|
| 1 | +# Only run on master push |
| 2 | +name: Release Executables Binaries |
| 3 | + |
| 4 | +on: |
| 5 | + push: |
| 6 | + branches: |
| 7 | + - fix/isolation |
| 8 | +jobs: |
| 9 | + release: |
| 10 | + runs-on: ${{ matrix.os }} |
| 11 | + permissions: |
| 12 | + contents: write |
| 13 | + environment: deployment |
| 14 | + |
| 15 | + strategy: |
| 16 | + matrix: |
| 17 | + os: [macos-latest, ubuntu-latest, windows-latest] |
| 18 | + |
| 19 | + steps: |
| 20 | + - name: setup dependencies |
| 21 | + if: startsWith(matrix.os, 'ubuntu') |
| 22 | + run: sudo apt-get update && sudo apt-get install -y libusb-1.0-0-dev libudev-dev libarchive-tools |
| 23 | + |
| 24 | + - name: Check out Git repository |
| 25 | + uses: actions/checkout@v1 |
| 26 | + |
| 27 | + - name: Install Node.js, NPM and Yarn |
| 28 | + uses: actions/setup-node@v1 |
| 29 | + with: |
| 30 | + node-version: 16 |
| 31 | + |
| 32 | + - name: Install deps with big timeout |
| 33 | + run: | |
| 34 | + yarn install --network-timeout 600000 |
| 35 | +
|
| 36 | + - name: Install Snapcraft |
| 37 | + uses: samuelmeuli/action-snapcraft@v2 |
| 38 | + # Only install Snapcraft on Ubuntu |
| 39 | + if: startsWith(matrix.os, 'ubuntu') |
| 40 | + |
| 41 | + # - name: Install AzureSignTool |
| 42 | + # # Only install Azure Sign Tool on Windows |
| 43 | + # if: startsWith(matrix.os, 'windows') |
| 44 | + # run: dotnet tool install --global AzureSignTool |
| 45 | + |
| 46 | + - name: Extract current branch name |
| 47 | + shell: bash |
| 48 | + run: echo "##[set-output name=branch;]$(echo ${GITHUB_REF#refs/heads/})" |
| 49 | + id: extract_branch |
| 50 | + |
| 51 | + - name: Get name & version from package.json |
| 52 | + shell: bash |
| 53 | + run: | |
| 54 | + echo "##[set-output name=name;]$(node -p -e '`${require("./package.json").name}`')" |
| 55 | + echo "##[set-output name=version;]$(node -p -e '`${require("./package.json").version}`')" |
| 56 | + id: package_json |
| 57 | + |
| 58 | + - name: Log release reference |
| 59 | + run: | |
| 60 | + echo "********* START RELEASE REF **********" |
| 61 | + echo ${{ github.ref }} |
| 62 | + echo branch: ${{ steps.extract_branch.outputs.branch }} |
| 63 | + echo name: ${{ steps.package_json.outputs.name }} |
| 64 | + echo version: ${{ steps.package_json.outputs.version }} |
| 65 | + echo "********* END RELEASE REF ************" |
| 66 | +
|
| 67 | + - name: Prepare for app notarization (MacOS) |
| 68 | + if: startsWith(matrix.os, 'macos') |
| 69 | + # Import Apple API key for app notarization on macOS |
| 70 | + run: | |
| 71 | + mkdir -p ~/private_keys/ |
| 72 | + echo '${{ secrets.mac_api_key }}' > ~/private_keys/AuthKey_${{ secrets.mac_api_key_id }}.p8 |
| 73 | +
|
| 74 | + - name: Build/release Electron app (MacOS, Ubuntu, Windows) |
| 75 | + uses: samuelmeuli/action-electron-builder@v1 |
| 76 | + # if: startsWith(matrix.os, 'macos') || startsWith(matrix.os, 'ubuntu') |
| 77 | + with: |
| 78 | + |
| 79 | + build_script_name: electron:pre-build |
| 80 | + |
| 81 | + # GitHub token, automatically provided to the action |
| 82 | + # (No need to define this secret in the repo settings) |
| 83 | + github_token: ${{ secrets.github_token }} |
| 84 | + |
| 85 | + # When a push is done to master, the action builds binaries for all OS and they are then released directly |
| 86 | + release: ${{ steps.extract_branch.outputs.branch == 'master' }} |
| 87 | + |
| 88 | + mac_certs: ${{ secrets.mac_certs }} |
| 89 | + mac_certs_password: ${{ secrets.mac_certs_password }} |
| 90 | + |
| 91 | + env: |
| 92 | + # macOS notarization API key |
| 93 | + API_KEY_ID: ${{ secrets.mac_api_key_id }} |
| 94 | + API_KEY_ISSUER_ID: ${{ secrets.mac_api_key_issuer_id }} |
| 95 | + # Login to Snap Store |
| 96 | + SNAPCRAFT_STORE_CREDENTIALS: ${{ secrets.SNAPCRAFT_TOKEN }} |
| 97 | + |
| 98 | + # - name: Build Electron app (Windows) |
| 99 | + # if: startsWith(matrix.os, 'windows') |
| 100 | + # run: | |
| 101 | + # yarn run electron:build |
| 102 | + |
| 103 | + # - name: Sign built binary (Windows) |
| 104 | + # if: startsWith(matrix.os, 'windows') |
| 105 | + # # Instead of pointing to a specific .exe, uses a PowerShell script which iterates through all the files stored in dist folder. |
| 106 | + # # If the file has the .exe extension, then it will use the AzureSignTool command to sign it. |
| 107 | + # run: | |
| 108 | + # cd dist; Get-ChildItem -recurse -Include **.exe | ForEach-Object { |
| 109 | + # $exePath = $_.FullName |
| 110 | + # & AzureSignTool sign -kvu "${{ secrets.azure_key_vault_url }}" -kvi "${{ secrets.azure_key_vault_client_id }}" -kvt "${{ secrets.azure_key_vault_tenant_id }}" -kvs "${{ secrets.azure_key_vault_client_secret }}" -kvc "${{ secrets.azure_key_vault_name }}" -tr http://timestamp.digicert.com -v $exePath |
| 111 | + # }; cd .. |
| 112 | + |
| 113 | + # - name: Cleanup artifacts (Windows) |
| 114 | + # if: startsWith(matrix.os, 'windows') |
| 115 | + # run: | |
| 116 | + # mkdir dist/temp; Move-Item -Path dist/*.exe, dist/*.blockmap, dist/latest.yml -Destination dist/temp |
| 117 | + # npx rimraf "dist/!(temp)" |
| 118 | + # npx rimraf "dist/.icon-ico" |
| 119 | + # mv dist/temp/* dist |
| 120 | + # npx rimraf "dist/temp" |
| 121 | + |
| 122 | + # - name: Upload artifacts (Windows) |
| 123 | + # uses: actions/upload-artifact@v2 |
| 124 | + # if: startsWith(matrix.os, 'windows') |
| 125 | + # with: |
| 126 | + # name: ${{ matrix.os }} |
| 127 | + # path: dist |
| 128 | + |
| 129 | + # - name: Release Electron app (Windows) |
| 130 | + # uses: softprops/action-gh-release@v1 |
| 131 | + # if: startsWith(matrix.os, 'windows') |
| 132 | + # with: |
| 133 | + # draft: true |
| 134 | + # tag_name: v${{ steps.package_json.outputs.version }} |
| 135 | + # files: "dist/**" |
| 136 | + # env: |
| 137 | + # GITHUB_TOKEN: ${{ secrets.github_token }} |
0 commit comments