Skip to content

IEP-1616 CI unification #1314

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
wants to merge 10 commits into
base: master
Choose a base branch
from
Open

IEP-1616 CI unification #1314

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
10 commits
Select commit Hold shift + click to select a range
84f4b56
feat: testing ci unification
sigmaaa Sep 23, 2025
405b2a4
feat: providing a strategy matrix to avoid repetition
sigmaaa Sep 24, 2025
ab61881
fix: fixing ci yaml and formatting
sigmaaa Sep 24, 2025
efe9977
feat: Refactor CI matrix for custom runner and test config
sigmaaa Sep 24, 2025
9f21fec
fix: removing tabs that breaks yml file
sigmaaa Sep 24, 2025
0961eca
fix: replace bash if condition
sigmaaa Sep 24, 2025
b5af544
fix: fixing run maven line for windows
sigmaaa Sep 24, 2025
884baca
fix: adding clone dependency
sigmaaa Sep 24, 2025
03f73b3
fix: removing the auto tab
sigmaaa Sep 24, 2025
83e77ba
fix: removing bad indentation
sigmaaa Sep 24, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
288 changes: 149 additions & 139 deletions .github/workflows/ci.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,7 +1,4 @@
# This workflow will build a Java project with Maven
# For more information see: https://help.github.com/actions/language-and-framework-guides/building-and-testing-java-with-maven

name: Java CI with Maven
name: Java CI with Maven

on:
push:
Expand All @@ -10,142 +7,155 @@ on:
branches: [ master ]

jobs:
build:

runs-on:
- self-hosted
- eclipse
- BrnoUBU0004
build_and_publish_macos:
runs-on: macos-latest
outputs:
version: ${{ steps.extract_version.outputs.VERSION }}

steps:
- uses: actions/checkout@v2

- name: Clone IDF Release From Github
uses: actions/checkout@v2
with:
repository: espressif/esp-idf
path: dependencies/idf-tools
submodules: 'true'
ref: release/v5.4

- name: Set up Python
uses: actions/setup-python@v2
with:
python-version: '3.10'

- name: Set up Maven
uses: stCarolas/setup-maven@v5
with:
maven-version: 3.9.6

- name: Set up JDK 21
uses: actions/setup-java@v4
with:
java-version: '21'
distribution: 'temurin'

- name: Build with Maven
run: export NO_AT_BRIDGE=1 && mvn clean verify -Djarsigner.skip=true -DskipTests=false -DtestWorkspace=/opt/actions-runner/_work/workspace

- name: Publish Test Reports
if: ${{ always() }}
uses: phoenix-actions/test-reporting@v12
with:
name: Linux Test Reports
path:
tests/*/*/*/TEST-*.xml
reporter: java-junit

build_macos:
runs-on: macos-latest
- uses: actions/checkout@v4

- name: Set up JDK 21
uses: actions/setup-java@v4
with:
java-version: '21'
distribution: 'temurin'

- name: Build with Maven
run: mvn clean verify -Djarsigner.skip=true

- name: Extract version number
id: extract_version
run: |
version=$(ls releng/com.espressif.idf.product/target/products/Espressif-IDE-*.tar.gz | sed -E 's/.*Espressif-IDE-([0-9]+\.[0-9]+\.[0-9]+)-.*/\1/' | head -n 1)
echo "VERSION=$version" >> $GITHUB_ENV
echo "VERSION=$version" >> $GITHUB_OUTPUT

Comment on lines +27 to +33
Copy link

@coderabbitai coderabbitai bot Sep 24, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue

Harden version extraction; current ls/sed is fragile and nondeterministic

Resolve via Maven-evaluated project.version with strict erroring.

