ci: make sure the tag being pushed is both annotated and signed #4261

Workflow file for this run

.github/workflows/bindings.yml at 2313397

	name: build bindings

	concurrency:
	group: "${{ github.workflow }}-${{ github.ref }}"
	cancel-in-progress: true

	on:
	push:
	branches:
	- main
	pull_request:

	env:
	CARGO_TERM_COLOR: always
	CARGO_NET_GIT_FETCH_WITH_CLI: true
	CARGO_REGISTRIES_CRATES_IO_PROTOCOL: sparse

	jobs:
	build-android:
	uses: ./.github/workflows/build-android.yml

	build-jvm-linux:
	uses: ./.github/workflows/build-jvm-linux.yml

	build-ios:
	uses: ./.github/workflows/build-ios.yml

	test-android:
	if: github.repository == 'wireapp/core-crypto'
	runs-on: ubuntu-latest
	needs: build-android
	steps:
	- uses: actions/checkout@v4
	- name: set up jdk 17
	uses: actions/setup-java@v4
	with:
	java-version: "17"
	distribution: "adopt"
	- name: gradle setup
	uses: gradle/actions/setup-gradle@v4
	- name: validate gradle wrapper
	uses: gradle/actions/wrapper-validation@v4
	- uses: actions/download-artifact@v4
	with:
	name: android-target-${{ github.run_id }}
	path: target
	- uses: actions/download-artifact@v4
	with:
	name: android-${{ github.run_id }}
	path: crypto-ffi/bindings
	- name: enable kvm group perms
	run: \|
	echo 'KERNEL=="kvm", GROUP="kvm", MODE="0666", OPTIONS+="static_node=kvm"' \| sudo tee /etc/udev/rules.d/99-kvm4all.rules
	sudo udevadm control --reload-rules
	sudo udevadm trigger --name-match=kvm
	- name: android instrumentation tests
	uses: reactivecircus/android-emulator-runner@v2
	with:
	api-level: 32
	arch: x86_64
	working-directory: ./crypto-ffi/bindings
	script: ./gradlew android:connectedAndroidTest

	build-and-test-jvm:
	if: github.repository == 'wireapp/core-crypto'
	runs-on: ubuntu-latest
	needs: build-jvm-linux
	steps:
	- uses: actions/checkout@v4
	- name: set up jdk 17
	uses: actions/setup-java@v4
	with:
	java-version: "17"
	distribution: "adopt"
	- name: gradle setup
	uses: gradle/actions/setup-gradle@v4
	- name: validate gradle wrapper
	uses: gradle/actions/wrapper-validation@v4
	- name: download linux library
	uses: actions/download-artifact@v4
	with:
	name: jvm-linux-so-file-${{ github.run_id }}
	path: target/x86_64-unknown-linux-gnu/release
	- name: download linux bindings
	uses: actions/download-artifact@v4
	with:
	name: jvm-linux-bindings-${{ github.run_id }}
	path: crypto-ffi/bindings
	- name: build and test jvm package
	run: \|
	cd crypto-ffi/bindings
	./gradlew jvm:build -x lint -x lintRelease

	create-xcframework:
	needs: build-ios
	runs-on: macos-latest
	steps:
	- uses: actions/checkout@v4
	- name: download artifacts for ios
	uses: actions/download-artifact@v4
	with:
	path: target
	pattern: ${{github.event.number}}-ios-*
	merge-multiple: 'true'
	- name: download ffi artifacts
	uses: actions/download-artifact@v4
	with:
	name: ${{github.event.number}}-swift-ffi
	path: crypto-ffi/bindings/swift/WireCoreCrypto
	- name: create xcframework
	run: \|
	cd crypto-ffi/bindings/swift
	./build-xcframework.sh

	e2e-interop-test:
	runs-on: macos-latest
	needs: build-ios
	steps:
	- uses: actions/checkout@v4
	- uses: actions-rust-lang/setup-rust-toolchain@v1 # this implicitly caches Rust tools and build artifacts
	with:
	target: "wasm32-unknown-unknown,aarch64-apple-ios,x86_64-apple-ios,aarch64-apple-ios-sim"
	rustflags: ''
	- uses: davidB/rust-cargo-make@v1
	- name: setup Xcode
	uses: maxim-lobanov/setup-xcode@v1
	with:
	xcode-version: '16.1.0'
	- name: setup wasm-pack
	uses: taiki-e/install-action@v2
	with:
	tool: wasm-pack
	- uses: browser-actions/setup-chrome@latest
	id: setup-chrome
	with:
	chrome-version: latest
	- run: \|
	echo "CHROME_PATH=${{ steps.setup-chrome.outputs.chrome-path }}" >> $GITHUB_ENV
	- uses: oven-sh/setup-bun@v2
	with:
	bun-version: latest
	- uses: actions/setup-node@v4
	with:
	node-version: 18
	- name: build wasm artifacts
	run: \|
	cd crypto-ffi
	cargo make wasm
	- name: download artifacts for ios
	uses: actions/download-artifact@v4
	with:
	path: target
	pattern: ${{github.event.number}}-ios-*
	merge-multiple: 'true'
	- name: download ffi artifacts
	uses: actions/download-artifact@v4
	with:
	name: ${{github.event.number}}-swift-ffi
	path: crypto-ffi/bindings/swift/WireCoreCrypto
	- name: build & install iOS Interop client
	run: \|
	cd interop/src/clients/InteropClient
	xcodebuild -scheme InteropClient -sdk iphonesimulator -destination 'platform=iOS Simulator,name=iPhone 15' clean build install DSTROOT=./Products
	./install_app.sh "iPhone 16"
	./grant_permissions.sh "iPhone 16"
	- name: run e2e interop test
	run: cargo run --bin interop

	build-and-test-wasm:
	runs-on: ubuntu-latest
	env:
	# ensures we have same flags as when publishing
	RUSTFLAGS: "-D warnings -W unreachable-pub"
	steps:
	- uses: actions/checkout@v4
	- uses: browser-actions/setup-chrome@latest
	id: setup-chrome
	with:
	chrome-version: stable
	- uses: actions-rust-lang/setup-rust-toolchain@v1
	with:
	target: wasm32-unknown-unknown
	- uses: oven-sh/setup-bun@v2
	with:
	bun-version: latest
	- uses: actions/setup-node@v4
	with:
	node-version: 18
	- name: install wasm-pack
	uses: taiki-e/install-action@v2
	with:
	tool: wasm-pack
	- uses: davidB/rust-cargo-make@v1
	- name: build wasm
	run: \|
	cd crypto-ffi
	cargo make wasm
	- name: build ts
	run: \|
	cd crypto-ffi/bindings/js
	bun install
	bun run build
	- name: lint
	run: \|
	cd crypto-ffi/bindings/js
	bun eslint . --max-warnings=0
	- name: check all ts files
	run: \|
	cd crypto-ffi/bindings/js
	bun tsc --noEmit
	- name: test
	run: \|
	cd crypto-ffi/bindings/js
	bun run test

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

ci: make sure the tag being pushed is both annotated and signed #4261

Workflow file

ci: make sure the tag being pushed is both annotated and signed #4261

Jobs

Run details

Workflow file for this run