refactor(ci): enable Linux do-nothing GUI builds (but not tests) in CI/CD, extract scripts for that (#3735)

Builds a do-nothing `return 0` Linux client to make sure the CI/CD scripts are set up and producing AppImage / deb bundles as expected. ![image](https://github.com/firezone/firezone/assets/13400041/7d2d8f02-adde-4b1b-89ec-02aaf112ac48) --------- Signed-off-by: Reactor Scram <ReactorScram@users.noreply.github.com>
2026-01-28 02:18:50 +00:00 · 2024-02-23 11:57:39 -06:00
parent 7825710a69
commit fd31152106
8 changed files with 162 additions and 65 deletions
--- a/.github/actions/upload-gui-artifact/action.yml
+++ b/.github/actions/upload-gui-artifact/action.yml
@@ -0,0 +1,15 @@
+name: "Upload GUI artifact"
+description: "Uploads an exe / package / installer for the Firezone GUI client"
+inputs:
+  base:
+    description: "Base file name, e.g. `firezone-linux-gui-client_amd64.deb`"
+    required: true
+runs:
+  using: "composite"
+  steps:
+    - uses: actions/upload-artifact@v4
+      with:
+        name: ${{ inputs.base }}
+        path: |
+          ${{ github.workspace }}/rust/gui-client/${{ inputs.base }}
+          ${{ github.workspace }}/rust/gui-client/${{ inputs.base }}.sha256sum.txt
--- a/.github/workflows/_rust.yml
+++ b/.github/workflows/_rust.yml
@@ -125,12 +125,15 @@ jobs:
    strategy:
      fail-fast: false
      matrix:
-        runs-on:
-          # TODO
-          # - ubuntu-20.04
-          - windows-2019
+        include:
+          - runs-on: ubuntu-20.04
+            binary-dest-path: firezone-linux-gui-client
+            rename-script: ../../scripts/build/tauri-rename-ubuntu.sh
+          - runs-on: windows-2019
+            binary-dest-path: firezone-windows-client
+            rename-script: ../../scripts/build/tauri-rename-windows.sh
    env:
-      BINARY_DEST_PATH: firezone-gui-client
+      BINARY_DEST_PATH: ${{ matrix.binary-dest-path }}
      CONNLIB_LOG_UPLOAD_INTERVAL_SECS: 300
    steps:
      - uses: actions/checkout@v4
@@ -143,41 +146,36 @@ jobs:
        run: pnpm install
      - name: Build release exe and MSI
        run: pnpm build
-      - name: Compute SHA256 and rename
-        run: |
-          # Used for release artifact
-          # In release mode the name comes from tauri.conf.json
-          cp "../target/release/Firezone.exe" "${{ env.BINARY_DEST_PATH }}-x64.exe"
-          cp "../target/release/bundle/msi/*.msi" "${{ env.BINARY_DEST_PATH }}-x64.msi"
-          cp "../target/release/firezone_gui_client.pdb" "${{ env.BINARY_DEST_PATH }}-x64.pdb"
-
-          Get-FileHash ${{ env.BINARY_DEST_PATH }}-x64.exe -Algorithm SHA256 | Select-Object Hash > ${{ env.BINARY_DEST_PATH }}-x64.exe.sha256sum.txt
-          Get-FileHash ${{ env.BINARY_DEST_PATH }}-x64.msi -Algorithm SHA256 | Select-Object Hash > ${{ env.BINARY_DEST_PATH }}-x64.msi.sha256sum.txt
-          Get-FileHash ${{ env.BINARY_DEST_PATH }}-x64.pdb -Algorithm SHA256 | Select-Object Hash > ${{ env.BINARY_DEST_PATH }}-x64.pdb.sha256sum.txt
-
-          # This might catch regressions in #3384, depending how CI runners
-          # handle exit codes
-          git diff --exit-code
-      - name: Save GUI client
-        uses: actions/upload-artifact@v4
+      - name: Rename artifacts and compute SHA256
+        shell: bash
+        run: ${{ matrix.rename-script }}
