Element Desktop #1036
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Build and Deploy | |
on: | |
# Nightly build | |
schedule: | |
- cron: "0 9 * * *" | |
# Release build | |
release: | |
types: [published] | |
# Manual nightly & release | |
workflow_dispatch: | |
inputs: | |
mode: | |
description: What type of build to trigger. Release builds MUST be ran from the `master` branch. | |
required: true | |
default: nightly | |
type: choice | |
options: | |
- nightly | |
- release | |
macos: | |
description: Build macOS | |
required: true | |
type: boolean | |
default: true | |
windows: | |
description: Build Windows | |
required: true | |
type: boolean | |
default: true | |
linux: | |
description: Build Linux | |
required: true | |
type: boolean | |
default: true | |
deploy: | |
description: Deploy artifacts | |
required: true | |
type: boolean | |
default: true | |
run-name: Element ${{ inputs.mode != 'release' && github.event_name != 'release' && 'Nightly' || 'Desktop' }} | |
concurrency: ${{ github.workflow }} | |
env: | |
R2_BUCKET: ${{ vars.R2_BUCKET }} | |
permissions: {} # Uses ELEMENT_BOT_TOKEN | |
jobs: | |
prepare: | |
uses: ./.github/workflows/build_prepare.yaml | |
permissions: | |
contents: read | |
with: | |
config: element.io/${{ inputs.mode || (github.event_name == 'release' && 'release') || 'nightly' }} | |
version: ${{ (inputs.mode != 'release' && github.event_name != 'release') && 'develop' || '' }} | |
nightly: ${{ inputs.mode != 'release' && github.event_name != 'release' }} | |
deploy: ${{ inputs.deploy || (github.event_name != 'workflow_dispatch' && github.event.release.prerelease != true) }} | |
secrets: | |
CF_R2_ACCESS_KEY_ID: ${{ secrets.CF_R2_ACCESS_KEY_ID }} | |
CF_R2_TOKEN: ${{ secrets.CF_R2_TOKEN }} | |
windows: | |
if: github.event_name != 'workflow_dispatch' || inputs.windows | |
needs: prepare | |
name: Windows ${{ matrix.arch }} | |
strategy: | |
matrix: | |
arch: [ia32, x64] | |
uses: ./.github/workflows/build_windows.yaml | |
secrets: inherit | |
with: | |
sign: true | |
arch: ${{ matrix.arch }} | |
version: ${{ needs.prepare.outputs.nightly-version }} | |
macos: | |
if: github.event_name != 'workflow_dispatch' || inputs.macos | |
needs: prepare | |
name: macOS | |
uses: ./.github/workflows/build_macos.yaml | |
secrets: inherit | |
with: | |
sign: true | |
base-url: https://packages.element.io/${{ needs.prepare.outputs.packages-dir }} | |
version: ${{ needs.prepare.outputs.nightly-version }} | |
linux: | |
if: github.event_name != 'workflow_dispatch' || inputs.linux | |
needs: prepare | |
name: Linux ${{ matrix.arch }} (sqlcipher ${{ matrix.sqlcipher }}) | |
strategy: | |
matrix: | |
arch: [amd64, arm64] | |
sqlcipher: [static] | |
uses: ./.github/workflows/build_linux.yaml | |
with: | |
arch: ${{ matrix.arch }} | |
config: ${{ needs.prepare.outputs.config }} | |
sqlcipher: ${{ matrix.sqlcipher }} | |
version: ${{ needs.prepare.outputs.nightly-version }} | |
deploy: | |
needs: | |
- prepare | |
- macos | |
- linux | |
- windows | |
runs-on: ubuntu-24.04 | |
name: ${{ needs.prepare.outputs.deploy == 'true' && 'Deploy' || 'Deploy (dry-run)' }} | |
if: always() && !contains(needs.*.result, 'failure') && !contains(needs.*.result, 'cancelled') | |
