.github/workflows/ci.yaml

name: ci

on:
  workflow_dispatch:
  push:
    branches:
      - main

permissions:
  contents: write
  pull-requests: write

jobs:
  test-macos:
    runs-on:
      - self-hosted
      - x64
      - macos
      - sp53
    steps:
      - uses: actions/checkout@v4

      - name: Debugging 1
        run: pwd && ls -la
        working-directory: src

      - name: Setup node
        uses: actions/setup-node@v4
        with:
          node-version: lts/*

      - name: Install dependencies
        run: |
          pwd 
          cd src
          npm ci --include=dev --include=prod

      - name: Debugging 2
        run: |
          pwd
          ls -la
          node --version
          git version
        working-directory: src

      - name: Run browser tests
        run: npm run test browser -- -i
        working-directory: src
        env:
          BSI_LOG_LEVEL: "info"
          BSI_CONTENT_LIBRARY: "abc 123"
          BSI_HOST: ${{ secrets.BSI_HOST }}
          BSI_PREFIX: ${{ secrets.BSI_PREFIX }}
          BSI_APP_ID: "a3e0f5d2-000a-464f-998d-33d333b175d7"
          BSI_LOGON_USER_DIR: ${{ secrets.BSI_LOGON_USER_DIR }}
          BSI_LOGON_USER_ID: ${{ secrets.BSI_LOGON_USER_ID }}
          BSI_LOGON_PWD: ${{ secrets.BSI_LOGON_PWD }}
          BSI_TEST_TIMEOUT: ${{ secrets.BSI_TEST_TIMEOUT }}
          BSI_CERT_FILE: ${{ secrets.BSI_MAC_CERT_FILE }}
          BSI_CERT_KEY_FILE: ${{ secrets.BSI_MAC_CERT_KEY_FILE }}
          BSI_INCLUDE_SHEET_PART: ${{ secrets.BSI_INCLUDE_SHEET_PART }}
          BSI_SENSE_VERSION: ${{ secrets.BSI_SENSE_VERSION }}
          BSI_CLOUD_TENANT_URL: ${{ secrets.BSI_CLOUD_TENANT_URL }}
          BSI_CLOUD_API_KEY: ${{ secrets.BSI_CLOUD_API_KEY }}
          BSI_CLOUD_LOGON_USERID: ${{ secrets.BSI_CLOUD_LOGON_USERID }}
          BSI_CLOUD_LOGON_PWD: ${{ secrets.BSI_CLOUD_LOGON_PWD }}
          BSI_CLOUD_APP_ID: ${{ secrets.BSI_CLOUD_APP_ID }}
          BSI_CLOUD_COLLECTION_ID: ${{ secrets.BSI_CLOUD_COLLECTION_ID }}

      - name: Run QS cloud tests
        run: npm run test cloud -- -i
        working-directory: src
        env:
          BSI_LOG_LEVEL: "info"
          BSI_CONTENT_LIBRARY: "abc 123"
          BSI_HOST: ${{ secrets.BSI_HOST }}
          BSI_PREFIX: ${{ secrets.BSI_PREFIX }}
          BSI_APP_ID: "a3e0f5d2-000a-464f-998d-33d333b175d7"
          BSI_LOGON_USER_DIR: ${{ secrets.BSI_LOGON_USER_DIR }}
          BSI_LOGON_USER_ID: ${{ secrets.BSI_LOGON_USER_ID }}
          BSI_LOGON_PWD: ${{ secrets.BSI_LOGON_PWD }}
          BSI_TEST_TIMEOUT: ${{ secrets.BSI_TEST_TIMEOUT }}
          BSI_CERT_FILE: ${{ secrets.BSI_MAC_CERT_FILE }}
          BSI_CERT_KEY_FILE: ${{ secrets.BSI_MAC_CERT_KEY_FILE }}
          BSI_INCLUDE_SHEET_PART: ${{ secrets.BSI_INCLUDE_SHEET_PART }}
          BSI_SENSE_VERSION: ${{ secrets.BSI_SENSE_VERSION }}
          BSI_CLOUD_TENANT_URL: ${{ secrets.BSI_CLOUD_TENANT_URL }}
          BSI_CLOUD_API_KEY: ${{ secrets.BSI_CLOUD_API_KEY }}
          BSI_CLOUD_LOGON_USERID: ${{ secrets.BSI_CLOUD_LOGON_USERID }}
          BSI_CLOUD_LOGON_PWD: ${{ secrets.BSI_CLOUD_LOGON_PWD }}
          BSI_CLOUD_APP_ID: ${{ secrets.BSI_CLOUD_APP_ID }}
          BSI_CLOUD_COLLECTION_ID: ${{ secrets.BSI_CLOUD_COLLECTION_ID }}