+      - name: Save Linux client
+        if: ${{ runner.os == 'Linux' }}
+        uses: ./.github/actions/upload-gui-artifact
        with:
-          name: ${{ env.BINARY_DEST_PATH }}-x64
-          path: |
-            ${{ github.workspace }}/rust/gui-client/${{ env.BINARY_DEST_PATH }}-x64.exe
-            ${{ github.workspace }}/rust/gui-client/${{ env.BINARY_DEST_PATH }}-x64.exe.sha256sum.txt
+          base: ${{ env.BINARY_DEST_PATH }}-amd64
+      - name: Save Linux AppImage
+        if: ${{ runner.os == 'Linux' }}
+        uses: ./.github/actions/upload-gui-artifact
+        with:
+          base: ${{ env.BINARY_DEST_PATH }}_amd64.AppImage
+      - name: Save Linux deb package
+        if: ${{ runner.os == 'Linux' }}
+        uses: ./.github/actions/upload-gui-artifact
+        with:
+          base: ${{ env.BINARY_DEST_PATH }}_amd64.deb
+      - name: Save Windows client
+        if: ${{ runner.os == 'Windows' }}
+        uses: ./.github/actions/upload-gui-artifact
+        with:
+          base: ${{ env.BINARY_DEST_PATH }}-x64.exe
      - name: Save Windows MSI installer
        if: ${{ runner.os == 'Windows' }}
-        uses: actions/upload-artifact@v4
+        uses: ./.github/actions/upload-gui-artifact
        with:
-          name: ${{ env.BINARY_DEST_PATH }}-x64-msi
-          path: |
-            ${{ github.workspace }}/rust/gui-client/${{ env.BINARY_DEST_PATH }}-x64.msi
-            ${{ github.workspace }}/rust/gui-client/${{ env.BINARY_DEST_PATH }}-x64.msi.sha256sum.txt
+          base: ${{ env.BINARY_DEST_PATH }}-x64.msi
      - name: Save Windows debug symbols
        if: ${{ runner.os == 'Windows' }}
-        uses: actions/upload-artifact@v4
+        uses: ./.github/actions/upload-gui-artifact
        with:
-          name: ${{ env.BINARY_DEST_PATH }}-x64-pdb
-          path: |
-            ${{ github.workspace }}/rust/gui-client/${{ env.BINARY_DEST_PATH }}-x64.pdb
-            ${{ github.workspace }}/rust/gui-client/${{ env.BINARY_DEST_PATH }}-x64.pdb.sha256sum.txt
+          base: ${{ env.BINARY_DEST_PATH }}-x64.pdb
--- a/.github/workflows/cd.yml
+++ b/.github/workflows/cd.yml
@@ -116,10 +116,10 @@ jobs:
          - target: x86_64-unknown-linux-musl
            shortname: x64
            platform: linux/amd64
-          - target: aarch64-unknown-linux-musl # E.g. AWS Graviton
+          - target: aarch64-unknown-linux-musl  # E.g. AWS Graviton
            shortname: arm64
            platform: linux/arm64
-          - target: armv7-unknown-linux-musleabihf # E.g. Raspberry Pi
+          - target: armv7-unknown-linux-musleabihf  # E.g. Raspberry Pi
            platform: linux/arm/v7
            shortname: arm
          # Requires ring v0.17 which a number of our dependencies don't yet support
@@ -234,13 +234,14 @@ jobs:
          if-no-files-found: error
          retention-days: 1

-  # Build for Windows
-  build-push-windows-release-artifacts:
+  # Build GUI for Windows / Linux
+  build-push-gui-release-artifacts:
+    name: build-gui-${{ matrix.runs-on }}
+    runs-on: ${{ matrix.runs-on }}
    permissions:
      id-token: write
      contents: write
    needs: update-release-draft
-    runs-on: windows-2019
    defaults:
      run:
        working-directory: ./rust/gui-client
@@ -249,39 +250,46 @@ jobs:
      # The matrix is 1x1 to match the style of build-push-linux-release-artifacts
      # In the future we could try to cross-compile aarch64-windows here.
      matrix:
-        name:
-          - package: firezone-gui-client
-            artifact: gui-client
+        include:
+          - runs-on: ubuntu-20.04
+            binary-dest-path: firezone-linux-gui-client
+            rename-script: ../../scripts/build/tauri-rename-ubuntu.sh
+          - runs-on: windows-2019
+            binary-dest-path: firezone-windows-client
+            rename-script: ../../scripts/build/tauri-rename-windows.sh
    env:
-      BINARY_DEST_PATH: firezone-${{ matrix.name.artifact }}
+      BINARY_DEST_PATH: ${{ matrix.binary-dest-path }}
      CONNLIB_LOG_UPLOAD_INTERVAL_SECS: 300
    steps:
      - uses: actions/checkout@v4
-      - uses: ./.github/actions/setup-rust
      - uses: ./.github/actions/setup-node
+        with:
+          node-version: '20'
+      - uses: ./.github/actions/setup-rust
+      - uses: ./.github/actions/setup-tauri
      - name: Install pnpm deps
        run: pnpm install
      - name: Build release exe and MSI
        run: pnpm build
-      - name: Compute SHA256 and rename
-        run: |
-          # Used for release artifact
-          # This should match 'build-tauri' in _rust.yml
-          cp "../target/release/bundle/msi/*.msi" "${{ env.BINARY_DEST_PATH }}-x64.msi"
-
-          Get-FileHash ${{ env.BINARY_DEST_PATH }}-x64.msi -Algorithm SHA256 | Select-Object Hash > ${{ env.BINARY_DEST_PATH }}-x64.msi.sha256sum.txt
-      - name: Upload Release Assets
+      - name: Rename artifacts and compute SHA256
+        shell: bash
+        run: ${{ matrix.rename-script }}
+      - name: Upload Release Assets (Linux)
+        if: ${{ runner.os == 'Linux' }}
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-        run: |
-          # Upload Windows MSI
-
-          # This artifact name is tied to the update checker in `gui-client/src-tauri/src/client/updates.rs`
-          gh release upload ${{ needs.update-release-draft.outputs.tag_name }} `
-            ${{ env.BINARY_DEST_PATH }}-x64.msi `
-            ${{ env.BINARY_DEST_PATH }}-x64.msi.sha256sum.txt `
-            --clobber `
-            --repo ${{ github.repository }}
+          REPOSITORY: ${{ github.repository }}
+          TAG_NAME: ${{ needs.update-release-draft.outputs.tag_name }}
+        shell: bash
+        run: ../../scripts/build/tauri-upload-ubuntu.sh
+      - name: Upload Release Assets (Windows)
+        if: ${{ runner.os == 'Windows' }}
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          REPOSITORY: ${{ github.repository }}
+          TAG_NAME: ${{ needs.update-release-draft.outputs.tag_name }}
+        shell: bash
+        run: ../../scripts/build/tauri-upload-windows.sh

  merge-release-artifacts:
    permissions:
--- a/rust/gui-client/src-tauri/tauri.conf.json
+++ b/rust/gui-client/src-tauri/tauri.conf.json
@@ -19,10 +19,19 @@
    },
    "bundle": {
      "active": true,
-      "targets": "msi",
+      "targets": ["appimage", "deb", "msi"],
      "identifier": "dev.firezone.client",
      "icon": [
-        "icons/firezone.ico"
+        "icons/firezone.ico",
