Merge branch 'livekit' into robin/berry

.github/workflows/blocked.yaml

@@ -1,6 +1,6 @@
 name: Prevent blocked
 on:
-  pull_request:
+  pull_request_target:
     types: [opened, labeled, unlabeled]
 jobs:
   prevent-blocked:

.github/workflows/playwright.yml

@@ -1,35 +0,0 @@
-name: Playwright Tests
-on:
-  pull_request: {}
-  push:
-    branches: [livekit, full-mesh]
-jobs:
-  test:
-    timeout-minutes: 10
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@v4
-      - name: Enable Corepack
-        run: corepack enable
-      - uses: actions/setup-node@v4
-        with:
-          cache: "yarn"
-          node-version-file: ".node-version"
-      - name: Install dependencies
-        run: yarn install --frozen-lockfile
-      - name: Install Playwright Browsers
-        run: yarn playwright install --with-deps
-      - name: Run backend components
-        run: |
-          docker compose -f dev-backend-docker-compose.yml up -d
-          docker ps
-      - name: Copy config file
-        run: cp config/config.devenv.json public/config.json
-      - name: Run Playwright tests
-        run: yarn playwright test
-      - uses: actions/upload-artifact@v4
-        if: ${{ !cancelled() }}
-        with:
-          name: playwright-report
-          path: playwright-report/
-          retention-days: 3

