From 502eff0a8bdfaa2ef114a464abe0a174193bb860 Mon Sep 17 00:00:00 2001 From: jwinterm Date: Wed, 20 May 2026 12:32:48 -0400 Subject: [PATCH] CI: add Hash Bags Windows build workflow (manual trigger) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Phase 1 Windows CI. workflow_dispatch only — runs on the self-hosted Windows runner registered with label "windows:host". Produces an unsigned release zip with the Flutter Windows .exe + MSVC runtime DLLs. Mirrors hashwallet.bat (the upstream Cake Windows build script) but lifted into Gitea Actions YAML and using the same secret-injection + codegen patterns as build-android.yml. Inno Setup installer step deferred until build_exe_installer.iss is rebranded from Cake → Hash Bags. setup-windows-runner.ps1 (the one-shot toolchain install script for the runner host) is gitignored — it's runner-side infra, not part of the app. --- .github/workflows/build-windows.yml | 159 ++++++++++++++++++++++++++++ .gitignore | 1 + 2 files changed, 160 insertions(+) create mode 100644 .github/workflows/build-windows.yml diff --git a/.github/workflows/build-windows.yml b/.github/workflows/build-windows.yml new file mode 100644 index 00000000..2f47d0a3 --- /dev/null +++ b/.github/workflows/build-windows.yml @@ -0,0 +1,159 @@ +name: Hash Bags Windows build + +# Phase 1 of Windows CI: produce an unsigned Windows release bundle (.zip of +# the Flutter Release output + MSVC runtime DLLs). Drop the zip on any Win +# 10/11 box, extract, run hash_wallet.exe. +# +# Phase 2 (separate iteration): wire up Inno Setup installer once the +# scripts/windows/build_exe_installer.iss file is rebranded from Cake Wallet +# → Hash Bags. + +on: + # Manual-only. Trigger via Actions → "Hash Bags Windows build" → Run workflow. + # workflow_dispatch runs as the triggering user, so secrets are always + # available (PR triggers from forks would strip them — not relevant here + # since the runner is self-hosted and listening on a self-hosted Gitea). + workflow_dispatch: + +# Cancel in-flight runs when a newer commit lands on the same branch. +concurrency: + group: windows-${{ github.ref }} + cancel-in-progress: true + +defaults: + run: + # Git Bash is installed alongside Git on the runner. Using bash keeps + # the steps parallel to build-android.yml / build-ios-sim.yml. PowerShell + # is available per-step via `shell: powershell` if needed. + shell: bash + +jobs: + build: + # Matches the label our act_runner.exe advertised: "windows:host" → executor=host. + runs-on: windows + env: + BRANCH_NAME: ${{ github.head_ref || github.ref_name }} + # Belt-and-suspenders: bypass Node TLS verification for actions/* that + # talk back to git.such.software. Same fallback as build-ios-sim.yml. + NODE_TLS_REJECT_UNAUTHORIZED: '0' + + steps: + - uses: actions/checkout@v4 + with: + fetch-depth: 1 + + # ---- Toolchain sanity ------------------------------------------------ + # Our self-hosted runner has Flutter / Rust / VS Build Tools / Inno + # Setup pre-installed (see scripts/windows/setup-windows-runner.ps1). + # This step just prints versions so failures are easy to diagnose. + - name: Show installed toolchain versions + run: | + set -x + # PATH may need refreshing after install — refresh from the registry. + # Git Bash inherits Windows PATH at shell start, so just printing + # `which` is enough. + which flutter dart cargo rustc git 2>/dev/null || true + flutter --version + dart --version + rustc --version + cargo --version + + # ---- Configure: pubspec.yaml + per-coin enablement ------------------- + # Mirror of hashwallet.bat — drives tool/configure.dart with the same + # set of coin flags that upstream Cake's Windows build uses. + - name: Configure pubspec + Wallet types + run: | + set -x -e + cp -f pubspec_description.yaml pubspec.yaml + flutter pub get + dart run tool/generate_pubspec.dart + flutter pub get + dart run tool/configure.dart \ + --monero --bitcoin --ethereum --polygon --nano --bitcoinCash \ + --wownero --dogecoin --base --arbitrum --bsc + + # ---- Secrets --------------------------------------------------------- + - name: Generate per-module secrets.g.dart files (empty