Update release-ci.yml #36
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Aesir Release Pipeline | |
on: | |
push: | |
branches: | |
- master | |
tags: | |
- '*' | |
jobs: | |
create-release: | |
name: Create GitHub Release | |
runs-on: ubuntu-latest | |
outputs: | |
upload_url: ${{steps.create_release.outputs.upload_url}} | |
if: startsWith(github.ref, 'refs/tags/') | |
steps: | |
- name: Create Release | |
id: create_release | |
uses: actions/create-release@v1 | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
with: | |
tag_name: ${{ github.ref }} | |
release_name: Release ${{ github.ref }} | |
draft: false | |
prerelease: false | |
build: | |
name: "Build: ${{ matrix.config.name }} / ${{ matrix.config.platform }}" | |
runs-on: ${{ matrix.config.os }} | |
needs: [create-release] | |
strategy: | |
fail-fast: true | |
matrix: | |
config: | |
- { | |
name: "Windows Latest", | |
os: windows-latest, | |
platform: x64 | |
} | |
- { | |
name: "Ubuntu Latest", | |
os: ubuntu-latest, | |
platform: x64 | |
} | |
- { | |
name: "macOS-x64", | |
os: macos-latest, | |
platform: x64 | |
} | |
- { | |
name: "macOS arm64", | |
os: macos-latest, | |
platform: arm64 | |
} | |
env: | |
PLATFORM: ${{ matrix.config.platform }} | |
VERSION: ${{ github.ref_name }} # This extracts the tag name | |
steps: | |
- name: Check out Git repository | |
uses: actions/checkout@v1 | |
- name: Install Node.js, NPM and Yarn | |
uses: actions/setup-node@v1 | |
with: | |
node-version: 18.13.0 | |
- name: Install python-setuptools on macOS | |
if: matrix.config.os == 'macos-11' || matrix.config.os == 'macos-latest' | |
run: brew install python-setuptools | |
- name: Install snap on Linux | |
if: matrix.config.os == 'ubuntu-latest' | |
run: sudo snap install snapcraft --classic | |
- name: Install the Apple certificate and provisioning profile | |
if: matrix.config.os == 'macos-latest' | |
env: | |
BUILD_CERTIFICATE_BASE64: ${{ secrets.BUILD_CERTIFICATE_BASE64 }} | |
P12_PASSWORD: ${{ secrets.P12_PASSWORD }} | |
BUILD_PROVISION_PROFILE_BASE64: ${{ secrets.BUILD_PROVISION_PROFILE_BASE64 }} | |
KEYCHAIN_PASSWORD: ${{ secrets.KEYCHAIN_PASSWORD }} | |
run: | | |
CERTIFICATE_PATH=$RUNNER_TEMP/build_certificate.p12 | |
PP_PATH=$RUNNER_TEMP/61be0696-8d71-4a17-8f96-53c50b8c6fdd.provisionprofile | |
KEYCHAIN_PATH=$RUNNER_TEMP/app-signing.keychain-db | |
# Import certificate and provisioning profile from secrets | |
echo -n "$BUILD_CERTIFICATE_BASE64" | base64 --decode -o $CERTIFICATE_PATH | |
echo -n "$BUILD_PROVISION_PROFILE_BASE64" | base64 --decode -o $PP_PATH | |
# Create temporary keychain | |
security create-keychain -p "$KEYCHAIN_PASSWORD" $KEYCHAIN_PATH | |
security set-keychain-settings -lut 21600 $KEYCHAIN_PATH | |
security unlock-keychain -p "$KEYCHAIN_PASSWORD" $KEYCHAIN_PATH | |
# Import certificate to keychain | |
security import $CERTIFICATE_PATH -P "$P12_PASSWORD" -A -t cert -f pkcs12 -k $KEYCHAIN_PATH | |
security set-key-partition-list -S apple-tool:,apple: -k "$KEYCHAIN_PASSWORD" $KEYCHAIN_PATH | |
security list-keychain -d user -s $KEYCHAIN_PATH | |
# Apply provisioning profile | |
mkdir -p ~/Library/Developer/Xcode/UserData/Provisioning\ Profiles | |
cp $PP_PATH ~/Library/Developer/Xcode/UserData/Provisioning\ Profiles | |
mkdir -p ~/Library/MobileDevice/Provisioning\ Profiles | |
