mirrors/bitcoin-s
1
0
Fork 0
mirror of https://github.com/bitcoin-s/bitcoin-s.git synced 2025-03-03 18:47:38 +01:00
Code Issues Projects Releases Packages Wiki Activity

Add server build matrix, mac,linux electron builds (#4434)

Browse source 
* Github electron release workflow

* Remove setup-node working-directory

* Suredbits Wallet linux workflow

* Build Mac krystalbull, Windows setup/install monorepo

* Build Mac Suredbits Wallet

* Test sign Electron Krystal Bull app

* Try fixed path

* Try different env var notation

* Change env var access notation

* Change env var access notation

* Add "$VAR"

* Quote more variables

* Test sign oracle-electron dmg directly

* Change comment

* Try again

* Try again

* Test build dep

* Test

* Test pull .zip artifact from previous build step

* Build after adding artifact folder support

* Matrix zips building

* os.target -> matrix.target

* Remove unused os references

* matrix zips and electron builds

* Add oses

* shell: bash

* shell: bash

* view artifacts

* Magic colon

* Add back javafx builds

* Optimize zip builds?

* Fix linux electron suredbits wallet

* Single build

* Separate JavaFX builds and cleanup

* Test sign wallet

* Take out non-mac builds for now

* Test build

* Test build with wildcard names directly

* Test build with wildcard names directly

* Test non-wildcard build

* Test keystore auth

* Test keychain again

* Try email as keychain key

* JavaFX build

* Try to notarize with keychain

* test notarize from keychain on javafx

* Try different keychain item name

* Try another keychain item name

* Test another keychain key

* Try another key

* Test Krystal Bull Electron signing/notarization

* Test keychain unlock and Team Id

* Import certs

* Test

* Test

* test

* test

* Test with keychain notarize

* Test

* Test short signing id

* Manually sign .app

* Try again

* Try again

* Try again

* Echo

* Echo

* Echo

* Echo

* server oracle electron build/sign/notarize

* manually sign after electron build

* Again

* Again

* Again

* Again

* Test staple

* Again

* Again

* Adjust password notarizing

* Sign dmg

* Only sign dmg

* Test implied matrix.* env var

* Sign app, sign dmg

* Again

* Electron native signing with keychain name

* again

* Make signing_temp.keychain before electron build

* Change keychain to signing_temp

* Back to signing_temp.keychain

* Notarize .zip

* Remove electron signing

* Add notarytool commands

* Unlock notarytool

* Add AC_PASSWORD

* store-creditials earlier

* Add codesign debugs

* gatekeeper-access: false, sign and notarize with electron forge

* Test run platform specific config

* Remove my-build/

* Test $KB_MAKE in artifact path

* Check dmg signing

* Check signing on wallet

* Again

* Fix env vars

* again

* Fix env var expansion

* again

* again

* again

* again

* again

* Add wallet entitlements.plist

* Turn other platform builds back on

* Mac zip only

* zip only

* cleanup

* macos manual sign apps

* comment

* Remove ubuntu electron build

* Test notarize KB

* Test windows build

* Build Windows KB

* mac,linux,win zips mac,linux electron builds

* Zip signed app

* Test mac zip after sign

* wallet cleanup

* again

* again

* Fix env vars

* No signing

* Move output .zips into /make

* Manual sign KB

* Manual sign again

* Again

* No signing

* Turn all builds back on

* Add debug flag, take out windows electron build

* Remove branch name from bitcoin-s-ts checkout
This commit is contained in:
user411 2022-06-28 09:49:17 -06:00 committed by GitHub
parent 42564bc810
commit 76694a55e9
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
2 changed files with 518 additions and 344 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

