Merge branch 'develop' into feature/gtk2-launcher

2026-05-29 16:10:19 +00:00 · 2022-03-31 08:57:27 +02:00
parent 67e1626de0 28db04e621
commit 828f32d3f6
60 changed files with 918 additions and 276 deletions
--- a/.github/workflows/appimage.yml
+++ b/.github/workflows/appimage.yml
@@ -4,6 +4,10 @@ on:
  release:
    types: [published]
  workflow_dispatch:
+    inputs:
+      version:
+        description: 'Version'
+        required: false

 env:
  JAVA_VERSION: 17
@@ -28,6 +32,9 @@ jobs:
          if [[ $GITHUB_REF =~ refs/tags/[0-9]+\.[0-9]+\.[0-9]+.* ]]; then
            SEM_VER_STR=${GITHUB_REF##*/}
            mvn versions:set -DnewVersion=${SEM_VER_STR}
+          elif [[ "${{ github.event.inputs.version }}" =~ [0-9]+\.[0-9]+\.[0-9]+.* ]]; then
+            SEM_VER_STR="${{ github.event.inputs.version }}"
+            mvn versions:set -DnewVersion=${SEM_VER_STR}
          else
            SEM_VER_STR=`mvn help:evaluate -Dexpression=project.version -q -DforceStdout`
          fi
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -43,13 +43,15 @@ jobs:
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # Needed to get PR information, if any
          SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
-      - name: Upload code coverage report
-        id: codacyCoverageReporter
-        if: "github.event_name == 'push' || contains(github.event.pull_request.labels.*.name, 'pr:safe')"
-        run: bash <(curl -Ls https://coverage.codacy.com/get.sh)
+      - name: Sign source tarball with key 615D449FE6E6A235
+        if: startsWith(github.ref, 'refs/tags/')
+        run: |
+          git archive --prefix="cryptomator-${{ github.ref_name }}/" -o "cryptomator-${{ github.ref_name }}.tar.gz" ${{ github.ref }}
+          echo "${GPG_PRIVATE_KEY}" | gpg --batch --quiet --import
+          echo "${GPG_PASSPHRASE}" | gpg --batch --quiet --passphrase-fd 0 --pinentry-mode loopback -u 615D449FE6E6A235 --detach-sign -a cryptomator-*.tar.gz
        env:
-          CODACY_PROJECT_TOKEN: ${{ secrets.CODACY_PROJECT_TOKEN }}
-        continue-on-error: true
+          GPG_PRIVATE_KEY: ${{ secrets.RELEASES_GPG_PRIVATE_KEY }}
+          GPG_PASSPHRASE: ${{ secrets.RELEASES_GPG_PASSPHRASE }}
      - name: Draft a release
        if: startsWith(github.ref, 'refs/tags/')
        uses: softprops/action-gh-release@v1
@@ -58,6 +60,9 @@ jobs:
          discussion_category_name: releases
          token: ${{ secrets.CRYPTOBOT_RELEASE_TOKEN }}
          generate_release_notes: true
+          files: |
+            cryptomator-*.tar.gz.asc
+          fail_on_unmatched_files: true
          body: |-
            :construction: Work in Progress
            
--- a/.github/workflows/debian.yml
+++ b/.github/workflows/debian.yml
@@ -10,6 +10,9 @@ on:
        required: true
        default: false
        type: boolean
+      version:
+        description: 'Version'
+        required: false

 env:
  JAVA_VERSION: 17
@@ -38,6 +41,9 @@ jobs:
          if [[ $GITHUB_REF =~ refs/tags/[0-9]+\.[0-9]+\.[0-9]+.* ]]; then
            SEM_VER_STR=${GITHUB_REF##*/}
            mvn versions:set -DnewVersion=${SEM_VER_STR}
+          elif [[ "${{ github.event.inputs.version }}" =~ [0-9]+\.[0-9]+\.[0-9]+.* ]]; then
+            SEM_VER_STR="${{ github.event.inputs.version }}"
+            mvn versions:set -DnewVersion=${SEM_VER_STR}
          else
            SEM_VER_STR=`mvn help:evaluate -Dexpression=project.version -q -DforceStdout`
          fi
--- a/.github/workflows/mac-dmg.yml
+++ b/.github/workflows/mac-dmg.yml
@@ -4,6 +4,10 @@ on:
  release:
    types: [published]
  workflow_dispatch:
+    inputs:
+      version:
+        description: 'Version'
+        required: false

