Merge 2.8 RC 1 into Release (#2596)

Author: vkbo

.github/workflows/build_all.yml

@@ -0,0 +1,37 @@
+name: BuildAll
+
+on: workflow_dispatch
+
+jobs:
+  buildAssets:
+    uses: ./.github/workflows/part_assets.yml
+    permissions:
+      contents: read
+
+  buildLinux-AppImage:
+    needs: buildAssets
+    uses: ./.github/workflows/part_appimage.yml
+    secrets: inherit
+    permissions:
+      contents: read
+
+  buildMac-AMD64:
+    needs: buildAssets
+    uses: ./.github/workflows/part_macos_amd64.yml
+    secrets: inherit
+    permissions:
+      contents: read
+
+  buildMac-M1:
+    needs: buildAssets
+    uses: ./.github/workflows/part_macos_m1.yml
+    secrets: inherit
+    permissions:
+      contents: read
+
+  buildWin-X64:
+    needs: buildAssets
+    uses: ./.github/workflows/part_win_x64.yml
+    secrets: inherit
+    permissions:
+      contents: read

.github/workflows/build_linux.yml

@@ -4,54 +4,13 @@ on: workflow_dispatch
 
 jobs:
   buildAssets:
-    uses: ./.github/workflows/build_assets.yml
+    uses: ./.github/workflows/part_assets.yml
+    permissions:
+      contents: read
 
   buildLinux-AppImage:
     needs: buildAssets
-    # Needs to stay on 22.04 as long as we're using manylinux_2_28
-    # as libxcb-cursor0 in 22.04 supports glibc >= 2.17
-    runs-on: ubuntu-22.04
-    env:
-      PYTHON_VERSION: "3.13"
-      LINUX_TAG: "manylinux_2_28"
-      LINUX_ARCH: "x86_64"
-    steps:
-      - name: Python Setup
-        uses: actions/setup-python@v5
-        with:
-          python-version: "3.13"
-          architecture: x64
-
-      - name: Install Packages (apt)
-        run: |
-          sudo apt update
-          sudo apt install libxcb-cursor0
-
-      - name: Install Packages (pip)
-        run: pip install python-appimage setuptools
-
-      - name: Checkout Source
-        uses: actions/checkout@v4
-
-      - name: Download Artifacts
-        uses: actions/download-artifact@v4
-        with:
-          name: nw-assets
-          path: novelwriter/assets
-
-      - name: Build AppImage
-        id: build
-        run: |
-          wget https://github.com/AppImage/appimagetool/releases/download/continuous/appimagetool-$LINUX_ARCH.AppImage
-          chmod +x appimagetool-$LINUX_ARCH.AppImage
-          export APPIMAGE_TOOL_EXEC="$(pwd)/appimagetool-$LINUX_ARCH.AppImage"
-          echo "BUILD_VERSION=$(python pkgutils.py version)" >> $GITHUB_OUTPUT
-          python pkgutils.py build-appimage $LINUX_TAG $LINUX_ARCH $PYTHON_VERSION
-
-      - name: Upload Artifacts
-        uses: actions/upload-artifact@v4
-        with:
-          name: novelWriter-${{ steps.build.outputs.BUILD_VERSION }}-Linux-AppImage
-          path: dist_appimage/*.AppImage*
-          if-no-files-found: error
-          retention-days: 14
+    uses: ./.github/workflows/part_appimage.yml
+    secrets: inherit
+    permissions:
+      contents: read