      - name: Run QSEoW tests
        run: npm run test qseow -- -i
        working-directory: src
        env:
          BSI_LOG_LEVEL: "info"
          BSI_CONTENT_LIBRARY: "abc 123"
          BSI_HOST: ${{ secrets.BSI_HOST }}
          BSI_PREFIX: ${{ secrets.BSI_PREFIX }}
          BSI_APP_ID: "a3e0f5d2-000a-464f-998d-33d333b175d7"
          BSI_LOGON_USER_DIR: ${{ secrets.BSI_LOGON_USER_DIR }}
          BSI_LOGON_USER_ID: ${{ secrets.BSI_LOGON_USER_ID }}
          BSI_LOGON_PWD: ${{ secrets.BSI_LOGON_PWD }}
          BSI_TEST_TIMEOUT: ${{ secrets.BSI_TEST_TIMEOUT }}
          BSI_CERT_FILE: ${{ secrets.BSI_MAC_CERT_FILE }}
          BSI_CERT_KEY_FILE: ${{ secrets.BSI_MAC_CERT_KEY_FILE }}
          BSI_INCLUDE_SHEET_PART: ${{ secrets.BSI_INCLUDE_SHEET_PART }}
          BSI_SENSE_VERSION: ${{ secrets.BSI_SENSE_VERSION }}
          BSI_CLOUD_TENANT_URL: ${{ secrets.BSI_CLOUD_TENANT_URL }}
          BSI_CLOUD_API_KEY: ${{ secrets.BSI_CLOUD_API_KEY }}
          BSI_CLOUD_LOGON_USERID: ${{ secrets.BSI_CLOUD_LOGON_USERID }}
          BSI_CLOUD_LOGON_PWD: ${{ secrets.BSI_CLOUD_LOGON_PWD }}
          BSI_CLOUD_APP_ID: ${{ secrets.BSI_CLOUD_APP_ID }}
          BSI_CLOUD_COLLECTION_ID: ${{ secrets.BSI_CLOUD_COLLECTION_ID }}


      # - name: Send job status to MQTT (starting job)
      #   uses: potaesm/github-actions-mqtt-request@1.0.0
      #   if: always()
      #   env:
      #     JOB_CONCLUSION: ${{ job.status }}
      #     NODE_VERSION: ${{ matrix.node }}
      #   with:
      #     url: mqtt://${{ secrets.MQTT_ONPREM_BROKER_IP_PORT }}
      #     topic: control/sp53/mac-build1/action-runner
      #     payload: '{ "type":"ci-test", "repo": "${{ github.repository }}", "job": "${{ github.job }}", "workflow": "${{ github.workflow }}", "nodeVersion": "${{ env.NODE_VERSION }}","status": "completed","conclusion":"${{ env.JOB_CONCLUSION }}" }'
      #     connectTimeout: 30000

  test-winsrv:
    needs: 
      - test-macos
    runs-on:
      - self-hosted
      - x64
      - windows
      - sp53
      - win-code-sign
    steps:
      # - name: Send job status to MQTT (starting job)
      #   uses: potaesm/github-actions-mqtt-request@1.0.0
      #   if: always()
      #   env:
      #     JOB_CONCLUSION: ${{ job.status }}
      #     NODE_VERSION: ${{ matrix.node }}
      #   with:
      #     url: mqtt://${{ secrets.MQTT_ONPREM_BROKER_IP_PORT }}
      #     topic: control/sp53/pro2-win2/action-runner
      #     payload: '{ "type":"ci-test", "repo": "${{ github.repository }}", "job": "${{ github.job }}", "workflow": "${{ github.workflow }}", "nodeVersion": "${{ env.NODE_VERSION }}","status": "in_progress","conclusion":"${{ env.JOB_CONCLUSION }}" }'
      #     connectTimeout: 30000

      - uses: actions/checkout@v4

      - name: Debugging 1
        run: dir
        working-directory: src

      - name: Setup node
        uses: actions/setup-node@v4
        with:
          node-version: 23