.github/workflows/publish-embedded-packages.yaml

@@ -0,0 +1,225 @@
+name: Build & publish embedded packages for releases
+
+on:
+  release:
+    types: [published]
+  pull_request:
+    types:
+      - synchronize
+      - opened
+      - labeled
+  push:
+    branches: [livekit]
+
+env:
+  # We perform a dry run for all events except releases.
+  # This is to help make sure that we notice if the packaging process has become
+  # broken ahead of a release.
+  DRY_RUN: ${{ github.event_name != 'release' }}
+  # We should only use the hard coded test value for a dry run
+  VERSION: ${{ github.event_name == 'release' && github.event.release.tag_name || 'v0.0.0-pre.0' }}
+
+jobs:
+  build_element_call:
+    uses: ./.github/workflows/build-element-call.yaml
+    with:
+      vite_app_version: embedded-${{ github.event.release.tag_name || 'v0.0.0-pre.0' }} # Using ${{ env.VERSION }} here doesn't work
+      package: embedded
+    secrets:
+      SENTRY_ORG: ${{ secrets.SENTRY_ORG }}
+      SENTRY_PROJECT: ${{ secrets.SENTRY_PROJECT }}
+      SENTRY_URL: ${{ secrets.SENTRY_URL }}
+      SENTRY_AUTH_TOKEN: ${{ secrets.SENTRY_AUTH_TOKEN }}
+
+  publish_tarball:
+    needs: build_element_call
+    if: always()
+    name: Publish tarball
+    runs-on: ubuntu-latest
+    permissions:
+      contents: write # required to upload release asset
+    steps:
+      - name: Determine filename
+        run: echo "FILENAME_PREFIX=element-call-embedded-${VERSION:1}" >> "$GITHUB_ENV"
+      - name: 📥 Download built element-call artifact
+        uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4
+        with:
+          github-token: ${{ secrets.GITHUB_TOKEN }}
+          run-id: ${{ github.event.workflow_run.id || github.run_id }}
+          name: build-output-embedded
+          path: ${{ env.FILENAME_PREFIX}}
+      - name: Create Tarball
+        run: tar --numeric-owner -cvzf ${{ env.FILENAME_PREFIX }}.tar.gz ${{ env.FILENAME_PREFIX }}
+      - name: Create Checksum
+        run: find ${{ env.FILENAME_PREFIX }} -type f -print0 | sort -z | xargs -0 sha256sum | tee ${{ env.FILENAME_PREFIX }}.sha256
+      - name: Upload
+        if: ${{ env.DRY_RUN == 'false' }}
+        uses: softprops/action-gh-release@c95fe1489396fe8a9eb87c0abf8aa5b2ef267fda # v2
+        with:
+          files: |
+            ${{ env.FILENAME_PREFIX }}.tar.gz
+            ${{ env.FILENAME_PREFIX }}.sha256
+
+  publish_npm:
+    needs: build_element_call
+    if: always()
+    name: Publish NPM
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      id-token: write # required for the provenance flag on npm publish
+    steps:
+      - name: Checkout
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
+
+      - name: 📥 Download built element-call artifact
+        uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4
+        with:
+          github-token: ${{ secrets.GITHUB_TOKEN }}
+          run-id: ${{ github.event.workflow_run.id || github.run_id }}
+          name: build-output-embedded
+          path: embedded/web/dist
+
+      - name: Setup node
+        uses: actions/setup-node@1d0ff469b7ec7b3cb9d8673fde0c81c44821de2a # v4
+        with:
+          node-version-file: .node-version
+          registry-url: "https://registry.npmjs.org"
+
+      - name: Publish npm
+        working-directory: embedded/web
+        run: |
+          npm version ${{ env.VERSION }} --no-git-tag-version
+          echo "ARTIFACT_VERSION=$(jq '.version' --raw-output package.json)" >> "$GITHUB_ENV"
+          npm publish --provenance --access public ${{ env.DRY_RUN == 'true' && '--dry-run' || '' }}
+        env:
+          NODE_AUTH_TOKEN: ${{ secrets.NPM_RELEASE_TOKEN }}
+
+  publish_android:
+    needs: build_element_call
+    if: always()
+    name: Publish Android AAR
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+    steps:
+      - name: Checkout
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
+
+      - name: 📥 Download built element-call artifact
+        uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4
+        with:
