Build curl framework #627
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: "Build curl framework" | |
| on: | |
| push: | |
| branches: ["main"] | |
| schedule: | |
| - cron: "18 18 * * *" | |
| workflow_dispatch: | |
| permissions: | |
| packages: read | |
| contents: write | |
| jobs: | |
| query: | |
| name: "Check for updates" | |
| runs-on: macos-14 | |
| outputs: | |
| curl_version: ${{ steps.query.outputs.curl_version }} | |
| needs_update: ${{ steps.query.outputs.needs_update }} | |
| steps: | |
| - name: "Get latest release" | |
| id: query | |
| env: | |
| GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| run: | | |
| LATEST_OFFICIAL_CURL_RELEASE=$(curl -sS https://curl.se/info | grep 'Version:' | cut -d ' ' -f2) | |
| LATEST_CURL_IOS_RELEASE=$(gh api /repos/tls-inspector/curl-ios/releases/latest --jq '.name') | |
| if [ -z "$LATEST_OFFICIAL_CURL_RELEASE" ]; then | |
| echo "::error ::Unable to determine latest curl version, aborting run" | |
| exit 1 | |
| fi | |
| if [ -z "$LATEST_CURL_IOS_RELEASE" ]; then | |
| echo "::error ::Unable to determine last published framework version, aborting run" | |
| exit 1 | |
| fi | |
| echo "::notice ::Latest curl release: ${LATEST_OFFICIAL_CURL_RELEASE}, last published framework: ${LATEST_CURL_IOS_RELEASE}" | |
| echo "curl_version=${LATEST_OFFICIAL_CURL_RELEASE}" >> $GITHUB_OUTPUT | |
| if [[ "${LATEST_CURL_IOS_RELEASE}" != "${LATEST_OFFICIAL_CURL_RELEASE}" ]]; then | |
| echo "needs_update=yes" >> $GITHUB_OUTPUT | |
| else | |
| echo "needs_update=no" >> $GITHUB_OUTPUT | |
| fi | |
| cat $GITHUB_OUTPUT | |
| update: | |
| name: "Compile" | |
| needs: query | |
| if: needs.query.outputs.needs_update == 'yes' | |
| runs-on: macos-14 | |
| outputs: | |
| framework_checksum: ${{ steps.prepare.outputs.framework_checksum }} | |
| steps: | |
| - name: Checkout Source | |
| id: checkout | |
| uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # pin@v4.1.1 | |
| - name: Compile Framework | |
| id: compile | |
| run: | | |
| gpg --import ./curl.asc | |
| echo 'trusted-key 0x78E11C6B279D5C91' >> ~/.gnupg/gpg.conf | |
| echo 'trusted-key 0xF9FEAFF9D34A1BDB' >> ~/.gnupg/gpg.conf | |
| echo 'trusted-key 0x5CC908FDB71E12C2' >> ~/.gnupg/gpg.conf | |
| GPG_VERIFY=1 ./build-ios.sh ${{ needs.query.outputs.curl_version }} | |
| zip -r curl.xcframework.zip curl.xcframework/ | |
| - name: Capture Build Errors | |
| uses: actions/upload-artifact@26f96dfa697d77e81fd5907df203aa23a56210a8 # pin@v4.3.0 | |
| if: failure() | |
| with: | |
| name: build_output | |
| path: build/*_build.log | |
| - name: Prepare Release | |
| id: prepare | |
| run: | | |
| SHASUM=$(shasum -a 256 curl.xcframework.zip | cut -d ' ' -f1) | |
| echo "framework_checksum=${SHASUM}" >> $GITHUB_OUTPUT | |
| echo "::notice ::curl.xcframework.zip checksum: ${SHASUM}" | |
| echo "-----BEGIN EC PRIVATE KEY-----" >> private_key.pem | |
| echo '${{ secrets.SIGNING_KEY }}' >> private_key.pem | |
| echo "-----END EC PRIVATE KEY-----" >> private_key.pem | |
| openssl dgst -sign private_key.pem -sha256 -out curl.xcframework.zip.sig curl.xcframework.zip | |
| rm -f private_key.pem | |
| - name: Make Release If Needed | |
| id: release | |
| uses: softprops/action-gh-release@de2c0eb89ae2a093876385947365aca7b0e5f844 # pin@v1 | |
| with: | |
| name: ${{ needs.query.outputs.curl_version }} | |
| body: "curl.xcframework.zip SHA-256 `${{ steps.prepare.outputs.framework_checksum }}`" | |
| tag_name: ${{ needs.query.outputs.curl_version }} | |
| files: | | |
| curl.xcframework.zip | |
| curl.xcframework.zip.sig |