environment: ${{ needs.prepare.outputs.deploy == 'true' && 'packages.element.io' || '' }} | |
steps: | |
- name: Download artifacts | |
uses: actions/download-artifact@v4 | |
- name: Prepare artifacts for deployment | |
run: | | |
# Windows | |
for arch in x64 ia32 arm64 | |
do | |
if [ -d "win-$arch" ]; then | |
mkdir -p packages.element.io/{install,update}/win32/$arch | |
mv win-$arch/squirrel-windows*/*.exe "packages.element.io/install/win32/$arch/" | |
mv win-$arch/squirrel-windows*/*.nupkg "packages.element.io/update/win32/$arch/" | |
mv win-$arch/squirrel-windows*/RELEASES "packages.element.io/update/win32/$arch/" | |
fi | |
done | |
# macOS | |
if [ -d macos ]; then | |
mkdir -p packages.element.io/{install,update}/macos | |
mv macos/*.dmg packages.element.io/install/macos/ | |
mv macos/*-mac.zip packages.element.io/update/macos/ | |
mv macos/*.json packages.element.io/update/macos/ | |
fi | |
# Linux | |
if [ -d linux-amd64-sqlcipher-static ]; then | |
mkdir -p packages.element.io/install/linux/glibc-x86-64 | |
mv linux-amd64-sqlcipher-static/*.tar.gz packages.element.io/install/linux/glibc-x86-64 | |
fi | |
if [ -d linux-arm64-sqlcipher-static ]; then | |
mkdir -p packages.element.io/install/linux/glibc-aarch64 | |
mv linux-arm64-sqlcipher-static/*.tar.gz packages.element.io/install/linux/glibc-aarch64 | |
fi | |
# We don't wish to store the installer for every nightly ever, so we only keep the latest | |
- name: "[Nightly] Strip version from installer file" | |
if: needs.prepare.outputs.nightly-version != '' | |
run: | | |
# Windows | |
for arch in x64 ia32 arm64 | |
do | |
[ -d "win-$arch" ] && mv packages.element.io/install/win32/$arch/{*,"Element Nightly Setup"}.exe | |
done | |
# macOS | |
[ -d macos ] && mv packages.element.io/install/macos/{*,"Element Nightly"}.dmg | |
# Linux | |
[ -d linux-amd64-sqlcipher-static ] && mv packages.element.io/install/linux/glibc-x86-64/{*,element-desktop-nightly}.tar.gz | |
[ -d linux-arm64-sqlcipher-static ] && mv packages.element.io/install/linux/glibc-aarch64/{*,element-desktop-nightly}.tar.gz | |
- name: "[Release] Prepare release latest symlink" | |
if: needs.prepare.outputs.nightly-version == '' | |
run: | | |
# Windows | |
for arch in x64 ia32 arm64 | |
do | |
if [ -d "win-$arch" ]; then | |
pushd packages.element.io/install/win32/$arch | |
ln -s "$(find . -type f -iname "*.exe" | xargs -0 -n1 -- basename)" "Element Setup.exe" | |
popd | |
fi | |
done | |
# macOS | |
if [ -d macos ]; then | |
pushd packages.element.io/install/macos | |
ln -s "$(find . -type f -iname "*.dmg" | xargs -0 -n1 -- basename)" "Element.dmg" | |
popd | |
fi | |
# Linux | |
if [ -d linux-amd64-sqlcipher-static ]; then | |
pushd packages.element.io/install/linux/glibc-x86-64 | |
ln -s "$(find . -type f -iname "*.tar.gz" | xargs -0 -n1 -- basename)" "element-desktop.tar.gz" | |
popd | |
fi | |
if [ -d linux-arm64-sqlcipher-static ]; then | |
pushd packages.element.io/install/linux/glibc-aarch64 | |
ln -s "$(find . -type f -iname "*.tar.gz" | xargs -0 -n1 -- basename)" "element-desktop.tar.gz" | |
popd | |
fi | |
- name: Stash packages.element.io | |
