diff --git a/.github/CONTRIBUTING.md b/.github/CONTRIBUTING.md index 93066b9d9..722c63d44 100644 --- a/.github/CONTRIBUTING.md +++ b/.github/CONTRIBUTING.md @@ -20,6 +20,10 @@ Translations are not managed directly in this repository. Instead, we use [Crowdin](https://translate.cryptomator.org/), which automatically synchronizes translations with this repository. If you want to help us with translations, please visit our translation project on Crowdin. +## Use of Generative AI + +AI tools may assist your work, but every contribution must be fully understood, reviewed, and tested by you. Only submit changes you can clearly explain and justify. Unverified or low-quality AI output that wastes our time and resources will be closed without further review. + ## Code of Conduct Help us keep Cryptomator open and inclusive. Please read and follow our [Code of Conduct](https://github.com/cryptomator/cryptomator/blob/develop/.github/CODE_OF_CONDUCT.md). diff --git a/.github/actions/win-sign-action/action.yml b/.github/actions/win-sign-action/action.yml index ce4423883..b4c2eaa73 100644 --- a/.github/actions/win-sign-action/action.yml +++ b/.github/actions/win-sign-action/action.yml @@ -48,7 +48,7 @@ runs: echo "client-secret=${{ inputs.client-secret }}" >> "$GITHUB_OUTPUT" shell: bash - name: Sign DLLs with Azure Trusted Signing - uses: azure/trusted-signing-action@fc390cf8ed0f14e248a542af1d838388a47c7a7c # v0.5.10 + uses: azure/artifact-signing-action@87c2e83e6868da99d3380aa309851b32ed9a8346 # v1.1.0 with: files-folder: ${{ inputs.base-dir }} files-folder-filter: ${{ inputs.file-extensions }} @@ -59,7 +59,7 @@ runs: azure-tenant-id: ${{ steps.set-secrets.outputs.tenant-id }} azure-client-id: ${{ steps.set-secrets.outputs.client-id }} azure-client-secret: ${{ steps.set-secrets.outputs.client-secret }} - trusted-signing-account-name: cryptomatorSigning + signing-account-name: cryptomatorSigning certificate-profile-name: production endpoint: https://weu.codesigning.azure.net/ timestamp-rfc3161: http://timestamp.acs.microsoft.com diff --git a/.github/dependabot.yml b/.github/dependabot.yml index b2ace54c2..e47dae730 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -14,6 +14,9 @@ updates: versions: ["2.0.1.MR"] - dependency-name: "org.openjfx:*" update-types: ["version-update:semver-major"] + # due to https://github.com/fabriciorby/maven-surefire-junit5-tree-reporter/issues/68 + - dependency-name: "org.apache.maven.plugins:maven-surefire-plugin" + versions: [ "3.5.4", "3.5.5" ] groups: java-test-dependencies: patterns: diff --git a/.github/workflows/appimage.yml b/.github/workflows/appimage.yml index 4c49db7ea..d3da01b7b 100644 --- a/.github/workflows/appimage.yml +++ b/.github/workflows/appimage.yml @@ -8,6 +8,10 @@ on: version: description: 'Version' required: false + create-pr: + description: 'Create a PR for aur-bin repo' + type: boolean + default: false push: branches-ignore: - 'dependabot/**' @@ -19,7 +23,7 @@ on: env: JAVA_DIST: 'temurin' - JAVA_VERSION: '24.0.1+9' + JAVA_VERSION: '25.0.2+10.0.LTS' jobs: get-version: @@ -31,22 +35,26 @@ jobs: name: Build AppImage runs-on: ${{ matrix.os }} needs: [get-version] + env: + SEMVER_STR: ${{ needs.get-version.outputs.semVerStr }} + SEMVER_NUM: ${{ needs.get-version.outputs.semVerNum }} + REV_NUM: ${{ needs.get-version.outputs.revNum }} strategy: fail-fast: false matrix: include: - os: ubuntu-latest - appimage-suffix: x86_64 - openjfx-url: 'https://download2.gluonhq.com/openjfx/25/openjfx-25_linux-x64_bin-jmods.zip' - openjfx-sha: '96e520f48610d8ffb94ca30face1f11ffe8a977ddc1c4ff80b1a9e9f048bd94e' + arch: x86_64 + openjfx-url: 'https://download2.gluonhq.com/openjfx/25.0.2/openjfx-25.0.2_linux-x64_bin-jmods.zip' + openjfx-sha: 'e0a9c29d8cf3af9b8b48848b43f87b5785bc107c53a951b19668ce05842bba1b' - os: ubuntu-24.04-arm - appimage-suffix: aarch64 - openjfx-url: 'https://download2.gluonhq.com/openjfx/25/openjfx-25_linux-aarch64_bin-jmods.zip' - openjfx-sha: '9ad4ca7b769ca4ee6419f1e99143dd6ff812f8be4fddb46a7d7cacbeea148af4' + arch: aarch64 + openjfx-url: 'https://download2.gluonhq.com/openjfx/25.0.2/openjfx-25.0.2_linux-aarch64_bin-jmods.zip' + openjfx-sha: 'c3408f818693cce09e59829a8e862a82c7695fdfcd585c41cfd527f5fc3fe646' steps: - - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: Setup Java - uses: actions/setup-java@dded0888837ed1f317902acf8a20df0ad188d165 # v5.0.0 + uses: actions/setup-java@be666c2fcd27ec809703dec50e508c2fdc7f6654 # v5.2.0 with: distribution: ${{ env.JAVA_DIST }} java-version: ${{ env.JAVA_VERSION }} @@ -55,7 +63,7 @@ jobs: - name: Download OpenJFX jmods id: download-jmods run: | - curl -L ${{ matrix.openjfx-url }} -o openjfx-jmods.zip + curl --silent --fail-with-body --proto "=https" -L ${{ matrix.openjfx-url }} -o openjfx-jmods.zip echo "${{ matrix.openjfx-sha }} openjfx-jmods.zip" | shasum -a256 --check mkdir -p openjfx-jmods unzip -j openjfx-jmods.zip \*/javafx.base.jmod \*/javafx.controls.jmod \*/javafx.fxml.jmod \*/javafx.graphics.jmod -d openjfx-jmods @@ -73,7 +81,7 @@ jobs: exit 1 fi - name: Set version - run : mvn versions:set -DnewVersion=${{ needs.get-version.outputs.semVerStr }} + run : mvn versions:set -DnewVersion="$SEMVER_STR" - name: Run maven run: mvn -B clean package -Plinux -DskipTests - name: Patch target dir @@ -94,13 +102,15 @@ jobs: ${JAVA_HOME}/bin/jlink --verbose --output runtime - --module-path "${{ steps.jep-493-check.outputs.jmod_paths }}" + --module-path "${JMOD_PATHS}" --add-modules java.base,java.desktop,java.instrument,java.logging,java.naming,java.net.http,java.scripting,java.sql,java.xml,javafx.base,javafx.graphics,javafx.controls,javafx.fxml,jdk.crypto.cryptoki,jdk.crypto.ec,jdk.unsupported,jdk.security.auth,jdk.accessibility,jdk.management.jfr,jdk.net,java.compiler --strip-native-commands --no-header-files --no-man-pages --strip-debug --compress zip-0 + env: + JMOD_PATHS: ${{ steps.jep-493-check.outputs.jmod_paths }} - name: Run jpackage run: > ${JAVA_HOME}/bin/jpackage @@ -114,23 +124,23 @@ jobs: --name Cryptomator --vendor "Skymatic GmbH" --copyright "(C) 2016 - 2025 Skymatic GmbH" - --app-version "${{ needs.get-version.outputs.semVerNum }}.${{ needs.get-version.outputs.revNum }}" + --app-version "${SEMVER_NUM}.${REV_NUM}" --java-options "--enable-preview" --java-options "--enable-native-access=javafx.graphics,org.cryptomator.jfuse.linux.amd64,org.cryptomator.jfuse.linux.aarch64,org.purejava.appindicator" --java-options "-Xss5m" --java-options "-Xmx256m" - --java-options "-Dcryptomator.appVersion=\"${{ needs.get-version.outputs.semVerStr }}\"" + --java-options "-Dcryptomator.appVersion=\"${SEMVER_STR}\"" --java-options "-Dfile.encoding=\"utf-8\"" --java-options "-Djava.net.useSystemProxies=true" + --java-options "-Dcryptomator.adminConfigPath=\"/etc/cryptomator/config.properties\"" --java-options "-Dcryptomator.logDir=\"@{userhome}/.local/share/Cryptomator/logs\"" - --java-options "-Dcryptomator.pluginDir=\"@{userhome}/.local/share/Cryptomator/plugins\"" --java-options "-Dcryptomator.settingsPath=\"@{userhome}/.config/Cryptomator/settings.json:@{userhome}/.Cryptomator/settings.json\"" --java-options "-Dcryptomator.p12Path=\"@{userhome}/.config/Cryptomator/key.p12\"" --java-options "-Dcryptomator.ipcSocketPath=\"@{userhome}/.config/Cryptomator/ipc.socket\"" --java-options "-Dcryptomator.mountPointsDir=\"@{userhome}/.local/share/Cryptomator/mnt\"" --java-options "-Dcryptomator.showTrayIcon=true" --java-options "-Dcryptomator.integrationsLinux.trayIconsDir=\"@{appdir}/usr/share/icons/hicolor/symbolic/apps\"" - --java-options "-Dcryptomator.buildNumber=\"appimage-${{ needs.get-version.outputs.revNum }}\"" + --java-options "-Dcryptomator.buildNumber=\"appimage-${REV_NUM}\"" --java-options "-Dcryptomator.networking.truststore.p12Path=\"/etc/cryptomator/certs.p12\"" --java-options "-XX:ErrorFile=/cryptomator/cryptomator_crash.log" --resource-dir dist/linux/resources @@ -155,7 +165,7 @@ jobs: ln -s bin/cryptomator.sh Cryptomator.AppDir/AppRun - name: Download AppImageKit run: | - curl -L https://github.com/AppImage/appimagetool/releases/download/continuous/appimagetool-${{ matrix.appimage-suffix }}.AppImage -o appimagetool.AppImage + curl --silent --fail-with-body --proto "=https" -L "https://github.com/AppImage/appimagetool/releases/download/continuous/appimagetool-${{ matrix.arch }}.AppImage" -o appimagetool.AppImage chmod +x appimagetool.AppImage ./appimagetool.AppImage --appimage-extract - name: Prepare GPG-Agent for signing with key 615D449FE6E6A235 @@ -167,17 +177,17 @@ jobs: GPG_PASSPHRASE: ${{ secrets.RELEASES_GPG_PASSPHRASE }} - name: Build AppImage run: > - ./squashfs-root/AppRun Cryptomator.AppDir cryptomator-${{ needs.get-version.outputs.semVerStr }}-${{ matrix.appimage-suffix }}.AppImage - -u "gh-releases-zsync|cryptomator|cryptomator|latest|cryptomator-*-${{ matrix.appimage-suffix }}.AppImage.zsync" + ./squashfs-root/AppRun Cryptomator.AppDir cryptomator-${SEMVER_STR}-${{ matrix.arch }}.AppImage + -u "gh-releases-zsync|cryptomator|cryptomator|latest|cryptomator-*-${{ matrix.arch }}.AppImage.zsync" --sign --sign-key=615D449FE6E6A235 - name: Create detached GPG signatures run: | gpg --batch --quiet --passphrase-fd 0 --pinentry-mode loopback -u 615D449FE6E6A235 --detach-sign -a cryptomator-*.AppImage gpg --batch --quiet --passphrase-fd 0 --pinentry-mode loopback -u 615D449FE6E6A235 --detach-sign -a cryptomator-*.AppImage.zsync - name: Upload artifacts - uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2 + uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0 with: - name: appimage-${{ matrix.appimage-suffix }} + name: appimage-${{ matrix.arch }} path: | cryptomator-*.AppImage cryptomator-*.AppImage.zsync @@ -185,7 +195,7 @@ jobs: if-no-files-found: error - name: Publish AppImage on GitHub Releases if: startsWith(github.ref, 'refs/tags/') && github.event.action == 'published' - uses: softprops/action-gh-release@6da8fa9354ddfdc4aeace5fc48d7f679b5214090 # v2.4.1 + uses: softprops/action-gh-release@a06a81a03ee405af7f2048a818ed3f03bbf83c7b # v2.5.0 with: fail_on_unmatched_files: true token: ${{ secrets.CRYPTOBOT_RELEASE_TOKEN }} @@ -196,65 +206,77 @@ jobs: create-aur-bin-pr: name: Create PR for aur-bin repo - needs: [build, get-version] + if: github.event_name == 'workflow_dispatch' && inputs.create-pr || github.event_name == 'release' && needs.get-version.outputs.versionType == 'stable' runs-on: ubuntu-latest - if: github.event_name == 'release' && needs.get-version.outputs.versionType == 'stable' + needs: [build, get-version] + container: + image: archlinux:base-devel + env: + SEMVER_STR: ${{ needs.get-version.outputs.semVerStr }} + PKGDEST: ${{ github.workspace }}/pkgdest + SRCDEST: ${{ github.workspace }}/srcdest steps: - - name: Download AppImages - uses: actions/download-artifact@634f93cb2916e3fdff6788551b99b062d0335ce0 # v5.0.0 - with: - path: downloads/ - merge-multiple: true - - name: Compute sha256 hash of AppImages - id: checksums + - name: Prepare pacman run: | - X64_SHA256=$(sha256sum downloads/cryptomator-*-x86_64.AppImage | cut -d ' ' -f1) - echo "x64-sha256sum=${X64_SHA256}" >> "$GITHUB_OUTPUT" - AARCH64_SHA256=$(sha256sum downloads/cryptomator-*-aarch64.AppImage | cut -d ' ' -f1) - echo "aarch64-sha256sum=${AARCH64_SHA256}" >> "$GITHUB_OUTPUT" - - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 + pacman-key --init + pacman-key --populate archlinux + pacman -Syu --noconfirm --needed git base-devel sudo gnupg maven unzip github-cli curl pacman-contrib + - name: Checkout cryptomator/aur-bin + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: repository: 'cryptomator/aur-bin' token: ${{ secrets.CRYPTOBOT_PR_TOKEN }} - - name: Install dependencies + - name: Create build user run: | - sudo apt-get update - sudo apt-get -y install makepkg pacman-package-manager + useradd -m builder + echo 'builder ALL=(ALL) NOPASSWD: ALL' >> /etc/sudoers.d/builder + chown -R builder:builder "$GITHUB_WORKSPACE" + install -d -m 0755 -o builder -g builder "$PKGDEST" "$SRCDEST" + - name: Import Cryptomator release signing key + # try first ubuntu. on failure try openpgp keyservers + run: > + sudo -u builder gpg --batch --keyserver hkps://keyserver.ubuntu.com --recv-keys 58117AFA1F85B3EEC154677D615D449FE6E6A235 + || sudo -u builder gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys 58117AFA1F85B3EEC154677D615D449FE6E6A235 - name: Checkout release branch run: | - git checkout -b release/${{ needs.get-version.outputs.semVerStr }} + git config --global safe.directory '*' + git checkout -b "release/${SEMVER_STR}" - name: Update build file run: | - sed -i -e 's|^pkgver=.*$|pkgver=${{ needs.get-version.outputs.semVerStr }}|' PKGBUILD + sed -i -e "s|^pkgver=.*$|pkgver=${SEMVER_STR}|" PKGBUILD sed -i -e 's|^pkgrel=.*$|pkgrel=1|' PKGBUILD - sed -i -e "s|^sha256sums_x86_64=.*$|sha256sums_x86_64=('${{ steps.checksums.outputs.x64-sha256sum }}'|" PKGBUILD - sed -i -e "s|^sha256sums_aarch64=.*$|sha256sums_aarch64=('${{ steps.checksums.outputs.aarch64-sha256sum}}'|" PKGBUILD - makepkg --printsrcinfo > .SRCINFO + sudo -u builder updpkgsums + sudo -u builder makepkg --printsrcinfo > .SRCINFO + - name: Build package with makepkg + run: > + sudo -u builder + env PKGDEST="$PKGDEST" SRCDEST="$SRCDEST" + makepkg --syncdeps --cleanbuild --noconfirm --log - name: Commit and push run: | - git config user.name "${{ github.actor }}" - git config user.email "${{ github.actor_id }}+${{ github.actor }}@users.noreply.github.com" + git config user.name "cryptobot" + git config user.email "cryptobot@users.noreply.github.com" git config push.autoSetupRemote true - git stage . - git commit -m "Prepare release ${{needs.get-version.outputs.semVerStr}}" + git stage PKGBUILD .SRCINFO + git commit -m "Prepare release ${SEMVER_STR}" git push - name: Create pull request id: create-pr run: | - printf "> [!IMPORTANT]\n> Todos:\n> - [ ] Update build instructions\n> - [ ] Check for JDK update\n> - [ ] Check for JFX update" > pr_body.md - URL=$(gh pr create --title "Release ${{ needs.get-version.outputs.semVerStr }}" --body-file pr_body.md) - echo "PR_URL=$URL" >> "$GITHUB_OUTPUT" + printf "Created by $GITHUB_SERVER_URL/$GITHUB_REPOSITORY/actions/runs/$GITHUB_RUN_ID" > pr_body.md + PR_URL=$(gh pr create --title "Release ${SEMVER_STR}" --body-file pr_body.md) + echo "url=$PR_URL" >> "$GITHUB_OUTPUT" env: GH_TOKEN: ${{ secrets.CRYPTOBOT_PR_TOKEN }} - name: Slack Notification uses: rtCamp/action-slack-notify@e31e87e03dd19038e411e38ae27cbad084a90661 # v2.3.3 env: - SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK_URL }} + SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK_CRYPTOMATOR_DESKTOP }} SLACK_USERNAME: 'Cryptobot' SLACK_ICON: false SLACK_ICON_EMOJI: ':bot:' SLACK_CHANNEL: 'cryptomator-desktop' - SLACK_TITLE: "AUR-bin release PR for ${{ github.event.repository.name }} ${{ github.event.release.tag_name }} created." - SLACK_MESSAGE: "See <${{ steps.create-pr.outputs.PR_URL }}|PR> on how to proceed." + SLACK_TITLE: "AUR-bin release PR for ${{ github.event.repository.name }} ${{ needs.get-version.outputs.semVerStr }} created." + SLACK_MESSAGE: "See <${{ steps.create-pr.outputs.url }}|PR> on how to proceed." SLACK_FOOTER: false MSG_MINIMAL: true diff --git a/.github/workflows/aur.yml