      - name: Install dependencies
        run: |
          dir
          cd src
          npm ci --include=dev --include=prod

      - name: Debugging 2
        run: |
          dir 
          node --version
          git version
        working-directory: src

      - name: Run browser tests
        run: |
          dir
          cd src
          npm run test browser -- -i
        env:
          BSI_LOG_LEVEL: "info"
          BSI_CONTENT_LIBRARY: "abc 123"
          BSI_HOST: ${{ secrets.BSI_HOST }}
          BSI_PREFIX: ${{ secrets.BSI_PREFIX }}
          BSI_APP_ID: "a3e0f5d2-000a-464f-998d-33d333b175d7"
          BSI_LOGON_USER_DIR: ${{ secrets.BSI_LOGON_USER_DIR }}
          BSI_LOGON_USER_ID: ${{ secrets.BSI_LOGON_USER_ID }}
          BSI_LOGON_PWD: ${{ secrets.BSI_LOGON_PWD }}
          BSI_TEST_TIMEOUT: ${{ secrets.BSI_TEST_TIMEOUT }}
          BSI_CERT_FILE: ${{ secrets.BSI_WIN_CERT_FILE }}
          BSI_CERT_KEY_FILE: ${{ secrets.BSI_WIN_CERT_KEY_FILE }}
          BSI_INCLUDE_SHEET_PART: ${{ secrets.BSI_INCLUDE_SHEET_PART }}
          BSI_SENSE_VERSION: ${{ secrets.BSI_SENSE_VERSION }}
          BSI_CLOUD_TENANT_URL: ${{ secrets.BSI_CLOUD_TENANT_URL }}
          BSI_CLOUD_API_KEY: ${{ secrets.BSI_CLOUD_API_KEY }}
          BSI_CLOUD_LOGON_USERID: ${{ secrets.BSI_CLOUD_LOGON_USERID }}
          BSI_CLOUD_LOGON_PWD: ${{ secrets.BSI_CLOUD_LOGON_PWD }}
          BSI_CLOUD_APP_ID: ${{ secrets.BSI_CLOUD_APP_ID }}
          BSI_CLOUD_COLLECTION_ID: ${{ secrets.BSI_CLOUD_COLLECTION_ID }}

      - name: Run QS cloud tests
        run: |
          dir
          cd src
          npm run test cloud -- -i
        env:
          BSI_LOG_LEVEL: "info"
          BSI_CONTENT_LIBRARY: "abc 123"
          BSI_HOST: ${{ secrets.BSI_HOST }}
          BSI_PREFIX: ${{ secrets.BSI_PREFIX }}
          BSI_APP_ID: "a3e0f5d2-000a-464f-998d-33d333b175d7"
          BSI_LOGON_USER_DIR: ${{ secrets.BSI_LOGON_USER_DIR }}
          BSI_LOGON_USER_ID: ${{ secrets.BSI_LOGON_USER_ID }}
          BSI_LOGON_PWD: ${{ secrets.BSI_LOGON_PWD }}
          BSI_TEST_TIMEOUT: ${{ secrets.BSI_TEST_TIMEOUT }}
          BSI_CERT_FILE: ${{ secrets.BSI_WIN_CERT_FILE }}
          BSI_CERT_KEY_FILE: ${{ secrets.BSI_WIN_CERT_KEY_FILE }}
          BSI_INCLUDE_SHEET_PART: ${{ secrets.BSI_INCLUDE_SHEET_PART }}
          BSI_SENSE_VERSION: ${{ secrets.BSI_SENSE_VERSION }}
          BSI_CLOUD_TENANT_URL: ${{ secrets.BSI_CLOUD_TENANT_URL }}
          BSI_CLOUD_API_KEY: ${{ secrets.BSI_CLOUD_API_KEY }}
          BSI_CLOUD_LOGON_USERID: ${{ secrets.BSI_CLOUD_LOGON_USERID }}
          BSI_CLOUD_LOGON_PWD: ${{ secrets.BSI_CLOUD_LOGON_PWD }}
          BSI_CLOUD_APP_ID: ${{ secrets.BSI_CLOUD_APP_ID }}
          BSI_CLOUD_COLLECTION_ID: ${{ secrets.BSI_CLOUD_COLLECTION_ID }}          