if: needs.prepare.outputs.deploy == 'false' | |
uses: actions/upload-artifact@v4 | |
with: | |
name: packages.element.io | |
path: packages.element.io | |
- name: Deploy artifacts | |
if: needs.prepare.outputs.deploy == 'true' | |
run: | | |
aws s3 cp --recursive packages.element.io/ s3://$R2_BUCKET/$DEPLOYMENT_DIR --endpoint-url $R2_URL --region auto | |
env: | |
AWS_ACCESS_KEY_ID: ${{ secrets.CF_R2_ACCESS_KEY_ID }} | |
AWS_SECRET_ACCESS_KEY: ${{ secrets.CF_R2_TOKEN }} | |
R2_URL: ${{ vars.CF_R2_S3_API }} | |
DEPLOYMENT_DIR: ${{ needs.prepare.outputs.packages-dir }} | |
- name: Notify packages.element.io of new files | |
if: needs.prepare.outputs.deploy == 'true' | |
uses: peter-evans/repository-dispatch@ff45666b9427631e3450c54a1bcbee4d9ff4d7c0 # v3 | |
with: | |
token: ${{ secrets.ELEMENT_BOT_TOKEN }} | |
repository: element-hq/packages.element.io | |
event-type: packages-index | |
- name: Find debs | |
id: deb | |
if: needs.linux.result == 'success' | |
run: | | |
for arch in amd64 arm64 | |
do | |
echo "$arch=$(ls linux-$arch-sqlcipher-static/*.deb | tail -n1)" >> $GITHUB_OUTPUT | |
done | |
- name: Stash debs | |
if: needs.prepare.outputs.deploy == 'false' && needs.linux.result == 'success' | |
uses: actions/upload-artifact@v4 | |
with: | |
name: debs | |
path: | | |
${{ steps.deb.outputs.amd64 }} | |
${{ steps.deb.outputs.arm64 }} | |
- name: Publish amd64 deb to packages.element.io | |
uses: element-hq/packages.element.io@master | |
if: needs.prepare.outputs.deploy == 'true' && needs.linux.result == 'success' | |
with: | |
file: ${{ steps.deb.outputs.amd64 }} | |
github-token: ${{ secrets.ELEMENT_BOT_TOKEN }} | |
bucket-api: ${{ vars.CF_R2_S3_API }} | |
bucket-key-id: ${{ secrets.CF_R2_ACCESS_KEY_ID }} | |
bucket-access-key: ${{ secrets.CF_R2_TOKEN }} | |
- name: Publish arm64 deb to packages.element.io | |
uses: element-hq/packages.element.io@master | |
if: needs.prepare.outputs.deploy == 'true' && needs.linux.result == 'success' | |
with: | |
file: ${{ steps.deb.outputs.arm64 }} | |
github-token: ${{ secrets.ELEMENT_BOT_TOKEN }} | |
bucket-api: ${{ vars.CF_R2_S3_API }} | |
bucket-key-id: ${{ secrets.CF_R2_ACCESS_KEY_ID }} | |
bucket-access-key: ${{ secrets.CF_R2_TOKEN }} | |
deploy-ess: | |
needs: deploy | |
runs-on: ubuntu-24.04 | |
name: Deploy builds to ESS | |
if: needs.prepare.outputs.deploy == 'true' && github.event_name == 'release' | |
env: | |
BUCKET_NAME: "element-desktop-msi.onprem.element.io" | |
AWS_REGION: "eu-central-1" | |
permissions: | |
id-token: write # This is required for requesting the JWT | |
steps: | |
- name: Configure AWS credentials | |
uses: aws-actions/configure-aws-credentials@v4 | |
with: | |
role-to-assume: arn:aws:iam::264135176173:role/Push-ElementDesktop-MSI | |
role-session-name: githubaction-run-${{ github.run_id }} | |
aws-region: ${{ env.AWS_REGION }} | |
- name: Download artifacts | |
uses: actions/download-artifact@v4 | |
with: | |
pattern: win-* | |
- name: Copy files to S3 | |
run: | | |
PREFIX="${VERSION%.*}" | |
for file in win-*/*.msi; do | |
filename=$(basename "$file") | |
aws s3 cp "$file" "s3://${{ env.BUCKET_NAME }}/$PREFIX/$filename" | |
done | |
env: | |
VERSION: ${{ github.event.release.tag_name }} |