chore(deps): update dependency electron-updater to v6 [security] #5616
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: main | |
on: | |
push: | |
branches: | |
- "**" | |
env: | |
NEXT_TELEMETRY_DISABLED: 1 # https://nextjs.org/telemetry | |
jobs: | |
build_website: | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v3 | |
- uses: ./.github/actions/dependencies | |
- name: Build home | |
run: | | |
pnpm build home | |
- name: Build editor playground | |
run: | | |
pnpm build playground | |
- name: Upload dist (home) | |
uses: actions/upload-artifact@v3 | |
with: | |
name: home_dist | |
path: ./packages/home/dist | |
- name: Upload dist (editor playground) | |
uses: actions/upload-artifact@v3 | |
with: | |
name: editor_playground_dist | |
path: ./packages/playground/dist | |
build_package: | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v3 | |
- uses: ./.github/actions/dependencies | |
- name: Build packages | |
run: | | |
pnpm build electron-renderer electron-main electron-preload common editor | |
build_electron: | |
runs-on: macos-latest | |
concurrency: ${{ github.workflow }}-${{ github.ref }}-${{ matrix.electron_build_target }} | |
needs: | |
- create_github_release | |
strategy: | |
matrix: | |
electron_build_target: | |
- win | |
- mac | |
- linux | |
steps: | |
- uses: actions/checkout@v3 | |
- uses: ./.github/actions/dependencies | |
- name: Build dependencies | |
run: | | |
pnpm build electron^... | |
- name: Build electron and upload to GitHub release if necessary | |
run: > | |
cd packages/electron; | |
( echo "==== Attempt: 1 ====" && pnpm build:${{ matrix.electron_build_target }} ) || | |
( echo "==== Attempt: 2 ====" && pnpm build:${{ matrix.electron_build_target }} ) || | |
( echo "==== Attempt: 3 ====" && pnpm build:${{ matrix.electron_build_target }} ) || | |
( echo "====== Failed ======" && exit 1 ) | |
env: | |
ELECTRON_APPLE_ID_NAME: ${{ secrets.ELECTRON_APPLE_ID_NAME }} | |
ELECTRON_APPLE_ID: ${{ secrets.ELECTRON_APPLE_ID }} | |
ELECTRON_APPLE_ID_PASSWORD: ${{ secrets.ELECTRON_APPLE_ID_PASSWORD }} | |
CSC_LINK: ${{ secrets.ELECTRON_MAC_P12_BASE64 }} | |
CSC_KEY_PASSWORD: ${{ secrets.ELECTRON_MAC_P12_PASSWORD }} | |
GH_TOKEN: ${{ secrets.RELEASE_PLEASE_GITHUB_TOKEN }} | |
test: | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v3 | |
- uses: ./.github/actions/dependencies | |
- name: Run vitest | |
# Sets the max memory size of V8's old memory section as 7680 (7.5GB) | |
run: | | |
export NODE_OPTIONS="--max-old-space-size=7680" | |
pnpm test:coverage | |
- name: Commit changed files | |
if: ${{ github.ref_name != 'master' && always() }} | |
run: | | |
git config --local user.email "github-actions[bot]@users.noreply.github.com" | |
git config --local user.name "github-actions[bot]" | |
git add . | |
git commit -m "chore: upload changed files during CI" || true | |
- name: Run visual tests | |
if: ${{ github.ref_name != 'master' && always() }} | |
run: | | |
cd packages/playground | |
pnpm test:vitest:visual | |
- name: Push changed files | |
if: ${{ github.ref_name != 'master' && always() }} | |
run: | | |
git add . | |
git commit -m "chore: upload changed files during CI" || true | |
git push || true | |
- name: Upload coverage information to codecov | |
uses: codecov/codecov-action@v3 | |
with: | |
file: ./coverage/coverage-final.json | |
fail_ci_if_error: false # Specify if CI pipeline should fail when Codecov runs into errors during upload. Defaults to false | |