defaults) + run: dart run tool/generate_new_secrets.dart + + - name: Inject Trocador affiliate secrets into lib/.secrets.g.dart + env: + TROCADOR_API_KEY: ${{ secrets.TROCADOR_API_KEY }} + TROCADOR_MONERO_API_KEY: ${{ secrets.TROCADOR_MONERO_API_KEY }} + TROCADOR_EXCHANGE_MARKUP: ${{ secrets.TROCADOR_EXCHANGE_MARKUP }} + run: | + # Length-only debug visibility — never prints actual secrets. + echo "TROCADOR_API_KEY length: ${#TROCADOR_API_KEY}" + echo "TROCADOR_MONERO_API_KEY length: ${#TROCADOR_MONERO_API_KEY}" + echo "TROCADOR_EXCHANGE_MARKUP length: ${#TROCADOR_EXCHANGE_MARKUP}" + if [[ -z "$TROCADOR_API_KEY" ]]; then + echo "WARN: TROCADOR_API_KEY not reaching runner — build will proceed" + echo " but Trocador exchange features won't work in this binary." + fi + sed -i \ + -e "s|const trocadorApiKey = '';|const trocadorApiKey = '${TROCADOR_API_KEY}';|" \ + -e "s|const trocadorMoneroApiKey = '';|const trocadorMoneroApiKey = '${TROCADOR_MONERO_API_KEY}';|" \ + -e "s|const trocadorExchangeMarkup = '';|const trocadorExchangeMarkup = '${TROCADOR_EXCHANGE_MARKUP:-1}';|" \ + lib/.secrets.g.dart + grep '^const trocador' lib/.secrets.g.dart + + # ---- Codegen --------------------------------------------------------- + - name: Build generated code (mobx + hive adapters) + run: bash model_generator.sh + + - name: Generate localization + run: dart run tool/generate_localization.dart + + - name: Compile SVG assets (res/pictures/*.svg → assets/new-ui/*.svg.vec) + run: ./compile_graphics.sh + + # ---- Build the Windows .exe ------------------------------------------ + - name: Build Windows release + run: | + set -x -e + flutter config --enable-windows-desktop + flutter build windows --dart-define-from-file=env.json --release --verbose + + # ---- Bundle MSVC runtime DLLs with the .exe -------------------------- + # Standalone Windows builds need msvcp140.dll + vcruntime140.dll + + # vcruntime140_1.dll next to the .exe (or installed via vc_redist on + # the user's machine). Bundling avoids the "VCRUNTIME140.dll not found" + # error on machines without VC++ redistributable installed. + - name: Copy MSVC runtime DLLs next to the .exe + run: | + set -x -e + # Find the redist dir for the currently-installed MSVC version (the + # version number rolls forward with VS updates, so do NOT hardcode). + REDIST_BASE="/c/Program Files (x86)/Microsoft Visual Studio/2022/BuildTools/VC/Redist/MSVC" + REDIST_DIR=$(find "$REDIST_BASE" -type d -name 'Microsoft.VC*.CRT' -path '*/x64/*' 2>/dev/null | sort | tail -1) + if [[ -z "$REDIST_DIR" ]]; then + echo "FATAL: could not find VC redist dir under $REDIST_BASE" + ls "$REDIST_BASE" 2>/dev/null || echo "(redist base dir missing entirely)" + exit 1 + fi + echo "Using redist dir: $REDIST_DIR" + cp -v "$REDIST_DIR/msvcp140.dll" "$REDIST_DIR/vcruntime140.dll" "$REDIST_DIR/vcruntime140_1.dll" \ + build/windows/x64/runner/Release/ + + # ---- Package + upload ------------------------------------------------ + - name: List built artifacts (for debug visibility) + run: | + ls -la build/windows/x64/runner/Release/ + + - name: Create release zip + run: | + set -x -e + cd build/windows/x64/runner/Release + # PowerShell's Compress-Archive is in PATH; using it avoids depending + # on 7z which may or may not be installed. + powershell -NoProfile -Command "Compress-Archive -Path .\* -DestinationPath ..\..\..\..\..\hash_wallet_windows_${{ github.sha }}.zip -Force" + ls -la ../../../../../hash_wallet_windows_*.zip + + # actions/upload-artifact@v4 doesn't work on Gitea — pin to v3 like + # the iOS + Android workflows. + - name: Upload Windows release zip + uses: actions/upload-artifact@v3 + with: + name: hash-wallet-windows-${{ github.sha }} + path: hash_wallet_windows_*.zip + retention-days: 14 diff --git a/.gitignore b/.gitignore index 206cfdc1..9c6f57dd 100644 --- a/.gitignore +++ b/.gitignore @@ -233,6 +233,7 @@ scripts/reown_flutter # Hash Wallet: untracked notes / internal playbooks docs/links.md docs/UPSTREAM_SYNC.md +scripts/windows/setup-windows-runner.ps1 # Hash Wallet: local mirror of hash.boats website (deploy target on suchwow server) hash.boats/ -- 2.50.1 (Apple Git-155)