Update to latest radiance with fixes for starting VPN before config a… #1
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Build and Release All Platforms | |
| on: | |
| push: | |
| tags: | |
| - "v*.*.*" | |
| permissions: | |
| contents: write | |
| id-token: "write" | |
| jobs: | |
| set-release-metadata: | |
| runs-on: ubuntu-latest | |
| outputs: | |
| build_type: ${{ steps.meta.outputs.build_type }} | |
| version: ${{ steps.meta.outputs.version }} | |
| installer_name: ${{ steps.meta.outputs.installer_name }} | |
| platform: ${{ steps.meta.outputs.platform }} | |
| steps: | |
| - id: meta | |
| run: | | |
| tag=${GITHUB_REF#refs/tags/} | |
| base_version=$(echo "$tag" | sed -E 's/^v([0-9]+\.[0-9]+\.[0-9]+).*$/\1/') | |
| echo "version=$base_version" >> $GITHUB_OUTPUT | |
| echo "tag_base=v${base_version}" >> $GITHUB_OUTPUT | |
| # Extract platform suffix (if any, after final hyphen) | |
| platform_suffix="${tag##*-}" | |
| if [[ "$tag" == *"-beta" ]]; then | |
| echo "build_type=beta" >> $GITHUB_OUTPUT | |
| elif [[ "$tag" == *"-internal" ]]; then | |
| echo "build_type=internal" >> $GITHUB_OUTPUT | |
| else | |
| echo "build_type=production" >> $GITHUB_OUTPUT | |
| fi | |
| if [[ "$tag" == *"-beta" || "$tag" == *"-internal" ]]; then | |
| echo "installer_name=lantern-installer-${tag##*-}" >> $GITHUB_OUTPUT | |
| else | |
| echo "installer_name=lantern-installer" >> $GITHUB_OUTPUT | |
| fi | |
| case "$platform_suffix" in | |
| windows) | |
| echo "platform=windows" >> $GITHUB_OUTPUT | |
| ;; | |
| macos) | |
| echo "platform=macos" >> $GITHUB_OUTPUT | |
| ;; | |
| linux) | |
| echo "platform=linux" >> $GITHUB_OUTPUT | |
| ;; | |
| android) | |
| echo "platform=android" >> $GITHUB_OUTPUT | |
| ;; | |
| *) | |
| echo "platform=all" >> $GITHUB_OUTPUT | |
| ;; | |
| esac | |
| - name: Checkout repo | |
| uses: actions/checkout@v4 | |
| - name: Update app version in pubspec.yaml | |
| shell: bash | |
| env: | |
| RUN_NUMBER: ${{ github.run_number }} | |
| VERSION: ${{ steps.meta.outputs.version }} | |
| run: | | |
| NEW_VERSION="${VERSION}+${RUN_NUMBER}" | |
| echo "Updating pubspec.yaml to version: $NEW_VERSION" | |
| sed -i.bak -E "s/^version: .*/version: $NEW_VERSION/" pubspec.yaml | |
| cat pubspec.yaml | |
| echo "app_version=$NEW_VERSION" >> $GITHUB_OUTPUT | |
| - name: Upload pubspec.yaml as artifact | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: pubspec | |
| path: pubspec.yaml | |
| build-macos: | |
| needs: set-release-metadata | |
| uses: ./.github/workflows/build-macos.yml | |
| secrets: inherit | |
| if: ${{ needs.set-release-metadata.outputs.platform == 'all' || needs.set-release-metadata.outputs.platform == 'macos' }} | |
| with: | |
| version: ${{ needs.set-release-metadata.outputs.version }} | |
| build_type: ${{ needs.set-release-metadata.outputs.build_type }} | |
| installer_name: ${{ needs.set-release-metadata.outputs.installer_name }} | |
| build-windows: | |
| needs: set-release-metadata | |
| uses: ./.github/workflows/build-windows.yml | |
| secrets: inherit | |
| if: ${{ needs.set-release-metadata.outputs.platform == 'all' || needs.set-release-metadata.outputs.platform == 'windows' }} | |
| with: | |
| version: ${{ needs.set-release-metadata.outputs.version }} | |
| build_type: ${{ needs.set-release-metadata.outputs.build_type }} | |
| installer_name: ${{ needs.set-release-metadata.outputs.installer_name }} | |
| build-linux: | |
