depends: libxkbcommon: update to 1.13.1 #563
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: ci/gh-actions/guix | |
| on: [push, pull_request] | |
| jobs: | |
| cache-sources: | |
| runs-on: ubuntu-24.04 | |
| steps: | |
| - uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: 0 | |
| - name: depends sources cache | |
| id: cache | |
| uses: actions/cache@v4 | |
| with: | |
| path: contrib/depends/sources | |
| key: sources-${{ hashFiles('contrib/depends/packages/*') }} | |
| - name: download depends sources | |
| if: steps.cache.outputs.cache-hit != 'true' | |
| run: make -C contrib/depends download | |
| build-guix: | |
| runs-on: ubuntu-24.04 | |
| needs: [cache-sources] | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| toolchain: | |
| - target: "x86_64-linux-gnu" | |
| - target: "x86_64-linux-gnu.no-tor-bundle" | |
| - target: "x86_64-linux-gnu.pack" | |
| - target: "aarch64-linux-gnu" | |
| - target: "riscv64-linux-gnu" | |
| - target: "x86_64-w64-mingw32" | |
| - target: "x86_64-w64-mingw32.installer" | |
| - target: "x86_64-apple-darwin" | |
| - target: "arm64-apple-darwin" | |
| outputs: | |
| WIN_INSTALLER_ARTIFACT_ID: ${{ steps.win-installer.outputs.WIN_INSTALLER_ARTIFACT_ID }} | |
| WIN_EXECUTABLE_ARTIFACT_ID: ${{ steps.win-executable.outputs.WIN_EXECUTABLE_ARTIFACT_ID }} | |
| name: ${{ matrix.toolchain.target }} | |
| steps: | |
| - uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: 0 | |
| ref: ${{ github.ref }} | |
| submodules: recursive | |
| # https://github.com/actions/checkout/issues/1467 | |
| - name: git fetch tags | |
| run: git fetch --tags | |
| - name: remove bundled packages | |
| run: sudo rm -rf /usr/local | |
| - name: depends sources cache | |
| uses: actions/cache/restore@v4 | |
| with: | |
| path: contrib/depends/sources | |
| key: sources-${{ hashFiles('contrib/depends/packages/*') }} | |
| - name: install dependencies | |
| run: sudo apt update; sudo apt -y install guix git ca-certificates apparmor-utils osslsigncode | |
| - name: apparmor workaround | |
| # https://bugs.launchpad.net/ubuntu/+source/guix/+bug/2064115 | |
| run: | | |
| sudo tee /etc/apparmor.d/guix << EOF | |
| abi <abi/4.0>, | |
| include <tunables/global> | |
| profile guix /usr/bin/guix flags=(unconfined) { | |
| userns, | |
| include if exists <local/guix> | |
| } | |
| EOF | |
| sudo /etc/init.d/apparmor reload | |
| sudo aa-enforce guix || true | |
| sudo apt purge apparmor | |
| - name: build | |
| run: ADDITIONAL_GUIX_TIMEMACHINE_FLAGS="--disable-authentication" SUBSTITUTE_URLS='http://bordeaux.guix.gnu.org' HOSTS="${{ matrix.toolchain.target }}" ./contrib/guix/guix-build | |
| - name: virustotal scan | |
| env: | |
| VT_API_KEY: ${{ secrets.VT_API_KEY }} | |
| if: ${{ matrix.toolchain.target == 'x86_64-w64-mingw32' && env.VT_API_KEY != '' }} | |
| uses: crazy-max/ghaction-virustotal@v4 | |
| with: | |
| vt_api_key: ${{ secrets.VT_API_KEY }} | |
| files: | | |
| guix/guix-build-*/build/distsrc-*/build/bin/feather.exe | |
