From fca833fd00574f40e7d149941564b9a1fee49f73 Mon Sep 17 00:00:00 2001 From: botanicvelious Date: Wed, 18 Jan 2023 02:34:53 -0700 Subject: [PATCH 01/13] fix key check in nightly yaml --- .github/workflows/flutter-nightly.yml | 23 ++++++++++++++++++++--- 1 file changed, 20 insertions(+), 3 deletions(-) diff --git a/.github/workflows/flutter-nightly.yml b/.github/workflows/flutter-nightly.yml index d5782eabf..99bb20d48 100644 --- a/.github/workflows/flutter-nightly.yml +++ b/.github/workflows/flutter-nightly.yml @@ -15,8 +15,8 @@ env: # for multiarch gcc compatibility VCPKG_COMMIT_ID: "14e7bb4ae24616ec54ff6b2f6ef4e8659434ea44" VERSION: "1.2.0" - RS_PUB_KEY: '${{ secrets.RS_PUB_KEY }}' - RENDEZVOUS_SERVER: '${{ secrets.RENDEZVOUS_SERVER }}' + # To make a custom build with your own servers set the below secret values + RS_PUB_KEY: '${{ secrets.RS_PUB_KEY_VAL }}' jobs: build-for-windows: @@ -152,6 +152,7 @@ jobs: uses: actions/checkout@v3 - name: Import the codesign cert + if: ${{ env.MACOS_P12_BASE64== 'true' }} uses: apple-actions/import-codesign-certs@v1 with: p12-file-base64: ${{ secrets.MACOS_P12_BASE64 }} @@ -159,11 +160,13 @@ jobs: keychain: rustdesk - name: Check sign and import sign key + if: ${{ env.MACOS_P12_BASE64== 'true' }} run: | security default-keychain -s rustdesk.keychain security find-identity -v - name: Import notarize key + if: ${{ env.MACOS_P12_BASE64== 'true' }} uses: timheuer/base64-to-file@v1.2 with: # https://gregoryszorc.com/docs/apple-codesign/stable/apple_codesign_rcodesign.html#notarizing-and-stapling @@ -172,6 +175,7 @@ jobs: encodedString: ${{ secrets.MACOS_NOTARIZE_JSON }} - name: Install rcodesign tool + if: ${{ env.MACOS_P12_BASE64== 'true' }} shell: bash run: | pushd /tmp @@ -242,6 +246,7 @@ jobs: ./build.py --flutter ${{ matrix.job.extra-build-args }} - name: Codesign app and create signed dmg + if: ${{ env.MACOS_P12_BASE64== 'true' }} run: | security default-keychain -s rustdesk.keychain security unlock-keychain -p ${{ secrets.MACOS_P12_PASSWORD }} rustdesk.keychain @@ -554,6 +559,7 @@ jobs: - uses: r0adkll/sign-android-release@v1 name: Sign app APK + if: ${{ env.ANDROID_SIGNING_KEY== 'true' }} id: sign-rustdesk with: releaseDirectory: ./signed-apk @@ -566,12 +572,14 @@ jobs: BUILD_TOOLS_VERSION: "30.0.2" - name: Upload Artifacts + if: ${{ env.ANDROID_SIGNING_KEY== 'true' }} uses: actions/upload-artifact@master with: name: rustdesk-${{ env.VERSION }}-${{ matrix.job.target }}-release-signed.apk path: ${{steps.sign-rustdesk.outputs.signedReleaseFile}} - - name: Publish apk package + - name: Publish signed apk package + if: ${{ env.ANDROID_SIGNING_KEY== 'true' }} uses: softprops/action-gh-release@v1 with: prerelease: true @@ -579,6 +587,15 @@ jobs: files: | ${{steps.sign-rustdesk.outputs.signedReleaseFile}} + - name: Publish unsigned apk package + if: ${{ env.ANDROID_SIGNING_KEY!