-
-
Notifications
You must be signed in to change notification settings - Fork 11.1k
313 lines (279 loc) · 10.9 KB
/
build-linux.yml
File metadata and controls
313 lines (279 loc) · 10.9 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
name: Build Linux App
on:
workflow_call:
inputs:
version:
required: true
type: string
build_type:
required: true
type: string
installer_base_name:
required: true
type: string
linux_arch:
required: false
type: string
default: all
enable_ip_check:
description: "Enable public IP change validation in Linux connect smoke"
required: false
type: boolean
default: false
force_full_tunnel_smoke:
description: "Force full tunnel routing mode in Linux connect smoke"
required: false
type: boolean
default: false
run_auth_smoke:
description: "Run Linux auth smoke integration tests"
required: false
type: boolean
default: false
permissions:
contents: "read"
jobs:
build-linux:
strategy:
fail-fast: false
matrix: ${{ fromJSON(inputs.linux_arch == 'arm64' && '{"include":[{"arch":"arm64","runner":"ubuntu-24.04-arm"}]}' || inputs.linux_arch == 'amd64' && '{"include":[{"arch":"amd64","runner":"ubuntu-latest"}]}' || inputs.linux_arch == 'all' && '{"include":[{"arch":"amd64","runner":"ubuntu-latest"},{"arch":"arm64","runner":"ubuntu-24.04-arm"}]}') }}
env:
BUILD_TYPE: ${{ inputs.build_type }}
VERSION: ${{ inputs.version }}
TARGET_ARCH: ${{ matrix.arch }}
FULL_INSTALLER_NAME: ${{ inputs.installer_base_name }}${{ inputs.build_type != 'production' && format('-{0}', inputs.build_type) || '' }}${{ matrix.arch == 'arm64' && '-arm64' || '' }}
runs-on: ${{ matrix.runner }}
steps:
- name: Checkout repository
uses: actions/checkout@v4
- name: Download pubspec.yaml
uses: actions/download-artifact@v4
with:
name: pubspec
- name: Set up Go
uses: actions/setup-go@v5
with:
go-version-file: "go.mod"
cache: true
- name: Cache Flutter dependencies
uses: actions/cache@v4
timeout-minutes: 5
continue-on-error: true
with:
path: |
~/.pub-cache
key: ${{ runner.os }}-flutter-${{ hashFiles('**/pubspec.lock') }}
restore-keys: |
${{ runner.os }}-flutter-
- name: Cache APT archives
uses: actions/cache@v4
timeout-minutes: 5
continue-on-error: true
with:
path: ~/.cache/apt/archives
key: ${{ runner.os }}-${{ matrix.arch }}-apt-archives-v1-${{ hashFiles('.github/workflows/build-linux.yml') }}
restore-keys: |
${{ runner.os }}-${{ matrix.arch }}-apt-archives-v1-
- name: Install Linux dependencies
run: |
set -euxo pipefail
APT_ARCHIVE_DIR="$HOME/.cache/apt/archives"
mkdir -p "$APT_ARCHIVE_DIR/partial"
required_packages=(
clang
cmake
pkg-config
libgtk-3-dev
liblzma-dev
libgl1-mesa-dev
libegl1-mesa-dev
libayatana-appindicator3-dev
libcurl4-openssl-dev
libwebkit2gtk-4.1-dev
patchelf
xvfb
)
missing_packages=()
for pkg in "${required_packages[@]}"; do
if ! dpkg -s "$pkg" >/dev/null 2>&1; then
missing_packages+=("$pkg")
fi
done
if [ "${#missing_packages[@]}" -gt 0 ]; then
