Skip to content

ci: make sure the tag being pushed is both annotated and signed #4263

ci: make sure the tag being pushed is both annotated and signed

ci: make sure the tag being pushed is both annotated and signed #4263

Workflow file for this run

name: build bindings
concurrency:
group: "${{ github.workflow }}-${{ github.ref }}"
cancel-in-progress: true
on:
push:
branches:
- main
pull_request:
env:
CARGO_TERM_COLOR: always
CARGO_NET_GIT_FETCH_WITH_CLI: true
CARGO_REGISTRIES_CRATES_IO_PROTOCOL: sparse
jobs:
build-android:
uses: ./.github/workflows/build-android.yml
build-jvm-linux:
uses: ./.github/workflows/build-jvm-linux.yml
build-ios:
uses: ./.github/workflows/build-ios.yml
test-android:
if: github.repository == 'wireapp/core-crypto'
runs-on: ubuntu-latest
needs: build-android
steps:
- uses: actions/checkout@v4
- name: set up jdk 17
uses: actions/setup-java@v4
with:
java-version: "17"
distribution: "adopt"
- name: gradle setup
uses: gradle/actions/setup-gradle@v4
- name: validate gradle wrapper
uses: gradle/actions/wrapper-validation@v4
- uses: actions/download-artifact@v4
with:
name: android-target-${{ github.run_id }}
path: target
- uses: actions/download-artifact@v4
with:
name: android-${{ github.run_id }}
path: crypto-ffi/bindings
- name: enable kvm group perms
run: |
echo 'KERNEL=="kvm", GROUP="kvm", MODE="0666", OPTIONS+="static_node=kvm"' | sudo tee /etc/udev/rules.d/99-kvm4all.rules
sudo udevadm control --reload-rules
sudo udevadm trigger --name-match=kvm
- name: android instrumentation tests
uses: reactivecircus/android-emulator-runner@v2
with:
api-level: 32
arch: x86_64
working-directory: ./crypto-ffi/bindings
script: ./gradlew android:connectedAndroidTest
build-and-test-jvm:
if: github.repository == 'wireapp/core-crypto'
runs-on: ubuntu-latest
needs: build-jvm-linux
steps:
- uses: actions/checkout@v4
- name: set up jdk 17
uses: actions/setup-java@v4
with:
java-version: "17"
distribution: "adopt"
- name: gradle setup
uses: gradle/actions/setup-gradle@v4
- name: validate gradle wrapper
uses: gradle/actions/wrapper-validation@v4
- name: download linux library
uses: actions/download-artifact@v4
with:
name: jvm-linux-so-file-${{ github.run_id }}
path: target/x86_64-unknown-linux-gnu/release
- name: download linux bindings
uses: actions/download-artifact@v4
with:
name: jvm-linux-bindings-${{ github.run_id }}
path: crypto-ffi/bindings
- name: build and test jvm package
run: |
cd crypto-ffi/bindings
./gradlew jvm:build -x lint -x lintRelease
create-xcframework:
needs: build-ios
runs-on: macos-latest
steps:
- uses: actions/checkout@v4
- name: download artifacts for ios
uses: actions/download-artifact@v4
with:
path: target
pattern: ${{github.event.number}}-ios-*
merge-multiple: 'true'
- name: download ffi artifacts
uses: actions/download-artifact@v4
with:
name: ${{github.event.number}}-swift-ffi
path: crypto-ffi/bindings/swift/WireCoreCrypto
- name: create xcframework
run: |
cd crypto-ffi/bindings/swift
./build-xcframework.sh
e2e-interop-test:
runs-on: macos-latest
needs: build-ios
steps:
- uses: actions/checkout@v4
- uses: actions-rust-lang/setup-rust-toolchain@v1 # this implicitly caches Rust tools and build artifacts
with:
target: "wasm32-unknown-unknown,aarch64-apple-ios,x86_64-apple-ios,aarch64-apple-ios-sim"
rustflags: ''
- uses: davidB/rust-cargo-make@v1
- name: setup Xcode
uses: maxim-lobanov/setup-xcode@v1
with:
xcode-version: '16.1.0'
- name: setup wasm-pack
uses: taiki-e/install-action@v2
with:
tool: wasm-pack
- uses: browser-actions/setup-chrome@latest
id: setup-chrome
with:
chrome-version: latest
- run: |
echo "CHROME_PATH=${{ steps.setup-chrome.outputs.chrome-path }}" >> $GITHUB_ENV
- uses: oven-sh/setup-bun@v2
with:
bun-version: latest
- uses: actions/setup-node@v4
with:
node-version: 18
- name: build wasm artifacts
run: |
cd crypto-ffi
cargo make wasm
- name: download artifacts for ios
uses: actions/download-artifact@v4
with:
path: target
pattern: ${{github.event.number}}-ios-*
merge-multiple: 'true'
- name: download ffi artifacts
uses: actions/download-artifact@v4
with:
name: ${{github.event.number}}-swift-ffi
path: crypto-ffi/bindings/swift/WireCoreCrypto
- name: build & install iOS Interop client
run: |
cd interop/src/clients/InteropClient
xcodebuild -scheme InteropClient -sdk iphonesimulator -destination 'platform=iOS Simulator,name=iPhone 15' clean build install DSTROOT=./Products
./install_app.sh "iPhone 16"
./grant_permissions.sh "iPhone 16"
- name: run e2e interop test
run: cargo run --bin interop
build-and-test-wasm:
runs-on: ubuntu-latest
env:
# ensures we have same flags as when publishing
RUSTFLAGS: "-D warnings -W unreachable-pub"
steps:
- uses: actions/checkout@v4
- uses: browser-actions/setup-chrome@latest
id: setup-chrome
with:
chrome-version: stable
- uses: actions-rust-lang/setup-rust-toolchain@v1
with:
target: wasm32-unknown-unknown
- uses: oven-sh/setup-bun@v2
with:
bun-version: latest
- uses: actions/setup-node@v4
with:
node-version: 18
- name: install wasm-pack
uses: taiki-e/install-action@v2
with:
tool: wasm-pack
- uses: davidB/rust-cargo-make@v1
- name: build wasm
run: |
cd crypto-ffi
cargo make wasm
- name: build ts
run: |
cd crypto-ffi/bindings/js
bun install
bun run build
- name: lint
run: |
cd crypto-ffi/bindings/js
bun eslint . --max-warnings=0
- name: check all ts files
run: |
cd crypto-ffi/bindings/js
bun tsc --noEmit
- name: test
run: |
cd crypto-ffi/bindings/js
bun run test