-
Notifications
You must be signed in to change notification settings - Fork 2
192 lines (162 loc) · 6.76 KB
/
release.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
name: 'publish'
on:
push:
branches:
- release-test
jobs:
extract-versions:
uses: ./.github/workflows/get-versions.yaml
create-draft-release:
needs: extract-versions
runs-on: ubuntu-latest
outputs:
release_id: ${{ steps.create_release.outputs.id }}
steps:
- uses: actions/checkout@v4
- uses: actions/setup-node@v4
with:
node-version: '18'
- name: Create Draft Release
id: create_release
uses: ncipollo/release-action@v1
with:
tag: v${{ needs.extract-versions.outputs.version }}
commit: ${{ github.sha }}
name: v${{ needs.extract-versions.outputs.version }} (Holochain v${{ needs.extract-versions.outputs.holochain_version }})
draft: true
generateReleaseNotes: true
omitBodyDuringUpdate: true
allowUpdates: true
publish:
needs: [extract-versions, create-draft-release]
strategy:
fail-fast: false
matrix:
platform: [windows-2019, macos-12, macos-latest, ubuntu-22.04]
# platform: [ubuntu-22.04, macos-12]
# platform: [windows-2019]
env:
MACOSX_DEPLOYMENT_TARGET: 10.13
permissions:
contents: write
runs-on: ${{ matrix.platform }}
steps:
- uses: actions/checkout@v4
- name: Setup for macOS code signing
if: matrix.platform == 'macos-12' || matrix.platform == 'macos-latest'
uses: matthme/import-codesign-certs@5565bb656f60c98c8fc515f3444dd8db73545dc2
with:
p12-file-base64: ${{ secrets.APPLE_CERTIFICATE }}
p12-password: ${{ secrets.APPLE_CERTIFICATE_PASSWORD }}
- name: setup node
uses: actions/setup-node@v4
with:
node-version: 18
- name: Retrieve version
run: |
echo "Retrieved App version: $(node -p -e "require('./package.json').version")"
echo "APP_VERSION=$(node -p -e "require('./package.json').version")" >> $GITHUB_OUTPUT
id: version
shell: bash
- name: install Rust stable
uses: actions-rs/toolchain@v1
with:
override: true
toolchain: stable
- name: install Go stable
uses: actions/setup-go@v4
with:
go-version: 'stable'
- name: Cache rust-utils build
id: cache-rust-utils
uses: actions/cache@v4
with:
path: rust-utils/dist
key: ${{ matrix.platform }}-rust-utils-${{ needs.extract-versions.outputs.rust_utils_version }}
- name: Conditionally Setup rust-utils
if: steps.cache-rust-utils.outputs.cache-hit != 'true'
run: yarn build:rust-utils
- name: build and install libs and dependencies
run: yarn build:libs
- name: Download default apps and binaries
run: |
mkdir resources/default-apps
yarn fetch:apps-and-binaries
- name: build and upload the app (macOS arm64)
if: matrix.platform == 'macos-latest'
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
APPLE_DEV_IDENTITY: ${{ secrets.APPLE_SIGNING_IDENTITY }}
APPLE_ID_EMAIL: ${{ secrets.APPLE_ID }}
APPLE_ID_PASSWORD: ${{ secrets.APPLE_PASSWORD }}
APPLE_TEAM_ID: ${{ secrets.APPLE_TEAM_ID }}
DEBUG: electron-osx-sign*,electron-notarize*
run: |
yarn build:mac-arm64
ls dist
- name: build and upload the app (macOS x64)
if: matrix.platform == 'macos-12'
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
APPLE_DEV_IDENTITY: ${{ secrets.APPLE_SIGNING_IDENTITY }}
APPLE_ID_EMAIL: ${{ secrets.APPLE_ID }}
APPLE_ID_PASSWORD: ${{ secrets.APPLE_PASSWORD }}
APPLE_TEAM_ID: ${{ secrets.APPLE_TEAM_ID }}
DEBUG: electron-osx-sign*,electron-notarize*
run: |
yarn build:mac-x64
ls dist
- name: build and upload the app (Linux)
if: matrix.platform == 'ubuntu-22.04'
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: |
yarn build:linux
ls dist
# Modify the postinst script of the .deb file
node ./scripts/extend-deb-postinst.mjs
gh release upload "v${{ steps.version.outputs.APP_VERSION }}" "latest-linux.yml" --clobber
gh release upload "v${{ steps.version.outputs.APP_VERSION }}" "dist/holochain-launcher-0.4_${{ steps.version.outputs.APP_VERSION }}_amd64.deb" --clobber
- name: build, sign and upload the app (Windows)
if: matrix.platform == 'windows-2019'
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: |
yarn build:win
ls dist
dotnet tool install --global --version 4.0.1 AzureSignTool
echo "sha512 before code signing"
CertUtil -hashfile "dist/holochain-launcher-0.4-${{ steps.version.outputs.APP_VERSION }}-setup.exe" SHA512
AzureSignTool sign -kvu "${{ secrets.AZURE_KEY_VAULT_URI }}" -kvi "${{ secrets.AZURE_CLIENT_ID }}" -kvt "${{ secrets.AZURE_TENANT_ID }}" -kvs "${{ secrets.AZURE_CLIENT_SECRET }}" -kvc ${{ secrets.AZURE_CERT_NAME }} -tr http://timestamp.digicert.com -v "dist/holochain-launcher-0.4-${{ steps.version.outputs.APP_VERSION }}-setup.exe"
echo "sha512 after code signing"
CertUtil -hashfile "dist/holochain-launcher-0.4-${{ steps.version.outputs.APP_VERSION }}-setup.exe" SHA512
# Overwrite the latest.yml with one containing the sha512 of the code signed setup.exe file
node ./scripts/latest-yaml.js
gh release upload "v${{ steps.version.outputs.APP_VERSION }}" "latest.yml" --clobber
# Overwrite the setup.exe file with the code signed one
gh release upload "v${{ steps.version.outputs.APP_VERSION }}" "dist/holochain-launcher-0.4-${{ steps.version.outputs.APP_VERSION }}-setup.exe" --clobber
- name: Merge latest-mac.yml mac release files
if: matrix.platform == 'macos-latest' || matrix.platform == 'macos-12'
run: |
node ./scripts/merge-mac-yamls.mjs
env:
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
# mark-as-prerelease:
# needs: [publish, create-draft-release]
# runs-on: ubuntu-latest
# steps:
# - uses: actions/checkout@v4
# - uses: actions/setup-node@v4
# with:
# node-version: '18'
# - name: Mark release as pre-release
# run: |
# curl \
# -X PATCH \
# -H "Accept: application/vnd.github.v3+json" \
# -H "Authorization: token ${{ secrets.GITHUB_TOKEN }}" \
# https://api.github.com/repos/${{ github.repository }}/releases/${{ needs.create-draft-release.outputs.release_id }} \
# -d '{
# "prerelease": true,
# "draft": false
# }'