# Copyright 2020 Signal Messenger, LLC # SPDX-License-Identifier: AGPL-3.0-only name: CI on: push: branches: - development - main - '[0-9]+.[0-9]+.x' pull_request: jobs: lint: runs-on: ubuntu-22.04-8-cores timeout-minutes: 30 steps: - run: lsb_release -a - run: uname -a - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 - name: Setup pnpm uses: pnpm/action-setup@41ff72655975bd51cab0327fa583b6e92b6d3061 # v4 - name: Setup node.js uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f # v6 with: node-version-file: '.nvmrc' cache: 'pnpm' cache-dependency-path: 'pnpm-lock.yaml' - name: Cache .electron-gyp uses: actions/cache@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5.0.4 with: path: ~/.electron-gyp key: electron-gyp-${{ runner.os }}-${{ hashFiles('pnpm-lock.yaml') }} # - name: Setup sccache # uses: mozilla-actions/sccache-action@054db53350805f83040bf3e6e9b8cf5a139aa7c9 # v0.0.7 # - name: Restore sccache # uses: actions/cache@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5.0.4 # with: # path: ${{ env.SCCACHE_PATH }} # key: sccache-${{ runner.os }}-${{ hashFiles('pnpm-lock.yaml', 'patches/**') }} - name: Restore cached tsconfig.tsbuildinfo uses: actions/cache/restore@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5.0.4 id: cache-lint with: path: tsconfig.tsbuildinfo key: lint-${{ runner.os }}-${{ hashFiles('pnpm-lock.yaml', 'patches/**', 'tsconfig.json') }} - name: Install Desktop node_modules run: pnpm install env: # CC: sccache gcc # CXX: sccache g++ # SCCACHE_GHA_ENABLED: "true" NPM_CONFIG_LOGLEVEL: verbose # We rebuild in `electron:install-app-deps` that doesn't look at this # environment variable NPM_CONFIG_NODE_GYP: echo - name: Install Sticker Creator node_modules run: pnpm install working-directory: sticker-creator - run: pnpm run generate - run: pnpm run lint-prettier - run: pnpm run lint-css - run: pnpm run check:types - run: pnpm run oxlint --format=github - run: pnpm run lint-deps - run: pnpm run lint-license-comments - run: pnpm run lint-intl - run: pnpm run lint-knip:all --reporter github-actions - run: pnpm run lint-knip:prod --reporter github-actions - name: Check acknowledgments file is up to date run: pnpm run build:acknowledgments env: REQUIRE_SIGNAL_LIB_FILES: 1 - run: git diff --exit-code - name: Update cached tsconfig.tsbuildinfo uses: actions/cache/save@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5.0.4 if: github.ref == 'refs/heads/main' with: path: tsconfig.tsbuildinfo key: ${{ steps.cache-lint.outputs.cache-primary-key }} macos: needs: lint runs-on: macos-latest if: github.ref == 'refs/heads/main' timeout-minutes: 30 steps: - run: uname -a - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 - name: Setup pnpm uses: pnpm/action-setup@41ff72655975bd51cab0327fa583b6e92b6d3061 # v4 - name: Setup node.js uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f # v6 with: node-version-file: '.nvmrc' cache: 'pnpm' cache-dependency-path: 'pnpm-lock.yaml' - name: Cache .electron-gyp uses: actions/cache@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5.0.4 with: path: ~/.electron-gyp key: electron-gyp-${{ runner.os }}-${{ hashFiles('pnpm-lock.yaml') }} # - name: Setup sccache # uses: mozilla-actions/sccache-action@054db53350805f83040bf3e6e9b8cf5a139aa7c9 # v0.0.7 # - name: Restore sccache # uses: actions/cache@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5.0.4 # with: # path: ${{ env.SCCACHE_PATH }} # key: sccache-${{ runner.os }}-${{ hashFiles('pnpm-lock.yaml', 'patches/**') }} - name: Install Desktop node_modules run: pnpm install env: # CC: sccache clang # CXX: sccache clang++ # SCCACHE_GHA_ENABLED: "true" NPM_CONFIG_LOGLEVEL: verbose # We rebuild in `electron:install-app-deps` that doesn't look at this # environment variable NPM_CONFIG_NODE_GYP: echo - run: pnpm run prepare-beta-build - run: pnpm run generate - run: pnpm run test-node - run: pnpm run test-electron env: ARTIFACTS_DIR: artifacts/macos WORKER_COUNT: 4 timeout-minutes: 5 - run: touch noop.sh && chmod +x noop.sh - run: pnpm run build env: # CC: sccache clang # CXX: sccache clang++ # SCCACHE_GHA_ENABLED: "true" DISABLE_INSPECT_FUSE: on SIGN_MACOS_SCRIPT: noop.sh ARTIFACTS_DIR: artifacts/macos - name: Upload installer size if: ${{ github.repository == 'signalapp/Signal-Desktop-Private' && github.ref == 'refs/heads/main' }} run: | node scripts/publish-installer-size.mjs macos-arm64 node scripts/publish-installer-size.mjs macos-x64 node scripts/publish-installer-size.mjs macos-universal - run: pnpm run test-release env: NODE_ENV: production - name: Upload artifacts on failure if: failure() uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0 with: path: artifacts linux: needs: lint runs-on: ubuntu-22.04-8-cores timeout-minutes: 30 steps: - run: lsb_release -a - run: uname -a - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 - name: Setup pnpm uses: pnpm/action-setup@41ff72655975bd51cab0327fa583b6e92b6d3061 # v4 - name: Setup node.js uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f # v6 with: node-version-file: '.nvmrc' cache: 'pnpm' cache-dependency-path: 'pnpm-lock.yaml' - name: Cache .electron-gyp uses: actions/cache@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5.0.4 with: path: ~/.electron-gyp key: electron-gyp-${{ runner.os }}-${{ hashFiles('pnpm-lock.yaml') }} - name: Install xvfb and libpulse0 run: sudo apt-get install xvfb libpulse0 || (sudo apt-get update && sudo apt-get install xvfb libpulse0) # - name: Setup sccache # uses: mozilla-actions/sccache-action@054db53350805f83040bf3e6e9b8cf5a139aa7c9 # v0.0.7 # - name: Restore sccache # uses: actions/cache@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5.0.4 # with: # path: ${{ env.SCCACHE_PATH }} # key: sccache-${{ runner.os }}-${{ hashFiles('pnpm-lock.yaml', 'patches/**') }} - name: Install Desktop node_modules run: pnpm install env: # CC: sccache gcc # CXX: sccache g++ # SCCACHE_GHA_ENABLED: "true" NPM_CONFIG_LOGLEVEL: verbose # We rebuild in `electron:install-app-deps` that doesn't look at this # environment variable NPM_CONFIG_NODE_GYP: echo - run: pnpm run prepare-beta-build - run: pnpm run generate - name: Create preload cache run: xvfb-run --auto-servernum pnpm run build:preload-cache env: ARTIFACTS_DIR: artifacts/linux - name: Build with packaging .deb file run: pnpm run build:release --publish=never if: github.ref == 'refs/heads/main' env: # CC: sccache gcc # CXX: sccache g++ # SCCACHE_GHA_ENABLED: "true" DISABLE_INSPECT_FUSE: on - name: Build without packaging .deb file run: pnpm run build:release --linux dir if: github.ref != 'refs/heads/main' env: # CC: sccache gcc # CXX: sccache g++ # SCCACHE_GHA_ENABLED: "true" DISABLE_INSPECT_FUSE: on - name: Upload installer size if: ${{ github.repository == 'signalapp/Signal-Desktop-Private' && github.ref == 'refs/heads/main' }} run: node scripts/publish-installer-size.mjs linux - run: xvfb-run --auto-servernum pnpm run test-node - name: Clone backup integration tests uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 with: repository: 'signalapp/Signal-Message-Backup-Tests' ref: '33b3d0cd4367a898f5f8b4a2c57ee12ba7ec38ea' path: 'backup-integration-tests' - run: xvfb-run --auto-servernum pnpm run test-electron timeout-minutes: 5 env: ARTIFACTS_DIR: artifacts/linux LANG: en_US LANGUAGE: en_US BACKUP_INTEGRATION_DIR: 'backup-integration-tests/test-cases' WORKER_COUNT: 8 - run: xvfb-run --auto-servernum pnpm run test-release env: NODE_ENV: production - name: Upload artifacts on failure if: failure() uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0 with: path: artifacts windows: needs: lint runs-on: windows-latest-8-cores timeout-minutes: 30 steps: - run: systeminfo - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 - name: Setup pnpm uses: pnpm/action-setup@41ff72655975bd51cab0327fa583b6e92b6d3061 # v4 - name: Setup node.js uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f # v6 with: node-version-file: '.nvmrc' cache: 'pnpm' cache-dependency-path: 'pnpm-lock.yaml' - name: Cache .electron-gyp uses: actions/cache@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5.0.4 with: path: ~/.electron-gyp key: electron-gyp-${{ runner.os }}-${{ hashFiles('pnpm-lock.yaml') }} - run: touch noop.js - name: Install Desktop node_modules run: pnpm install env: NPM_CONFIG_LOGLEVEL: verbose NPM_CONFIG_NODE_GYP: ${{ github.workspace }}\noop.js - run: copy package.json temp.json - run: del package.json - run: type temp.json | findstr /v certificateSubjectName | findstr /v certificateSha1 > package.json - run: pnpm run prepare-beta-build - run: pnpm run generate - run: pnpm run test-node - name: Create preload cache run: pnpm run build:preload-cache env: ARTIFACTS_DIR: artifacts/win - name: Build with NSIS run: pnpm run build:release if: github.ref == 'refs/heads/main' env: DISABLE_INSPECT_FUSE: on - name: Build without NSIS run: pnpm run build:release --win dir if: github.ref != 'refs/heads/main' env: DISABLE_INSPECT_FUSE: on - name: Upload installer size if: ${{ github.repository == 'signalapp/Signal-Desktop-Private' && github.ref == 'refs/heads/main' }} run: node scripts/publish-installer-size.mjs windows - run: pnpm run test-electron env: ARTIFACTS_DIR: artifacts/windows WORKER_COUNT: 4 timeout-minutes: 5 - run: pnpm run test-release env: SIGNAL_ENV: production - name: Upload artifacts on failure if: failure() uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0 with: path: artifacts sticker-creator: name: Sticker Creator runs-on: ubuntu-22.04-8-cores timeout-minutes: 30 defaults: run: working-directory: sticker-creator steps: - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 - name: Setup pnpm uses: pnpm/action-setup@41ff72655975bd51cab0327fa583b6e92b6d3061 # v4 - name: Setup node.js uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f # v6 with: node-version-file: '.nvmrc' - name: Install Sticker Creator node_modules run: pnpm install - name: Build Sticker Creator run: pnpm run build - name: Check Sticker Creator types run: pnpm run check:types - name: Check Sticker Creator formatting run: pnpm run prettier:check - name: Check Sticker Creator linting run: pnpm run lint mock-tests: needs: lint continue-on-error: true strategy: matrix: workerIndex: [0, 1, 2, 3] runs-on: ubuntu-latest-8-cores if: ${{ github.repository == 'signalapp/Signal-Desktop-Private' }} timeout-minutes: 30 steps: - name: Get system specs run: lsb_release -a - name: Get other system specs run: uname -a - name: Clone Desktop repo uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 - name: Setup pnpm uses: pnpm/action-setup@41ff72655975bd51cab0327fa583b6e92b6d3061 # v4 - name: Setup node.js uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f # v6 with: node-version-file: '.nvmrc' cache: 'pnpm' cache-dependency-path: 