Skip to content

Build iOS Artifacts #67

Build iOS Artifacts

Build iOS Artifacts #67

Workflow file for this run

name: Build iOS Artifacts
on:
workflow_dispatch:
inputs:
dry_run:
description: "Just build, don't publish"
default: false
required: false
type: boolean
env:
CARGO_TERM_COLOR: always
jobs:
build:
name: Build
permissions:
# Needed for ncipollo/release-action.
contents: 'write'
# Needed for google-github-actions/auth.
id-token: 'write'
runs-on: macos-latest
timeout-minutes: 45
steps:
- uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
with:
submodules: recursive
- name: Checking run eligibility
uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1
with:
script: |
const dryRun = ${{ inputs.dry_run }};
const refType = '${{ github.ref_type }}';
const refName = '${{ github.ref_name }}';
console.log(dryRun
? `Running in 'dry run' mode on '${refName}' ${refType}`
: `Running on '${refName}' ${refType}`);
if (refType !== 'tag' && !dryRun) {
core.setFailed("the action should either be launched on a tag or with a 'dry run' switch");
}
- id: archive-name
run: echo name=libsignal-client-ios-build-v$(sed -En "s/${VERSION_REGEX}/\1/p" LibSignalClient.podspec).tar.gz >> $GITHUB_OUTPUT
env:
VERSION_REGEX: "^.*[.]version += '(.+)'$"
- run: rustup toolchain install $(cat rust-toolchain) --profile minimal --target x86_64-apple-ios,aarch64-apple-ios,aarch64-apple-ios-sim --component rust-src
- run: brew install protobuf
- name: Build for x86_64-apple-ios
run: swift/build_ffi.sh --release
env:
CARGO_BUILD_TARGET: x86_64-apple-ios
- name: Build for aarch64-apple-ios
run: swift/build_ffi.sh --release
env:
CARGO_BUILD_TARGET: aarch64-apple-ios
- name: Build for aarch64-apple-ios-sim
run: swift/build_ffi.sh --release
env:
CARGO_BUILD_TARGET: aarch64-apple-ios-sim
- run: tar -c --auto-compress --no-mac-metadata -f ${{ steps.archive-name.outputs.name }} target/*/release/libsignal_ffi.a
- run: 'shasum -a 256 ${{ steps.archive-name.outputs.name }} | tee -a $GITHUB_STEP_SUMMARY ${{ steps.archive-name.outputs.name }}.sha256'
shell: bash # Explicitly setting the shell turns on pipefail in GitHub Actions
- name: Attach artifact to the run
uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4.3.1
with:
path: ${{ steps.archive-name.outputs.name }}
name: libsignal-client-ios
- uses: google-github-actions/auth@55bd3a7c6e2ae7cf1877fd1ccb9d54c0503c457c # v2.1.2
if: ${{ !inputs.dry_run }}
with:
workload_identity_provider: 'projects/741367068918/locations/global/workloadIdentityPools/github/providers/github-actions'
service_account: 'github-actions@signal-build-artifacts.iam.gserviceaccount.com'
- uses: google-github-actions/upload-cloud-storage@22121cd842b0d185e042e28d969925b538c33d77 # v2.1.0
if: ${{ !inputs.dry_run }}
with:
path: ${{ steps.archive-name.outputs.name }}
destination: build-artifacts.signal.org/libraries
# This step is expected to fail if not run on a tag.
- name: Upload checksum to release
uses: ncipollo/release-action@66b1844f0b7ef940787c9d128846d5ac09b3881f # v1.14
if: ${{ !inputs.dry_run }}
with:
allowUpdates: true
artifactErrorsFailBuild: true
artifacts: ${{ steps.archive-name.outputs.name }}.sha256