From 8e8f7dc5a8b05bfea56372f9aa9165cc37123113 Mon Sep 17 00:00:00 2001 From: Stef Tervelde Date: Fri, 14 Mar 2025 18:31:02 +0100 Subject: [PATCH 01/10] Sign on windows --- .github/workflows/release-gradle.yml | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) diff --git a/.github/workflows/release-gradle.yml b/.github/workflows/release-gradle.yml index 40810e3cc..cafc22ce3 100644 --- a/.github/workflows/release-gradle.yml +++ b/.github/workflows/release-gradle.yml @@ -173,3 +173,19 @@ jobs: run: snapcraft upload --release=beta app/build/compose/binaries/main/${{ matrix.binary }}.${{ matrix.extension }} env: SNAPCRAFT_STORE_CREDENTIALS: ${{ secrets.PROCESSING_SNAPCRAFT_TOKEN }} + + - name: Sign files with Trusted Signing + if: runner.os == 'Windows' + uses: azure/trusted-signing-action@v0 + with: + azure-tenant-id: ${{ secrets.AZURE_TENANT_ID }} + azure-client-id: ${{ secrets.AZURE_CLIENT_ID }} + azure-client-secret: ${{ secrets.AZURE_CLIENT_SECRET }} + endpoint: https://eus.codesigning.azure.net/ + trusted-signing-account-name: vscx-codesigning + certificate-profile-name: vscx-certificate-profile + files-folder: app/build/compose/binaries/main/msi + files-folder-filter: msi + file-digest: SHA256 + timestamp-rfc3161: http://timestamp.acs.microsoft.com + timestamp-digest: SHA256 \ No newline at end of file From 823cbf32aa37f79fd3ae7b2f475eb6ff066fb0c5 Mon Sep 17 00:00:00 2001 From: Stef Tervelde Date: Tue, 18 Mar 2025 11:38:00 +0100 Subject: [PATCH 02/10] Added missing variables in MS Signing [skip ci] --- .github/workflows/release-gradle.yml | 4 ++-- .gitignore | 2 ++ 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/.github/workflows/release-gradle.yml b/.github/workflows/release-gradle.yml index cafc22ce3..6e3bc35b3 100644 --- a/.github/workflows/release-gradle.yml +++ b/.github/workflows/release-gradle.yml @@ -182,8 +182,8 @@ jobs: azure-client-id: ${{ secrets.AZURE_CLIENT_ID }} azure-client-secret: ${{ secrets.AZURE_CLIENT_SECRET }} endpoint: https://eus.codesigning.azure.net/ - trusted-signing-account-name: vscx-codesigning - certificate-profile-name: vscx-certificate-profile + trusted-signing-account-name: ${{ secrets.AZURE_SIGNING_ACCOUNT_NAME }} + certificate-profile-name: ${{ secrets.AZURE_CERTIFICATE_PROFILE_NAME }} files-folder: app/build/compose/binaries/main/msi files-folder-filter: msi file-digest: SHA256 diff --git a/.gitignore b/.gitignore index 7faa26d70..26b5b9756 100644 --- a/.gitignore +++ b/.gitignore @@ -113,3 +113,5 @@ java/build/ .build/ /app/windows/obj +/java/gradle/build +/java/gradle/example/.processing From 82f4abc1b3fe6308b80a2ef6c8f2852b62c3d8cc Mon Sep 17 00:00:00 2001 From: Stef Tervelde Date: Tue, 18 Mar 2025 12:25:27 +0100 Subject: [PATCH 03/10] Sign before upload [skip ci] --- .github/workflows/release-gradle.yml | 34 +++++++++++++++------------- 1 file changed, 18 insertions(+), 16 deletions(-) diff --git a/.github/workflows/release-gradle.yml b/.github/workflows/release-gradle.yml index 6e3bc35b3..ca0f22551 100644 --- a/.github/workflows/release-gradle.yml +++ b/.github/workflows/release-gradle.yml @@ -153,13 +153,29 @@ jobs: ORG_GRADLE_PROJECT_compose.desktop.mac.notarization.password: ${{ secrets.PROCESSING_APP_PASSWORD }} ORG_GRADLE_PROJECT_compose.desktop.mac.notarization.teamID: ${{ secrets.PROCESSING_TEAM_ID }} ORG_GRADLE_PROJECT_snapname: ${{ vars.SNAP_NAME }} + + - name: Sign files with Trusted Signing + if: runner.os == 'Windows' + uses: azure/trusted-signing-action@v0 + with: + azure-tenant-id: ${{ secrets.AZURE_TENANT_ID }} + azure-client-id: ${{ secrets.AZURE_CLIENT_ID }} + azure-client-secret: ${{ secrets.AZURE_CLIENT_SECRET }} + endpoint: https://eus.codesigning.azure.net/ + trusted-signing-account-name: ${{ secrets.AZURE_SIGNING_ACCOUNT_NAME }} + certificate-profile-name: ${{ secrets.AZURE_CERTIFICATE_PROFILE_NAME }} + files-folder: app/build/compose/binaries/main/msi + files-folder-filter: msi + file-digest: SHA256 + timestamp-rfc3161: http://timestamp.acs.microsoft.com + timestamp-digest: SHA256 - name: Upload portables to release uses: svenstaro/upload-release-action@v2 with: repo_token: ${{ secrets.GITHUB_TOKEN }} asset_name: processing-${{ needs.version.outputs.version }}-${{ matrix.os_prefix }}-${{ matrix.arch }}-portable.zip - file: app/build/compose/binaries/main/Processing-${{ needs.version.outputs.version }}.zip + file: app/build/compose/binaries/main/app - name: Upload installers to release uses: svenstaro/upload-release-action@v2 @@ -174,18 +190,4 @@ jobs: env: SNAPCRAFT_STORE_CREDENTIALS: ${{ secrets.PROCESSING_SNAPCRAFT_TOKEN }} - - name: Sign files with Trusted Signing - if: runner.os == 'Windows' - uses: azure/trusted-signing-action@v0 - with: - azure-tenant-id: ${{ secrets.AZURE_TENANT_ID }} - azure-client-id: ${{ secrets.AZURE_CLIENT_ID }} - azure-client-secret: ${{ secrets.AZURE_CLIENT_SECRET }} - endpoint: https://eus.codesigning.azure.net/ - trusted-signing-account-name: ${{ secrets.AZURE_SIGNING_ACCOUNT_NAME }} - certificate-profile-name: ${{ secrets.AZURE_CERTIFICATE_PROFILE_NAME }} - files-folder: app/build/compose/binaries/main/msi - files-folder-filter: msi - file-digest: SHA256 - timestamp-rfc3161: http://timestamp.acs.microsoft.com - timestamp-digest: SHA256 \ No newline at end of file + \ No newline at end of file From 3cd1745f7812af59e4d1327f740992162fbaa297 Mon Sep 17 00:00:00 2001 From: Stef Tervelde Date: Tue, 18 Mar 2025 12:43:14 +0100 Subject: [PATCH 04/10] Sign Portable & Fix Portable --- .github/workflows/release-gradle.yml | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/.github/workflows/release-gradle.yml b/.github/workflows/release-gradle.yml index ca0f22551..3351704d2 100644 --- a/.github/workflows/release-gradle.yml +++ b/.github/workflows/release-gradle.yml @@ -164,8 +164,10 @@ jobs: endpoint: https://eus.codesigning.azure.net/ trusted-signing-account-name: ${{ secrets.AZURE_SIGNING_ACCOUNT_NAME }} certificate-profile-name: ${{ secrets.AZURE_CERTIFICATE_PROFILE_NAME }} - files-folder: app/build/compose/binaries/main/msi - files-folder-filter: msi + files-folder: app/build/compose/binaries/main + files-folder-filter: msi,exe,dll + files-folder-recurse: true + files-folder-depth: 8 file-digest: SHA256 timestamp-rfc3161: http://timestamp.acs.microsoft.com timestamp-digest: SHA256 @@ -175,7 +177,8 @@ jobs: with: repo_token: ${{ secrets.GITHUB_TOKEN }} asset_name: processing-${{ needs.version.outputs.version }}-${{ matrix.os_prefix }}-${{ matrix.arch }}-portable.zip - file: app/build/compose/binaries/main/app + file: app/build/compose/binaries/main/app/* + file_glob: true - name: Upload installers to release uses: svenstaro/upload-release-action@v2 From 8d228d50ca75253f8ffe2e51698a9091369197ff Mon Sep 17 00:00:00 2001 From: Stef Tervelde Date: Tue, 18 Mar 2025 12:54:20 +0100 Subject: [PATCH 05/10] Only sign .exe & .msi [skip ci] --- .github/workflows/release-gradle.