      - name: Run QSEoW tests
        run: |
          dir
          cd src
          npm run test qseow -- -i
        env:
          BSI_LOG_LEVEL: "info"
          BSI_CONTENT_LIBRARY: "abc 123"
          BSI_HOST: ${{ secrets.BSI_HOST }}
          BSI_PREFIX: ${{ secrets.BSI_PREFIX }}
          BSI_APP_ID: "a3e0f5d2-000a-464f-998d-33d333b175d7"
          BSI_LOGON_USER_DIR: ${{ secrets.BSI_LOGON_USER_DIR }}
          BSI_LOGON_USER_ID: ${{ secrets.BSI_LOGON_USER_ID }}
          BSI_LOGON_PWD: ${{ secrets.BSI_LOGON_PWD }}
          BSI_TEST_TIMEOUT: ${{ secrets.BSI_TEST_TIMEOUT }}
          BSI_CERT_FILE: ${{ secrets.BSI_WIN_CERT_FILE }}
          BSI_CERT_KEY_FILE: ${{ secrets.BSI_WIN_CERT_KEY_FILE }}
          BSI_INCLUDE_SHEET_PART: ${{ secrets.BSI_INCLUDE_SHEET_PART }}
          BSI_SENSE_VERSION: ${{ secrets.BSI_SENSE_VERSION }}
          BSI_CLOUD_TENANT_URL: ${{ secrets.BSI_CLOUD_TENANT_URL }}
          BSI_CLOUD_API_KEY: ${{ secrets.BSI_CLOUD_API_KEY }}
          BSI_CLOUD_LOGON_USERID: ${{ secrets.BSI_CLOUD_LOGON_USERID }}
          BSI_CLOUD_LOGON_PWD: ${{ secrets.BSI_CLOUD_LOGON_PWD }}
          BSI_CLOUD_APP_ID: ${{ secrets.BSI_CLOUD_APP_ID }}
          BSI_CLOUD_COLLECTION_ID: ${{ secrets.BSI_CLOUD_COLLECTION_ID }}

      # - name: Send job status to MQTT when done
      #   uses: potaesm/github-actions-mqtt-request@1.0.0
      #   if: always()
      #   env:
      #     JOB_CONCLUSION: ${{ job.status }}
      #     NODE_VERSION: 16
      #   with:
      #     url: mqtt://${{ secrets.MQTT_ONPREM_BROKER_IP_PORT }}
      #     topic: control/sp53/pro2-win2/action-runner
      #     payload: '{ "type":"ci-test", "repo": "${{ github.repository }}", "job": "${{ github.job }}", "workflow": "${{ github.workflow }}", "nodeVersion": "${{ env.NODE_VERSION }}","status": "completed","conclusion":"${{ env.JOB_CONCLUSION }}" }'
      #     connectTimeout: 30000


  release-please:
    needs: 
      - test-winsrv
    runs-on: ubuntu-latest
    outputs:
      releases_created: ${{ steps.release.outputs.releases_created }}
      release_tag_name: ${{ steps.release.outputs['src--tag_name'] }}
      release_upload_url: ${{ steps.release.outputs['src--upload_url'] }}
    env:
      GITHUB_REF: ${{ github.ref }}
      GITHUB_TOKEN: ${{ secrets.PAT }}
      DIST_FILE_NAME: butler-sheet-icons
    steps:
      - name: Show github.ref
        run: echo "$GITHUB_REF"

      - uses: googleapis/release-please-action@v4
        id: release
        if: github.repository_owner == 'ptarmiganlabs'
        with:
          # this assumes that you have created a personal access token
          # (PAT) and configured it as a GitHub action secret named
          # `MY_RELEASE_PLEASE_TOKEN` (this secret name is not important).
          token: ${{ secrets.RELEASE_PLEASE_PAT }}
          # optional. customize path to release-please-config.json
          config-file: release-please-config.json
          # optional. customize path to .release-please-manifest.json
          manifest-file: .release-please-manifest.json
          target-branch: main

      - name: Show output from Release-Please
        if: always()
        env:
          RELEASE_PLEASE_OUTPUT: ${{ toJSON(steps.release.outputs) }}
        run: echo "$RELEASE_PLEASE_OUTPUT"

