mirror of
https://github.com/BetterCorp/BetterFrame.git
synced 2026-05-26 17:56:34 +00:00
d9c59d9276
- WorkerMsg made pub + re-exported at crate root so local_server can send through the UI channel. - ed25519_dalek::pkcs8::DecodePublicKey trait import — needed for VerifyingKey::from_public_key_pem call site. - Workflow: pushes to master now auto-trigger a dev-channel build (in addition to tag-pushes for stable/beta). Concurrency group cancels superseded master builds; tag builds never cancel each other.
149 lines
5.5 KiB
YAML
149 lines
5.5 KiB
YAML
# Build the kiosk binary for multiple targets on tag push (vX.Y.Z), upload
|
|
# each as a GitHub Release asset, and optionally auto-import into a running
|
|
# BetterFrame server via /api/admin/firmware/import.
|
|
#
|
|
# Build environment is debian:trixie-slim (matches Raspberry Pi OS Trixie
|
|
# the kiosk deploys to). Trixie ships gtk4 4.14 + libwebkitgtk-6.0 natively,
|
|
# no backports needed. glibc matches Pi OS Trixie → no runtime symbol drift.
|
|
# Runner host distro doesn't matter; everything runs inside the container.
|
|
#
|
|
# Required secrets:
|
|
# BF_AUTOIMPORT_URL e.g. https://bf.example.com (optional)
|
|
# BF_AUTOIMPORT_API_KEY admin-scope API key for the BF server (optional)
|
|
|
|
name: release-kiosk
|
|
|
|
on:
|
|
push:
|
|
branches:
|
|
- master
|
|
tags:
|
|
- "v*"
|
|
workflow_dispatch:
|
|
inputs:
|
|
channel:
|
|
description: "Release channel"
|
|
type: choice
|
|
options: ["dev", "beta", "stable"]
|
|
default: "dev"
|
|
|
|
# Cancel an in-flight run when a newer commit lands on the same branch —
|
|
# dev channel only needs the latest.
|
|
concurrency:
|
|
group: release-kiosk-${{ github.ref }}
|
|
cancel-in-progress: ${{ github.ref_type != 'tag' }}
|
|
|
|
permissions:
|
|
contents: write
|
|
|
|
jobs:
|
|
build:
|
|
strategy:
|
|
fail-fast: false
|
|
matrix:
|
|
include:
|
|
- target: aarch64-unknown-linux-gnu
|
|
runs-on: blacksmith-2vcpu-ubuntu-2404-arm
|
|
arch_label: "aarch64 (Pi5)"
|
|
- target: x86_64-unknown-linux-gnu
|
|
runs-on: blacksmith-4vcpu-ubuntu-2404
|
|
arch_label: "x86_64"
|
|
|
|
runs-on: ${{ matrix.runs-on }}
|
|
|
|
# Lock glibc + APT package set to Trixie — matches RPi OS Trixie
|
|
# (Debian 13) which kiosks run. Raspbian is Debian; same packages.
|
|
container:
|
|
image: debian:trixie-slim
|
|
|
|
steps:
|
|
- name: Bootstrap apt + git (container has none preinstalled)
|
|
run: |
|
|
apt-get update
|
|
apt-get install -y --no-install-recommends \
|
|
ca-certificates curl git build-essential pkg-config \
|
|
jq sudo
|
|
# Container UID != workspace owner UID — git's CVE-2022-24765
|
|
# check refuses to operate. Whitelist before checkout runs git.
|
|
git config --global --add safe.directory '*'
|
|
|
|
- uses: actions/checkout@v4
|
|
|
|
- name: Determine channel + version
|
|
id: meta
|
|
shell: bash
|
|
run: |
|
|
if [[ "${{ github.event_name }}" == "workflow_dispatch" ]]; then
|
|
channel="${{ inputs.channel }}"
|
|
version="0.0.0-dev.$(git rev-parse --short HEAD)"
|
|
elif [[ "$GITHUB_REF" == refs/tags/v* ]]; then
|
|
tag="${GITHUB_REF#refs/tags/v}"
|
|
version="$tag"
|
|
if [[ "$tag" == *"-beta."* ]]; then channel="beta";