| needs: set-release-metadata | |
| uses: ./.github/workflows/build-linux.yml | |
| secrets: inherit | |
| if: ${{ needs.set-release-metadata.outputs.platform == 'all' || needs.set-release-metadata.outputs.platform == 'linux' }} | |
| with: | |
| version: ${{ needs.set-release-metadata.outputs.version }} | |
| build_type: ${{ needs.set-release-metadata.outputs.build_type }} | |
| installer_name: ${{ needs.set-release-metadata.outputs.installer_name }} | |
| build-ios: | |
| needs: set-release-metadata | |
| uses: ./.github/workflows/build-ios.yml | |
| secrets: inherit | |
| if: ${{ needs.set-release-metadata.outputs.platform == 'all' && needs.set-release-metadata.outputs.build_type != 'internal' }} | |
| with: | |
| version: ${{ needs.set-release-metadata.outputs.version }} | |
| build_type: ${{ needs.set-release-metadata.outputs.build_type }} | |
| installer_name: ${{ needs.set-release-metadata.outputs.installer_name }} | |
| build-android: | |
| needs: set-release-metadata | |
| uses: ./.github/workflows/build-android.yml | |
| secrets: inherit | |
| if: ${{ needs.set-release-metadata.outputs.platform == 'all' || needs.set-release-metadata.outputs.platform == 'android' }} | |
| with: | |
| version: ${{ needs.set-release-metadata.outputs.version }} | |
| build_type: ${{ needs.set-release-metadata.outputs.build_type }} | |
| installer_name: ${{ needs.set-release-metadata.outputs.installer_name }} | |
| upload-google-play: | |
| needs: [set-release-metadata, build-android] | |
| if: | |
| ${{ (needs.set-release-metadata.outputs.platform == 'all' || needs.set-release-metadata.outputs.platform == 'android') | |
| && (needs.set-release-metadata.outputs.build_type == 'beta' || needs.set-release-metadata.outputs.build_type == 'production') }} | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Download AAB artifact | |
| uses: actions/download-artifact@v4 | |
| with: | |
| name: lantern-installer-aab | |
| path: aab | |
| - name: Download mapping.txt | |
| uses: actions/download-artifact@v4 | |
| with: | |
| name: play-mapping | |
| path: play | |
| - name: Download native debug symbols | |
| uses: actions/download-artifact@v4 | |
| with: | |
| name: play-debug-symbols | |
| path: play | |
| - name: Pick Play track | |
| id: track | |
| run: | | |
| if [ "${{ needs.set-release-metadata.outputs.build_type }}" = "beta" ]; then | |
| echo "track=beta" >> "$GITHUB_OUTPUT" | |
| else | |
| echo "track=production" >> "$GITHUB_OUTPUT" | |
| fi | |
| - name: Upload to Google Play | |
| uses: r0adkll/upload-google-play@v1 | |
| with: | |
| serviceAccountJsonPlainText: ${{ secrets.SERVICE_ACCOUNT_JSON }} | |
| packageName: org.getlantern.lantern | |
| releaseFiles: aab/*.aab | |
| track: ${{ steps.track.outputs.track }} | |
| status: completed | |
| mappingFile: play/mapping.txt | |
| debugSymbols: play/debug-symbols.zip | |
| publish: | |
| needs: | |
| [ | |
| set-release-metadata, | |
| build-macos, | |
| build-windows, | |
| build-linux, | |
| build-android, | |
| ] | |
| if: ${{ needs.set-release-metadata.outputs.platform == 'all' }} | |
| runs-on: ubuntu-latest | |
| env: | |
| BUILD_TYPE: ${{ needs.set-release-metadata.outputs.build_type }} | |
| INSTALLER_NAME: ${{ needs.set-release-metadata.outputs.installer_name }} | |
| BUCKET: ${{ secrets.S3_RELEASES_BUCKET }} | |
| RELEASE_TAG: ${{ github.ref_name }} | |
