Build openssl framework #627

Workflow file for this run

.github/workflows/release.yml at e67577a

	name: "Build openssl framework"

	on:
	push:
	branches: ["main"]
	schedule:
	- cron: "18 18 * * *"
	workflow_dispatch:

	permissions:
	packages: read
	contents: write

	concurrency: single_compile

	jobs:
	query:
	name: "Check for updates"
	runs-on: macos-14
	outputs:
	openssl_version: ${{ steps.query.outputs.openssl_version }}
	needs_update: ${{ steps.query.outputs.needs_update }}
	steps:
	- name: "Get latest release"
	id: query
	env:
	GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
	run: \|
	LATEST_OFFICIAL_OPENSSL_RELEASE=$(gh api /repos/openssl/openssl/tags --jq '.[].name' \| egrep '^openssl-[0-9\.]+$' \| sort -nr \| head -n1 \| sed 's/openssl-//')
	LATEST_OPENSSL_IOS_RELEASE=$(gh api /repos/tls-inspector/openssl-ios/releases/latest --jq '.name')
	echo "::notice ::Latest openssl release: ${LATEST_OFFICIAL_OPENSSL_RELEASE}, last published framework: ${LATEST_OPENSSL_IOS_RELEASE}"
	echo "openssl_version=${LATEST_OFFICIAL_OPENSSL_RELEASE}" >> $GITHUB_OUTPUT
	if [[ "${LATEST_OPENSSL_IOS_RELEASE}" != "${LATEST_OFFICIAL_OPENSSL_RELEASE}" ]]; then
	echo "needs_update=yes" >> $GITHUB_OUTPUT
	else
	echo "needs_update=no" >> $GITHUB_OUTPUT
	fi
	cat $GITHUB_OUTPUT
	update:
	name: "Compile"
	needs: query
	if: needs.query.outputs.needs_update == 'yes'
	runs-on: macos-14
	outputs:
	framework_checksum: ${{ steps.prepare.outputs.framework_checksum }}
	steps:
	- name: Checkout Source
	id: checkout
	uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 #pin v4.1.7
	- name: Compile Framework
	id: compile
	run: \|
	echo "Importing public keys"
	gpg --import ./openssl.asc
	echo 'trusted-key 0x216094DFD0CB81EF' >> ~/.gnupg/gpg.conf
	echo "Starting build"
	GPG_VERIFY=1 ./build-ios.sh ${{ needs.query.outputs.openssl_version }}
	- name: Capture Build Errors
	uses: actions/upload-artifact@50769540e7f4bd5e21e526ee35c689e35e0d6874 #pin v4.4.0
	if: failure()
	with:
	name: build_output
	path: build/*.log
	- name: Prepare Release
	id: prepare
	run: \|
	zip -r openssl.xcframework.zip openssl.xcframework/
	tar -cf openssl.tar build/openssl_*/artifacts/
	xz openssl.tar
	FRAMEWORK_SHASUM=$(shasum -a 256 openssl.xcframework.zip \| cut -d ' ' -f1)
	echo "framework_checksum=${FRAMEWORK_SHASUM}" >> $GITHUB_OUTPUT
	echo "::notice ::openssl.xcframework.zip checksum: ${FRAMEWORK_SHASUM}"
	BUILD_SHASUM=$(shasum -a 256 openssl.tar.xz \| cut -d ' ' -f1)
	echo "build_checksum=${BUILD_SHASUM}" >> $GITHUB_OUTPUT
	echo "::notice ::openssl.tar.xz checksum: ${BUILD_SHASUM}"
	echo "-----BEGIN EC PRIVATE KEY-----" >> private_key.pem
	echo '${{ secrets.SIGNING_KEY }}' >> private_key.pem
	echo "-----END EC PRIVATE KEY-----" >> private_key.pem
	openssl dgst -sign private_key.pem -sha256 -out openssl.xcframework.zip.sig openssl.xcframework.zip
	openssl dgst -sign private_key.pem -sha256 -out openssl.tar.xz.sig openssl.tar.xz
	rm -f private_key.pem
	- name: Make Release
	id: release
	run: \|
	echo 'Checksums:' > release.md
	echo '\|File Name\|SHA-256 Checksum\|' >> release.md
	echo '\|-\|-\|' >> release.md
	echo '\|`openssl.xcframework.zip`\|`${{ steps.prepare.outputs.framework_checksum }}`\|' >> release.md
	echo '\|`openssl.tar.xz`\|`${{ steps.prepare.outputs.build_checksum }}`\|' >> release.md
	gh release create --notes-file release.md -t "${{ needs.query.outputs.openssl_version }}" ${{ needs.query.outputs.openssl_version }} openssl.xcframework.zip openssl.xcframework.zip.sig openssl.tar.xz openssl.tar.xz.sig
	env:
	GH_TOKEN: ${{ github.token }}

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Build openssl framework #627

Workflow file

Build openssl framework #627

Jobs

Run details

Workflow file for this run