'pnpm-lock.yaml' - name: Cache .electron-gyp uses: actions/cache@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5.0.4 with: path: ~/.electron-gyp key: electron-gyp-${{ runner.os }}-${{ hashFiles('pnpm-lock.yaml') }} - name: Update apt run: sudo apt-get update - name: Install xvfb and libpulse0 run: sudo apt-get install -y xvfb libpulse0 # - name: Setup sccache # uses: mozilla-actions/sccache-action@054db53350805f83040bf3e6e9b8cf5a139aa7c9 # v0.0.7 # - name: Restore sccache # uses: actions/cache@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5.0.4 # with: # path: ${{ env.SCCACHE_PATH }} # key: sccache-${{ runner.os }}-${{ hashFiles('pnpm-lock.yaml', 'patches/**') }} - name: Install Desktop node_modules run: | pnpm install sudo chown root node_modules/.pnpm/electron@*/node_modules/electron/dist/chrome-sandbox sudo chmod 4755 node_modules/.pnpm/electron@*/node_modules/electron/dist/chrome-sandbox env: # CC: sccache gcc # CXX: sccache g++ # SCCACHE_GHA_ENABLED: "true" NPM_CONFIG_LOGLEVEL: verbose # We rebuild in `electron:install-app-deps` that doesn't look at this # environment variable NPM_CONFIG_NODE_GYP: echo - name: Build typescript run: pnpm run generate - name: Create preload cache run: xvfb-run --auto-servernum pnpm run build:preload-cache env: ARTIFACTS_DIR: artifacts/linux - name: Run mock server tests run: | set -o pipefail xvfb-run --auto-servernum pnpm run test-mock timeout-minutes: 15 env: NODE_ENV: production DEBUG: mock:test:* ARTIFACTS_DIR: artifacts/mock WORKER_INDEX: ${{ matrix.workerIndex }} WORKER_COUNT: 4 - name: Run docker mock server tests if: ${{ matrix.workerIndex == 0 }} run: | set -o pipefail sudo apt-get install -y pipewire pipewire-pulse wireplumber psmisc pulseaudio-utils systemctl --user start pipewire.service systemctl --user start pipewire-pulse.service xvfb-run --auto-servernum pnpm run test-mock-docker timeout-minutes: 10 env: NODE_ENV: production DEBUG: mock:test:* ARTIFACTS_DIR: artifacts/mock-docker - name: Upload mock server test logs on failure if: failure() uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0 with: name: logs-${{ matrix.workerIndex }} path: artifacts check-min-os-version: needs: lint continue-on-error: true strategy: matrix: os: [ubuntu-22.04-8-cores, macos-latest, windows-latest-8-cores] runs-on: ${{ matrix.os }} timeout-minutes: 30 steps: - run: uname -a - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 - name: Setup pnpm uses: pnpm/action-setup@41ff72655975bd51cab0327fa583b6e92b6d3061 # v4 - name: Setup node.js uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f # v6 with: node-version-file: '.nvmrc' cache: 'pnpm' cache-dependency-path: 'pnpm-lock.yaml' - name: Cache .electron-gyp uses: actions/cache@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5.0.4 with: path: ~/.electron-gyp key: electron-gyp-${{ runner.os }}-${{ hashFiles('pnpm-lock.yaml') }} - name: Install Desktop node_modules if: matrix.os != 'windows-latest-8-cores' run: pnpm install env: NPM_CONFIG_LOGLEVEL: verbose # We rebuild in `electron:install-app-deps` that doesn't look at this # environment variable NPM_CONFIG_NODE_GYP: echo - run: touch noop.js if: matrix.os == 'windows-latest-8-cores' - name: Install Desktop node_modules on Windows if: matrix.os == 'windows-latest-8-cores' run: pnpm install env: NPM_CONFIG_LOGLEVEL: verbose # We rebuild in `electron:install-app-deps` that doesn't look at this # environment variable NPM_CONFIG_NODE_GYP: ${{ github.workspace }}\noop.js - run: pnpm generate:phase-0 - name: Run OS version check run: | node scripts/check-min-os-version.mjs