      - name: Show output from Release-Please
        # if: ${{ steps.release.outputs.releases_created }}
        run: |
          echo "releases_created: ${{ steps.release.outputs.releases_created }}"
          echo "release_created : ${{ steps.release.outputs.release_created }}"
          echo "draft           : ${{ steps.release.outputs['src--draft'] }}"
          echo "path            : ${{ steps.release.outputs['src--path'] }}"
          echo "upload_url      : ${{ steps.release.outputs['src--upload_url'] }}"
          echo "html_url        : ${{ steps.release.outputs['src--html_url'] }}"
          echo "tag_name        : ${{ steps.release.outputs['src--tag_name'] }}"
          echo "version         : ${{ steps.release.outputs['src--version'] }}"
          echo "major           : ${{ steps.release.outputs['src--major'] }}"
          echo "minor           : ${{ steps.release.outputs['src--minor'] }}"
          echo "patch           : ${{ steps.release.outputs['src--patch'] }}"
          echo "sha             : ${{ steps.release.outputs['src--sha'] }}"

  release-macos:
    needs: release-please
    runs-on:
      - self-hosted
      - x64
      - macos
      - sp53
    # timeout-minutes: 15

    if: needs.release-please.outputs.releases_created == 'true'
    env:
      DIST_FILE_NAME: butler-sheet-icons
      GITHUB_TOKEN: ${{ secrets.PAT }}
      MACOS_CERTIFICATE: ${{ secrets.PROD_MACOS_CERTIFICATE_BASE64_CODESIGN }}
      MACOS_CERTIFICATE_PWD: ${{ secrets.PROD_MACOS_CERTIFICATE_CODESIGN_PWD }}
      MACOS_CERTIFICATE_NAME: ${{ secrets.PROD_MACOS_CERTIFICATE_CODESIGN_NAME }}
      MACOS_CI_KEYCHAIN_PWD: ${{ secrets.PROD_MACOS_CI_KEYCHAIN_PWD }}
      PROD_MACOS_NOTARIZATION_APPLE_ID: ${{ secrets.PROD_MACOS_NOTARIZATION_APPLE_ID }}
      PROD_MACOS_NOTARIZATION_TEAM_ID: ${{ secrets.PROD_MACOS_NOTARIZATION_TEAM_ID }}
      PROD_MACOS_NOTARIZATION_PWD: ${{ secrets.PROD_MACOS_NOTARIZATION_PWD }}    
    steps:
      - name: Release tag and upload url from previous job
        run: |
          echo "tag_name   : ${{ needs.release-please.outputs.release_tag_name }}"
          echo "upload_url : ${{ needs.release-please.outputs.release_upload_url }}"

      - name: Checkout repository
        uses: actions/checkout@v4

      - name: Setup Node.js
        uses: actions/setup-node@v4
        with:
          node-version: 23

      - name: Install tool for creating stand-alone executables
        run: |
          npm install pkg --location=global

      - name: Install dependencies
        run: |
          pwd 
          cd src
          npm ci --include=prod

      - name: Build binaries
        run: |
          cd src
          ./node_modules/.bin/esbuild ${DIST_FILE_NAME}.js --bundle --outfile=build.cjs --format=cjs --platform=node --target=node23
          node --experimental-sea-config sea-config.json
          cp $(command -v node) ${DIST_FILE_NAME}
          npx postject ${DIST_FILE_NAME} NODE_SEA_BLOB sea-prep.blob --sentinel-fuse NODE_SEA_FUSE_fce680ab2cc467b6e072b8b5df1996b2 --macho-segment-name NODE_SEA

          security delete-keychain build.keychain || true

          # -------------------
          # Turn our base64-encoded certificate back to a regular .p12 file
          echo $MACOS_CERTIFICATE | base64 --decode > certificate.p12

          # -------------------
          # We need to create a new keychain, otherwise using the certificate will prompt
          # with a UI dialog asking for the certificate password, which we can't
          # use in a headless CI environment
          security create-keychain -p "$MACOS_CI_KEYCHAIN_PWD" build.keychain
          security list-keychains -d user -s build.keychain
          security default-keychain -d user -s build.keychain
          security unlock-keychain -p "$MACOS_CI_KEYCHAIN_PWD" build.keychain
          security import certificate.p12 -k build.keychain -P "$MACOS_CERTIFICATE_PWD" -T /usr/bin/codesign
          security set-key-partition-list -S apple-tool:,apple:,codesign: -s -k "$MACOS_CI_KEYCHAIN_PWD" build.keychain
      
          codesign --force -s "$MACOS_CERTIFICATE_NAME" -v "./${DIST_FILE_NAME}" --deep --strict --options=runtime --timestamp --entitlements ../release-config/${DIST_FILE_NAME}.entitlements

