Skip to content

feat: add CI build check and publish release workflows #2

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
andrescera wants to merge 3 commits into
base: master
Choose a base branch
from
Open

feat: add CI build check and publish release workflows #2

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
1992a3a
feat: add CI build check and publish release workflows
andrescera Jan 15, 2026
8ccaaf4
fix: use find to verify library build location
andrescera Jan 15, 2026
fba4864
docs: add dependency chain to release notes
andrescera Jan 15, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
62 changes: 62 additions & 0 deletions .github/workflows/build-check.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,62 @@
name: Build Check

on:
push:
branches: [main, master]
pull_request:
branches: [main, master]

jobs:
build:
name: Build ${{ matrix.arch }}
runs-on: ubuntu-latest
strategy:
matrix:
arch: [arm64, amd64]
steps:
- name: Checkout code
uses: actions/checkout@v4

- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3

- name: Set up QEMU
uses: docker/setup-qemu-action@v3

- name: Build SRT for ${{ matrix.arch }}
run: |
PLATFORM="linux/${{ matrix.arch }}"

docker buildx build \
--platform "$PLATFORM" \
--load \
-t srt-builder:${{ matrix.arch }} \
-f - . <<'DOCKERFILE'
FROM debian:bookworm-slim
RUN apt-get update && apt-get install -y \
build-essential \
cmake \
git \
libssl-dev \
pkg-config \
tclsh \
&& rm -rf /var/lib/apt/lists/*
WORKDIR /build
COPY . .
RUN cmake -B build \
-DCMAKE_BUILD_TYPE=Release \
-DENABLE_APPS=OFF \
-DENABLE_BONDING=ON \
-DENABLE_ENCRYPTION=ON \
&& cmake --build build -j$(nproc)
DOCKERFILE

- name: Verify library was built
run: |
docker run --rm srt-builder:${{ matrix.arch }} find /build/build -name "libsrt.so*" -ls

- name: Build Summary
run: |
echo "## ✅ Build Check Passed" >> $GITHUB_STEP_SUMMARY
echo "" >> $GITHUB_STEP_SUMMARY
echo "**Architecture:** ${{ matrix.arch }}" >> $GITHUB_STEP_SUMMARY
285 changes: 285 additions & 0 deletions .github/workflows/publish-release.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,285 @@
name: Publish Release

on:
workflow_dispatch:
inputs:
release_type:
description: "Release type"
required: true
type: choice
options:
- stable
- beta
default: stable

jobs:
calculate-version:
name: Calculate Version
runs-on: ubuntu-latest
outputs:
version: ${{ steps.calver.outputs.version }}
channel: ${{ steps.calver.outputs.channel }}
steps:
- name: Checkout code
uses: actions/checkout@v4
with:
fetch-depth: 0

- name: Calculate CalVer version
id: calver
env:
RELEASE_TYPE: ${{ github.event.inputs.release_type || 'beta' }}
run: |
YEAR=$(date -u +"%Y")
MONTH=$(date -u +"%-m")
IS_BETA=$([[ "$RELEASE_TYPE" == "beta" ]] && echo "true" || echo "false")

PREFIX="v${YEAR}.${MONTH}"

if [ "$IS_BETA" == "true" ]; then
LATEST_BETA=$(git tag -l "${PREFIX}.*-beta.*" | sed -E "s/.*-beta\.([0-9]+)/\1/" | sort -n | tail -1)
if [ -z "$LATEST_BETA" ]; then
BETA_NUM=1
else
BETA_NUM=$((LATEST_BETA + 1))
fi
LATEST_STABLE=$(git tag -l "${PREFIX}.*" | grep -v beta | sed "s/${PREFIX}\.//" | sort -n | tail -1)
PATCH=${LATEST_STABLE:-0}
NEXT_PATCH=$((PATCH + 1))
VERSION="${YEAR}.${MONTH}.${NEXT_PATCH}-beta.${BETA_NUM}"
CHANNEL="beta"
else
LATEST_PATCH=$(git tag -l "${PREFIX}.*" | grep -v beta | sed "s/${PREFIX}\.//" | sort -n | tail -1)
if [ -z "$LATEST_PATCH" ]; then
PATCH=0
else
PATCH=$((LATEST_PATCH + 1))
fi
VERSION="${YEAR}.${MONTH}.${PATCH}"
CHANNEL="stable"
fi

