# Build the kiosk binary for multiple targets on tag push (vX.Y.Z), upload # each as a GitHub Release asset, and optionally auto-import into a running # BetterFrame server via /api/admin/firmware/import. # # Build environment is debian:bookworm-slim (matches Raspberry Pi OS Bookworm # the kiosk deploys to). Building on Ubuntu would link against a newer glibc # than the Pi ships → `GLIBC_2.38 not found` at runtime. Runner host distro # doesn't matter; we run all steps inside the bookworm container. # # Required secrets: # BF_AUTOIMPORT_URL e.g. https://bf.example.com (optional) # BF_AUTOIMPORT_API_KEY admin-scope API key for the BF server (optional) name: release-kiosk on: push: tags: - "v*" workflow_dispatch: inputs: channel: description: "Release channel" type: choice options: ["dev", "beta", "stable"] default: "dev" permissions: contents: write jobs: build: strategy: fail-fast: false matrix: include: - target: aarch64-unknown-linux-gnu runs-on: blacksmith-2vcpu-ubuntu-2404-arm arch_label: "aarch64 (Pi5)" - target: x86_64-unknown-linux-gnu runs-on: blacksmith-4vcpu-ubuntu-2404 arch_label: "x86_64" runs-on: ${{ matrix.runs-on }} # Lock glibc + APT package set to Bookworm — matches RPi OS Bookworm # (Debian 12) which kiosks run. Raspbian is Debian; same packages. container: image: debian:bookworm-slim steps: - name: Bootstrap apt + git (container has none preinstalled) run: | apt-get update apt-get install -y --no-install-recommends \ ca-certificates curl git build-essential pkg-config \ jq sudo # Container UID != workspace owner UID — git's CVE-2022-24765 # check refuses to operate. Whitelist before checkout runs git. git config --global --add safe.directory '*' - uses: actions/checkout@v4 - name: Determine channel + version id: meta shell: bash run: | if [[ "${{ github.event_name }}" == "workflow_dispatch" ]]; then channel="${{ inputs.channel }}" version="0.0.0-dev.$(git rev-parse --short HEAD)" else tag="${GITHUB_REF#refs/tags/v}" version="$tag" if [[ "$tag" == *"-beta."* ]]; then channel="beta"; else channel="stable"; fi fi echo "channel=$channel" >> "$GITHUB_OUTPUT" echo "version=$version" >> "$GITHUB_OUTPUT" - name: Install GTK/GStreamer/WebKit build deps # gtk4-rs 0.9 with the v4_8 feature builds against bookworm's stock # libgtk-4-dev 4.8.3 — same version that ships on Pi OS Bookworm. run: | apt-get install -y --no-install-recommends \ libgtk-4-dev libgstreamer1.0-dev libgstreamer-plugins-base1.0-dev \ libwebkitgtk-6.0-dev libssl-dev - name: Install Rust toolchain uses: dtolnay/rust-toolchain@stable with: targets: ${{ matrix.target }} - name: cargo build --release working-directory: kiosk env: BF_BUILD_ARCH: ${{ matrix.target }} run: cargo build --release --target ${{ matrix.target }} - name: Strip + rename binary working-directory: kiosk run: | strip target/${{ matrix.target }}/release/betterframe-kiosk cp target/${{ matrix.target }}/release/betterframe-kiosk \ betterframe-kiosk-${{ steps.meta.outputs.version }}-${{ matrix.target }} - name: Upload to GitHub Release if: startsWith(github.ref, 'refs/tags/v') uses: softprops/action-gh-release@v2 with: files: kiosk/betterframe-kiosk-${{ steps.meta.outputs.version }}-${{ matrix.target }} - name: Auto-import into BF server if: env.BF_AUTOIMPORT_URL != '' && env.BF_AUTOIMPORT_API_KEY != '' env: BF_AUTOIMPORT_URL: ${{ secrets.BF_AUTOIMPORT_URL }} BF_AUTOIMPORT_API_KEY: ${{ secrets.BF_AUTOIMPORT_API_KEY }} working-directory: kiosk run: | bin="betterframe-kiosk-${{ steps.meta.outputs.version }}-${{ matrix.target }}" content_b64=$(base64 -w 0 "$bin") curl -sSf -X POST \ -H "Authorization: Bearer ${BF_AUTOIMPORT_API_KEY}" \ -H "Content-Type: application/json" \ -d "$(jq -nc \ --arg v "${{ steps.meta.outputs.version }}" \ --arg c "${{ steps.meta.outputs.channel }}" \ --arg a "${{ matrix.target }}" \ --arg n "Built by GH Actions (${{ github.sha }})" \ --arg b "$content_b64" \ '{version:$v, channel:$c, arch:$a, release_notes:$n, content_b64:$b}')" \ "${BF_AUTOIMPORT_URL}/api/admin/firmware/import" - name: Upload artifact (always) uses: actions/upload-artifact@v4 with: name: betterframe-kiosk-${{ matrix.target }} path: kiosk/betterframe-kiosk-${{ steps.meta.outputs.version }}-${{ matrix.target }} retention-days: 14