+          github-token: ${{ secrets.GITHUB_TOKEN }}
+          run-id: ${{ github.event.workflow_run.id || github.run_id }}
+          name: build-output-embedded
+          path: embedded/android/lib/src/main/assets/element-call
+
+      - name: ☕️ Setup Java
+        uses: actions/setup-java@3a4f6e1af504cf6a31855fa899c6aa5355ba6c12 # v4
+        with:
+          distribution: "temurin"
+          java-version: "17"
+
+      - name: Get artifact version
+        run: echo "ARTIFACT_VERSION=${VERSION:1}" >> "$GITHUB_ENV"
+
+      - name: Publish AAR
+        working-directory: embedded/android
+        env:
+          EC_VERSION: ${{ env.ARTIFACT_VERSION }}
+          ORG_GRADLE_PROJECT_mavenCentralUsername: ${{ secrets.MAVEN_RELEASE_USERNAME }}
+          ORG_GRADLE_PROJECT_mavenCentralPassword: ${{ secrets.MAVEN_RELEASE_PASSWORD }}
+          ORG_GRADLE_PROJECT_signingInMemoryKey: ${{ secrets.GPG_SIGNING_KEY }}
+          ORG_GRADLE_PROJECT_signingInMemoryKeyPassword: ${{ secrets.GPG_SIGNING_KEY_PASSWORD }}
+        run: ./gradlew publishAndReleaseToMavenCentral --no-daemon ${{ env.DRY_RUN == 'true' && '--dry-run' || '' }}
+
+  publish_ios:
+    needs: build_element_call
+    if: always()
+    name: Publish SwiftPM Library
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+    steps:
+      - name: Checkout
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
+        with:
+          path: element-call
+
+      - name: 📥 Download built element-call artifact
+        uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4
+        with:
+          github-token: ${{ secrets.GITHUB_TOKEN }}
+          run-id: ${{ github.event.workflow_run.id || github.run_id }}
+          name: build-output-embedded
+          path: element-call/embedded/ios/Sources/dist
+
+      - name: Checkout element-call-swift
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
+        with:
+          repository: element-hq/element-call-swift
+          path: element-call-swift
+          token: ${{ secrets.SWIFT_RELEASE_TOKEN }}
+
+      - name: Copy files
+        run: rsync -a --delete --exclude .git element-call/embedded/ios/ element-call-swift
+
+      - name: Get artifact version
+        run: echo "ARTIFACT_VERSION=${VERSION:1}" >> "$GITHUB_ENV"
+
+      - name: Commit and tag
+        working-directory: element-call-swift
+        run: |
+          git config --global user.email "ci@element.io"
+          git config --global user.name "Element CI"
+          git add -A
+          git commit -am "Release ${{ env.VERSION }}"
+          git tag -a ${{ env.ARTIFACT_VERSION }} -m "${{ github.event.release.html_url }}"
+
+      - name: Push
+        working-directory: element-call-swift
+        run: |
+          git push --tags ${{ env.DRY_RUN == 'true' && '--dry-run' || '' }}
+
+  release_notes:
+    needs: [publish_npm, publish_android, publish_ios]
+    if: always()
+    name: Update release notes
+    runs-on: ubuntu-latest
+    permissions:
+      contents: write # to update release notes
+    steps:
+      - name: Get artifact version
+        run: echo "ARTIFACT_VERSION=${VERSION:1}" >> "$GITHUB_ENV"
+
+      - name: Add release notes
+        if: ${{ env.DRY_RUN == 'false' }}
+        uses: softprops/action-gh-release@c95fe1489396fe8a9eb87c0abf8aa5b2ef267fda # v2
+        with:
+          append_body: true
+          body: |
+
+            ## Embedded packages
+
+            This release includes the following embedded packages that allow Element Call to be used as an embedded widget
+            within another application.
+
+            ### NPM
+
+            ```
+            npm install @element-hq/element-call-embedded@${{ env.ARTIFACT_VERSION }}
+            ```
+
+            ### Android AAR
+
+            ```
+            dependencies {
+              implementation 'io.element.android:element-call-embedded:${{ env.ARTIFACT_VERSION }}'
+            }
+            ```
+
+            ### SwiftPM
+
+            ```
+            .package(url: "https://github.com/element-hq/element-call-swift.git", from: "${{ env.ARTIFACT_VERSION }}")
+            ```