lint: | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v3 | |
- uses: ./.github/actions/dependencies | |
- name: Lint | |
run: pnpm lint . | |
- name: Check typescript types | |
run: pnpm typecheck | |
preview: # Preview deployment | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v3 | |
- uses: ./.github/actions/dependencies | |
- name: Build home | |
run: | | |
pnpm build home | |
- name: Build editor playground | |
run: | | |
pnpm build playground | |
- id: step_branch | |
name: Get the branch name | |
run: | | |
echo "::set-output name=branch::$(node scripts/slugify-branch.js)" | |
- id: step_vercel_home | |
name: Deploy @rino.app/home to Vercel | |
# Vercel only allows a free account to deploy 100 times every day so this step could fail | |
continue-on-error: true | |
timeout-minutes: 10 | |
uses: amondnet/vercel-action@v25 | |
with: | |
github-comment: false | |
vercel-token: ${{ secrets.VERCEL_TOKEN }} | |
github-token: ${{ secrets.GITHUB_TOKEN }} | |
vercel-org-id: ${{ secrets.VERCEL_ORG_ID }} | |
vercel-project-id: ${{ secrets.VERCEL_PROJECT_ID_HOME }} | |
alias-domains: rino-home-${{ steps.step_branch.outputs.branch }}.ocavue.vercel.app | |
vercel-args: --meta TYPE=PREVIEW | |
working-directory: ./packages/home/dist/ | |
- id: step_vercel_playground | |
name: Deploy @rino.app/playground to Vercel | |
continue-on-error: true | |
timeout-minutes: 10 | |
uses: amondnet/vercel-action@v25 | |
with: | |
github-comment: false | |
vercel-token: ${{ secrets.VERCEL_TOKEN }} | |
github-token: ${{ secrets.GITHUB_TOKEN }} | |
vercel-org-id: ${{ secrets.VERCEL_ORG_ID }} | |
vercel-project-id: ${{ secrets.VERCEL_PROJECT_ID_EDITOR }} | |
alias-domains: rino-editor-${{ steps.step_branch.outputs.branch }}.ocavue.vercel.app | |
vercel-args: --meta TYPE=PREVIEW | |
working-directory: ./packages/playground/dist/ | |
- id: step_find_pr | |
uses: jwalton/gh-find-current-pr@v1 | |
with: | |
github-token: ${{ secrets.GITHUB_TOKEN }} | |
continue-on-error: true | |
- uses: marocchino/sticky-pull-request-comment@v2 | |
if: ${{ steps.step_find_pr.outcome == 'success' }} | |
with: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
number: ${{ steps.step_find_pr.outputs.pr }} | |
message: | | |
## Preview Deployment ${{ github.sha }}: | |
### Home | |
- Status: ***${{ steps.step_vercel_home.outcome }}*** | |
- URL: https://rino-home-${{ steps.step_branch.outputs.branch }}.ocavue.vercel.app | |
### Editor playground | |
- Status: ***${{ steps.step_vercel_playground.outcome }}*** | |
- URL: https://rino-editor-${{ steps.step_branch.outputs.branch }}.ocavue.vercel.app | |
- name: Generate configrations for Lighthouse CI | |
run: node scripts/generate-lighthouserc.js | |
if: steps.step_vercel_home.outcome == 'success' | |
- name: Run lighthouse | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
LHCI_GITHUB_APP_TOKEN: ${{ secrets.LHCI_GITHUB_APP_TOKEN }} # Install this GitHub App and get the token: https://github.com/apps/lighthouse-ci | |
run: | | |
export PATH="$PATH:$PWD/packages/rig/node_modules/.bin" | |
lhci autorun --config .lighthouserc.home.json | |
if: steps.step_vercel_home.outcome == 'success' | |
create_github_release: | |
runs-on: ubuntu-latest | |
concurrency: global_concurrency_release | |
needs: | |
- test | |
steps: | |
- uses: actions/checkout@v3 | |
- name: Get current electron app version | |
run: | | |
RINO_APP_VERSION="v$(cat packages/electron/package.json | jq '.version' --join-output)" | |
