[Rust]デプロイ処理を実装した (VOICEVOX#196)

* デプロイ処理を実装した onnxruntimeも一緒に出力するようにした * codesign処理追加 * /usr/bin/env に変更 * 不足していた変数定義を行った * gpu->cudaに変更した use_gpuについてもcuda制御のためのフラグだったのでuse_cudaに変更した * core.libをコピーする処理を追加 refs VOICEVOX#196 (comment) * codesign.bashに名称変更して元のscript内容と同じにした * Update .github/workflows/build_and_deploy.yml Co-authored-by: Hiroshiba <[email protected]> * linuxのcuda番のartifact_nameをgpuに変更した * onnxruntimeのコピー処理を短縮化 Co-authored-by: Hiroshiba <[email protected]>
sevenc-nanashi · Jul 23, 2022 · bdb1894 · bdb1894
1 parent a6272c0
commit bdb1894
Show file tree

Hide file tree

Showing 3 changed files with 125 additions and 12 deletions.
diff --git a/.github/workflows/build_and_deploy.yml b/.github/workflows/build_and_deploy.yml
@@ -1,44 +1,66 @@
 name: build and deploy workflow
 on:
   workflow_dispatch:
+    inputs:
+      version:
+        description: "バージョン情報（A.BB.C / A.BB.C-preview.D）"
+        required: true
+      code_signing:
+        description: "コード署名する"
+        type: boolean
+        required: false
   workflow_run:
     workflows: ["test workflow"]
     types:
       - completed
+env:
+  # releaseタグ名か、workflow_dispatchでのバージョン名か、DEBUGが入る
+  VERSION: ${{ github.event.release.tag_name || github.event.inputs.version || 'DEBUG' }}
 
+  # Raw character weights are not public.
+  # Skip uploading to GitHub Release on public repo.
+  SKIP_UPLOADING_RELEASE_ASSET: ${{ secrets.SKIP_UPLOADING_RELEASE_ASSET || '1' }}
 jobs:
   build_and_deploy:
+    environment: ${{ github.event.inputs.code_signing == 'true' && 'code_signing' }} # コード署名用のenvironment（false時の挙動は2022年7月10日時点で未定義動作）
     strategy:
       matrix:
         include:
           - os: windows-latest
             feature: default
             target: x86_64-pc-windows-msvc
-            use_gpu: false
+            artifact_name: windows-x64-cpu
+            use_cuda: false
           - os: windows-latest
             feature: default
             target: x86_64-pc-windows-msvc
-            use_gpu: true
+            artifact_name: windows-x64-cuda
+            use_cuda: true
           - os: windows-latest
             feature: default
             target: i686-pc-windows-msvc
-            use_gpu: false
+            artifact_name: windows-x86-cpu
+            use_cuda: false
           - os: ubuntu-latest
             feature: default
             target: x86_64-unknown-linux-gnu
-            use_gpu: false
+            artifact_name: linux-x64-cpu
+            use_cuda: false
           - os: ubuntu-latest
             feature: default
             target: x86_64-unknown-linux-gnu
-            use_gpu: true
+            artifact_name: linux-x64-gpu
+            use_cuda: true
           - os: macos-latest
             feature: default
             target: aarch64-apple-darwin
-            use_gpu: false
+            artifact_name: osx-aarch64-cpu
+            use_cuda: false
           - os: macos-latest
             feature: default
             target: x86_64-apple-darwin
-            use_gpu: false
+            artifact_name: osx-x64-cpu
+            use_cuda: false
     runs-on: ${{ matrix.os }}
     steps:
       - uses: actions/checkout@v2
@@ -50,7 +72,44 @@ jobs:
       - name: build release
         run: cargo build --features ${{ matrix.feature }} --target ${{ matrix.target }} --release
         env:
-          ORT_USE_CUDA: ${{ matrix.use_gpu }}
-      - name: deploy
-        if: startsWith( github.ref, 'refs/tags/' )
-        run: echo "TODO:deploy処理を実装する"
+          ORT_USE_CUDA: ${{ matrix.use_cuda }}
+      - name: Set ASSET_NAME env var
+        shell: bash
+        run: echo "ASSET_NAME=voicevox_core-${{ matrix.artifact_name }}-${{ env.VERSION }}" >> $GITHUB_ENV
+      - name: Organize artifact
+        shell: bash
+        run: |
+          mkdir -p "artifact/${{ env.ASSET_NAME }}"
+          cp -v target/core.h "artifact/${{ env.ASSET_NAME }}"
+          cp -v target/${{ matrix.target }}/release/*.{dll,so,dylib} "artifact/${{ env.ASSET_NAME }}" || true
+          cp -v target/${{ matrix.target }}/release/core.dll.lib "artifact/${{ env.ASSET_NAME }}/core.lib" || true
+          cp -v -n target/${{ matrix.target }}/release/build/onnxruntime-sys-*/out/onnxruntime_*/onnxruntime-*/lib/*.{dll,so} "artifact/${{ env.ASSET_NAME }}" || true
+          cp -v -n target/${{ matrix.target }}/release/build/onnxruntime-sys-*/out/onnxruntime_*/onnxruntime-*/lib/libonnxruntime.dylib "artifact/${{ env.ASSET_NAME }}" || true
+          cp -v README.md "artifact/${{ env.ASSET_NAME }}/README.txt"
+          echo "${{ env.VERSION }}" > "artifact/${{ env.ASSET_NAME }}/VERSION"
+      - name: Code signing (Windows)
+        if: startsWith(matrix.os, 'windows') && github.event.inputs.code_signing == 'true'
+        shell: bash
+        run: |
+          bash build_util/codesign.sh "artifact/${{ env.ASSET_NAME }}/core.dll"
+        env:
+          CERT_BASE64: ${{ secrets.CERT_BASE64 }}
+          CERT_PASSWORD: ${{ secrets.CERT_PASSWORD }}
+      - name: Archive artifact
+        shell: bash
+        if: (!contains(matrix.os , 'windows'))
+        run: |
+          cd artifact
+          zip -r "../${{ env.ASSET_NAME }}.zip" "${{ env.ASSET_NAME }}"
+      - name: Archive artifact (Windows)
+        if: contains(matrix.os, 'windows')
+        run: |
+          powershell Compress-Archive -Path "artifact/${{ env.ASSET_NAME }}" -DestinationPath "${{ env.ASSET_NAME }}.zip"
+      - name: Upload to Release
+        if: env.VERSION != 'DEBUG' && env.SKIP_UPLOADING_RELEASE_ASSET == '0'
+        uses: svenstaro/upload-release-action@v2
+        with:
+          repo_token: ${{ secrets.GITHUB_TOKEN }}
+          prerelease: true
+          tag: ${{ env.VERSION }}
+          file: ${{ env.ASSET_NAME }}.zip
diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
@@ -1,5 +1,10 @@
 name: test workflow
-on: [push, pull_request]
+on:
+  push:
+  pull_request:
+  release:
+    types:
+      - published
 jobs:
   rust-lint:
     runs-on: ubuntu-latest

diff --git a/build_util/codesign.bash b/build_util/codesign.bash
@@ -0,0 +1,49 @@
+# !!! コードサイニング証明書を取り扱うので取り扱い注意 !!!
+
+set -eu
+
+if [ -v "${CERT_BASE64}" ]; then
+    echo "CERT_BASE64が未定義です"
+    exit 1
+fi
+if [ -v "${CERT_PASSWORD}" ]; then
+    echo "CERT_PASSWORDが未定義です"
+    exit 1
+fi
+
+if [ $# -ne 1 ]; then
+    echo "引数の数が一致しません"
+    exit 1
+fi
+target_file_glob="$1"
+
+# 証明書
+CERT_PATH=cert.pfx
+echo -n "$CERT_BASE64" | base64 -d - > $CERT_PATH
+
+# 指定ファイルに署名する
+function codesign() {
+    TARGET="$1"
+    SIGNTOOL=$(find "C:/Program Files (x86)/Windows Kits/10/App Certification Kit" -name "signtool.exe" | sort -V | tail -n 1)
+    powershell "& '$SIGNTOOL' sign /fd SHA256 /td SHA256 /tr http://timestamp.digicert.com /f $CERT_PATH /p $CERT_PASSWORD '$TARGET'"
+}
+
+# 指定ファイルが署名されているか
+function is_signed() {
+    TARGET="$1"
+    SIGNTOOL=$(find "C:/Program Files (x86)/Windows Kits/10/App Certification Kit" -name "signtool.exe" | sort -V | tail -n 1)
+    powershell "& '$SIGNTOOL' verify /pa '$TARGET'" || return 1
+}
+
+# 署名されていなければ署名
+ls $target_file_glob | while read target_file; do
+    if is_signed "$target_file"; then
+        echo "署名済み: $target_file"
+    else
+        echo "署名: $target_file"
+        codesign "$target_file"
+    fi
+done
+
+# 証明書を消去
+rm $CERT_PATH