sudo apt-get update
sudo DEBIAN_FRONTEND=noninteractive apt-get install -y --no-install-recommends \
-o dir::cache::archives="$APT_ARCHIVE_DIR" \
"${missing_packages[@]}"
else
echo "All Linux build dependencies are already installed"
fi
- name: Install the ninja build tool
uses: seanmiddleditch/gha-setup-ninja@master
- name: Load Flutter version
shell: bash
run: |
set -euo pipefail
FLUTTER_VERSION=$(grep -E '^[[:space:]]*flutter:' .github/flutter-version.yaml | sed -E 's/.*"([^"]+)".*/\1/')
if [[ -z "$FLUTTER_VERSION" ]]; then
echo "Failed to parse Flutter version from .github/flutter-version.yaml" >&2
exit 1
fi
echo "FLUTTER_VERSION=$FLUTTER_VERSION" >> "$GITHUB_ENV"
- name: Install Flutter (amd64)
uses: subosito/flutter-action@v2.22.0
if: ${{ matrix.arch == 'amd64' }}
with:
channel: stable
flutter-version-file: .github/flutter-version.yaml
cache: true
- name: Install Flutter (arm64 fallback)
if: ${{ matrix.arch == 'arm64' }}
shell: bash
run: |
set -euo pipefail
FLUTTER_HOME="$HOME/flutter"
git clone --depth 1 --branch "$FLUTTER_VERSION" https://github.com/flutter/flutter.git "$FLUTTER_HOME"
echo "$FLUTTER_HOME/bin" >> "$GITHUB_PATH"
export PATH="$FLUTTER_HOME/bin:$PATH"
flutter --version
- name: Install dependencies
run: make install-linux-deps
- name: Enable Flutter Desktop Support
run: |
flutter config --enable-linux-desktop
- name: Decode APP_ENV
uses: timheuer/base64-to-file@v1.2
with:
fileName: "app.env"
fileDir: ${{ github.workspace }}
encodedString: ${{ secrets.APP_ENV }}
- name: Build Linux release
run: make linux-release-ci
env:
BUILD_TYPE: ${{ inputs.build_type }}
VERSION: ${{ inputs.version }}
INSTALLER_NAME: ${{ inputs.installer_base_name }}
LINUX_TARGET_ARCH: ${{ matrix.arch }}
LINUX_CC_AMD64: gcc
LINUX_CC_ARM64: gcc
- name: Verify Linux package contents
run: |
./scripts/ci/verify_linux_package.sh "./${{ env.FULL_INSTALLER_NAME }}.deb" "${{ matrix.arch }}"
- name: Install .deb and verify postinst started daemon
shell: bash
run: |
set -euxo pipefail
deb="./${{ env.FULL_INSTALLER_NAME }}.deb"
test -f "$deb"
sudo apt-get install -y "$deb"
for i in $(seq 1 30); do
if systemctl is-active --quiet lanternd.service; then
break
fi
sleep 1
done
if ! systemctl is-active --quiet lanternd.service; then
sudo systemctl status lanternd.service --no-pager || true
sudo journalctl -u lanternd.service -n 200 --no-pager || true
echo "lanternd.service is not active after package install"
exit 1
fi
if ! systemctl is-enabled --quiet lanternd.service; then
echo "lanternd.service is not enabled after package install"
exit 1
fi
systemctl is-active --quiet lanternd.service
test -S /run/lantern/lanternd.sock
sudo stat -c "%a %U %G %n" /run/lantern/lanternd.sock
- name: Installed binary launch smoke
shell: bash
run: |
set -euxo pipefail
code=0
env HOME=$HOME PATH=$PATH xvfb-run -a timeout 15s /usr/bin/lantern >/tmp/lantern-installed-smoke.log 2>&1 || code=$?