b/.github/workflows/aur.yml deleted file mode 100644 index b028273a4..000000000 --- a/.github/workflows/aur.yml +++ /dev/null @@ -1,95 +0,0 @@ -name: Create PR for AUR - -on: - release: - types: [published] - workflow_dispatch: - inputs: - tag: - description: 'Release tag' - required: true - -jobs: - get-version: - uses: ./.github/workflows/get-version.yml - with: - version: ${{ inputs.tag }} - tarball: - name: Determines tarball url and compute checksum - runs-on: ubuntu-latest - needs: [get-version] - if: github.event_name == 'workflow_dispatch' || needs.get-version.outputs.versionType == 'stable' - env: - INPUT_TAG: ${{ inputs.tag }} - outputs: - url: ${{ steps.url.outputs.url}} - sha256: ${{ steps.sha256.outputs.sha256}} - steps: - - name: Determine tarball url - id: url - run: | - URL=""; - if [[ -n "${INPUT_TAG}" ]]; then - URL="https://github.com/cryptomator/cryptomator/archive/refs/tags/${INPUT_TAG}.tar.gz" - else - URL="https://github.com/cryptomator/cryptomator/archive/refs/tags/${{ github.event.release.tag_name }}.tar.gz" - fi - echo "url=${URL}" >> "$GITHUB_OUTPUT" - - name: Download source tarball and compute checksum - id: sha256 - run: | - curl --silent --fail-with-body -L -H "Accept: application/vnd.github+json" ${{ steps.url.outputs.url }} --output cryptomator.tar.gz - TARBALL_SHA256=$(sha256sum cryptomator.tar.gz | cut -d ' ' -f1) - echo "sha256=${TARBALL_SHA256}" >> "$GITHUB_OUTPUT" - aur: - name: Create PR for AUR - runs-on: ubuntu-latest - needs: [tarball, get-version] - env: - AUR_PR_URL: tbd - steps: - - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 - with: - repository: 'cryptomator/aur' - token: ${{ secrets.CRYPTOBOT_PR_TOKEN }} - - name: Install dependencies - run: | - sudo apt-get update - sudo apt-get install makepkg pacman-package-manager - - name: Checkout release branch - run: | - git checkout -b release/${{ needs.get-version.outputs.semVerStr }} - - name: Update build file - run: | - sed -i -e 's|^pkgver=.*$|pkgver=${{ needs.get-version.outputs.semVerStr }}|' PKGBUILD - sed -i -e 's|^pkgrel=.*$|pkgrel=1|' PKGBUILD - sed -i -e "s|^sha256sums=.*$|sha256sums=('${{ needs.tarball.outputs.sha256 }}'|" PKGBUILD - makepkg --printsrcinfo > .SRCINFO - - name: Commit and push - run: | - git config user.name "${{ github.actor }}" - git config user.email "${{ github.actor_id }}+${{ github.actor }}@users.noreply.github.com" - git config push.autoSetupRemote true - git stage . - git commit -m "Prepare release ${{needs.get-version.outputs.semVerStr}}" - git push - - name: Create pull request - run: | - printf "> [!IMPORTANT]\n> Todos:\n> - [ ] Update build instructions\n> - [ ] Check for JDK update\n> - [ ] Check for JFX update" > pr_body.md - PR_URL=$(gh pr create --title "Release ${{ needs.get-version.outputs.semVerStr }}" --body-file pr_body.md) - echo "AUR_PR_URL=$PR_URL" >> "$GITHUB_ENV" - env: - GH_TOKEN: ${{ secrets.CRYPTOBOT_PR_TOKEN }} - - name: Slack Notification - if: github.event_name == 'release' - uses: rtCamp/action-slack-notify@e31e87e03dd19038e411e38ae27cbad084a90661 # v2.3.3 - env: - SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK_URL }} - SLACK_USERNAME: 'Cryptobot' - SLACK_ICON: false - SLACK_ICON_EMOJI: ':bot:' - SLACK_CHANNEL: 'cryptomator-desktop' - SLACK_TITLE: "AUR release PR created for ${{ github.event.repository.name }} ${{ github.event.release.tag_name }} created." - SLACK_MESSAGE: "See <${{ env.AUR_PR_URL }}|PR> on how to proceed." - SLACK_FOOTER: false - MSG_MINIMAL: true \ No newline at end of file diff --git a/.github/workflows/av-whitelist.yml b/.github/workflows/av-whitelist.yml index ca74a3281..0c2bc3d9a 100644 --- a/.github/workflows/av-whitelist.yml +++ b/.github/workflows/av-whitelist.yml @@ -7,6 +7,16 @@ on: description: "Url to the file to upload" required: true type: string + avast: + description: "Upload to Avast" + required: false + type: boolean + default: true + kaspersky: + description: "Upload to Kaspersky" + required: false + type: boolean + default: true workflow_dispatch: inputs: url: @@ -39,9 +49,9 @@ jobs: url="${INPUT_URL}" echo "fileName=${url##*/}" >> $GITHUB_OUTPUT - name: Download file - run: curl --remote-name ${INPUT_URL} -L -o ${{steps.extractName.outputs.fileName}} + run: curl --silent --fail-with-body --proto "=https" -L "${INPUT_URL}" -o "${{steps.extractName.outputs.fileName}}" - name: Upload artifact - uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2 + uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0 with: name: ${{ steps.extractName.outputs.fileName }} path: ${{ steps.extractName.outputs.fileName }} @@ -50,10 +60,10 @@ jobs: name: Anti Virus Allowlisting Kaspersky runs-on: ubuntu-latest needs: download-file - if: github.event_name == 'workflow_call' || inputs.kaspersky + if: inputs.kaspersky steps: - name: Download artifact - uses: actions/download-artifact@634f93cb2916e3fdff6788551b99b062d0335ce0 # v5.0.0 + uses: actions/download-artifact@70fc10c6e5e1ce46ad2ea6f2b72d43f7d47b13c3 # v8.0.0 with: name: ${{ needs.download-file.outputs.fileName }} path: upload @@ -70,10 +80,10 @@ jobs: name: Anti Virus Allowlisting Avast runs-on: ubuntu-latest needs: download-file - if: github.event_name == 'workflow_call' || inputs.avast + if: inputs.avast steps: - name: Download artifact - uses: actions/download-artifact@634f93cb2916e3fdff6788551b99b062d0335ce0 # v5.0.0 + uses: actions/download-artifact@70fc10c6e5e1ce46ad2ea6f2b72d43f7d47b13c3 # v8.0.0 with: name: ${{ needs.download-file.outputs.fileName }} path: upload diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index b528cfb49..218b1caae 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -11,7 +11,7 @@ on: env: JAVA_DIST: 'temurin' - JAVA_VERSION: 24 + JAVA_VERSION: 25 defaults: run: @@ -22,14 +22,14 @@ jobs: name: Compile and Test runs-on: ubuntu-latest steps: - - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 - - uses: actions/setup-java@dded0888837ed1f317902acf8a20df0ad188d165 # v5.0.0 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + - uses: actions/setup-java@be666c2fcd27ec809703dec50e508c2fdc7f6654 # v5.2.0 with: distribution: ${{ env.JAVA_DIST }} java-version: ${{ env.JAVA_VERSION }} cache: 'maven' - name: Cache SonarCloud packages - uses: actions/cache@0057852bfaa89a56745cba8c7296529d2fc39830 # v4.3.0 + uses: actions/cache@cdf6c1fa76f9f475f3d7449005a359c84ca0f306 # v5.0.3 with: path: ~/.sonar/cache key: ${{ runner.os }}-sonar @@ -49,28 +49,28 @@ jobs: SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} - name: Draft a release if: startsWith(github.ref, 'refs/tags/') - uses: softprops/action-gh-release@6da8fa9354ddfdc4aeace5fc48d7f679b5214090 # v2.4.1 + uses: softprops/action-gh-release@a06a81a03ee405af7f2048a818ed3f03bbf83c7b # v2.5.0 with: draft: true discussion_category_name: releases token: ${{ secrets.CRYPTOBOT_RELEASE_TOKEN }} generate_release_notes: true body: |- - :construction: Work in Progress + > [!NOTE] + > 🚧 Work in Progress 🚧 + > + > Please be patient, the [builds are still running](https://github.com/cryptomator/cryptomator/actions). Binary packages can be found here in a few moments. + + + + For a comprehensive view of changes, read the [CHANGELOG](https://github.com/cryptomator/cryptomator/blob/develop/CHANGELOG.md). --- - TODO FULL CHANGELOG - - 📜 List of closed issues is available [here](TODO) - - --- - ⏳ Please be patient, the builds are still [running](https://github.com/cryptomator/cryptomator/actions). New versions of Cryptomator can be found here in a few moments. ⏳ - As usual, the GPG signatures can be checked using [our public key `5811 7AFA 1F85 B3EE C154 677D 615D 449F