= 'true' }} + uses: softprops/action-gh-release@v1 + with: + prerelease: true + tag_name: ${{ env.TAG_NAME }} + files: | + ../rustdesk-${{ env.VERSION }}-${{ matrix.job.target }}-release.apk + build-rustdesk-lib-linux-amd64: needs: [generate-bridge-linux, build-vcpkg-deps-linux] name: build-rust-lib ${{ matrix.job.target }} (${{ matrix.job.os }}) [${{ matrix.job.extra-build-features }}] From ac6797e4806bff8144886ccb168879f54d90eea1 Mon Sep 17 00:00:00 2001 From: botanicvelious Date: Wed, 18 Jan 2023 02:35:35 -0700 Subject: [PATCH 02/13] RS_PUB_KEY --- .github/workflows/flutter-nightly.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/flutter-nightly.yml b/.github/workflows/flutter-nightly.yml index 99bb20d48..cb32ac9d4 100644 --- a/.github/workflows/flutter-nightly.yml +++ b/.github/workflows/flutter-nightly.yml @@ -16,7 +16,7 @@ env: VCPKG_COMMIT_ID: "14e7bb4ae24616ec54ff6b2f6ef4e8659434ea44" VERSION: "1.2.0" # To make a custom build with your own servers set the below secret values - RS_PUB_KEY: '${{ secrets.RS_PUB_KEY_VAL }}' + RS_PUB_KEY: '${{ secrets.RS_PUB_KEY }}' jobs: build-for-windows: From c8d1480e4e08d21e9018cc81576f1c06715fbc9f Mon Sep 17 00:00:00 2001 From: botanicvelious Date: Wed, 18 Jan 2023 02:36:05 -0700 Subject: [PATCH 03/13] add RENDEZVOUS_SERVER --- .github/workflows/flutter-nightly.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/flutter-nightly.yml b/.github/workflows/flutter-nightly.yml index cb32ac9d4..0d1571d9d 100644 --- a/.github/workflows/flutter-nightly.yml +++ b/.github/workflows/flutter-nightly.yml @@ -17,6 +17,7 @@ env: VERSION: "1.2.0" # To make a custom build with your own servers set the below secret values RS_PUB_KEY: '${{ secrets.RS_PUB_KEY }}' + RENDEZVOUS_SERVER: '${{ secrets.RENDEZVOUS_SERVER }}' jobs: build-for-windows: From 92d009b93d8c94685b3822ea19f8e7b60fd3732b Mon Sep 17 00:00:00 2001 From: botanicvelious Date: Wed, 18 Jan 2023 19:18:02 -0700 Subject: [PATCH 04/13] replace env with secrets for consistency. --- .github/workflows/flutter-nightly.yml | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/.github/workflows/flutter-nightly.yml b/.github/workflows/flutter-nightly.yml index 0d1571d9d..2b0e492c3 100644 --- a/.github/workflows/flutter-nightly.yml +++ b/.github/workflows/flutter-nightly.yml @@ -153,7 +153,7 @@ jobs: uses: actions/checkout@v3 - name: Import the codesign cert - if: ${{ env.MACOS_P12_BASE64== 'true' }} + if: ${{ secrets.MACOS_P12_BASE64== 'true' }} uses: apple-actions/import-codesign-certs@v1 with: p12-file-base64: ${{ secrets.MACOS_P12_BASE64 }} @@ -161,13 +161,13 @@ jobs: keychain: rustdesk - name: Check sign and import sign key - if: ${{ env.MACOS_P12_BASE64== 'true' }} + if: ${{ secrets.MACOS_P12_BASE64== 'true' }} run: | security default-keychain -s rustdesk.keychain security find-identity -v - name: Import notarize key - if: ${{ env.MACOS_P12_BASE64== 'true' }} + if: ${{ secrets.MACOS_P12_BASE64== 'true' }} uses: timheuer/base64-to-file@v1.2 with: # https://gregoryszorc.com/docs/apple-codesign/stable/apple_codesign_rcodesign.html#notarizing-and-stapling @@ -176,7 +176,7 @@ jobs: encodedString: ${{ secrets.MACOS_NOTARIZE_JSON }} - name: Install rcodesign tool - if: ${{ env.MACOS_P12_BASE64== 