
|
|
windows:
|
|
name: 'Windows'
|
|
runs-on: windows-2025
|
|
|
|
env:
|
|
solution: 'msvc/reapi.sln'
|
|
buildPlatform: 'Win32'
|
|
buildRelease: 'Release'
|
|
|
|
steps:
|
|
- name: Configure
|
|
run: git config --global --add safe.directory "$GITHUB_WORKSPACE"
|
|
|
|
- name: Checkout
|
|
uses: actions/checkout@v4
|
|
with:
|
|
fetch-depth: 0
|
|
|
|
- name: Setup MSBuild
|
|
uses: microsoft/setup-msbuild@v2
|
|
|
|
# TODO: add support of 141_xp toolchain at VS2022+
|
|
# - name: Install v140, v141 and v142 toolsets
|
|
# shell: cmd
|
|
# run: |
|
|
# "C:\Program Files (x86)\Microsoft Visual Studio\Installer\vs_installer.exe" modify ^
|
|
# --installPath "C:\Program Files\Microsoft Visual Studio\2022\Enterprise" ^
|
|
# --add Microsoft.VisualStudio.Component.WindowsXP ^
|
|
# --add Microsoft.VisualStudio.Component.VC.v140 ^
|
|
# --add Microsoft.VisualStudio.Component.VC.v140.x86.x64 ^
|
|
# --add Microsoft.VisualStudio.Component.VC.v140.xp ^
|
|
# --add Microsoft.VisualStudio.Component.VC.140.CRT ^
|
|
# --add Microsoft.VisualStudio.Component.VC.v141 ^
|
|
# --add Microsoft.VisualStudio.Component.VC.v141.x86.x64 ^
|
|
# --add Microsoft.VisualStudio.Component.VC.v141.xp ^
|
|
# --add Microsoft.VisualStudio.Component.VC.v142 ^
|
|
# --add Microsoft.VisualStudio.Component.VC.v142.x86.x64 ^
|
|
# --quiet --norestart
|
|
|
|
- name: Select PlatformToolset
|
|
id: select_toolset
|
|
shell: pwsh
|
|
run: |
|
|
$vswhere = "${env:ProgramFiles(x86)}\Microsoft Visual Studio\Installer\vswhere.exe"
|
|
$vs2019 = & $vswhere -products * -version "[16.0,17.0)" -property installationPath -latest
|
|
$vs2022 = & $vswhere -products * -version "[17.0,)" -property installationPath -latest
|
|
|
|
if ($vs2019) {
|
|
"toolset=v140_xp" >> $env:GITHUB_OUTPUT
|
|
Write-Host "Selected v140_xp toolset"
|
|
} elseif ($vs2022) {
|
|
"toolset=v143" >> $env:GITHUB_OUTPUT
|
|
Write-Host "Selected v143 toolset"
|
|
} else {
|
|
Write-Error "No suitable Visual Studio installation found"
|
|
exit 1
|
|
}
|
|
- name: Build
|
|
run: |
|
|
$toolset = '${{ steps.select_toolset.outputs.toolset }}'
|
|
msbuild ${{ env.solution }} -p:Configuration="${{ env.buildRelease }}" /t:Clean,Build /p:Platform=${{ env.buildPlatform }} /p:PlatformToolset=$toolset /p:XPDeprecationWarning=false
|
|
|
|
# - name: Get rcedit from chocolatey
|
|
# shell: pwsh
|
|
# run: |
|
|
# choco install rcedit -y
|
|
|
|
- name: Move files
|
|
run: |
|
|
mkdir publish\debug
|
|
mkdir publish\addons\amxmodx\modules
|
|
|
|
move msvc\${{ env.buildRelease }}\reapi_amxx.dll publish\addons\amxmodx\modules\reapi_amxx.dll
|
|
move msvc\${{ env.buildRelease }}\reapi_amxx.pdb publish\debug\reapi_amxx.pdb
|
|
|
|
- name: Get app version
|
|
id: get_version
|
|
shell: pwsh
|
|
run: |
|
|
$versionFile = "reapi/version/appversion.h"
|
|
if (-not (Test-Path $versionFile)) {
|
|
Write-Error "Version file not found: $versionFile"
|
|
exit 1
|
|
}
|
|
|
|
$content = Get-Content $versionFile
|
|
foreach ($line in $content) {
|
|
if ($line -match '^\s*#define\s+APP_VERSION\s+"([^"]+)"') {
|
|
$version = $matches[1]
|
|
"version=$version" >> $env:GITHUB_OUTPUT
|
|
Write-Host "Found version: $version"
|
|
exit 0
|