.github/workflows/publish.yaml

@@ -1,60 +1,57 @@
-name: Build & publish images to the package registry for releases
+name: Build & publish full packages for releases
 
 on:
   release:
     types: [published]
 
 env:
-  REGISTRY: ghcr.io
-  IMAGE_NAME: ${{ github.repository }}
+  VERSION: ${{ github.event.release.tag_name }}
 
 jobs:
   build_element_call:
-    if: ${{ github.event_name == 'release' }}
     uses: ./.github/workflows/build-element-call.yaml
     with:
       package: full
-      vite_app_version: ${{ github.event.release.tag_name || github.sha }}
+      vite_app_version: ${{ github.event.release.tag_name }} # Using ${{ env.VERSION }} here doesn't work
     secrets:
       SENTRY_ORG: ${{ secrets.SENTRY_ORG }}
       SENTRY_PROJECT: ${{ secrets.SENTRY_PROJECT }}
       SENTRY_URL: ${{ secrets.SENTRY_URL }}
       SENTRY_AUTH_TOKEN: ${{ secrets.SENTRY_AUTH_TOKEN }}
+
   publish_tarball:
     needs: build_element_call
     if: always()
     name: Publish tarball
     runs-on: ubuntu-latest
-    outputs:
-      unix_time: ${{steps.current-time.outputs.unix_time}}
     permissions:
       contents: write # required to upload release asset
       packages: write
     steps:
-      - name: Get current time
-        id: current-time
-        run: echo "unix_time=$(date +'%s')" >> $GITHUB_OUTPUT
-      - name: 📥 Download artifact
+      - name: Determine filename
+        run: echo "FILENAME_PREFIX=element-call-${VERSION:1}" >> "$GITHUB_ENV"
+      - name: 📥 Download built element-call artifact
         uses: actions/download-artifact@cc203385981b70ca67e1cc392babf9cc229d5806 # v4
         with:
           github-token: ${{ secrets.GITHUB_TOKEN }}
           run-id: ${{ github.event.workflow_run.id || github.run_id }}
           name: build-output-full
-          path: dist
+          path: ${{ env.FILENAME_PREFIX }}
       - name: Create Tarball
-        env:
-          TARBALL_VERSION: ${{ github.event.release.tag_name || github.sha }}
-        run: |
-          tar --numeric-owner --transform "s/dist/element-call-${TARBALL_VERSION}/" -cvzf element-call-${TARBALL_VERSION}.tar.gz dist
+        run: tar --numeric-owner --transform "s/dist/${{ env.FILENAME_PREFIX }}/" -cvzf ${{ env.FILENAME_PREFIX }}.tar.gz ${{ env.FILENAME_PREFIX }}
+      - name: Create Checksum
+        run: find ${{ env.FILENAME_PREFIX }} -type f -print0 | sort -z | xargs -0 sha256sum | tee ${{ env.FILENAME_PREFIX }}.sha256
       - name: Upload
-        uses: actions/upload-artifact@4cec3d8aa04e39d1a68397de0c4cd6fb9dce8ec1 # v4.6.1
-        env:
-          GITHUB_TOKEN: ${{ github.token }}
+        uses: softprops/action-gh-release@c95fe1489396fe8a9eb87c0abf8aa5b2ef267fda # v2
         with:
-          path: "./element-call-*.tar.gz"
+          files: |
+            ${{ env.FILENAME_PREFIX }}.tar.gz
+            ${{ env.FILENAME_PREFIX }}.sha256
+
   publish_docker:
-    needs: publish_tarball
+    needs: build_element_call
     if: always()
+    name: Publish docker
     permissions:
       contents: write
       packages: write
@@ -64,3 +61,23 @@ jobs:
       docker_tags: |
         type=sha,format=short,event=branch
         type=semver,pattern=v{{version}}
+  add_docker_release_note:
+    needs: publish_docker
+    name: Add docker release note
+    runs-on: ubuntu-latest
+    steps:
+      - name: Get artifact version
+        run: echo "ARTIFACT_VERSION=${VERSION:1}" >> "$GITHUB_ENV"
+      - name: Add release note
+        uses: softprops/action-gh-release@c95fe1489396fe8a9eb87c0abf8aa5b2ef267fda # v2
+        with:
+          append_body: true
+          body: |
+            ## Docker full package
+            Element Call is available as a Docker image from the [GitHub Container Registry](https://github.com/element-hq/element-call/pkgs/container/element-call).
+
+            The image provides a full build of Element Call that can be used both in standalone and as a widget (on a remote URL).
+
+            ```
+            docker pull ghcr.io/element-hq/element-call:${{ env.ARTIFACT_VERSION }}
+            ```

.github/workflows/test.yaml

@@ -1,11 +1,11 @@
-name: Run unit tests
+name: Test
 on:
   pull_request: {}
   push:
     branches: [livekit, full-mesh]
 jobs:
   vitest:
-    name: Run vitest tests
+    name: Run unit tests
     runs-on: ubuntu-latest
     steps:
       - name: Checkout code
@@ -28,3 +28,31 @@ jobs:
         with:
           flags: unittests
           fail_ci_if_error: true
+  playwright:
+    name: Run end-to-end tests
+    timeout-minutes: 10
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - uses: actions/setup-node@v4
+        with:
+          cache: "yarn"
+          node-version-file: ".node-version"
+      - name: Install dependencies
+        run: yarn install --frozen-lockfile
+      - name: Install Playwright Browsers
+        run: yarn playwright install --with-deps
+      - name: Run backend components
+        run: |
+          docker compose -f playwright-backend-docker-compose.yml up -d
+          docker ps
+      - name: Copy config file
+        run: cp config/config.devenv.json public/config.json
+      - name: Run Playwright tests
+        run: yarn playwright test
+      - uses: actions/upload-artifact@v4
+        if: ${{ !cancelled() }}
+        with:
+          name: playwright-report
+          path: playwright-report/
+          retention-days: 3