|
|
else channel="stable"; fi
|
|
else
|
|
# Push to master → auto dev channel build.
|
|
channel="dev"
|
|
version="0.0.0-dev.$(git rev-parse --short HEAD)"
|
|
fi
|
|
echo "channel=$channel" >> "$GITHUB_OUTPUT"
|
|
echo "version=$version" >> "$GITHUB_OUTPUT"
|
|
|
|
- name: Install GTK/GStreamer/WebKit build deps
|
|
# Trixie stock: gtk4 4.14 + libwebkitgtk-6.0 — no backports needed.
|
|
run: |
|
|
apt-get install -y --no-install-recommends \
|
|
libgtk-4-dev libgstreamer1.0-dev libgstreamer-plugins-base1.0-dev \
|
|
libwebkitgtk-6.0-dev libssl-dev
|
|
|
|
- name: Install Rust toolchain
|
|
uses: dtolnay/rust-toolchain@stable
|
|
with:
|
|
targets: ${{ matrix.target }}
|
|
|
|
- name: cargo build --release
|
|
working-directory: kiosk
|
|
env:
|
|
BF_BUILD_ARCH: ${{ matrix.target }}
|
|
run: cargo build --release --target ${{ matrix.target }}
|
|
|
|
- name: Strip + rename binary
|
|
working-directory: kiosk
|
|
run: |
|
|
strip target/${{ matrix.target }}/release/betterframe-kiosk
|
|
cp target/${{ matrix.target }}/release/betterframe-kiosk \
|
|
betterframe-kiosk-${{ steps.meta.outputs.version }}-${{ matrix.target }}
|
|
|
|
- name: Upload to GitHub Release
|
|
if: startsWith(github.ref, 'refs/tags/v')
|
|
uses: softprops/action-gh-release@v2
|
|
with:
|
|
files: kiosk/betterframe-kiosk-${{ steps.meta.outputs.version }}-${{ matrix.target }}
|
|
|
|
- name: Auto-import into BF server
|
|
if: env.BF_AUTOIMPORT_URL != '' && env.BF_AUTOIMPORT_API_KEY != ''
|
|
env:
|
|
BF_AUTOIMPORT_URL: ${{ secrets.BF_AUTOIMPORT_URL }}
|
|
BF_AUTOIMPORT_API_KEY: ${{ secrets.BF_AUTOIMPORT_API_KEY }}
|
|
working-directory: kiosk
|
|
run: |
|
|
bin="betterframe-kiosk-${{ steps.meta.outputs.version }}-${{ matrix.target }}"
|
|
content_b64=$(base64 -w 0 "$bin")
|
|
curl -sSf -X POST \
|
|
-H "Authorization: Bearer ${BF_AUTOIMPORT_API_KEY}" \
|
|
-H "Content-Type: application/json" \
|
|
-d "$(jq -nc \
|
|
--arg v "${{ steps.meta.outputs.version }}" \
|
|
--arg c "${{ steps.meta.outputs.channel }}" \
|
|
--arg a "${{ matrix.target }}" \
|
|
--arg n "Built by GH Actions (${{ github.sha }})" \
|
|
--arg b "$content_b64" \
|
|
'{version:$v, channel:$c, arch:$a, release_notes:$n, content_b64:$b}')" \
|
|
"${BF_AUTOIMPORT_URL}/api/admin/firmware/import"
|
|
|
|
- name: Upload artifact (always)
|
|
uses: actions/upload-artifact@v4
|
|
with:
|
|
name: betterframe-kiosk-${{ matrix.target }}
|
|
path: kiosk/betterframe-kiosk-${{ steps.meta.outputs.version }}-${{ matrix.target }}
|
|
retention-days: 14
|