echo "version=${VERSION}" >> $GITHUB_OUTPUT
echo "channel=${CHANNEL}" >> $GITHUB_OUTPUT
echo "Version: ${VERSION} (Channel: ${CHANNEL})"

build-deb:
name: Build Debian Package (${{ matrix.arch }})
needs: calculate-version
runs-on: ubuntu-latest
strategy:
matrix:
arch: [arm64, amd64]
steps:
- name: Checkout code
uses: actions/checkout@v4

- name: Set up QEMU
if: matrix.arch == 'arm64'
uses: docker/setup-qemu-action@v3

- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3

- name: Build in Docker (${{ matrix.arch }})
run: |
mkdir -p build-output

cat > Dockerfile.build << 'DOCKERFILE'
FROM debian:bookworm

RUN apt-get update && apt-get install -y \
build-essential \
cmake \
pkg-config \
libssl-dev \
tclsh \
&& rm -rf /var/lib/apt/lists/*

WORKDIR /src
COPY . .

RUN mkdir _build && cd _build && \
cmake ../ \
-DCMAKE_BUILD_TYPE=Release \
-DCMAKE_INSTALL_PREFIX=/usr \
-DENABLE_STDCXX_SYNC=ON \
-DENABLE_ENCRYPTION=ON \
-DENABLE_BONDING=ON \
-DENABLE_APPS=ON \
-DENABLE_UNITTESTS=OFF \
-DENABLE_TESTING=OFF

RUN cd _build && cmake --build . -j$(nproc)
RUN cd _build && DESTDIR=/output cmake --install .
DOCKERFILE

docker buildx build \
--platform linux/${{ matrix.arch }} \
--output type=local,dest=build-output \
-f Dockerfile.build \
.

- name: Install FPM
run: |
sudo apt-get update
sudo apt-get install -y ruby-dev gcc g++
sudo gem install fpm

- name: Create packages
env:
VERSION: ${{ needs.calculate-version.outputs.version }}
ARCH: ${{ matrix.arch }}
run: |
mkdir -p dist

# Create .deb package
fpm -s dir -t deb \
-n srt \
-v "${VERSION}" \
-a "${ARCH}" \
--description "SRT - Secure Reliable Transport library and tools" \
--maintainer "CERALIVE <contact@ceralive.com>" \
--url "https://github.com/CERALIVE/srt" \
--license "MPL-2.0" \
--depends "libssl3" \
-p "dist/srt_${VERSION}_${ARCH}.deb" \
build-output/usr/=/usr/

# Create .tar.gz archive
mkdir -p tarball/srt-${VERSION}
cp -r build-output/usr/* tarball/srt-${VERSION}/
cd tarball
tar -czvf ../dist/srt_${VERSION}_${ARCH}.tar.gz srt-${VERSION}
cd ..

# Create checksums
cd dist
sha256sum srt_${VERSION}_${ARCH}.deb > srt_${VERSION}_${ARCH}.deb.sha256
sha256sum srt_${VERSION}_${ARCH}.tar.gz > srt_${VERSION}_${ARCH}.tar.gz.sha256

- name: Upload artifact
uses: actions/upload-artifact@v4
with:
name: srt-${{ matrix.arch }}
path: |
dist/*.deb
dist/*.tar.gz
dist/*.sha256

sign-and-publish:
name: Sign and Publish to R2
needs: [calculate-version, build-deb]
runs-on: ubuntu-latest
steps:
- name: Download all artifacts
uses: actions/download-artifact@v4
with:
path: artifacts

