-
Notifications
You must be signed in to change notification settings - Fork 0
/
otherapp.txt
428 lines (420 loc) · 22 KB
/
otherapp.txt
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
name: Build
# # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # #
# #
# ZETTLR MAIN BUILD GITHUB ACTIONS FILE #
# #
# # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # #
# #
# This file contains the logic necessary to build a full release from source. #
# #
# WHEN IT RUNS: #
# #
# * Whenever someone successfully pushes develop --> master. #
# * Every Monday at noon (UTC) #
# * Manually #
# #
# The last two events are being used to create nightly releases. The first #
# event type indicates that the pipeline should build a regular release. #
# #
# HOW IT RUNS: #
# #
# 1. Three virtual machines are spun up in parallel: A Windows VM, a Ubuntu #
# VM, and a macOS VM. All three are tasked with building all releases that #
# we offer for the given platform. The Ubuntu VM builds the most since we #
# have many more Linux releases. Windows and macOS only build one x64 and #
# one ARM release. However, they also perform code signing (and #
# notarization in case of the macOS VM), which the Ubuntu VM doesn't do. #
# 2. Each VM uploads all resulting artifacts into their respective artifact #
# space, named "linux", "darwin", and "win32" respectively (analogous to #
# node.js's process.platform-variable). #
# 3. Iff (if and only if) all three runners have shut down successfully, #
# indicating successful builds, another Ubuntu VM will be started. That #
# one is tasked with downloading all releases from the three artifact #
# spaces, calculate the SHA-256 checksums for every file and afterwards #
# upload all files: In case of a nightly to the Zettlr server, where they #
# can be downloaded from nightly.zettlr.com, or, in case of a regular #
# release, to a newly created release draft here on GitHub. #
# #
# THINGS TO NOTE: #
# #
# * Every runner will retrieve the package.json's "version" field by running #
# a somewhat weird-looking command. This is necessary to make finding the #
# releases easier which are being produced by electron-forge and electron- #
# builder. #
# * Especially the macOS runner can often produce problems, because there #
# have been rumors that apparently even the macOS server operating systems #
# tend to open modal windows -- even though they're running headless. This #
# means that in case the macOS runners seem to hang it's likely we again #
# need to update the add-osx-cert.sh script. #
# * Everything is being run on Bash. Although PowerShell can do a lot, this #
# way all steps are within one language, making it easier to maintain. #
# #
# # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # #
on:
push:
branches:
- master
workflow_dispatch: # Used to manually trigger a nightly build.
inputs:
target:
# Access using github.event.inputs.target
description: 'Target ("nightly"/"stable")'
required: false
default: 'nightly'
schedule: # Every Monday at noon (UTC) we run a scheduled nightly build
- cron: '0 12 * * 1'
# Defaults for every job and step in this workflow
defaults:
run:
shell: bash # Run everything using bash
# Global environment variables
env:
# Easy way to set the node version
NODE_VERSION: '16'
# Whenever we either trigger a build manually *or* a scheduled run starts,
# this indicates a nightly build, and NOT a regular, stable release. We are
# writing it here into the environment variable to keep the code DRY and for
# easier reference.
# BUG: Disabled due to a bug in Github Actions that will not resolve this
# environment variable, thus rendering this approach unusable. We have to
# manually copy this into the appropriate places.
# BUILD_NIGHTLY: ${{ github.event_name == 'workflow_dispatch' || github.event_name == 'schedule' }}
# This workflow file contains four jobs, three to build the corresponding
# releases on all three supported platforms, and a last one, which will
# create the release draft.
jobs:
# # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # #
# #
# WINDOWS BUILDS #
# #
# # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # #
build_win:
name: Windows build
runs-on: windows-latest
steps:
# Check out master for a regular release, or develop branch for a nightly
- name: Clone repository (master branch)
if: ${{ !(github.event_name == 'workflow_dispatch' || github.event_name == 'schedule') }}
uses: actions/checkout@v3
with:
ref: 'master'
fetch-depth: 0 # Required for the tag verification step.
- name: Clone repository (develop branch)
if: ${{ github.event_name == 'workflow_dispatch' || github.event_name == 'schedule' }}
uses: actions/checkout@v3
with:
ref: 'develop'
- name: Setup NodeJS ${{ env.NODE_VERSION }}
uses: actions/setup-node@v2
with:
node-version: ${{ env.NODE_VERSION }}
- name: Set up build environment
run: yarn install --frozen-lockfile
- name: Set tag version to nightly
# If this a scheduled workflow, we know that we should build a nightly
if: ${{ github.event_name == 'workflow_dispatch' || github.event_name == 'schedule' }}
run: node ./scripts/set-nightly-version.js
- name: Retrieve tag version
id: ref
run: |
pkgver=$(node ./scripts/get-pkg-version.js)
