Skip to content
Build curl framework

Build curl framework #704

Sign in to view logs

Build curl framework

Build curl framework #704

Workflow file for this run

.github/workflows/release.yml at 12a7a46
name: "Build curl framework"
on:
push:
branches: ["main"]
schedule:
- cron: "18 18 * * *"
workflow_dispatch:
permissions:
packages: read
contents: write
jobs:
query:
name: "Check for updates"
runs-on: macos-14
outputs:
curl_version: ${{ steps.query.outputs.curl_version }}
openssl_version: ${{ steps.query.outputs.openssl_version }}
needs_update: ${{ steps.query.outputs.needs_update }}
steps:
- name: "Get latest release"
id: query
env:
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: |
echo "Getting latest curl release..."
LATEST_OFFICIAL_CURL_RELEASE=$(curl -sS https://curl.se/info | grep 'Version:' | cut -d ' ' -f2)
LATEST_CURL_IOS_RELEASE=$(gh api /repos/tls-inspector/curl-ios/releases/latest --jq '.name')
if [ -z "$LATEST_OFFICIAL_CURL_RELEASE" ]; then
echo "::error ::Unable to determine latest curl version, aborting run"
exit 1
fi
if [ -z "$LATEST_CURL_IOS_RELEASE" ]; then
echo "::error ::Unable to determine last published framework version, aborting run"
exit 1
fi
echo "Getting latest openssl release..."
LATEST_OPENSSL_IOS_RELEASE=$(gh api /repos/tls-inspector/openssl-ios/releases/latest --jq '.name')
if [ -z "$LATEST_OPENSSL_IOS_RELEASE" ]; then
echo "::error ::Unable to determine last published framework version, aborting run"
exit 1
fi
echo "curl_version=${LATEST_OFFICIAL_CURL_RELEASE}" >> $GITHUB_OUTPUT
echo "openssl_version=${LATEST_OPENSSL_IOS_RELEASE}" >> $GITHUB_OUTPUT
echo "::notice ::Latest curl release: ${LATEST_OFFICIAL_CURL_RELEASE}, last published framework: ${LATEST_CURL_IOS_RELEASE}"
if [[ "${LATEST_CURL_IOS_RELEASE}" != "${LATEST_OFFICIAL_CURL_RELEASE}" ]]; then
echo "Update available!"
echo "needs_update=yes" >> $GITHUB_OUTPUT
else
echo "No updates available"
echo "needs_update=no" >> $GITHUB_OUTPUT
fi
cat $GITHUB_OUTPUT
update:
name: "Compile"
needs: query
if: needs.query.outputs.needs_update == 'yes'
runs-on: macos-14
outputs:
framework_checksum: ${{ steps.prepare.outputs.framework_checksum }}
steps:
- name: Checkout Source
id: checkout
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 #pin v4.2.2
- name: Compile Framework
id: compile
env:
CURL_VERSION: ${{ needs.query.outputs.curl_version }}
OPENSSL_VERSION: ${{ needs.query.outputs.openssl_version }}
run: |
gpg --import ./curl.asc
echo 'trusted-key 0x78E11C6B279D5C91' >> ~/.gnupg/gpg.conf
echo 'trusted-key 0xF9FEAFF9D34A1BDB' >> ~/.gnupg/gpg.conf
echo 'trusted-key 0x5CC908FDB71E12C2' >> ~/.gnupg/gpg.conf
VERIFY=1 ./build-ios.sh ${{ needs.query.outputs.curl_version }}
zip -r curl.xcframework.zip curl.xcframework/
./inject_module_map.sh iphoneos
./inject_module_map.sh iphonesimulator
zip -r curl_swift.xcframework.zip curl.xcframework/
- name: Capture Build Errors
uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 #pin v4.6.0
if: failure()
with:
name: build_output
path: build/*_build.log
- name: Prepare Release
id: prepare_release
run: |
echo "-----BEGIN EC PRIVATE KEY-----" >> private_key.pem
echo '${{ secrets.SIGNING_KEY }}' >> private_key.pem
echo "-----END EC PRIVATE KEY-----" >> private_key.pem
openssl dgst -sign private_key.pem -sha256 -out curl.xcframework.zip.sig curl.xcframework.zip
openssl dgst -sign private_key.pem -sha256 -out curl_swift.xcframework.zip.sig curl_swift.xcframework.zip
rm -f private_key.pem
- name: Make Release
id: make_release
env:
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: |
gh release create -n "${{ needs.query.outputs.curl_version }}" -t "${{ needs.query.outputs.curl_version }}" ${{ needs.query.outputs.curl_version }} curl.xcframework.zip curl.xcframework.zip.sig curl_swift.xcframework.zip curl_swift.xcframework.zip.sig