       - name: Extract version number
         id: extract_version
-        run: |
-          version=$(ls releng/com.espressif.idf.product/target/products/Espressif-IDE-*.tar.gz | sed -E 's/.*Espressif-IDE-([0-9]+\.[0-9]+\.[0-9]+)-.*/\1/' | head -n 1)
-          echo "VERSION=$version" >> $GITHUB_ENV
-          echo "VERSION=$version" >> $GITHUB_OUTPUT
+        run: |
+          set -euo pipefail
+          version=$(mvn -q -Dexpression=project.version -DforceStdout help:evaluate | tail -n1)
+          if [ -z "${version:-}" ]; then
+            echo "Failed to determine version" >&2
+            exit 1
+          fi
+          echo "VERSION=$version" >> "$GITHUB_ENV"
+          echo "VERSION=$version" >> "$GITHUB_OUTPUT"
📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
- name: Extract version number
id: extract_version
run: |
version=$(ls releng/com.espressif.idf.product/target/products/Espressif-IDE-*.tar.gz | sed -E 's/.*Espressif-IDE-([0-9]+\.[0-9]+\.[0-9]+)-.*/\1/' | head -n 1)
echo "VERSION=$version" >> $GITHUB_ENV
echo "VERSION=$version" >> $GITHUB_OUTPUT
- name: Extract version number
id: extract_version
run: |
set -euo pipefail
version=$(mvn -q -Dexpression=project.version -DforceStdout help:evaluate | tail -n1)
if [ -z "${version:-}" ]; then
echo "Failed to determine version" >&2
exit 1
fi
echo "VERSION=$version" >> "$GITHUB_ENV"
echo "VERSION=$version" >> "$GITHUB_OUTPUT"
🤖 Prompt for AI Agents 
.github/workflows/ci.yml around lines 27 to 33: the current version extraction
using ls/sed is fragile and nondeterministic; replace it with a Maven evaluation
of project.version (e.g., run mvn help:evaluate -Dexpression=project.version -q
-DforceStdout) capture the output into a variable, validate it's non-empty and
fail the step with a non-zero exit code if empty, and then export the validated
version to both $GITHUB_ENV and $GITHUB_OUTPUT so the workflow uses the
canonical Maven project.version reliably.

- name: Upload build artifacts (update site)
if: ${{ !cancelled() }}
uses: actions/upload-artifact@v4
with:
name: com.espressif.idf.update-${{ env.VERSION }}
path: releng/com.espressif.idf.update/target/repository

- name: Upload Windows x86_64 artifact
if: ${{ !cancelled() }}
uses: actions/upload-artifact@v4
with:
name: Espressif-IDE-${{ env.VERSION }}-win32
path: releng/com.espressif.idf.product/target/products/Espressif-IDE-${{ env.VERSION }}-win32.win32.x86_64.zip

- name: Upload Linux x86_64 artifact
if: ${{ !cancelled() }}
uses: actions/upload-artifact@v4
with:
name: Espressif-IDE-${{ env.VERSION }}-linux.gtk.x86_64
path: releng/com.espressif.idf.product/target/products/Espressif-IDE-${{ env.VERSION }}-linux.gtk.x86_64.tar.gz

- name: Upload Linux ARM64 artifact
if: ${{ !cancelled() }}
uses: actions/upload-artifact@v4
with:
name: Espressif-IDE-${{ env.VERSION }}-linux.gtk.aarch64
path: releng/com.espressif.idf.product/target/products/Espressif-IDE-${{ env.VERSION }}-linux.gtk.aarch64.tar.gz

- name: Codesign Espressif-IDE
env:
MACOS_CERTIFICATE: ${{ secrets.MACOS_CERTIFICATE }}
MACOS_CERTIFICATE_PWD: ${{ secrets.MACOS_CERTIFICATE_PWD }}
run: |
Comment on lines +63 to +66
Copy link

@coderabbitai coderabbitai bot Sep 24, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🛠️ Refactor suggestion

Propagate GITHUB_TOKEN to codesign/upload step

The gh CLI relies on GITHUB_TOKEN. Add it to this step’s env to avoid auth issues when uploading artifacts.