- name: Prepare dist directory
run: |
mkdir -p dist/arm64 dist/amd64 dist/release
mv artifacts/srt-arm64/*.deb dist/arm64/
mv artifacts/srt-amd64/*.deb dist/amd64/
cp artifacts/srt-arm64/*.tar.gz dist/release/
cp artifacts/srt-amd64/*.tar.gz dist/release/
cp artifacts/srt-arm64/*.sha256 dist/release/
cp artifacts/srt-amd64/*.sha256 dist/release/

- name: Import GPG key
run: |
echo "${{ secrets.DEB_SIGNING_KEY_B64 }}" | base64 -d | gpg --batch --import

- name: Install apt-utils
run: sudo apt-get update && sudo apt-get install -y apt-utils

- name: Generate and sign repo metadata (arm64)
run: |
cd dist/arm64
dpkg-scanpackages . > Packages
gzip -k Packages
apt-ftparchive release . > Release
gpg --batch --yes -abs -o Release.gpg Release
gpg --batch --yes --clearsign -o InRelease Release

- name: Generate and sign repo metadata (amd64)
run: |
cd dist/amd64
dpkg-scanpackages . > Packages
gzip -k Packages
apt-ftparchive release . > Release
gpg --batch --yes -abs -o Release.gpg Release
gpg --batch --yes --clearsign -o InRelease Release

- name: Install AWS CLI
run: |
curl "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip" -o "awscliv2.zip"
unzip -q awscliv2.zip
sudo ./aws/install

- name: Upload to R2
env:
R2_ACCESS_KEY_ID: ${{ secrets.R2_ACCESS_KEY_ID }}
R2_SECRET_ACCESS_KEY: ${{ secrets.R2_SECRET_ACCESS_KEY }}
R2_ENDPOINT: ${{ secrets.R2_ENDPOINT }}
R2_BUCKET: ${{ secrets.R2_BUCKET }}
CHANNEL: ${{ needs.calculate-version.outputs.channel }}
run: |
aws configure set aws_access_key_id "$R2_ACCESS_KEY_ID"
aws configure set aws_secret_access_key "$R2_SECRET_ACCESS_KEY"

aws s3 sync dist/arm64/ "s3://$R2_BUCKET/dists/$CHANNEL/binary-arm64/" \
--endpoint-url "$R2_ENDPOINT"
aws s3 sync dist/amd64/ "s3://$R2_BUCKET/dists/$CHANNEL/binary-amd64/" \
--endpoint-url "$R2_ENDPOINT"

- name: Create GitHub Release
uses: softprops/action-gh-release@v2
with:
tag_name: v${{ needs.calculate-version.outputs.version }}
name: srt v${{ needs.calculate-version.outputs.version }}
prerelease: ${{ needs.calculate-version.outputs.channel == 'beta' }}
files: |
dist/arm64/*.deb
dist/amd64/*.deb
dist/release/*.tar.gz
dist/release/*.sha256
body: |
## srt v${{ needs.calculate-version.outputs.version }}

SRT (Secure Reliable Transport) library with bonding and encryption support.

### Dependency Chain
```
srt (this package) ← base package
└── libssl3

Used by:
└── srtla → ceracoder → ceralive-device
```

### Debian Packages
| Architecture | Package |
|--------------|---------|
| ARM64 | `srt_${{ needs.calculate-version.outputs.version }}_arm64.deb` |
| AMD64 | `srt_${{ needs.calculate-version.outputs.version }}_amd64.deb` |

### Binary Archives
| Architecture | Archive |
|--------------|---------|
| ARM64 | `srt_${{ needs.calculate-version.outputs.version }}_arm64.tar.gz` |
| AMD64 | `srt_${{ needs.calculate-version.outputs.version }}_amd64.tar.gz` |

### Installation

**Debian/Ubuntu:**
```bash
sudo dpkg -i srt_${{ needs.calculate-version.outputs.version }}_<arch>.deb
```

**Manual:**
```bash
tar -xzf srt_${{ needs.calculate-version.outputs.version }}_<arch>.tar.gz
sudo cp -r srt-${{ needs.calculate-version.outputs.version }}/* /usr/
```
Loading