Update README.md #97
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: CI | |
on: | |
push: | |
branches: [main] | |
jobs: | |
# test: | |
# name: Test | |
# runs-on: ubuntu-latest | |
# steps: | |
# - name: Check out code | |
# uses: actions/checkout@v3 | |
# with: | |
# fetch-depth: 2 | |
# - name: Setup Node.js environment | |
# uses: actions/setup-node@v3 | |
# with: | |
# node-version: lts/gallium | |
# cache: yarn | |
# - name: Install Node.js dependencies | |
# run: yarn install --frozen-lockfile | |
# - name: Lint | |
# if: false # TODO: Fix PyLint errors | |
# run: yarn lint | |
# - name: Run tests | |
# run: yarn test | |
build: | |
name: Build for ${{ matrix.os }} | |
runs-on: ${{ matrix.runs-on }} | |
timeout-minutes: 35 | |
strategy: | |
matrix: | |
include: | |
- os: Ubuntu (x86-64) | |
runs-on: ubuntu-latest | |
- os: macOS 13 (x86-64) | |
runs-on: macos-13 | |
# GitHub currently only supports self-hosted runners for Apple Silicon Macs | |
- os: macOS 13 (ARM64) | |
runs-on: [self-hosted, macos-13, ARM64] | |
# - os: Windows (x86-64) | |
# runs-on: windows-latest | |
steps: | |
- name: Check out code | |
uses: actions/checkout@v3 | |
with: | |
fetch-depth: 2 | |
- name: Setup Node.js environment | |
# setup-node stalls on self-hosted runner | |
if: ${{ !contains(matrix.runs-on, 'ARM64') }} | |
uses: actions/setup-node@v3 | |
with: | |
node-version: lts/gallium | |
cache: yarn | |
- name: Install Node.js dependencies | |
run: yarn install --frozen-lockfile --network-timeout 100000 | |
# - name: Scan licenses | |
# uses: fossas/fossa-action@main # Use a specific version if locking is preferred | |
# with: | |
# api-key: ${{ secrets.FOSSA_API_KEY }} | |
- name: Prepare for macOS app notarization | |
if: startsWith(matrix.os, 'macos') | |
env: | |
APPLE_API_KEY: ${{ secrets.APPLE_API_KEY }} | |
APPLE_API_KEY_ID: ${{ secrets.APPLE_API_KEY_ID }} | |
APPLE_API_KEY_ISSUER: ${{ secrets.APPLE_API_KEY_ISSUER }} | |
CSC_LINK: ${{ secrets.CSC_LINK }} | |
CSC_KEY_PASSWORD: ${{ secrets.CSC_KEY_PASSWORD }} | |
run: | | |
# Set temporary environment variables | |
KEYCHAIN_PROFILE="notarization" | |
KEYCHAIN_PASSWORD="$(openssl rand -base64 12)" | |
KEYCHAIN_PATH="$RUNNER_TEMP/code-signing.keychain-db" | |
CSC_PATH="$RUNNER_TEMP/build_certificate.p12" | |
APPLE_KEY_DIR_PATH="$HOME/private_keys" | |
APPLE_API_KEY_PATH="$APPLE_KEY_DIR_PATH/AuthKey_$APPLE_API_KEY_ID.p8" | |
# Create code signing Keychain | |
security create-keychain -p "$KEYCHAIN_PASSWORD" "$KEYCHAIN_PATH" | |
security set-keychain-settings -lut 21600 "$KEYCHAIN_PATH" | |
security unlock-keychain -p "$KEYCHAIN_PASSWORD" "$KEYCHAIN_PATH" | |
# Write App Store Connect API key for Notary service | |
mkdir -p "$APPLE_KEY_DIR_PATH" | |
echo -n "$APPLE_API_KEY" > "$APPLE_API_KEY_PATH" | |
# Import Notary service credentials to Keychain | |
xcrun notarytool store-credentials \ | |
-k="$APPLE_API_KEY_PATH" \ | |
-d="$APPLE_API_KEY_ID" \ | |
-i="$APPLE_API_KEY_ISSUER" \ | |
--keychain="$KEYCHAIN_PATH" \ | |
"$KEYCHAIN_PROFILE" | |
# Write code signing certificate | |
echo -n "$CSC_LINK" | base64 -d -o "$CSC_PATH" | |
# Import code signing certificate to Keychain | |
security import "$CSC_PATH" -P "$CSC_KEY_PASSWORD" -A -t cert -f pkcs12 -k "$KEYCHAIN_PATH" | |
security list-keychain -d user -s "$KEYCHAIN_PATH" | |
# Delete code signing certificate | |
rm -rf "$CSC_PATH" | |
# Set persistent environment variables | |
echo "KEYCHAIN_PROFILE=$KEYCHAIN_PROFILE" >> $GITHUB_ENV | |
echo "KEYCHAIN_PATH=$KEYCHAIN_PATH" >> $GITHUB_ENV | |
echo "APPLE_KEY_DIR_PATH=$APPLE_KEY_DIR_PATH" >> $GITHUB_ENV | |
- name: Build packages | |
run: | | |
export NODE_OPTIONS="--max_old_space_size=4096" | |
yarn forcebuild | |
env: | |
APPLE_KEYCHAIN: ${{ env.KEYCHAIN_PATH }} | |
APPLE_KEYCHAIN_PROFILE: ${{ env.KEYCHAIN_PROFILE }} | |
CSC_LINK: ${{ startsWith(matrix.os, 'macos') && secrets.CSC_LINK || '' }} | |
CSC_KEY_PASSWORD: ${{ startsWith(matrix.os, 'macos') && secrets.CSC_KEY_PASSWORD || '' }} | |
TURBO_TEAM: ${{ secrets.TURBO_TEAM }} | |
TURBO_TOKEN: ${{ secrets.TURBO_TOKEN }} | |
- name: Upload Recovery Utility ${{ matrix.os }} artifact | |
uses: actions/upload-artifact@v3 | |
with: | |
name: Recovery Utility ${{ matrix.os }} | |
path: | | |
apps/recovery-utility/dist/*.AppImage | |
apps/recovery-utility/dist/*.exe | |
apps/recovery-utility/dist/*.zip | |
- name: Upload Recovery Relay artifact | |
uses: actions/upload-artifact@v3 | |
with: | |
name: Recovery Relay | |
path: apps/recovery-relay/out/ | |
- name: Clean up Apple Developer secrets | |
if: ${{ startsWith(matrix.os, 'macos') && always() }} | |
env: | |
KEYCHAIN_PATH: ${{ env.KEYCHAIN_PATH }} | |
APPLE_KEY_DIR_PATH: ${{ env.APPLE_KEY_DIR_PATH }} | |
run: | | |
security delete-keychain "$KEYCHAIN_PATH" | |
rm -rf "$APPLE_KEY_DIR_PATH" | |
pr: | |
name: Version packages | |
runs-on: ubuntu-latest | |
# needs: [test, build] | |
needs: [build] | |
steps: | |
- name: Check out code | |
uses: actions/checkout@v3 | |
with: | |
fetch-depth: 2 | |
- name: Setup Node.js environment | |
uses: actions/setup-node@v3 | |
with: | |
node-version: lts/gallium | |
cache: 'yarn' | |
- name: Create release pull request | |
id: changesets | |
uses: changesets/action@v1 | |
env: | |
GITHUB_TOKEN: ${{ github.token }} |