Apply this diff:

       - name: Codesign and create DMGs (macOS)
         env:
           MACOS_CERTIFICATE: ${{ secrets.MACOS_CERTIFICATE }}
           MACOS_CERTIFICATE_PWD: ${{ secrets.MACOS_CERTIFICATE_PWD }}
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
env:
MACOS_CERTIFICATE: ${{ secrets.MACOS_CERTIFICATE }}
MACOS_CERTIFICATE_PWD: ${{ secrets.MACOS_CERTIFICATE_PWD }}
run: |
- name: Codesign and create DMGs (macOS)
env:
MACOS_CERTIFICATE: ${{ secrets.MACOS_CERTIFICATE }}
MACOS_CERTIFICATE_PWD: ${{ secrets.MACOS_CERTIFICATE_PWD }}
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: |
🤖 Prompt for AI Agents 
.github/workflows/ci.yml around lines 49 to 52: the codesign/upload step sets
MACOS_CERTIFICATE and MACOS_CERTIFICATE_PWD in env but does not export
GITHUB_TOKEN which the gh CLI needs for authentication; update the step's env to
include GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} so the gh CLI can authenticate
when uploading artifacts.

echo $MACOS_CERTIFICATE | base64 --decode > certificate.p12
/usr/bin/security create-keychain -p espressif build.keychain
/usr/bin/security default-keychain -s build.keychain
/usr/bin/security unlock-keychain -p espressif build.keychain
/usr/bin/security import certificate.p12 -k build.keychain -P $MACOS_CERTIFICATE_PWD -T /usr/bin/codesign
/usr/bin/security set-key-partition-list -S apple-tool:,apple:,codesign: -s -k espressif build.keychain

echo "codesigning espressif-ide-macosx.cocoa.x86_64"
/usr/bin/codesign --entitlements $PWD/releng/com.espressif.idf.product/entitlements/espressif-ide.entitlement --options runtime --force -s "ESPRESSIF SYSTEMS (SHANGHAI) CO., LTD. (QWXF6GB4AV)" $PWD/releng/com.espressif.idf.product/target/products/com.espressif.idf.product/macosx/cocoa/x86_64/Espressif-IDE.app -v
/usr/bin/codesign -v -vvv --deep $PWD/releng/com.espressif.idf.product/target/products/com.espressif.idf.product/macosx/cocoa/x86_64/Espressif-IDE.app

echo "codesigning espressif-ide-macosx.cocoa.aarch64"
/usr/bin/codesign --entitlements $PWD/releng/com.espressif.idf.product/entitlements/espressif-ide.entitlement --options runtime --force -s "ESPRESSIF SYSTEMS (SHANGHAI) CO., LTD. (QWXF6GB4AV)" $PWD/releng/com.espressif.idf.product/target/products/com.espressif.idf.product/macosx/cocoa/aarch64/Espressif-IDE.app -v
/usr/bin/codesign -v -vvv --deep $PWD/releng/com.espressif.idf.product/target/products/com.espressif.idf.product/macosx/cocoa/aarch64/Espressif-IDE.app

echo "Creating dmg for espressif-ide-macosx.cocoa.x86_64"
$PWD/releng/ide-dmg-builder/ide-dmg-builder.sh
/usr/bin/codesign --entitlements $PWD/releng/com.espressif.idf.product/entitlements/espressif-ide.entitlement --options runtime --force -s "ESPRESSIF SYSTEMS (SHANGHAI) CO., LTD. (QWXF6GB4AV)" $PWD/releng/ide-dmg-builder/Espressif-IDE-macosx-cocoa-x86_64.dmg -v
/usr/bin/codesign -v -vvv --deep $PWD/releng/ide-dmg-builder/Espressif-IDE-macosx-cocoa-x86_64.dmg

echo "Creating dmg for espressif-ide-macosx.cocoa.aarch64"
$PWD/releng/ide-dmg-builder/ide-dmg-builder-aarch64.sh
/usr/bin/codesign --options runtime --force -s "ESPRESSIF SYSTEMS (SHANGHAI) CO., LTD. (QWXF6GB4AV)" $PWD/releng/ide-dmg-builder/Espressif-IDE-macosx-cocoa-aarch64.dmg -v
/usr/bin/codesign -v -vvv --deep $PWD/releng/ide-dmg-builder/Espressif-IDE-macosx-cocoa-aarch64.dmg

Comment on lines +62 to +91
Copy link

@coderabbitai coderabbitai bot Sep 24, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue

Codesigning step: fix secret handling, unify DMG signing, and clean up keychain

  • Avoid echo injecting newlines into base64; use printf.
  • DMG signing is inconsistent (entitlements used for x86_64 but not aarch64). Use the same flags for both; entitlements are typically unnecessary for DMGs.
  • Delete temporary cert and keychain to reduce footprint on runner.
       - name: Codesign Espressif-IDE
         env:
           MACOS_CERTIFICATE: ${{ secrets.MACOS_CERTIFICATE }}
           MACOS_CERTIFICATE_PWD: ${{ secrets.MACOS_CERTIFICATE_PWD }}
         run: |
-          echo $MACOS_CERTIFICATE | base64 --decode > certificate.p12
+          printf %s "$MACOS_CERTIFICATE" | base64 --decode > certificate.p12
           /usr/bin/security create-keychain -p espressif build.keychain
           /usr/bin/security default-keychain -s build.keychain
           /usr/bin/security unlock-keychain -p espressif build.keychain
           /usr/bin/security import certificate.p12 -k build.keychain -P $MACOS_CERTIFICATE_PWD -T /usr/bin/codesign
           /usr/bin/security set-key-partition-list -S apple-tool:,apple:,codesign: -s -k espressif build.keychain

           echo "codesigning espressif-ide-macosx.cocoa.x86_64"
           /usr/bin/codesign --entitlements $PWD/releng/com.espressif.idf.product/entitlements/espressif-ide.entitlement --options runtime --force -s "ESPRESSIF SYSTEMS (SHANGHAI) CO., LTD. (QWXF6GB4AV)" $PWD/releng/com.espressif.idf.product/target/products/com.espressif.idf.product/macosx/cocoa/x86_64/Espressif-IDE.app -v
           /usr/bin/codesign -v -vvv --deep $PWD/releng/com.espressif.idf.product/target/products/com.espressif.idf.product/macosx/cocoa/x86_64/Espressif-IDE.app

           echo "codesigning espressif-ide-macosx.cocoa.aarch64"
           /usr/bin/codesign --entitlements $PWD/releng/com.espressif.idf.product/entitlements/espressif-ide.entitlement --options runtime --force -s "ESPRESSIF SYSTEMS (SHANGHAI) CO., LTD. (QWXF6GB4AV)" $PWD/releng/com.espressif.idf.product/target/products/com.espressif.idf.product/macosx/cocoa/aarch64/Espressif-IDE.app -v
           /usr/bin/codesign -v -vvv --deep $PWD/releng/com.espressif.idf.product/target/products/com.espressif.idf.product/macosx/cocoa/aarch64/Espressif-IDE.app

           echo "Creating dmg for espressif-ide-macosx.cocoa.x86_64"
           $PWD/releng/ide-dmg-builder/ide-dmg-builder.sh
-          /usr/bin/codesign --entitlements $PWD/releng/com.espressif.idf.product/entitlements/espressif-ide.entitlement --options runtime --force -s "ESPRESSIF SYSTEMS (SHANGHAI) CO., LTD. (QWXF6GB4AV)" $PWD/releng/ide-dmg-builder/Espressif-IDE-macosx-cocoa-x86_64.dmg -v
+          /usr/bin/codesign --options runtime --force -s "ESPRESSIF SYSTEMS (SHANGHAI) CO., LTD. (QWXF6GB4AV)" "$PWD/releng/ide-dmg-builder/Espressif-IDE-macosx-cocoa-x86_64.dmg" -v
           /usr/bin/codesign -v -vvv --deep $PWD/releng/ide-dmg-builder/Espressif-IDE-macosx-cocoa-x86_64.dmg