echo ::set-output name=version::$pkgver
# If we're building a full release, we have to make sure that nobody (that
# is: Hendrik) forgot to increment the tag version. If we already have a
# tag with this version, we should not proceed, because that will then
# lead to an overwriting of the files in the previous release. That
# doesn't cause any havoc because we don't push unstable code to master,
# BUT it looks bad.
- name: Verify the corresponding tag does not yet exist
if: ${{ !(github.event_name == 'workflow_dispatch' || github.event_name == 'schedule') }}
# Note the ! - it will return 0 if the command fails, and 1 otherwise
run: '! git rev-parse "v${{steps.ref.outputs.version}}"'
# Create the windows binaries. First package both for x64 and arm64, then
# make an NSIS installer. Make sure to sign the windows installer using
# the corresponding SSL EV.
- name: Package Windows (x64)
run: yarn package:win-x64
env:
CSC_LINK: ${{ secrets.WIN_CERT_2025_03_15 }}
CSC_KEY_PASSWORD: ${{ secrets.WIN_CERT_PASS_2025_03_15 }}
- name: Package Windows (arm64)
run: yarn package:win-arm
env:
CSC_LINK: ${{ secrets.WIN_CERT_2025_03_15 }}
CSC_KEY_PASSWORD: ${{ secrets.WIN_CERT_PASS_2025_03_15 }}
- name: Build NSIS installer (x64)
run: yarn release:win-x64
env:
CSC_LINK: ${{ secrets.WIN_CERT_2025_03_15 }}
CSC_KEY_PASSWORD: ${{ secrets.WIN_CERT_PASS_2025_03_15 }}
- name: Build NSIS installer (arm64)
run: yarn release:win-arm
env:
CSC_LINK: ${{ secrets.WIN_CERT_2025_03_15 }}
CSC_KEY_PASSWORD: ${{ secrets.WIN_CERT_PASS_2025_03_15 }}
# The ARM64 artifact is being output simply as .exe w/o arch, since we
# have to include --ia32 in the build flags for ARM builds (thus,
# strictly speaking it has two architectures).
- name: Rename arm64 artifact
run: mv ./release/Zettlr-${{steps.ref.outputs.version}}.exe ./release/Zettlr-${{steps.ref.outputs.version}}-arm64.exe
# Now we need to cache all artifacts. We create one artifact per build
# step. It should be noted that "artifacts" are more like file shares.
# Thus they can contain multiple files.
- name: Cache installers
uses: actions/upload-artifact@v2
with:
name: win32
path: |
./release/Zettlr-${{steps.ref.outputs.version}}-x64.exe
./release/Zettlr-${{steps.ref.outputs.version}}-arm64.exe
# # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # #
# #
# MACOS BUILDS #
# #
# # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # #
build_macos:
name: macOS build
runs-on: macos-latest
steps:
# Check out master for a regular release, or develop branch for a nightly
- name: Clone repository (master branch)
if: ${{ !(github.event_name == 'workflow_dispatch' || github.event_name == 'schedule') }}
uses: actions/checkout@v3
with:
ref: 'master'
fetch-depth: 0 # Required for the tag verification step.
- name: Clone repository (develop branch)
if: ${{ github.event_name == 'workflow_dispatch' || github.event_name == 'schedule' }}
uses: actions/checkout@v3
with:
ref: 'develop'
- name: Setup NodeJS ${{ env.NODE_VERSION }}
uses: actions/setup-node@v2
with:
node-version: ${{ env.NODE_VERSION }}
- name: Set up build environment
run: yarn install --frozen-lockfile
- name: Set tag version to nightly
# If this a scheduled workflow, we know that we should build a nightly
if: ${{ github.event_name == 'workflow_dispatch' || github.event_name == 'schedule' }}
run: node ./scripts/set-nightly-version.js
- name: Retrieve tag version
id: ref
run: |
pkgver=$(node ./scripts/get-pkg-version.js)
echo ::set-output name=version::$pkgver
- name: Verify the corresponding tag does not yet exist # See windows build for detailed comments on this command
if: ${{ !(github.event_name == 'workflow_dispatch' || github.event_name == 'schedule') }}
run: '! git rev-parse "v${{steps.ref.outputs.version}}"'
# Save the macOS certificate on this runner for forge to access it in the
# next step below.
- name: Retrieve code signing certificate
run: ./scripts/add-osx-cert.sh
env:
MACOS_CERT: ${{ secrets.MACOS_CERT }}
MACOS_CERT_PASS: ${{ secrets.MACOS_CERT_PASS }}
# Now, finally build the app itself. This is done in four steps: First,
# two steps make sure that the app is correctly bundled in ./out, then
# the next two steps use electron builder to create the DMG files.
# This step also signs and notarizes the app. NOTE that forge does this,
# as we shall not notarize and/or sign the resulting DMG file as well!
- name: Package macOS (arm64)
run: yarn package:mac-arm
env:
APPLE_ID: ${{ secrets.APPLE_ID }}
APPLE_ID_PASS: ${{ secrets.APPLE_ID_PASS }}
- name: Package macOS (x64)
run: yarn package:mac-x64
env:
APPLE_ID: ${{ secrets.APPLE_ID }}
APPLE_ID_PASS: ${{ secrets.APPLE_ID_PASS }}
- name: Build macOS image file (arm64)
run: yarn release:mac-arm
- name: Build macOS image file (x64)
run: yarn release:mac-x64
# Finally upload both
- name: Cache image files
uses: actions/upload-artifact@v2
with:
name: darwin
path: |
./release/Zettlr-${{steps.ref.outputs.version}}-x64.dmg
./release/Zettlr-${{steps.ref.outputs.version}}-arm64.dmg
# # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # #
# #
# LINUX BUILDS #
# #
# # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # #
build_linux:
name: Linux build
runs-on: ubuntu-latest
steps:
# Check out master for a regular release, or develop branch for a nightly
- name: Clone repository (master branch)
if: ${{ !(github.event_name == 'workflow_dispatch' || github.event_name == 'schedule') }}
uses: actions/checkout@v3
with:
ref: 'master'
fetch-depth: 0 # Required for the tag verification step.
- name: Clone repository (develop branch)
if: ${{ github.event_name == 'workflow_dispatch' || github.event_name == 'schedule' }}
uses: actions/checkout@v3
with:
ref: 'develop'
- name: Setup NodeJS ${{ env.NODE_VERSION }}
uses: actions/setup-node@v2
with:
node-version: ${{ env.NODE_VERSION }}
- name: Set up build environment
run: yarn install --frozen-lockfile
- name: Set tag version to nightly
# If this a scheduled workflow, we know that we should build a nightly
if: ${{ github.event_name == 'workflow_dispatch' || github.event_name == 'schedule' }}
run: node ./scripts/set-nightly-version.js
- name: Retrieve tag version
id: ref
run: |
pkgver=$(node ./scripts/get-pkg-version.js)
echo ::set-output name=version::$pkgver
- name: Verify the corresponding tag does not yet exist # See windows build for detailed comments on this command
if: ${{ !(github.event_name == 'workflow_dispatch' || github.event_name == 'schedule') }}
run: '! git rev-parse "v${{steps.ref.outputs.version}}"'
- name: Package Linux targets (x64)
run: yarn package:linux-x64
- name: Create Linux installers (x64)
run: yarn release:linux-x64
- name: Package Linux targets (arm64)
run: yarn package:linux-arm
- name: Create Linux installers (arm64)
run: yarn release:linux-arm
# After everything has been created, now we need to cache them.
- name: Cache installers
uses: actions/upload-artifact@v2
with:
name: linux
path: |
./release/Zettlr-${{steps.ref.outputs.version}}-amd64.deb
./release/Zettlr-${{steps.ref.outputs.version}}-x86_64.rpm
./release/Zettlr-${{steps.ref.outputs.version}}-x86_64.AppImage
./release/Zettlr-${{steps.ref.outputs.version}}-arm64.deb
./release/Zettlr-${{steps.ref.outputs.version}}-aarch64.rpm
./release/Zettlr-${{steps.ref.outputs.version}}-arm64.AppImage
# # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # #
# #
# PREPARE RELEASE DRAFT #
# #
# # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # #
# After the three builds, this job downloads all assets, creates and verifies
# SHA256 checksums, and finally creates a release draft and uploads all
# assets to it. NOTE: If the workflow detects a nightly is being built, this
# step rather uploads the binaries to the Zettlr server instead of creating
# a release draft.
prepare_release:
name: Prepare release draft
# Make sure (and wait until) the builds have succeeded
needs: [build_win, build_macos, build_linux]
runs-on: ubuntu-latest
steps:
# NOTE: Here we do not care about which branch is checked out since we
# just need the two scripts which are present in both.
- name: Clone repository
uses: actions/checkout@v3
- name: Setup NodeJS ${{ env.NODE_VERSION }}
uses: actions/setup-node@v2
with:
node-version: ${{ env.NODE_VERSION }}
- name: Set up build environment
run: yarn install --frozen-lockfile
- name: Set tag version to nightly
# If this a scheduled workflow, we know that we should build a nightly
if: ${{ github.event_name == 'workflow_dispatch' || github.event_name == 'schedule' }}
run: node ./scripts/set-nightly-version.js
- name: Retrieve tag version
id: ref
run: |
pkgver=$(node ./scripts/get-pkg-version.js)