if [[ "$code" -ne 124 ]]; then
cat /tmp/lantern-installed-smoke.log || true
echo "Installed /usr/bin/lantern did not stay up under xvfb"
exit 1
fi
- name: Linux UI connect/disconnect integration
shell: bash
env:
LANG: en_US.UTF-8
LC_ALL: en_US.UTF-8
JOIN_SERVER_CONFIG_URLS: ${{ secrets.JOIN_SERVER_CONFIG_URLS }}
JOIN_SERVER_CONFIG_SERVER_NAME: ${{ vars.JOIN_SERVER_CONFIG_SERVER_NAME }}
JOIN_SERVER_CONFIG_SKIP_CERT_VERIFICATION: "true"
run: |
set -euxo pipefail
TEST_START_UTC="$(date -u '+%Y-%m-%d %H:%M:%S')"
ENABLE_IP_CHECK=false
if [[ "${{ inputs.enable_ip_check }}" == "true" && "${TARGET_ARCH}" == "amd64" ]]; then
ENABLE_IP_CHECK=true
fi
FLUTTER_DART_DEFINES="--dart-define=DISABLE_SYSTEM_TRAY=true --dart-define=ENABLE_IP_CHECK=${ENABLE_IP_CHECK}"
if [[ "${{ inputs.force_full_tunnel_smoke }}" == "true" ]]; then
FLUTTER_DART_DEFINES="${FLUTTER_DART_DEFINES} --dart-define=SMOKE_FORCE_FULL_TUNNEL=true"
fi
set +e
env PATH=$PATH HOME=$HOME timeout --signal=TERM --kill-after=30s 8m xvfb-run -a flutter test integration_test/vpn/linux_connect_smoke_test.dart -d linux --reporter=expanded ${FLUTTER_DART_DEFINES}
SMOKE_EXIT=$?
set -e
sudo journalctl -u lanternd.service --since "$TEST_START_UTC" --no-pager > /tmp/lanternd-journal-ui-smoke.log
if [[ "$SMOKE_EXIT" -eq 124 ]]; then
echo "Linux UI connect/disconnect smoke timed out after 8m"
tail -n 200 /tmp/lanternd-journal-ui-smoke.log || true
exit 1
fi
if [[ "$SMOKE_EXIT" -ne 0 ]]; then
tail -n 200 /tmp/lanternd-journal-ui-smoke.log || true
exit "$SMOKE_EXIT"
fi
if ! grep -Eq 'IPC request.*path=/vpn/connect' /tmp/lanternd-journal-ui-smoke.log; then
echo "Missing /vpn/connect IPC request in lanternd journal"
tail -n 200 /tmp/lanternd-journal-ui-smoke.log || true
exit 1
fi
if ! grep -Eq 'IPC request.*path=/vpn/disconnect' /tmp/lanternd-journal-ui-smoke.log; then
echo "Missing /vpn/disconnect IPC request in lanternd journal"
tail -n 200 /tmp/lanternd-journal-ui-smoke.log || true
exit 1
fi
bash .github/scripts/linux_config_url_smoke.sh
- name: Linux UI auth smoke integration
if: ${{ inputs.run_auth_smoke }}
shell: bash
env:
LANG: en_US.UTF-8
LC_ALL: en_US.UTF-8
run: |
set -euxo pipefail
set +e
env PATH=$PATH HOME=$HOME timeout --signal=TERM --kill-after=30s 10m xvfb-run -a flutter test integration_test/auth/auth_smoke_test.dart -d linux --reporter=expanded --dart-define=DISABLE_SYSTEM_TRAY=true
AUTH_SMOKE_EXIT=$?
set -e
if [[ "$AUTH_SMOKE_EXIT" -eq 124 ]]; then
echo "Linux UI auth smoke timed out after 10m"
exit 1
fi
if [[ "$AUTH_SMOKE_EXIT" -ne 0 ]]; then
exit "$AUTH_SMOKE_EXIT"
fi
- name: Upload Linux build
uses: actions/upload-artifact@v4
with:
name: lantern-installer-rpm-${{ matrix.arch }}
path: ${{ env.FULL_INSTALLER_NAME }}.rpm
retention-days: 2
- name: Upload Linux build
uses: actions/upload-artifact@v4
with:
name: lantern-installer-deb-${{ matrix.arch }}
path: ${{ env.FULL_INSTALLER_NAME }}.deb
retention-days: 2
- name: Upload Linux build (Arch)
uses: actions/upload-artifact@v4
with:
name: lantern-installer-pkg-${{ matrix.arch }}
path: ${{ env.FULL_INSTALLER_NAME }}.pkg.tar.zst
retention-days: 2