From 05c995254b0aed6aeab0249bc1e535c2830ac705 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?G=C3=B6ran=20Sander?= Date: Wed, 6 Nov 2024 09:47:07 +0100 Subject: [PATCH] Switch insider build binaries to use SEA --- .github/workflows/insiders-build.yaml | 51 +++++++++++++++++---------- 1 file changed, 32 insertions(+), 19 deletions(-) diff --git a/.github/workflows/insiders-build.yaml b/.github/workflows/insiders-build.yaml index c0d89650..53ff5b99 100644 --- a/.github/workflows/insiders-build.yaml +++ b/.github/workflows/insiders-build.yaml @@ -14,13 +14,6 @@ jobs: include: - os: win-code-sign build: | - echo ${env:DIST_FILE_NAME} - echo "${env:DIST_FILE_NAME}" - - echo $env:DIST_FILE_NAME - echo "$env:DIST_FILE_NAME" - - cd src ./node_modules/.bin/esbuild "${env:DIST_FILE_NAME}.js" --bundle --outfile=build.cjs --format=cjs --platform=node --target=node23 node --experimental-sea-config sea-config.json @@ -76,29 +69,35 @@ jobs: # Move the zip file to the root directory Move-Item "${env:DIST_FILE_NAME}--win-x64--${{ github.sha }}.zip" "../${env:DIST_FILE_NAME}--win-x64--${{ github.sha }}.zip" + # ------------------- + # Clean up + Remove-Item -Force build.cjs + artifact_insider: butler-sheet-icons--win-x64--${{ github.sha }}.zip - os: mac-build1 build: | cd src - ./node_modules/.bin/esbuild ${DIST_FILE_NAME}.js --bundle --external:vm2 --external:axios --outfile=build.cjs --format=cjs --platform=node --target=node18.5.0 - pkg --output "../${DIST_FILE_NAME}" -t node18-macos-x64 ./build.cjs --config package.json --options no-deprecation --compress GZip + ./node_modules/.bin/esbuild ${DIST_FILE_NAME}.js --bundle --outfile=build.cjs --format=cjs --platform=node --target=node23 + node --experimental-sea-config sea-config.json + cp $(command -v node) ${DIST_FILE_NAME} + npx postject ${DIST_FILE_NAME} NODE_SEA_BLOB sea-prep.blob --sentinel-fuse NODE_SEA_FUSE_fce680ab2cc467b6e072b8b5df1996b2 --macho-segment-name NODE_SEA - cd .. - chmod +x "${DIST_FILE_NAME}" + #cd .. + #chmod +x "${DIST_FILE_NAME}" security delete-keychain build.keychain || true pwd ls -la - # Turn our base64-encoded certificate back to a regular .p12 file - + # ------------------- + # Turn our base64-encoded certificate back to a regular .p12 file echo $MACOS_CERTIFICATE | base64 --decode > certificate.p12 + # ------------------- # We need to create a new keychain, otherwise using the certificate will prompt # with a UI dialog asking for the certificate password, which we can't # use in a headless CI environment - security create-keychain -p "$MACOS_CI_KEYCHAIN_PWD" build.keychain security list-keychains -d user -s build.keychain security default-keychain -d user -s build.keychain @@ -109,17 +108,16 @@ jobs: codesign --force -s "$MACOS_CERTIFICATE_NAME" -v "./${DIST_FILE_NAME}" --deep --strict --options=runtime --timestamp --entitlements ./release-config/${DIST_FILE_NAME}.entitlements + # ------------------- # Notarize # Store the notarization credentials so that we can prevent a UI password dialog from blocking the CI - echo "Create keychain profile" xcrun notarytool store-credentials "notarytool-profile" --apple-id "$PROD_MACOS_NOTARIZATION_APPLE_ID" --team-id "$PROD_MACOS_NOTARIZATION_TEAM_ID" --password "$PROD_MACOS_NOTARIZATION_PWD" + # ------------------- # We can't notarize an app bundle directly, but we need to compress it as an archive. # Therefore, we create a zip file containing our app bundle, so that we can send it to the # notarization service - - # Notarize insider binary echo "Creating temp notarization archive for insider build" ditto -c -k --keepParent "./${DIST_FILE_NAME}" "./${DIST_FILE_NAME}--macos-x64--${{ github.sha }}.zip" @@ -131,16 +129,24 @@ jobs: echo "Notarize insider app" xcrun notarytool submit "./${DIST_FILE_NAME}--macos-x64--${{ github.sha }}.zip" --keychain-profile "notarytool-profile" --wait + # Move the zip file to the root directory + mv "./${DIST_FILE_NAME}--macos-x64--${{ github.sha }}.zip" "../${DIST_FILE_NAME}--macos-x64--${{ github.sha }}.zip" + + # ------------------- + # Clean up # Delete build keychain security delete-keychain build.keychain + rm build.cjs artifact_insider: butler-sheet-icons--macos-x64--${{ github.sha }}.zip - os: ubuntu-latest build: | cd src - ./node_modules/.bin/esbuild ${DIST_FILE_NAME}.js --bundle --external:vm2 --external:axios --outfile=build.cjs --format=cjs --platform=node --target=node18.5.0 - pkg --output "../${DIST_FILE_NAME}" -t node18-linux-x64 ./build.cjs --config package.json --options no-deprecation --compress GZip + ./node_modules/.bin/esbuild ${DIST_FILE_NAME}.js --bundle --outfile=build.cjs --format=cjs --platform=node --target=node23 + node --experimental-sea-config sea-config.json + cp $(command -v node) ${DIST_FILE_NAME} + npx postject ${DIST_FILE_NAME} NODE_SEA_BLOB sea-prep.blob --sentinel-fuse NODE_SEA_FUSE_fce680ab2cc467b6e072b8b5df1996b2 cd .. chmod +x ${DIST_FILE_NAME} @@ -154,6 +160,13 @@ jobs: tar -czf "${DIST_FILE_NAME}--linux-x64--${{ github.sha }}.tgz" "${DIST_FILE_NAME}" ls -la + # Move the zip file to the root directory + mv "${DIST_FILE_NAME}--linux-x64--${{ github.sha }}.tgz" "${DIST_FILE_NAME}--linux-x64--${{ github.sha }}.tgz" + + # ------------------- + # Clean up + rm build.cjs + artifact_insider: butler-sheet-icons--linux-x64--${{ github.sha }}.tgz runs-on: ${{ matrix.os }} steps: