mirror of
https://github.com/wwiinnddyy/LanMountainDesktop.git
synced 2026-06-20 23:54:26 +08:00
4cb52e56c7
* 激进的更新 * 试试 * fix.可爱的我一直在修CI( * fix.启动器一定要能够启动 * feat.尝试弄了AOT的启动器。 * fix.修CI,好像是因为Linux那边有个问题,反正修就对了。 * fix.ci难修,为什么liunx跑不起来呢? * Update build.yml * Update LanMountainDesktop.csproj * changed.调整了启动逻辑,优化了更新页面。 * changed.优化了更新体验 * feat.依旧试增量更新这一块,看看velopack * fix.我们试验性地修复了启动器无法正常启动的问题,原因可能是这个画面没有启动,就GUI没显示。然后还把编译问题修了一下。 * fix.继续修ci,ci怎么天天炸 * changed.velopack,试试rust * fix.修ci,修融合桌面,修启动器 * fix.GitHub Action工作流怎么天天出问题 * feat.引入velopack,不好,是rust(至少内存很安全了。 * chore: migrate release pipeline to signed filemap and wire rainyun s3 * fix: make optional s3 upload step workflow-parse safe * fix: make delta pack generation robust for empty diffs and linux paths * chore: rotate launcher update public key for pdc signing * fix: restore stable launcher update public key * fix: sync launcher public key with update signing secret * fix: normalize PEM line endings in signing key validation * fix: rotate launcher public key to match ci signing secret * fix: compare signing keys by SPKI instead of PEM text * refactor update backend to host-managed PDC pipeline * fix release workflow env key collisions * relax publish-pdc precheck to require S3 only * set GH_TOKEN for PDCC installer step * ci: add local pdc mock fallback for release publish * ci: fix pdc mock process log redirection * ci: fallback pdcc signing key to update private key * ci: ensure pdcc signing passphrase env is always set * ci: create pdcc publish root before invoking client * ci: set pdcc version variable from release version * ci: decouple pdcc installer version from publish config version * ci: package pdcc subchannels with generated filemap and changelog * ci: make local pdc mock diff return empty for fast fallback * ci: fix pdcc variable mapping and pdc signing prechecks * Update App.axaml.cs * ci: wire aws cli credentials for rainyun s3 * ci: pin pdcc client version separately from app version * ci: harden local pdc mock transport handling * ci: publish pdcc subchannels in one pass * ci: add pdcc publish heartbeat and timeout * ci: fix pdcc publish workdir bootstrap * feat.Penguin Logistics Online Network Distribution System * ci: fix plonds s3 probe and signing fallback * ci: validate signing key and quiet missing baselines * ci: relax aws checksum mode for rainyun s3 * ci: avoid multipart uploads to rainyun s3 * ci: handle empty plonds baselines safely * ci.plonds * Rebuild release pipeline around PLONDS and DDSS * Fix Windows installer script path in release workflow
167 lines
5.8 KiB
YAML
167 lines
5.8 KiB
YAML
name: DDSS
|
|
|
|
on:
|
|
workflow_run:
|
|
workflows:
|
|
- PLONDS
|
|
types:
|
|
- completed
|
|
workflow_dispatch:
|
|
inputs:
|
|
tag:
|
|
description: 'Release tag'
|
|
required: true
|
|
type: string
|
|
|
|
env:
|
|
DOTNET_VERSION: '10.0.x'
|
|
|
|
jobs:
|
|
publish:
|
|
if: ${{ github.event_name != 'workflow_run' || github.event.workflow_run.conclusion == 'success' }}
|
|
runs-on: ubuntu-latest
|
|
permissions:
|
|
contents: write
|
|
actions: read
|
|
|
|
steps:
|
|
- name: Checkout
|
|
uses: actions/checkout@v4
|
|
with:
|
|
fetch-depth: 0
|
|
submodules: recursive
|
|
|
|
- name: Resolve release tag
|
|
env:
|
|
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
|
|
shell: bash
|
|
run: |
|
|
set -euo pipefail
|
|
if [[ "${{ github.event_name }}" == "workflow_dispatch" ]]; then
|
|
RAW_TAG="${{ github.event.inputs.tag }}"
|
|
if [[ "$RAW_TAG" == v* ]]; then
|
|
TAG="$RAW_TAG"
|
|
else
|
|
TAG="v$RAW_TAG"
|
|
fi
|
|
else
|
|
gh run download "${{ github.event.workflow_run.id }}" -n plonds-run-metadata -D plonds-run-metadata
|
|
TAG="$(tr -d '\r\n' < plonds-run-metadata/tag.txt)"
|
|
fi
|
|
|
|
echo "RELEASE_TAG=${TAG}" >> "$GITHUB_ENV"
|
|
echo "S3_BASE_URL=${{ vars.S3_ENDPOINT }}/${{ vars.S3_BUCKET }}/lanmountain/update/releases/${TAG}/assets" >> "$GITHUB_ENV"
|
|
|
|
- name: Setup .NET
|
|
uses: actions/setup-dotnet@v4
|
|
with:
|
|
dotnet-version: ${{ env.DOTNET_VERSION }}
|
|
dotnet-quality: preview
|
|
|
|
- name: Prepare signing key
|
|
env:
|
|
UPDATE_PRIVATE_KEY_PEM: ${{ secrets.UPDATE_PRIVATE_KEY_PEM }}
|
|
PLONDS_SIGNING_KEY: ${{ secrets.PLONDS_SIGNING_KEY }}
|
|
PDC_SIGNING_KEY: ${{ secrets.PDC_SIGNING_KEY }}
|
|
shell: bash
|
|
run: |
|
|
set -euo pipefail
|
|
KEY="${PLONDS_SIGNING_KEY:-}"
|
|
if [[ -z "$KEY" ]]; then KEY="${UPDATE_PRIVATE_KEY_PEM:-}"; fi
|
|
if [[ -z "$KEY" ]]; then KEY="${PDC_SIGNING_KEY:-}"; fi
|
|
if [[ -z "$KEY" ]]; then
|
|
echo "No signing key is configured."