.github/workflows/build_mac.yml

@@ -4,66 +4,20 @@ on: workflow_dispatch
 
 jobs:
   buildAssets:
-    uses: ./.github/workflows/build_assets.yml
+    uses: ./.github/workflows/part_assets.yml
+    permissions:
+      contents: read
 
   buildMac-AMD64:
     needs: buildAssets
-    runs-on: macos-latest
-    env:
-      PYTHON_VERSION: "3.13"
-      PACKAGE_ARCH: x86_64
-      MINICONDA_ARCH: x86_64
-    steps:
-      - name: Checkout
-        uses: actions/checkout@v4
-
-      - name: Download Artifacts
-        uses: actions/download-artifact@v4
-        with:
-          name: nw-assets
-          path: novelwriter/assets
-
-      - name: Build App Bundle
-        id: build
-        run: |
-          echo "BUILD_VERSION=$(python pkgutils.py version)" >> $GITHUB_OUTPUT
-          ./setup/macos/build.sh $PYTHON_VERSION $PACKAGE_ARCH $MINICONDA_ARCH
-
-      - name: Upload DMG
-        uses: actions/upload-artifact@v4
-        with:
-          name: novelWriter-${{ steps.build.outputs.BUILD_VERSION }}-MacOS-AMD64-DMG
-          path: dist_macos/*.dmg*
-          if-no-files-found: error
-          retention-days: 14
+    uses: ./.github/workflows/part_macos_amd64.yml
+    secrets: inherit
+    permissions:
+      contents: read
 
   buildMac-M1:
     needs: buildAssets
-    runs-on: macos-latest
-    env:
-      PYTHON_VERSION: "3.13"
-      PACKAGE_ARCH: aarch64
-      MINICONDA_ARCH: arm64
-    steps:
-      - name: Checkout
-        uses: actions/checkout@v4
-
-      - name: Download Artifacts
-        uses: actions/download-artifact@v4
-        with:
-          name: nw-assets
-          path: novelwriter/assets
-
-      - name: Build App Bundle
-        id: build
-        run: |
-          echo "BUILD_VERSION=$(python pkgutils.py version)" >> $GITHUB_OUTPUT
-          ./setup/macos/build.sh $PYTHON_VERSION $PACKAGE_ARCH $MINICONDA_ARCH
-
-      - name: Upload DMG
-        uses: actions/upload-artifact@v4
-        with:
-          name: novelWriter-${{ steps.build.outputs.BUILD_VERSION }}-MacOS-M1-DMG
-          path: dist_macos/*.dmg*
-          if-no-files-found: error
-          retention-days: 14
+    uses: ./.github/workflows/part_macos_m1.yml
+    secrets: inherit
+    permissions:
+      contents: read

.github/workflows/build_win.yml

@@ -4,59 +4,13 @@ on: workflow_dispatch
 
 jobs:
   buildAssets:
-    uses: ./.github/workflows/build_assets.yml
+    uses: ./.github/workflows/part_assets.yml
+    permissions:
+      contents: read
 
-  buildWin64:
+  buildWin-X64:
     needs: buildAssets
-    runs-on: windows-2022
-    steps:
-      - name: Python Setup
-        uses: actions/setup-python@v5
-        with:
-          python-version: "3.13"
-          architecture: x64
-
-      - name: Checkout Source
-        uses: actions/checkout@v4
-
-      - name: Download Assets
-        uses: actions/download-artifact@v4
-        with:
-          name: nw-assets
-          path: novelwriter/assets
-
-      - name: Build Setup Installer
-        id: build
-        run: |
-          echo "BUILD_VERSION=$(python pkgutils.py version)" >> $Env:GITHUB_OUTPUT
-          python pkgutils.py build-win-exe
-
-      - name: Upload Unsigned Artifacts
-        id: upload-unsigned-artifact
-        uses: actions/upload-artifact@v4
-        with:
-          name: novelWriter-${{ steps.build.outputs.BUILD_VERSION }}-Win-Setup
-          path: dist/*.exe
-          if-no-files-found: error
-          retention-days: 14
-
-      - name: Submit Signing Request
-        uses: signpath/github-action-submit-signing-request@v1
-        with:
-          api-token: "${{ secrets.SIGNPATH_API_TOKEN }}"
-          organization-id: "0471e52c-66fa-4e9a-bfb9-36167095ca3f"
-          project-slug: "novelWriter"
-          signing-policy-slug: "release-signing "
-          github-artifact-id: "${{ steps.upload-unsigned-artifact.outputs.artifact-id }}"
-          wait-for-completion: true
-          output-artifact-directory: "dist/"
-          parameters: |
-            version: "${{ steps.build.outputs.BUILD_VERSION }}"
-
-      - name: Upload Signed Artifacts
-        uses: actions/upload-artifact@v4
-        with:
-          name: novelWriter-${{ steps.build.outputs.BUILD_VERSION }}-Win-Setup-Signed
-          path: dist/*.exe
-          if-no-files-found: error
-          retention-days: 14
+    uses: ./.github/workflows/part_win_x64.yml
+    secrets: inherit
+    permissions:
+      contents: read