'true' }} + if: ${{ secrets.MACOS_P12_BASE64== 'true' }} shell: bash run: | pushd /tmp @@ -247,7 +247,7 @@ jobs: ./build.py --flutter ${{ matrix.job.extra-build-args }} - name: Codesign app and create signed dmg - if: ${{ env.MACOS_P12_BASE64== 'true' }} + if: ${{ secrets.MACOS_P12_BASE64== 'true' }} run: | security default-keychain -s rustdesk.keychain security unlock-keychain -p ${{ secrets.MACOS_P12_PASSWORD }} rustdesk.keychain @@ -560,7 +560,7 @@ jobs: - uses: r0adkll/sign-android-release@v1 name: Sign app APK - if: ${{ env.ANDROID_SIGNING_KEY== 'true' }} + if: ${{ secrets.ANDROID_SIGNING_KEY== 'true' }} id: sign-rustdesk with: releaseDirectory: ./signed-apk @@ -573,14 +573,14 @@ jobs: BUILD_TOOLS_VERSION: "30.0.2" - name: Upload Artifacts - if: ${{ env.ANDROID_SIGNING_KEY== 'true' }} + if: ${{ secrets.ANDROID_SIGNING_KEY== 'true' }} uses: actions/upload-artifact@master with: name: rustdesk-${{ env.VERSION }}-${{ matrix.job.target }}-release-signed.apk path: ${{steps.sign-rustdesk.outputs.signedReleaseFile}} - name: Publish signed apk package - if: ${{ env.ANDROID_SIGNING_KEY== 'true' }} + if: ${{ secrets.ANDROID_SIGNING_KEY== 'true' }} uses: softprops/action-gh-release@v1 with: prerelease: true @@ -589,7 +589,7 @@ jobs: ${{steps.sign-rustdesk.outputs.signedReleaseFile}} - name: Publish unsigned apk package - if: ${{ env.ANDROID_SIGNING_KEY!= 'true' }} + if: ${{ secrets.ANDROID_SIGNING_KEY!= 'true' }} uses: softprops/action-gh-release@v1 with: prerelease: true From 4f5b359cfce149b84b3b09c1ecc8708177443e00 Mon Sep 17 00:00:00 2001 From: botanicvelious Date: Wed, 18 Jan 2023 19:25:43 -0700 Subject: [PATCH 05/13] env not secret MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit You can only use the env context in the value of the with and name keys, or in a step’s if conditional, the secret value is not defined yet as its before the with. --- .github/workflows/flutter-nightly.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/flutter-nightly.yml b/.github/workflows/flutter-nightly.yml index 2b0e492c3..65bb6f6c8 100644 --- a/.github/workflows/flutter-nightly.yml +++ b/.github/workflows/flutter-nightly.yml @@ -153,7 +153,7 @@ jobs: uses: actions/checkout@v3 - name: Import the codesign cert - if: ${{ secrets.MACOS_P12_BASE64== 'true' }} + if: ${{ env.MACOS_P12_BASE64== 'true' }} uses: apple-actions/import-codesign-certs@v1 with: p12-file-base64: ${{ secrets.MACOS_P12_BASE64 }} From fd346edebd406d22e02255d08a92988780cadc27 Mon Sep 17 00:00:00 2001 From: botanicvelious Date: Wed, 18 Jan 2023 19:28:57 -0700 Subject: [PATCH 06/13] env not secret must use env. not secret in if's --- .github/workflows/flutter-nightly.yml | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/.github/workflows/flutter-nightly.yml b/.github/workflows/flutter-nightly.yml index 65bb6f6c8..0d1571d9d 100644 --- a/.github/workflows/flutter-nightly.yml +++ b/.github/workflows/flutter-nightly.yml @@ -161,13 +161,13 @@ jobs: keychain: rustdesk - name: Check sign and import sign key - if: ${{ secrets.MACOS_P12_BASE64== 