| - uses: actions/upload-artifact@v4 | |
| id: upload-artifact | |
| with: | |
| name: ${{ matrix.toolchain.target }} | |
| path: | | |
| guix/guix-build-*/output/${{ matrix.toolchain.target }}/* | |
| guix/guix-build-*/logs/${{ matrix.toolchain.target }}/* | |
| - if: ${{ matrix.toolchain.target == 'x86_64-w64-mingw32.installer' }} | |
| id: win-installer | |
| run: echo "WIN_INSTALLER_ARTIFACT_ID=${{ steps.upload-artifact.outputs.artifact-id }}" >> "$GITHUB_OUTPUT" | |
| - if: ${{ matrix.toolchain.target == 'x86_64-w64-mingw32' }} | |
| id: win-executable | |
| run: echo "WIN_EXECUTABLE_ARTIFACT_ID=${{ steps.upload-artifact.outputs.artifact-id }}" >> "$GITHUB_OUTPUT" | |
| bundle-logs: | |
| runs-on: ubuntu-24.04 | |
| needs: [build-guix] | |
| steps: | |
| - uses: actions/download-artifact@v4 | |
| with: | |
| merge-multiple: true | |
| - name: print hashes | |
| run: | | |
| echo '```' >> $GITHUB_STEP_SUMMARY | |
| uname --machine && find **/output/ -type f -print0 | env LC_ALL=C sort -z | xargs -r0 sha256sum >> $GITHUB_STEP_SUMMARY | |
| echo '```' >> $GITHUB_STEP_SUMMARY | |
| - uses: actions/upload-artifact@v4 | |
| with: | |
| name: "logs" | |
| path: '**/logs/**' | |
| codesigning: | |
| runs-on: ubuntu-24.04 | |
| needs: [build-guix, bundle-logs] | |
| if: startsWith(github.ref, 'refs/tags/') && contains(github.ref, '-rc') | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| toolchain: | |
| - target: "x86_64-w64-mingw32" | |
| - target: "x86_64-w64-mingw32.installer" | |
| steps: | |
| - name: install dependencies | |
| run: sudo apt update; sudo apt -y install osslsigncode | |
| - name: "set artifact id" | |
| run: | | |
| if [ "${{ matrix.toolchain.target }}" == "x86_64-w64-mingw32" ]; then | |
| echo "ARTIFACT_ID=${{ needs.build-guix.outputs.WIN_EXECUTABLE_ARTIFACT_ID }}" >> $GITHUB_ENV | |
| echo "ARTIFACT_SLUG=executable" >> $GITHUB_ENV | |
| elif [ "${{ matrix.toolchain.target }}" == "x86_64-w64-mingw32.installer" ]; then | |
| echo "ARTIFACT_ID=${{ needs.build-guix.outputs.WIN_INSTALLER_ARTIFACT_ID }}" >> $GITHUB_ENV | |
| echo "ARTIFACT_SLUG=installer" >> $GITHUB_ENV | |
| fi | |
| - uses: signpath/github-action-submit-signing-request@v1 | |
| name: "request signature" | |
| with: | |
| api-token: '${{ secrets.SIGNPATH_API_KEY }}' | |
| organization-id: 'd3e94749-9c69-44e9-82de-c65cb3832869' | |
| project-slug: 'feather' | |
| signing-policy-slug: 'release-signing' | |
| artifact-configuration-slug: ${{ env.ARTIFACT_SLUG }} | |
| github-artifact-id: ${{ env.ARTIFACT_ID }} | |
| wait-for-completion: true | |
| output-artifact-directory: codesigning/ | |
| - name: "extract signature" | |
| run: osslsigncode extract-signature -in codesigning/guix-build-*/output/${{ matrix.toolchain.target }}/*.exe -out codesigning/${{ matrix.toolchain.target }}.pem | |
| - uses: actions/upload-artifact@v4 | |
| name: "upload signature" | |
| with: | |
| name: ${{ matrix.toolchain.target }}.pem | |
| path: | | |
| codesigning/${{ matrix.toolchain.target }}.pem |