|
|
exit 1
|
|
fi
|
|
printf '%s' "$KEY" > update-private-key.pem
|
|
echo "UPDATE_PRIVATE_KEY_PATH=$PWD/update-private-key.pem" >> "$GITHUB_ENV"
|
|
|
|
- name: Build PLONDS tool
|
|
run: dotnet build PenguinLogisticsOnlineNetworkDistributionSystem/src/Plonds.Tool/Plonds.Tool.csproj -c Release
|
|
|
|
- name: Download release assets
|
|
env:
|
|
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
|
|
shell: bash
|
|
run: |
|
|
set -euo pipefail
|
|
mkdir -p release-assets
|
|
gh release download "$RELEASE_TAG" -D release-assets
|
|
find release-assets -maxdepth 1 -type f | sort
|
|
|
|
- name: Upload release assets to Rainyun S3
|
|
env:
|
|
AWS_ACCESS_KEY_ID: ${{ secrets.S3_ACCESS_KEY }}
|
|
AWS_SECRET_ACCESS_KEY: ${{ secrets.S3_SECRET_KEY }}
|
|
AWS_DEFAULT_REGION: ${{ vars.S3_REGION }}
|
|
AWS_REGION: ${{ vars.S3_REGION }}
|
|
S3_ENDPOINT: ${{ vars.S3_ENDPOINT }}
|
|
S3_BUCKET: ${{ vars.S3_BUCKET }}
|
|
shell: bash
|
|
run: |
|
|
set -euo pipefail
|
|
aws --version
|
|
for file in release-assets/*; do
|
|
[[ -f "$file" ]] || continue
|
|
name="$(basename "$file")"
|
|
if [[ "$name" == "ddss.json" || "$name" == "ddss.json.sig" ]]; then
|
|
continue
|
|
fi
|
|
key="lanmountain/update/releases/${RELEASE_TAG}/assets/${name}"
|
|
sha256="$(sha256sum "$file" | awk '{print $1}')"
|
|
existing_sha="$(aws --endpoint-url "$S3_ENDPOINT" --region "$AWS_REGION" s3api head-object --bucket "$S3_BUCKET" --key "$key" --query 'Metadata.sha256' --output text 2>/dev/null || true)"
|
|
if [[ "$existing_sha" == "$sha256" ]]; then
|
|
echo "Skip existing asset: $name"
|
|
continue
|
|
fi
|
|
aws --endpoint-url "$S3_ENDPOINT" --region "$AWS_REGION" s3api put-object \
|
|
--bucket "$S3_BUCKET" \
|
|
--key "$key" \
|
|
--body "$file" \
|
|
--metadata "sha256=$sha256"
|
|
done
|
|
|
|
- name: Build DDSS manifest
|
|
shell: bash
|
|
run: |
|
|
set -euo pipefail
|
|
mkdir -p ddss-output
|
|
dotnet run --project PenguinLogisticsOnlineNetworkDistributionSystem/src/Plonds.Tool/Plonds.Tool.csproj --configuration Release -- \
|
|
build-ddss \
|
|
--release-tag "$RELEASE_TAG" \
|
|
--assets-dir release-assets \
|
|
--output-dir ddss-output \
|
|
--private-key "$UPDATE_PRIVATE_KEY_PATH" \
|
|
--repository "${{ github.repository }}" \
|
|
--s3-base-url "$S3_BASE_URL"
|
|
|
|
- name: Upload DDSS manifest to release
|
|
env:
|
|
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
|
|
shell: bash
|
|
run: |
|
|
set -euo pipefail
|
|
gh release upload "$RELEASE_TAG" ddss-output/ddss.json ddss-output/ddss.json.sig --clobber
|
|
|
|
- name: Upload DDSS manifest to Rainyun S3
|
|
env:
|
|
AWS_ACCESS_KEY_ID: ${{ secrets.S3_ACCESS_KEY }}
|
|
AWS_SECRET_ACCESS_KEY: ${{ secrets.S3_SECRET_KEY }}
|
|
AWS_DEFAULT_REGION: ${{ vars.S3_REGION }}
|
|
AWS_REGION: ${{ vars.S3_REGION }}
|
|
S3_ENDPOINT: ${{ vars.S3_ENDPOINT }}
|
|
S3_BUCKET: ${{ vars.S3_BUCKET }}
|
|
shell: bash
|
|
run: |
|
|
set -euo pipefail
|
|
for file in ddss-output/ddss.json ddss-output/ddss.json.sig; do
|
|
name="$(basename "$file")"
|
|
key="lanmountain/update/releases/${RELEASE_TAG}/assets/${name}"
|
|
sha256="$(sha256sum "$file" | awk '{print $1}')"
|
|
aws --endpoint-url "$S3_ENDPOINT" --region "$AWS_REGION" s3api put-object \
|
|
--bucket "$S3_BUCKET" \
|
|
--key "$key" \
|
|
--body "$file" \
|
|
--metadata "sha256=$sha256"
|
|
done
|