feat: deploy web app to staging environment #1066
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Package Installers | |
| on: | |
| push: | |
| branches: [ master ] | |
| paths-ignore: | |
| - '**.md' | |
| pull_request: | |
| branches: [ master ] | |
| paths-ignore: | |
| - '**.md' | |
| release: | |
| types: [ prereleased, released ] | |
| workflow_dispatch: | |
| jobs: | |
| validate_gradle_wrapper: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v3 | |
| - uses: gradle/wrapper-validation-action@v1 | |
| build_push: | |
| needs: [ validate_gradle_wrapper ] | |
| name: Build and upload packaged app | |
| runs-on: ${{ matrix.os }} | |
| strategy: | |
| # Adding fail-fast: false so at least some artifacts gets uploaded if others fail | |
| fail-fast: false | |
| matrix: | |
| os: [ macos-latest, windows-latest, ubuntu-latest ] | |
| steps: | |
| - uses: actions/checkout@v3 | |
| with: | |
| # We need to download all tags so that the axion-release-plugin | |
| # can resolve the most recent version tag. | |
| fetch-depth: 0 | |
| - name: Set up JDK 17 | |
| uses: actions/setup-java@v3 | |
| with: | |
| # We need a recent version of Java with jpackage included. | |
| java-version: '17.0.7' | |
| # We use the zulu distribution, which is an OpenJDK distro. | |
| distribution: 'zulu' | |
| # We create a code-signing keychain on MacOS before building and packaging the app, as the | |
| # app will be signed as part of the jpackage build phase. | |
| - name: "MacOS - Import Certificate: Developer ID Application" | |
| if: matrix.os == 'macos-latest' && (github.event_name == 'push' || github.event_name == 'release') | |
| uses: devbotsxyz/import-signing-certificate@v1 | |
| with: | |
| # This should be a certificate + private key, exported as a p12 file and base64 encoded as | |
| # a GitHub secret. The certificate should be the: | |
| # 'Developer ID Application: The International Data Organization For Transport (BF2U75HN4D)' | |
| # certificate, locked with the specified passphrase. | |
| certificate-data: ${{ secrets.MACOS_DEVELOPER_ID_APPLICATION_CERTIFICATE_P12_BASE64 }} | |
| certificate-passphrase: ${{ secrets.MACOS_DEVELOPER_ID_APPLICATION_CERTIFICATE_PASSWORD }} | |
| # The resulting keychain will be locked with this separate password. | |
| keychain-password: ${{ secrets.MACOS_KEYCHAIN_PASSWORD }} | |
| - name: "Package GUI app installer with Gradle" | |
| uses: gradle/gradle-build-action@v2 | |
| with: | |
| arguments: | | |
| jpackage | |
| -Psign-app=${{github.event_name == 'push' || github.event_name == 'release'}} | |
| # On MacOS, we now submit the app for "notarization", where Apple will scan the app for | |
| # malware and other issues. This step can take a few minutes or more; the action will wait | |
| # until the report is available. | |
| - name: "MacOS - Notarize Release Build" | |
| if: matrix.os == 'macos-latest' && (github.event_name == 'push' || github.event_name == 'release') | |
| uses: devbotsxyz/xcode-notarize@v1 | |
| with: | |
| product-path: "app/pkg/build/jpackage/GTFS Validator.app" | |
| # The Apple developer account used to run notarization. This account will receive an | |
| # email every time notarization is run. | |
| appstore-connect-username: ${{ secrets.MACOS_NOTARIZATION_USERNAME }} | |
| # The app-specific password configured for the Apple developer account that will be used | |
| # for authentication (different from the main password for the dev account). | |
| appstore-connect-password: ${{ secrets.MACOS_NOTARIZATION_PASSWORD }} | |
| # Now that we have a notarization report, we attach it to the app binary. | |
| - name: "Mac OS - Staple Release Build" | |
| if: matrix.os == 'macos-latest' && (github.event_name == 'push' || github.event_name == 'release') | |
| uses: devbotsxyz/xcode-staple@v1 | |
| with: | |
| product-path: "app/pkg/build/jpackage/GTFS Validator.app" | |
| # Now that we have a notarized app, we can package it. | |
| - name: "Mac OS - Package the app" | |
| if: matrix.os == 'macos-latest' | |
| shell: bash | |
| run: | | |
| appVersion=$(./gradlew cV -q -Prelease.quiet) | |
| appVersion=${appVersion//-SNAPSHOT/} | |
| jpackage \ | |
| --type dmg \ | |
| --name 'GTFS Validator' \ | |
| --app-version ${appVersion} \ | |
| --app-image app/pkg/build/jpackage/GTFS\ Validator.app \ | |
| --dest app/pkg/build/jpackage | |
| jpackage \ | |
| --type pkg \ | |
| --name 'GTFS Validator' \ | |
| --app-version ${appVersion} \ | |
| --app-image app/pkg/build/jpackage/GTFS\ Validator.app \ | |
| --dest app/pkg/build/jpackage | |
| - name: "Upload Installer" | |
| uses: actions/upload-artifact@v3 | |
| with: | |
| name: Installer - ${{matrix.os}} | |
| path: | | |
| app/pkg/build/jpackage/*.msi | |
| app/pkg/build/jpackage/*.dmg | |
| app/pkg/build/jpackage/*.pkg | |
| app/pkg/build/jpackage/*.deb | |
| - name: "Upload assets to release" | |
| if: github.event_name == 'prerelease' || github.event_name == 'release' | |
| env: | |
| OS_NAME: '${{ matrix.os }}' | |
| uses: actions/github-script@v2 | |
| with: | |
| github-token: ${{ secrets.GITHUB_TOKEN }} | |
| script: | | |
| console.log(`Running on OS ${process.env.OS_NAME}`); | |
| console.log(`Uploading asset to release ID ${context.payload.release.id}`); | |
| const os = process.env.OS_NAME.split('-')[0] | |
| const fs = require('fs').promises; | |
| const { repo: { owner, repo }, sha } = context; | |
| for (let file of await fs.readdir('./app/pkg/build/jpackage')) { | |
| const extension = file.split('.').pop() | |
| if (extension != "msi" && extension != "dmg" && extension != "pkg" && extension != "deb") | |
| continue; | |
| console.log('Uploading', file); | |
| await github.repos.uploadReleaseAsset({ | |
| owner, repo, | |
| release_id: context.payload.release.id, | |
| name: `Installer ${os}.${extension}`, | |
| data: await fs.readFile(`./app/pkg/build/jpackage/${file}`) | |
| }); | |
| } |