'true' }} + if: ${{ env.MACOS_P12_BASE64== 'true' }} run: | security default-keychain -s rustdesk.keychain security find-identity -v - name: Import notarize key - if: ${{ secrets.MACOS_P12_BASE64== 'true' }} + if: ${{ env.MACOS_P12_BASE64== 'true' }} uses: timheuer/base64-to-file@v1.2 with: # https://gregoryszorc.com/docs/apple-codesign/stable/apple_codesign_rcodesign.html#notarizing-and-stapling @@ -176,7 +176,7 @@ jobs: encodedString: ${{ secrets.MACOS_NOTARIZE_JSON }} - name: Install rcodesign tool - if: ${{ secrets.MACOS_P12_BASE64== 'true' }} + if: ${{ env.MACOS_P12_BASE64== 'true' }} shell: bash run: | pushd /tmp @@ -247,7 +247,7 @@ jobs: ./build.py --flutter ${{ matrix.job.extra-build-args }} - name: Codesign app and create signed dmg - if: ${{ secrets.MACOS_P12_BASE64== 'true' }} + if: ${{ env.MACOS_P12_BASE64== 'true' }} run: | security default-keychain -s rustdesk.keychain security unlock-keychain -p ${{ secrets.MACOS_P12_PASSWORD }} rustdesk.keychain @@ -560,7 +560,7 @@ jobs: - uses: r0adkll/sign-android-release@v1 name: Sign app APK - if: ${{ secrets.ANDROID_SIGNING_KEY== 'true' }} + if: ${{ env.ANDROID_SIGNING_KEY== 'true' }} id: sign-rustdesk with: releaseDirectory: ./signed-apk @@ -573,14 +573,14 @@ jobs: BUILD_TOOLS_VERSION: "30.0.2" - name: Upload Artifacts - if: ${{ secrets.ANDROID_SIGNING_KEY== 'true' }} + if: ${{ env.ANDROID_SIGNING_KEY== 'true' }} uses: actions/upload-artifact@master with: name: rustdesk-${{ env.VERSION }}-${{ matrix.job.target }}-release-signed.apk path: ${{steps.sign-rustdesk.outputs.signedReleaseFile}} - name: Publish signed apk package - if: ${{ secrets.ANDROID_SIGNING_KEY== 'true' }} + if: ${{ env.ANDROID_SIGNING_KEY== 'true' }} uses: softprops/action-gh-release@v1 with: prerelease: true @@ -589,7 +589,7 @@ jobs: ${{steps.sign-rustdesk.outputs.signedReleaseFile}} - name: Publish unsigned apk package - if: ${{ secrets.ANDROID_SIGNING_KEY!= 'true' }} + if: ${{ env.ANDROID_SIGNING_KEY!= 'true' }} uses: softprops/action-gh-release@v1 with: prerelease: true From 5a214d91852c7da9593f357d30d9db9d522a4dd1 Mon Sep 17 00:00:00 2001 From: botanicvelious Date: Wed, 18 Jan 2023 19:38:41 -0700 Subject: [PATCH 07/13] set env values for if's --- .github/workflows/flutter-nightly.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/.github/workflows/flutter-nightly.yml b/.github/workflows/flutter-nightly.yml index 0d1571d9d..466ad3d59 100644 --- a/.github/workflows/flutter-nightly.yml +++ b/.github/workflows/flutter-nightly.yml @@ -15,6 +15,9 @@ env: # for multiarch gcc compatibility VCPKG_COMMIT_ID: "14e7bb4ae24616ec54ff6b2f6ef4e8659434ea44" VERSION: "1.2.0" + #signing keys + ANDROID_SIGNING_KEY: '${{ secrets.ANDROID_SIGNING_KEY }}' + MACOS_P12_BASE64: '${{ secrets.MACOS_P12_BASE64 }}' # To make a custom build with your own servers set the below secret values RS_PUB_KEY: '${{ secrets.RS_PUB_KEY }}' RENDEZVOUS_SERVER: '${{ secrets.RENDEZVOUS_SERVER }}' From 74a7523662d58bfd5cc0b036fc17fe22d21f7df5 Mon Sep 17 00:00:00 2001 From: botanicvelious Date: Wed, 