echo "Current app version is $RINO_APP_VERSION" | |
echo "RINO_APP_VERSION=$RINO_APP_VERSION" >> $GITHUB_ENV | |
- name: Prepare GitHub release note | |
run: | | |
echo "$RINO_RELEASE_NOTE" > /tmp/rino-release-notes.md | |
env: | |
RINO_RELEASE_NOTE: | | |
This is a release for the desktop app. | |
Please refer to [CHANGELOG.md](https://github.com/ocavue/rino/blob/${{ env.RINO_APP_VERSION }}/packages/electron/CHANGELOG.md) for details. | |
- name: Print GitHub release note | |
run: | | |
cat /tmp/rino-release-notes.md | |
- name: Create GitHub release | |
if: ${{ github.ref == 'refs/heads/changeset-release/master' || github.ref == 'refs/heads/master' }} | |
# Create a draft release if not exists | |
run: | | |
gh release view "${RINO_APP_VERSION}" || gh release create "${RINO_APP_VERSION}" --title "${RINO_APP_VERSION}" --draft --notes-file /tmp/rino-release-notes.md | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
release: | |
runs-on: ubuntu-latest | |
concurrency: global_concurrency_release | |
needs: | |
- build_website | |
- build_package | |
- build_electron | |
- test | |
- lint | |
- preview | |
if: github.ref == 'refs/heads/master' | |
steps: | |
- uses: actions/checkout@v3 | |
with: | |
token: ${{ secrets.RELEASE_PLEASE_GITHUB_TOKEN }} | |
- uses: ./.github/actions/dependencies | |
- id: step_changeset | |
name: Create Release Pull Request or Publish to npm | |
uses: changesets/action@v1 | |
with: | |
version: pnpm ci:version | |
publish: pnpm ci:publish | |
commit: "chore: version packages" | |
title: "chore: version packages" | |
createGithubReleases: false | |
env: | |
GITHUB_TOKEN: ${{ secrets.RELEASE_PLEASE_GITHUB_TOKEN }} | |
NPM_TOKEN: ${{ secrets.NPM_TOKEN }} | |
outputs: | |
published: ${{ steps.step_changeset.outputs.published }} | |
deploy: # Production deployment | |
runs-on: ubuntu-latest | |
concurrency: global_concurrency_release | |
needs: | |
# make sure that `deploy` only depends on `release` because we don't want `deploy` to skip if `release` succeeded. | |
- release | |
steps: | |
- uses: actions/checkout@v3 | |
- name: Download dist (home) | |
uses: actions/download-artifact@v3 | |
with: | |
name: home_dist | |
path: ./packages/home/dist | |
- name: Download dist (playground) | |
uses: actions/download-artifact@v3 | |
with: | |
name: editor_playground_dist | |
path: ./packages/playground/dist | |
- id: step_vercel_home | |
name: Deploy @rino.app/home to Vercel | |
timeout-minutes: 10 | |
uses: amondnet/vercel-action@v25 | |
with: | |
github-comment: false | |
vercel-token: ${{ secrets.VERCEL_TOKEN }} | |
github-token: ${{ secrets.GITHUB_TOKEN }} | |
vercel-org-id: ${{ secrets.VERCEL_ORG_ID }} | |
vercel-project-id: ${{ secrets.VERCEL_PROJECT_ID_HOME }} | |
alias-domains: rino-home-master.ocavue.vercel.app | |
vercel-args: --prod --meta TYPE=PRODUCTION | |
working-directory: ./packages/home/dist/ | |
- id: step_vercel_playground | |
name: Deploy @rino.app/playground to Vercel | |
timeout-minutes: 10 | |
uses: amondnet/vercel-action@v25 | |
with: | |
github-comment: false | |
vercel-token: ${{ secrets.VERCEL_TOKEN }} | |
github-token: ${{ secrets.GITHUB_TOKEN }} | |
vercel-org-id: ${{ secrets.VERCEL_ORG_ID }} | |
vercel-project-id: ${{ secrets.VERCEL_PROJECT_ID_EDITOR }} | |
alias-domains: rino-editor-master.ocavue.vercel.app | |
vercel-args: --prod --meta TYPE=PRODUCTION | |
working-directory: ./packages/playground/dist/ |