2026-05-20 12:34:22 -04:00
2 changed files with 160 additions and 0 deletions
--- a/.github/workflows/build-windows.yml
+++ b/.github/workflows/build-windows.yml
@@ -0,0 +1,159 @@
+name: Hash Bags Windows build
+
+# Phase 1 of Windows CI: produce an unsigned Windows release bundle (.zip of
+# the Flutter Release output + MSVC runtime DLLs). Drop the zip on any Win
+# 10/11 box, extract, run hash_wallet.exe.
+#
+# Phase 2 (separate iteration): wire up Inno Setup installer once the
+# scripts/windows/build_exe_installer.iss file is rebranded from Cake Wallet
+# → Hash Bags.
+
+on:
+  # Manual-only. Trigger via Actions → "Hash Bags Windows build" → Run workflow.
+  # workflow_dispatch runs as the triggering user, so secrets are always
+  # available (PR triggers from forks would strip them — not relevant here
+  # since the runner is self-hosted and listening on a self-hosted Gitea).
+  workflow_dispatch:
+
+# Cancel in-flight runs when a newer commit lands on the same branch.
+concurrency:
+  group: windows-${{ github.ref }}
+  cancel-in-progress: true
+
+defaults:
+  run:
+    # Git Bash is installed alongside Git on the runner. Using bash keeps
+    # the steps parallel to build-android.yml / build-ios-sim.yml. PowerShell
+    # is available per-step via `shell: powershell` if needed.
+    shell: bash
+
+jobs:
+  build:
+    # Matches the label our act_runner.exe advertised: "windows:host" → executor=host.
+    runs-on: windows
+    env:
+      BRANCH_NAME: ${{ github.head_ref || github.ref_name }}
+      # Belt-and-suspenders: bypass Node TLS verification for actions/* that
+      # talk back to git.such.software. Same fallback as build-ios-sim.yml.
+      NODE_TLS_REJECT_UNAUTHORIZED: '0'
+
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          fetch-depth: 1
+
+      # ---- Toolchain sanity ------------------------------------------------
+      # Our self-hosted runner has Flutter / Rust / VS Build Tools / Inno
+      # Setup pre-installed (see scripts/windows/setup-windows-runner.ps1).
+      # This step just prints versions so failures are easy to diagnose.
+      - name: Show installed toolchain versions
+        run: |
+          set -x
+          # PATH may need refreshing after install — refresh from the registry.
+          # Git Bash inherits Windows PATH at shell start, so just printing
+          # `which` is enough.
+          which flutter dart cargo rustc git 2>/dev/null || true
+          flutter --version
+          dart --version
+          rustc --version
+          cargo --version
+
+      # ---- Configure: pubspec.yaml + per-coin enablement -------------------
+      # Mirror of hashwallet.bat — drives tool/configure.dart with the same
+      # set of coin flags that upstream Cake's Windows build uses.
+      - name: Configure pubspec + Wallet types
+        run: |
+          set -x -e
+          cp -f pubspec_description.yaml pubspec.yaml
+          flutter pub get
+          dart run tool/generate_pubspec.dart
+          flutter pub get
+          dart run tool/configure.dart \
+            --monero --bitcoin --ethereum --polygon --nano --bitcoinCash \
+            --wownero --dogecoin --base --arbitrum --bsc
+
+      # ---- Secrets ---------------------------------------------------------
+      - name: Generate per-module secrets.g.dart files (empty defaults)
+        run: dart run tool/generate_new_secrets.dart
+
+      - name: Inject Trocador affiliate secrets into lib/.secrets.g.dart
+        env:
+          TROCADOR_API_KEY: ${{ secrets.TROCADOR_API_KEY }}
+          TROCADOR_MONERO_API_KEY: ${{ secrets.TROCADOR_MONERO_API_KEY }}
+          TROCADOR_EXCHANGE_MARKUP: ${{ secrets.TROCADOR_EXCHANGE_MARKUP }}
+        run: |
+          # Length-only debug visibility — never prints actual secrets.
+          echo "TROCADOR_API_KEY length: ${#TROCADOR_API_KEY}"
+          echo "TROCADOR_MONERO_API_KEY length: ${#TROCADOR_MONERO_API_KEY}"
+          echo "TROCADOR_EXCHANGE_MARKUP length: ${#TROCADOR_EXCHANGE_MARKUP}"
+          if [[ -z "$TROCADOR_API_KEY" ]]; then
+            echo "WARN: TROCADOR_API_KEY not reaching runner — build will proceed"
+            echo "      but Trocador exchange features won't work in this binary."