177
.github/workflows/javafx.yml vendored Normal file
View file

@ -0,0 +1,177 @@
# Legacy JavaFX Desktop Application builds
name: JavaFX Desktop Apps
on:
push:
branches: [master, main]
tags: ["*"]
release:
types: [ published ]
env:
pkg-assembly: 'bitcoin-s-bundle.jar'
pkg-name: 'bitcoin-s'
jobs:
javafx-macos:
runs-on: [ macos-latest ]
steps:
- name: Checkout repo
uses: actions/checkout@v3
with:
fetch-depth: 0
- name: Setup Scala
uses: olafurpg/setup-scala@v13
with:
java-version: openjdk@1.17.0
- name: Get Previous tag
id: previoustag
uses: WyriHaximus/github-action-get-previous-tag@v1
with:
fallback: 0.0.0 # Optional fallback tag to use when no tag can be found
- name: Import developer cert to keychain
uses: apple-actions/import-codesign-certs@v1
with:
create-keychain: true
p12-file-base64: ${{ secrets.CERTIFICATES_P12 }}
p12-password: ${{ secrets.CERTIFICATES_P12_PASSWORD }}
keychain-password: ${{ secrets.CERTIFICATES_P12_PASSWORD }}
- name: Build fat jar
run: sbt "bundle/assembly"
- name: Add cert to keychain and unlock keychain & build and sign dmg
env:
pkg-version: ${{steps.previoustag.outputs.tag}}
MACOS_CERTIFICATE_PWD: ${{ secrets.CERTIFICATES_P12_PASSWORD }}
MAC_NOTARIZATION_PW: ${{secrets.MAC_NOTARIZATION_PW}}
# Steps to build a fully signed and notarized bitcoin-s dmg
# 1. Unlock the OS x keychain so we don't have to input passwords via GUI prompts
# 2. Build bitcoin-s.app that is recursively signed with jpackage --mac-sign
# 3. Build an unsigned dmg that contains bitcoin-s.app inside of it (no idea why --mac-sign doesn't work with --type dmg)
# 4. Sign the dmg with codesign (jpackage dmg signing is broken for some reason)
# 5. Submit the dmg to apple's notarization service so can get it whitelisted for installation (see: https://developer.apple.com/documentation/security/notarizing_macos_software_before_distribution)
# 6. Sleep until apple notorization is done
# 7. Retrieve the signature and staple it to the dmg to so network requests do not need to be made to open the dmg
# 8. Check all signatures on bitcoin-s.app (see: https://developer.apple.com/documentation/security/notarizing_macos_software_before_distribution/resolving_common_notarization_issues#3087735)
# 9. Check all dmg signatures
# 10. Display information about signed dmg
run: |
echo "Hello world"
java -version
jpackage --version
ls -l
security unlock-keychain -p $MACOS_CERTIFICATE_PWD signing_temp.keychain
security set-key-partition-list -S apple-tool:,apple:,codesign: -s -k $MACOS_CERTIFICATE_PWD signing_temp.keychain
echo "===========jpackage app image begin================"
jpackage --verbose --name ${{ env.pkg-name }} --app-version ${{steps.previoustag.outputs.tag}} --mac-package-name ${{ env.pkg-name }} --type app-image -i app/bundle/target/scala-2.13/ --main-class org.bitcoins.bundle.gui.BundleGUI --main-jar ${{ env.pkg-assembly }} --icon app/gui/src/main/resources/icons/bitcoin-s.icns --mac-sign --mac-signing-keychain /Users/runner/Library/Keychains/signing_temp.keychain-db --mac-signing-key-user-name "Chris Stewart (9ZG3GPKHX8)"
echo "===========jpackage dmg begin================"
jpackage --verbose --name ${{ env.pkg-name }} --app-version ${{steps.previoustag.outputs.tag}} --mac-package-name ${{ env.pkg-name }} --type dmg --app-image bitcoin-s.app --mac-sign --mac-signing-key-user-name "Chris Stewart (9ZG3GPKHX8)"
echo "Signing dmg with code sign"
codesign -s "Developer ID Application: Chris Stewart (9ZG3GPKHX8)" --options runtime -vvvv --deep ${{ env.pkg-name }}-${{steps.previoustag.outputs.tag}}.dmg
echo "Running xcrun alttool --notarize app"
REQUEST_UUID=$(xcrun altool --notarize-app --primary-bundle-id "org.bitcoins.bundle" -u "stewart.chris1234@gmail.com" --team-id "9ZG3GPKHX8" --password "$MAC_NOTARIZATION_PW" --file ${{ env.pkg-name }}-${{steps.previoustag.outputs.tag}}.dmg | grep RequestUUID | awk '{print $3}')
echo "Waiting for notarization from Apple for $REQUEST_UUID"
sleep 5
xcrun altool --notarization-info "$REQUEST_UUID" -u "stewart.chris1234@gmail.com" --team-id "9ZG3GPKHX8" -p "$MAC_NOTARIZATION_PW"
echo "Start while loop"
while xcrun altool --notarization-info "$REQUEST_UUID" -u "stewart.chris1234@gmail.com" --team-id "9ZG3GPKHX8" -p "$MAC_NOTARIZATION_PW" | grep "Status: in progress" > /dev/null; do
echo "Verification in progress..."
sleep 30
done
xcrun stapler staple ${{ env.pkg-name }}-${{steps.previoustag.outputs.tag}}.dmg
echo "Done stapling"
spctl -vvv --assess --type exec bitcoin-s.app
echo "Done inspecting app with spctl"
codesign -vvv --deep --strict ${{ env.pkg-name }}-${{steps.previoustag.outputs.tag}}.dmg
echo "Done verifying code signing deep"
codesign -dvv ${{ env.pkg-name }}-${{steps.previoustag.outputs.tag}}.dmg
echo "Done verifying artifacts"
ls -l
- name: Echo download path
run: echo ${{steps.download.outputs.download-path}}
- name: Upload mac-javafx dmg
uses: actions/upload-artifact@v3
with:
name: mac-javafx
path: ${{ env.pkg-name }}-${{steps.previoustag.outputs.tag}}.dmg
- name: Upload if release
uses: softprops/action-gh-release@v1
if: startsWith(github.ref, 'refs/tags/')
with:
name: mac-javafx
files: ${{ env.pkg-name }}-${{steps.previoustag.outputs.tag}}.dmg
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
javafx-linux:
runs-on: [ ubuntu-latest ]
steps:
- uses: actions/checkout@v3
with:
fetch-depth: 0
- name: Setup Scala
uses: olafurpg/setup-scala@v13
with:
java-version: openjdk@1.17.0
- name: Get Previous tag
id: previoustag
uses: WyriHaximus/github-action-get-previous-tag@v1
with:
fallback: 1.0.0 # Optional fallback tag to use when no tag can be found
- name: Build fat jar
run: sbt "bundle/assembly"
- name: Package jar as debian package
env:
pkg-version: ${{steps.previoustag.outputs.tag}}
run: "jpackage --linux-shortcut --name ${{ env.pkg-name }} --app-version ${{steps.previoustag.outputs.tag}} --type deb -i app/bundle/target/scala-2.13/ --main-class org.bitcoins.bundle.gui.BundleGUI --main-jar ${{ env.pkg-assembly }} --icon app/gui/src/main/resources/icons/bitcoin-s.png"
- name: View Artifacts
run: ls -l
- name: Print working dir
run: pwd
- name: Upload linux-javafx deb
uses: actions/upload-artifact@v3
env:
pkg-version: ${{steps.previoustag.outputs.tag}}
with:
name: linux-javafx
path: ${{ env.pkg-name }}_${{ steps.previoustag.outputs.tag }}-1_amd64.deb
- name: Upload if release
uses: softprops/action-gh-release@v1
if: startsWith(github.ref, 'refs/tags/')
with:
name: linux-javafx
files: ${{ env.pkg-name }}_${{ steps.previoustag.outputs.tag }}-1_amd64.deb
env:
pkg-version: ${{steps.previoustag.outputs.tag}}
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
javafx-windows:
runs-on: [windows-latest]
steps:
- name: Checkout repo
uses: actions/checkout@v3
with:
fetch-depth: 0
- name: Setup Scala
uses: olafurpg/setup-scala@v13
with:
java-version: openjdk@1.17.0
- name: Get Previous tag
id: previoustag
uses: WyriHaximus/github-action-get-previous-tag@v1
with:
fallback: 1.0.0 # Optional fallback tag to use when no tag can be found
- name: Build msi
shell: bash
run: sbt bundle/windows:packageBin
- name: View artifacts
run: ls -R .
- name: Upload windows-javafx msi
uses: actions/upload-artifact@v3
with:
name: windows-javafx
path: "D:\\a\\bitcoin-s\\bitcoin-s\\app\\bundle\\target\\windows\\bitcoin-s-bundle.msi"
- name: Upload if release
uses: softprops/action-gh-release@v1
if: startsWith(github.ref, 'refs/tags/')
with:
name: windows-javafx
files: "D:\\a\\bitcoin-s\\bitcoin-s\\app\\bundle\\target\\windows\\bitcoin-s-bundle.msi"
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

