Update release-ci.yml #8
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Aesir Release Pipeline | |
| on: | |
| push: | |
| branches: | |
| - master | |
| tags: | |
| - '*' | |
| jobs: | |
| create-release: | |
| name: Create GitHub Release | |
| runs-on: ubuntu-latest | |
| outputs: | |
| upload_url: ${{steps.create_release.outputs.upload_url}} | |
| if: startsWith(github.ref, 'refs/tags/') | |
| steps: | |
| - name: Create Release | |
| id: create_release | |
| uses: actions/create-release@v1 | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| with: | |
| tag_name: ${{ github.ref }} | |
| release_name: Release ${{ github.ref }} | |
| draft: false | |
| prerelease: false | |
| build: | |
| name: "Build: ${{ matrix.config.name }} / ${{ matrix.config.platform }}" | |
| runs-on: ${{ matrix.config.os }} | |
| needs: [create-release] | |
| strategy: | |
| fail-fast: true | |
| matrix: | |
| config: | |
| - { | |
| name: "Windows Latest", | |
| os: windows-latest, | |
| platform: x64 | |
| } | |
| - { | |
| name: "Ubuntu Latest", | |
| os: ubuntu-latest, | |
| platform: x64 | |
| } | |
| - { | |
| name: "macOS-x64", | |
| os: macos-latest, | |
| platform: x64 | |
| } | |
| - { | |
| name: "macOS arm64", | |
| os: macos-latest, | |
| platform: arm64 | |
| } | |
| env: | |
| PLATFORM: ${{ matrix.config.platform }} | |
| VERSION: ${{ github.ref_name }} # This extracts the tag name | |
| steps: | |
| - name: Check out Git repository | |
| uses: actions/checkout@v1 | |
| - name: Install Node.js, NPM and Yarn | |
| uses: actions/setup-node@v1 | |
| with: | |
| node-version: 18.13.0 | |
| - name: Install python-setuptools on macOS | |
| if: matrix.config.os == 'macos-11' || matrix.config.os == 'macos-latest' | |
| run: brew install python-setuptools | |
| - name: Install snap on Linux | |
| if: matrix.config.os == 'ubuntu-latest' | |
| run: sudo snap install snapcraft --classic | |
| - name: Install the Apple certificate and provisioning profile | |
| if: matrix.config.os == 'macos-latest' | |
| env: | |
| BUILD_CERTIFICATE_BASE64: ${{ secrets.BUILD_CERTIFICATE_BASE64 }} | |
| P12_PASSWORD: ${{ secrets.P12_PASSWORD }} | |
| BUILD_PROVISION_PROFILE_BASE64: ${{ secrets.BUILD_PROVISION_PROFILE_BASE64 }} | |
| KEYCHAIN_PASSWORD: ${{ secrets.KEYCHAIN_PASSWORD }} | |
| run: | | |
| CERTIFICATE_PATH=$RUNNER_TEMP/build_certificate.p12 | |
| PP_PATH=$RUNNER_TEMP/build_pp.mobileprovision | |
| KEYCHAIN_PATH=$RUNNER_TEMP/app-signing.keychain-db | |
| # Import certificate and provisioning profile from secrets | |
| echo -n "$BUILD_CERTIFICATE_BASE64" | base64 --decode -o $CERTIFICATE_PATH | |
| echo -n "$BUILD_PROVISION_PROFILE_BASE64" | base64 --decode -o $PP_PATH | |
| # Create temporary keychain | |
| security create-keychain -p "$KEYCHAIN_PASSWORD" $KEYCHAIN_PATH | |
| security set-keychain-settings -lut 21600 $KEYCHAIN_PATH | |
| security unlock-keychain -p "$KEYCHAIN_PASSWORD" $KEYCHAIN_PATH | |
| # Import certificate to keychain | |
| security import $CERTIFICATE_PATH -P "$P12_PASSWORD" -A -t cert -f pkcs12 -k $KEYCHAIN_PATH | |
| security set-key-partition-list -S apple-tool:,apple: -k "$KEYCHAIN_PASSWORD" $KEYCHAIN_PATH | |
| security list-keychain -d user -s $KEYCHAIN_PATH | |
| # Apply provisioning profile | |
