Skip to content

Commit

Permalink
build(electron): skip signing for windows (#7645)
Browse files Browse the repository at this point in the history
  • Loading branch information
pengx17 committed Jul 30, 2024
1 parent d769c8b commit 63e8729
Showing 1 changed file with 174 additions and 103 deletions.
277 changes: 174 additions & 103 deletions .github/workflows/release-desktop.yml
Original file line number Diff line number Diff line change
Expand Up @@ -181,7 +181,7 @@ jobs:
name: affine-${{ matrix.spec.platform }}-${{ matrix.spec.arch }}-builds
path: builds

package-distribution-windows:
make-distribution-windows-skip-signing:
strategy:
matrix:
spec:
Expand All @@ -191,8 +191,6 @@ jobs:
target: x86_64-pc-windows-msvc
runs-on: ${{ matrix.spec.runner }}
needs: before-make
outputs:
FILES_TO_BE_SIGNED: ${{ steps.get_files_to_be_signed.outputs.FILES_TO_BE_SIGNED }}
env:
SKIP_GENERATE_ASSETS: 1
SENTRY_ORG: ${{ secrets.SENTRY_ORG }}
Expand Down Expand Up @@ -232,111 +230,12 @@ jobs:
SKIP_WEB_BUILD: 1
HOIST_NODE_MODULES: 1

- name: get all files to be signed
id: get_files_to_be_signed
run: |
Set-Variable -Name FILES_TO_BE_SIGNED -Value ((Get-ChildItem -Path packages/frontend/electron/out -Recurse -File | Where-Object { $_.Extension -in @(".exe", ".node", ".dll", ".msi") } | ForEach-Object { '"' + $_.FullName.Replace((Get-Location).Path + '\packages\frontend\electron\out\', '') + '"' }) -join ' ')
"FILES_TO_BE_SIGNED=$FILES_TO_BE_SIGNED" >> $env:GITHUB_OUTPUT
echo $FILES_TO_BE_SIGNED
- name: Zip artifacts for faster upload
run: Compress-Archive -CompressionLevel Fastest -Path packages/frontend/electron/out/* -DestinationPath archive.zip

- name: Save packaged artifacts for signing
uses: actions/upload-artifact@v4
with:
name: packaged-${{ matrix.spec.platform }}-${{ matrix.spec.arch }}
path: |
archive.zip
!**/*.map
sign-packaged-artifacts-windows:
needs: package-distribution-windows
uses: ./.github/workflows/windows-signer.yml
with:
files: ${{ needs.package-distribution-windows.outputs.FILES_TO_BE_SIGNED }}
artifact-name: packaged-win32-x64

make-windows-installer:
needs: sign-packaged-artifacts-windows
strategy:
matrix:
spec:
- runner: windows-latest
platform: win32
arch: x64
target: x86_64-pc-windows-msvc
runs-on: ${{ matrix.spec.runner }}
outputs:
FILES_TO_BE_SIGNED: ${{ steps.get_files_to_be_signed.outputs.FILES_TO_BE_SIGNED }}
steps:
- uses: actions/checkout@v4
- name: Setup Version
id: version
uses: ./.github/actions/setup-version
- name: Setup Node.js
timeout-minutes: 10
uses: ./.github/actions/setup-node
with:
extra-flags: workspaces focus @affine/electron @affine/monorepo
hard-link-nm: false
nmHoistingLimits: workspaces
- name: Download and overwrite packaged artifacts
uses: actions/download-artifact@v4
with:
name: signed-packaged-${{ matrix.spec.platform }}-${{ matrix.spec.arch }}
path: .
- name: unzip file
run: Expand-Archive -Path signed.zip -DestinationPath packages/frontend/electron/out

- name: Make squirrel.windows installer
run: yarn workspace @affine/electron make-squirrel --platform=${{ matrix.spec.platform }} --arch=${{ matrix.spec.arch }}

- name: Make nsis.windows installer
run: yarn workspace @affine/electron make-nsis --platform=${{ matrix.spec.platform }} --arch=${{ matrix.spec.arch }}

- name: Zip artifacts for faster upload
run: Compress-Archive -CompressionLevel Fastest -Path packages/frontend/electron/out/${{ env.BUILD_TYPE }}/make/* -DestinationPath archive.zip