18 Jan 2023 19:45:17 -0700 Subject: [PATCH 08/13] fix env.MACOS_P12_BASE64 --- .github/workflows/flutter-nightly.yml | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/.github/workflows/flutter-nightly.yml b/.github/workflows/flutter-nightly.yml index 466ad3d59..e1bd90593 100644 --- a/.github/workflows/flutter-nightly.yml +++ b/.github/workflows/flutter-nightly.yml @@ -156,7 +156,7 @@ jobs: uses: actions/checkout@v3 - name: Import the codesign cert - if: ${{ env.MACOS_P12_BASE64== 'true' }} + if: env.MACOS_P12_BASE64 != null uses: apple-actions/import-codesign-certs@v1 with: p12-file-base64: ${{ secrets.MACOS_P12_BASE64 }} @@ -164,13 +164,13 @@ jobs: keychain: rustdesk - name: Check sign and import sign key - if: ${{ env.MACOS_P12_BASE64== 'true' }} + if: env.MACOS_P12_BASE64 != null run: | security default-keychain -s rustdesk.keychain security find-identity -v - name: Import notarize key - if: ${{ env.MACOS_P12_BASE64== 'true' }} + if: env.MACOS_P12_BASE64 != null uses: timheuer/base64-to-file@v1.2 with: # https://gregoryszorc.com/docs/apple-codesign/stable/apple_codesign_rcodesign.html#notarizing-and-stapling @@ -179,7 +179,7 @@ jobs: encodedString: ${{ secrets.MACOS_NOTARIZE_JSON }} - name: Install rcodesign tool - if: ${{ env.MACOS_P12_BASE64== 'true' }} + if: env.MACOS_P12_BASE64 != null shell: bash run: | pushd /tmp @@ -250,7 +250,7 @@ jobs: ./build.py --flutter ${{ matrix.job.extra-build-args }} - name: Codesign app and create signed dmg - if: ${{ env.MACOS_P12_BASE64== 'true' }} + if: env.MACOS_P12_BASE64 != null run: | security default-keychain -s rustdesk.keychain security unlock-keychain -p ${{ secrets.MACOS_P12_PASSWORD }} rustdesk.keychain From 9e43a071764896071661e4f3711f4f02aec6402e Mon Sep 17 00:00:00 2001 From: botanicvelious Date: Wed, 18 Jan 2023 19:50:32 -0700 Subject: [PATCH 09/13] update ANDROID_SIGNING_KEY --- .github/workflows/flutter-nightly.yml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/flutter-nightly.yml b/.github/workflows/flutter-nightly.yml index e1bd90593..393df44f7 100644 --- a/.github/workflows/flutter-nightly.yml +++ b/.github/workflows/flutter-nightly.yml @@ -563,7 +563,7 @@ jobs: - uses: r0adkll/sign-android-release@v1 name: Sign app APK - if: ${{ env.ANDROID_SIGNING_KEY== 'true' }} + if: env.ANDROID_SIGNING_KEY != null id: sign-rustdesk with: releaseDirectory: ./signed-apk @@ -576,14 +576,14 @@ jobs: BUILD_TOOLS_VERSION: "30.0.2" - name: Upload Artifacts - if: ${{ env.ANDROID_SIGNING_KEY== 'true' }} + if: env.ANDROID_SIGNING_KEY != null uses: actions/upload-artifact@master with: name: rustdesk-${{ env.VERSION }}-${{ matrix.job.target }}-release-signed.apk path: ${{steps.sign-rustdesk.outputs.signedReleaseFile}} - name: Publish signed apk package - if: ${{ env.ANDROID_SIGNING_KEY== 'true' }} + if: env.ANDROID_SIGNING_KEY != null uses: softprops/action-gh-release@v1 with: prerelease: true @@ -592,7 +592,7 @@ jobs: ${{steps.sign-rustdesk.outputs.signedReleaseFile}} - name: Publish unsigned apk package - if: ${{ env.ANDROID_SIGNING_KEY!