refactor: remove temp files on startup #2199
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: build | |
on: | |
pull_request: | |
branches: | |
- main | |
push: | |
branches: | |
- "**" | |
paths-ignore: | |
- "**.md" | |
jobs: | |
skip_duplicates: | |
name: Skip Duplicate Runs | |
runs-on: ubuntu-latest | |
outputs: | |
should_skip: ${{ steps.skip_check.outputs.should_skip }} | |
steps: | |
- id: skip_check | |
uses: fkirc/skip-duplicate-actions@master | |
with: | |
concurrent_skipping: "same_content" | |
do_not_skip: '["push", "workflow_dispatch", "schedule"]' | |
build: | |
needs: skip_duplicates | |
if: ${{ needs.skip_duplicates.outputs.should_skip != 'true' }} | |
name: Test on node ${{ matrix.node-version }} and ${{ matrix.os }} | |
runs-on: ${{ matrix.os }} | |
strategy: | |
fail-fast: false | |
matrix: | |
node-version: [18.x] | |
python: ["3.11"] | |
os: [ubuntu-latest, windows-latest, macOS-latest] | |
steps: | |
- name: Use Python ${{ matrix.python }} | |
uses: actions/setup-python@v4 | |
with: | |
python-version: ${{ matrix.python }} | |
- name: Check out Git repository | |
uses: actions/checkout@v4 | |
- name: Install Node.js and yarn | |
uses: actions/setup-node@v3 | |
with: | |
node-version: ${{ matrix.node-version }} | |
cache: yarn | |
- name: Cache node modules | |
uses: actions/cache@v3 | |
id: cache | |
with: | |
path: node_modules | |
key: ${{ runner.OS }}-build-${{ secrets.CACHE_CONTROL }}-${{ hashFiles('**/yarn.lock') }} | |
restore-keys: | | |
${{ runner.OS }}-build-${{ secrets.CACHE_CONTROL }}-${{ env.cache-name }}- | |
${{ runner.OS }}-build-${{ secrets.CACHE_CONTROL }} | |
- name: Install dependencies | |
run: | | |
yarn install | |
- name: Cache CodeSignTool | |
if: matrix.os == 'windows-latest' | |
uses: actions/cache@v3 | |
with: | |
path: | | |
./CodeSignTool/ | |
key: ${{ runner.os }}-${{ secrets.CACHE_CONTROL }} | |
- name: Download CodeSignTool | |
env: | |
ES_USERNAME: ${{ secrets.ES_USERNAME }} | |
if: matrix.os == 'windows-latest' && env.ES_USERNAME != null | |
working-directory: ${{ github.workspace }} | |
shell: powershell | |
run: | | |
if (!(Test-Path ".\CodeSignTool\CodeSignTool.bat" -PathType Leaf)) { | |
mkdir CodeSignTool | |
cd .\CodeSignTool | |
Invoke-WebRequest -Uri https://www.ssl.com/download/codesigntool-for-windows/ -UseBasicParsing -OutFile ".\CodeSignTool.zip" | |
7z x CodeSignTool.zip | |
Remove-Item CodeSignTool.zip | |
} | |
- name: Load Windows signing secrets | |
env: | |
ES_USERNAME: ${{ secrets.ES_USERNAME }} | |
FROM_FORK: ${{ github.event_name == 'pull_request' }} # pull request events from our repo are skipped in favor of push events | |
if: matrix.os == 'windows-latest' && (env.ES_USERNAME != null || github.event_name == 'pull_request') | |
shell: bash | |
run: | | |
msg="$(git log -1 --no-merges --pretty=%B | head -n 1)" | |
if [[ "$FROM_FORK" = "true" ]] || [[ ! "$msg" =~ ^release:.* ]]; | |