|
}
|
|
}
|
|
Write-Error "APP_VERSION not found in file"
|
|
exit 1
|
|
|
|
- name: Show version
|
|
run: echo "Version is ${{ steps.get_version.outputs.version }}"
|
|
|
|
- name: Import PFX and sign
|
|
if: github.event_name != 'pull_request'
|
|
env:
|
|
KEY_PFX_PASS: ${{ secrets.KEY_PFX_PASS }}
|
|
# https://github.com/actions/runner-images/blob/main/images/windows/Windows2025-Readme.md
|
|
run: |
|
|
$pfxBase64 = "${{ secrets.KEY_PFX_B64 }}"
|
|
[IO.File]::WriteAllBytes("${{ github.workspace }}\signing-cert.pfx", [Convert]::FromBase64String($pfxBase64))
|
|
certutil -f -p "${{ secrets.KEY_PFX_PASS }}" -importPFX "${{ github.workspace }}\signing-cert.pfx"
|
|
& 'C:\Program Files (x86)\Windows Kits\10\bin\10.0.26100.0\x86\signtool.exe' sign /a /f "${{ github.workspace }}\signing-cert.pfx" /p $env:KEY_PFX_PASS /d "ReAPI - AMX Mod X module, using API regamedll & rehlds" /du "https://rehlds.dev/" /tr "http://timestamp.digicert.com" /td sha256 /fd sha256 /v ${{ github.workspace }}\publish\addons\amxmodx\modules\reapi_amxx.dll
|
|
Remove-Item -Recurse -Force "${{ github.workspace }}\signing-cert.pfx"
|
|
shell: "pwsh"
|
|
|
|
- name: Deploy artifacts
|
|
uses: actions/upload-artifact@v4
|
|
with:
|
|
name: win32
|
|
path: publish/*
|
|
|
|
linux:
|
|
name: 'Linux'
|
|
runs-on: ubuntu-24.04
|
|
container: debian:11-slim
|
|
outputs:
|
|
app-version: ${{ steps.app-version.outputs.version }}
|
|
|
|
steps:
|
|
- name: Check dependencies
|
|
run: |
|
|
dpkg --add-architecture i386
|
|
apt-get update
|
|
apt-get install -y \
|
|
gcc-multilib g++-multilib \
|
|
build-essential \
|
|
libc6-dev libc6-dev-i386 \
|
|
git cmake rsync \
|
|
g++ gcc
|
|
|
|
- name: Configure
|
|
run: git config --global --add safe.directory "$GITHUB_WORKSPACE"
|
|
|
|
- name: Checkout
|
|
uses: actions/checkout@v4
|
|
with:
|
|
fetch-depth: 0
|
|
|
|
- name: GPG Import
|
|
run: |
|
|
echo "${{ secrets.PUB_ASC }}" > "${{ secrets.PUB_ASC_FILE }}"
|
|
echo "${{ secrets.KEY_ASC }}" > "${{ secrets.KEY_ASC_FILE }}"
|
|
|
|
# Import the public key
|
|
gpg --batch --yes --import "${{ secrets.PUB_ASC_FILE }}"
|
|
if [[ $? -ne 0 ]]; then
|
|
echo "Error: Failed to import the public key"
|
|
exit 1
|
|
fi
|
|
|
|
# Import the private key
|
|
gpg --batch --yes --import "${{ secrets.KEY_ASC_FILE }}"
|
|
if [[ $? -ne 0 ]]; then
|
|
echo "Error: Failed to import the private key"
|
|
exit 2
|
|
fi
|
|
|
|
# Extract the fingerprint of the imported public key
|
|
GPG_LINUX_FINGERPRINT=$(gpg --list-keys --with-colons | grep '^fpr' | head -n 1 | cut -d: -f10)
|
|
|
|
# Check if the fingerprint was extracted
|
|
if [[ -z "$GPG_LINUX_FINGERPRINT" ]]; then
|
|
echo "Error: Failed to extract the fingerprint of the key"
|
|
exit 3
|
|
fi
|
|
|
|
# Set the trust level for the key
|
|
echo "$GPG_LINUX_FINGERPRINT:6:" | gpg --batch --import-ownertrust
|
|
if [ $? -ne 0 ]; then
|
|
echo "Error: Failed to set trust for the key $GPG_LINUX_FINGERPRINT"
|
|
exit 4
|
|
fi
|
|
|
|
echo "Key $GPG_LINUX_FINGERPRINT successfully imported and trusted"
|
|
gpg --list-keys
|
|
|
|
#export for global use
|
|
echo "GPG_LINUX_FINGERPRINT=$GPG_LINUX_FINGERPRINT" >> $GITHUB_ENV
|
|
shell: bash
|
|
