-
Notifications
You must be signed in to change notification settings - Fork 113
147 lines (123 loc) · 5.54 KB
/
release.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
# Only run on master push
name: Release Executables Binaries
on:
push:
branches:
- master
jobs:
release:
runs-on: ${{ matrix.os }}
permissions:
contents: write
environment: deployment
strategy:
matrix:
os: [macos-12-large, ubuntu-latest, windows-latest]
steps:
- name: setup dependencies
if: startsWith(matrix.os, 'ubuntu')
run: sudo apt-get update && sudo apt-get install -y libusb-1.0-0-dev libudev-dev libarchive-tools
- name: Check out Git repository
uses: actions/checkout@v1
- name: Install Node.js, NPM and Yarn
uses: actions/setup-node@v1
with:
node-version: 18
- name: Install deps with big timeout
run: |
yarn install --network-timeout 600000
- name: Install Snapcraft
uses: samuelmeuli/action-snapcraft@v2
# Only install Snapcraft on Ubuntu
if: startsWith(matrix.os, 'ubuntu')
- name: Install AzureSignTool
# Only install Azure Sign Tool on Windows
if: startsWith(matrix.os, 'windows')
run: dotnet tool install --global AzureSignTool
- name: Extract current branch name
shell: bash
run: echo "##[set-output name=branch;]$(echo ${GITHUB_REF#refs/heads/})"
id: extract_branch
- name: Get name & version from package.json
shell: bash
run: |
echo "##[set-output name=name;]$(node -p -e '`${require("./package.json").name}`')"
echo "##[set-output name=version;]$(node -p -e '`${require("./package.json").version}`')"
id: package_json
- name: Log release reference
run: |
echo "********* START RELEASE REF **********"
echo ${{ github.ref }}
echo branch: ${{ steps.extract_branch.outputs.branch }}
echo name: ${{ steps.package_json.outputs.name }}
echo version: ${{ steps.package_json.outputs.version }}
echo "********* END RELEASE REF ************"
- name: Prepare for app notarization (MacOS)
if: startsWith(matrix.os, 'macos')
# Import Apple API key for app notarization on macOS
run: |
mkdir -p ~/private_keys/
echo '${{ secrets.mac_api_key_2024 }}' > ~/private_keys/AuthKey_${{ secrets.mac_api_key_id_2024 }}.p8
- name: Build/release Electron app (MacOS, Ubuntu, Windows)
uses: samuelmeuli/action-electron-builder@v1
# if: startsWith(matrix.os, 'macos') || startsWith(matrix.os, 'ubuntu')
continue-on-error: true
with:
build_script_name: electron:pre-build
# GitHub token, automatically provided to the action
# (No need to define this secret in the repo settings)
github_token: ${{ secrets.github_token }}
# When a push is done to master, the action builds binaries for all OS and they are then released directly
release: ${{ steps.extract_branch.outputs.branch == 'master' }}
mac_certs: ${{ secrets.mac_certs_2024 }}
mac_certs_password: ${{ secrets.mac_certs_password_2024 }}
env:
# macOS notarization API key
APPLE_API_KEY: ~/private_keys/AuthKey_${{ secrets.mac_api_key_id_2024 }}.p8
APPLE_API_KEY_ID: ${{ secrets.mac_api_key_id_2024 }}
APPLE_API_KEY_ISSUER: ${{ secrets.mac_api_key_issuer_id_2024 }}
APPLE_API_ISSUER: ${{ secrets.mac_api_key_issuer_id_2024 }}
# Login to Snap Store
SNAPCRAFT_STORE_CREDENTIALS: ${{ secrets.SNAPCRAFT_TOKEN }}
- name: Upload notarization-error.log
uses: actions/upload-artifact@v2
if: startsWith(matrix.os, 'macos')
with:
name: notarization-error.log
path: /Users/runner/work/chain-desktop-wallet/chain-desktop-wallet/notarization-error.log
- name: Build Electron app (Windows)
if: startsWith(matrix.os, 'windows')
run: |
yarn run electron:winbuild
- name: Sign built binary (Windows)
if: startsWith(matrix.os, 'windows')
# Instead of pointing to a specific .exe, uses a PowerShell script which iterates through all the files stored in dist folder.
# If the file has the .exe extension, then it will use the AzureSignTool command to sign it.
run: |
cd dist; Get-ChildItem -recurse -Include **.exe | ForEach-Object {
$exePath = $_.FullName
& AzureSignTool sign -kvu "${{ secrets.azure_key_vault_url }}" -kvi "${{ secrets.azure_key_vault_client_id }}" -kvt "${{ secrets.azure_key_vault_tenant_id }}" -kvs "${{ secrets.azure_key_vault_client_secret }}" -kvc "${{ secrets.azure_key_vault_name }}" -tr http://timestamp.digicert.com -v $exePath
}; cd ..
- name: Cleanup artifacts (Windows)
if: startsWith(matrix.os, 'windows')
run: |
mkdir dist/temp; Move-Item -Path dist/*.exe, dist/*.blockmap, dist/latest.yml -Destination dist/temp
npx rimraf "dist/!(temp)"
npx rimraf "dist/.icon-ico"
mv dist/temp/* dist
npx rimraf "dist/temp"
- name: Upload artifacts (Windows)
uses: actions/upload-artifact@v2
if: startsWith(matrix.os, 'windows')
with:
name: ${{ matrix.os }}
path: dist
- name: Release Electron app (Windows)
uses: softprops/action-gh-release@v1
if: startsWith(matrix.os, 'windows')
with:
draft: true
tag_name: v${{ steps.package_json.outputs.version }}
files: "dist/**"
env:
GITHUB_TOKEN: ${{ secrets.github_token }}