diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 9df621fda3..3a73ec9923 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -441,867 +441,10 @@ jobs: run: | echo "$SECRETS_ASSET" > Assets/Secrets.asset echo "$SECRETS_ASSET_META" > Assets/Secrets.asset.meta + md5sum Assets/Secrets.asset + head Assets/Secrets.asset + tail Assets/Secrets.asset + xxd Assets/Secrets.asset SECRETS_ASSET_META_GUID=$(grep "guid:" Assets/Secrets.asset.meta | cut -d" " -f2) sed -e "s/Secrets:.*$/Secrets: {fileID: 11400000, guid: $SECRETS_ASSET_META_GUID, type: 2}/" -i Assets/Scenes/Main.unity - - name: Enable keystore - run: | - sed -e 's/androidUseCustomKeystore.*$/androidUseCustomKeystore: 1/' -i ProjectSettings/ProjectSettings.asset - - - name: Update build matrix specific defines in csc.rsp - if: ${{ matrix.extra_defines }} - run: | - for DEFINE in ${{ matrix.extra_defines }}; do - echo -e "\n-define:$DEFINE" | tee -a Assets/csc.rsp - done - - - name: Build project - uses: Wandalen/wretry.action@v3 - env: - VERSION: ${{ needs.configuration.outputs.version}} - UNITY_EMAIL: ${{ fromJSON(format('["unitytest@mikeage.net", "{0}"]', vars.UNITY_EMAIL))[secrets.UNITY_SERIAL != null] }} - UNITY_SERIAL: ${{ secrets.UNITY_SERIAL }} - UNITY_PASSWORD: ${{ fromJSON(format('["DoNotStealThis1", "{0}"]', secrets.UNITY_PASSWORD))[secrets.UNITY_SERIAL != null] }} - UNITY_LICENSE: ${{ fromJSON('["\n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n 9DZF11miRAzx7TIuCxih78B6CXU=weRQubqMNN61lSZtm/e7S+UDzTPNQjM5aQl/c4aKLH/b2khefpgLfdWneoxdnNopA6+rW6kBqxWt\nhMLdHY+oAOfDsfmMQRTnmQG0Y3G3xh6gjGP1RAIHoLDfFHf+0LQ3FakA2WehcFWPSYeVDrdxm3HW\nqMmdKWooD9i+J4s4rQFTDx9+/G6yjc5KGTyGxIz3c5kxTEkV2qsFPXsauomY9Z8YPKy+cZK7g+Ol\npO+LhtzetgTIlIN/qG8eByjlp6nOuVGdDOIrhNJW+vllNyx0qNWPREadVrhFViI4UXegMFRl5gJc\nrgcrlr/fD+NorDVLfcu7D863QXkkuriILUIq2Q==", null]')[secrets.UNITY_SERIAL != null] }} - with: - retry_condition: steps._this.outputs.engineExitCode == 1 - action: game-ci/unity-builder@v4 - with: | - allowDirtyBuild: true # Because of the OVR Update, the build tree might be dirty - unityVersion: ${{ env.UNITY_VERSION }} - targetPlatform: ${{ matrix.targetPlatform }} - customParameters: -btb-target ${{ matrix.targetPlatform }} -btb-display ${{ matrix.vrsdk }} -btb-out /github/workspace/build/${{ matrix.vrsdk }}/${{ matrix.targetPlatform }}/${{ env.filename }} ${{ needs.configuration.outputs.description}} ${{ env.stamp }} ${{ env.btbbopts }} ${{ matrix.extraoptions }} - versioning: Custom - androidVersionCode: "${{ needs.configuration.outputs.androidVersionCode }}${{ matrix.versionSuffix }}" - version: ${{ needs.configuration.outputs.version }} - buildName: ${{ needs.configuration.outputs.basename }} - buildsPath: build/${{ matrix.vrsdk }} - chownFilesTo: ${{ needs.configuration.outputs.uid }}:${{ needs.configuration.outputs.gid }} - buildMethod: BuildTiltBrush.CommandLine - androidKeystoreName: openbrush.keystore - androidKeystoreBase64: ${{ secrets.ANDROID_KEYSTORE_BASE64 || '/u3+7QAAAAIAAAABAAAAAQAWb3BlbmJydXNoLW5vbi1vZmZpY2lhbAAAAX66M2FtAAAFATCCBP0wDgYKKwYBBAEqAhEBAQUABIIE6Wufa9OVstw7Bu/gdATKqoPafXGefygChsN1d4LGY0SMLPORjHXiryEVMKi2rt61kNeXzeLkiM4yIQAam4HZtNTxgjoFQ6KB7uzkqMJYKViBUgg1HCAl2e+QpYjqG+YNJT67CiPgjpsJHNE628CwKAvjJ85FhqFz+MKzNF8BOpS5g5waqFda67oxaE4qO8eAL+F9P7us+ziY5B4O3EJC9s7xpT2GV2ro0m0fZI2dr3OO9UdUO72CYTg5qs250JiSij26Haf4t8Vq28F2S8rTcMUVtN4FRtzeR/wjeeZ3laER+WoxYni4MrZEXhYYCGhfor8Zcfi3p5ka8TJCQxywTKpghpSwgykgMJLn1HksxB0vhIMGTb87c2CTqS4t5Js/OPdcYS4Jnr7mHdQtOGfJCvl3TJC7NJwzLLOzUTmVIogaZCA9GlRballbD7XYbR8mcPxs+jLq5HJJk8/3B8ojAz/YA9vp6ml3RSYDA+yv9fBIefxNniAredJeqAnmH4o9er3+n0rKmpoqiXdzFkp1ywYbDDxrsFTiPrTc0gEiLRbfCERBx8GZ/7zGv6exKW1mc1L7QcFRmT1PRuJo6vRfCOtjdAdp0Mj1bllGGe9oBSKOxqtxs/NFygaVZjMDqryRvObKaJaj5CDhNdwsa21EsQ3+YvQWBzlcs5FTi5S2zG3W4+tMb+HoyV36SEV4yBLtqqrczhVCuPMlZu2p1iFLyODJJOxrWnmZy49BlQiudmiR7wILJoYKIFFvGv1jCJnTl9cI6UGX8IwSHYjGJIdLxaQM6c/7tw15+h+3jPajzZqkIQ7r0fyBp2TxE+QXMCP/knYu/dVzzQoBe5CgnAr5Fj60eEF78mJZbU3m9EjuVglURCTs2hDiyl3eRENgJjTc8p9iho4aK5eT5BVF7v2TAsTkfm+AwOq78chbWfh7J5OYnycG+v6S76LE6T8Yy0Arkk4lOF5SC05SmrDQpFcbRC9B7pR8XwJx3rabt4jvFsdqQtqv7TRasNQs95oROSC8335tzsaQfPwL/sGH4wi4zsH3YZ6As2V9myMEytqVEX5DdGBtzRr1opkx0aisyG48Evtk1UHMR9ROoZmkbNOIFNDUxCBvw7CU20aJSri4GX7kahg8Lj670Lfpx1C9OMwH0xRGUHE4e2ZWaw6Smkjc0Rru7j4YFKel0KtJgQaei2fz2i+6wOv1uz+H4j6f98pVMsf3HODmnh4x+qlUXaJWbNILQEGwv3zVReY123TPHIzkwImNLej62BLaqnEgiPkKr/gp/2MdrgepUEGC8FN0MTPbazDR4aE5XqLtnehhq8/9EfIk3b5WzNh00IAELwFrWnabkob5xmSLORBH8SpS3J6NwWa4jJMADRAGPYOUH7tYUM1/GRUK1HuboNP9v3KAny/k30CrxLvNHwe/zkXgoU9+M+gXVXL8pJJLMawVe/Dg13XyqTTa00UX7TsQFJZGm6lHrgeFIejKBEMLsMXNAIccphZe6sDnycDm/GY8vqmfjg9R05GwJOhBd46vhDi7Ph8YbLjohEoT4KfE5o8+Norzc/VHbRv5Y+G6JCL6hRV72meb3LswLYGUzGYP4nh2Y/yixg+rAtre80xjbXFfdvXVF6CuibKn5gmjCmiRN31rvEfdwVPIQDCaqv19Do2cQYDN+yGCo7yDHAAAAAEABVguNTA5AAADhzCCA4MwggJroAMCAQICBGNtJJswDQYJKoZIhvcNAQELBQAwcTELMAkGA1UEBhMCR0IxFzAVBgNVBAgTDldlc3QgWW9ya3NoaXJlMQ4wDAYDVQQHEwVMZWVkczEOMAwGA1UEChMFSWNvc2ExEzARBgNVBAsTCk9wZW4gQnJ1c2gxFDASBgNVBAMTC01pa2UgTWlsbGVyMCAXDTIyMDIwMjExMzAyNVoYDzIwNzIwMTIxMTEzMDI1WjBxMQswCQYDVQQGEwJHQjEXMBUGA1UECBMOV2VzdCBZb3Jrc2hpcmUxDjAMBgNVBAcTBUxlZWRzMQ4wDAYDVQQKEwVJY29zYTETMBEGA1UECxMKT3BlbiBCcnVzaDEUMBIGA1UEAxMLTWlrZSBNaWxsZXIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCZOlUSd2Z9VSuVE1NK2AKiKCYR3ADh3f3PN6ipTtqUdxP44l5jJnPVXc5YXJ4DyBsXHGTqCSiL9wiqdRCNTMcRf6vrpcuRWxqwMMu4bid0eDiFBU+wModQl70N0VblMolYZzD/y0NpXWh7VKPSXyA22ZwygeOPQFzxR4j2jRvM/g+9HeJeVN1p5f+6pvceg/9FBSCEOQg5fbDtO+ytZfMiawcyhSSwwlOzEOGT0Dq6d9xIs1/zTA8LxAlGYHLSpQCT/n3X27LNgUMNrCpWgLTtxH/qQ61NU3juqTqBBWT4nzTXl1J9JyPaHH1yzC908YiI5PQSFehX80KTvsf0B65DAgMBAAGjITAfMB0GA1UdDgQWBBTThSJ0yfVNgUC4h3Sa9o8aUmLY3jANBgkqhkiG9w0BAQsFAAOCAQEAUqE9NJA+PaMBrCcVHkxmk32DsVNIVCM/eaTPCyjBM3V5COgxscven160OKGHRn6Xhplr/UDy+StphE9Hwk8MAwSJ4reBdPiNMQvIsDEQ/aXSAyTiKQeIU5Zc+cYuJvHcyxIOVektDe8Er2AITvpXQDK1JRvYU6lFKym3j/CZ4comUwjdolB1C6fzlTkhP3ZuuFMfv543WyuVtb3A1mioLzQ5kfFlbTO0uXqEm+gltkK8AMqU6B5RJDYtQXIJkjR//UzNgpaILVvQ4pyyS6VvBNbUbrHaUKabtP3daDtQ0AQw3gSkCJ+QPpY9joIq38LMcVY5/x5/nbcxTuYvUlHozn/+qtNvA7MtikSNPcblNpmifg4o' }} - androidKeystorePass: ${{ secrets.ANDROID_KEYSTORE_PASS || 'FakeKey' }} - androidKeyaliasName: ${{ secrets.ANDROID_KEYALIAS_NAME || 'openbrush-non-official' }} - androidKeyaliasPass: ${{ secrets.ANDROID_KEYALIAS_PASS || 'FakeKey' }} - - - name: Prepare for packaging (permissions and compression, OSX only) - if: matrix.targetPlatform == 'StandaloneOSX' - run: | - mv build/${{ matrix.vrsdk }}/${{ matrix.targetPlatform }}/Support "build/${{ matrix.vrsdk }}/${{ matrix.targetPlatform }}/${{ env.filename }}/Contents/" - find build -name 'UnityFbxSdkNative.bundle' -delete - # Compress, but skip the top directories - tar -c -v -z -f OpenBrush.tgz -C build/${{ matrix.vrsdk }} ${{ matrix.targetPlatform}} - rm -rf build/${{ matrix.vrsdk }}/* - mv OpenBrush.tgz build/${{ matrix.vrsdk }}/ - - - name: Upload build/ - uses: actions/upload-artifact@v4 - with: - name: ${{ matrix.name }} ${{ matrix.flavors.title }} - path: | - build/${{ matrix.vrsdk }} - !build/Pico/*.symbols.zip - !build/**/*_BackUpThisFolder_ButDontShipItWithYourGame - - - name: Check if packages-lock.json has changed or if it's cacheable - id: check_packagecache - run: | - # Check if there are any changes to the packages-lock.json file - set +e - git diff --exit-code -- Packages/packages-lock.json - CHANGES="$?" - set -e - echo "changes=$CHANGES" >> $GITHUB_OUTPUT - echo "diff returned: $CHANGES" - - - name: Save Library/PackageCache cache - uses: actions/cache/save@v4 - if: github.ref == 'refs/heads/main' && steps.check_packagecache.outputs.changes == 0 && steps.cache_packagecache.outputs.cache-hit != 'true' && ! matrix.packages_to_remove # Ideally, we'd save caches on branches, but they're too big, and branch caches can evict those from main, which is unacceptable. - env: - SEGMENT_DOWNLOAD_TIMEOUT_MINS: 10 - with: - path: Library/PackageCache - key: Library_PackageCache_${{ env.UNITY_VERSION }}_${{ hashFiles('Packages/packages-lock.json') }} - - - name: Clean Library before caching - if: github.ref == 'refs/heads/main' && steps.cache_library.outputs.cache-hit != 'true' # Ideally, we'd save caches on branches, but they're too big, and branch caches can evict those from main, which is unacceptable. - run: | - # Remove the large files from the Library directory that we know we'll rebuild. As our il2cpp caches are huge and barely fit in the Github quota, it's better not to save an unneeded 1GB of space (or so). If a new Unity version is taken, this may need to be updated - # Debugging - echo "Library/ directories" - du -mcsh Library/* - find Library -size +50M -exec ls -altrh {} \; - # chown all files, since some are owned by root after the docker run - docker run -v $(pwd)/Library:/mnt alpine chown $(id -u).