685
.github/workflows/release.yml vendored
View file

@ -1,21 +1,17 @@
name: Release name: Release
on: on:
push: push:
branches: [master, main] branches: [master, main, feature_electron_build]
tags: ["*"] tags: ["*"]
release: release:
types: [ published ] types: [ published ]
env:
pkg-assembly: 'bitcoin-s-bundle.jar'
pkg-name: 'bitcoin-s'
jobs: jobs:
publish: publish:
runs-on: ubuntu-latest runs-on: ubuntu-latest
timeout-minutes: 60 timeout-minutes: 60
steps: steps:
- uses: actions/checkout@v2.3.4 - uses: actions/checkout@v3
with: with:
fetch-depth: 0 fetch-depth: 0
- uses: olafurpg/setup-scala@v13 - uses: olafurpg/setup-scala@v13
@ -30,375 +26,376 @@ jobs:
SONATYPE_USERNAME: ${{ secrets.SONATYPE_USERNAME }} SONATYPE_USERNAME: ${{ secrets.SONATYPE_USERNAME }}
GITHUB_DEPLOY_KEY: ${{ secrets.GITHUB_TOKEN }} GITHUB_DEPLOY_KEY: ${{ secrets.GITHUB_TOKEN }}
GIT_DEPLOY_KEY: ${{ secrets.GIT_DEPLOY_KEY }} GIT_DEPLOY_KEY: ${{ secrets.GIT_DEPLOY_KEY }}
osx: # Built bitcoin-s cli, appServer, oracleServer zips
runs-on: [ macos-latest ] server:
runs-on: ${{ matrix.os }}
strategy:
matrix:
os: [macos-latest, ubuntu-latest, windows-latest] #
# If os values you don't include the matrix os list above are set here, they will be included
# If you want multiple variables per os see https://github.community/t/create-matrix-with-multiple-os-and-env-for-each-one/16895
# Can run conditional steps below with https://github.community/t/what-is-the-correct-if-condition-syntax-for-checking-matrix-os-version/16221
# This is here to get friendly labels for output filenames
include:
- os: macos-latest
TARGET: mac
- os: ubuntu-latest
TARGET: linux
- os: windows-latest
# TODO : Do we want to use 'win' or 'windows'?
TARGET: windows
steps: steps:
- name: Checkout repo - uses: actions/checkout@v3
uses: actions/checkout@v2
with: with:
fetch-depth: 0 fetch-depth: 0
- name: Setup Scala - name: Setup Scala
uses: olafurpg/setup-scala@v13 uses: olafurpg/setup-scala@v13
with: with:
java-version: openjdk@1.17.0 java-version: openjdk@1.17.0
- name: 'Get Previous tag' - name: Get Previous tag
id: previoustag id: previoustag
uses: "WyriHaximus/github-action-get-previous-tag@v1" uses: WyriHaximus/github-action-get-previous-tag@v1
with: with:
fallback: 0.0.0 # Optional fallback tag to use when no tag can be found fallback: 1.0.0 # Optional fallback tag to use when no tag can be found
- name: Import developer cert to keychain # Tested building specific projects that are being exported only, but global packageBin seems to be faster
- name: Build all zips
shell: bash # windows needs shell defined
run: sbt "universal:stage;universal:packageBin"
- name: View Artifacts
run: ls -l app/server/target/universal/stage
# - name: Build appServer
# shell: bash
# run: sbt "appServer / Universal / stage; appServer / Universal / packageBin"
- name: Upload bitcoin-s-server
uses: actions/upload-artifact@v3
env:
pkg-version: ${{steps.previoustag.outputs.tag}}
with:
name: bitcoin-s-server-${{ matrix.TARGET }}
path: app/server/target/universal/stage
- name: (release) Upload bitcoin-s-server
if: startsWith(github.ref, 'refs/tags/')
uses: softprops/action-gh-release@v1
with:
name: bitcoin-s-server-${{ matrix.TARGET }}-${{steps.previoustag.outputs.tag}}
files: app/server/target/universal/*.zip
env:
pkg-version: ${{steps.previoustag.outputs.tag}}
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
# - name: Build oracleServer
# shell: bash
# run: sbt "oracleServer / Universal / stage; oracleServer / Universal / packageBin"
- name: Upload bitcoin-s-oracle-server
uses: actions/upload-artifact@v3
env:
pkg-version: ${{steps.previoustag.outputs.tag}}
with:
name: bitcoin-s-oracle-server-${{ matrix.TARGET }}
path: app/oracle-server/target/universal/stage
- name: (release) Upload bitcoin-s-oracle-server
if: startsWith(github.ref, 'refs/tags/')
uses: softprops/action-gh-release@v1
with:
name: bitcoin-s-oracle-server-${{ matrix.TARGET }}-${{steps.previoustag.outputs.tag}}
files: app/oracle-server/target/universal/*.zip
env:
pkg-version: ${{steps.previoustag.outputs.tag}}
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
# - name: Build cli
# shell: bash
# run: sbt "cli / Universal / stage; cli / Universal / packageBin"
- name: Upload bitcoin-s-cli
uses: actions/upload-artifact@v3
env:
pkg-version: ${{steps.previoustag.outputs.tag}}
with:
name: bitcoin-s-cli-${{ matrix.TARGET }}
path: app/cli/target/universal/stage/
- name: (release) Upload bitcoin-s-cli
if: startsWith(github.ref, 'refs/tags/')
uses: softprops/action-gh-release@v1
with:
name: bitcoin-s-cli-${{ matrix.TARGET }}-${{steps.previoustag.outputs.tag}}
files: app/cli/target/universal/*.zip
env:
pkg-version: ${{steps.previoustag.outputs.tag}}
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
# Native electron applications - Krystal Bull, Suredbits Wallet
electron:
needs: server
runs-on: ${{ matrix.os }}
strategy:
matrix:
os: [macos-latest, ubuntu-latest] # windows-latest
# If os values you don't include the matrix os list above are set here, they will be included
# This is here to get friendly labels for output filenames
include:
- os: macos-latest
TARGET: mac
FORMAT: zip # dmg
- os: ubuntu-latest
TARGET: linux
FORMAT: deb
# - os: windows-latest
# TARGET: windows
# FORMAT: zip # ???
# Build output paths
env:
KB_OUT: "bitcoin-s-ts/oracle-electron-ts/out"
KB_MAKE: "bitcoin-s-ts/oracle-electron-ts/out/make"
W_OUT: "bitcoin-s-ts/wallet-electron-ts/out"
W_MAKE: "bitcoin-s-ts/wallet-electron-ts/out/make"
steps:
# macos keychain unlocking for signing identity access
- name: (macos) Import developer cert to keychain
if: startsWith(matrix.os,'macos')
uses: apple-actions/import-codesign-certs@v1 uses: apple-actions/import-codesign-certs@v1
with: with:
create-keychain: true create-keychain: true
p12-file-base64: ${{ secrets.CERTIFICATES_P12 }} p12-file-base64: ${{ secrets.CERTIFICATES_P12 }}
p12-password: ${{ secrets.CERTIFICATES_P12_PASSWORD }} p12-password: ${{ secrets.CERTIFICATES_P12_PASSWORD }}
keychain-password: ${{ secrets.CERTIFICATES_P12_PASSWORD }} keychain-password: ${{ secrets.CERTIFICATES_P12_PASSWORD }}
- name: Build fat jar - name: (macos) Unlock keychain, find-identity
run: sbt "bundle/assembly" if: startsWith(matrix.os,'macos')
- name: Add cert to keychain and unlock keychain & build and sign dmg
env: env:
pkg-version: ${{steps.previoustag.outputs.tag}}
MACOS_CERTIFICATE_PWD: ${{ secrets.CERTIFICATES_P12_PASSWORD }} MACOS_CERTIFICATE_PWD: ${{ secrets.CERTIFICATES_P12_PASSWORD }}
MAC_NOTARIZATION_PW: ${{secrets.MAC_NOTARIZATION_PW}} KEYCHAIN: signing_temp.keychain
# Steps to build a fully signed and notarized bitcoin-s dmg
# 1. Unlock the OS x keychain so we don't have to input passwords via GUI prompts
# 2. Build bitcoin-s.app that is recursively signed with jpackage --mac-sign
# 3. Build an unsigned dmg that contains bitcoin-s.app inside of it (no idea why --mac-sign doesn't work with --type dmg)
# 4. Sign the dmg with codesign (jpackage dmg signing is broken for some reason)
# 5. Submit the dmg to apple's notarization service so can get it whitelisted for installation (see: https://developer.apple.com/documentation/security/notarizing_macos_software_before_distribution)
# 6. Sleep until apple notorization is done
# 7. Retrieve the signature and staple it to the dmg to so network requests do not need to be made to open the dmg
# 8. Check all signatures on bitcoin-s.app (see: https://developer.apple.com/documentation/security/notarizing_macos_software_before_distribution/resolving_common_notarization_issues#3087735)
# 9. Check all dmg signatures
# 10. Display information about signed dmg
run: | run: |
echo "Hello world" security unlock-keychain -p $MACOS_CERTIFICATE_PWD $KEYCHAIN
java -version security set-key-partition-list -S apple-tool:,apple:,codesign: -s -k $MACOS_CERTIFICATE_PWD $KEYCHAIN
jpackage --version security find-identity -p codesigning -v
ls -l # Install Node, checkout repo, install dependencies and build repo
security unlock-keychain -p $MACOS_CERTIFICATE_PWD signing_temp.keychain - name: Setup Node.js
security set-key-partition-list -S apple-tool:,apple:,codesign: -s -k $MACOS_CERTIFICATE_PWD signing_temp.keychain uses: actions/setup-node@v3
echo "===========jpackage app image begin================"
jpackage --verbose --name ${{ env.pkg-name }} --app-version ${{steps.previoustag.outputs.tag}} --mac-package-name ${{ env.pkg-name }} --type app-image -i app/bundle/target/scala-2.13/ --main-class org.bitcoins.bundle.gui.BundleGUI --main-jar ${{ env.pkg-assembly }} --icon app/gui/src/main/resources/icons/bitcoin-s.icns --mac-sign --mac-signing-keychain /Users/runner/Library/Keychains/signing_temp.keychain-db --mac-signing-key-user-name "Chris Stewart (9ZG3GPKHX8)"
echo "===========jpackage dmg begin================"
jpackage --verbose --name ${{ env.pkg-name }} --app-version ${{steps.previoustag.outputs.tag}} --mac-package-name ${{ env.pkg-name }} --type dmg --app-image bitcoin-s.app --mac-sign --mac-signing-key-user-name "Chris Stewart (9ZG3GPKHX8)"
echo "Signing dmg with code sign"
codesign -s "Developer ID Application: Chris Stewart (9ZG3GPKHX8)" --options runtime -vvvv --deep ${{ env.pkg-name }}-${{steps.previoustag.outputs.tag}}.dmg
echo "Running xcrun alttool --notarize app"
REQUEST_UUID=$(xcrun altool --notarize-app --primary-bundle-id "org.bitcoins.bundle" -u "stewart.chris1234@gmail.com" --team-id "9ZG3GPKHX8" --password "$MAC_NOTARIZATION_PW" --file ${{ env.pkg-name }}-${{steps.previoustag.outputs.tag}}.dmg | grep RequestUUID | awk '{print $3}')
echo "Waiting for notarization from Apple for $REQUEST_UUID"
sleep 5