| S3_TAG: ${{ needs.set-release-metadata.outputs.tag_base }} | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| - name: Install Flutter | |
| uses: subosito/flutter-action@v2.19.0 | |
| with: | |
| channel: stable | |
| flutter-version-file: pubspec.yaml | |
| - name: Download build artifacts | |
| uses: actions/download-artifact@v4 | |
| - name: Upload to S3 (tag + latest) | |
| shell: bash | |
| run: | | |
| set -euxo pipefail | |
| prefix="releases/${BUILD_TYPE}" | |
| tag="${S3_TAG}" | |
| # Tag-scoped uploads | |
| aws s3 cp "lantern-installer-dmg/${INSTALLER_NAME}.dmg" "s3://${BUCKET}/${prefix}/${tag}/${INSTALLER_NAME}.dmg" --acl public-read | |
| aws s3 cp "lantern-installer-exe/${INSTALLER_NAME}.exe" "s3://${BUCKET}/${prefix}/${tag}/${INSTALLER_NAME}.exe" --acl public-read | |
| aws s3 cp "lantern-installer-apk/${INSTALLER_NAME}.apk" "s3://${BUCKET}/${prefix}/${tag}/${INSTALLER_NAME}.apk" --acl public-read | |
| aws s3 cp "lantern-installer-deb/${INSTALLER_NAME}.deb" "s3://${BUCKET}/${prefix}/${tag}/${INSTALLER_NAME}.deb" --acl public-read || true | |
| aws s3 cp "lantern-installer-rpm/${INSTALLER_NAME}.rpm" "s3://${BUCKET}/${prefix}/${tag}/${INSTALLER_NAME}.rpm" --acl public-read || true | |
| aws s3 cp "lantern-installer-dmg/${INSTALLER_NAME}.dmg" "s3://${BUCKET}/${prefix}/latest/${INSTALLER_NAME}.dmg" --acl public-read | |
| aws s3 cp "lantern-installer-exe/${INSTALLER_NAME}.exe" "s3://${BUCKET}/${prefix}/latest/${INSTALLER_NAME}.exe" --acl public-read | |
| aws s3 cp "lantern-installer-apk/${INSTALLER_NAME}.apk" "s3://${BUCKET}/${prefix}/latest/${INSTALLER_NAME}.apk" --acl public-read | |
| aws s3 cp "lantern-installer-deb/${INSTALLER_NAME}.deb" "s3://${BUCKET}/${prefix}/latest/${INSTALLER_NAME}.deb" --acl public-read || true | |
| aws s3 cp "lantern-installer-rpm/${INSTALLER_NAME}.rpm" "s3://${BUCKET}/${prefix}/latest/${INSTALLER_NAME}.rpm" --acl public-read || true | |
| env: | |
| AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
| AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
| - name: Write links to job summary | |
| shell: bash | |
| run: | | |
| set -euxo pipefail | |
| prefix="releases/${BUILD_TYPE}" | |
| tag="${RELEASE_TAG}" | |
| { | |
| echo "## Release links (${BUILD_TYPE})" | |
| echo "" | |
| echo "- macOS: https://${BUCKET}.s3.amazonaws.com/${prefix}/${tag}/${INSTALLER_NAME}.dmg" | |
| echo "- Windows: https://${BUCKET}.s3.amazonaws.com/${prefix}/${tag}/${INSTALLER_NAME}.exe" | |
| echo "- Android: https://${BUCKET}.s3.amazonaws.com/${prefix}/${tag}/${INSTALLER_NAME}.apk" | |
| echo "- Linux (.deb): https://${BUCKET}.s3.amazonaws.com/${prefix}/${tag}/${INSTALLER_NAME}.deb" | |
| echo "- Linux (.rpm): https://${BUCKET}.s3.amazonaws.com/${prefix}/${tag}/${INSTALLER_NAME}.rpm" | |
| echo "" | |
| echo "**Latest aliases**" | |
| echo "- macOS: https://${BUCKET}.s3.amazonaws.com/${prefix}/latest/${INSTALLER_NAME}.dmg" | |
| echo "- Windows: https://${BUCKET}.s3.amazonaws.com/${prefix}/latest/${INSTALLER_NAME}.exe" | |
| echo "- Android: https://${BUCKET}.s3.amazonaws.com/${prefix}/latest/${INSTALLER_NAME}.apk" | |
| echo "- Linux (.deb): https://${BUCKET}.s3.amazonaws.com/${prefix}/latest/${INSTALLER_NAME}.deb" | |
| echo "- Linux (.rpm): https://${BUCKET}.s3.amazonaws.com/${prefix}/latest/${INSTALLER_NAME}.rpm" | |
| } >> "$GITHUB_STEP_SUMMARY" | |
| - name: Create GitHub Release | |
| uses: softprops/action-gh-release@v2 | |
| with: | |
| token: ${{ github.token }} | |