- name: get all files to be signed
id: get_files_to_be_signed
run: |
Set-Variable -Name FILES_TO_BE_SIGNED -Value ((Get-ChildItem -Path packages/frontend/electron/out/${{ env.BUILD_TYPE }}/make -Recurse -File | Where-Object { $_.Extension -in @(".exe", ".node", ".dll", ".msi") } | ForEach-Object { '"' + $_.FullName.Replace((Get-Location).Path + '\packages\frontend\electron\out\${{ env.BUILD_TYPE }}\make\', '') + '"' }) -join ' ')
"FILES_TO_BE_SIGNED=$FILES_TO_BE_SIGNED" >> $env:GITHUB_OUTPUT
echo $FILES_TO_BE_SIGNED
- name: Save installer for signing
uses: actions/upload-artifact@v4
with:
name: installer-${{ matrix.spec.platform }}-${{ matrix.spec.arch }}
path: archive.zip

sign-installer-artifacts-windows:
needs: make-windows-installer
uses: ./.github/workflows/windows-signer.yml
with:
files: ${{ needs.make-windows-installer.outputs.FILES_TO_BE_SIGNED }}
artifact-name: installer-win32-x64

finalize-installer-windows:
needs: [sign-installer-artifacts-windows, before-make]
strategy:
matrix:
spec:
- runner: windows-latest
platform: win32
arch: x64
target: x86_64-pc-windows-msvc
runs-on: ${{ matrix.spec.runner }}
steps:
- name: Download and overwrite installer artifacts
uses: actions/download-artifact@v4
with:
name: signed-installer-${{ matrix.spec.platform }}-${{ matrix.spec.arch }}
path: .
- name: unzip file
run: Expand-Archive -Path signed.zip -DestinationPath packages/frontend/electron/out/${{ env.BUILD_TYPE }}/make

- name: Save artifacts
run: |
mkdir -p builds
Expand All @@ -357,8 +256,180 @@ jobs:
name: affine-${{ matrix.spec.platform }}-${{ matrix.spec.arch }}-builds
path: builds

# package-distribution-windows:
# strategy:
# matrix:
# spec:
# - runner: windows-latest
# platform: win32
# arch: x64
# target: x86_64-pc-windows-msvc
# runs-on: ${{ matrix.spec.runner }}
# needs: before-make
# outputs:
# FILES_TO_BE_SIGNED: ${{ steps.get_files_to_be_signed.outputs.FILES_TO_BE_SIGNED }}
# env:
# SKIP_GENERATE_ASSETS: 1
# SENTRY_ORG: ${{ secrets.SENTRY_ORG }}
# SENTRY_PROJECT: 'affine'
# SENTRY_AUTH_TOKEN: ${{ secrets.SENTRY_AUTH_TOKEN }}
# SENTRY_DSN: ${{ secrets.SENTRY_DSN }}
# MIXPANEL_TOKEN: ${{ secrets.MIXPANEL_TOKEN }}
# steps:
# - uses: actions/checkout@v4
# - name: Setup Version
# id: version
# uses: ./.github/actions/setup-version
# - name: Setup Node.js
# timeout-minutes: 10
# uses: ./.github/actions/setup-node
# with:
# extra-flags: workspaces focus @affine/electron @affine/monorepo
# hard-link-nm: false
# nmHoistingLimits: workspaces
# - name: Build AFFiNE native
# uses: ./.github/actions/build-rust
# with:
# target: ${{ matrix.spec.target }}
# package: '@affine/native'
# nx_token: ${{ secrets.NX_CLOUD_ACCESS_TOKEN }}
# - uses: actions/download-artifact@v4
# with:
# name: web
# path: packages/frontend/electron/resources/web-static

# - name: Build Desktop Layers
# run: yarn workspace @affine/electron build

# - name: package
# run: yarn workspace @affine/electron package --platform=${{ matrix.spec.platform }} --arch=${{ matrix.spec.arch }}
# env:
# SKIP_WEB_BUILD: 1
# HOIST_NODE_MODULES: 1

# - name: get all files to be signed
# id: get_files_to_be_signed
# run: |
# Set-Variable -Name FILES_TO_BE_SIGNED -Value ((Get-ChildItem -Path packages/frontend/electron/out -Recurse -File | Where-Object { $_.Extension -in @(".exe", ".node", ".dll", ".msi") } | ForEach-Object { '"' + $_.FullName.Replace((Get-Location).Path + '\packages\frontend\electron\out\', '') + '"' }) -join ' ')
# "FILES_TO_BE_SIGNED=$FILES_TO_BE_SIGNED" >> $env:GITHUB_OUTPUT
# echo $FILES_TO_BE_SIGNED

# - name: Zip artifacts for faster upload
# run: Compress-Archive -CompressionLevel Fastest -Path packages/frontend/electron/out/* -DestinationPath archive.zip

# - name: Save packaged artifacts for signing
# uses: actions/upload-artifact@v4
# with:
# name: packaged-${{ matrix.spec.platform }}-${{ matrix.spec.arch }}
# path: |
# archive.zip
# !**/*.map

# sign-packaged-artifacts-windows:
# needs: package-distribution-windows
# uses: ./.github/workflows/windows-signer.yml
# with:
# files: ${{ needs.package-distribution-windows.outputs.FILES_TO_BE_SIGNED }}
# artifact-name: packaged-win32-x64

