diff --git a/.github/workflows/twilight-release-schedule.yml b/.github/workflows/twilight-release-schedule.yml index c3fb8d8c..f0163ab7 100644 --- a/.github/workflows/twilight-release-schedule.yml +++ b/.github/workflows/twilight-release-schedule.yml @@ -14,7 +14,7 @@ on: description: 'Use sccache' required: false type: boolean - default: true + default: false jobs: twilight-release-schedule: diff --git a/.github/workflows/windows-release-build.yml b/.github/workflows/windows-release-build.yml index 6ed9881b..08c2f729 100644 --- a/.github/workflows/windows-release-build.yml +++ b/.github/workflows/windows-release-build.yml @@ -277,24 +277,19 @@ jobs: path: ./zen.win64-pgo-stage-1.zip - name: Remove unnecessary files from obj - if: ${{ !inputs.generate-gpo }} + if: ${{ !inputs.generate-gpo && inputs.release-branch == 'stable' }} run: | set -x - if test "${{ matrix.arch }}" = "aarch64"; then - find engine/obj-aarch64-pc-windows-msvc/ -mindepth 1 -maxdepth 1 -type d -not -name 'dist' -exec rm -rf {} \; - find engine/obj-aarch64-pc-windows-msvc/ -mindepth 1 -maxdepth 1 -type f -not -name 'dist' -exec rm -f {} \; - else - find engine/obj-x86_64-pc-windows-msvc/ -mindepth 1 -maxdepth 1 -type d -not -name 'dist' -exec rm -rf {} \; - find engine/obj-x86_64-pc-windows-msvc/ -mindepth 1 -maxdepth 1 -type f -not -name 'dist' -exec rm -f {} \; - fi - + mkdir obj-${{ matrix.arch }}-pc-windows-msvc/ + cp -r --no-dereference engine/obj-${{ matrix.arch }}-pc-windows-msvc/* obj-${{ matrix.arch }}-pc-windows-msvc/ || true + - name: Upload dist object - if: ${{ !inputs.generate-gpo }} + if: ${{ !inputs.generate-gpo && inputs.release-branch == 'stable' }} uses: actions/upload-artifact@v4 with: - retention-days: 5 + retention-days: 2 name: windows-x64-obj-${{ matrix.arch == 'aarch64' && 'arm64' || matrix.arch }} - path: engine/obj-${{ matrix.arch == 'aarch64' && 'aarch64' || 'x86_64' }}-pc-windows-msvc/ + path: obj-${{ matrix.arch }}-pc-windows-msvc - name: Upload artifact (if Twilight branch, binary) if: ${{ inputs.release-branch == 'twilight' && !inputs.generate-gpo }} diff --git a/build/winsign/sign.ps1 b/build/winsign/sign.ps1 index e3a96cb7..cb3d0b83 100644 --- a/build/winsign/sign.ps1 +++ b/build/winsign/sign.ps1 @@ -6,6 +6,7 @@ param( $ErrorActionPreference = "Stop" echo "Preparing environment" +git pull --recurse mkdir windsign-temp -ErrorAction SilentlyContinue # Download in parallel @@ -18,18 +19,34 @@ mkdir windsign-temp -ErrorAction SilentlyContinue # echo "Downloaded git objects repo to" #} -Verbose -ArgumentList $PWD -Debug +Start-Job -Name "DownloadGitl10n" -ScriptBlock { + param($PWD) + cd $PWD + $env:ZEN_L10N_CURR_DIR=[regex]::replace($PWD, "^([A-Z]):", { "/" + $args.value.Substring(0, 1).toLower() }) -replace "\\", "/" + C:\mozilla-build\start-shell.bat $PWD\scripts\download-language-packs.sh + echo "Fetched l10n and firefox's one" +} -Verbose -ArgumentList $PWD -Debug + gh run download $GithubRunId --name windows-x64-obj-arm64 -D windsign-temp\windows-x64-obj-arm64 echo "Downloaded arm64 artifacts" gh run download $GithubRunId --name windows-x64-obj-x86_64 -D windsign-temp\windows-x64-obj-x86_64 echo "Downloaded x86_64 artifacts" - -#Wait-Job -Name "DownloadGitObjectsRepo" +Wait-Job -Name "DownloadGitl10n" mkdir engine\obj-x86_64-pc-windows-msvc\ -ErrorAction SilentlyContinue surfer -- ci --brand release +# Collect all .exe and .dll files into a list +$files = Get-ChildItem windsign-temp\windows-x64-obj-x86_64\ -Recurse -Include *.exe +$files += Get-ChildItem windsign-temp\windows-x64-obj-x86_64\ -Recurse -Include *.dll + +$files = Get-ChildItem windsign-temp\windows-x64-obj-arm64\ -Recurse -Include *.exe +$files += Get-ChildItem windsign-temp\windows-x64-obj-arm64\ -Recurse -Include *.dll + +signtool.exe sign /n "$SignIdentity" /t http://time.certum.pl/ /fd sha256 /v $files + function SignAndPackage($name) { echo "Executing on $name" rmdir .