           echo "Creating dmg for espressif-ide-macosx.cocoa.aarch64"
           $PWD/releng/ide-dmg-builder/ide-dmg-builder-aarch64.sh
           /usr/bin/codesign --options runtime --force -s "ESPRESSIF SYSTEMS (SHANGHAI) CO., LTD. (QWXF6GB4AV)" $PWD/releng/ide-dmg-builder/Espressif-IDE-macosx-cocoa-aarch64.dmg -v
           /usr/bin/codesign -v -vvv --deep $PWD/releng/ide-dmg-builder/Espressif-IDE-macosx-cocoa-aarch64.dmg
+          rm -f certificate.p12
+          /usr/bin/security delete-keychain build.keychain || true
📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
- name: Codesign Espressif-IDE
env:
MACOS_CERTIFICATE: ${{ secrets.MACOS_CERTIFICATE }}
MACOS_CERTIFICATE_PWD: ${{ secrets.MACOS_CERTIFICATE_PWD }}
run: |
echo $MACOS_CERTIFICATE | base64 --decode > certificate.p12
/usr/bin/security create-keychain -p espressif build.keychain
/usr/bin/security default-keychain -s build.keychain
/usr/bin/security unlock-keychain -p espressif build.keychain
/usr/bin/security import certificate.p12 -k build.keychain -P $MACOS_CERTIFICATE_PWD -T /usr/bin/codesign
/usr/bin/security set-key-partition-list -S apple-tool:,apple:,codesign: -s -k espressif build.keychain
echo "codesigning espressif-ide-macosx.cocoa.x86_64"
/usr/bin/codesign --entitlements $PWD/releng/com.espressif.idf.product/entitlements/espressif-ide.entitlement --options runtime --force -s "ESPRESSIF SYSTEMS (SHANGHAI) CO., LTD. (QWXF6GB4AV)" $PWD/releng/com.espressif.idf.product/target/products/com.espressif.idf.product/macosx/cocoa/x86_64/Espressif-IDE.app -v
/usr/bin/codesign -v -vvv --deep $PWD/releng/com.espressif.idf.product/target/products/com.espressif.idf.product/macosx/cocoa/x86_64/Espressif-IDE.app
echo "codesigning espressif-ide-macosx.cocoa.aarch64"
/usr/bin/codesign --entitlements $PWD/releng/com.espressif.idf.product/entitlements/espressif-ide.entitlement --options runtime --force -s "ESPRESSIF SYSTEMS (SHANGHAI) CO., LTD. (QWXF6GB4AV)" $PWD/releng/com.espressif.idf.product/target/products/com.espressif.idf.product/macosx/cocoa/aarch64/Espressif-IDE.app -v
/usr/bin/codesign -v -vvv --deep $PWD/releng/com.espressif.idf.product/target/products/com.espressif.idf.product/macosx/cocoa/aarch64/Espressif-IDE.app
echo "Creating dmg for espressif-ide-macosx.cocoa.x86_64"
$PWD/releng/ide-dmg-builder/ide-dmg-builder.sh
/usr/bin/codesign --entitlements $PWD/releng/com.espressif.idf.product/entitlements/espressif-ide.entitlement --options runtime --force -s "ESPRESSIF SYSTEMS (SHANGHAI) CO., LTD. (QWXF6GB4AV)" $PWD/releng/ide-dmg-builder/Espressif-IDE-macosx-cocoa-x86_64.dmg -v
/usr/bin/codesign -v -vvv --deep $PWD/releng/ide-dmg-builder/Espressif-IDE-macosx-cocoa-x86_64.dmg
echo "Creating dmg for espressif-ide-macosx.cocoa.aarch64"
$PWD/releng/ide-dmg-builder/ide-dmg-builder-aarch64.sh
/usr/bin/codesign --options runtime --force -s "ESPRESSIF SYSTEMS (SHANGHAI) CO., LTD. (QWXF6GB4AV)" $PWD/releng/ide-dmg-builder/Espressif-IDE-macosx-cocoa-aarch64.dmg -v
/usr/bin/codesign -v -vvv --deep $PWD/releng/ide-dmg-builder/Espressif-IDE-macosx-cocoa-aarch64.dmg
- name: Codesign Espressif-IDE
env:
MACOS_CERTIFICATE: ${{ secrets.MACOS_CERTIFICATE }}
MACOS_CERTIFICATE_PWD: ${{ secrets.MACOS_CERTIFICATE_PWD }}
run: |
printf %s "$MACOS_CERTIFICATE" | base64 --decode > certificate.p12
/usr/bin/security create-keychain -p espressif build.keychain
/usr/bin/security default-keychain -s build.keychain
/usr/bin/security unlock-keychain -p espressif build.keychain
/usr/bin/security import certificate.p12 -k build.keychain -P $MACOS_CERTIFICATE_PWD -T /usr/bin/codesign
/usr/bin/security set-key-partition-list -S apple-tool:,apple:,codesign: -s -k espressif build.keychain
echo "codesigning espressif-ide-macosx.cocoa.x86_64"
/usr/bin/codesign --entitlements $PWD/releng/com.espressif.idf.product/entitlements/espressif-ide.entitlement \
--options runtime --force -s "ESPRESSIF SYSTEMS (SHANGHAI) CO., LTD. (QWXF6GB4AV)" \
$PWD/releng/com.espressif.idf.product/target/products/com.espressif.idf.product/macosx/cocoa/x86_64/Espressif-IDE.app -v
/usr/bin/codesign -v -vvv --deep \
$PWD/releng/com.espressif.idf.product/target/products/com.espressif.idf.product/macosx/cocoa/x86_64/Espressif-IDE.app
echo "codesigning espressif-ide-macosx.cocoa.aarch64"
/usr/bin/codesign --entitlements $PWD/releng/com.espressif.idf.product/entitlements/espressif-ide.entitlement \
--options runtime --force -s "ESPRESSIF SYSTEMS (SHANGHAI) CO., LTD. (QWXF6GB4AV)" \
$PWD/releng/com.espressif.idf.product/target/products/com.espressif.idf.product/macosx/cocoa/aarch64/Espressif-IDE.app -v
/usr/bin/codesign -v -vvv --deep \
$PWD/releng/com.espressif.idf.product/target/products/com.espressif.idf.product/macosx/cocoa/aarch64/Espressif-IDE.app
echo "Creating dmg for espressif-ide-macosx.cocoa-x86_64"
$PWD/releng/ide-dmg-builder/ide-dmg-builder.sh
/usr/bin/codesign --options runtime --force \
-s "ESPRESSIF SYSTEMS (SHANGHAI) CO., LTD. (QWXF6GB4AV)" \
"$PWD/releng/ide-dmg-builder/Espressif-IDE-macosx-cocoa-x86_64.dmg" -v
/usr/bin/codesign -v -vvv --deep \
$PWD/releng/ide-dmg-builder/Espressif-IDE-macosx-cocoa-x86_64.dmg
echo "Creating dmg for espressif-ide-macosx.cocoa-aarch64"
$PWD/releng/ide-dmg-builder/ide-dmg-builder-aarch64.sh
/usr/bin/codesign --options runtime --force \
-s "ESPRESSIF SYSTEMS (SHANGHAI) CO., LTD. (QWXF6GB4AV)" \
$PWD/releng/ide-dmg-builder/Espressif-IDE-macosx-cocoa-aarch64.dmg -v
/usr/bin/codesign -v -vvv --deep \
$PWD/releng/ide-dmg-builder/Espressif-IDE-macosx-cocoa-aarch64.dmg
rm -f certificate.p12
/usr/bin/security delete-keychain build.keychain || true

- name: Upload espressif-ide-macosx.cocoa.x86_64 dmg
if: ${{ !cancelled() }}
uses: actions/upload-artifact@v4
with:
name: Espressif-IDE-${{ env.VERSION }}-macosx.cocoa.x86_64
path: releng/ide-dmg-builder/Espressif-IDE-macosx-cocoa-x86_64.dmg

- name: Upload espressif-ide-macosx.cocoa.aarch64 dmg
if: ${{ !cancelled() }}
uses: actions/upload-artifact@v4
with:
name: Espressif-IDE-${{ env.VERSION }}-macosx.cocoa.aarch64
path: releng/ide-dmg-builder/Espressif-IDE-macosx-cocoa-aarch64.dmg

build_and_test:
strategy:
matrix:
include:
- os: linux
runner: [self-hosted, eclipse, BrnoUBU0004]
testWorkspace: /opt/actions-runner/_work/workspace
reportName: Linux Test Reports
- os: windows
runner: [self-hosted, eclipseUpd, BrnoWIN0007]
testWorkspace: C:/actions-runner/_work/workspace
reportName: Windows Test Reports
fail-fast: false

runs-on: ${{ matrix.runner }}

steps:
- uses: actions/checkout@v2

- name: Set up JDK 21
uses: actions/setup-java@v4
with:
java-version: '21'
distribution: 'temurin'