then | |
echo "not a release, skipping code signing" | |
exit 0; | |
fi | |
echo "SLIPPI_ENABLE_SIGNING=yes" >> $GITHUB_ENV | |
echo "ES_USERNAME=${{ secrets.ES_USERNAME }}" >> $GITHUB_ENV | |
echo "ES_PASSWORD=${{ secrets.ES_PASSWORD }}" >> $GITHUB_ENV | |
echo "ES_CREDENTIAL_ID=${{ secrets.ES_CREDENTIAL_ID }}" >> $GITHUB_ENV | |
echo "ES_TOTP_SECRET=${{ secrets.ES_TOTP_SECRET }}" >> $GITHUB_ENV | |
echo "CSC_LINK=${{ secrets.CERTIFICATE_WINDOWS_APPLICATION }}" >> $GITHUB_ENV | |
echo "CSC_KEY_PASSWORD=${{ secrets.CERTIFICATE_WINDOWS_PASSWORD }}" >> $GITHUB_ENV | |
echo "signing enabled and secrets loaded" | |
- name: Load macOS signing certificates and secrets | |
if: matrix.os == 'macOS-latest' && env.CERTIFICATE_MACOS_PASSWORD != null | |
run: | | |
chmod +x .erb/scripts/load-macos-certs-ci.sh && ./.erb/scripts/load-macos-certs-ci.sh | |
mkdir -p ~/private_keys/ | |
echo "SLIPPI_ENABLE_SIGNING=yes" >> $GITHUB_ENV | |
echo '${{ secrets.APPLE_CONNECT_API_KEY }}' > ~/private_keys/AuthKey_${{ secrets.APPLE_API_KEY_ID }}.p8 | |
echo "CSC_LINK=${{ secrets.CERTIFICATE_MACOS_APPLICATION }}" >> $GITHUB_ENV | |
echo "CSC_KEY_PASSWORD=${{ secrets.CERTIFICATE_MACOS_PASSWORD }}" >> $GITHUB_ENV | |
echo "APPLE_API_KEY=${{ secrets.APPLE_API_KEY_ID }}" >> $GITHUB_ENV | |
echo "APPLE_API_KEY_ID=${{ secrets.APPLE_API_KEY_ID }}" >> $GITHUB_ENV | |
echo "APPLE_ISSUER_ID=${{ secrets.APPLE_ISSUER_ID }}" >> $GITHUB_ENV | |
echo "APPLE_TEAM_PROVIDER_ID=${{ secrets.APPLE_TEAM_PROVIDER_ID }}" >> $GITHUB_ENV | |
env: | |
CERTIFICATE_MACOS_APPLICATION: ${{ secrets.CERTIFICATE_MACOS_APPLICATION }} | |
CERTIFICATE_MACOS_PASSWORD: ${{ secrets.CERTIFICATE_MACOS_PASSWORD }} | |
- name: Build App | |
shell: bash | |
working-directory: ${{ github.workspace }} | |
run: | | |
echo ${{ secrets.ENVFILE }} > .env | |
yarn run package | |
env: | |
NODE_OPTIONS: "--max-old-space-size=8192" | |
USE_HARD_LINKS: false # because of https://github.com/electron-userland/electron-builder/issues/3179 | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
CODESIGNTOOL_PATH: "${{ github.workspace }}/CodeSignTool" | |
- name: Run tests | |
if: matrix.os == 'ubuntu-latest' | |
run: | | |
yarn run typecheck | |
yarn run test | |
- name: Lint | |
if: matrix.os == 'ubuntu-latest' | |
run: | | |
yarn run lint | |
- name: Prepare artifacts | |
shell: bash | |
env: | |
FROM_FORK: ${{ github.event_name == 'pull_request' }} # pull request events from our repo are skipped in favor of push events | |
run: | | |
msg="$(git log -1 --no-merges --pretty=%B | head -n 1)" | |
if [[ "$FROM_FORK" = "true" ]] || [[ ! "$msg" =~ ^release:.* ]]; | |
then | |
rm release/build/*-mac.zip || true; | |
fi | |
mkdir artifacts | |
mv release/build/{*.exe*,*.deb,*.AppImage,*.dmg*,*.zip,*.yml} artifacts || true | |
- name: Upload artifacts | |
uses: actions/upload-artifact@v3 | |
with: | |
name: ${{matrix.os}} | |
path: artifacts |