+        "icons/Square107x107Logo.png",
+        "icons/Square142x142Logo.png",
+        "icons/Square150x150Logo.png",
+        "icons/Square284x284Logo.png",
+        "icons/Square30x30Logo.png",
+        "icons/Square310x310Logo.png",
+        "icons/Square44x44Logo.png",
+        "icons/Square71x71Logo.png",
+        "icons/Square89x89Logo.png"
      ],
      "publisher": "Firezone",
      "shortDescription": "Firezone"
--- a/scripts/build/tauri-rename-ubuntu.sh
+++ b/scripts/build/tauri-rename-ubuntu.sh
@@ -0,0 +1,25 @@
+#!/usr/bin/env bash
+set -euo pipefail
+
+# For debugging
+ls ../target/release ../target/release/bundle/appimage ../target/release/bundle/deb
+
+# Used for release artifact
+# In release mode the name comes from tauri.conf.json
+# Using a glob for the source, there will only be one exe, AppImage, and deb anyway
+cp ../target/release/firezone "$BINARY_DEST_PATH"-amd64
+cp ../target/release/bundle/appimage/*_amd64.AppImage "$BINARY_DEST_PATH"_amd64.AppImage
+cp ../target/release/bundle/deb/*_amd64.deb "$BINARY_DEST_PATH"_amd64.deb
+# TODO: Debug symbols for Linux
+
+function make_hash() {
+    sha256sum "$1"> "$1.sha256sum.txt"
+}
+
+# I think we agreed in standup to just match platform conventions
+# Firezone for Windows is "-x64" which I believe is Visual Studio's convention
+# Debian calls it "amd64". Rust and Linux call it "x86_64". So whatever, it's
+# amd64 here. They're all the same.
+make_hash "$BINARY_DEST_PATH"-amd64
+make_hash "$BINARY_DEST_PATH"_amd64.AppImage
+make_hash "$BINARY_DEST_PATH"_amd64.deb
--- a/scripts/build/tauri-rename-windows.sh
+++ b/scripts/build/tauri-rename-windows.sh
@@ -0,0 +1,20 @@
+#!/usr/bin/env bash
+set -euo pipefail
+
+# For debugging
+ls ../target/release ../target/release/bundle/msi
+
+# Used for release artifact
+# In release mode the name comes from tauri.conf.json
+# Using a glob for the source, there will only be one exe, msi, and pdb anyway
+cp ../target/release/*.exe "$BINARY_DEST_PATH-x64.exe"
+cp ../target/release/bundle/msi/*.msi "$BINARY_DEST_PATH-x64.msi"
+cp ../target/release/*.pdb "$BINARY_DEST_PATH-x64.pdb"
+
+function make_hash() {
+    sha256sum "$1"> "$1.sha256sum.txt"
+}
+
+make_hash "$BINARY_DEST_PATH-x64.exe"
+make_hash "$BINARY_DEST_PATH-x64.msi"
+make_hash "$BINARY_DEST_PATH-x64.pdb"
--- a/scripts/build/tauri-upload-ubuntu.sh
+++ b/scripts/build/tauri-upload-ubuntu.sh
@@ -0,0 +1,12 @@
+#!/usr/bin/env bash
+
+set -euo pipefail
+
+# This artifact name is tied to the update checker in `gui-client/src-tauri/src/client/updates.rs`
+gh release upload "$TAG_NAME" \
+    "$BINARY_DEST_PATH"_amd64.AppImage \
+    "$BINARY_DEST_PATH"_amd64.AppImage.sha256sum.txt \
+    "$BINARY_DEST_PATH"_amd64.deb \
+    "$BINARY_DEST_PATH"_amd64.deb.sha256sum.txt \
+    --clobber \
+    --repo "$REPOSITORY"
--- a/scripts/build/tauri-upload-windows.sh
+++ b/scripts/build/tauri-upload-windows.sh
@@ -0,0 +1,10 @@
+#!/usr/bin/env bash
+
+set -euo pipefail
+
+# This artifact name is tied to the update checker in `gui-client/src-tauri/src/client/updates.rs`
+gh release upload "$TAG_NAME" \
+    "$BINARY_DEST_PATH"-x64.msi \
+    "$BINARY_DEST_PATH"-x64.msi.sha256sum.txt \
+    --clobber \
+    --repo "$REPOSITORY"