- name: Build with Maven
run: mvn clean verify -Djarsigner.skip=true

- name: Extract version number
id: extract_version
run: |
# List all files and extract the version number from the file names
version=$(ls releng/com.espressif.idf.product/target/products/Espressif-IDE-*.tar.gz | sed -E 's/.*Espressif-IDE-([0-9]+\.[0-9]+\.[0-9]+)-.*/\1/' | head -n 1)
echo "VERSION=${version}" >> $GITHUB_ENV

- name: Upload build artifacts
if: ${{ !cancelled() }}
uses: actions/upload-artifact@v4
with:
name: com.espressif.idf.update-${{ env.VERSION }}
path: releng/com.espressif.idf.update/target/repository

- name: Upload Windows x86_64 artifact
if: ${{ !cancelled() }}
uses: actions/upload-artifact@v4
with:
name: Espressif-IDE-${{ env.VERSION }}-win32
path: releng/com.espressif.idf.product/target/products/Espressif-IDE-${{ env.VERSION }}-win32.win32.x86_64.zip

- name: Upload Linux x86_64 artifact
if: ${{ !cancelled() }}
uses: actions/upload-artifact@v4
with:
name: Espressif-IDE-${{ env.VERSION }}-linux.gtk.x86_64
path: releng/com.espressif.idf.product/target/products/Espressif-IDE-${{ env.VERSION }}-linux.gtk.x86_64.tar.gz

- name: Upload Linux ARM64 artifact
if: ${{ !cancelled() }}
uses: actions/upload-artifact@v4
with:
name: Espressif-IDE-${{ env.VERSION }}-linux.gtk.aarch64
path: releng/com.espressif.idf.product/target/products/Espressif-IDE-${{ env.VERSION }}-linux.gtk.aarch64.tar.gz

- name: Codesign Espressif-IDE
env:
MACOS_CERTIFICATE: ${{ secrets.MACOS_CERTIFICATE }}
MACOS_CERTIFICATE_PWD: ${{ secrets.MACOS_CERTIFICATE_PWD }}
run: |
echo $MACOS_CERTIFICATE | base64 --decode > certificate.p12
/usr/bin/security create-keychain -p espressif build.keychain
/usr/bin/security default-keychain -s build.keychain
/usr/bin/security unlock-keychain -p espressif build.keychain
/usr/bin/security import certificate.p12 -k build.keychain -P $MACOS_CERTIFICATE_PWD -T /usr/bin/codesign
/usr/bin/security set-key-partition-list -S apple-tool:,apple:,codesign: -s -k espressif build.keychain

echo "codesigning espressif-ide-macosx.cocoa.x86_64"
/usr/bin/codesign --entitlements $PWD/releng/com.espressif.idf.product/entitlements/espressif-ide.entitlement --options runtime --force -s "ESPRESSIF SYSTEMS (SHANGHAI) CO., LTD. (QWXF6GB4AV)" $PWD/releng/com.espressif.idf.product/target/products/com.espressif.idf.product/macosx/cocoa/x86_64/Espressif-IDE.app -v
/usr/bin/codesign -v -vvv --deep $PWD/releng/com.espressif.idf.product/target/products/com.espressif.idf.product/macosx/cocoa/x86_64/Espressif-IDE.app

echo "codesigning espressif-ide-macosx.cocoa.aarch64"
/usr/bin/codesign --entitlements $PWD/releng/com.espressif.idf.product/entitlements/espressif-ide.entitlement --options runtime --force -s "ESPRESSIF SYSTEMS (SHANGHAI) CO., LTD. (QWXF6GB4AV)" $PWD/releng/com.espressif.idf.product/target/products/com.espressif.idf.product/macosx/cocoa/aarch64/Espressif-IDE.app -v
/usr/bin/codesign -v -vvv --deep $PWD/releng/com.espressif.idf.product/target/products/com.espressif.idf.product/macosx/cocoa/aarch64/Espressif-IDE.app