$(id -g) -R /mnt/ - # Print the files to be deleted - find Library/Bee/ -name 'symbols.zip' -or -name 'libil2cpp*.so' -or -name 'launcher-release.apk' | tee todelete.txt - cat todelete.txt | xargs -r rm - # The package cache is stored in a separate, shared, cache - rm -rf Library/PackageCache - echo "Final space used" - du -mcsh Library - - - name: Save Library/ cache - uses: actions/cache/save@v4 - if: github.ref == 'refs/heads/main' && steps.cache_library.outputs.cache-hit != 'true' # Ideally, we'd save caches on branches, but they're too big, and branch caches can evict those from main, which is unacceptable. - env: - SEGMENT_DOWNLOAD_TIMEOUT_MINS: 10 - with: - path: Library - # Some platforms share a cache; it's not a 1:1 mapping of either targetPlatform or vrsdk, so we have a distinct variable for which cache to use - key: Library_${{ matrix.cache }}_${{ env.UNITY_VERSION }} - - signmacos: - name: Sign the MacOS .app - needs: [configuration, build] - if: | - github.event_name == 'push' && - github.repository == 'icosa-foundation/open-brush' && - (github.ref == 'refs/heads/main' || contains(github.ref, 'refs/tags/v')) - runs-on: macos-latest - steps: - - name: Checkout repository - uses: actions/checkout@v4 - with: - fetch-depth: 0 - lfs: true # We don't use LFS, but it adds no time, and leave it here in case we do at some point later - sparse-checkout: | - Support/macos - - - name: Download Build Artifacts - uses: actions/download-artifact@v4 - with: - name: MacOS - path: build_macos - - # See https://docs.github.com/en/actions/deployment/deploying-xcode-applications/installing-an-apple-certificate-on-macos-runners-for-xcode-development - - name: Install the Apple certificate and provisioning profile - env: - BUILD_CERTIFICATE_BASE64: ${{ secrets.APPLE_BUILD_CERTIFICATE_BASE64 }} - INSTALL_CERTIFICATE_BASE64: ${{ secrets.APPLE_INSTALL_CERTIFICATE_BASE64 }} - P12_PASSWORD: ${{ secrets.APPLE_P12_PASSWORD }} - BUILD_PROVISION_PROFILE_BASE64: ${{ secrets.APPLE_BUILD_PROVISION_PROFILE_BASE64 }} - KEYCHAIN_PASSWORD: ${{ secrets.APPLE_KEYCHAIN_PASSWORD }} - run: | - BUILD_CERTIFICATE_PATH=$RUNNER_TEMP/build_certificate.p12 - INSTALL_CERTIFICATE_PATH=$RUNNER_TEMP/install_certificate.p12 - PP_PATH=$RUNNER_TEMP/openbrushmac.provisionprofile - KEYCHAIN_PATH=$RUNNER_TEMP/app-signing.keychain-db - - echo -n "$BUILD_CERTIFICATE_BASE64" | base64 --decode -o $BUILD_CERTIFICATE_PATH - echo -n "$INSTALL_CERTIFICATE_BASE64" | base64 --decode -o $INSTALL_CERTIFICATE_PATH - echo -n "$BUILD_PROVISION_PROFILE_BASE64" | base64 --decode -o $PP_PATH - - # create temporary keychain - security create-keychain -p "$KEYCHAIN_PASSWORD" $KEYCHAIN_PATH - security set-keychain-settings -lut 21600 $KEYCHAIN_PATH - security unlock-keychain -p "$KEYCHAIN_PASSWORD" $KEYCHAIN_PATH - - # import certificate to keychain - security import $BUILD_CERTIFICATE_PATH -P "$P12_PASSWORD" -A -t cert -f pkcs12 -k $KEYCHAIN_PATH - security import $INSTALL_CERTIFICATE_PATH -P "$P12_PASSWORD" -A -t cert -f pkcs12 -k $KEYCHAIN_PATH - security list-keychain -d user -s $KEYCHAIN_PATH - - mkdir -p ~/Library/MobileDevice/Provisioning\ Profiles - cp $PP_PATH ~/Library/MobileDevice/Provisioning\ Profiles - - - name: Sign the release - env: - VERSION: ${{ needs.configuration.outputs.version }} - run: | - tar xvfz build_macos/*tgz - - export FILENAME=$(basename $(readlink -f StandaloneOSX/OpenBrush*.app)) - - cd StandaloneOSX/ - codesign --deep --force --verify --verbose --timestamp --options runtime --entitlements ../Support/macos/OpenBrush.entitlements --sign "Developer ID Application: Icosa Gallery Ltd (${{ vars.APPLE_TEAM_ID }})" $FILENAME/Contents/Support/ThirdParty/ffmpeg/bin/ffmpeg - for bundle in $FILENAME/Contents/Plugins/*.bundle; do - codesign --deep --force --verify --verbose --timestamp --options runtime --entitlements ../Support/macos/OpenBrush.entitlements --sign "Developer ID Application: Icosa Gallery Ltd (${{ vars.APPLE_TEAM_ID }})" $bundle - done - codesign --deep --force --verify --verbose --timestamp --options runtime --entitlements ../Support/macos/OpenBrush.entitlements --sign "Developer ID Application: Icosa Gallery Ltd (${{ vars.APPLE_TEAM_ID }})" $FILENAME - cd - - - tar -c -v -z -f OpenBrush.tgz StandaloneOSX - - name: Upload signed app - uses: actions/upload-artifact@v4 - with: - name: MacOS (signed) - path: | - OpenBrush.tgz - - createdmg: - name: Create and Notarize DMG - needs: [configuration, signmacos] - if: | - github.event_name == 'push' && - github.repository == 'icosa-foundation/open-brush' && - (github.ref == 'refs/heads/main' || contains(github.ref, 'refs/tags/v')) - - runs-on: macos-latest - steps: - - name: Checkout repository - uses: actions/checkout@v4 - with: - fetch-depth: 0 - lfs: true # We don't use LFS, but it adds no time, and leave it here in case we do at some point later - sparse-checkout: | - Support/macos - - - name: Download Build Artifacts - uses: actions/download-artifact@v4 - with: - name: MacOS (signed) - path: build_macos - - - name: Create a notarized DMG - env: - VERSION: ${{ needs.configuration.outputs.version }} - run: | - tar xvfz build_macos/*tgz - - export FILENAME=$(basename $(readlink -f StandaloneOSX/OpenBrush*.app)) - mkdir dist - - cp Support/macos/background.png StandaloneOSX/ - cp Support/macos/background@2x.png StandaloneOSX/ - pip install jinjanator - jinjanate Support/macos/openbrush-dmg.json.j2 > StandaloneOSX/openbrush-dmg.json - pushd StandaloneOSX/ - npx appdmg openbrush-dmg.json ../dist/OpenBrush.dmg - popd - - xcrun notarytool submit \ - --team-id ${{ vars.APPLE_TEAM_ID }} \ - --apple-id ${{ vars.APPLE_ID }} \ - --password ${{ secrets.APPLE_APPLICATION_SPECIFIC_PASSWORD }} \ - --wait \ - dist/OpenBrush.dmg - - xcrun stapler staple dist/OpenBrush.dmg - - - name: Upload notarized dmg - uses: actions/upload-artifact@v4 - with: - name: MacOS (DMG) - path: | - dist/OpenBrush.dmg - - release: - name: Create Github Release - needs: [configuration, build, createdmg] - runs-on: ubuntu-latest - if: | - github.event_name == 'push' && - github.repository == 'icosa-foundation/open-brush' && - (github.ref == 'refs/heads/main' || contains(github.ref, 'refs/tags/v')) - - steps: - - name: "Build Changelog" - id: changelog - uses: mikepenz/release-changelog-builder-action@v5 - with: - fromTag: "${{ needs.configuration.outputs.previousrelease }}" - toTag: "${{ needs.configuration.outputs.currentrelease }}" - configurationJson: | - { - "categories": [ - { - "title": "## 🚀 Features", - "labels": ["feature", "enhancement"] - }, - { - "title": "## 🎨 UI / UX", - "labels": ["ux"] - }, - { - "title": "## 🐛 Fixes", - "labels": ["fix", "bugfix"] - }, - { - "title": "## 🛠️ Infrastructure", - "labels": ["infrastructure"] - }, - { - "title": "## 📦 Dependencies / Maintenance", - "labels": ["dependencies", "maintenance"] - }, - { - "title": "## 💬 Uncategorized", - "labels": [] - } - ], - "pr_template": "- #{{TITLE}} (PR ##{{NUMBER}} by @#{{AUTHOR}})" - } - - - name: Echo Changelog (for debugging purposes) - env: - CHANGELOG: ${{ steps.changelog.outputs.changelog }} - run: echo "$CHANGELOG" - - - name: Download Build Artifacts (Windows OpenXR) - uses: actions/download-artifact@v4 - with: - name: Windows OpenXR - path: build_windows_openxr - - - name: Download Build Artifacts (Windows Rift) - uses: actions/download-artifact@v4 - with: - name: Windows Rift - path: build_windows_rift - - - name: Download Build Artifacts (Android OpenXR) - uses: actions/download-artifact@v4 - with: - name: Android OpenXR - path: build_android_openxr - - - name: Download Build Artifacts (Oculus Quest 2+) - uses: actions/download-artifact@v4 - with: - name: Oculus Quest (2+) - path: build_oculus_quest - - - name: Download Build Artifacts (Pico) - uses: actions/download-artifact@v4 - with: - name: Android Pico - path: build_android_pico - - - name: Download Build Artifacts (Linux) - uses: actions/download-artifact@v4 - with: - name: Linux - path: build_linux - - - name: Download Build Artifacts (Mac) - uses: actions/download-artifact@v4 - with: - name: MacOS (DMG) - path: build_macos - - - name: Package Artifacts for release - env: - VERSION: ${{ needs.configuration.outputs.version }} - run: | - mkdir releases - mv build_oculus_quest/*/com.Icosa.OpenBrush*apk releases/OpenBrush_Quest_$VERSION.apk - mv build_android_openxr/*/com.Icosa.OpenBrush*apk releases/OpenBrush_OpenXR_$VERSION.apk - mv build_android_pico/*/com.Icosa.OpenBrush*apk releases/OpenBrush_Pico_$VERSION.apk - mv build_windows_openxr/StandaloneWindows64/ releases/OpenBrush_Desktop_$VERSION/ - mv build_windows_rift/StandaloneWindows64/ releases/OpenBrush_Rift_$VERSION/ - mv build_macos/*.dmg releases/OpenBrush_Mac_$VERSION.dmg - mv build_linux/StandaloneLinux64/ releases/OpenBrush_Linux_$VERSION/ - cd releases - zip -r OpenBrush_Desktop_$VERSION.zip OpenBrush_Desktop_$VERSION/ - rm -rf OpenBrush_Desktop_$VERSION - zip -r OpenBrush_Rift_$VERSION.zip OpenBrush_Rift_$VERSION/ - rm -rf OpenBrush_Rift_$VERSION - zip -r OpenBrush_Linux_$VERSION.zip OpenBrush_Linux_$VERSION/ - - - name: Publish - uses: softprops/action-gh-release@v2 - with: - body: ${{ steps.changelog.outputs.changelog }} - prerelease: ${{ needs.configuration.outputs.prerelease }} - target_commitish: ${{ needs.configuration.outputs.currentrelease }} - tag_name: ${{ needs.configuration.outputs.version }} - files: releases/* - token: ${{ secrets.RELEASE_TOKEN }} - - publish_gitbook: - name: Publish changelog from last major build to open-brush-docs - needs: [configuration, build] - runs-on: ubuntu-latest - if: | - github.event_name == 'push' && - github.repository == 'icosa-foundation/open-brush' && - (github.ref == 'refs/heads/main' || contains(github.ref, 'refs/tags/v')) - steps: - - name: "Build Changelog" - id: changelog - uses: mikepenz/release-changelog-builder-action@v5 - with: - fromTag: "${{ needs.configuration.outputs.previousfullrelease }}" - toTag: "${{ needs.configuration.outputs.currentrelease }}" - configurationJson: | - { - "categories": [ - { - "title": "## 🚀 Features", - "labels": ["feature", "enhancement"] - }, - { - "title": "## 🎨 UI / UX", - "labels": ["ux"] - }, - { - "title": "## 🐛 Fixes", - "labels": ["fix", "bugfix"] - }, - { - "title": "## 🛠️ Infrastructure", - "labels": ["infrastructure"] - }, - { - "title": "## 📦 Dependencies / Maintenance", - "labels": ["dependencies", "maintenance"] - }, - { - "title": "## 💬 Uncategorized", - "labels": [] - } - ], - "template": "# Changelog since #{{FROM_TAG}}\n\n[Full release details](#{{RELEASE_DIFF}})\n\n#{{CHANGELOG}}\n\n", - "pr_template": "- #{{TITLE}} ([PR ##{{NUMBER}}](#{{URL}}) by @#{{AUTHOR}})\n" - } - - - name: Get the current contents of the docs repository - uses: actions/checkout@v4 - with: - repository: icosa-foundation/open-brush-docs - path: open-brush-docs - ref: master - fetch-depth: 0 - sparse-checkout: | - release-history/ - - - name: Create Changelog file - env: - CHANGELOG: ${{ steps.changelog.outputs.changelog }} - run: | - echo "$CHANGELOG" | tee open-brush-docs/release-history/automatic-changelog.md - - - name: Publish release notes - uses: cpina/github-action-push-to-another-repository@composite-1.5.1 - env: - SSH_DEPLOY_KEY: ${{ secrets.OPENBRUSH_DOCS_SSH_DEPLOY_KEY }} - with: - source-directory: 'open-brush-docs/release-history/' - target-directory: 'release-history/' - destination-github-username: 'icosa-foundation' - destination-repository-name: 'open-brush-docs' - user-name: 'release-note-bot' - user-email: automatic-release@icosa - target-branch: master - - publish_steam: - name: Publish Steam Release - needs: [configuration, build, signmacos] - if: | - github.event_name == 'push' && - github.repository == 'icosa-foundation/open-brush' && - (github.ref == 'refs/heads/main' || contains(github.ref, 'refs/tags/v')) - runs-on: ubuntu-latest - steps: - - name: Checkout repository - uses: actions/checkout@v4 - with: - fetch-depth: 0 - sparse-checkout: | - Support/steam - lfs: true # We don't use LFS, but it adds no time, and leave it here in case we do at some point later - - name: Setup steamcmd - uses: CyberAndrii/setup-steamcmd@v1.2.0 - - name: Restore steam login config - run: | - mkdir -p /home/runner/Steam/config - echo "${{ secrets.STEAM_CONFIG_VDF}}" | base64 -d - | gunzip - > /home/runner/Steam/config/config.vdf - md5sum /home/runner/Steam/config/config.vdf - - name: Download Build Artifacts (Windows OpenXR) - uses: actions/download-artifact@v4 - with: - name: Windows OpenXR - path: build_windows_openxr - - name: Download Build Artifacts (MacOS Signed) - uses: actions/download-artifact@v4 - with: - name: MacOS (signed) - path: build_macos - - name: Download Build Artifacts (Linux) - uses: actions/download-artifact@v4 - with: - name: Linux - path: build_linux - - name: Upload Build - run: | - cd build_macos - tar xvfz OpenBrush.tgz - cd - - pip install -U jinjanator - jinjanate Support/steam/app.vdf.j2 > app.vdf - jinjanate Support/steam/main_depot.win.vdf.j2 > build_windows_openxr/main_depot.vdf - jinjanate Support/steam/main_depot.mac.vdf.j2 > build_macos/main_depot.vdf - jinjanate Support/steam/main_depot.linux.vdf.j2 > build_linux/main_depot.vdf - jinjanate Support/steam/installscript_win.vdf.j2 > build_windows_openxr/installscript_win.vdf - steamcmd +login $STEAM_USERNAME +run_app_build $(pwd)/app.vdf +quit - env: - STEAM_USERNAME: ${{ vars.STEAM_USERNAME }} - STEAM_PASSWORD: ${{ secrets.STEAM_PASSWORD }} - VERSION: ${{ needs.configuration.outputs.version }} - OPEN_BRUSH_APP_ID: ${{ vars.STEAM_APP_ID }} - OPEN_BRUSH_WINDOWS_DEPOT_ID: ${{ vars.STEAM_WINDOWS_DEPOT_ID }} - OPEN_BRUSH_MAC_DEPOT_ID: ${{ vars.STEAM_MAC_DEPOT_ID }} - OPEN_BRUSH_LINUX_DEPOT_ID: ${{ vars.STEAM_LINUX_DEPOT_ID }} - OPEN_BRUSH_WINDOWS_EXECUTABLE: ${{ needs.configuration.outputs.basename}}.exe - CHANNEL: beta - - name: Update steam login secret - run: | - gzip /home/runner/Steam/config/config.vdf -c | base64 | gh secret set --visibility all --org icosa-foundation STEAM_CONFIG_VDF - md5sum /home/runner/Steam/config/config.vdf - env: - GITHUB_TOKEN: ${{ secrets.SECRET_UPDATER_PAT }} - - name: Save logs - uses: actions/upload-artifact@v4 - if: ${{ failure() }} - with: - name: steamcmd logs - path: build_output/ - - publish_pimax: - name: Publish Pimax Release - needs: [configuration, build] - runs-on: windows-latest - env: - PIMAX_APP_ID: ${{ vars.PIMAX_APP_ID }} - PIMAX_USERNAME: ${{ vars.PIMAX_USERNAME }} - PIMAX_PASSWORD: ${{ secrets.PIMAX_PASSWORD }} - VERSION: ${{ needs.configuration.outputs.version}} - if: | - github.event_name == 'push' && - github.repository == 'icosa-foundation/open-brush' && - contains(github.ref, 'refs/tags/v') - - steps: - - name: Download Build Artifacts (Windows Pimax) - uses: actions/download-artifact@v4 - with: - name: Windows Pimax - path: build_windows_pimax - - - name: Publish Pimax Builds - run: | - New-Item "releases" -Type Directory - Move-Item -Path build_windows_pimax/StandaloneWindows64/* releases/ - Set-Location -Path "releases" - Compress-Archive -Path ./* -DestinationPath OpenBrush_Pimax_${Env:VERSION}.zip - Invoke-WebRequest -Uri https://dl.appstore.pimax.com/tools/pimax-dev-util.exe -OutFile pimax-dev-util.exe - ./pimax-dev-util.exe login -u $Env:PIMAX_USERNAME -p $Env:PIMAX_PASSWORD - ./pimax-dev-util.exe upload-pc-build -a $Env:PIMAX_APP_ID -d OpenBrush_Pimax_${Env:VERSION}.zip - - publish_viveport: - name: Publish Viveport Release - needs: [configuration, build] - runs-on: windows-latest - env: - VIVEPORT_EMAIL: ${{ vars.VIVEPORT_EMAIL }} - VIVEPORT_PASSWORD: ${{ secrets.VIVEPORT_PASSWORD }} - VIVEPORT_APP_ID: ${{ vars.VIVEPORT_APP_ID }} - VIVEPORT_ORG_ID: ${{ vars.VIVEPORT_ORG_ID }} - VERSION: ${{ needs.configuration.outputs.version}} - if: | - github.event_name == 'push' && - github.repository == 'icosa-foundation/open-brush' && - contains(github.ref, 'refs/tags/v') - - steps: - - name: Download Build Artifacts (Windows OpenXR) - uses: actions/download-artifact@v4 - with: - name: Windows OpenXR - path: build_windows_openxr - - - name: Publish Viveport Builds - run: | - New-Item "releases" -Type Directory - Move-Item -Path build_windows_openxr/StandaloneWindows64/* releases/ - Set-Location -Path "releases" - Compress-Archive -Path ./* -DestinationPath OpenBrush_Viveport_${Env:VERSION}.zip - Invoke-WebRequest -Uri https://assets-global.viveport.com/static-misc/developer-tool/ViveportUploader.exe -OutFile ViveportUploader.exe - ./ViveportUploader.exe -email ${Env:VIVEPORT_EMAIL} -password ${Env:VIVEPORT_PASSWORD} -filepath OpenBrush_Viveport_${Env:VERSION}.zip -appid ${Env:VIVEPORT_APP_ID} -orgid ${Env:VIVEPORT_ORG_ID} -version ${VERSION} - - publish_itch: - name: Publish Itch.io Release - needs: [configuration, build] - runs-on: ubuntu-latest - env: - ITCH_SUBCHANNEL_NAME: ${{ needs.configuration.outputs.itchchannelname }} - BUTLER_CREDENTIALS: ${{ secrets.BUTLER_CREDENTIALS }} - ITCH_GAME: openbrush - ITCH_USER: openbrush - VERSION: ${{ needs.configuration.outputs.version }} - if: | - github.event_name == 'push' && - github.repository == 'icosa-foundation/open-brush' && - (github.ref == 'refs/heads/main' || contains(github.ref, 'refs/tags/v')) - - steps: - - name: Download Build Artifacts (Windows OpenXR) - uses: actions/download-artifact@v4 - with: - name: Windows OpenXR - path: build_windows_openxr - - - name: Download Build Artifacts (Oculus Quest 2+) - uses: actions/download-artifact@v4 - with: - name: Oculus Quest (2+) - path: build_oculus_quest - - - name: Package Artifacts for release - run: | - mkdir releases - mv build_oculus_quest/*/com.Icosa.OpenBrush*apk releases/OpenBrush_Quest_$VERSION.apk - mv build_windows_openxr/StandaloneWindows64/ releases/OpenBrush_Desktop_$VERSION/ - - name: Publish Windows - uses: josephbmanley/butler-publish-itchio-action@master - env: - CHANNEL: windows-${{ env.ITCH_SUBCHANNEL_NAME }} - PACKAGE: releases/OpenBrush_Desktop_${{ needs.configuration.outputs.version }} - - name: Publish Quest - uses: josephbmanley/butler-publish-itchio-action@master - env: - CHANNEL: android-quest-${{ env.ITCH_SUBCHANNEL_NAME }} - PACKAGE: releases/OpenBrush_Quest_${{ needs.configuration.outputs.version }}.apk - - publish_oculus_quest: - name: Publish Oculus Quest 2+ Release - needs: [configuration, build] - runs-on: macos-latest # the ovr-platform-util tool is only available for Mac and Windows - if: | - github.event_name == 'push' && - github.repository == 'icosa-foundation/open-brush' && - (github.ref == 'refs/heads/main' || contains(github.ref, 'refs/tags/v')) - - steps: - - name: Download Build Artifacts (Oculus Quest 2+) - uses: actions/download-artifact@v4 - with: - name: Oculus Quest (2+) - path: build_oculus_quest - - name: Publish Oculus Builds - env: - VERSION: ${{ needs.configuration.outputs.version }} - PRERELEASE: ${{ needs.configuration.outputs.prerelease }} - RAW_CHANGELOG: ${{ needs.configuration.outputs.rawchangelog }} - OCULUS_QUEST_APP_ID: ${{ vars.OCULUS_QUEST_APP_ID }} - OCULUS_QUEST_APP_SECRET: ${{ secrets.OCULUS_QUEST_APP_SECRET }} - run: | - mkdir releases - mv