          # -------------------
          # We can't notarize an app bundle directly, but we need to compress it as an archive.
          # Therefore, we create a zip file containing our app bundle, so that we can send it to the
          # notarization service
          # Notarize release binary
          echo "Creating temp notarization archive for release binary"
          ditto -c -k --keepParent "./${DIST_FILE_NAME}" "./${{ needs.release-please.outputs.release_tag_name }}-macos.zip"

          # -------------------
          # Here we send the notarization request to the Apple's Notarization service, waiting for the result.
          # This typically takes a few seconds inside a CI environment, but it might take more depending on the App
          # characteristics. Visit the Notarization docs for more information and strategies on how to optimize it if
          # you're curious
          echo "Notarize release app"
          xcrun notarytool submit "./${{ needs.release-please.outputs.release_tag_name }}-macos.zip" --keychain-profile "notarytool-profile" --wait

          # -------------------
          # Move the zip file to the root directory
          mv "./${{ needs.release-please.outputs.release_tag_name }}-macos.zip" ..

          # -------------------
          # Clean up
          # Delete build keychain
          security delete-keychain build.keychain
          rm build.cjs

          ls -la

      - name: Upload to existing release
        uses: ncipollo/release-action@v1
        with:
          allowUpdates: true
          omitBodyDuringUpdate: true
          omitNameDuringUpdate: true
          artifactContentType: raw
          # artifactContentType: application/zip
          draft: true
          tag: ${{ needs.release-please.outputs.release_tag_name }}
          artifacts: ./${{ needs.release-please.outputs.release_tag_name }}-macos.zip
          token: ${{ github.token }}

      - name: Tidy up before existing
        run: |
          pwd
          ls -la

  release-win64:
    needs: release-please
    runs-on:
      - self-hosted
      - x64
      - windows
      - sp53
      - win-code-sign
    # timeout-minutes: 15
    if: needs.release-please.outputs.releases_created == 'true'
    env:
      DIST_FILE_NAME: butler-sheet-icons
      GITHUB_TOKEN: ${{ secrets.PAT }}
      CODESIGN_WIN_THUMBPRINT: ${{ secrets.WIN_CODESIGN_THUMBPRINT}}
    steps:
      - name: Release tag and upload url from previous job
        run: |
          Write-Output 'tag_name        : ${{ needs.release-please.outputs.release_tag_name }}'
          Write-Output 'upload_url      : ${{ needs.release-please.outputs.release_upload_url }}'

      - name: Checkout repository
        uses: actions/checkout@v4

      - name: Setup Node.js
        uses: actions/setup-node@v4
        with:
          node-version: 23

      - name: Install tool for creating stand-alone executables
        run: |
          npm install pkg --location=global

      - name: Install dependencies
        run: |
          pwd 
          cd src
          npm ci --include=prod

      - name: Build binaries
        run: |
          cd src
          ./node_modules/.bin/esbuild "${env:DIST_FILE_NAME}.js" --bundle --outfile=build.cjs --format=cjs --platform=node --target=node23
          node --experimental-sea-config sea-config.json
          node -e "require('fs').copyFileSync(process.execPath, '${env:DIST_FILE_NAME}.exe')" 

          # -------------------
          # Remove the signature from the executable
          $processOptions1 = @{
            FilePath = "C:\Program Files (x86)/Windows Kits/10/bin/10.0.22621.0/x64/signtool.exe"
            Wait = $true
            ArgumentList = "remove", "/s", "./${env:DIST_FILE_NAME}.exe"
            WorkingDirectory = "."
            NoNewWindow = $true
          }
          Start-Process @processOptions1

          npx postject "${env:DIST_FILE_NAME}.exe" NODE_SEA_BLOB sea-prep.blob --sentinel-fuse NODE_SEA_FUSE_fce680ab2cc467b6e072b8b5df1996b2

