name: Build AppImage on: release: types: [published] schedule: - cron: '0 23 20 * *' workflow_dispatch: inputs: version: description: 'Version' required: false create-pr: description: 'Create a PR for aur-bin repo' type: boolean default: false push: branches-ignore: - 'dependabot/**' paths: - '.github/workflows/appimage.yml' - 'dist/linux/appimage/**' - 'dist/linux/common/**' - 'dist/linux/resources/**' env: JAVA_DIST: 'temurin' JAVA_VERSION: '25.0.2+10.0.LTS' jobs: get-version: uses: ./.github/workflows/get-version.yml with: version: ${{ inputs.version }} #okay if not defined build: name: Build AppImage runs-on: ${{ matrix.os }} needs: [get-version] env: SEMVER_STR: ${{ needs.get-version.outputs.semVerStr }} SEMVER_NUM: ${{ needs.get-version.outputs.semVerNum }} REV_NUM: ${{ needs.get-version.outputs.revNum }} strategy: fail-fast: false matrix: include: - os: ubuntu-latest arch: x86_64 openjfx-url: 'https://download2.gluonhq.com/openjfx/25.0.2/openjfx-25.0.2_linux-x64_bin-jmods.zip' openjfx-sha: 'e0a9c29d8cf3af9b8b48848b43f87b5785bc107c53a951b19668ce05842bba1b' appimagetool-sha: 'ed4ce84f0d9caff66f50bcca6ff6f35aae54ce8135408b3fa33abfc3cb384eb0' - os: ubuntu-24.04-arm arch: aarch64 openjfx-url: 'https://download2.gluonhq.com/openjfx/25.0.2/openjfx-25.0.2_linux-aarch64_bin-jmods.zip' openjfx-sha: 'c3408f818693cce09e59829a8e862a82c7695fdfcd585c41cfd527f5fc3fe646' appimagetool-sha: 'f0837e7448a0c1e4e650a93bb3e85802546e60654ef287576f46c71c126a9158' steps: - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: Setup Java uses: actions/setup-java@be666c2fcd27ec809703dec50e508c2fdc7f6654 # v5.2.0 with: distribution: ${{ env.JAVA_DIST }} java-version: ${{ env.JAVA_VERSION }} check-latest: true cache: 'maven' - name: Download OpenJFX jmods id: download-jmods run: | curl --silent --fail-with-body --proto "=https" -L ${{ matrix.openjfx-url }} -o openjfx-jmods.zip echo "${{ matrix.openjfx-sha }} openjfx-jmods.zip" | shasum -a256 --check mkdir -p openjfx-jmods unzip -j openjfx-jmods.zip \*/javafx.base.jmod \*/javafx.controls.jmod \*/javafx.fxml.jmod \*/javafx.graphics.jmod -d openjfx-jmods - name: Ensure major jfx version in pom and in jmods is the same run: | JMOD_VERSION=$(jmod describe openjfx-jmods/javafx.base.jmod | head -1) JMOD_VERSION=${JMOD_VERSION#*@} JMOD_VERSION=${JMOD_VERSION%%.*} POM_JFX_VERSION=$(mvn help:evaluate "-Dexpression=javafx.version" -q -DforceStdout) POM_JFX_VERSION=${POM_JFX_VERSION#*@} POM_JFX_VERSION=${POM_JFX_VERSION%%.*} if [ $POM_JFX_VERSION -ne $JMOD_VERSION ]; then >&2 echo "Major JavaFX version in pom.xml (${POM_JFX_VERSION}) != amd64 jmod version (${JMOD_VERSION})" exit 1 fi - name: Set version run : mvn versions:set -DnewVersion="$SEMVER_STR" - name: Run maven run: mvn -B clean package -Plinux -DskipTests - name: Patch target dir run: | cp LICENSE.txt target cp target/cryptomator-*.jar target/mods - name: Run jlink with help option id: jep-493-check run: | JMOD_PATHS="openjfx-jmods" if ! ${JAVA_HOME}/bin/jlink --help | grep -q "Linking from run-time image enabled"; then JMOD_PATHS="${JAVA_HOME}/jmods:${JMOD_PATHS}" fi echo "jmod_paths=${JMOD_PATHS}" >> "$GITHUB_OUTPUT" - name: Run jlink #Remark: no compression is applied for improved build compression later (here appimage) run: > ${JAVA_HOME}/bin/jlink --verbose --output runtime --module-path "${JMOD_PATHS}" --add-modules java.base,java.desktop,java.instrument,java.logging,java.naming,java.net.http,java.scripting,java.sql,java.xml,javafx.base,javafx.graphics,javafx.controls,javafx.fxml,jdk.crypto.cryptoki,jdk.crypto.ec,jdk.unsupported,jdk.security.auth,jdk.accessibility,jdk.management.jfr,jdk.net,java.compiler --strip-native-commands --no-header-files --no-man-pages --strip-debug --compress zip-0 env: JMOD_PATHS: ${{ steps.jep-493-check.outputs.jmod_paths }} - name: Run jpackage run: > ${JAVA_HOME}/bin/jpackage --verbose --type app-image --runtime-image runtime --input target/libs --module-path target/mods --module org.cryptomator.desktop/org.cryptomator.launcher.Cryptomator --dest appdir --name Cryptomator --vendor "Skymatic GmbH" --copyright "(C) 2016 - 2026 Skymatic GmbH" --app-version "${SEMVER_NUM}.${REV_NUM}" --java-options "--enable-preview" --java-options "--enable-native-access=javafx.graphics,org.cryptomator.jfuse.linux.amd64,org.cryptomator.jfuse.linux.aarch64,org.purejava.appindicator" --java-options "-Xss5m" --java-options "-Xmx256m" --java-options "-Dcryptomator.appVersion=\"${SEMVER_STR}\"" --java-options "-Dfile.encoding=\"utf-8\"" --java-options "-Djava.net.useSystemProxies=true" --java-options "-Dcryptomator.adminConfigPath=\"/etc/cryptomator/config.properties\"" --java-options "-Dcryptomator.logDir=\"@{userhome}/.local/share/Cryptomator/logs\"" --java-options "-Dcryptomator.settingsPath=\"@{userhome}/.config/Cryptomator/settings.json:@{userhome}/.Cryptomator/settings.json\"" --java-options "-Dcryptomator.p12Path=\"@{userhome}/.config/Cryptomator/key.p12\"" --java-options "-Dcryptomator.ipcSocketPath=\"@{userhome}/.config/Cryptomator/ipc.socket\"" --java-options "-Dcryptomator.mountPointsDir=\"@{userhome}/.local/share/Cryptomator/mnt\"" --java-options "-Dcryptomator.showTrayIcon=true" --java-options "-Dcryptomator.integrationsLinux.trayIconsDir=\"@{appdir}/usr/share/icons/hicolor/symbolic/apps\"" --java-options "-Dcryptomator.buildNumber=\"appimage-${REV_NUM}\"" --java-options "-Dcryptomator.networking.truststore.p12Path=\"/etc/cryptomator/certs.p12\"" --java-options "-Dcryptomator.hub.enableTrustOnFirstUse=true" --java-options "-XX:ErrorFile=/cryptomator/cryptomator_crash.log" --resource-dir dist/linux/resources - name: Patch Cryptomator.AppDir run: | mv appdir/Cryptomator Cryptomator.AppDir cp -r dist/linux/appimage/resources/AppDir/* Cryptomator.AppDir/ cp dist/linux/common/org.cryptomator.Cryptomator256.png Cryptomator.AppDir/usr/share/icons/hicolor/256x256/apps/org.cryptomator.Cryptomator.png cp dist/linux/common/org.cryptomator.Cryptomator512.png Cryptomator.AppDir/usr/share/icons/hicolor/512x512/apps/org.cryptomator.Cryptomator.png cp dist/linux/common/org.cryptomator.Cryptomator.svg Cryptomator.AppDir/usr/share/icons/hicolor/scalable/apps/org.cryptomator.Cryptomator.svg cp dist/linux/common/org.cryptomator.Cryptomator.tray.svg Cryptomator.AppDir/usr/share/icons/hicolor/scalable/apps/org.cryptomator.Cryptomator.tray.svg