Upload Java libraries to Sonatype (v0.53.0) #91
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Upload Java libraries to Sonatype | |
run-name: ${{ github.workflow }} (${{ github.ref_name }}) | |
on: | |
workflow_dispatch: | |
inputs: | |
dry_run: | |
description: "Just build, don't publish" | |
default: false | |
required: false | |
type: boolean | |
env: | |
CARGO_TERM_COLOR: always | |
jobs: | |
build: | |
name: Build for local development | |
runs-on: ${{ matrix.os }} | |
strategy: | |
matrix: | |
os: [windows-latest, macos-12] | |
include: | |
- os: windows-latest | |
library: signal_jni.dll | |
- os: macos-12 | |
library: libsignal_jni.dylib | |
additional-rust-target: aarch64-apple-darwin | |
# Ubuntu binaries are built using Docker, below | |
timeout-minutes: 45 | |
steps: | |
- uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 | |
with: | |
submodules: recursive | |
- name: Checking run eligibility | |
uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1 | |
with: | |
script: | | |
const dryRun = ${{ inputs.dry_run }}; | |
const refType = '${{ github.ref_type }}'; | |
const refName = '${{ github.ref_name }}'; | |
console.log(dryRun | |
? `Running in 'dry run' mode on '${refName}' ${refType}` | |
: `Running on '${refName}' ${refType}`); | |
if (refType !== 'tag' && !dryRun) { | |
core.setFailed("the action should either be launched on a tag or with a 'dry run' switch"); | |
} | |
- run: rustup toolchain install $(cat rust-toolchain) --profile minimal | |
- run: rustup target add ${{ matrix.additional-rust-target }} | |
if: ${{ matrix.additional-rust-target != '' }} | |
# install nasm compiler for boring | |
- name: Install nasm | |
if: startsWith(matrix.os, 'windows') | |
run: choco install nasm | |
shell: cmd | |
- run: choco install protoc | |
if: matrix.os == 'windows-latest' | |
- run: brew install protobuf | |
if: matrix.os == 'macos-12' | |
- name: Build for host (should be x86_64) | |
run: java/build_jni.sh desktop | |
shell: bash | |
- name: Build for alternate target (arm64) | |
run: java/build_jni.sh desktop | |
if: matrix.os == 'macos-12' | |
env: | |
CARGO_BUILD_TARGET: ${{ matrix.additional-rust-target }} | |
- name: Merge library slices (for macOS) | |
# Using target/release/ for both the input and output wouldn't normally be ideal | |
# from a build system perspective, but we're going to immediately upload the merged library. | |
run: lipo -create target/release/${{ matrix.library }} target/${{ matrix.additional-rust-target }}/release/${{ matrix.library }} -output target/release/${{ matrix.library }} | |
if: matrix.os == 'macos-12' | |
- name: Upload library | |
uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4.3.1 | |
with: | |
name: libsignal_jni (${{matrix.os}}) | |
path: target/release/${{ matrix.library }} | |
verify-rust: | |
name: Verify JNI bindings | |
runs-on: ubuntu-latest | |
timeout-minutes: 45 | |
steps: | |
- uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 | |
with: | |
submodules: recursive | |
- run: rustup toolchain install $(cat rust-toolchain) --profile minimal | |
- run: sudo apt-get update && sudo apt-get install protobuf-compiler | |
- name: Verify that the JNI bindings are up to date | |
run: rust/bridge/jni/bin/gen_java_decl.py --verify | |
publish: | |
name: Build for production and publish | |
runs-on: ubuntu-latest | |
needs: [build, verify-rust] | |
timeout-minutes: 45 | |
steps: | |
- uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 | |
with: | |
submodules: recursive | |
- name: Download built libraries | |
id: download | |
uses: actions/download-artifact@c850b930e6ba138125429b7e5c93fc707a7f8427 # v4.1.4 | |
with: | |
path: artifacts | |
- name: Copy libraries | |
run: mv ${{ steps.download.outputs.download-path }}/*/* java/shared/resources && find java/shared/resources | |
- run: make | |
if: ${{ inputs.dry_run }} | |
working-directory: java | |
- name: Upload libsignal-android | |
if: ${{ inputs.dry_run }} | |
uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4.3.1 | |
with: | |
name: libsignal-android | |
path: java/android/build/outputs/aar/libsignal-android-release.aar | |
- name: Upload libsignal-client | |
if: ${{ inputs.dry_run }} | |
uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4.3.1 | |
with: | |
name: libsignal-client | |
path: java/client/build/libs/libsignal-client-*.jar | |
- name: Upload libsignal-server | |
if: ${{ inputs.dry_run }} | |
uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4.3.1 | |
with: | |
name: libsignal-server | |
path: java/server/build/libs/libsignal-server-*.jar | |
- run: make publish_java | |
if: ${{ !inputs.dry_run }} | |
working-directory: java | |
env: | |
ORG_GRADLE_PROJECT_sonatypeUsername: ${{ secrets.SONATYPE_USER }} | |
ORG_GRADLE_PROJECT_sonatypePassword: ${{ secrets.SONATYPE_PASSWORD }} | |
ORG_GRADLE_PROJECT_signingKeyId: ${{ secrets.SIGNING_KEYID }} | |
ORG_GRADLE_PROJECT_signingPassword: ${{ secrets.SIGNING_PASSWORD }} | |
# ASCII-armored PGP secret key | |
ORG_GRADLE_PROJECT_signingKey: ${{ secrets.SIGNING_KEY }} |