          # -------------------
          # Sign the executable
          # 1st signing
          $processOptions1 = @{
            FilePath = "C:\Program Files (x86)/Windows Kits/10/bin/10.0.22621.0/x64/signtool.exe"
            Wait = $true
            ArgumentList = "sign", "/sha1", "$env:CODESIGN_WIN_THUMBPRINT", "/tr", "http://time.certum.pl", "/td", "sha256", "/fd", "sha1", "/v", "./${env:DIST_FILE_NAME}.exe"
            WorkingDirectory = "."
            NoNewWindow = $true
          }
          Start-Process @processOptions1

          # -------------------
          # 2nd signing
          $processOptions2 = @{
            FilePath = "C:\Program Files (x86)/Windows Kits/10/bin/10.0.22621.0/x64/signtool.exe"
            Wait = $true
            ArgumentList = "sign", "/sha1", "$env:CODESIGN_WIN_THUMBPRINT", "/tr", "http://time.certum.pl", "/td", "sha256", "/fd", "sha256", "/v", "./${env:DIST_FILE_NAME}.exe"
            WorkingDirectory = "."
            NoNewWindow = $true
          }
          Start-Process @processOptions2

          # -------------------
          # Create release binary zip
          $compress = @{
            Path = "./${env:DIST_FILE_NAME}.exe"
            CompressionLevel = "Fastest"
            DestinationPath = "${{ needs.release-please.outputs.release_tag_name }}-win.zip"
          }
          Compress-Archive @compress

          # -------------------
          # Move the zip file to the root directory
          Move-Item -Path "${{ needs.release-please.outputs.release_tag_name }}-win.zip" -Destination ..

          # -------------------
          # Clean up
          Remove-Item -Force build.cjs

          dir

      - name: Upload to existing release
        uses: ncipollo/release-action@v1
        with:
          allowUpdates: true
          omitBodyDuringUpdate: true
          omitNameDuringUpdate: true
          artifactContentType: raw
          draft: true
          tag: ${{ needs.release-please.outputs.release_tag_name }}
          artifacts: ./${{ needs.release-please.outputs.release_tag_name }}-win.zip
          token: ${{ github.token }}

      - name: Tidy up before existing
        run: |
          dir

  release-linux:
    needs: release-please
    runs-on: ubuntu-latest
    # timeout-minutes: 15

    if: needs.release-please.outputs.releases_created == 'true'
    env:
      DIST_FILE_NAME: butler-sheet-icons
      GITHUB_TOKEN: ${{ secrets.PAT }}
    steps:
      - name: Release tag and upload url from previous job
        run: |
          echo "tag_name   : ${{ needs.release-please.outputs.release_tag_name }}"
          echo "upload_url : ${{ needs.release-please.outputs.release_upload_url }}"

      - name: Checkout repository
        uses: actions/checkout@v4

      - name: Setup Node.js
        uses: actions/setup-node@v4
        with:
          node-version: 23

      - name: Install tool for creating stand-alone executables
        run: |
          npm install pkg --location=global

      - name: Install dependencies
        run: |
          pwd 
          cd src
          npm ci --include=prod

      - name: Build binaries
        run: |
          cd src
          ./node_modules/.bin/esbuild ${DIST_FILE_NAME}.js  --bundle --outfile=build.cjs --format=cjs --platform=node --target=node23
          node --experimental-sea-config sea-config.json
          cp $(command -v node) ${DIST_FILE_NAME}
          npx postject ${DIST_FILE_NAME} NODE_SEA_BLOB sea-prep.blob --sentinel-fuse NODE_SEA_FUSE_fce680ab2cc467b6e072b8b5df1996b2

          # -------------------
          # Move the binary file to the root directory
          mv ${DIST_FILE_NAME} ..

          # -------------------
          # Clean up
          rm build.cjs

          ls -la

      - name: Compress release binary
        run: |
          zip -9 -r ./${{ needs.release-please.outputs.release_tag_name }}-linux.zip ${DIST_FILE_NAME}

      - name: Debug
        run: |
          ls -la

      - name: Upload to existing release
        uses: ncipollo/release-action@v1
        with:
          allowUpdates: true
          omitBodyDuringUpdate: true
          omitNameDuringUpdate: true
          artifactContentType: raw
          draft: true
          tag: ${{ needs.release-please.outputs.release_tag_name }}
          artifacts: ./${{ needs.release-please.outputs.release_tag_name }}-linux.zip
          token: ${{ github.token }}

      - name: Tidy up before existing
        run: |
          pwd
          ls -la