| mkdir -p ~/Library/MobileDevice/Provisioning\ Profiles | |
| cp $PP_PATH ~/Library/MobileDevice/Provisioning\ Profiles | |
| - name: Install dependencies | |
| run: npm install --quiet | |
| - name: Build ${{ matrix.config.name }} | |
| if: matrix.config.os == 'windows-latest' | |
| run: npm run build:win-x64 | |
| - name: Build ${{ matrix.config.name }} | |
| if: matrix.config.os == 'ubuntu-latest' | |
| run: npm run build:linux-$PLATFORM | |
| - name: Build ${{ matrix.config.name }} | |
| if: matrix.config.os == 'macos-latest' | |
| run: npm run build:mac-$PLATFORM | |
| - name: Sign the macOS Application | |
| if: matrix.config.os == 'macos-latest' | |
| run: | | |
| codesign --deep --force --verify --verbose \ | |
| --sign "$SIGNING_IDENTITY" dist/Aesir-${{ env.VERSION }}.dmg | |
| env: | |
| SIGNING_IDENTITY: ${{ secrets.SIGNING_IDENTITY }} | |
| - name: Notarize macOS App | |
| if: matrix.config.os == 'macos-latest' | |
| run: xcrun notarytool --notarize-app --primary-bundle-id "org.kryptokrona.aesir" --apple-id "$APPLE_ID" --team-id "$TEAM_ID" --password "$APP_SPECIFIC_PASSWORD" --file dist/Aesir-${{ env.VERSION }}.dmg --wait | |
| env: | |
| APPLE_ID: ${{ secrets.APPLE_ID }} | |
| TEAM_ID: ${{ secrets.TEAM_ID }} | |
| APP_SPECIFIC_PASSWORD: ${{ secrets.APP_SPECIFIC_PASSWORD }} | |
| - name: Staple Notarization | |
| if: matrix.config.os == 'macos-latest' | |
| run: xcrun stapler staple dist/Aesir-${{ env.VERSION }}.app | |
| - name: Check artifacts --DEBUG-- | |
| run: ls dist | |
| - name: Upload Release Asset Ubuntu | |
| if: matrix.config.os == 'ubuntu-latest' | |
| uses: actions/upload-release-asset@v1 | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| with: | |
| upload_url: ${{ needs.create-release.outputs.upload_url }} | |
| asset_path: dist/Aesir_${{ env.VERSION }}_amd64.deb | |
| asset_name: Aesir_${{ env.VERSION }}_amd64.deb | |
| asset_content_type: application/octet-stream | |
| - name: Upload Release Asset macOS x64 | |
| if: matrix.config.os == 'macos-latest' && matrix.config.platform == 'x64' | |
| uses: actions/upload-release-asset@v1 | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| with: | |
| upload_url: ${{ needs.create-release.outputs.upload_url }} | |
| asset_path: dist/Aesir-${{ env.VERSION }}.dmg | |
| asset_name: Aesir_${{ env.VERSION }}_x64.dmg | |
| asset_content_type: application/octet-stream | |
| - name: Upload Release Asset macOS arm64 | |
| if: matrix.config.os == 'macos-latest' && matrix.config.platform == 'arm64' | |
| uses: actions/upload-release-asset@v1 | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| with: | |
| upload_url: ${{ needs.create-release.outputs.upload_url }} | |
| asset_path: dist/Aesir-${{ env.VERSION }}-arm64.dmg | |
| asset_name: Aesir_${{ env.VERSION }}_arm64.dmg | |
| asset_content_type: application/octet-stream | |
| - name: Upload Release Asset Windows | |
| if: matrix.config.os == 'windows-latest' | |
| uses: actions/upload-release-asset@v1 | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| with: | |
| upload_url: ${{ needs.create-release.outputs.upload_url }} | |
| asset_path: dist/Aesir Setup ${{ env.VERSION }}.exe | |
| asset_name: Aesir_Setup_${{ env.VERSION }}.exe | |
| asset_content_type: application/x-msdownload |