From 7508b28b9e0046c6a4cb31c962c6eef276de67f0 Mon Sep 17 00:00:00 2001
From: crypto-matto <matthew.to@crypto.com>
Date: Wed, 24 Jul 2024 17:37:29 +0900
Subject: [PATCH 1/2] feat: add test release file

---
 .github/workflows/release-test.yml | 137 +++++++++++++++++++++++++++++
 1 file changed, 137 insertions(+)
 create mode 100644 .github/workflows/release-test.yml

diff --git a/.github/workflows/release-test.yml b/.github/workflows/release-test.yml
new file mode 100644
index 000000000..8494e9458
--- /dev/null
+++ b/.github/workflows/release-test.yml
@@ -0,0 +1,137 @@
+# Only run on master push
+name: Release Executables Binaries
+
+on:
+  push:
+    branches:
+      - fix/mac-release
+jobs:
+  release:
+    runs-on: ${{ matrix.os }}
+    permissions:
+      contents: write
+    environment: deployment
+
+    strategy:
+      matrix:
+        os: [macos-latest]
+
+    steps:
+      - name: setup dependencies
+        if: startsWith(matrix.os, 'ubuntu')
+        run: sudo apt-get update && sudo apt-get install -y libusb-1.0-0-dev libudev-dev libarchive-tools
+
+      - name: Check out Git repository
+        uses: actions/checkout@v1
+
+      - name: Install Node.js, NPM and Yarn
+        uses: actions/setup-node@v1
+        with:
+          node-version: 18
+
+      - name: Install deps with big timeout
+        run: |
+          yarn install --network-timeout 600000
+
+      - name: Install Snapcraft
+        uses: samuelmeuli/action-snapcraft@v2
+        # Only install Snapcraft on Ubuntu
+        if: startsWith(matrix.os, 'ubuntu')
+
+      # - name: Install AzureSignTool
+      #  # Only install Azure Sign Tool on Windows
+      #   if: startsWith(matrix.os, 'windows')
+      #   run: dotnet tool install --global AzureSignTool
+
+      - name: Extract current branch name
+        shell: bash
+        run: echo "##[set-output name=branch;]$(echo ${GITHUB_REF#refs/heads/})"
+        id: extract_branch
+
+      - name: Get name & version from package.json
+        shell: bash
+        run: | 
+          echo "##[set-output name=name;]$(node -p -e '`${require("./package.json").name}`')"
+          echo "##[set-output name=version;]$(node -p -e '`${require("./package.json").version}`')"
+        id: package_json
+
+      - name: Log release reference
+        run: |
+          echo "********* START RELEASE REF **********"
+          echo ${{ github.ref }}
+          echo branch: ${{ steps.extract_branch.outputs.branch }}
+          echo name: ${{ steps.package_json.outputs.name }}
+          echo version: ${{ steps.package_json.outputs.version }}
+          echo "********* END RELEASE REF ************"
+
+      - name: Prepare for app notarization (MacOS)
+        if: startsWith(matrix.os, 'macos')
+        # Import Apple API key for app notarization on macOS
+        run: |
+          mkdir -p ~/private_keys/
+          echo '${{ secrets.mac_api_key }}' > ~/private_keys/AuthKey_${{ secrets.mac_api_key_id }}.p8
+
+      - name: Build/release Electron app (MacOS, Ubuntu, Windows)
+        uses: samuelmeuli/action-electron-builder@v1
+        # if: startsWith(matrix.os, 'macos') || startsWith(matrix.os, 'ubuntu')
+        with:
+
+          build_script_name: electron:pre-build
+
+          # GitHub token, automatically provided to the action
+          # (No need to define this secret in the repo settings)
+          github_token: ${{ secrets.github_token }}
+
+          # When a push is done to master, the action builds binaries for all OS and they are then released directly
+          release: ${{ steps.extract_branch.outputs.branch == 'fix/mac-release' }}
+
+          mac_certs: ${{ secrets.mac_certs_2024 }}
+          mac_certs_password: ${{ secrets.mac_certs_2024_password }}
+
+        env:
+          # macOS notarization API key
+          API_KEY_ID: ${{ secrets.mac_api_key_id }}
+          API_KEY_ISSUER_ID: ${{ secrets.mac_api_key_issuer_id }}
+          # Login to Snap Store
+          SNAPCRAFT_STORE_CREDENTIALS: ${{ secrets.SNAPCRAFT_TOKEN }}
+          
+      - name: Build Electron app (Windows)
+        if: startsWith(matrix.os, 'windows')
+        run: |
+          yarn run electron:build
+
+      - name: Sign built binary (Windows)
+        if: startsWith(matrix.os, 'windows')
+        # Instead of pointing to a specific .exe, uses a PowerShell script which iterates through all the files stored in dist folder. 
+        # If the file has the .exe extension, then it will use the AzureSignTool command to sign it.
+        run: |
+              cd dist; Get-ChildItem -recurse -Include **.exe | ForEach-Object {
+              $exePath = $_.FullName
+              & AzureSignTool sign -kvu "${{ secrets.azure_key_vault_url }}" -kvi "${{ secrets.azure_key_vault_client_id }}" -kvt "${{ secrets.azure_key_vault_tenant_id }}" -kvs "${{ secrets.azure_key_vault_client_secret }}" -kvc "${{ secrets.azure_key_vault_name }}" -tr http://timestamp.digicert.com -v $exePath
+              }; cd ..
+
+      - name: Cleanup artifacts (Windows)
+        if: startsWith(matrix.os, 'windows')
+        run: |
+          mkdir dist/temp; Move-Item -Path dist/*.exe, dist/*.blockmap, dist/latest.yml -Destination dist/temp
+          npx rimraf "dist/!(temp)"
+          npx rimraf "dist/.icon-ico"
+          mv dist/temp/* dist
+          npx rimraf "dist/temp"
+
+      - name: Upload artifacts (Windows)
+        uses: actions/upload-artifact@v2
+        if: startsWith(matrix.os, 'windows')
+        with:
+          name: ${{ matrix.os }}
+          path: dist
+
+      - name: Release Electron app (Windows)
+        uses: softprops/action-gh-release@v1
+        if: startsWith(matrix.os, 'windows')
+        with:
+          draft: true
+          tag_name: v${{ steps.package_json.outputs.version }}
+          files: "dist/**"
+        env:
+          GITHUB_TOKEN: ${{ secrets.github_token }}

