Skip to content

Commit

Permalink
Add windows code sign to CI
Browse files Browse the repository at this point in the history
  • Loading branch information
@hiento09 @jan-service-account
hiento09 authored and jan-service-account committed Nov 24, 2023
1 parent 20a5c79 commit 2be3d82
Show file tree
Hide file tree
Showing 2 changed files with 173 additions and 90 deletions.
255 changes: 173 additions & 82 deletions .github/workflows/jan-electron-build.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,60 +5,92 @@ on:
tags: ["v[0-9]+.[0-9]+.[0-9]+"]

jobs:
build-macos:
runs-on: macos-latest
environment: production
create-draft-release:
runs-on: ubuntu-latest
if: github.event_name == 'push' && startsWith(github.ref, 'refs/tags/')
outputs:
upload_url: ${{ steps.create_release.outputs.upload_url }}
version: ${{ steps.get_version.outputs.version }}
permissions:
contents: write
steps:
- name: Getting the repo
uses: actions/checkout@v3

- name: Installing node
uses: actions/setup-node@v1
with:
node-version: 20

- name: Install jq
uses: dcarbone/[email protected]

- name: Get tag
id: tag
uses: dawidd6/action-get-tag@v1

- name: Update app version base on tag
run: |
make update-app-version
- name: Extract tag name without v prefix
id: get_version
run: echo "VERSION=${GITHUB_REF#refs/tags/v}" >> $GITHUB_ENV && echo "::set-output name=version::${GITHUB_REF#refs/tags/v}"
env:
VERSION_TAG: ${{ steps.tag.outputs.tag }}

- name: Get Cer for code signing
run: base64 -d <<< "$CODE_SIGN_P12_BASE64" > /tmp/codesign.p12
shell: bash
GITHUB_REF: ${{ github.ref }}
- name: Create Draft Release
id: create_release
uses: actions/create-release@v1
env:
CODE_SIGN_P12_BASE64: ${{ secrets.CODE_SIGN_P12_BASE64 }}

- uses: apple-actions/import-codesign-certs@v2
continue-on-error: true
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
p12-file-base64: ${{ secrets.CODE_SIGN_P12_BASE64 }}
p12-password: ${{ secrets.CODE_SIGN_P12_PASSWORD }}

- name: Build and publish app
run: |
make build-and-publish
env:
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
CSC_LINK: "/tmp/codesign.p12"
CSC_KEY_PASSWORD: ${{ secrets.CODE_SIGN_P12_PASSWORD }}
CSC_IDENTITY_AUTO_DISCOVERY: "true"
APPLE_ID: ${{ secrets.APPLE_ID }}
APPLE_APP_SPECIFIC_PASSWORD: ${{ secrets.APPLE_APP_SPECIFIC_PASSWORD }}
APP_PATH: "."
DEVELOPER_ID: ${{ secrets.DEVELOPER_ID }}
tag_name: ${{ github.ref_name }}
release_name: "${{ env.VERSION }}"
draft: true
prerelease: false

# build-macos:
# runs-on: macos-latest
# needs: create-draft-release
# environment: production
# permissions:
# contents: write
# steps:
# - name: Getting the repo
# uses: actions/checkout@v3

# - name: Installing node
# uses: actions/setup-node@v1
# with:
# node-version: 20

# - name: Install jq
# uses: dcarbone/[email protected]

# - name: Get tag
# id: tag
# uses: dawidd6/action-get-tag@v1

# - name: Update app version base on tag
# run: |
# if [[ ! "${VERSION_TAG}" =~ ^v[0-9]+\.[0-9]+\.[0-9]+$ ]]; then
# echo "Error: Tag is not valid!"
# exit 1
# fi
# jq --arg version "${VERSION_TAG#v}" '.version = $version' electron/package.json > /tmp/package.json
# mv /tmp/package.json electron/package.json
# env:
# VERSION_TAG: ${{ steps.tag.outputs.tag }}

# - name: Get Cer for code signing
# run: base64 -d <<< "$CODE_SIGN_P12_BASE64" > /tmp/codesign.p12
# shell: bash
# env:
# CODE_SIGN_P12_BASE64: ${{ secrets.CODE_SIGN_P12_BASE64 }}

# - uses: apple-actions/import-codesign-certs@v2
# continue-on-error: true
# with:
# p12-file-base64: ${{ secrets.CODE_SIGN_P12_BASE64 }}
# p12-password: ${{ secrets.CODE_SIGN_P12_PASSWORD }}

# - name: Build and publish app
# run: |
# make build-and-publish
# env:
# GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
# CSC_LINK: "/tmp/codesign.p12"
# CSC_KEY_PASSWORD: ${{ secrets.CODE_SIGN_P12_PASSWORD }}
# CSC_IDENTITY_AUTO_DISCOVERY: "true"
# APPLE_ID: ${{ secrets.APPLE_ID }}
# APPLE_APP_SPECIFIC_PASSWORD: ${{ secrets.APPLE_APP_SPECIFIC_PASSWORD }}
# APP_PATH: "."
# DEVELOPER_ID: ${{ secrets.DEVELOPER_ID }}

build-windows-x64:
runs-on: windows-latest
needs: create-draft-release
permissions:
contents: write
steps:
Expand All @@ -80,56 +112,115 @@ jobs:
- name: Update app version base on tag
shell: bash
run: |
make update-app-version
if [[ ! "${VERSION_TAG}" =~ ^v[0-9]+\.[0-9]+\.[0-9]+$ ]]; then
echo "Error: Tag is not valid!"
exit 1
fi
jq --arg version "${VERSION_TAG#v}" '.version = $version' electron/package.json > /tmp/package.json
mv /tmp/package.json electron/package.json
env:
VERSION_TAG: ${{ steps.tag.outputs.tag }}