\dist -Recurse -ErrorAction SilentlyContinue @@ -37,13 +54,7 @@ function SignAndPackage($name) { cp windsign-temp\windows-x64-obj-$name engine\obj-x86_64-pc-windows-msvc\ -Recurse echo "Signing $name" - # Collect all .exe and .dll files into a list - $files = Get-ChildItem engine\obj-x86_64-pc-windows-msvc\ -Recurse -Include *.exe - $files += Get-ChildItem engine\obj-x86_64-pc-windows-msvc\ -Recurse -Include *.dll - - signtool.exe sign /n "$SignIdentity" /t http://time.certum.pl/ /fd sha256 /v $files echo "Packaging $name" - $env:SURFER_SIGNING_MODE="sign" $env:MAR="..\\build\\winsign\\mar.exe" if ($name -eq "arm64") { $env:SURFER_COMPAT="aarch64" @@ -61,7 +72,6 @@ function SignAndPackage($name) { # - update_manifest/* # - windows.mar # - zen.installer.exe - # - zen.win-x86_64.zip echo "Creating tar for $name" rm .\windsign-temp\windows-x64-signed-$name -Recurse -ErrorAction SilentlyContinue mkdir windsign-temp\windows-x64-signed-$name @@ -82,27 +92,9 @@ function SignAndPackage($name) { mv .\dist\zen.installer.exe windsign-temp\windows-x64-signed-$name\zen.installer.exe } - # Move the zip - echo "Moving zip for $name" - if ($name -eq "arm64") { - mv (Get-Item .\dist\*.en-US.win64-aarch64.zip) windsign-temp\windows-x64-signed-$name\zen.win-arm64.zip - } else { - mv (Get-Item .\dist\*.en-US.win64.zip) windsign-temp\windows-x64-signed-$name\zen.win-$name.zip - } - - # Extract the zip, sign everything inside, and repackage it - #Expand-Archive -Path windsign-temp\windows-x64-signed-$name\zen.win-$name.zip -DestinationPath windsign-temp\windows-x64-signed-$name\zen.win-$name - #rm windsign-temp\windows-x64-signed-$name\zen.win-$name.zip - #$files = Get-ChildItem windsign-temp\windows-x64-signed-$name\zen.win-$name -Recurse -Include *.exe - #$files += Get-ChildItem windsign-temp\windows-x64-signed-$name\zen.win-$name -Recurse -Include *.dll - #signtool.exe sign /n "$SignIdentity" /t http://time.certum.pl/ /fd sha256 /v $files - #Compress-Archive -Path windsign-temp\windows-x64-signed-$name\zen.win-$name -DestinationPath windsign-temp\windows-x64-signed-$name\zen.win-$name.zip - rmdir windsign-temp\windows-x64-signed-$name\zen.win-$name -Recurse -ErrorAction SilentlyContinue - # Move the manifest mv .\dist\update\. windsign-temp\windows-x64-signed-$name\update_manifest - echo "Invoking tar for $name" # note: We need to sign it into a parent folder, called windows-x64-signed-$name rmdir .\windsign-temp\windows-binaries\windows-x64-signed-$name -Recurse -ErrorAction SilentlyContinue mv windsign-temp\windows-x64-signed-$name .\windsign-temp\windows-binaries -Force @@ -113,6 +105,9 @@ function SignAndPackage($name) { SignAndPackage arm64 SignAndPackage x86_64 +$files = Get-ChildItem .\windsign-temp\windows-binaries -Recurse -Include *.exe +signtool.exe sign /n "$SignIdentity" /t http://time.certum.pl/ /fd sha256 /v $files + echo "All artifacts signed and packaged, ready for release!" echo "Commiting the changes to the repository" cd windsign-temp\windows-binaries diff --git a/scripts/download-language-packs.sh b/scripts/download-language-packs.sh index 2c4b929d..869d8882 100644 --- a/scripts/download-language-packs.sh +++ b/scripts/download-language-packs.sh @@ -1,5 +1,9 @@ set -ex +if ! [ -z "$ZEN_L10N_CURR_DIR" ]; then + cd $ZEN_L10N_CURR_DIR +fi + CURRENT_DIR=$(pwd) git config --global init.defaultBranch main