.github/workflows/build_win_launcher.yml

@@ -5,9 +5,11 @@ on: workflow_dispatch
 jobs:
   buildLauncherWin64:
     runs-on: windows-latest
+    permissions:
+      contents: read
     steps:
       - name: Checkout Source
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
 
       - name: Build Launcher
         id: build

.github/workflows/i18n.yml

@@ -8,25 +8,30 @@ on:
 jobs:
   buildI18n:
     runs-on: ubuntu-latest
+    permissions:
+      contents: read
     steps:
       - name: Python Setup
-        uses: actions/setup-python@v5
+        uses: actions/setup-python@v6
         with:
           python-version: "3.13"
           architecture: x64
-      - name: Install Packages (apt)
+
+      - name: Checkout Source
+        uses: actions/checkout@v5
+
+      - name: Install System Packages
         run: |
           sudo apt update
           sudo apt install qttools5-dev-tools
-      - name: Checkout Source
-        uses: actions/checkout@v4
+
       - name: Build Assets
         run: python pkgutils.py qtlrelease
+
       - name: Upload Artifacts
         uses: actions/upload-artifact@v4
         with:
           name: nw-i18n
-          path: |
-            novelwriter/assets/i18n/*.qm
+          path: novelwriter/assets/i18n/*.qm
           if-no-files-found: error
           retention-days: 7

.github/workflows/part_appimage.yml

@@ -0,0 +1,55 @@
+name: Part-AppImage
+
+on: workflow_call
+
+jobs:
+  buildLinux-AppImage:
+    # Needs to stay on 22.04 as long as we're using manylinux_2_28
+    # as libxcb-cursor0 in 22.04 supports glibc >= 2.17
+    runs-on: ubuntu-22.04
+    permissions:
+      contents: read
+    env:
+      PYTHON_VERSION: "3.13"
+      LINUX_TAG: "manylinux_2_28"
+      LINUX_ARCH: "x86_64"
+    steps:
+      - name: Python Setup
+        uses: actions/setup-python@v6
+        with:
+          python-version: "3.13"
+          architecture: x64
+
+      - name: Install Packages (apt)
+        run: |
+          sudo apt update
+          sudo apt install libxcb-cursor0
+
+      - name: Install Packages (pip)
+        run: pip install python-appimage setuptools
+
+      - name: Checkout Source
+        uses: actions/checkout@v5
+
+      - name: Download Artifacts
+        uses: actions/download-artifact@v4
+        with:
+          name: nw-assets
+          path: novelwriter/assets
+
+      - name: Build AppImage
+        id: build
+        run: |
+          wget https://github.com/AppImage/appimagetool/releases/download/continuous/appimagetool-$LINUX_ARCH.AppImage
+          chmod +x appimagetool-$LINUX_ARCH.AppImage
+          export APPIMAGE_TOOL_EXEC="$(pwd)/appimagetool-$LINUX_ARCH.AppImage"
+          echo "BUILD_VERSION=$(python pkgutils.py version)" >> $GITHUB_OUTPUT
+          python pkgutils.py build-appimage $LINUX_TAG $LINUX_ARCH $PYTHON_VERSION
+
+      - name: Upload Artifacts
+        uses: actions/upload-artifact@v4
+        with:
+          name: novelWriter-${{ steps.build.outputs.BUILD_VERSION }}-Linux-AppImage
+          path: dist_appimage/*.AppImage*
+          if-no-files-found: error
+          retention-days: 14