- name: Build and publish app
- name: Build uikit
run: |
make build-and-publish
env:
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
cd uikit
yarn config set network-timeout 300000
yarn install
yarn build
build-linux-x64:
runs-on: ubuntu-latest
environment: production
env:
SNAPCRAFT_STORE_CREDENTIALS: ${{ secrets.SNAPCRAFT_TOKEN }}
permissions:
contents: write
steps:
- name: Getting the repo
uses: actions/checkout@v3
- name: Install yarn dependencies
shell: powershell
run: |
yarn config set network-timeout 300000
yarn build:core
yarn install
$env:NITRO_VERSION = Get-Content .\plugins\inference-plugin\nitro\version.txt; echo $env:NITRO_VERSION
yarn build:plugins
yarn build
- name: Windows Code Sign with AzureSignTool
run: |
dotnet tool install --global AzureSignTool
cd ./electron/dist
azuresigntool.exe sign -kvu "${{ secrets.AZURE_KEY_VAULT_URI }}" -kvi "${{ secrets.AZURE_CLIENT_ID }}" -kvt "${{ secrets.AZURE_TENANT_ID }}" -kvs "${{ secrets.AZURE_CLIENT_SECRET }}" -kvc ${{ secrets.AZURE_CERT_NAME }} -tr http://timestamp.globalsign.com -v "jan-win-x64-${{ needs.create-draft-release.outputs.version }}.exe"
- name: Installing node
uses: actions/setup-node@v1
- uses: actions/[email protected]
if: github.event_name == 'push' && startsWith(github.ref, 'refs/tags/')
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
node-version: 20

- name: Install jq
uses: dcarbone/[email protected]

- name: Install Snapcraft
uses: samuelmeuli/action-snapcraft@v2
upload_url: ${{ needs.create-draft-release.outputs.upload_url }}
asset_path: ./electron/dist/jan-win-x64-${{ needs.create-draft-release.outputs.version }}.exe
asset_name: jan-win-x64-${{ needs.create-draft-release.outputs.version }}.exe
asset_content_type: application/octet-stream

- name: Get tag
id: tag
uses: dawidd6/action-get-tag@v1

- name: Update app version base on tag
run: |
make update-app-version
- uses: actions/[email protected]
if: github.event_name == 'push' && startsWith(github.ref, 'refs/tags/')
env:
VERSION_TAG: ${{ steps.tag.outputs.tag }}
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
upload_url: ${{ needs.create-draft-release.outputs.upload_url }}
asset_path: ./electron/dist/jan-win-x64-${{ needs.create-draft-release.outputs.version }}.exe.blockmap
asset_name: jan-win-x64-${{ needs.create-draft-release.outputs.version }}.exe.blockmap
asset_content_type: text/xml

- name: Build and publish app
run: |
make build-and-publish
- uses: actions/[email protected]
if: github.event_name == 'push' && startsWith(github.ref, 'refs/tags/')
env:
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
upload_url: ${{ needs.create-draft-release.outputs.upload_url }}
asset_path: ./electron/dist/latest.yml
asset_name: latest.yml
asset_content_type: text/yaml

# build-linux-x64:
# runs-on: ubuntu-latest
# needs: create-draft-release
# environment: production
# env:
# SNAPCRAFT_STORE_CREDENTIALS: ${{ secrets.SNAPCRAFT_TOKEN }}
# permissions:
# contents: write
# steps:
# - name: Getting the repo
# uses: actions/checkout@v3

# - name: Installing node
# uses: actions/setup-node@v1
# with:
# node-version: 20

# - name: Install jq
# uses: dcarbone/[email protected]

# - name: Install Snapcraft
# uses: samuelmeuli/action-snapcraft@v2

# - name: Get tag
# id: tag
# uses: dawidd6/action-get-tag@v1

# - name: Update app version base on tag
# run: |
# if [[ ! "${VERSION_TAG}" =~ ^v[0-9]+\.[0-9]+\.[0-9]+$ ]]; then
# echo "Error: Tag is not valid!"
# exit 1
# fi
# jq --arg version "${VERSION_TAG#v}" '.version = $version' electron/package.json > /tmp/package.json
# mv /tmp/package.json electron/package.json
# env:
# VERSION_TAG: ${{ steps.tag.outputs.tag }}

# - name: Build and publish app
# run: |
# make build-and-publish
# env:
# GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}

update_release_draft:
needs: [build-macos, build-windows-x64, build-linux-x64]
# needs: [build-macos, build-windows-x64, build-linux-x64, create-draft-release]
needs: [build-windows-x64, create-draft-release]
permissions:
# write permission is required to create a github release
contents: write
Expand Down
8 changes: 0 additions & 8 deletions Makefile
View file
Original file line number Diff line number Diff line change
Expand Up @@ -11,14 +11,6 @@ ifeq ($(OS),Windows_NT)
else
cd uikit && yarn install && yarn build
endif
# Updates the app version based on the tag
update-app-version:
if [[ ! "${VERSION_TAG}" =~ ^v[0-9]+\.[0-9]+\.[0-9]+$ ]]; then \
echo "Error: Tag is not valid!"; \
exit 1; \
fi
jq --arg version "${VERSION_TAG#v}" '.version = $version' electron/package.json > /tmp/package.json
mv /tmp/package.json electron/package.json

# Installs yarn dependencies and builds core and plugins
install-and-build: build-uikit
Expand Down

0 comments on commit 2be3d82

Please sign in to comment.