= 'true' }} + if: env.ANDROID_SIGNING_KEY != null uses: softprops/action-gh-release@v1 with: prerelease: true From 5e9b9d52087e5a0adc64a3da48acae4f16bb21a4 Mon Sep 17 00:00:00 2001 From: botanicvelious Date: Wed, 18 Jan 2023 19:50:57 -0700 Subject: [PATCH 10/13] Update flutter-nightly.yml --- .github/workflows/flutter-nightly.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/flutter-nightly.yml b/.github/workflows/flutter-nightly.yml index 393df44f7..a782de229 100644 --- a/.github/workflows/flutter-nightly.yml +++ b/.github/workflows/flutter-nightly.yml @@ -15,7 +15,7 @@ env: # for multiarch gcc compatibility VCPKG_COMMIT_ID: "14e7bb4ae24616ec54ff6b2f6ef4e8659434ea44" VERSION: "1.2.0" - #signing keys + #signing keys env variable checks ANDROID_SIGNING_KEY: '${{ secrets.ANDROID_SIGNING_KEY }}' MACOS_P12_BASE64: '${{ secrets.MACOS_P12_BASE64 }}' # To make a custom build with your own servers set the below secret values From d58b834c4c7bcbb7e6f16604358d08a6a820e471 Mon Sep 17 00:00:00 2001 From: botanicvelious Date: Wed, 18 Jan 2023 19:58:00 -0700 Subject: [PATCH 11/13] verify .secrets --- .github/workflows/flutter-nightly.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/flutter-nightly.yml b/.github/workflows/flutter-nightly.yml index a782de229..84b0c13c7 100644 --- a/.github/workflows/flutter-nightly.yml +++ b/.github/workflows/flutter-nightly.yml @@ -156,7 +156,7 @@ jobs: uses: actions/checkout@v3 - name: Import the codesign cert - if: env.MACOS_P12_BASE64 != null + if: secrets.MACOS_P12_BASE64 != null uses: apple-actions/import-codesign-certs@v1 with: p12-file-base64: ${{ secrets.MACOS_P12_BASE64 }} From 86885eb5b4d8ee2e6b2bcadb3a5ddeb3cb296490 Mon Sep 17 00:00:00 2001 From: botanicvelious Date: Wed, 18 Jan 2023 19:59:07 -0700 Subject: [PATCH 12/13] .secrets doesnt work in if --- .github/workflows/flutter-nightly.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/flutter-nightly.yml b/.github/workflows/flutter-nightly.yml index 84b0c13c7..a782de229 100644 --- a/.github/workflows/flutter-nightly.yml +++ b/.github/workflows/flutter-nightly.yml @@ -156,7 +156,7 @@ jobs: uses: actions/checkout@v3 - name: Import the codesign cert - if: secrets.MACOS_P12_BASE64 != null + if: env.MACOS_P12_BASE64 != null uses: apple-actions/import-codesign-certs@v1 with: p12-file-base64: ${{ secrets.MACOS_P12_BASE64 }} From fac375c017d1b79b014572c111e4579b7859bcb5 Mon Sep 17 00:00:00 2001 From: botanicvelious Date: Wed, 18 Jan 2023 20:29:51 -0700 Subject: [PATCH 13/13] fix unsigned app publish --- .github/workflows/flutter-nightly.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/flutter-nightly.yml b/.github/workflows/flutter-nightly.yml index a782de229..08b1af79b 100644 --- a/.github/workflows/flutter-nightly.yml +++ b/.github/workflows/flutter-nightly.yml @@ -592,7 +592,7 @@ jobs: ${{steps.sign-rustdesk.outputs.signedReleaseFile}} - name: Publish unsigned apk package - if: env.ANDROID_SIGNING_KEY != null + if: env.ANDROID_SIGNING_KEY == null uses: softprops/action-gh-release@v1 with: prerelease: true