echo "Creating dmg for espressif-ide-macosx.cocoa.x86_64"
$PWD/releng/ide-dmg-builder/ide-dmg-builder.sh
/usr/bin/codesign --entitlements $PWD/releng/com.espressif.idf.product/entitlements/espressif-ide.entitlement --options runtime --force -s "ESPRESSIF SYSTEMS (SHANGHAI) CO., LTD. (QWXF6GB4AV)" $PWD/releng/ide-dmg-builder/Espressif-IDE-macosx-cocoa-x86_64.dmg -v
/usr/bin/codesign -v -vvv --deep $PWD/releng/ide-dmg-builder/Espressif-IDE-macosx-cocoa-x86_64.dmg

echo "Creating dmg for espressif-ide-macosx.cocoa.aarch64"
$PWD/releng/ide-dmg-builder/ide-dmg-builder-aarch64.sh
/usr/bin/codesign --options runtime --force -s "ESPRESSIF SYSTEMS (SHANGHAI) CO., LTD. (QWXF6GB4AV)" $PWD/releng/ide-dmg-builder/Espressif-IDE-macosx-cocoa-aarch64.dmg -v
/usr/bin/codesign -v -vvv --deep $PWD/releng/ide-dmg-builder/Espressif-IDE-macosx-cocoa-aarch64.dmg

- name: Upload espressif-ide-macosx.cocoa.x86_64 dmg
if: ${{ !cancelled() }}
uses: actions/upload-artifact@v4
with:
name: Espressif-IDE-${{ env.VERSION }}-macosx.cocoa.x86_64
path: releng/ide-dmg-builder/Espressif-IDE-macosx-cocoa-x86_64.dmg

- name: Upload espressif-ide-macosx.cocoa.aarch64 dmg
if: ${{ !cancelled() }}
uses: actions/upload-artifact@v4
with:
name: Espressif-IDE-${{ env.VERSION }}-macosx.cocoa.aarch64
path: releng/ide-dmg-builder/Espressif-IDE-macosx-cocoa-aarch64.dmg
- uses: actions/checkout@v4

- name: Clone IDF Release From Github
uses: actions/checkout@v4
with:
repository: espressif/esp-idf
path: dependencies/idf-tools
submodules: 'true'
ref: release/v5.4

- name: Set up Python
uses: actions/setup-python@v4
with:
python-version: '3.11'

Comment on lines +134 to +137
Copy link

@coderabbitai coderabbitai bot Sep 24, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue

Update setup-python to v5 (actionlint failure)

actionlint reports v4 is too old for GitHub Actions’ current runtime. Bump to v5.

Apply this diff:

-      - name: Set up Python
-        uses: actions/setup-python@v4
+      - name: Set up Python
+        uses: actions/setup-python@v5
📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
uses: actions/setup-python@v4
with:
python-version: '3.11'
uses: actions/setup-python@v5
with:
python-version: '3.11'
🧰 Tools
🪛 actionlint (1.7.7)

85-85: the runner of "actions/setup-python@v4" action is too old to run on GitHub Actions. update the action's version to fix this issue

(action)

🤖 Prompt for AI Agents 
In .github/workflows/ci.yml around lines 85 to 88, the workflow uses
actions/setup-python@v4 which actionlint flags as too old; update the action to
actions/setup-python@v5 by replacing the uses line accordingly (keep the with:
python-version: '3.11' block intact) so the workflow uses the supported v5
release.

- name: Set up Maven
uses: stCarolas/setup-maven@v5
with:
maven-version: 3.9.6

- name: Set up JDK 21
uses: actions/setup-java@v4
with:
java-version: '21'
distribution: 'temurin'

- name: Set NO_AT_BRIDGE
if: runner.os == 'linux'
run: export NO_AT_BRIDGE=1
- name: Run Maven
run: mvn verify "-Djarsigner.skip=true" "-DskipTests=false" "-DtestWorkspace=${{ matrix.testWorkspace }}"

- name: Publish Test Reports
if: ${{ always() }}
uses: phoenix-actions/test-reporting@v12
with:
name: ${{ matrix.reportName }}
path: tests/*/*/*/TEST-*.xml
reporter: java-junit
56 changes: 0 additions & 56 deletions .github/workflows/ci_windows.yml
View file
Open in desktop

This file was deleted.

Loading