xcrun altool --notarization-info "$REQUEST_UUID" -u "stewart.chris1234@gmail.com" --team-id "9ZG3GPKHX8" -p "$MAC_NOTARIZATION_PW"
echo "Start while loop"
while xcrun altool --notarization-info "$REQUEST_UUID" -u "stewart.chris1234@gmail.com" --team-id "9ZG3GPKHX8" -p "$MAC_NOTARIZATION_PW" | grep "Status: in progress" > /dev/null; do
echo "Verification in progress..."
sleep 30
done
xcrun stapler staple ${{ env.pkg-name }}-${{steps.previoustag.outputs.tag}}.dmg
echo "Done stapling"
spctl -vvv --assess --type exec bitcoin-s.app
echo "Done inspecting app with spctl"
codesign -vvv --deep --strict ${{ env.pkg-name }}-${{steps.previoustag.outputs.tag}}.dmg
echo "Done verifying code signing deep"
codesign -dvv ${{ env.pkg-name }}-${{steps.previoustag.outputs.tag}}.dmg
echo "Done verifying artifacts"
ls -l
- name: 'Echo download path'
run: echo ${{steps.download.outputs.download-path}}
- name: Upload dmg
uses: actions/upload-artifact@v1
with: with:
name: "mac" node-version: 16.x
path: ${{ env.pkg-name }}-${{steps.previoustag.outputs.tag}}.dmg - name: Checkout bitcoin-s-ts repo
- name: Upload if release uses: actions/checkout@v3
uses: softprops/action-gh-release@v1
if: startsWith(github.ref, 'refs/tags/')
with: with:
name: "mac" repository: bitcoin-s/bitcoin-s-ts
files: ${{ env.pkg-name }}-${{steps.previoustag.outputs.tag}}.dmg # ref: electron-forge-config # TODO : Merge to master and remove
path: bitcoin-s-ts
- name: bitcoin-s-ts install and build
working-directory: bitcoin-s-ts
run: |
npm ci
npm run build
# Build Krystal Bull
- name: Download bitcoin-s-oracle-server
uses: actions/download-artifact@v3
with:
name: bitcoin-s-oracle-server-${{ matrix.TARGET }}
path: bitcoin-s-ts/oracle-electron-ts/bitcoin-s-oracle-server
- name: Build Krystal Bull
working-directory: bitcoin-s-ts/oracle-electron-ts
env: env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} DEBUG: electron-notarizer
linux: # APP_SIGNING_ID: "Developer ID Application: Chris Stewart (9ZG3GPKHX8)"
runs-on: [ ubuntu-latest ] # NOTORIZE_APPLE_ID: "stewart.chris1234@gmail.com"
steps: # NOTORIZE_APPLE_PW: ${{ secrets.MAC_NOTARIZATION_PW }}
- uses: actions/checkout@v2 # NOTORIZE_APPLE_TEAM: 9ZG3GPKHX8
with: run: |
fetch-depth: 0 npm ci
- name: Setup Scala npm run build
uses: olafurpg/setup-scala@v13 npm run make
with: # - name: (windows) Show windows artifacts
java-version: openjdk@1.17.0 # if: startsWith(matrix.os,'windows')
- name: 'Get Previous tag' # run: |
id: previoustag # ls -l $KB_OUT
uses: "WyriHaximus/github-action-get-previous-tag@v1" # ls -l $KB_MAKE
with: # ls -l "$KB_MAKE/zip"
fallback: 1.0.0 # Optional fallback tag to use when no tag can be found # ls -l "$KB_MAKE/zip/windows"
- name: Build fat jar # ls -l "$KB_MAKE/zip/windows/x64"
run: sbt "bundle/assembly" # - name: (macos) Manually sign Krystal Bull
- name: Package jar as debian package # if: startsWith(matrix.os,'macos')
env: # env:
pkg-version: ${{steps.previoustag.outputs.tag}} # APP_SIGNING_ID: "Developer ID Application: Chris Stewart (9ZG3GPKHX8)"
run: "jpackage --linux-shortcut --name ${{ env.pkg-name }} --app-version ${{steps.previoustag.outputs.tag}} --type deb -i app/bundle/target/scala-2.13/ --main-class org.bitcoins.bundle.gui.BundleGUI --main-jar ${{ env.pkg-assembly }} --icon app/gui/src/main/resources/icons/bitcoin-s.png" # NOTORIZE_APPLE_ID: "stewart.chris1234@gmail.com"
- name: View Artifacts # NOTORIZE_APPLE_PW: ${{ secrets.MAC_NOTARIZATION_PW }}
run: ls -l # TEAM_ID: "9ZG3GPKHX8"
- name: Print working dir # PLIST: "bitcoin-s-ts/oracle-electron-ts/entitlements.plist"
run: pwd # KRYSTALBULL_PATH: "${{env.KB_OUT}}/Krystal Bull-darwin-x64/Krystal Bull.app"
- name: Upload deb # BUNDLE_ID: "org.bitcoins.krystalbull"
uses: actions/upload-artifact@v1 # ZIP_NAME: "KrystalBull-mac.zip"
env: # run: |
pkg-version: ${{steps.previoustag.outputs.tag}} # echo "=== Signing app ==="
with: # : # See about signing subsystems - https://gist.github.com/jorangreef/27e708c67b7e6746a98a
name: "deb" # codesign -s "$APP_SIGNING_ID" --entitlements "$PLIST" --timestamp --options runtime -vvvv --deep "$KRYSTALBULL_PATH"
path: "${{ env.pkg-name }}_${{ steps.previoustag.outputs.tag }}-1_amd64.deb" # echo "=== Verifying app signature ==="
- name: Upload if release # codesign -vvv --deep --strict "$KRYSTALBULL_PATH"
uses: softprops/action-gh-release@v1 # codesign -dvv "$KRYSTALBULL_PATH"
if: startsWith(github.ref, 'refs/tags/') # codesign -d --entitlements :- "$KRYSTALBULL_PATH"
with: # echo "=== zip app ==="
name: "deb" # zip -qr $ZIP_NAME "$KRYSTALBULL_PATH"
files: "${{ env.pkg-name }}_${{ steps.previoustag.outputs.tag }}-1_amd64.deb" # mv $ZIP_NAME $KB_MAKE
env: # mv ${{env.KB_MAKE}}/zip/darwin/x64/*.zip $ZIP_NAME
pkg-version: ${{steps.previoustag.outputs.tag}} # echo "=== Notarizing app ==="
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # : # Store xcrun creditials