 env:
  JAVA_VERSION: 17
@@ -28,6 +32,9 @@ jobs:
          if [[ $GITHUB_REF =~ refs/tags/[0-9]+\.[0-9]+\.[0-9]+.* ]]; then
            SEM_VER_STR=${GITHUB_REF##*/}
            mvn versions:set -DnewVersion=${SEM_VER_STR}
+          elif [[ "${{ github.event.inputs.version }}" =~ [0-9]+\.[0-9]+\.[0-9]+.* ]]; then
+            SEM_VER_STR="${{ github.event.inputs.version }}"
+            mvn versions:set -DnewVersion=${SEM_VER_STR}
          else
            SEM_VER_STR=`mvn help:evaluate -Dexpression=project.version -q -DforceStdout`
          fi
--- a/.github/workflows/pullrequest.yml
+++ b/.github/workflows/pullrequest.yml
@@ -23,4 +23,4 @@ jobs:
          java-version: ${{ env.JAVA_VERSION }}
          cache: 'maven'
      - name: Build and Test
-        run: mvn -B clean install jacoco:report -Pcoverage,dependency-check
+        run: xvfb-run mvn -B clean install jacoco:report -Pcoverage,dependency-check
--- a/.github/workflows/win-exe.yml
+++ b/.github/workflows/win-exe.yml
@@ -4,6 +4,10 @@ on:
  release:
    types: [published]
  workflow_dispatch:
+    inputs:
+      version:
+        description: 'Version'
+        required: false

 env:
  JAVA_VERSION: 17
@@ -33,6 +37,9 @@ jobs:
          if [[ $GITHUB_REF =~ refs/tags/[0-9]+\.[0-9]+\.[0-9]+.* ]]; then
            SEM_VER_STR=${GITHUB_REF##*/}
            mvn versions:set -DnewVersion=${SEM_VER_STR}
+          elif [[ "${{ github.event.inputs.version }}" =~ [0-9]+\.[0-9]+\.[0-9]+.* ]]; then
+            SEM_VER_STR="${{ github.event.inputs.version }}"
+            mvn versions:set -DnewVersion=${SEM_VER_STR}
          else
            SEM_VER_STR=`mvn help:evaluate -Dexpression=project.version -q -DforceStdout`
          fi
@@ -80,6 +87,7 @@ jobs:
          --app-version "${{ steps.versions.outputs.semVerNum }}.${{ steps.versions.outputs.revNum }}"
          --java-options "-Xss5m"
          --java-options "-Xmx256m"
+          --java-options "-Dcryptomator.appVersion=\"${{ steps.versions.outputs.semVerStr }}\""
          --java-options "-Dfile.encoding=\"utf-8\""
          --java-options "-Dcryptomator.logDir=\"~/AppData/Roaming/Cryptomator\""
          --java-options "-Dcryptomator.pluginDir=\"~/AppData/Roaming/Cryptomator/Plugins\""
@@ -271,4 +279,44 @@ jobs:
          token: ${{ secrets.CRYPTOBOT_RELEASE_TOKEN }}
          files: |
            Cryptomator-*.exe
-            Cryptomator-*.asc
+            Cryptomator-*.asc
+
+  allowlist:
+    name: Anti Virus Allowlisting
+    if: startsWith(github.ref, 'refs/tags/')
+    runs-on: ubuntu-latest
+    needs: [build-msi, build-exe]
+    steps:
+      - name: Download .msi
+        uses: actions/download-artifact@v2
+        with:
+          name: msi
+          path: msi
+      - name: Download .exe
+        uses: actions/download-artifact@v2
+        with:
+          name: exe
+          path: exe
+      - name: Collect files
+        run: |
+          mkdir files
+          cp msi/*.msi files
+          cp exe/*.exe files
+      - name: Upload to Kaspersky
+        uses: SamKirkland/FTP-Deploy-Action@4.3.0
+        with:
+          protocol: ftps
+          server: allowlist.kaspersky-labs.com
+          port: 990
+          username: ${{ secrets.ALLOWLIST_KASPERSKY_USERNAME }}
+          password: ${{ secrets.ALLOWLIST_KASPERSKY_PASSWORD }}
+          local-dir: files/
+      - name: Upload to Avast
+        uses: SamKirkland/FTP-Deploy-Action@4.3.0
+        with:
+          protocol: ftp
+          server: whitelisting.avast.com
+          port: 21
+          username: ${{ secrets.ALLOWLIST_AVAST_USERNAME }}
+          password: ${{ secrets.ALLOWLIST_AVAST_PASSWORD }}
+          local-dir: files/