| tag_name: ${{ github.ref_name }} | |
| name: "Lantern ${{ env.BUILD_TYPE }} ${{ github.ref_name }}" | |
| prerelease: true | |
| generate_release_notes: false | |
| files: | | |
| lantern-installer-dmg/${{ env.INSTALLER_NAME }}.dmg | |
| lantern-installer-exe/${{ env.INSTALLER_NAME }}.exe | |
| lantern-installer-apk/${{ env.INSTALLER_NAME }}.apk | |
| lantern-installer-deb/${{ env.INSTALLER_NAME }}.deb | |
| lantern-installer-rpm/${{ env.INSTALLER_NAME }}.rpm | |
| - name: Install Python dependencies | |
| if: ${{ needs.set-release-metadata.outputs.build_type != 'internal' }} | |
| run: python3 -m pip install -r scripts/requirements.txt | |
| - name: Update appcast.xml | |
| if: ${{ needs.set-release-metadata.outputs.build_type != 'internal' }} | |
| env: | |
| AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
| AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
| GITHUB_TOKEN: ${{ secrets.CI_PRIVATE_REPOS_GH_TOKEN }} | |
| run: | | |
| python3 scripts/generate_appcast.py | |
| git config user.name github-actions | |
| git config user.email github-actions@github.com | |
| git add appcast.xml | |
| git commit -m "Update appcast.xml" || echo "No changes to commit" | |
| git push | |
| bucket="${{ secrets.S3_RELEASES_BUCKET }}" | |
| aws s3 cp appcast.xml "s3://${bucket}/releases/${{ env.BUILD_TYPE }}/latest/appcast.xml" --acl public-read | |
| if [[ "${{ env.BUILD_TYPE }}" == "production" ]]; then | |
| aws s3 cp appcast.xml "s3://${bucket}/releases/appcast.xml" --acl public-read | |
| fi | |
| - name: Notify Slack | |
| uses: slackapi/slack-github-action@v2.0.0 | |
| with: | |
| webhook: ${{ secrets.SLACK_WEBHOOK_URL }} | |
| webhook-type: webhook-trigger | |
| payload: | | |
| { | |
| "text": "Lantern ${{ env.BUILD_TYPE }} ${{ github.ref_name }} released!*\n*Latest downloads:*\n• <https://${{ env.BUCKET }}.s3.amazonaws.com/releases/${{ env.BUILD_TYPE }}/latest/${{ env.INSTALLER_NAME }}.dmg|macOS>\n• <https://${{ env.BUCKET }}.s3.amazonaws.com/releases/${{ env.BUILD_TYPE }}/latest/${{ env.INSTALLER_NAME }}.exe|Windows>\n• <https://${{ env.BUCKET }}.s3.amazonaws.com/releases/${{ env.BUILD_TYPE }}/latest/${{ env.INSTALLER_NAME }}.apk|Android>\n• <https://${{ env.BUCKET }}.s3.amazonaws.com/releases/${{ env.BUILD_TYPE }}/latest/${{ env.INSTALLER_NAME }}.deb|Linux (.deb)>\n• <https://${{ env.BUCKET }}.s3.amazonaws.com/releases/${{ env.BUILD_TYPE }}/latest/${{ env.INSTALLER_NAME }}.rpm|Linux (.rpm)>\n\n*Tag-scoped:* <https://${{ env.BUCKET }}.s3.amazonaws.com/releases/${{ env.BUILD_TYPE }}/${{ github.ref_name }}/|releases/${{ env.BUILD_TYPE }}/${{ github.ref_name }}/>" | |
| } | |
| env: | |
| INSTALLER_NAME: ${{ needs.set-release-metadata.outputs.installer_name }} | |
| upload-testflight: | |
| needs: [publish, build-ios, set-release-metadata] | |
| if: ${{ needs.set-release-metadata.outputs.platform == 'all' | |
| && needs.set-release-metadata.outputs.build_type == 'production' }} | |
| runs-on: macos-15 | |
| steps: | |
| - name: Download iOS Artifact | |
| uses: actions/download-artifact@v4 | |
| with: | |
| name: lantern-ios | |
| - name: Upload to TestFlight | |
| uses: apple-actions/upload-testflight-build@v3.0.0 | |
| with: | |
| app-path: ${{ needs.set-release-metadata.outputs.installer_name }}.ipa | |
| issuer-id: ${{ secrets.APPSTORE_ISSUER_ID }} | |
| api-key-id: ${{ secrets.APPSTORE_API_KEY_ID }} | |
| api-private-key: ${{ secrets.APPSTORE_API_PRIVATE_KEY }} |