build_oculus_quest/*/com.Icosa.OpenBrush*apk releases/OpenBrush_Quest_$VERSION.apk - mv build_oculus_quest/*/com.Icosa.OpenBrush*.symbols.zip releases/symbols.zip - - cd releases - unzip symbols.zip - curl -L 'https://www.oculus.com/download_app/?id=1462426033810370' -o ovr-platform-util - chmod 755 ovr-platform-util - - if [ "$PRERELEASE" == "false" ] - then - ./ovr-platform-util upload-quest-build --app-id ${OCULUS_QUEST_APP_ID} --app-secret ${OCULUS_QUEST_APP_SECRET} --apk OpenBrush_Quest_$VERSION.apk --channel LIVE:quest2+ --debug_symbols_dir ./arm64-v8a/ --debug-symbols-pattern '*.so' --age-group MIXED_AGES - else - CHANGELOG="${RAW_CHANGELOG}" - ./ovr-platform-util upload-quest-build --app-id ${OCULUS_QUEST_APP_ID} --app-secret ${OCULUS_QUEST_APP_SECRET} --apk OpenBrush_Quest_$VERSION.apk --channel Beta:quest2+ --debug_symbols_dir ./arm64-v8a/ --debug-symbols-pattern '*.so' --notes "${CHANGELOG}" --age-group MIXED_AGES - fi - - publish_oculus_quest1: - name: Publish Oculus Quest 1 Release - needs: [configuration, build] - runs-on: macos-latest # the ovr-platform-util tool is only available for Mac and Windows - if: | - github.event_name == 'push' && - github.repository == 'icosa-foundation/open-brush' && - (github.ref == 'refs/heads/main' || contains(github.ref, 'refs/tags/v')) - - steps: - - name: Download Build Artifacts (Oculus Quest 1) - uses: actions/download-artifact@v4 - with: - name: Oculus Quest (1) - path: build_oculus_quest1 - - name: Publish Oculus Builds - env: - VERSION: ${{ needs.configuration.outputs.version }} - PRERELEASE: ${{ needs.configuration.outputs.prerelease }} - RAW_CHANGELOG: ${{ needs.configuration.outputs.rawchangelog }} - OCULUS_QUEST_APP_ID: ${{ vars.OCULUS_QUEST_APP_ID }} - OCULUS_QUEST_APP_SECRET: ${{ secrets.OCULUS_QUEST_APP_SECRET }} - run: | - mkdir releases1 - mv build_oculus_quest1/*/com.Icosa.OpenBrush*apk releases1/OpenBrush_Quest1_$VERSION.apk - mv build_oculus_quest1/*/com.Icosa.OpenBrush*.symbols.zip releases1/symbols.zip - - cd releases1 - unzip symbols.zip - curl -L 'https://www.oculus.com/download_app/?id=1462426033810370' -o ovr-platform-util - chmod 755 ovr-platform-util - - if [ "$PRERELEASE" == "false" ] - then - ./ovr-platform-util upload-quest-build --app-id ${OCULUS_QUEST_APP_ID} --app-secret ${OCULUS_QUEST_APP_SECRET} --apk OpenBrush_Quest1_$VERSION.apk --channel LIVE:quest1only --debug_symbols_dir ./arm64-v8a/ --debug-symbols-pattern '*.so' --age-group MIXED_AGES - else - CHANGELOG="${RAW_CHANGELOG}" - ./ovr-platform-util upload-quest-build --app-id ${OCULUS_QUEST_APP_ID} --app-secret ${OCULUS_QUEST_APP_SECRET} --apk OpenBrush_Quest1_$VERSION.apk --channel Beta:quest1only --debug_symbols_dir ./arm64-v8a/ --debug-symbols-pattern '*.so' --notes "${CHANGELOG}" --age-group MIXED_AGES - fi - - publish_oculus_rift: - name: Publish Oculus Rift Release - needs: [configuration, build] - runs-on: macos-latest # the ovr-platform-util tool is only available for Mac and Windows - if: | - github.event_name == 'push' && - github.repository == 'icosa-foundation/open-brush' && - (github.ref == 'refs/heads/main' || contains(github.ref, 'refs/tags/v')) - - steps: - - name: Download Build Artifacts (Windows Rift) - uses: actions/download-artifact@v4 - with: - name: Windows Rift - path: build_windows_rift - - name: Publish Oculus Builds - env: - VERSION: ${{ needs.configuration.outputs.version }} - PRERELEASE: ${{ needs.configuration.outputs.prerelease }} - RAW_CHANGELOG: ${{ needs.configuration.outputs.rawchangelog }} - OCULUS_RIFT_APP_ID: ${{ vars.OCULUS_RIFT_APP_ID }} - OCULUS_RIFT_APP_SECRET: ${{ secrets.OCULUS_RIFT_APP_SECRET }} - run: | - mkdir releases - mv build_windows_rift/StandaloneWindows64/ releases/OpenBrush_Rift_$VERSION/ - cd releases - zip -r OpenBrush_Rift_$VERSION.zip OpenBrush_Rift_$VERSION/ - curl -L 'https://www.oculus.com/download_app/?id=1462426033810370' -o ovr-platform-util - chmod 755 ovr-platform-util - - if [ "$PRERELEASE" == "false" ] - then - ./ovr-platform-util upload-rift-build --app-id ${OCULUS_RIFT_APP_ID} --app-secret ${OCULUS_RIFT_APP_SECRET} --build-dir OpenBrush_Rift_$VERSION --launch-file OpenBrush.exe --channel LIVE --version $VERSION --firewall_exceptions true --redistributables 822786567843179,1675031999409058,2657209094360789 - else - CHANGELOG="${RAW_CHANGELOG}" - ./ovr-platform-util upload-rift-build --app-id ${OCULUS_RIFT_APP_ID} --app-secret ${OCULUS_RIFT_APP_SECRET} --build-dir OpenBrush_Rift_$VERSION --launch-file OpenBrush.exe --channel BETA --version $VERSION --firewall_exceptions true --redistributables 822786567843179,1675031999409058,2657209094360789 --notes "${CHANGELOG}" - fi - - publish_pico: - name: Publish Pico Releases - needs: [configuration, build] - runs-on: ubuntu-latest # the ovr-platform-util tool is only available for Mac and Windows - if: | - github.event_name == 'push' && - github.repository == 'icosa-foundation/open-brush' && - (github.ref == 'refs/heads/main' || contains(github.ref, 'refs/tags/v')) - - steps: - - name: Download Build Artifacts (Android Pico) - uses: actions/download-artifact@v4 - with: - name: Android Pico - path: build_android_pico - - name: Download Build Artifacts (Android Pico CN) - uses: actions/download-artifact@v4 - with: - name: Android Pico (CN) - path: build_android_pico_cn - - name: Publish Pico Builds - env: - VERSION: ${{ needs.configuration.outputs.version }} - PRERELEASE: ${{ needs.configuration.outputs.prerelease }} - RAW_CHANGELOG: ${{ needs.configuration.outputs.rawchangelog }} - PICO_APP_ID: ${{ vars.PICO_APP_ID }} - PICO_APP_SECRET: ${{ secrets.PICO_APP_SECRET }} - run: | - mkdir releases - mv build_android_pico/*/com.Icosa.OpenBrush*apk releases/OpenBrush_Pico_$VERSION.apk - mv build_android_pico_cn/*/com.Icosa.OpenBrush*apk releases/OpenBrush_Pico_CN_$VERSION.apk - - cd releases - # pico-cli v1.0.3 - curl -L 'https://p16-platform-static-va.ibyteimg.com/tos-maliva-i-jo6vmmv194-us/linux-noncn/202304111056/pico-cli?r=1681181814847245000' -o pico-cli - chmod 755 pico-cli - - if [ "$PRERELEASE" == "false" ] - then - # The order here matters, because the Chinese build has a slightly higher version code due to the suffix of 1 vs 0 - ./pico-cli upload-build --app-id $PICO_APP_ID --app-secret $PICO_APP_SECRET --region noncn --apk OpenBrush_Pico_$VERSION.apk --channel 2 --notes-en "Version $VERSION" --device 'PICO Neo3,PICO Neo3 Pro,PICO Neo3 Eye,PICO 4' - ./pico-cli upload-build --app-id $PICO_APP_ID --app-secret $PICO_APP_SECRET --region noncn --apk OpenBrush_Pico_CN_$VERSION.apk --channel 1 --notes-en "Version $VERSION" --device 'PICO Neo3,PICO Neo3 Pro,PICO Neo3 Eye,PICO 4' - else - # For Pico, Beta channels can only get one build, not a separate China / non-China build - ./pico-cli upload-build --app-id $PICO_APP_ID --app-secret $PICO_APP_SECRET --region noncn --apk OpenBrush_Pico_$VERSION.apk --channel 3 --notes-en "Version $VERSION" --device 'PICO Neo3,PICO Neo3 Pro,PICO Neo3 Eye,PICO 4' - fi - - publish_ios_zapbox: - name: Publish Zapbox iOS - needs: [configuration, build] - runs-on: macos-latest - if: | - github.event_name == 'push' && - github.repository == 'icosa-foundation/open-brush' && - (github.ref == 'refs/heads/main' || contains(github.ref, 'refs/tags/v')) - steps: - - name: Checkout Repository - uses: actions/checkout@v4 - with: - fetch-depth: 0 - sparse-checkout: | - Gemfile - Gemfile.lock - fastlane - - - name: Free extra space - # As of 02/08/2024, this increases free space from 21GB to 47GB - run: | - echo "Initial free space" - df -h - rm -rf "$AGENT_TOOLSDIRECTORY" - echo "Disk space after cleanup of \$AGENT_TOOLSDIRECTORY" - df -h - echo "Deleting all Xcode versions except 15.4" - find /Applications/Xcode_* -maxdepth 0 -type d ! -name 'Xcode_15.4.app' -exec rm -rf {} \; - df -h - find /Applications/Xcode* -name "*.app" -exec du -mcsh {} \; # Shows Xcode app sizes - - - name: Download iOS Artifact - uses: actions/download-artifact@v4 - with: - name: iOS Zapbox - path: build - - - name: Fix File Permissions - run: | - export FILENAME=$(basename $(readlink -f build/iOS/OpenBrush*)) - export IOS_BUILD_PATH=$(pwd)/build/iOS/${FILENAME} - - find $IOS_BUILD_PATH -type f -name "*.sh" -exec chmod +x {} \; - - - name: Run fastlane - env: - APPLE_CONNECT_EMAIL: ${{ secrets.APPLE_CONNECT_EMAIL }} - APPLE_DEVELOPER_EMAIL: ${{ secrets.APPLE_DEVELOPER_EMAIL }} - APPLE_TEAM_ID: ${{ vars.APPLE_TEAM_ID }} - - MATCH_REPOSITORY: ${{ secrets.MATCH_REPOSITORY }} - MATCH_DEPLOY_KEY: ${{ secrets.MATCH_DEPLOY_KEY }} - MATCH_PASSWORD: ${{ secrets.MATCH_PASSWORD }} - - APPSTORE_ISSUER_ID: ${{ secrets.APPSTORE_ISSUER_ID }} - APPSTORE_KEY_ID: ${{ secrets.APPSTORE_KEY_ID }} - APPSTORE_P8: ${{ secrets.APPSTORE_P8 }} - - IOS_BUNDLE_ID: ${{ vars.IOS_ZAPBOX_BUNDLE_ID }} - PROJECT_NAME: Open Brush for Zapbox - FASTLANE_LANE: ${{ needs.configuration.outputs.fastlanelane }} - run: | - eval "$(ssh-agent -s)" - ssh-add - <<< "${MATCH_DEPLOY_KEY}" - export FILENAME=$(basename $(readlink -f build/iOS/OpenBrush*)) - export IOS_BUILD_PATH=$(pwd)/build/iOS/${FILENAME} - - bundle install - bundle exec fastlane ios ${FASTLANE_LANE} - - - name: Save logs - uses: actions/upload-artifact@v4 - if: ${{ failure() }} - with: - name: fastlane logs - path: /Users/runner/Library/Logs/gym/