-
Notifications
You must be signed in to change notification settings - Fork 127
160 lines (149 loc) · 6.12 KB
/
build.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
name: build
on:
pull_request:
branches:
- main
push:
branches:
- "**"
paths-ignore:
- "**.md"
jobs:
skip_duplicates:
name: Skip Duplicate Runs
runs-on: ubuntu-latest
outputs:
should_skip: ${{ steps.skip_check.outputs.should_skip }}
steps:
- id: skip_check
uses: fkirc/skip-duplicate-actions@master
with:
concurrent_skipping: "same_content"
do_not_skip: '["push", "workflow_dispatch", "schedule"]'
build:
needs: skip_duplicates
if: ${{ needs.skip_duplicates.outputs.should_skip != 'true' }}
name: Test on node ${{ matrix.node-version }} and ${{ matrix.os }}
runs-on: ${{ matrix.os }}
strategy:
fail-fast: false
matrix:
node-version: [18.x]
python: ["3.11"]
os: [ubuntu-latest, windows-latest, macOS-latest]
steps:
- name: Use Python ${{ matrix.python }}
uses: actions/setup-python@v4
with:
python-version: ${{ matrix.python }}
- name: Check out Git repository
uses: actions/checkout@v4
- name: Install Node.js and yarn
uses: actions/setup-node@v3
with:
node-version: ${{ matrix.node-version }}
cache: yarn
- name: Cache node modules
uses: actions/cache@v3
id: cache
with:
path: node_modules
key: ${{ runner.OS }}-build-${{ secrets.CACHE_CONTROL }}-${{ hashFiles('**/yarn.lock') }}
restore-keys: |
${{ runner.OS }}-build-${{ secrets.CACHE_CONTROL }}-${{ env.cache-name }}-
${{ runner.OS }}-build-${{ secrets.CACHE_CONTROL }}
- name: Install dependencies
run: |
yarn install
- name: Cache CodeSignTool
if: matrix.os == 'windows-latest'
uses: actions/cache@v3
with:
path: |
./CodeSignTool/
key: ${{ runner.os }}-${{ secrets.CACHE_CONTROL }}
- name: Download CodeSignTool
env:
ES_USERNAME: ${{ secrets.ES_USERNAME }}
if: matrix.os == 'windows-latest' && env.ES_USERNAME != null
working-directory: ${{ github.workspace }}
shell: powershell
run: |
if (!(Test-Path ".\CodeSignTool\CodeSignTool.bat" -PathType Leaf)) {
Invoke-WebRequest -Uri https://www.ssl.com/download/codesigntool-for-windows/ -UseBasicParsing -OutFile ".\CodeSignTool.zip"
7z x CodeSignTool.zip
Remove-Item CodeSignTool.zip
Get-ChildItem -Path . | Where-Object { $_.Name -like "CodeSignTool*" } | %{ Rename-Item -LiteralPath $_.FullName -NewName "CodeSignTool" }
}
- name: Load Windows signing secrets
env:
ES_USERNAME: ${{ secrets.ES_USERNAME }}
FROM_FORK: ${{ github.event_name == 'pull_request' }} # pull request events from our repo are skipped in favor of push events
if: matrix.os == 'windows-latest' && (env.ES_USERNAME != null || github.event_name == 'pull_request')
shell: bash
run: |
msg="$(git log -1 --no-merges --pretty=%B | head -n 1)"
if [[ "$FROM_FORK" = "true" ]] || [[ ! "$msg" =~ ^release:.* ]];
then
echo "not a release, skipping code signing"
exit 0;
fi
echo "SLIPPI_ENABLE_SIGNING=yes" >> $GITHUB_ENV
echo "ES_USERNAME=${{ secrets.ES_USERNAME }}" >> $GITHUB_ENV
echo "ES_PASSWORD=${{ secrets.ES_PASSWORD }}" >> $GITHUB_ENV
echo "ES_CREDENTIAL_ID=${{ secrets.ES_CREDENTIAL_ID }}" >> $GITHUB_ENV
echo "ES_TOTP_SECRET=${{ secrets.ES_TOTP_SECRET }}" >> $GITHUB_ENV
echo "CSC_LINK=${{ secrets.CERTIFICATE_WINDOWS_APPLICATION }}" >> $GITHUB_ENV
echo "CSC_KEY_PASSWORD=${{ secrets.CERTIFICATE_WINDOWS_PASSWORD }}" >> $GITHUB_ENV
echo "signing enabled and secrets loaded"
- name: Load macOS signing certificates and secrets
if: matrix.os == 'macOS-latest' && env.CERTIFICATE_MACOS_PASSWORD != null
run: |
chmod +x .erb/scripts/load-macos-certs-ci.sh && ./.erb/scripts/load-macos-certs-ci.sh
mkdir -p ~/private_keys/
echo "SLIPPI_ENABLE_SIGNING=yes" >> $GITHUB_ENV
echo '${{ secrets.APPLE_CONNECT_API_KEY }}' > ~/private_keys/AuthKey_${{ secrets.APPLE_API_KEY_ID }}.p8
echo "CSC_LINK=${{ secrets.CERTIFICATE_MACOS_APPLICATION }}" >> $GITHUB_ENV
echo "CSC_KEY_PASSWORD=${{ secrets.CERTIFICATE_MACOS_PASSWORD }}" >> $GITHUB_ENV
echo "APPLE_API_KEY=${{ secrets.APPLE_API_KEY_ID }}" >> $GITHUB_ENV
echo "APPLE_API_KEY_ID=${{ secrets.APPLE_API_KEY_ID }}" >> $GITHUB_ENV
echo "APPLE_ISSUER_ID=${{ secrets.APPLE_ISSUER_ID }}" >> $GITHUB_ENV
echo "APPLE_TEAM_PROVIDER_ID=${{ secrets.APPLE_TEAM_PROVIDER_ID }}" >> $GITHUB_ENV
env:
CERTIFICATE_MACOS_APPLICATION: ${{ secrets.CERTIFICATE_MACOS_APPLICATION }}
CERTIFICATE_MACOS_PASSWORD: ${{ secrets.CERTIFICATE_MACOS_PASSWORD }}
- name: Build App
shell: bash
working-directory: ${{ github.workspace }}
run: |
echo ${{ secrets.ENVFILE }} > .env
yarn run package
env:
NODE_OPTIONS: "--max-old-space-size=8192"
USE_HARD_LINKS: false # because of https://github.com/electron-userland/electron-builder/issues/3179
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
CODESIGNTOOL_PATH: "${{ github.workspace }}/CodeSignTool"
- name: Run tests
if: matrix.os == 'ubuntu-latest'
run: |
yarn run typecheck
yarn run test
- name: Lint
if: matrix.os == 'ubuntu-latest'
run: |
yarn run lint
- name: Prepare artifacts
shell: bash
run: |
msg="$(git log -1 --no-merges --pretty=%B)"
if [[ ! "$msg" =~ "^release.*" ]];
then
rm release/build/*-mac.zip || true;
fi
mkdir artifacts
mv release/build/{*.exe*,*.deb,*.AppImage,*.dmg*,*.zip,*.yml} artifacts || true
- name: Upload artifacts
uses: actions/upload-artifact@v3
with:
name: ${{matrix.os}}
path: artifacts