windows: # xcrun notarytool store-credentials "AC_PASSWORD" --apple-id $NOTORIZE_APPLE_ID --password $NOTORIZE_APPLE_PW --team-id $TEAM_ID
runs-on: [windows-latest] # REQUEST_UUID=$(xcrun altool --notarize-app --primary-bundle-id $BUNDLE_ID -u $NOTORIZE_APPLE_ID -p "$NOTORIZE_APPLE_PW" --team-id $TEAM_ID --file "$ZIP_NAME" | grep RequestUUID | awk '{print $3}')
steps: # echo "Waiting for notarization from Apple for $REQUEST_UUID"
- name: Checkout repo # sleep 5
uses: actions/checkout@v2 # xcrun altool --notarization-info "$REQUEST_UUID" -u $NOTORIZE_APPLE_ID -p "$NOTORIZE_APPLE_PW" --team-id $TEAM_ID
with: # echo "Start while loop"
fetch-depth: 0 # while xcrun altool --notarization-info "$REQUEST_UUID" -u $NOTORIZE_APPLE_ID -p "$NOTORIZE_APPLE_PW" --team-id $TEAM_ID | grep "Status: in progress" > /dev/null; do
- name: Setup Scala # echo "Verification in progress..."
uses: olafurpg/setup-scala@v13 # sleep 30
with: # done
java-version: openjdk@1.17.0 # echo "End while loop"
# echo "=== notarytool history ==="
- name: 'Get Previous tag' # xcrun notarytool history --keychain-profile "AC_PASSWORD"
id: previoustag # echo "=== notarytool info ==="
uses: "WyriHaximus/github-action-get-previous-tag@v1" # xcrun notarytool info $REQUEST_UUID --keychain-profile "AC_PASSWORD"
with: # : # TODO : Staple notarization to app/zip?
fallback: 1.0.0 # Optional fallback tag to use when no tag can be found # xcrun stapler staple "$KRYSTALBULL_PATH"
- name: Build msi # echo "Done stapling"
shell: bash # - name: (macos) Validate application signing and notarization
run: sbt bundle/windows:packageBin # if: startsWith(matrix.os,'macos')
- name: View artifacts # env:
run: ls -R . # KRYSTALBULL_PATH: "${{env.KB_OUT}}/Krystal Bull-darwin-x64/Krystal Bull.app"
- name: Upload installer # # TODO : Need to account for version in path changing
uses: actions/upload-artifact@v1 # # DMG_PATH: "${{env.KB_MAKE}}/Krystal Bull-0.0.1-x64.dmg"
with: # run: |
name: windows # echo "Directory contents"
path: "D:\\a\\bitcoin-s\\bitcoin-s\\app\\bundle\\target\\windows\\bitcoin-s-bundle.msi" # echo "$KRYSTALBULL_PATH"
- name: Upload if release # ls -l $KB_OUT
uses: softprops/action-gh-release@v1 # ls -l $KB_MAKE
if: startsWith(github.ref, 'refs/tags/') # ls -l "$KB_MAKE/zip"
with: # ls -l "$KB_MAKE/zip/darwin"
name: windows # ls -l "$KB_MAKE/zip/darwin/x64"
files: "D:\\a\\bitcoin-s\\bitcoin-s\\app\\bundle\\target\\windows\\bitcoin-s-bundle.msi" # ls -l "$KB_OUT/Krystal Bull-darwin-x64"
env: # echo "=== Verify app signature ==="
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # codesign -vvv --deep --strict "$KRYSTALBULL_PATH"
mac-zips: # codesign -dvv "$KRYSTALBULL_PATH"
runs-on: [ macos-latest ] # codesign -d --entitlements :- "$KRYSTALBULL_PATH"
steps: # : # Seeing error like "bitcoin-s-ts/oracle-electron-ts/out/make/Krystal Bull-0.0.1-x64.dmg: code object is not signed at all"
- uses: actions/checkout@v2 # : # So the electron build is not doing any code signing on the dmg
with: # : # echo "=== Verify dmg signature ==="
fetch-depth: 0 # : # codesign -vvv --deep --strict "$DMG_PATH"
- name: Setup Scala # : # Not happening yet, need entitlements set
uses: olafurpg/setup-scala@v13 # : # echo "=== Verify app notarization ==="
with: # : # spctl -vvv --assess --type exec "$KRYSTALBULL_PATH"
java-version: openjdk@1.17.0 # Platform specific values here for folder depth
- name: 'Get Previous tag' - name: (macos) Move .zip into /make
id: previoustag if: startsWith(matrix.os,'macos')
uses: "WyriHaximus/github-action-get-previous-tag@v1" run: mv ${{env.KB_MAKE}}/zip/darwin/x64/*.zip $KB_MAKE
with: - name: (linux) Move .deb into /make
fallback: 1.0.0 # Optional fallback tag to use when no tag can be found if: startsWith(matrix.os,'ubuntu')
- name: Build zip run: mv ${{env.KB_MAKE}}/deb/x64/*.deb $KB_MAKE
run: sbt "universal:stage;universal:packageBin" # Capture signed Mac app
- name: View Artifacts # - name: (macos) Upload krystalbull-mac-zip
run: ls -l app/server/target/universal/stage # if: startsWith(matrix.os,'macos')
- name: pwd # uses: actions/upload-artifact@v3
run: pwd # env:
- name: Upload bitcoin-s-server-mac zip # pkg-version: ${{steps.previoustag.outputs.tag}}
# with:
# name: krystalbull-${{ matrix.TARGET }}-zip
# path: ${{env.KB_MAKE}}/zip/darwin/x64/*.zip
- name: Upload krystalbull-${{ matrix.TARGET }}-${{ matrix.FORMAT }}
uses: actions/upload-artifact@v3 uses: actions/upload-artifact@v3
env: env:
pkg-version: ${{steps.previoustag.outputs.tag}} pkg-version: ${{steps.previoustag.outputs.tag}}
with: with:
name: "bitcoin-s-server-mac" name: krystalbull-${{ matrix.TARGET }}-${{ matrix.FORMAT }}
path: app/server/target/universal/stage path: ${{env.KB_MAKE}}/*.${{ matrix.FORMAT }}
- name: Upload bitcoin-s-oracle-server zip - name: (release) Upload krystallbull-${{ matrix.TARGET }}-${{ matrix.FORMAT }}