+          fi
+          sed -i \
+            -e "s|const trocadorApiKey = '';|const trocadorApiKey = '${TROCADOR_API_KEY}';|" \
+            -e "s|const trocadorMoneroApiKey = '';|const trocadorMoneroApiKey = '${TROCADOR_MONERO_API_KEY}';|" \
+            -e "s|const trocadorExchangeMarkup = '';|const trocadorExchangeMarkup = '${TROCADOR_EXCHANGE_MARKUP:-1}';|" \
+            lib/.secrets.g.dart
+          grep '^const trocador' lib/.secrets.g.dart
+
+      # ---- Codegen ---------------------------------------------------------
+      - name: Build generated code (mobx + hive adapters)
+        run: bash model_generator.sh
+
+      - name: Generate localization
+        run: dart run tool/generate_localization.dart
+
+      - name: Compile SVG assets (res/pictures/*.svg → assets/new-ui/*.svg.vec)
+        run: ./compile_graphics.sh
+
+      # ---- Build the Windows .exe ------------------------------------------
+      - name: Build Windows release
+        run: |
+          set -x -e
+          flutter config --enable-windows-desktop
+          flutter build windows --dart-define-from-file=env.json --release --verbose
+
+      # ---- Bundle MSVC runtime DLLs with the .exe --------------------------
+      # Standalone Windows builds need msvcp140.dll + vcruntime140.dll +
+      # vcruntime140_1.dll next to the .exe (or installed via vc_redist on
+      # the user's machine). Bundling avoids the "VCRUNTIME140.dll not found"
+      # error on machines without VC++ redistributable installed.
+      - name: Copy MSVC runtime DLLs next to the .exe
+        run: |
+          set -x -e
+          # Find the redist dir for the currently-installed MSVC version (the
+          # version number rolls forward with VS updates, so do NOT hardcode).
+          REDIST_BASE="/c/Program Files (x86)/Microsoft Visual Studio/2022/BuildTools/VC/Redist/MSVC"
+          REDIST_DIR=$(find "$REDIST_BASE" -type d -name 'Microsoft.VC*.CRT' -path '*/x64/*' 2>/dev/null | sort | tail -1)
+          if [[ -z "$REDIST_DIR" ]]; then
+            echo "FATAL: could not find VC redist dir under $REDIST_BASE"
+            ls "$REDIST_BASE" 2>/dev/null || echo "(redist base dir missing entirely)"
+            exit 1
+          fi
+          echo "Using redist dir: $REDIST_DIR"
+          cp -v "$REDIST_DIR/msvcp140.dll" "$REDIST_DIR/vcruntime140.dll" "$REDIST_DIR/vcruntime140_1.dll" \
+            build/windows/x64/runner/Release/
+
+      # ---- Package + upload ------------------------------------------------
+      - name: List built artifacts (for debug visibility)
+        run: |
+          ls -la build/windows/x64/runner/Release/
+
+      - name: Create release zip
+        run: |
+          set -x -e
+          cd build/windows/x64/runner/Release
+          # PowerShell's Compress-Archive is in PATH; using it avoids depending
+          # on 7z which may or may not be installed.
+          powershell -NoProfile -Command "Compress-Archive -Path .\* -DestinationPath ..\..\..\..\..\hash_wallet_windows_${{ github.sha }}.zip -Force"
+          ls -la ../../../../../hash_wallet_windows_*.zip
+
+      # actions/upload-artifact@v4 doesn't work on Gitea — pin to v3 like
+      # the iOS + Android workflows.
+      - name: Upload Windows release zip
+        uses: actions/upload-artifact@v3
+        with:
+          name: hash-wallet-windows-${{ github.sha }}
+          path: hash_wallet_windows_*.zip
+          retention-days: 14
--- a/.gitignore
+++ b/.gitignore
@@ -233,6 +233,7 @@ scripts/reown_flutter
 # Hash Wallet: untracked notes / internal playbooks
 docs/links.md
 docs/UPSTREAM_SYNC.md
+scripts/windows/setup-windows-runner.ps1

 # Hash Wallet: local mirror of hash.boats website (deploy target on suchwow server)
 hash.boats/