diff --git a/.github/workflows/build-toolchain.yml b/.github/workflows/build-toolchain.yml index e99e149a6..5b7864863 100644 --- a/.github/workflows/build-toolchain.yml +++ b/.github/workflows/build-toolchain.yml @@ -145,7 +145,12 @@ on: required: true PASSPHRASE: required: true - + R2_ACCOUNT_ID: + required: true + R2_ACCESS_KEY_ID: + required: true + R2_SECRET_ACCESS_KEY: + required: true jobs: context: @@ -871,6 +876,9 @@ jobs: SYMBOL_SERVER_PAT: ${{ secrets.SYMBOL_SERVER_PAT }} CERTIFICATE: ${{ secrets.CERTIFICATE }} PASSPHRASE: ${{ secrets.PASSPHRASE }} + R2_ACCOUNT_ID: ${{ secrets.R2_ACCOUNT_ID }} + R2_ACCESS_KEY_ID: ${{ secrets.R2_ACCESS_KEY_ID }} + R2_SECRET_ACCESS_KEY: ${{ secrets.R2_SECRET_ACCESS_KEY }} mac-build: # TODO: Enable the mac build. @@ -955,6 +963,9 @@ jobs: SYMBOL_SERVER_PAT: ${{ secrets.SYMBOL_SERVER_PAT }} CERTIFICATE: ${{ secrets.CERTIFICATE }} PASSPHRASE: ${{ secrets.PASSPHRASE }} + R2_ACCOUNT_ID: ${{ secrets.R2_ACCOUNT_ID }} + R2_ACCESS_KEY_ID: ${{ secrets.R2_ACCESS_KEY_ID }} + R2_SECRET_ACCESS_KEY: ${{ secrets.R2_SECRET_ACCESS_KEY }} snapshot: runs-on: ubuntu-latest @@ -986,41 +997,51 @@ jobs: steps: - uses: actions/download-artifact@v4 with: - name: Windows-amd64-installer - path: ${{ github.workspace }}/tmp/amd64 + name: Windows-amd64-installer-online + path: ${{ github.workspace }}/tmp/online/amd64 - uses: actions/download-artifact@v4 with: - name: Windows-arm64-installer - path: ${{ github.workspace }}/tmp/arm64 + name: Windows-arm64-installer-online + path: ${{ github.workspace }}/tmp/online/arm64 + + - uses: actions/download-artifact@v4 + with: + name: Windows-amd64-installer-offline + path: ${{ github.workspace }}/tmp/offline/amd64 + - uses: actions/download-artifact@v4 + with: + name: Windows-arm64-installer-offline + path: ${{ github.workspace }}/tmp/offline/arm64 + - name: Create Release env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} run: | + function upload_installer() { + local input_file=$1 + local output_name=$2 + + mv "${input_file}" "${output_name}" + gh release upload ${{ needs.context.outputs.swift_tag }} "${output_name}" -R ${{ github.repository }} + + shasum -a 256 "${output_name}" > "${output_name}.sha256" + gh release upload ${{ needs.context.outputs.swift_tag }} "${output_name}.sha256" -R ${{ github.repository }} + } + branch_version_string=${{ inputs.swift_version || '0.0.0' }} if [[ $branch_version_string == "0.0.0" ]]; then latest="true" else latest="false" fi + # Create Release gh release create ${{ needs.context.outputs.swift_tag }} -R ${{ github.repository }} --latest=${latest} - # AMD64 - cd ${{ github.workspace }}/tmp/amd64 - - mv installer.exe installer-amd64.exe - gh release upload ${{ needs.context.outputs.swift_tag }} installer-amd64.exe -R ${{ github.repository }} - - shasum -a 256 installer-amd64.exe > installer-amd64.exe.sha256 - gh release upload ${{ needs.context.outputs.swift_tag }} installer-amd64.exe.sha256 -R ${{ github.repository }} - - # ARM64 - cd ${{ github.workspace }}/tmp/arm64 - - mv installer.exe installer-arm64.exe - gh release upload ${{ needs.context.outputs.swift_tag }} installer-arm64.exe -R ${{ github.repository }} - - shasum -a 256 installer-arm64.exe > installer-arm64.exe.sha256 - gh release upload ${{ needs.context.outputs.swift_tag }} installer-arm64.exe.sha256 -R ${{ github.repository }} + # Upload all installer variants + upload_installer "${{ github.workspace }}/tmp/online/amd64/installer.exe" "installer-amd64.exe" + upload_installer "${{ github.workspace }}/tmp/online/arm64/installer.exe" "installer-arm64.exe" + upload_installer "${{ github.workspace }}/tmp/offline/amd64/installer.exe" "installer-offline-amd64.exe" + upload_installer "${{ github.workspace }}/tmp/offline/arm64/installer.exe" "installer-offline-arm64.exe" diff --git a/.github/workflows/swift-toolchain.yml b/.github/workflows/swift-toolchain.yml index 433a6102c..d08f8ec34 100644 --- a/.github/workflows/swift-toolchain.yml +++ b/.github/workflows/swift-toolchain.yml @@ -283,6 +283,12 @@ on: required: true PASSPHRASE: required: true + R2_ACCOUNT_ID: + required: true + R2_ACCESS_KEY_ID: + required: true + R2_SECRET_ACCESS_KEY: + required: true env: PINNED_BOOTSTRAP_TOOLCHAIN_VERSION: 6.1.2 @@ -5068,7 +5074,7 @@ jobs: -p:ProductVersion=${{ inputs.swift_version }}-${{ inputs.swift_tag }} ` ${{ github.workspace }}/SourceCache/swift-installer-scripts/platforms/Windows/shared/shared.wixproj - - name: Build installer bundle + - name: Build installer bundle (offline) run: | $Platforms=@("windows") if ("${{ inputs.build_android }}" -eq "true") { @@ -5091,16 +5097,98 @@ jobs: -p:ToolchainVariants="`"asserts;noasserts`"" ` ${{ github.workspace }}/SourceCache/swift-installer-scripts/platforms/Windows/bundle/installer.wixproj - - if: ${{ inputs.release }} + - name: Generate Build Provenance (offline installer) + if: ${{ inputs.release }} uses: actions/attest-build-provenance@v2 with: subject-path: ${{ github.workspace }}/BinaryCache/installer/Release/${{ matrix.arch }}/installer.exe - - uses: actions/upload-artifact@v4 + - name: Upload installer (offline) + uses: actions/upload-artifact@v4 + with: + name: Windows-${{ matrix.arch }}-installer-offline + path: ${{ github.workspace }}/BinaryCache/installer/Release/${{ matrix.arch }}/installer.exe + + - name: Generate online installer download URL + if: ${{ inputs.release }} + id: generate-base-release-download-subcomponent + run: | + $BaseReleaseDownloadUrlSubcomponent = "${{ inputs.swift_tag }}/${{ matrix.arch }}/${{ github.run_id }}" + echo "url_subcomponent=$BaseReleaseDownloadUrlSubcomponent" >> $env:GITHUB_OUTPUT + + - name: Build installer bundle (online) + if: ${{ inputs.release }} + run: | + $Platforms=@("windows") + if ("${{ inputs.build_android }}" -eq "true") { + $Platforms=@("android") + $Platforms + } + $BaseReleaseDownloadUrl = "https://swift-toolchain.thebrowserco.com/${{ steps.generate-base-release-download-subcomponent.outputs.url_subcomponent }}" + + msbuild -nologo -restore -maxCpuCount ` + /t:rebuild ` + -p:BaseOutputPath=${{ github.workspace }}\BinaryCache\installer\ ` + -p:Configuration=Release ` + -p:BuildProjectReferences=false ` + -p:SignOutput=${{ inputs.signed }} ` + -p:CERTIFICATE=${env:CERTIFICATE} ` + -p:PASSPHRASE=${{ secrets.PASSPHRASE }} ` + -p:BundleFlavor=online ` + -p:BaseReleaseDownloadUrl=$BaseReleaseDownloadUrl ` + -p:Platforms="`"$($Platforms -Join ';')`"" ` + -p:AndroidArchitectures="`"aarch64;armv7;i686;x86_64`"" ` + -p:WindowsArchitectures="`"aarch64;i686;x86_64`"" ` + -p:ProductArchitecture=${{ matrix.arch }} ` + -p:ProductVersion=${{ inputs.swift_version }}-${{ inputs.swift_tag }} ` + -p:ToolchainVariants="`"asserts;noasserts`"" ` + ${{ github.workspace }}/SourceCache/swift-installer-scripts/platforms/Windows/bundle/installer.wixproj + + - name: Prepare layout for upload + id: prepare-layout + if: ${{ inputs.release }} + run: | + # Create the target folder. + $SourceDir = "${{ github.workspace }}/BinaryCache/installer/Release/${{ matrix.arch }}" + $LayoutDir = "${{ github.workspace }}/BinaryCache/installer/Release/${{ matrix.arch }}/layout" + New-Item -ItemType Directory -Path $LayoutDir -Force | Out-Null + + # Copy all .txt files from src to the filtered directory + Copy-Item -Path "$SourceDir/installer.exe" -Destination "$LayoutDir" -Force + Copy-Item -Path "$SourceDir/*.cab" -Destination "$LayoutDir" -Force + Copy-Item -Path "$SourceDir/*.msi" -Destination "$LayoutDir" -Force + + echo "LayoutDir=$LayoutDir" + echo "LayoutDir=$LayoutDir" >> $env:GITHUB_OUTPUT + + - name: Generate Build Provenance (online installer) + if: ${{ inputs.release }} + uses: actions/attest-build-provenance@v2 with: - name: Windows-${{ matrix.arch }}-installer + subject-path: ${{ github.workspace }}/BinaryCache/installer/Release/${{ matrix.arch }}/installer.exe + + - name: Upload installer (online) + if: ${{ inputs.release }} + uses: actions/upload-artifact@v4 + with: + name: Windows-${{ matrix.arch }}-installer-online path: ${{ github.workspace }}/BinaryCache/installer/Release/${{ matrix.arch }}/installer.exe + - name: Upload msi's and cab's + if: ${{ inputs.release }} + env: + SOURCE_DIR: ${{ steps.prepare-layout.outputs.LayoutDir }} + DESTINATION_PREFIX: ${{ steps.generate-base-release-download-subcomponent.outputs.url_subcomponent }} + R2_BUCKET: swift-toolchain + AWS_ACCESS_KEY_ID: ${{ secrets.R2_ACCESS_KEY_ID }} + AWS_SECRET_ACCESS_KEY: ${{ secrets.R2_SECRET_ACCESS_KEY }} + AWS_DEFAULT_REGION: auto + R2_ENDPOINT_URL: https://${{ secrets.R2_ACCOUNT_ID }}.r2.cloudflarestorage.com + run: | + aws s3 sync "${env:SOURCE_DIR}" "s3://${env:R2_BUCKET}/${env:DESTINATION_PREFIX}/" ` + --endpoint-url "${env:R2_ENDPOINT_URL}" ` + --no-progress ` + --acl private + smoke_test: # TODO: Build this on macOS or make an equivalent Mac-only job if: inputs.build_os == 'Windows' @@ -5108,9 +5196,10 @@ jobs: runs-on: ${{ inputs.default_build_runner }} steps: - - uses: actions/download-artifact@v4 + - name: Download Swift SDK Installer (${{ inputs.release && 'online' || 'offline' }}) + uses: actions/download-artifact@v4 with: - name: Windows-${{ inputs.build_arch }}-installer + name: Windows-${{ inputs.build_arch }}-installer-${{ inputs.release && 'online' || 'offline' }} path: ${{ github.workspace }}/tmp # TODO(compnerd): migrate this to compnerd/gha-setup-swift after the work that @mangini is doing is completed @@ -5172,10 +5261,10 @@ jobs: arch: [ x86_64, aarch64 ] steps: - - name: Download Swift SDK + - name: Download Swift SDK Installer (${{ inputs.release && 'online' || 'offline' }}) uses: actions/download-artifact@v4 with: - name: Windows-${{ inputs.build_arch }}-installer + name: Windows-${{ inputs.build_arch }}-installer-${{ inputs.release && 'online' || 'offline' }} path: ${{ github.workspace }}/tmp # TODO(compnerd): migrate this to compnerd/gha-setup-swift after the work that @mangini is doing is completed