cp dist/linux/common/org.cryptomator.Cryptomator.tray-unlocked.svg Cryptomator.AppDir/usr/share/icons/hicolor/scalable/apps/org.cryptomator.Cryptomator.tray-unlocked.svg cp dist/linux/common/org.cryptomator.Cryptomator.tray.svg Cryptomator.AppDir/usr/share/icons/hicolor/symbolic/apps/org.cryptomator.Cryptomator.tray-symbolic.svg cp dist/linux/common/org.cryptomator.Cryptomator.tray-unlocked.svg Cryptomator.AppDir/usr/share/icons/hicolor/symbolic/apps/org.cryptomator.Cryptomator.tray-unlocked-symbolic.svg cp dist/linux/common/org.cryptomator.Cryptomator.metainfo.xml Cryptomator.AppDir/usr/share/metainfo/org.cryptomator.Cryptomator.metainfo.xml cp dist/linux/common/org.cryptomator.Cryptomator.desktop Cryptomator.AppDir/usr/share/applications/org.cryptomator.Cryptomator.desktop cp dist/linux/common/application-vnd.cryptomator.vault.xml Cryptomator.AppDir/usr/share/mime/packages/application-vnd.cryptomator.vault.xml ln -s usr/share/icons/hicolor/scalable/apps/org.cryptomator.Cryptomator.svg Cryptomator.AppDir/org.cryptomator.Cryptomator.svg ln -s usr/share/icons/hicolor/scalable/apps/org.cryptomator.Cryptomator.svg Cryptomator.AppDir/.DirIcon ln -s usr/share/applications/org.cryptomator.Cryptomator.desktop Cryptomator.AppDir/org.cryptomator.Cryptomator.desktop ln -s org.cryptomator.Cryptomator.metainfo.xml Cryptomator.AppDir/usr/share/metainfo/org.cryptomator.Cryptomator.appdata.xml ln -s bin/cryptomator.sh Cryptomator.AppDir/AppRun - name: Download AppImageKit run: | curl --silent --fail-with-body --proto "=https" -L "https://github.com/AppImage/appimagetool/releases/download/1.9.1/appimagetool-${{ matrix.arch }}.AppImage" -o appimagetool.AppImage echo "${{ matrix.appimagetool-sha }} appimagetool.AppImage" | shasum -a256 --check chmod +x appimagetool.AppImage ./appimagetool.AppImage --appimage-extract - name: Prepare GPG-Agent for signing with key 615D449FE6E6A235 run: | echo "${GPG_PRIVATE_KEY}" | gpg --batch --quiet --import echo "${GPG_PASSPHRASE}" | gpg --batch --quiet --passphrase-fd 0 --pinentry-mode loopback -u 615D449FE6E6A235 --dry-run --sign README.md env: GPG_PRIVATE_KEY: ${{ secrets.RELEASES_GPG_PRIVATE_KEY }} GPG_PASSPHRASE: ${{ secrets.RELEASES_GPG_PASSPHRASE }} - name: Build AppImage run: > ./squashfs-root/AppRun Cryptomator.AppDir cryptomator-${SEMVER_STR}-${{ matrix.arch }}.AppImage -u "gh-releases-zsync|cryptomator|cryptomator|latest|cryptomator-*-${{ matrix.arch }}.AppImage.zsync" --sign --sign-key=615D449FE6E6A235 - name: Create detached GPG signatures run: | gpg --batch --quiet --passphrase-fd 0 --pinentry-mode loopback -u 615D449FE6E6A235 --detach-sign -a cryptomator-*.AppImage gpg --batch --quiet --passphrase-fd 0 --pinentry-mode loopback -u 615D449FE6E6A235 --detach-sign -a cryptomator-*.AppImage.zsync - name: Upload artifacts uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0 with: name: appimage-${{ matrix.arch }} path: | cryptomator-*.AppImage cryptomator-*.AppImage.zsync cryptomator-*.asc if-no-files-found: error - name: Publish AppImage on GitHub Releases if: startsWith(github.ref, 'refs/tags/') && github.event.action == 'published' uses: softprops/action-gh-release@153bb8e04406b158c6c84fc1615b65b24149a1fe # v2.6.1 with: fail_on_unmatched_files: true token: ${{ secrets.CRYPTOBOT_RELEASE_TOKEN }} files: | cryptomator-*.AppImage cryptomator-*.zsync cryptomator-*.asc create-aur-bin-pr: name: Create PR for aur-bin repo if: github.event_name == 'workflow_dispatch' && inputs.create-pr || github.event_name == 'release' && needs.get-version.outputs.versionType == 'stable' runs-on: ubuntu-latest needs: [build, get-version] container: image: archlinux:base-devel env: SEMVER_STR: ${{ needs.get-version.outputs.semVerStr }} PKGDEST: ${{ github.workspace }}/pkgdest SRCDEST: ${{ github.workspace }}/srcdest steps: - name: Prepare pacman run: | pacman-key --init pacman-key --populate archlinux pacman -Syu --noconfirm --needed git base-devel sudo gnupg maven unzip github-cli curl pacman-contrib - name: Checkout cryptomator/aur-bin uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: repository: 'cryptomator/aur-bin' token: ${{ secrets.CRYPTOBOT_PR_TOKEN }} - name: Create build user run: | useradd -m builder echo 'builder ALL=(ALL) NOPASSWD: ALL' >> /etc/sudoers.d/builder chown -R builder:builder "$GITHUB_WORKSPACE" install -d -m 0755 -o builder -g builder "$PKGDEST" "$SRCDEST" - name: Import Cryptomator release signing key # try first ubuntu. on failure try openpgp keyservers run: > sudo -u builder gpg --batch --keyserver hkps://keyserver.ubuntu.com --recv-keys 58117AFA1F85B3EEC154677D615D449FE6E6A235 || sudo -u builder gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys 58117AFA1F85B3EEC154677D615D449FE6E6A235 - name: Checkout release branch run: | git config --global safe.directory '*' git checkout -b "release/${SEMVER_STR}" - name: Update build file run: | sed -i -e "s|^pkgver=.*$|pkgver=${SEMVER_STR}|" PKGBUILD sed -i -e 's|^pkgrel=.*$|pkgrel=1|' PKGBUILD sudo -u builder updpkgsums sudo -u builder makepkg --printsrcinfo > .SRCINFO - name: Build package with makepkg run: > sudo -u builder env PKGDEST="$PKGDEST" SRCDEST="$SRCDEST" makepkg --syncdeps --cleanbuild --noconfirm --log - name: Commit and push run: | git config user.name "cryptobot" git config user.email "cryptobot@users.noreply.github.com" git config push.autoSetupRemote true git stage PKGBUILD .SRCINFO git commit -m "Prepare release ${SEMVER_STR}" git push - name: Create pull request id: create-pr run: | printf "Created by $GITHUB_SERVER_URL/$GITHUB_REPOSITORY/actions/runs/$GITHUB_RUN_ID" > pr_body.md PR_URL=$(gh pr create --title "Release ${SEMVER_STR}" --body-file pr_body.md) echo "url=$PR_URL" >> "$GITHUB_OUTPUT" env: GH_TOKEN: ${{ secrets.CRYPTOBOT_PR_TOKEN }} - name: Slack Notification uses: rtCamp/action-slack-notify@e31e87e03dd19038e411e38ae27cbad084a90661 # v2.3.3 env: SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK_CRYPTOMATOR_DESKTOP }} SLACK_USERNAME: 'Cryptobot' SLACK_ICON: false SLACK_ICON_EMOJI: ':bot:' SLACK_CHANNEL: 'cryptomator-desktop' SLACK_TITLE: "AUR-bin release PR for ${{ github.event.repository.name }} ${{ needs.get-version.outputs.semVerStr }} created." SLACK_MESSAGE: "See <${{ steps.create-pr.outputs.url }}|PR> on how to proceed." SLACK_FOOTER: false MSG_MINIMAL: true