if: startsWith(github.ref, 'refs/tags/')
uses: softprops/action-gh-release@v1
with:
name: krystalbull-${{ matrix.TARGET }}-${{ matrix.FORMAT }}-${{steps.previoustag.outputs.tag}}
files: ${{env.KB_MAKE}}/*.${{ matrix.FORMAT }}
env:
pkg-version: ${{steps.previoustag.outputs.tag}}
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
# Build Suredbits Wallet
- name: Download bitcoin-s-server
uses: actions/download-artifact@v3
with:
name: bitcoin-s-server-${{ matrix.TARGET }}
path: bitcoin-s-ts/wallet-electron-ts/bitcoin-s-server
- name: Build Suredbits Wallet
working-directory: bitcoin-s-ts/wallet-electron-ts
env:
DEBUG: electron-notarizer
# APP_SIGNING_ID: "Developer ID Application: Chris Stewart (9ZG3GPKHX8)"
# NOTORIZE_APPLE_ID: "stewart.chris1234@gmail.com"
# NOTORIZE_APPLE_PW: ${{ secrets.MAC_NOTARIZATION_PW }}
# NOTORIZE_APPLE_TEAM: 9ZG3GPKHX8
run: |
npm ci
npm run build
npm run make
# - name: (macos) Manually sign Suredbits Wallet
# if: startsWith(matrix.os,'macos')
# working-directory: ${{env.W_MAKE}}
# env:
# APP_SIGNING_ID: "Developer ID Application: Chris Stewart (9ZG3GPKHX8)"
# NOTORIZE_APPLE_ID: "stewart.chris1234@gmail.com"
# NOTORIZE_APPLE_PW: ${{ secrets.MAC_NOTARIZATION_PW }}
# TEAM_ID: "9ZG3GPKHX8"
# PLIST: "bitcoin-s-ts/wallet-electron-ts/entitlements.plist"
# WALLET_PATH: "${{env.W_OUT}}/Suredbits Wallet-darwin-x64/Suredbits Wallet.app"
# BUNDLE_ID: "org.bitcoins.suredbitswallet"
# ZIP_NAME: "SuredbitsWallet-mac.zip"
# run: |
# echo "=== Signing app ==="
# codesign -s "$APP_SIGNING_ID" --entitlements "$PLIST" --timestamp --options runtime -vvvv --deep "$WALLET_PATH"
# echo "=== Verifying app signature ==="
# codesign -vvv --deep --strict "$WALLET_PATH"
# codesign -dvv "$WALLET_PATH"
# codesign -d --entitlements :- "$WALLET_PATH"
# echo "=== zip app ==="
# zip -qr $ZIP_NAME "$WALLET_PATH"
# mv $ZIP_NAME $W_MAKE
# - name: (macos) Validate application signing and notarization
# if: startsWith(matrix.os,'macos')
# env:
# WALLET_PATH: "${{env.W_OUT}}/Suredbits Wallet-darwin-x64/Suredbits Wallet.app"
# # TODO : Need to account for version in path changing
# # DMG_PATH: "${{env.W_MAKE}}/Suredbits Wallet-0.0.1-x64.dmg"
# run: |
# echo "Directory contents"
# ls -l "bitcoin-s-ts/wallet-electron-ts"
# ls -l $W_OUT
# ls -l $W_MAKE
# ls -l "$W_OUT/Suredbits Wallet-darwin-x64"
# echo "=== Verify app signature ==="
# codesign -vvv --deep --strict "$WALLET_PATH"
# codesign -dvv "$WALLET_PATH"
# codesign -d --entitlements :- "$WALLET_PATH"
# : # echo "=== Verify dmg signature ==="
# : # codesign -vvv --deep --strict "$DMG_PATH"
# : # echo "=== Verify app notarization ==="
# : # spctl -vvv --assess --type exec "$WALLET_PATH"
# Platform specific values here for folder depth
- name: (macos) Move .zip into /make
if: startsWith(matrix.os,'macos')
run: mv ${{env.W_MAKE}}/zip/darwin/x64/*.zip $W_MAKE
- name: (linux) Move .deb into /make
if: startsWith(matrix.os,'ubuntu')
run: mv ${{env.W_MAKE}}/deb/x64/*.deb $W_MAKE
# Capture signed Mac app
# - name: (macos) Upload suredbits-wallet-mac-zip
# if: startsWith(matrix.os,'macos')
# uses: actions/upload-artifact@v3
# env:
# pkg-version: ${{steps.previoustag.outputs.tag}}
# with:
# name: suredbits-wallet-${{ matrix.TARGET }}-zip
# path: ${{env.W_MAKE}}/zip/darwin/x64/*.zip
- name: Upload suredbits-wallet-${{ matrix.TARGET }}-${{ matrix.FORMAT }}
uses: actions/upload-artifact@v3 uses: actions/upload-artifact@v3
env: env:
pkg-version: ${{steps.previoustag.outputs.tag}} pkg-version: ${{steps.previoustag.outputs.tag}}
with: with:
name: "bitcoin-s-oracle-server-mac" name: suredbits-wallet-${{ matrix.TARGET }}-${{ matrix.FORMAT }}
path: app/oracle-server/target/universal/stage path: ${{env.W_MAKE}}/*.${{ matrix.FORMAT }}
- name: Upload bitcoin-s-cli zip - name: (release) Upload suredbits-wallet-${{ matrix.TARGET }}-${{ matrix.FORMAT }}
uses: actions/upload-artifact@v3
env:
pkg-version: ${{steps.previoustag.outputs.tag}}
with:
name: "bitcoin-s-cli-mac"
path: app/cli/target/universal/stage/
- name: Upload bitcoin-s-server if release
uses: softprops/action-gh-release@v1
if: startsWith(github.ref, 'refs/tags/') if: startsWith(github.ref, 'refs/tags/')
uses: softprops/action-gh-release@v1
with: with:
name: "bitcoin-s-server-mac-${{steps.previoustag.outputs.tag}}" name: suredbits-wallet-${{ matrix.TARGET }}-${{ matrix.FORMAT }}-${{steps.previoustag.outputs.tag}}
files: app/server/target/universal/*.zip files: ${{env.W_MAKE}}/*.${{ matrix.FORMAT }}
env:
pkg-version: ${{steps.previoustag.outputs.tag}}
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- name: Upload bitcoin-s-oracle-server if release
uses: softprops/action-gh-release@v1
if: startsWith(github.ref, 'refs/tags/')
with:
name: "bitcoin-s-oracle-server-mac-${{steps.previoustag.outputs.tag}}"
files: app/oracle-server/target/universal/*.zip
env:
pkg-version: ${{steps.previoustag.outputs.tag}}
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- name: Upload bitcoin-s-cli if release
uses: softprops/action-gh-release@v1
if: startsWith(github.ref, 'refs/tags/')
with:
name: "bitcoin-s-cli-mac-${{steps.previoustag.outputs.tag}}"
files: app/cli/target/universal/*.zip
env:
pkg-version: ${{steps.previoustag.outputs.tag}}
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
linux-zips:
runs-on: [ ubuntu-latest ]
steps:
- uses: actions/checkout@v2
with:
fetch-depth: 0
- name: Setup Scala
uses: olafurpg/setup-scala@v13
with:
java-version: openjdk@1.17.0
- name: 'Get Previous tag'
id: previoustag
uses: "WyriHaximus/github-action-get-previous-tag@v1"
with:
fallback: 1.0.0 # Optional fallback tag to use when no tag can be found
- name: Build zip
run: sbt "universal:stage;universal:packageBin"
- name: View Artifacts
run: ls -l app/server/target/universal/stage
- name: pwd
run: pwd
- name: Upload bitcoin-s-server-linux zip
uses: actions/upload-artifact@v3
env:
pkg-version: ${{steps.previoustag.outputs.tag}}
with:
name: "bitcoin-s-server-linux"
path: app/server/target/universal/stage/
- name: Upload bitcoin-s-oracle-server-linux zip
uses: actions/upload-artifact@v3
env:
pkg-version: ${{steps.previoustag.outputs.tag}}
with:
name: "bitcoin-s-oracle-server-linux"
path: app/oracle-server/target/universal/stage/
- name: Upload bitcoin-s-cli-linux zip
uses: actions/upload-artifact@v3
env:
pkg-version: ${{steps.previoustag.outputs.tag}}
with:
name: "bitcoin-s-cli-linux"
path: app/cli/target/universal/stage/
- name: Upload bitcoin-s-server if release
uses: softprops/action-gh-release@v1
if: startsWith(github.ref, 'refs/tags/')
with:
name: "bitcoin-s-server-linux-${{steps.previoustag.outputs.tag}}"
files: app/server/target/universal/*.zip
env:
pkg-version: ${{steps.previoustag.outputs.tag}}
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- name: Upload bitcoin-s-oracle-server if release
uses: softprops/action-gh-release@v1
if: startsWith(github.ref, 'refs/tags/')
with:
name: "bitcoin-s-oracle-server-linux-${{steps.previoustag.outputs.tag}}"
files: app/oracle-server/target/universal/*.zip
env:
pkg-version: ${{steps.previoustag.outputs.tag}}
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- name: Upload bitcoin-s-cli if release
uses: softprops/action-gh-release@v1
if: startsWith(github.ref, 'refs/tags/')
with:
name: "bitcoin-s-cli-linux-${{steps.previoustag.outputs.tag}}"
files: app/cli/target/universal/*.zip
env:
pkg-version: ${{steps.previoustag.outputs.tag}}
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
windows-zips:
runs-on: [windows-latest]
steps:
- uses: actions/checkout@v2
with:
fetch-depth: 0
- name: Setup Scala
uses: olafurpg/setup-scala@v13
with:
java-version: openjdk@1.17.0
- name: 'Get Previous tag'
id: previoustag
uses: "WyriHaximus/github-action-get-previous-tag@v1"
with:
fallback: 1.0.0 # Optional fallback tag to use when no tag can be found
- name: Build zip
shell: bash
run: sbt "universal:stage;universal:packageBin"
- name: View Artifacts
run: ls -l app/server/target/universal/stage
- name: pwd
run: pwd
- name: Upload bitcoin-s-server-windows zip
uses: actions/upload-artifact@v3
env:
pkg-version: ${{steps.previoustag.outputs.tag}}
with:
name: "bitcoin-s-server-windows"
path: app/server/target/universal/stage/
- name: Upload bitcoin-s-oracle-server zip
uses: actions/upload-artifact@v3
env:
pkg-version: ${{steps.previoustag.outputs.tag}}
with:
name: "bitcoin-s-oracle-server-windows"
path: app/oracle-server/target/universal/stage/
- name: Upload bitcoin-s-cli zip
uses: actions/upload-artifact@v3
env:
pkg-version: ${{steps.previoustag.outputs.tag}}
with:
name: "bitcoin-s-cli-windows"
path: app/cli/target/universal/stage/
- name: Upload bitcoin-s-server if release
uses: softprops/action-gh-release@v1
if: startsWith(github.ref, 'refs/tags/')
with:
name: "bitcoin-s-server-windows-${{steps.previoustag.outputs.tag}}"
files: app/server/target/universal/*.zip
env:
pkg-version: ${{steps.previoustag.outputs.tag}}
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- name: Upload bitcoin-s-oracle-server if release
uses: softprops/action-gh-release@v1
if: startsWith(github.ref, 'refs/tags/')
with:
name: "bitcoin-s-oracle-server-windows-${{steps.previoustag.outputs.tag}}"
files: app/oracle-server/target/universal/*.zip
env:
pkg-version: ${{steps.previoustag.outputs.tag}}
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- name: Upload bitcoin-s-cli if release
uses: softprops/action-gh-release@v1
if: startsWith(github.ref, 'refs/tags/')
with:
name: "bitcoin-s-cli-windows-${{steps.previoustag.outputs.tag}}"
files: app/cli/target/universal/*.zip
env: env:
pkg-version: ${{steps.previoustag.outputs.tag}} pkg-version: ${{steps.previoustag.outputs.tag}}
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}