# make-windows-installer:
# needs: sign-packaged-artifacts-windows
# strategy:
# matrix:
# spec:
# - runner: windows-latest
# platform: win32
# arch: x64
# target: x86_64-pc-windows-msvc
# runs-on: ${{ matrix.spec.runner }}
# outputs:
# FILES_TO_BE_SIGNED: ${{ steps.get_files_to_be_signed.outputs.FILES_TO_BE_SIGNED }}
# steps:
# - uses: actions/checkout@v4
# - name: Setup Version
# id: version
# uses: ./.github/actions/setup-version
# - name: Setup Node.js
# timeout-minutes: 10
# uses: ./.github/actions/setup-node
# with:
# extra-flags: workspaces focus @affine/electron @affine/monorepo
# hard-link-nm: false
# nmHoistingLimits: workspaces
# - name: Download and overwrite packaged artifacts
# uses: actions/download-artifact@v4
# with:
# name: signed-packaged-${{ matrix.spec.platform }}-${{ matrix.spec.arch }}
# path: .
# - name: unzip file
# run: Expand-Archive -Path signed.zip -DestinationPath packages/frontend/electron/out

# - name: Make squirrel.windows installer
# run: yarn workspace @affine/electron make-squirrel --platform=${{ matrix.spec.platform }} --arch=${{ matrix.spec.arch }}

# - name: Make nsis.windows installer
# run: yarn workspace @affine/electron make-nsis --platform=${{ matrix.spec.platform }} --arch=${{ matrix.spec.arch }}

# - name: Zip artifacts for faster upload
# run: Compress-Archive -CompressionLevel Fastest -Path packages/frontend/electron/out/${{ env.BUILD_TYPE }}/make/* -DestinationPath archive.zip

# - name: get all files to be signed
# id: get_files_to_be_signed
# run: |
# Set-Variable -Name FILES_TO_BE_SIGNED -Value ((Get-ChildItem -Path packages/frontend/electron/out/${{ env.BUILD_TYPE }}/make -Recurse -File | Where-Object { $_.Extension -in @(".exe", ".node", ".dll", ".msi") } | ForEach-Object { '"' + $_.FullName.Replace((Get-Location).Path + '\packages\frontend\electron\out\${{ env.BUILD_TYPE }}\make\', '') + '"' }) -join ' ')
# "FILES_TO_BE_SIGNED=$FILES_TO_BE_SIGNED" >> $env:GITHUB_OUTPUT
# echo $FILES_TO_BE_SIGNED

# - name: Save installer for signing
# uses: actions/upload-artifact@v4
# with:
# name: installer-${{ matrix.spec.platform }}-${{ matrix.spec.arch }}
# path: archive.zip

# sign-installer-artifacts-windows:
# needs: make-windows-installer
# uses: ./.github/workflows/windows-signer.yml
# with:
# files: ${{ needs.make-windows-installer.outputs.FILES_TO_BE_SIGNED }}
# artifact-name: installer-win32-x64

# finalize-installer-windows:
# needs: [sign-installer-artifacts-windows, before-make]
# strategy:
# matrix:
# spec:
# - runner: windows-latest
# platform: win32
# arch: x64
# target: x86_64-pc-windows-msvc
# runs-on: ${{ matrix.spec.runner }}
# steps:
# - name: Download and overwrite installer artifacts
# uses: actions/download-artifact@v4
# with:
# name: signed-installer-${{ matrix.spec.platform }}-${{ matrix.spec.arch }}
# path: .
# - name: unzip file
# run: Expand-Archive -Path signed.zip -DestinationPath packages/frontend/electron/out/${{ env.BUILD_TYPE }}/make

# - name: Save artifacts
# run: |
# mkdir -p builds
# mv packages/frontend/electron/out/*/make/zip/win32/x64/AFFiNE*-win32-x64-*.zip ./builds/affine-${{ needs.before-make.outputs.RELEASE_VERSION }}-${{ env.BUILD_TYPE }}-windows-x64.zip
# mv packages/frontend/electron/out/*/make/squirrel.windows/x64/*.exe ./builds/affine-${{ needs.before-make.outputs.RELEASE_VERSION }}-${{ env.BUILD_TYPE }}-windows-x64.exe
# mv packages/frontend/electron/out/*/make/nsis.windows/x64/*.exe ./builds/affine-${{ needs.before-make.outputs.RELEASE_VERSION }}-${{ env.BUILD_TYPE }}-windows-x64.nsis.exe

# - name: Upload Artifact
# uses: actions/upload-artifact@v4
# with:
# name: affine-${{ matrix.spec.platform }}-${{ matrix.spec.arch }}-builds
# path: builds

release:
needs: [before-make, make-distribution, finalize-installer-windows]
needs:
- before-make
- make-distribution
- make-distribution-windows-skip-signing
runs-on: ubuntu-latest

steps:
Expand Down

0 comments on commit 63e8729

Please sign in to comment.