diff --git a/.github/workflows/release-windows.yml b/.github/workflows/release-windows.yml new file mode 100644 --- /dev/null +++ b/.github/workflows/release-windows.yml @@ -0,0 +1,201 @@ +name: Release (Windows) + +on: + workflow_call: + inputs: + is_tag: + required: true + type: string + +jobs: + windows: + name: Windows + + strategy: + fail-fast: false + matrix: + include: + - arch: x86 + host: x86 + - arch: x64 + host: x64 + - arch: arm64 + host: x64_arm64 + + runs-on: windows-latest + + steps: + - name: Download source + uses: actions/download-artifact@v3 + with: + name: internal-source + + - name: Unpack source + shell: bash + run: | + tar -xf source.tar.gz --strip-components=1 + + - name: Install dependencies + shell: bash + run: | + choco install pandoc + + - name: Prepare cache key + id: key + shell: powershell + run: | + # Work around caching failure with GNU tar + New-Item -Type Junction -Path vcpkg -Target c:\vcpkg + + Write-Output "image=$env:ImageOS-$env:ImageVersion" >> $env:GITHUB_OUTPUT + + - name: Enable vcpkg cache + uses: actions/cache@v3 + with: + path: vcpkg/installed + key: ${{ steps.key.outputs.image }}-vcpkg-${{ matrix.arch }}-0 # Increase the number whenever dependencies are modified + restore-keys: | + ${{ steps.key.outputs.image }}-vcpkg-${{ matrix.arch }} + + - name: Prepare vcpkg + shell: bash + run: | + vcpkg install --triplet=${{ matrix.arch }}-windows-static \ + liblzma \ + libpng \ + lzo \ + zlib \ + # EOF + + - name: Install MSVC problem matcher + uses: ammaraskar/msvc-problem-matcher@master + + - name: Configure developer command prompt for tools + uses: ilammy/msvc-dev-cmd@v1 + with: + arch: x64 + + - name: Build tools + shell: bash + run: | + mkdir build-host + cd build-host + + echo "::group::CMake" + cmake ${GITHUB_WORKSPACE} \ + -GNinja \ + -DOPTION_TOOLS_ONLY=ON \ + -DCMAKE_BUILD_TYPE=RelWithDebInfo \ + # EOF + echo "::endgroup::" + + echo "::group::Build" + cmake --build . --target tools + echo "::endgroup::" + + - name: Configure developer command prompt for ${{ matrix.arch }} + uses: ilammy/msvc-dev-cmd@v1 + with: + arch: ${{ matrix.host }} + + - name: Import code signing certificate + shell: powershell + # If this is run on a fork, there may not be a certificate set up - continue in this case + continue-on-error: true + run: | + $tempFile = [System.IO.Path]::GetTempFileName() + $bytes = [System.Convert]::FromBase64String($env:WINDOWS_CERTIFICATE_P12) + [IO.File]::WriteAllBytes($tempFile, $bytes) + $pwd = ConvertTo-SecureString $env:WINDOWS_CERTIFICATE_PASSWORD -AsPlainText -Force + Import-PfxCertificate -FilePath $tempFile -CertStoreLocation Cert:\CurrentUser\My -Password $pwd + Remove-Item $tempFile + env: + WINDOWS_CERTIFICATE_P12: ${{ secrets.WINDOWS_CERTIFICATE_P12 }} + WINDOWS_CERTIFICATE_PASSWORD: ${{ secrets.WINDOWS_CERTIFICATE_PASSWORD }} + + - name: Build (with installer) + if: inputs.is_tag == 'true' + shell: bash + run: | + mkdir build + cd build + + echo "::group::CMake" + cmake ${GITHUB_WORKSPACE} \ + -GNinja \ + -DVCPKG_TARGET_TRIPLET=${{ matrix.arch }}-windows-static \ + -DCMAKE_TOOLCHAIN_FILE="c:\vcpkg\scripts\buildsystems\vcpkg.cmake" \ + -DOPTION_USE_NSIS=ON \ + -DHOST_BINARY_DIR=${GITHUB_WORKSPACE}/build-host \ + -DCMAKE_BUILD_TYPE=RelWithDebInfo \ + -DWINDOWS_CERTIFICATE_COMMON_NAME="${WINDOWS_CERTIFICATE_COMMON_NAME}" \ + # EOF + echo "::endgroup::" + + echo "::group::Build" + cmake --build . + echo "::endgroup::" + env: + WINDOWS_CERTIFICATE_COMMON_NAME: ${{ secrets.WINDOWS_CERTIFICATE_COMMON_NAME }} + + - name: Build (without installer) + if: inputs.is_tag != 'true' + shell: bash + run: | + mkdir build + cd build + + echo "::group::CMake" + cmake ${GITHUB_WORKSPACE} \ + -GNinja \ + -DVCPKG_TARGET_TRIPLET=${{ matrix.arch }}-windows-static \ + -DCMAKE_TOOLCHAIN_FILE="c:\vcpkg\scripts\buildsystems\vcpkg.cmake" \ + -DHOST_BINARY_DIR=${GITHUB_WORKSPACE}/build-host \ + -DCMAKE_BUILD_TYPE=RelWithDebInfo \ + -DWINDOWS_CERTIFICATE_COMMON_NAME="${WINDOWS_CERTIFICATE_COMMON_NAME}" \ + # EOF + echo "::endgroup::" + + echo "::group::Build" + cmake --build . + echo "::endgroup::" + env: + WINDOWS_CERTIFICATE_COMMON_NAME: ${{ secrets.WINDOWS_CERTIFICATE_COMMON_NAME }} + + - name: Create bundles + shell: bash + run: | + cd ${GITHUB_WORKSPACE}/build + echo "::group::Run CPack" + cpack + echo "::endgroup::" + + echo "::group::Prepare PDB to be bundled" + PDB=$(ls bundles/*.zip | cut -d/ -f2 | sed 's/.zip$/.pdb/') + cp openttd.pdb bundles/${PDB} + xz -9 bundles/${PDB} + echo "::endgroup::" + + echo "::group::Cleanup" + # Remove the sha256 files CPack generates; we will do this ourself at + # the end of this workflow. + rm -f bundles/*.sha256 + echo "::endgroup::" + + - name: Sign installer + if: inputs.is_tag == 'true' + shell: bash + # If this is run on a fork, there may not be a certificate set up - continue in this case + continue-on-error: true + run: | + cd ${GITHUB_WORKSPACE}/build/bundles + ../../os/windows/sign.bat *.exe "${WINDOWS_CERTIFICATE_COMMON_NAME}" + env: + WINDOWS_CERTIFICATE_COMMON_NAME: ${{ secrets.WINDOWS_CERTIFICATE_COMMON_NAME }} + + - name: Store bundles + uses: actions/upload-artifact@v3 + with: + name: openttd-windows-${{ matrix.arch }} + path: build/bundles + retention-days: 5