echo ::set-output name=version::$pkgver
- name: Make release directory
run: mkdir ./release
# First, download all resulting assets from the previous steps.
- name: Retrieve windows installers
uses: actions/download-artifact@v2
with:
name: win32
path: ./release
- name: Retrieve macOS images
uses: actions/download-artifact@v2
with:
name: darwin
path: ./release
- name: Retrieve Linux installers
uses: actions/download-artifact@v2
with:
name: linux
path: ./release
# Now we are set, we have all five release assets on the VM. It's time to
# create the SHA-checksums file and then upload everything!
- name: Generate SHA256 checksums
run: |
cd ./release
sha256sum "Zettlr-${{steps.ref.outputs.version}}-x64.exe" > "SHA256SUMS.txt"
sha256sum "Zettlr-${{steps.ref.outputs.version}}-arm64.exe" >> "SHA256SUMS.txt"
sha256sum "Zettlr-${{steps.ref.outputs.version}}-x64.dmg" >> "SHA256SUMS.txt"
sha256sum "Zettlr-${{steps.ref.outputs.version}}-arm64.dmg" >> "SHA256SUMS.txt"
sha256sum "Zettlr-${{steps.ref.outputs.version}}-amd64.deb" >> "SHA256SUMS.txt"
sha256sum "Zettlr-${{steps.ref.outputs.version}}-x86_64.rpm" >> "SHA256SUMS.txt"
sha256sum "Zettlr-${{steps.ref.outputs.version}}-x86_64.AppImage" >> "SHA256SUMS.txt"
sha256sum "Zettlr-${{steps.ref.outputs.version}}-arm64.deb" >> "SHA256SUMS.txt"
sha256sum "Zettlr-${{steps.ref.outputs.version}}-aarch64.rpm" >> "SHA256SUMS.txt"
sha256sum "Zettlr-${{steps.ref.outputs.version}}-arm64.AppImage" >> "SHA256SUMS.txt"
cd ..
- name: Verify checksums
run: |
cd ./release
sha256sum -c SHA256SUMS.txt
cd ..
# IF WE BUILD A NIGHTLY, AT THIS POINT JUST UPLOAD TO THE SERVER.
# We must make sure to copy the three additional files
# to the release folder because of the --delete flag in rsync below.
- name: Copy Nightly Static Files
if: ${{ github.event_name == 'workflow_dispatch' || github.event_name == 'schedule' }}
run: |
cp ./scripts/assets/nightly-index.php ./release/index.php
cp ./scripts/assets/nightly-sm_preview.png ./release/sm_preview.png
cp ./resources/icons/png/512x512.png ./release/logo.png
- name: Upload nightlies to the server
if: ${{ github.event_name == 'workflow_dispatch' || github.event_name == 'schedule' }}
uses: easingthemes/[email protected]
env:
SSH_PRIVATE_KEY: ${{ secrets.NIGHTLY_SSH_PRIVATE_KEY }}
# --delete so that no old releases remain on the server. Each iteration is approx. 1GB in size.
ARGS: "-vzhr --delete" # verbose, compress, human-readble, recursive, delete
SOURCE: "release/"
REMOTE_HOST: ${{ secrets.NIGHTLY_REMOTE_HOST }}
REMOTE_USER: ${{ secrets.NIGHTLY_REMOTE_USER }}
TARGET: ${{ secrets.NIGHTLY_TARGET }}
# OTHERWISE: Create a new release draft
- name: Create release draft
if: ${{ !(github.event_name == 'workflow_dispatch' || github.event_name == 'schedule') }}
uses: softprops/action-gh-release@v1
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
# Populate the inputs of the release we already know
tag_name: v${{steps.ref.outputs.version}}
name: Release v${{steps.ref.outputs.version}}
body: If you can read this, we have forgotten to fill in the changelog. Sorry!
draft: true # Always create as draft, so that we can populate the remaining values easily
# Gosh, is that convenient as opposed to earlier!
files: |
./release/Zettlr-${{steps.ref.outputs.version}}-x64.exe
./release/Zettlr-${{steps.ref.outputs.version}}-arm64.exe
./release/Zettlr-${{steps.ref.outputs.version}}-x64.dmg
./release/Zettlr-${{steps.ref.outputs.version}}-arm64.dmg
./release/Zettlr-${{steps.ref.outputs.version}}-amd64.deb
./release/Zettlr-${{steps.ref.outputs.version}}-x86_64.rpm
./release/Zettlr-${{steps.ref.outputs.version}}-x86_64.AppImage
./release/Zettlr-${{steps.ref.outputs.version}}-arm64.deb
./release/Zettlr-${{steps.ref.outputs.version}}-aarch64.rpm
./release/Zettlr-${{steps.ref.outputs.version}}-arm64.AppImage
./release/SHA256SUMS.txt