E6E6 A235`](https://gist.github.com/cryptobot/211111cf092037490275f39d408f461a). + > [!TIP] + > You can verify the GPG signature of all assets using our public key: [`5811 7AFA 1F85 B3EE C154 677D 615D 449F E6E6 A235`](https://gist.github.com/cryptobot/211111cf092037490275f39d408f461a). + + + + diff --git a/.github/workflows/check-jdk-updates.yml b/.github/workflows/check-jdk-updates.yml index 432cf16b7..9eae6da00 100644 --- a/.github/workflows/check-jdk-updates.yml +++ b/.github/workflows/check-jdk-updates.yml @@ -6,7 +6,7 @@ on: workflow_dispatch: env: - JDK_VERSION: '24.0.1+9' + JDK_VERSION: '25.0.1+8.0.LTS' JDK_VENDOR: temurin RUNTIME_VERSION_HELPER: > public class Test { @@ -23,10 +23,10 @@ jobs: JDK_MAJOR_VERSION: 'toBeFilled' steps: - name: Determine current major version - run: echo 'JDK_MAJOR_VERSION=${{ env.JDK_VERSION }}'.substring(0,20) >> "$env:GITHUB_ENV" + run: echo 'JDK_MAJOR_VERSION=${{ env.JDK_VERSION }}'.substring(0,2) >> "$env:GITHUB_ENV" shell: pwsh - name: Checkout latest JDK ${{ env.JDK_MAJOR_VERSION }} - uses: actions/setup-java@dded0888837ed1f317902acf8a20df0ad188d165 # v5.0.0 + uses: actions/setup-java@be666c2fcd27ec809703dec50e508c2fdc7f6654 # v5.2.0 with: java-version: ${{ env.JDK_MAJOR_VERSION}} distribution: ${{ env.JDK_VENDOR }} diff --git a/.github/workflows/debian.yml b/.github/workflows/debian.yml index b721d701a..8a2cae05a 100644 --- a/.github/workflows/debian.yml +++ b/.github/workflows/debian.yml @@ -23,13 +23,12 @@ on: env: JAVA_DIST: 'temurin' - JAVA_VERSION: '24.0.1+9' - COFFEELIBS_JDK: 24 - COFFEELIBS_JDK_VERSION: '24.0.1+9-0ppa3' - OPENJFX_JMODS_AMD64: 'https://download2.gluonhq.com/openjfx/25/openjfx-25_linux-x64_bin-jmods.zip' - OPENJFX_JMODS_AMD64_HASH: '96e520f48610d8ffb94ca30face1f11ffe8a977ddc1c4ff80b1a9e9f048bd94e' - OPENJFX_JMODS_AARCH64: 'https://download2.gluonhq.com/openjfx/25/openjfx-25_linux-aarch64_bin-jmods.zip' - OPENJFX_JMODS_AARCH64_HASH: '9ad4ca7b769ca4ee6419f1e99143dd6ff812f8be4fddb46a7d7cacbeea148af4' + JAVA_VERSION: '25.0.2+10.0.LTS' + DEB_BUILD_DEPENDS: 'debhelper (>=10), openjdk-25-jdk (>= 25+36), libgtk-3-0 (>= 3.20.0), libxxf86vm1, libgl1' + OPENJFX_JMODS_AMD64: 'https://download2.gluonhq.com/openjfx/25.0.2/openjfx-25.0.2_linux-x64_bin-jmods.zip' + OPENJFX_JMODS_AMD64_HASH: 'e0a9c29d8cf3af9b8b48848b43f87b5785bc107c53a951b19668ce05842bba1b' + OPENJFX_JMODS_AARCH64: 'https://download2.gluonhq.com/openjfx/25.0.2/openjfx-25.0.2_linux-aarch64_bin-jmods.zip' + OPENJFX_JMODS_AARCH64_HASH: 'c3408f818693cce09e59829a8e862a82c7695fdfcd585c41cfd527f5fc3fe646' jobs: get-version: @@ -44,7 +43,7 @@ jobs: env: INPUT_PPAVER: ${{ inputs.ppaver }} steps: - - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - id: deb-version name: Determine deb-version run: | @@ -55,11 +54,13 @@ jobs: fi - name: Install build tools run: | - sudo add-apt-repository ppa:coffeelibs/openjdk sudo apt-get update - sudo apt-get install debhelper devscripts dput coffeelibs-jdk-${{ env.COFFEELIBS_JDK }}=${{ env.COFFEELIBS_JDK_VERSION }} + sudo apt-get install devscripts dput + sudo apt-get satisfy "${DEB_BUILD_DEPENDS}" + env: + DEB_BUILD_DEPENDS: ${{ env.DEB_BUILD_DEPENDS }} - name: Setup Java - uses: actions/setup-java@dded0888837ed1f317902acf8a20df0ad188d165 # v5.0.0 + uses: actions/setup-java@be666c2fcd27ec809703dec50e508c2fdc7f6654 # v5.2.0 with: distribution: ${{ env.JAVA_DIST }} java-version: ${{ env.JAVA_VERSION }} @@ -70,11 +71,11 @@ jobs: - name: Download OpenJFX jmods id: download-jmods run: | - curl -L ${{ env.OPENJFX_JMODS_AMD64 }} -o openjfx-amd64.zip + curl --silent --fail-with-body --proto "=https" -L ${{ env.OPENJFX_JMODS_AMD64 }} -o openjfx-amd64.zip echo "${{ env.OPENJFX_JMODS_AMD64_HASH }} openjfx-amd64.zip" | shasum -a256 --check mkdir -p jmods/amd64 unzip -j openjfx-amd64.zip \*/javafx.base.jmod \*/javafx.controls.jmod \*/javafx.fxml.jmod \*/javafx.graphics.jmod -d jmods/amd64 - curl -L ${{ env.OPENJFX_JMODS_AARCH64 }} -o openjfx-aarch64.zip + curl --silent --fail-with-body --proto "=https" -L ${{ env.OPENJFX_JMODS_AARCH64 }} -o openjfx-aarch64.zip echo "${{ env.OPENJFX_JMODS_AARCH64_HASH }} openjfx-aarch64.zip" | shasum -a256 --check mkdir -p jmods/aarch64 unzip -j openjfx-aarch64.zip \*/javafx.base.jmod \*/javafx.controls.jmod \*/javafx.fxml.jmod \*/javafx.graphics.jmod -d jmods/aarch64 @@ -142,7 +143,7 @@ jobs: run: | gpg --batch --quiet --passphrase-fd 0 --pinentry-mode loopback -u 615D449FE6E6A235 --detach-sign -a cryptomator_*_amd64.deb - name: Upload artifacts - uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2 + uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0 with: name: linux-deb-package path: | diff --git a/.github/workflows/dependency-check.yml b/.github/workflows/dependency-check.yml index ddce37384..4ffcb9ff1 100644 --- a/.github/workflows/dependency-check.yml +++ b/.github/workflows/dependency-check.yml @@ -7,13 +7,13 @@ on: jobs: check-dependencies: - uses: skymatic/workflows/.github/workflows/run-dependency-check.yml@1074588008ae3326a2221ea451783280518f0366 # v3.0.1 + uses: skymatic/workflows/.github/workflows/run-dependency-check.yml@957d3c2c08c56855fdac41e5afb9a7aca8c30dd9 # v3.0.3 with: runner-os: 'ubuntu-latest' java-distribution: 'temurin' - java-version: 24 + java-version: 25 secrets: nvd-api-key: ${{ secrets.NVD_API_KEY }} ossindex-username: ${{ secrets.OSSINDEX_USERNAME }} ossindex-token: ${{ secrets.OSSINDEX_API_TOKEN }} - slack-webhook-url: ${{ secrets.SLACK_WEBHOOK_URL }} + slack-webhook-url: ${{ secrets.SLACK_WEBHOOK_CRYPTOMATOR_DESKTOP }} diff --git a/.github/workflows/dl-stats.yml b/.github/workflows/dl-stats.yml index 401fa010a..bfc53db3c 100644 --- a/.github/workflows/dl-stats.yml +++ b/.github/workflows/dl-stats.yml @@ -53,7 +53,7 @@ jobs: INTERVAL: 900 JSON_DATA: ${{ steps.get-stats.outputs.result }} - name: Upload Results - uses: fjogeleit/http-request-action@1297c6fc63a79b147d1676540a3fd9d2e37817c5 # v1.16.5 + uses: fjogeleit/http-request-action@551353b829c3646756b2ec2b3694f819d7957495 # v2.0.0 with: url: 'https://graphite-us-central1.grafana.net/metrics' method: 'POST' diff --git a/.github/workflows/flathub.yml b/.github/workflows/flathub.yml index d233a747b..bf22cec30 100644 --- a/.github/workflows/flathub.yml +++ b/.github/workflows/flathub.yml @@ -33,7 +33,7 @@ jobs: - name: Download source tarball and compute checksum id: sha512 run: | - curl --silent --fail-with-body -L -H "Accept: application/vnd.github+json" ${{ steps.url.outputs.url }} --output cryptomator.tar.gz + curl --silent --fail-with-body --proto "=https" -L -H "Accept: application/vnd.github+json" ${{ steps.url.outputs.url }} --output cryptomator.tar.gz TARBALL_SHA512=$(sha512sum cryptomator.tar.gz | cut -d ' ' -f1) echo "sha512=${TARBALL_SHA512}" >> "$GITHUB_OUTPUT" flathub: @@ -43,7 +43,7 @@ jobs: env: FLATHUB_PR_URL: tbd steps: - - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: repository: 'flathub/org.cryptomator.Cryptomator' token: ${{ secrets.CRYPTOBOT_PR_TOKEN }} diff --git a/.github/workflows/get-version.yml b/.github/workflows/get-version.yml index 5585d7ac5..f75b22a63 100644 --- a/.github/workflows/get-version.yml +++ b/.github/workflows/get-version.yml @@ -23,7 +23,7 @@ on: env: JAVA_DIST: 'temurin' - JAVA_VERSION: 24 + JAVA_VERSION: 25 jobs: determine-version: @@ -35,11 +35,11 @@ jobs: revNum: ${{ steps.versions.outputs.revNum }} type: ${{ steps.versions.outputs.type}} steps: - - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: fetch-depth: 0 - name: Setup Java - uses: actions/setup-java@dded0888837ed1f317902acf8a20df0ad188d165 # v5.0.0 + uses: actions/setup-java@be666c2fcd27ec809703dec50e508c2fdc7f6654 # v5.2.0 with: distribution: ${{ env.JAVA_DIST }} java-version: ${{ env.JAVA_VERSION }} diff --git a/.github/workflows/linux-makepkg.yml b/.github/workflows/linux-makepkg.yml new file mode 100644 index 000000000..1b2fb3fdb --- /dev/null +++ b/.github/workflows/linux-makepkg.yml @@ -0,0 +1,200 @@ +name: Build Arch package + +on: + release: + types: [published] + workflow_dispatch: + inputs: + version: + description: 'Version' + required: false + create-pr: + description: 'Create a PR for aur repo' + type: boolean + default: false + push: + branches-ignore: + - 'dependabot/**' + paths: + - '.github/workflows/linux-makepkg.yml' + - 'dist/linux/makepkg/**' + - 'dist/linux/common/**' + - 'dist/linux/resources/**' + +jobs: + get-version: + uses: ./.github/workflows/get-version.yml + with: + version: ${{ inputs.version }} + + makepkg: + name: Build with makepkg + needs: [get-version] + runs-on: ubuntu-latest + container: + image: archlinux:base-devel + env: + PKGDEST: ${{ github.workspace }}/pkgdest + SRCDEST: ${{ github.workspace }}/srcdest + steps: + - name: Prepare pacman + run: | + pacman-key --init + pacman-key --populate archlinux + pacman -Syu --noconfirm --needed git base-devel sudo gnupg maven unzip + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + with: + path: cryptomator + - name: Create build user + run: | + useradd -m builder + echo 'builder ALL=(ALL) NOPASSWD: ALL' >> /etc/sudoers.d/builder + chown -R builder:builder "$GITHUB_WORKSPACE" + install -d -m 0755 -o builder -g builder "$PKGDEST" "$SRCDEST" + - name: Prepare PKGBUILD + # cannot use github.workspace due to https://github.com/actions/runner/issues/2058 + run: | + export SOURCES="${SOURCES_1}${GITHUB_WORKSPACE}${SOURCES_2}" + envsubst '$PKG_VERSION $PKG_RELEASE $SOURCES $SOURCES_SHA' < cryptomator/dist/linux/makepkg/PKGBUILD.template > PKGBUILD + env: + PKG_VERSION: ${{ needs.get-version.outputs.semVerNum }} + PKG_RELEASE: 1 + SOURCES_1: '"${_src_app_dir}::git+file://' + SOURCES_2: '/cryptomator"' + SOURCES_SHA: "'SKIP'" + - name: Build package with makepkg + run: > + sudo -u builder + env PKGDEST="$PKGDEST" SRCDEST="$SRCDEST" + makepkg --syncdeps --cleanbuild --noconfirm --log + - uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0 + with: + name: arch-package + if-no-files-found: error + path: | + ${{ env.PKGDEST }}/*.pkg.tar.zst + - uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0 + with: + name: pkgbuild-file + if-no-files-found: error + path: | + cryptomator/dist/linux/makepkg/PKGBUILD.template + + create-pr: + name: Create PR for aur repo + if: github.event_name == 'workflow_dispatch' && inputs.create-pr || github.event_name == 'release' && needs.get-version.outputs.versionType == 'stable' + runs-on: ubuntu-latest + needs: [get-version, makepkg] + container: + image: archlinux:base-devel + env: + PKGDEST: ${{ github.workspace }}/pkgdest + SRCDEST: ${{ github.workspace }}/srcdest + steps: + - name: Prepare pacman + run: | + pacman-key --init + pacman-key --populate archlinux + pacman -Syu --noconfirm --needed git base-devel sudo gnupg maven unzip github-cli curl + - name: Download source tarball and compute checksum + id: sha256 + run: | + URL="https://github.com/cryptomator/cryptomator/archive/refs/tags/${TAG}.tar.gz" + curl --silent --fail-with-body --proto "=https" -L -H "Accept: application/vnd.github+json" ${URL} --output cryptomator.tar.gz + TARBALL_SHA256=$(sha256sum cryptomator.tar.gz | cut -d ' ' -f1) + echo "value=${TARBALL_SHA256}" >> "$GITHUB_OUTPUT" + env: + TAG: ${{ needs.get-version.outputs.semVerStr || github.event.release.tag_name }} + - name: Checkout cryptomator/aur repo + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + with: + repository: 'cryptomator/aur' + token: ${{ secrets.CRYPTOBOT_PR_TOKEN }} + - name: Create build user + run: | + useradd -m builder + echo 'builder ALL=(ALL) NOPASSWD: ALL' >> /etc/sudoers.d/builder + chown -R builder:builder "$GITHUB_WORKSPACE" + install -d -m 0755 -o builder -g builder "$PKGDEST" "$SRCDEST" + - name: Import Cryptomator release signing key + # try first ubuntu. on failure try openpgp keyservers + run: > + sudo -u builder gpg --batch --keyserver hkps://keyserver.ubuntu.com --recv-keys 58117AFA1F85B3EEC154677D615D449FE6E6A235 + || sudo -u builder gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys 58117AFA1F85B3EEC154677D615D449FE6E6A235 + - name: Checkout release branch + run: | + git config --global safe.directory '*' + git checkout -b release/${VERSION} + env: + VERSION: ${{ needs.get-version.outputs.semVerStr }} + - name: Determine pkgrel + id: pkgrel + run: | + TARGET_VERSION='${{ needs.get-version.outputs.semVerStr }}' + CURRENT_VERSION="$(sed -nE 's/^pkgver=(.*)$/\1/p' PKGBUILD | head -n1)" + CURRENT_REL="$(sed -nE 's/^pkgrel=([0-9]+).*$/\1/p' PKGBUILD | head -n1)" + + if [[ "$CURRENT_VERSION" == "$TARGET_VERSION" && "$CURRENT_REL" =~ ^[0-9]+$ ]]; then + NEXT_REL=$((CURRENT_REL + 1)) + else + NEXT_REL=1 + fi + + echo "value=${NEXT_REL}" >> "$GITHUB_OUTPUT" + echo "dist-version=${VERSION}-${NEXT_REL}" >> "$GITHUB_OUTPUT" + env: + VERSION: ${{ needs.get-version.outputs.semVerStr }} + - name: Download PKGBUILD template + uses: actions/download-artifact@70fc10c6e5e1ce46ad2ea6f2b72d43f7d47b13c3 # v8.0.0 + with: + name: pkgbuild-file + - name: Prepare PKGBUILD + run: | + envsubst '$PKG_VERSION $PKG_RELEASE $SOURCES $SOURCES_SHA' < PKGBUILD.template > PKGBUILD + sudo -u builder makepkg --printsrcinfo > .SRCINFO + env: + PKG_VERSION: ${{ needs.get-version.outputs.semVerNum }} + PKG_RELEASE: ${{ steps.pkgrel.outputs.value }} + SOURCES: |- + "cryptomator-${pkgver//_/-}.tar.gz::https://github.com/cryptomator/cryptomator/archive/refs/tags/${pkgver//_/-}.tar.gz" + "cryptomator-${pkgver//_/-}.tar.gz.asc::https://github.com/cryptomator/cryptomator/releases/download/${pkgver//_/-}/cryptomator-${pkgver//_/-}.tar.gz.asc" + SOURCES_SHA: |- + '${{steps.sha256.outputs.value}}' + 'SKIP' + - name: Build package with makepkg + run: > + sudo -u builder + env PKGDEST="$PKGDEST" SRCDEST="$SRCDEST" + makepkg --syncdeps --cleanbuild --noconfirm --log + - name: Commit and push + run: | + git config user.name "cryptobot" + git config user.email "cryptobot@users.noreply.github.com" + git config push.autoSetupRemote true + git stage PKGBUILD .SRCINFO + git commit -m "Prepare release ${DIST_VERSION}" + git push + env: + DIST_VERSION: ${{ steps.pkgrel.outputs.dist-version }} + - name: Create pull request + id: create-pr + run: | + printf "Created by $GITHUB_SERVER_URL/$GITHUB_REPOSITORY/actions/runs/$GITHUB_RUN_ID" > pr_body.md + PR_URL=$(gh pr create --title "Release $DIST_VERSION" --body-file pr_body.md) + echo "url=$PR_URL" >> "$GITHUB_OUTPUT" + env: + DIST_VERSION: ${{ steps.pkgrel.outputs.dist-version }} + GH_TOKEN: ${{ secrets.CRYPTOBOT_PR_TOKEN }} + - name: Slack Notification + if: github.event_name == 'release' + uses: rtCamp/action-slack-notify@e31e87e03dd19038e411e38ae27cbad084a90661 # v2.3.3 + env: + SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK_CRYPTOMATOR_DESKTOP }} + SLACK_USERNAME: 'Cryptobot' + SLACK_ICON: false + SLACK_ICON_EMOJI: ':bot:' + SLACK_CHANNEL: 'cryptomator-desktop' + SLACK_TITLE: "AUR release PR created for ${{ github.event.repository.name }} ${{ steps.pkgrel.outputs.dist-version }} ." + SLACK_MESSAGE: "See <${{ steps.create-pr.outputs.url }}|PR> on how to proceed." + SLACK_FOOTER: false + MSG_MINIMAL: true diff --git a/.github/workflows/mac-dmg-x64.yml b/.github/workflows/mac-dmg-x64.yml index 9e6f48a7c..bdb66d667 100644 --- a/.github/workflows/mac-dmg-x64.yml +++ b/.github/workflows/mac-dmg-x64.yml @@ -24,7 +24,7 @@ on: env: JAVA_DIST: 'temurin' - JAVA_VERSION: '24.0.1+9' + JAVA_VERSION: '25.0.2+10.0.LTS' jobs: get-version: @@ -44,12 +44,12 @@ jobs: architecture: x64 output-suffix: x64 fuse-lib: macFUSE - openjfx-url: 'https://download2.gluonhq.com/openjfx/25/openjfx-25_osx-x64_bin-jmods.zip' - openjfx-sha: '0eba73fb28a24c845175d16fa2f8c081c936ce6de1be9b79eb6119fa32e53d52' + openjfx-url: 'https://download2.gluonhq.com/openjfx/25.0.2/openjfx-25.0.2_osx-x64_bin-jmods.zip' + openjfx-sha: '0b4d8463f03901b7425d94628e4116b7078abb8dd540fbec415266fac20bda5c' steps: - - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: Setup Java - uses: actions/setup-java@dded0888837ed1f317902acf8a20df0ad188d165 # v5.0.0 + uses: actions/setup-java@be666c2fcd27ec809703dec50e508c2fdc7f6654 # v5.2.0 with: distribution: ${{ env.JAVA_DIST }} java-version: ${{ env.JAVA_VERSION }} @@ -59,7 +59,7 @@ jobs: - name: Download OpenJFX jmods id: download-jmods run: | - curl -L ${{ matrix.openjfx-url }} -o openjfx-jmods.zip + curl --silent --fail-with-body --proto "=https" -L ${{ matrix.openjfx-url }} -o openjfx-jmods.zip echo "${{ matrix.openjfx-sha }} *openjfx-jmods.zip" | shasum -a256 --check mkdir -p openjfx-jmods/ unzip -jo openjfx-jmods.zip \*/javafx.base.jmod \*/javafx.controls.jmod \*/javafx.fxml.jmod \*/javafx.graphics.jmod -d openjfx-jmods @@ -128,14 +128,15 @@ jobs: --java-options "-Dapple.awt.enableTemplateImages=true" --java-options "-Dsun.java2d.metal=true" --java-options "-Dcryptomator.appVersion=\"${{ needs.get-version.outputs.semVerStr }}\"" + --java-options "-Dcryptomator.adminConfigPath=\"/Library/Application Support/Cryptomator/config.properties\"" --java-options "-Dcryptomator.logDir=\"@{userhome}/Library/Logs/Cryptomator\"" - --java-options "-Dcryptomator.pluginDir=\"@{userhome}/Library/Application Support/Cryptomator/Plugins\"" --java-options "-Dcryptomator.settingsPath=\"@{userhome}/Library/Application Support/Cryptomator/settings.json\"" --java-options "-Dcryptomator.p12Path=\"@{userhome}/Library/Application Support/Cryptomator/key.p12\"" --java-options "-Dcryptomator.ipcSocketPath=\"@{userhome}/Library/Application Support/Cryptomator/ipc.socket\"" --java-options "-Dcryptomator.integrationsMac.keychainServiceName=\"Cryptomator\"" --java-options "-Dcryptomator.mountPointsDir=\"@{userhome}/Library/Application Support/Cryptomator/mnt\"" --java-options "-Dcryptomator.showTrayIcon=true" + --java-options "-Dcryptomator.updateMechanism=org.cryptomator.macos.update.DmgUpdateMechanism" --java-options "-Dcryptomator.buildNumber=\"dmg-${{ needs.get-version.outputs.revNum }}\"" --mac-package-identifier org.cryptomator --resource-dir dist/mac/resources @@ -143,6 +144,7 @@ jobs: run: | mv appdir/Cryptomator.app Cryptomator.app mv dist/mac/resources/Cryptomator-Vault.icns Cryptomator.app/Contents/Resources/ + cp dist/mac/resources/Assets.car Cryptomator.app/Contents/Resources/ sed -i '' "s|###BUNDLE_SHORT_VERSION_STRING###|${VERSION_NO}|g" Cryptomator.app/Contents/Info.plist sed -i '' "s|###BUNDLE_VERSION###|${REVISION_NO}|g" Cryptomator.app/Contents/Info.plist echo -n "$PROVISIONING_PROFILE_BASE64" | base64 --decode --output Cryptomator.app/Contents/embedded.provisionprofile @@ -150,20 +152,6 @@ jobs: VERSION_NO: ${{ needs.get-version.outputs.semVerNum }} REVISION_NO: ${{ needs.get-version.outputs.revNum }} PROVISIONING_PROFILE_BASE64: ${{ secrets.MACOS_PROVISIONING_PROFILE_BASE64 }} - - name: Build and install DockTilePlugin - env: - DERIVED_DATA_PATH: dist/mac/DockTilePlugin/build - run: | - xcodebuild -project dist/mac/DockTilePlugin/DockTilePlugin.xcodeproj \ - -scheme DockTilePlugin \ - -configuration Release \ - -destination "platform=macOS,arch=x86_64" \ - -derivedDataPath ${DERIVED_DATA_PATH} \ - -quiet \ - clean build - mkdir -p Cryptomator.app/Contents/PlugIns - cp -R ${DERIVED_DATA_PATH}/Build/Products/Release/Cryptomator.docktileplugin Cryptomator.app/Contents/PlugIns/ - rm -rf ${DERIVED_DATA_PATH} - name: Generate license for dmg run: > mvn -B license:add-third-party @@ -282,7 +270,7 @@ jobs: run: security delete-keychain $RUNNER_TEMP/codesign.keychain-db continue-on-error: true - name: Upload artifacts - uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2 + uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0 with: name: dmg-${{ matrix.output-suffix }} path: | @@ -291,7 +279,7 @@ jobs: if-no-files-found: error - name: Publish dmg on GitHub Releases if: startsWith(github.ref, 'refs/tags/') && github.event.action == 'published' - uses: softprops/action-gh-release@6da8fa9354ddfdc4aeace5fc48d7f679b5214090 # v2.4.1 + uses: softprops/action-gh-release@a06a81a03ee405af7f2048a818ed3f03bbf83c7b # v2.5.0 with: fail_on_unmatched_files: true token: ${{ secrets.CRYPTOBOT_RELEASE_TOKEN }} diff --git a/.github/workflows/mac-dmg.yml b/.github/workflows/mac-dmg.yml index c47b4309a..743586153 100644 --- a/.github/workflows/mac-dmg.yml +++ b/.github/workflows/mac-dmg.yml @@ -22,7 +22,7 @@ on: env: JAVA_DIST: 'temurin' - JAVA_VERSION: '24.0.1+9' + JAVA_VERSION: '25.0.2+10.0.LTS' jobs: get-version: @@ -42,12 +42,12 @@ jobs: architecture: aarch64 output-suffix: arm64 fuse-lib: FUSE-T - openjfx-url: 'https://download2.gluonhq.com/openjfx/25/openjfx-25_osx-aarch64_bin-jmods.zip' - openjfx-sha: '13f8c0513c40c95881479fbcf0465a29a60217393fb0656f5e4eab78a9442fba' + openjfx-url: 'https://download2.gluonhq.com/openjfx/25.0.2/openjfx-25.0.2_osx-aarch64_bin-jmods.zip' + openjfx-sha: '4cd258001c75af7047005c5c891e2400ed11d24fbb09412324c0cbaf8b503c5a' steps: - - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: Setup Java - uses: actions/setup-java@dded0888837ed1f317902acf8a20df0ad188d165 # v5.0.0 + uses: actions/setup-java@be666c2fcd27ec809703dec50e508c2fdc7f6654 # v5.2.0 with: distribution: ${{ env.JAVA_DIST }} java-version: ${{ env.JAVA_VERSION }} @@ -57,7 +57,7 @@ jobs: - name: Download OpenJFX jmods id: download-jmods run: | - curl -L ${{ matrix.openjfx-url }} -o openjfx-jmods.zip + curl --silent --fail-with-body --proto "=https" -L ${{ matrix.openjfx-url }} -o openjfx-jmods.zip echo "${{ matrix.openjfx-sha }} *openjfx-jmods.zip" | shasum -a256 --check mkdir -p openjfx-jmods/ unzip -jo openjfx-jmods.zip \*/javafx.base.jmod \*/javafx.controls.jmod \*/javafx.fxml.jmod \*/javafx.graphics.jmod -d openjfx-jmods @@ -126,14 +126,15 @@ jobs: --java-options "-Dapple.awt.enableTemplateImages=true" --java-options "-Dsun.java2d.metal=true" --java-options "-Dcryptomator.appVersion=\"${{ needs.get-version.outputs.semVerStr }}\"" + --java-options "-Dcryptomator.adminConfigPath=\"/Library/Application Support/Cryptomator/config.properties\"" --java-options "-Dcryptomator.logDir=\"@{userhome}/Library/Logs/Cryptomator\"" - --java-options "-Dcryptomator.pluginDir=\"@{userhome}/Library/Application Support/Cryptomator/Plugins\"" --java-options "-Dcryptomator.settingsPath=\"@{userhome}/Library/Application Support/Cryptomator/settings.json\"" --java-options "-Dcryptomator.p12Path=\"@{userhome}/Library/Application Support/Cryptomator/key.p12\"" --java-options "-Dcryptomator.ipcSocketPath=\"@{userhome}/Library/Application Support/Cryptomator/ipc.socket\"" --java-options "-Dcryptomator.integrationsMac.keychainServiceName=\"Cryptomator\"" --java-options "-Dcryptomator.mountPointsDir=\"@{userhome}/Library/Application Support/Cryptomator/mnt\"" --java-options "-Dcryptomator.showTrayIcon=true" + --java-options "-Dcryptomator.updateMechanism=org.cryptomator.macos.update.DmgUpdateMechanism" --java-options "-Dcryptomator.buildNumber=\"dmg-${{ needs.get-version.outputs.revNum }}\"" --java-options "-XX:ErrorFile=/cryptomator/cryptomator_crash.log" --mac-package-identifier org.cryptomator @@ -142,6 +143,7 @@ jobs: run: | mv appdir/Cryptomator.app Cryptomator.app mv dist/mac/resources/Cryptomator-Vault.icns Cryptomator.app/Contents/Resources/ + cp dist/mac/resources/Assets.car Cryptomator.app/Contents/Resources/ sed -i '' "s|###BUNDLE_SHORT_VERSION_STRING###|${VERSION_NO}|g" Cryptomator.app/Contents/Info.plist sed -i '' "s|###BUNDLE_VERSION###|${REVISION_NO}|g" Cryptomator.app/Contents/Info.plist echo -n "$PROVISIONING_PROFILE_BASE64" | base64 --decode --output Cryptomator.app/Contents/embedded.provisionprofile @@ -149,20 +151,6 @@ jobs: VERSION_NO: ${{ needs.get-version.outputs.semVerNum }} REVISION_NO: ${{ needs.get-version.outputs.revNum }} PROVISIONING_PROFILE_BASE64: ${{ secrets.MACOS_PROVISIONING_PROFILE_BASE64 }} - - name: Build and install DockTilePlugin - env: - DERIVED_DATA_PATH: dist/mac/DockTilePlugin/build - run: | - xcodebuild -project dist/mac/DockTilePlugin/DockTilePlugin.xcodeproj \ - -scheme DockTilePlugin \ - -configuration Release \ - -destination "platform=macOS,arch=arm64" \ - -derivedDataPath ${DERIVED_DATA_PATH} \ - -quiet \ - clean build - mkdir -p Cryptomator.app/Contents/PlugIns - cp -R ${DERIVED_DATA_PATH}/Build/Products/Release/Cryptomator.docktileplugin Cryptomator.app/Contents/PlugIns/ - rm -rf ${DERIVED_DATA_PATH} - name: Generate license for dmg run: > mvn -B license:add-third-party @@ -281,7 +269,7 @@ jobs: run: security delete-keychain $RUNNER_TEMP/codesign.keychain-db continue-on-error: true - name: Upload artifacts - uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2 + uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0 with: name: dmg-${{ matrix.output-suffix }} path: | @@ -290,7 +278,7 @@ jobs: if-no-files-found: error - name: Publish dmg on GitHub Releases if: startsWith(github.ref, 'refs/tags/') && github.event.action == 'published' - uses: softprops/action-gh-release@6da8fa9354ddfdc4aeace5fc48d7f679b5214090 # v2.4.1 + uses: softprops/action-gh-release@a06a81a03ee405af7f2048a818ed3f03bbf83c7b # v2.5.0 with: fail_on_unmatched_files: true token: ${{ secrets.CRYPTOBOT_RELEASE_TOKEN }} diff --git a/.github/workflows/no-response.yml b/.github/workflows/no-response.yml index 9da0bfbc6..6585256bb 100644 --- a/.github/workflows/no-response.yml +++ b/.github/workflows/no-response.yml @@ -12,7 +12,7 @@ jobs: issues: write pull-requests: write steps: - - uses: actions/stale@5f858e3efba33a5ca4407a664cc011ad407f2008 # v10.1.0 + - uses: actions/stale@b5d41d4e1d5dceea10e7104786b73624c18a190f # v10.2.0 with: days-before-stale: 14 days-before-close: 0 diff --git a/.github/workflows/post-publish.yml b/.github/workflows/post-publish.yml index 14b115f02..619f0f607 100644 --- a/.github/workflows/post-publish.yml +++ b/.github/workflows/post-publish.yml @@ -10,7 +10,7 @@ jobs: steps: - name: Download source tarball run: | - curl -L -H "Accept: application/vnd.github+json" https://github.com/cryptomator/cryptomator/archive/refs/tags/${{ github.event.release.tag_name }}.tar.gz --output cryptomator-${{ github.event.release.tag_name }}.tar.gz + curl --silent --fail-with-body --proto "=https" -L -H "Accept: application/vnd.github+json" https://github.com/cryptomator/cryptomator/archive/refs/tags/${{ github.event.release.tag_name }}.tar.gz --output cryptomator-${{ github.event.release.tag_name }}.tar.gz - name: Sign source tarball with key 615D449FE6E6A235 run: | echo "${GPG_PRIVATE_KEY}" | gpg --batch --quiet --import @@ -19,7 +19,7 @@ jobs: GPG_PRIVATE_KEY: ${{ secrets.RELEASES_GPG_PRIVATE_KEY }} GPG_PASSPHRASE: ${{ secrets.RELEASES_GPG_PASSPHRASE }} - name: Publish asc on GitHub Releases - uses: softprops/action-gh-release@6da8fa9354ddfdc4aeace5fc48d7f679b5214090 # v2.4.1 + uses: softprops/action-gh-release@a06a81a03ee405af7f2048a818ed3f03bbf83c7b # v2.5.0 with: fail_on_unmatched_files: true token: ${{ secrets.CRYPTOBOT_RELEASE_TOKEN }} @@ -28,7 +28,7 @@ jobs: - name: Slack Notification uses: rtCamp/action-slack-notify@e31e87e03dd19038e411e38ae27cbad084a90661 # v2.3.3 env: - SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK_URL }} + SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK_CRYPTOMATOR_DESKTOP }} SLACK_USERNAME: 'Cryptobot' SLACK_ICON: false SLACK_ICON_EMOJI: ':bot:' diff --git a/.github/workflows/pullrequest.yml b/.github/workflows/pullrequest.yml index 8bfddf2d4..a0f6beefe 100644 --- a/.github/workflows/pullrequest.yml +++ b/.github/workflows/pullrequest.yml @@ -5,7 +5,7 @@ on: env: JAVA_DIST: 'temurin' - JAVA_VERSION: 24 + JAVA_VERSION: 25 defaults: run: @@ -16,8 +16,8 @@ jobs: name: Compile and Test runs-on: ubuntu-latest steps: - - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 - - uses: actions/setup-java@dded0888837ed1f317902acf8a20df0ad188d165 # v5.0.0 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + - uses: actions/setup-java@be666c2fcd27ec809703dec50e508c2fdc7f6654 # v5.2.0 with: distribution: ${{ env.JAVA_DIST }} java-version: ${{ env.JAVA_VERSION }} diff --git a/.github/workflows/release-check.yml b/.github/workflows/release-check.yml index e2bfdb8ea..2e6779093 100644 --- a/.github/workflows/release-check.yml +++ b/.github/workflows/release-check.yml @@ -12,16 +12,16 @@ defaults: env: JAVA_DIST: 'temurin' - JAVA_VERSION: 23 + JAVA_VERSION: 25 jobs: check-preconditions: name: Validate commits pushed to release/hotfix branch to fulfill release requirements runs-on: ubuntu-latest steps: - - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: Setup Java - uses: actions/setup-java@dded0888837ed1f317902acf8a20df0ad188d165 # v5.0.0 + uses: actions/setup-java@be666c2fcd27ec809703dec50e508c2fdc7f6654 # v5.2.0 with: distribution: ${{ env.JAVA_DIST }} java-version: ${{ env.JAVA_VERSION }} @@ -50,7 +50,7 @@ jobs: exit 1 fi - name: Cache NVD DB - uses: actions/cache@0057852bfaa89a56745cba8c7296529d2fc39830 # v4.3.0 + uses: actions/cache@cdf6c1fa76f9f475f3d7449005a359c84ca0f306 # v5.0.3 with: path: ~/.m2/repository/org/owasp/dependency-check-data/ key: dependency-check-${{ github.run_id }} diff --git a/.github/workflows/stale.yml b/.github/workflows/stale.yml index 1a2dd28af..9f30d89a5 100644 --- a/.github/workflows/stale.yml +++ b/.github/workflows/stale.yml @@ -12,7 +12,7 @@ jobs: issues: write pull-requests: write steps: - - uses: actions/stale@5f858e3efba33a5ca4407a664cc011ad407f2008 # v10.1.0 + - uses: actions/stale@b5d41d4e1d5dceea10e7104786b73624c18a190f # v10.2.0 with: days-before-stale: 365 days-before-close: 90 diff --git a/.github/workflows/win-exe.yml b/.github/workflows/win-exe.yml index c0635f20f..1e36d0af4 100644 --- a/.github/workflows/win-exe.yml +++ b/.github/workflows/win-exe.yml @@ -22,11 +22,12 @@ on: env: - OPENJFX_JMODS_AMD64: 'https://download2.gluonhq.com/openjfx/25/openjfx-25_windows-x64_bin-jmods.zip' - OPENJFX_JMODS_AMD64_HASH: 'c8eb9fd039b00e0020cf6c3db8ed7876bf3ee4d27860aa697a247b83b8296ae7' + OPENJFX_JMODS_AMD64: 'https://download2.gluonhq.com/openjfx/25.0.2/openjfx-25.0.2_windows-x64_bin-jmods.zip' + OPENJFX_JMODS_AMD64_HASH: '33d878dfac85590c4d77c518ed413e512d34a8479d90132b230a7ddd173576b3' WINFSP_MSI: 'https://github.com/winfsp/winfsp/releases/download/v2.1/winfsp-2.1.25156.msi' WINFSP_MSI_HASH: '073a70e00f77423e34bed98b86e600def93393ba5822204fac57a29324db9f7a' WINFSP_UNINSTALLER: 'https://github.com/cryptomator/winfsp-uninstaller/releases/latest/download/winfsp-uninstaller.exe' + WIX_VERSION: '6.0.2' defaults: run: @@ -47,13 +48,13 @@ jobs: include: - arch: x64 os: windows-latest - java-dist: 'zulu' - java-version: '24.0.1+9' + java-dist: 'zulu' #cannot use temurin, see https://github.com/cryptomator/cryptomator/issues/3824#issuecomment-2829827427 + java-version: '25.0.1+8' java-package: 'jdk' steps: - - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: Setup Java - uses: actions/setup-java@dded0888837ed1f317902acf8a20df0ad188d165 # v5.0.0 + uses: actions/setup-java@be666c2fcd27ec809703dec50e508c2fdc7f6654 # v5.2.0 with: distribution: ${{ matrix.java-dist }} java-version: ${{ matrix.java-version }} @@ -62,14 +63,16 @@ jobs: cache: 'maven' - name: Install wix and extensions run: | - dotnet tool install --global wix --version 6.0.0 - wix.exe extension add WixToolset.UI.wixext/6.0.0 --global - wix.exe extension add WixToolset.Util.wixext/6.0.0 --global + dotnet tool install --global wix --version ${WIX_VERSION} + wix.exe extension add --global WixToolset.UI.wixext/${WIX_VERSION} + wix.exe extension add --global WixToolset.Util.wixext/${WIX_VERSION} + env: + WIX_VERSION: ${{ env.WIX_VERSION }} - name: Download and extract JavaFX jmods from Gluon if: matrix.arch == 'x64' #In the last step we move all jmods files a dir level up because jmods are placed inside a directory in the zip run: | - curl --output openjfx-jmods.zip -L "${{ env.OPENJFX_JMODS_AMD64 }}" + curl --silent --fail-with-body --proto "=https" -L "${{ env.OPENJFX_JMODS_AMD64 }}" --output openjfx-jmods.zip if(!(Get-FileHash -Path openjfx-jmods.zip -Algorithm SHA256).Hash.ToLower().equals("${{ env.OPENJFX_JMODS_AMD64_HASH }}")) { throw "Wrong checksum of JMOD archive downloaded from ${{ env.OPENJFX_JMODS_AMD64 }}."; } @@ -140,8 +143,8 @@ jobs: --java-options "-Dcryptomator.appVersion=\"${{ needs.get-version.outputs.semVerStr }}\"" --java-options "-Dfile.encoding=\"utf-8\"" --java-options "-Djava.net.useSystemProxies=true" + --java-options "-Dcryptomator.adminConfigPath=\"C:/ProgramData/Cryptomator/config.properties\"" --java-options "-Dcryptomator.logDir=\"@{localappdata}/Cryptomator\"" - --java-options "-Dcryptomator.pluginDir=\"@{appdata}/Cryptomator/Plugins\"" --java-options "-Dcryptomator.settingsPath=\"@{appdata}/Cryptomator/settings.json;@{userhome}/AppData/Roaming/Cryptomator/settings.json\"" --java-options "-Dcryptomator.p12Path=\"@{appdata}/Cryptomator/key.p12;@{userhome}/AppData/Roaming/Cryptomator/key.p12\"" --java-options "-Dcryptomator.ipcSocketPath=\"@{localappdata}/Cryptomator/ipc.socket\"" @@ -200,7 +203,7 @@ jobs: client-secret: ${{ secrets.AZURE_CLIENT_SECRET }} - name: Sign DLLs with Actalis CodeSigner if: inputs.sign || github.event_name == 'release' - uses: skymatic/workflows/.github/actions/win-sign-action@450e322ff2214d0be0b079b63343c894f3ef735f # no specific version + uses: skymatic/workflows/.github/actions/win-sign-action@957d3c2c08c56855fdac41e5afb9a7aca8c30dd9 # no specific version with: base-dir: 'appdir' file-extensions: 'dll,exe,ps1' @@ -277,7 +280,7 @@ jobs: GPG_PRIVATE_KEY: ${{ secrets.RELEASES_GPG_PRIVATE_KEY }} GPG_PASSPHRASE: ${{ secrets.RELEASES_GPG_PASSPHRASE }} - name: Upload artifacts - uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2 + uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0 with: name: msi-${{ matrix.arch }} path: | @@ -299,21 +302,23 @@ jobs: java-version: '24.0.1+9' java-package: 'jdk' steps: - - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: Install wix and extensions run: | - dotnet tool install --global wix --version 6.0.0 - wix.exe extension add WixToolset.BootstrapperApplications.wixext/6.0.0 --global - wix.exe extension add WixToolset.Util.wixext/6.0.0 --global + dotnet tool install --global wix --version ${WIX_VERSION} + wix.exe extension add --global WixToolset.BootstrapperApplications.wixext/${WIX_VERSION} + wix.exe extension add --global WixToolset.Util.wixext/${WIX_VERSION} + env: + WIX_VERSION: ${{ env.WIX_VERSION }} - name: Download .msi - uses: actions/download-artifact@634f93cb2916e3fdff6788551b99b062d0335ce0 # v5.0.0 + uses: actions/download-artifact@70fc10c6e5e1ce46ad2ea6f2b72d43f7d47b13c3 # v8.0.0 with: name: msi-${{ matrix.arch }} path: dist/win/bundle/resources - name: Strip version info from msi file name run: mv dist/win/bundle/resources/Cryptomator*.msi dist/win/bundle/resources/Cryptomator.msi - name: Setup Java - uses: actions/setup-java@dded0888837ed1f317902acf8a20df0ad188d165 # v5.0.0 + uses: actions/setup-java@be666c2fcd27ec809703dec50e508c2fdc7f6654 # v5.2.0 with: distribution: ${{ matrix.java-dist }} java-version: ${{ matrix.java-version }} @@ -333,7 +338,7 @@ jobs: shell: pwsh - name: Download WinFsp run: | - curl --output $env:WINFSP_PATH -L ${{ env.WINFSP_MSI }} + curl --silent --fail-with-body --proto "=https" -L ${{ env.WINFSP_MSI }} --output $env:WINFSP_PATH $computedHash = (Get-FileHash -Path $env:WINFSP_PATH -Algorithm SHA256).Hash.ToLower() if ($computedHash -ne "${{ env.WINFSP_MSI_HASH }}") { throw "Checksum mismatch for $env:WINFSP_PATH (expected ${{ env.WINFSP_MSI_HASH }}, got $computedHash)." @@ -343,7 +348,7 @@ jobs: shell: pwsh - name: Download Legacy-WinFsp uninstaller run: | - curl --output dist/win/bundle/resources/winfsp-uninstaller.exe -L ${{ env.WINFSP_UNINSTALLER }} + curl --silent --fail-with-body --proto "=https" -L ${{ env.WINFSP_UNINSTALLER }} --output dist/win/bundle/resources/winfsp-uninstaller.exe shell: pwsh - name: Create Wix Burn bundle working-directory: dist/win @@ -376,7 +381,7 @@ jobs: client-secret: ${{ secrets.AZURE_CLIENT_SECRET }} - name: Sign burn engine with Actalis CodeSigner if: inputs.sign || github.event_name == 'release' - uses: skymatic/workflows/.github/actions/win-sign-action@450e322ff2214d0be0b079b63343c894f3ef735f # no specific version + uses: skymatic/workflows/.github/actions/win-sign-action@957d3c2c08c56855fdac41e5afb9a7aca8c30dd9 # no specific version with: base-dir: 'tmp' file-extensions: 'exe' @@ -400,7 +405,7 @@ jobs: client-secret: ${{ secrets.AZURE_CLIENT_SECRET }} - name: Sign installer with Actalis CodeSigner if: inputs.sign || github.event_name == 'release' - uses: skymatic/workflows/.github/actions/win-sign-action@450e322ff2214d0be0b079b63343c894f3ef735f # no specific version + uses: skymatic/workflows/.github/actions/win-sign-action@957d3c2c08c56855fdac41e5afb9a7aca8c30dd9 # no specific version with: base-dir: 'installer' file-extensions: 'exe' @@ -418,7 +423,7 @@ jobs: GPG_PRIVATE_KEY: ${{ secrets.RELEASES_GPG_PRIVATE_KEY }} GPG_PASSPHRASE: ${{ secrets.RELEASES_GPG_PASSPHRASE }} - name: Upload artifacts - uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2 + uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0 with: name: exe-${{ matrix.executable-suffix }} path: | @@ -436,12 +441,12 @@ jobs: download-url-exe-x64: ${{ fromJSON(steps.publish.outputs.assets)[2].browser_download_url }} steps: - name: Download installers - uses: actions/download-artifact@634f93cb2916e3fdff6788551b99b062d0335ce0 # v5.0.0 + uses: actions/download-artifact@70fc10c6e5e1ce46ad2ea6f2b72d43f7d47b13c3 # v8.0.0 with: merge-multiple: true - name: Publish installers on GitHub Releases id: publish - uses: softprops/action-gh-release@6da8fa9354ddfdc4aeace5fc48d7f679b5214090 # v2.4.1 + uses: softprops/action-gh-release@a06a81a03ee405af7f2048a818ed3f03bbf83c7b # v2.5.0 with: fail_on_unmatched_files: true token: ${{ secrets.CRYPTOBOT_RELEASE_TOKEN }} diff --git a/.idea/compiler.xml b/.idea/compiler.xml index 1256745d3..16d2db425 100644 --- a/.idea/compiler.xml +++ b/.idea/compiler.xml @@ -12,18 +12,15 @@ - + \ No newline at end of file diff --git a/.idea/runConfigurations/Cryptomator_macOS.xml b/.idea/runConfigurations/Cryptomator_macOS.xml index c777434a2..b1fd85746 100644 --- a/.idea/runConfigurations/Cryptomator_macOS.xml +++ b/.idea/runConfigurations/Cryptomator_macOS.xml @@ -5,7 +5,7 @@