Build openssl framework #910
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: "Build openssl framework" | |
| on: | |
| push: | |
| branches: ["main"] | |
| schedule: | |
| - cron: "18 18 * * *" | |
| workflow_dispatch: | |
| permissions: | |
| packages: read | |
| contents: write | |
| concurrency: single_compile | |
| jobs: | |
| query: | |
| name: "Check for updates" | |
| runs-on: macos-14 | |
| outputs: | |
| openssl_version: ${{ steps.query.outputs.openssl_version }} | |
| needs_update: ${{ steps.query.outputs.needs_update }} | |
| steps: | |
| - name: "Get latest release" | |
| id: query | |
| env: | |
| GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| run: | | |
| LATEST_OFFICIAL_OPENSSL_RELEASE=$(gh api /repos/openssl/openssl/tags --jq '.[].name' | egrep '^openssl-[0-9\.]+$' | sort -nr | head -n1 | sed 's/openssl-//') | |
| LATEST_OPENSSL_IOS_RELEASE=$(gh api /repos/tls-inspector/openssl-ios/releases/latest --jq '.name') | |
| echo "::notice ::Latest openssl release: ${LATEST_OFFICIAL_OPENSSL_RELEASE}, last published framework: ${LATEST_OPENSSL_IOS_RELEASE}" | |
| echo "openssl_version=${LATEST_OFFICIAL_OPENSSL_RELEASE}" >> $GITHUB_OUTPUT | |
| if [[ "${LATEST_OPENSSL_IOS_RELEASE}" != "${LATEST_OFFICIAL_OPENSSL_RELEASE}" ]]; then | |
| echo "needs_update=yes" >> $GITHUB_OUTPUT | |
| else | |
| echo "needs_update=no" >> $GITHUB_OUTPUT | |
| fi | |
| cat $GITHUB_OUTPUT | |
| update: | |
| name: "Compile" | |
| needs: query | |
| if: needs.query.outputs.needs_update == 'yes' | |
| runs-on: macos-14 | |
| outputs: | |
| framework_checksum: ${{ steps.prepare.outputs.framework_checksum }} | |
| steps: | |
| - name: Checkout Source | |
| id: checkout | |
| uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 #pin v4.2.2 | |
| with: | |
| persist-credentials: false | |
| - name: Compile Framework | |
| id: compile | |
| run: | | |
| echo "Importing public keys" | |
| gpg --import ./openssl.asc | |
| echo 'trusted-key 0x216094DFD0CB81EF' >> ~/.gnupg/gpg.conf | |
| echo "Starting build" | |
| ./build-ios.sh -o ${{ needs.query.outputs.openssl_version }} -s -g | |
| zip -r openssl.xcframework.zip openssl.xcframework/ | |
| ./inject_module_map.sh iphoneos | |
| ./inject_module_map.sh iphonesimulator | |
| zip -r openssl_swift.xcframework.zip openssl.xcframework/ | |
| - name: Capture Build Errors | |
| uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 #pin v4.6.2 | |
| if: failure() | |
| with: | |
| name: build_output | |
| path: build/*_build.log | |
| - name: Prepare Release | |
| id: prepare_release | |
| run: | | |
| echo "-----BEGIN EC PRIVATE KEY-----" >> private_key.pem | |
| echo '${{ secrets.SIGNING_KEY }}' >> private_key.pem | |
| echo "-----END EC PRIVATE KEY-----" >> private_key.pem | |
| openssl dgst -sign private_key.pem -sha256 -out openssl.xcframework.zip.sig openssl.xcframework.zip | |
| openssl dgst -sign private_key.pem -sha256 -out openssl_swift.xcframework.zip.sig openssl_swift.xcframework.zip | |
| openssl dgst -sign private_key.pem -sha256 -out openssl_swift.xcframework.zip.sig openssl_swift.xcframework.zip | |
| openssl dgst -sign private_key.pem -sha256 -out openssl.tar.xz.sig openssl.tar.xz | |
| rm -f private_key.pem | |
| - name: Make Release | |
| id: make_release | |
| env: | |
| GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| run: | | |
| gh release create -n "${{ needs.query.outputs.openssl_version }}" -t "${{ needs.query.outputs.openssl_version }}" ${{ needs.query.outputs.openssl_version }} openssl.xcframework.zip openssl.xcframework.zip.sig openssl_swift.xcframework.zip openssl_swift.xcframework.zip.sig openssl.tar.xz openssl.tar.xz.sig |