Skip to content

Merge pull request #4237 from kubeshop/dependabot/npm_and_yarn/follow… #1788

Merge pull request #4237 from kubeshop/dependabot/npm_and_yarn/follow…

Merge pull request #4237 from kubeshop/dependabot/npm_and_yarn/follow… #1788

name: monokle-sign-notarize-publish
on:
push:
branches:
- main
release:
types:
- prereleased
# Allows you to run this workflow manually from the Actions tab
workflow_dispatch:
jobs:
# This workflow contains a single job called "build"
build-and-publish-mac:
runs-on: macos-latest
steps:
- name: Context
env:
GITHUB_CONTEXT: ${{ toJson(github) }}
run: echo "$GITHUB_CONTEXT"
# Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it.
- name: Checkout Project
uses: actions/checkout@v2
# Check memory and cpu
- name: Verify Runner Resources
run: |
sysctl -n machdep.cpu.brand_string
vm_stat | perl -ne '/page size of (\d+)/ and $size=$1; /Pages\s+([^:]+)[^\d]+(\d+)/ and printf("%-16s % 16.2f Mi\n", "$1:", $2 * $size / 1048576);'
- name: Install Tools
run: |
brew install jq
- name: Check MacOS certs expiration
run: |
ls -la
chmod +x .github/workflows/scripts/check-osx-cert-exp.sh && .github/workflows/scripts/check-osx-cert-exp.sh
env:
CERTIFICATE_OSX_APPLICATION: ${{ secrets.MONOKLE_MACOS_CERTS }}
CERTIFICATE_PASSWORD: ${{ secrets.MONOKLE_MACOS_CERTS_PASSWORD }}
- name: Add MacOS certs
run: |
ls -la
chmod +x .github/workflows/scripts/add-osx-cert.sh && .github/workflows/scripts/add-osx-cert.sh
env:
CERTIFICATE_OSX_APPLICATION: ${{ secrets.MONOKLE_MACOS_CERTS }}
CERTIFICATE_PASSWORD: ${{ secrets.MONOKLE_MACOS_CERTS_PASSWORD }}
- name: Electron mac os security identities
run: security find-identity -v
- name: Get Node Version
run: |
cat .nvmrc
echo "::set-output name=nodeversion::$(cat .nvmrc)"
id: get-node-version
- name: Use Node.js ${{ steps.get-node-version.outputs.nodeversion }}
uses: actions/setup-node@v2
with:
node-version: ${{ steps.get-node-version.outputs.nodeversion }}
cache: 'npm'
# Fixes issues with node-gyp https://github.com/nodejs/node-gyp/issues/2869
- name: Install Python utilities
run: python3 -m pip install setuptools --break-system-packages
- name: Install Dependencies
run: |
env
echo "npm: $(npm --version)"
echo "node: $(node --version)"
npm install
- name: Install dmg-license
run: npm install dmg-license
# - name: Verify Dependencies
# run: |
# ls -la
# npm list --depth=1
- name: Build
run: |
contents="$(jq --arg SENTRY_DSN $SENTRY_DSN '.SENTRY_DSN = $SENTRY_DSN' electron/env.json)" && echo "${contents}" > electron/env.json
contents="$(jq --arg MONOKLE_INSTALLS_URL $MONOKLE_INSTALLS_URL '.MONOKLE_INSTALLS_URL = $MONOKLE_INSTALLS_URL' electron/env.json)" && echo "${contents}" > electron/env.json
contents="$(jq --arg SEGMENT_API_KEY $SEGMENT_API_KEY '.SEGMENT_API_KEY = $SEGMENT_API_KEY' electron/env.json)" && echo "${contents}" > electron/env.json
npm run electron:build:ci
env:
# Set CI flag to false, or the build fails on all warnings, not just errors as locally.
CI: false
SENTRY_DSN: ${{ secrets.SENTRY_DSN }}
MONOKLE_INSTALLS_URL: ${{ secrets.MONOKLE_INSTALLS_URL }}
SEGMENT_API_KEY: ${{ secrets.SEGMENT_API_KEY }}
SENTRY_AUTH_TOKEN: ${{ secrets.SENTRY_AUTH_TOKEN }}
REACT_APP_NEWS_FEED_URL: ${{ secrets.REACT_APP_NEWS_FEED_URL }}
- name: Package
id: build
run: |
echo "::set-output name=TAG::v$(cat package.json | jq -r '.version')"
npm exec -c "electron-builder --publish \"never\""
env:
GITHUB_TOKEN: ${{ secrets.github_token }}
EP_PRE_RELEASE: true
NOTARIZE: true
CSC_LINK: ${{ secrets.MONOKLE_MACOS_CERTS }}
CSC_KEY_PASSWORD: ${{ secrets.MONOKLE_MACOS_CERTS_PASSWORD }}
APPLE_ID: ${{ secrets.APPLE_ID }}
APPLE_ID_PASSWORD: ${{ secrets.APPLE_ID_PASSWORD }}
APPLE_APP_SPECIFIC_PASSWORD: ${{ secrets.APPLE_APP_SPECIFIC_PASSWORD }}
APPLE_TEAM_ID: ${{ secrets.APPLE_TEAM_ID }}
USE_HARD_LINKS: false
# Check Binary Size
- name: Build Succeeded
run: |
ls -alh dist | grep Monokle && du -sh dist/mac || true
if: ${{ success() }}
- name: Create release and upload artifacts
uses: ncipollo/release-action@v1
with:
allowUpdates: true
prerelease: true
artifacts: 'dist/latest-mac.yml,dist/*.dmg,dist/*.blockmap,dist/*.zip'
omitBody: true
tag: ${{ steps.package.outputs.TAG }}
token: ${{ secrets.github_token }}
if: "!contains(github.ref, 'main')"
- name: Archive Binary
uses: actions/upload-artifact@v2
with:
name: dist-mac
path: dist
if: ${{ success() }}
- name: Build Failed - Output Build Logs
run: |
cat /Users/runner/.npm/_logs/*-debug.log || true
if: ${{ failure() || cancelled() }}
- name: Build Failed - Archive Build Logs
uses: actions/upload-artifact@v2
with:
name: logs
path: /Users/runner/.npm/_logs
if: ${{ failure() || cancelled() }}
# Make sure no secrets or certs are left on the runner
- name: Cleanup files after run
run: |
rm -rf *
ls -la
if: ${{ always() }}
build-and-publish-windows:
runs-on: windows-latest
steps:
- name: Context
env:
GITHUB_CONTEXT: ${{ toJson(github) }}
run: echo "$GITHUB_CONTEXT"
# Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it.
- name: Checkout Project
uses: actions/checkout@v2
- name: Install Tools
run: |
choco install jq dotnet-5.0-runtime dotnetcore-sdk -y
dotnet tool install --version 3.0.0 --global AzureSignTool
- name: Get Node Version
run: |
Set-PSDebug -Trace 1
$filePath = "D:\a\monokle\monokle\.nvmrc"
Get-Content $filePath -Raw
$content = Get-Content $filePath -Raw
echo "::set-output name=nodeversion::$content"
id: get-node-version
- name: Use Node.js ${{ steps.get-node-version.outputs.nodeversion }}
uses: actions/setup-node@v2
with:
node-version: ${{ steps.get-node-version.outputs.nodeversion }}
cache: 'npm'
# Fixes issues with node-gyp https://github.com/nodejs/node-gyp/issues/2869
- name: Install Python utilities
run: python3 -m pip install setuptools --break-system-packages
# Install Dependencies
- name: Install Dependencies
run: |
Set-PSDebug -Trace 1
node --version
npm --version
npm install
# - name: Verify Dependencies
# run: |
# cmd /r dir
# npm list --depth=1
- name: Build
shell: PowerShell
run: |
($contents=jq --arg SENTRY_DSN $env:SENTRY_DSN '.SENTRY_DSN = $SENTRY_DSN' electron\env.json) -and ($contents | set-content electron\env.json -Encoding Ascii)
($contents=jq --arg MONOKLE_INSTALLS_URL $env:MONOKLE_INSTALLS_URL '.MONOKLE_INSTALLS_URL = $MONOKLE_INSTALLS_URL' electron\env.json) -and ($contents | set-content electron\env.json -Encoding Ascii)
($contents=jq --arg SEGMENT_API_KEY $env:SEGMENT_API_KEY '.SEGMENT_API_KEY = $SEGMENT_API_KEY' electron\env.json) -and ($contents | set-content electron\env.json -Encoding Ascii)
npm run electron:build:ci
env:
# Set CI flag to false, or the build fails on all warnings, not just errors as locally.
CI: false
SENTRY_DSN: ${{ secrets.SENTRY_DSN }}
MONOKLE_INSTALLS_URL: ${{ secrets.MONOKLE_INSTALLS_URL }}
SEGMENT_API_KEY: ${{ secrets.SEGMENT_API_KEY }}
SENTRY_AUTH_TOKEN: ${{ secrets.SENTRY_AUTH_TOKEN }}
REACT_APP_NEWS_FEED_URL: ${{ secrets.REACT_APP_NEWS_FEED_URL }}
- name: Package
id: package
run: |
$p = get-content package.json | ConvertFrom-Json
echo "::set-output name=TAG::v$($p.version)"
npm exec -c 'electron-builder --publish "never"'
env:
GITHUB_TOKEN: ${{ secrets.github_token }}
AZURE_CREDENTIALS: ${{ secrets.AZURE_CREDENTIALS }}
EP_PRE_RELEASE: true
USE_HARD_LINKS: false
# Check Binary Size
- name: Build Succeeded
run: |
cmd /r dir .\dist
if: ${{ success() }}
- name: Create release and upload artifacts
uses: ncipollo/release-action@v1
with:
allowUpdates: true
prerelease: true
artifacts: 'dist/latest.yml,dist/*.exe,dist/*.blockmap'
omitBody: true
tag: ${{ steps.package.outputs.TAG }}
token: ${{ secrets.github_token }}
if: "!contains(github.ref, 'main')"
- name: Archive Binary
uses: actions/upload-artifact@v2
with:
name: dist-win
path: dist
if: ${{ success() }}
# This workflow contains a single job called "build"
build-and-publish-linux:
runs-on: ubuntu-latest
steps:
- name: Context
env:
GITHUB_CONTEXT: ${{ toJson(github) }}
run: echo "$GITHUB_CONTEXT"
# Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it.
- name: Checkout Project
uses: actions/checkout@v2
- name: Get Node Version
run: |
cat .nvmrc
echo "::set-output name=nodeversion::$(cat .nvmrc)"
id: get-node-version
- name: Use Node.js ${{ steps.get-node-version.outputs.nodeversion }}
uses: actions/setup-node@v2
with:
node-version: ${{ steps.get-node-version.outputs.nodeversion }}
cache: 'npm'
# Fixes issues with node-gyp https://github.com/nodejs/node-gyp/issues/2869
- name: Install Python utilities
run: python3 -m pip install setuptools --break-system-packages
- name: Install Dependencies
run: |
env
echo "npm: $(npm --version)"
echo "node: $(node --version)"
npm install
# - name: Verify Dependencies
# run: |
# ls -la
# npm list --depth=1
- name: Install Tools
run: |
sudo apt-get install jq
- name: Build
run: |
contents="$(jq --arg SENTRY_DSN $SENTRY_DSN '.SENTRY_DSN = $SENTRY_DSN' electron/env.json)" && echo "${contents}" > electron/env.json
contents="$(jq --arg MONOKLE_INSTALLS_URL $MONOKLE_INSTALLS_URL '.MONOKLE_INSTALLS_URL = $MONOKLE_INSTALLS_URL' electron/env.json)" && echo "${contents}" > electron/env.json
contents="$(jq --arg SEGMENT_API_KEY $SEGMENT_API_KEY '.SEGMENT_API_KEY = $SEGMENT_API_KEY' electron/env.json)" && echo "${contents}" > electron/env.json
npm run electron:build:ci
env:
# Set CI flag to false, or the build fails on all warnings, not just errors as locally.
CI: false
SENTRY_DSN: ${{ secrets.SENTRY_DSN }}
MONOKLE_INSTALLS_URL: ${{ secrets.MONOKLE_INSTALLS_URL }}
SEGMENT_API_KEY: ${{ secrets.SEGMENT_API_KEY }}
SENTRY_AUTH_TOKEN: ${{ secrets.SENTRY_AUTH_TOKEN }}
REACT_APP_NEWS_FEED_URL: ${{ secrets.REACT_APP_NEWS_FEED_URL }}
- name: Package
id: package
run: |
echo "::set-output name=TAG::v$(cat package.json | jq -r '.version')"
npm exec -c "electron-builder --publish \"never\""
env:
GITHUB_TOKEN: ${{ secrets.github_token }}
EP_PRE_RELEASE: true
USE_HARD_LINKS: false
# Check Binary Size
- name: Build Succeeded
run: |
ls -alh dist | grep Monokle && du -sh dist || true
if: ${{ success() }}
- name: Create release and upload artifacts
uses: ncipollo/release-action@v1
with:
allowUpdates: true
prerelease: true
artifacts: 'dist/latest-linux.yml,dist/latest-linux-arm64.yml,dist/*.deb,dist/*.AppImage,dist/*.rpm'
omitBody: true
tag: ${{ steps.package.outputs.TAG }}
token: ${{ secrets.github_token }}
if: "!contains(github.ref, 'main')"
- name: Archive Binary
uses: actions/upload-artifact@v2
with:
name: dist-nix
path: dist
if: ${{ success() }}
- name: Build Failed - Output Build Logs
run: |
cat /Users/runner/.npm/_logs/*-debug.log || true
if: ${{ failure() || cancelled() }}
- name: Build Failed - Archive Build Logs
uses: actions/upload-artifact@v2
with:
name: logs
path: /Users/runner/.npm/_logs
if: ${{ failure() || cancelled() }}
# Make sure no secrets or certs are left on the runner
- name: Cleanup files after run
run: |
rm -rf *
ls -la
if: ${{ always() }}