Skip to content

Update dependencies to fix security vulnerabilities #1781

Update dependencies to fix security vulnerabilities

Update dependencies to fix security vulnerabilities #1781

Workflow file for this run

name: Build Windows Executable
on:
push:
branches:
- main
tags:
- "*"
pull_request:
branches:
- "**"
concurrency:
group: ${{ github.workflow }}-${{ github.head_ref || github.run_id }}
cancel-in-progress: true
jobs:
build:
runs-on: windows-2025
outputs:
version: ${{ steps.set-version.outputs.version }}
steps:
- uses: actions/checkout@v6
with:
fetch-depth: 0
fetch-tags: true
- name: Set Version
id: set-version
shell: bash
run: |
if [[ "${{ github.ref_type }}" == "tag" ]]; then
VERSION=${{ github.ref_name }}
elif git describe --tags >/dev/null 2>&1; then
VERSION=$(git describe --tags)
else
VERSION="0.0.0-$(git rev-parse --short HEAD)"
fi
if [ -z "$VERSION" ]; then
echo "Error: No git version number found!"
exit 1
fi
echo "VERSION=$VERSION" >> $GITHUB_ENV
echo "version=$VERSION" >> $GITHUB_OUTPUT
echo "Version: $VERSION"
- name: Set up MSYS2 Environment Shell
id: msys2
uses: msys2/setup-msys2@v2
with:
msystem: MINGW64
#update: true
# Minimal packages required to run the setup script itself
install: base-devel git unzip wget zip
- name: Configure Environment Paths
shell: msys2 {0}
run: |
# Use cygpath to reliably convert the runner's Windows path to an MSYS2 path.
# This is the standard and most robust method.
MSYS2_PATH_VAR=$(cygpath -u "${{ steps.msys2.outputs.msys2-location }}")
echo "MSYS2_PATH=$MSYS2_PATH_VAR" >> $GITHUB_ENV
# Add necessary binaries to the system PATH for subsequent steps
echo "$MSYS2_PATH_VAR/mingw64/bin" >> $GITHUB_PATH
echo "$MSYS2_PATH_VAR/usr/bin" >> $GITHUB_PATH
- name: Install Dependencies (win_setup.sh)
shell: msys2 {0}
run: |
# The MSYS2_PATH is required by the setup script to generate the .msys2_env file.
export MSYS2_PATH=${{ env.MSYS2_PATH }}
bash scripts/win/win_setup.sh
- name: Verify GI Typelib Files
shell: msys2 {0}
if: false
run: |
source $GITHUB_WORKSPACE/.msys2_env
echo "Listing GI typelib files:"
ls -l $GI_TYPELIB_PATH/*.typelib
- name: List MSYS2 packages
shell: msys2 {0}
if: false
run: |
source $GITHUB_WORKSPACE/.msys2_env
pacman --version
pacman -Q
- name: Check Cairo DLL Dependencies
shell: msys2 {0}
if: false
run: |
source $GITHUB_WORKSPACE/.msys2_env
$MSYS2_PATH/mingw64/bin/ntldd -R $MSYS2_PATH/mingw64/bin/libcairo-2.dll
$MSYS2_PATH/mingw64/bin/ntldd -R $MSYS2_PATH/mingw64/bin/libcairo-gobject-2.dll
$MSYS2_PATH/mingw64/bin/objdump -p $MSYS2_PATH/mingw64/bin/libcairo-2.dll | grep "DLL Name"
$MSYS2_PATH/mingw64/bin/objdump -p $MSYS2_PATH/mingw64/bin/libcairo-gobject-2.dll | grep "DLL Name"
- name: Run Test Suite (win_test.sh)
shell: msys2 {0}
run: |
# Enable debug logging for Python
export PYTHONUNBUFFERED=1
export PYTHONFAULTHANDLER=1
# Enable RUST backtrace for vtracer
export RUST_BACKTRACE=1
# The test script will source .msys2_env internally.
bash scripts/win/win_test.sh
- name: Run Build Process (win_build.sh)
shell: msys2 {0}
run: |
# The build script will source .msys2_env internally.
bash scripts/win/win_build.sh "${{ env.VERSION }}"
- name: Compress PyInstaller Bundle
shell: msys2 {0}
run: |
BUNDLE_DIR="dist/rayforge-v${{ env.VERSION }}"
ZIP_FILE="dist/rayforge-v${{ env.VERSION }}-windows-bundle.zip"
zip -r9 "${ZIP_FILE}" "${BUNDLE_DIR}"
- name: Upload PyInstaller bundle
uses: actions/upload-artifact@v4
with:
name: rayforge-v${{ steps.set-version.outputs.version }}-windows-bundle
path: dist/rayforge-v${{ steps.set-version.outputs.version }}-windows-bundle.zip
- name: Upload Installer Artifact
uses: actions/upload-artifact@v4
with:
name: rayforge-v${{ steps.set-version.outputs.version }}-installer.zip
path: dist/rayforge-v${{ steps.set-version.outputs.version }}-installer.exe
compression-level: 9
test-exe:
name: Test Executable
needs: build
runs-on: windows-latest
steps:
- uses: actions/checkout@v6
with:
fetch-depth: 0
- name: Download Artifact
uses: actions/download-artifact@v4
with:
name: rayforge-v${{ needs.build.outputs.version }}-windows-bundle
- name: Extract Bundle
shell: bash
run: |
unzip rayforge-v${{ needs.build.outputs.version }}-windows-bundle.zip
- name: Test Executable (CLI)
shell: bash
run: |
echo "Listing files in current directory:"
ls -l
# Define paths based on the extracted directory
BUNDLE_DIR="dist/rayforge-v${{ needs.build.outputs.version }}"
EXECUTABLE_NAME="rayforge-v${{ needs.build.outputs.version }}.exe"
echo "Listing files in extracted directory:"
ls -lR "${BUNDLE_DIR}"
echo "Running executable directly:"
./"${BUNDLE_DIR}/${EXECUTABLE_NAME}" --help
- name: Test Executable (UI Smoke Test)
shell: bash
run: |
bash scripts/win/win_run_ui_test.sh \
"dist/rayforge-v${{ needs.build.outputs.version }}" \
"rayforge-v${{ needs.build.outputs.version }}.exe"
release:
name: Create GitHub Release
needs: [build, test-exe]
runs-on: ubuntu-latest
if: startsWith(github.ref, 'refs/tags/') && github.repository == 'barebaric/rayforge'
outputs:
is_prerelease: ${{ steps.release_info.outputs.is_prerelease }}
steps:
- name: Determine release type
id: release_info
shell: bash
run: |
TAG="${{ github.ref_name }}"
if [[ "$TAG" =~ ^[0-9]+\.[0-9]+\.[0-9]+- ]]; then
echo "is_prerelease=true" >> "$GITHUB_OUTPUT"
else
echo "is_prerelease=false" >> "$GITHUB_OUTPUT"
fi
- name: Download Installer Artifact
uses: actions/download-artifact@v4
with:
# For the release, we use the installer artifact
name: rayforge-v${{ needs.build.outputs.version }}-installer.zip
- name: Create GitHub Release
uses: softprops/action-gh-release@v2
with:
# The file to attach to the release is the installer
files: rayforge-v${{ needs.build.outputs.version }}-installer.exe
draft: false
prerelease: ${{ steps.release_info.outputs.is_prerelease }}
name: Release ${{ needs.build.outputs.version }}
tag_name: ${{ github.ref_name }}
generate_release_notes: true
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}