diff --git a/.github/workflows/build-and-test.yml b/.github/workflows/build-and-test.yml index a09ce209a..fbaa732eb 100644 --- a/.github/workflows/build-and-test.yml +++ b/.github/workflows/build-and-test.yml @@ -344,7 +344,18 @@ jobs: yarn config set network-timeout 600000 -g yarn install - - name: Build Workbench + - name: Authenticate GCP + if: github.event_name != 'pull_request' + uses: google-github-actions/auth@v0 + with: + credentials_json: ${{ secrets.GOOGLE_SERVICE_ACC_KEY }} + + - name: Set up GCP + if: github.event_name != 'pull_request' + uses: google-github-actions/setup-gcloud@v0 + + - name: Build Workbench (PRs) + if: github.event_name == 'pull_request' working-directory: workbench env: GH_TOKEN: env.GITHUB_TOKEN @@ -354,19 +365,35 @@ jobs: yarn run build yarn run dist - - name: Test electron app with puppeteer + - name: Build Workbench (macOS) + if: github.event_name != 'pull_request' && matrix.os == 'macos-latest' # secrets not available in PR working-directory: workbench - run: npx cross-env CI=true yarn run test-electron-app + env: + GH_TOKEN: env.GITHUB_TOKEN + DEBUG: electron-builder + CSC_LINK: 2025-01-16-Expiry-AppStore-App.p12 + CSC_KEY_PASSWORD: ${{ secrets.MACOS_CODESIGN_CERT_PASS }} + run: | + gsutil cp gs://stanford_cert/$CSC_LINK $CSC_LINK + yarn run build + yarn run dist - - name: Authenticate GCP - if: github.event_name != 'pull_request' - uses: google-github-actions/auth@v0 - with: - credentials_json: ${{ secrets.GOOGLE_SERVICE_ACC_KEY }} + - name: Build Workbench (Windows) + if: github.event_name != 'pull_request' && matrix.os == 'windows-latest' # secrets not available in PR + working-directory: workbench + env: + GH_TOKEN: env.GITHUB_TOKEN + DEBUG: electron-builder + CSC_LINK: Stanford-natcap-code-signing-cert-expires-2024-01-26.p12 + CSC_KEY_PASSWORD: ${{ secrets.WINDOWS_CODESIGN_CERT_PASS }} + run: | + gsutil cp gs://stanford_cert/$CSC_LINK $CSC_LINK + yarn run build + yarn run dist - - name: Set up GCP - if: github.event_name != 'pull_request' - uses: google-github-actions/setup-gcloud@v0 + - name: Test electron app with puppeteer + working-directory: workbench + run: npx cross-env CI=true yarn run test-electron-app - name: Sign binaries (macOS) if: github.event_name != 'pull_request' && matrix.os == 'macos-latest' # secrets not available in PR diff --git a/HISTORY.rst b/HISTORY.rst index cf53c83cf..c686d8732 100644 --- a/HISTORY.rst +++ b/HISTORY.rst @@ -52,6 +52,8 @@ Unreleased Changes * Fixed a bug where sampledata downloads failed silently (and progress bar became innacurate) if the Workbench did not have write permission to the download location. https://github.com/natcap/invest/issues/1070 + * The workbench app is now distributed with a valid code signature + (`#727 `_) * Changing the language setting will now cause the app to relaunch (`#1168 `_), * Forest Carbon diff --git a/workbench/electron-builder-config.js b/workbench/electron-builder-config.js index 188d7540b..3f857f1a7 100644 --- a/workbench/electron-builder-config.js +++ b/workbench/electron-builder-config.js @@ -43,11 +43,11 @@ const config = { from: 'resources/storage_token.txt', to: 'storage_token.txt', }, + { + from: '../LICENSE.txt', + to: 'LICENSE.InVEST.txt', + }, ], - extraFiles: [{ - from: '../LICENSE.txt', - to: 'LICENSE.InVEST.txt', - }], appId: APP_ID, productName: PRODUCT_NAME, artifactName: ARTIFACT_NAME,