cp $PP_PATH ~/Library/MobileDevice/Provisioning\ Profiles | |
cp $PP_PATH . | |
cp $PP_PATH bin/ | |
ls | |
ls bin | |
security find-identity -p codesigning -v | |
- name: Install dependencies | |
run: npm install --quiet | |
- name: Build ${{ matrix.config.name }} | |
if: matrix.config.os == 'windows-latest' | |
run: npm run build:win-x64 | |
- name: Build ${{ matrix.config.name }} | |
if: matrix.config.os == 'ubuntu-latest' | |
run: npm run build:linux-$PLATFORM | |
- name: Build ${{ matrix.config.name }} | |
if: matrix.config.os == 'macos-latest' | |
run: npm run build:mac-$PLATFORM | |
- name: Check artifacts --DEBUG-- | |
run: ls dist | |
- name: Sign the macOS Application | |
if: matrix.config.os == 'macos-latest' | |
run: | | |
codesign --deep --force --verify --verbose --sign "$SIGNING_IDENTITY" dist/Aesir-${{ env.VERSION }}.dmg | |
env: | |
SIGNING_IDENTITY: ${{ secrets.SIGNING_IDENTITY }} | |
- name: Check macOS signature | |
if: matrix.config.os == 'macos-latest' | |
run: codesign -vvv --deep --strict dist/Aesir-${{ env.VERSION }}.dmg | |
- name: Notarize macOS App | |
if: matrix.config.os == 'macos-latest' | |
run: xcrun notarytool submit --apple-id "$APPLE_ID" --team-id "$TEAM_ID" --password "$APP_SPECIFIC_PASSWORD" --wait dist/Aesir-${{ env.VERSION }}.dmg | |
env: | |
APPLE_ID: ${{ secrets.APPLE_ID }} | |
TEAM_ID: ${{ secrets.TEAM_ID }} | |
APP_SPECIFIC_PASSWORD: ${{ secrets.APP_SPECIFIC_PASSWORD }} | |
- name: Staple Notarization | |
if: matrix.config.os == 'macos-latest' | |
run: xcrun stapler staple dist/Aesir-${{ env.VERSION }}.dmg | |
- name: Upload Release Asset Ubuntu | |
if: matrix.config.os == 'ubuntu-latest' | |
uses: actions/upload-release-asset@v1 | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
with: | |
upload_url: ${{ needs.create-release.outputs.upload_url }} | |
asset_path: dist/Aesir_${{ env.VERSION }}_amd64.deb | |
asset_name: Aesir_${{ env.VERSION }}_amd64.deb | |
asset_content_type: application/octet-stream | |
- name: Upload Release Asset macOS x64 | |
if: matrix.config.os == 'macos-latest' && matrix.config.platform == 'x64' | |
uses: actions/upload-release-asset@v1 | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
with: | |
upload_url: ${{ needs.create-release.outputs.upload_url }} | |
asset_path: dist/Aesir-${{ env.VERSION }}.dmg | |
asset_name: Aesir_${{ env.VERSION }}_x64.dmg | |
asset_content_type: application/octet-stream | |
- name: Upload Release Asset macOS arm64 | |
if: matrix.config.os == 'macos-latest' && matrix.config.platform == 'arm64' | |
uses: actions/upload-release-asset@v1 | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
with: | |
upload_url: ${{ needs.create-release.outputs.upload_url }} | |
asset_path: dist/Aesir-${{ env.VERSION }}-arm64.dmg | |
asset_name: Aesir_${{ env.VERSION }}_arm64.dmg | |
asset_content_type: application/octet-stream | |
- name: Upload Release Asset Windows | |
if: matrix.config.os == 'windows-latest' | |
uses: actions/upload-release-asset@v1 | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
with: | |
upload_url: ${{ needs.create-release.outputs.upload_url }} | |
asset_path: dist/Aesir Setup ${{ env.VERSION }}.exe | |
asset_name: Aesir_Setup_${{ env.VERSION }}.exe | |
asset_content_type: application/x-msdownload |