if: github.event_name != 'pull_request'
|
|
|
|
- name: Build
|
|
run: |
|
|
rm -rf build && CC=gcc CXX=g++ cmake -B build && cmake --build build -j8
|
|
|
|
- name: Reading appversion.h
|
|
id: app-version
|
|
run: |
|
|
if [ -e "reapi/version/appversion.h" ]; then
|
|
APP_VERSION=$(cat "reapi/version/appversion.h" | grep -wi '#define APP_VERSION_STRD' | sed -e 's/#define APP_VERSION_STRD[ \t\r\n\v\f]\+\(.*\)/\1/i' -e 's/\r//g')
|
|
if [ $? -ne 0 ]; then
|
|
APP_VERSION=""
|
|
else
|
|
# Remove quotes
|
|
APP_VERSION=$(echo $APP_VERSION | xargs)
|
|
echo "APP_VERSION=${APP_VERSION}" >> $GITHUB_ENV
|
|
fi
|
|
fi
|
|
echo "version=${APP_VERSION}" >> "$GITHUB_OUTPUT"
|
|
shell: bash
|
|
|
|
- name: Prepare AMXX
|
|
run: |
|
|
mkdir -p publish/addons/amxmodx/modules
|
|
rsync -a reapi/extra/amxmodx/ publish/addons/amxmodx/
|
|
rsync -a reapi/version/reapi_version.inc publish/addons/amxmodx/scripting/include/
|
|
|
|
- name: Move files
|
|
run: |
|
|
mv build/reapi/reapi_amxx_i386.so publish/addons/amxmodx/modules/reapi_amxx_i386.so
|
|
|
|
- name: Run GLIBC/ABI version compat test
|
|
run: |
|
|
binaries=(
|
|
"publish/addons/amxmodx/modules/reapi_amxx_i386.so"
|
|
)
|
|
bash ./reapi/version/glibc_test.sh ${binaries[@]}
|
|
if [[ $? -ne 0 ]]; then
|
|
exit 1 # Assertion failed
|
|
fi
|
|
shell: bash
|
|
|
|
- name: Deploy artifacts
|
|
uses: actions/upload-artifact@v4
|
|
id: upload-job
|
|
with:
|
|
name: linux32
|
|
path: publish/*
|
|
|
|
publish:
|
|
name: 'Publish'
|
|
runs-on: ubuntu-latest
|
|
needs: [windows, linux]
|
|
|
|
steps:
|
|
- name: Deploying linux artifacts
|
|
uses: actions/download-artifact@v4
|
|
with:
|
|
name: linux32
|
|
|
|
- name: Deploying windows artifacts
|
|
uses: actions/download-artifact@v4
|
|
with:
|
|
name: win32
|
|
|
|
- name: Packaging binaries
|
|
id: packaging-job
|
|
if: |
|
|
github.event_name == 'release' &&
|
|
github.event.action == 'published' &&
|
|
startsWith(github.ref, 'refs/tags/')
|
|
run: |
|
|
|
|
# new runner, niw signs
|
|
echo "${{ secrets.PUB_ASC }}" > "${{ secrets.PUB_ASC_FILE }}"
|
|
echo "${{ secrets.KEY_ASC }}" > "${{ secrets.KEY_ASC_FILE }}"
|
|
gpg --batch --yes --import "${{ secrets.PUB_ASC_FILE }}"
|
|
gpg --batch --yes --import "${{ secrets.KEY_ASC_FILE }}"
|
|
GPG_LINUX_FINGERPRINT=$(gpg --list-keys --with-colons | grep '^fpr' | head -n 1 | cut -d: -f10)
|
|
echo "$GPG_LINUX_FINGERPRINT:6:" | gpg --batch --import-ownertrust
|
|
echo "GPG_LINUX_FINGERPRINT=$GPG_LINUX_FINGERPRINT" >> $GITHUB_ENV
|
|
|
|
sign_file() {
|
|
local file=$1
|
|
gpg --batch --yes --detach-sign --armor -u "$GPG_LINUX_FINGERPRINT" "$file"
|
|
if [ $? -ne 0 ]; then
|
|
echo "Error: Failed to sign $file"
|
|
exit 2
|
|
fi
|
|
echo "$file signed successfully."
|
|
}
|
|
|
|
# Pack and sign final archive
|
|
7z a -tzip reapi-bin-${{ needs.linux.outputs.app-version }}.zip addons/
|
|
sign_file "reapi-bin-${{ env.APP_VERSION }}.zip"
|
|
|
|
- name: Publish artifacts
|
|
uses: softprops/action-gh-release@v2
|
|
id: publish-job
|
|
if: |
|
|
startsWith(github.ref, 'refs/tags/') &&
|
|
steps.packaging-job.outcome == 'success'
|
|
with:
|
|
files: |
|
|
*.zip
|
|
env:
|
|
GITHUB_TOKEN: ${{ secrets.API_TOKEN }}
|