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/release-gradle.yml b/.github/workflows/release-gradle.yml index 3351704d2..417f9e58e 100644 --- a/.github/workflows/release-gradle.yml +++ b/.github/workflows/release-gradle.yml @@ -165,9 +165,9 @@ jobs: trusted-signing-account-name: ${{ secrets.AZURE_SIGNING_ACCOUNT_NAME }} certificate-profile-name: ${{ secrets.AZURE_CERTIFICATE_PROFILE_NAME }} files-folder: app/build/compose/binaries/main - files-folder-filter: msi,exe,dll + files-folder-filter: msi,exe files-folder-recurse: true - files-folder-depth: 8 + files-folder-depth: 2 file-digest: SHA256 timestamp-rfc3161: http://timestamp.acs.microsoft.com timestamp-digest: SHA256 From e0fa5d3634b5de0c04943d186b107c74976c7d0f Mon Sep 17 00:00:00 2001 From: Stef Tervelde Date: Tue, 18 Mar 2025 13:09:22 +0100 Subject: [PATCH 06/10] Just sign the .msi [skip ci] --- .github/workflows/release-gradle.yml | 9 +++------ 1 file changed, 3 insertions(+), 6 deletions(-) diff --git a/.github/workflows/release-gradle.yml b/.github/workflows/release-gradle.yml index 417f9e58e..f72780b71 100644 --- a/.github/workflows/release-gradle.yml +++ b/.github/workflows/release-gradle.yml @@ -164,10 +164,8 @@ jobs: endpoint: https://eus.codesigning.azure.net/ trusted-signing-account-name: ${{ secrets.AZURE_SIGNING_ACCOUNT_NAME }} certificate-profile-name: ${{ secrets.AZURE_CERTIFICATE_PROFILE_NAME }} - files-folder: app/build/compose/binaries/main - files-folder-filter: msi,exe - files-folder-recurse: true - files-folder-depth: 2 + files-folder: app/build/compose/binaries/main/msi + files-folder-filter: msi file-digest: SHA256 timestamp-rfc3161: http://timestamp.acs.microsoft.com timestamp-digest: SHA256 @@ -177,8 +175,7 @@ jobs: with: repo_token: ${{ secrets.GITHUB_TOKEN }} asset_name: processing-${{ needs.version.outputs.version }}-${{ matrix.os_prefix }}-${{ matrix.arch }}-portable.zip - file: app/build/compose/binaries/main/app/* - file_glob: true + file: app/build/compose/binaries/main/Processing-${{ needs.version.outputs.version }}.zip - name: Upload installers to release uses: svenstaro/upload-release-action@v2 From 3333c6de48354f781d099044771a554409cc9c84 Mon Sep 17 00:00:00 2001 From: Stef Tervelde Date: Thu, 20 Mar 2025 16:55:36 +0100 Subject: [PATCH 07/10] Better snap compatibility --- app/build.gradle.kts | 1 + app/src/processing/app/platform/LinuxPlatform.java | 7 +++++-- 2 files changed, 6 insertions(+), 2 deletions(-) diff --git a/app/build.gradle.kts b/app/build.gradle.kts index 3384d688c..3b7088e79 100644 --- a/app/build.gradle.kts +++ b/app/build.gradle.kts @@ -238,6 +238,7 @@ tasks.register("generateSnapConfiguration"){ - x11 - network - opengl + - home parts: processing: diff --git a/app/src/processing/app/platform/LinuxPlatform.java b/app/src/processing/app/platform/LinuxPlatform.java index cda629192..be164d701 100644 --- a/app/src/processing/app/platform/LinuxPlatform.java +++ b/app/src/processing/app/platform/LinuxPlatform.java @@ -33,8 +33,7 @@ public class LinuxPlatform extends DefaultPlatform { - // Switched to use ~ as the home directory for compatibility with snap - String homeDir = "~"; + String homeDir; public void initBase(Base base) { @@ -107,6 +106,10 @@ public File getSettingsFolder() throws Exception { configHome = null; // don't use non-existent folder } } + String snapUserCommon = System.getenv("SNAP_USER_COMMON"); + if (snapUserCommon != null && !snapUserCommon.isBlank()) { + configHome = new File(snapUserCommon); + } // If not set properly, use the default if (configHome == null) { configHome = new File(getHomeDir(), ".config"); From 821c45e7c84aadfe04483ceb6329f87c46a1b60f Mon Sep 17 00:00:00 2001 From: Stef Tervelde Date: Thu, 20 Mar 2025 18:49:14 +0100 Subject: [PATCH 08/10] Don't upgrade the JDK --- .github/workflows/release-gradle.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/release-gradle.yml b/.github/workflows/release-gradle.yml index f72780b71..16e8984e3 100644 --- a/.github/workflows/release-gradle.yml +++ b/.github/workflows/release-gradle.yml @@ -134,7 +134,7 @@ jobs: - name: Install Java uses: actions/setup-java@v4 with: - java-version: '17' + java-version: '17.0.8' distribution: 'temurin' architecture: ${{ matrix.arch }} - name: Setup Gradle From dc0f347d8de693f879bdb7d1b2b591e475a0ad99 Mon Sep 17 00:00:00 2001 From: Stef Tervelde Date: Thu, 20 Mar 2025 19:32:44 +0100 Subject: [PATCH 09/10] Fixed Contributions Download URL --- app/build.gradle.kts | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/app/build.gradle.kts b/app/build.gradle.kts index 3b7088e79..ec02e2c86 100644 --- a/app/build.gradle.kts +++ b/app/build.gradle.kts @@ -52,7 +52,7 @@ compose.desktop { jvmArgs(*listOf( Pair("processing.version", rootProject.version), Pair("processing.revision", findProperty("revision") ?: Int.MAX_VALUE), - Pair("processing.contributions.source", "https://download.processing.org/contribs.txt"), + Pair("processing.contributions.source", "https://contributions.processing.org/contribs"), Pair("processing.download.page", "https://processing.org/download/"), Pair("processing.download.latest", "https://processing.org/download/latest.txt"), Pair("processing.tutorials", "https://processing.org/tutorials/"), From 02e07006dd3716d9cb73cee172a46a2e807edc0d Mon Sep 17 00:00:00 2001 From: Stef Tervelde Date: Fri, 21 Mar 2025 10:13:25 +0100 Subject: [PATCH 10/10] CI Naming update --- .github/workflows/build.yml | 2 +- .github/workflows/pull_request.yml | 2 +- .github/workflows/release.yml | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 4182c98b0..b1b7f9ad6 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -1,4 +1,4 @@ -name: Pre-releases +name: Branch Builds (Legacy) on: push: paths-ignore: diff --git a/.github/workflows/pull_request.yml b/.github/workflows/pull_request.yml index 02a71ba3c..5831a166a 100644 --- a/.github/workflows/pull_request.yml +++ b/.github/workflows/pull_request.yml @@ -1,4 +1,4 @@ -name: Pull Requests +name: Pull Requests (Legacy) on: pull_request: paths-ignore: diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 44681a78f..bf4d33cd8 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -1,4 +1,4 @@ -name: Releases +name: Releases (Legacy) on: release: types: [published]