From 7b84ed6f13bc3a7410e11100ecd97c1d204b4ea8 Mon Sep 17 00:00:00 2001
From: crypto-matto <matthew.to@crypto.com>
Date: Thu, 25 Jul 2024 02:33:23 +0900
Subject: [PATCH 2/2] update env

---
 .github/workflows/release-test.yml | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/.github/workflows/release-test.yml b/.github/workflows/release-test.yml
index 8494e9458..f432dd2c1 100644
--- a/.github/workflows/release-test.yml
+++ b/.github/workflows/release-test.yml
@@ -69,7 +69,7 @@ jobs:
         # Import Apple API key for app notarization on macOS
         run: |
           mkdir -p ~/private_keys/
-          echo '${{ secrets.mac_api_key }}' > ~/private_keys/AuthKey_${{ secrets.mac_api_key_id }}.p8
+          echo '${{ secrets.mac_api_key_2024 }}' > ~/private_keys/AuthKey_${{ secrets.mac_api_key_id_2024 }}.p8
 
       - name: Build/release Electron app (MacOS, Ubuntu, Windows)
         uses: samuelmeuli/action-electron-builder@v1
@@ -86,12 +86,12 @@ jobs:
           release: ${{ steps.extract_branch.outputs.branch == 'fix/mac-release' }}
 
           mac_certs: ${{ secrets.mac_certs_2024 }}
-          mac_certs_password: ${{ secrets.mac_certs_2024_password }}
+          mac_certs_password: ${{ secrets.mac_certs_password_2024 }}
 
         env:
           # macOS notarization API key
-          API_KEY_ID: ${{ secrets.mac_api_key_id }}
-          API_KEY_ISSUER_ID: ${{ secrets.mac_api_key_issuer_id }}
+          API_KEY_ID: ${{ secrets.mac_api_key_id_2024 }}
+          API_KEY_ISSUER_ID: ${{ secrets.mac_api_key_issuer_id_2024 }}
           # Login to Snap Store
           SNAPCRAFT_STORE_CREDENTIALS: ${{ secrets.SNAPCRAFT_TOKEN }}