mirror of
https://github.com/ivabus/gui
synced 2025-04-23 14:07:14 +03:00
285 lines
9.8 KiB
YAML
285 lines
9.8 KiB
YAML
name: build-sign-notarize
|
|
|
|
on:
|
|
workflow_call:
|
|
inputs:
|
|
platform:
|
|
required: true
|
|
type: string
|
|
s3-prefix:
|
|
required: true
|
|
type: string
|
|
debug:
|
|
required: true
|
|
type: string
|
|
sync-translation:
|
|
required: false
|
|
type: string
|
|
outputs:
|
|
s3-electron-dist-key:
|
|
description: 'The S3 build key includes the installer files: [zip, dmg, etc, yml] from electron'
|
|
value: ${{ jobs.build.outputs.s3-artifacts-key }}
|
|
s3-custom-notarized-installers-key:
|
|
description: 'The S3 build key includes the installer files: [zip, dmg, etc, yml] from notarization strategy done outside of electron'
|
|
value: ${{ jobs.notarize-mac-installers.outputs.s3-installers-key }}
|
|
jobs:
|
|
get-platform:
|
|
runs-on: ubuntu-latest
|
|
outputs:
|
|
os: ${{ steps.platform.outputs.os }}
|
|
cache-set: ${{ steps.platform.outputs.cache-set }}
|
|
steps:
|
|
- uses: teaxyz/brewkit/actions/get-platform@main
|
|
id: platform
|
|
with:
|
|
platform: ${{ inputs.platform }}
|
|
build:
|
|
needs: [get-platform]
|
|
runs-on: ${{ fromJson(needs.get-platform.outputs.os) }}
|
|
outputs:
|
|
s3-artifacts-key: ${{ steps.s3-artifact-uploader.outputs.key }}
|
|
steps:
|
|
- uses: teaxyz/setup@v0
|
|
with:
|
|
version: 0.26.2
|
|
- uses: actions/checkout@v3
|
|
|
|
- name: get gui version
|
|
id: gui-version
|
|
run: |
|
|
tea +stedolan.github.io/jq
|
|
export version=$(echo $(cat modules/desktop/package.json) | jq --raw-output .version)
|
|
export postfix=
|
|
release="release"
|
|
if [ $prefix == $release ];
|
|
then
|
|
echo "no postfix"
|
|
else
|
|
echo "dev"
|
|
export postfix=-dev
|
|
fi
|
|
echo "version=$version$postfix" >> $GITHUB_OUTPUT
|
|
env:
|
|
prefix: ${{ inputs.s3-prefix }}
|
|
|
|
- name: cache node_modules build
|
|
# TODO: cache issue in our self-hosted macos runner ESPIPE: invalid seek, read
|
|
# but its ok to ignore, its still the fastest builder
|
|
# NOTE: enabling cache in the self hosted runner slows down the pipeline by 4m because post-cache builder error ^
|
|
if: startsWith(inputs.platform, 'linux') || matrix.platform.name == 'darwin+x86-64'
|
|
uses: actions/cache@v3
|
|
with:
|
|
key: ${{ runner.os }}-pnpm
|
|
path: |
|
|
./pnpm
|
|
./.pnpm-store
|
|
./node_modules
|
|
./modules/desktop/node_modules
|
|
./modules/ui/node_modules
|
|
- name: cache electron build
|
|
uses: actions/cache@v3
|
|
with:
|
|
key: ${{ runner.os }}-electron
|
|
path: |
|
|
./modules/desktop/.svelte-kit
|
|
./modules/desktop/build
|
|
|
|
- name: build dev
|
|
if: inputs.s3-prefix != 'release'
|
|
run: tea -SE xc dist
|
|
env:
|
|
SYNC_I18N: 1
|
|
PUBLIC_MIXPANEL_TOKEN: ${{ secrets.MIXPANEL_PROJECT_TOKEN }}
|
|
DEBUG_BUILD: ${{ inputs.debug }}
|
|
PUBLIC_VERSION: ${{ steps.gui-version.outputs.version }}
|
|
USE_HARD_LINKS: false
|
|
CSC_FOR_PULL_REQUEST: true
|
|
CSC_LINK: ${{ secrets.GUI_APPLE_CERTIFICATE }}
|
|
CSC_KEY_PASSWORD: ${{ secrets.GUI_APPLE_CERTIFICATE_PASSWORD }}
|
|
CSC_NAME: ${{ secrets.APPLE_IDENTITY_NO_PREFIX }}
|
|
|
|
# slower build but dmg output is much nicer looking
|
|
- name: build release
|
|
if: inputs.s3-prefix == 'release'
|
|
run: tea -SE xc dist
|
|
env:
|
|
SYNC_I18N: 1
|
|
PUBLIC_MIXPANEL_TOKEN: ${{ secrets.MIXPANEL_PROJECT_TOKEN }}
|
|
DEBUG_BUILD: ${{ inputs.debug }}
|
|
PUBLIC_VERSION: ${{ steps.gui-version.outputs.version }}
|
|
USE_HARD_LINKS: false
|
|
CSC_FOR_PULL_REQUEST: true
|
|
CSC_LINK: ${{ secrets.GUI_APPLE_CERTIFICATE }}
|
|
CSC_KEY_PASSWORD: ${{ secrets.GUI_APPLE_CERTIFICATE_PASSWORD }}
|
|
CSC_NAME: ${{ secrets.APPLE_IDENTITY_NO_PREFIX }}
|
|
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
|
|
APPLE_ID: ${{ secrets.APPLE_ID }}
|
|
APPLE_APP_SPECIFIC_PASSWORD: ${{ secrets.APPLE_PASSWORD }}
|
|
|
|
- name: build artifacts for publishing and notarization
|
|
run: |
|
|
mkdir -p target
|
|
cp ./modules/desktop/dist/*.{zip,dmg,yml,blockmap} ./target/
|
|
tar -czvf artifacts.tgz -C ./target/ .
|
|
|
|
- uses: aws-actions/configure-aws-credentials@v1
|
|
with:
|
|
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
|
|
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
|
|
aws-region: us-east-1
|
|
|
|
- name: s3 artifact upload
|
|
id: s3-artifact-uploader
|
|
env:
|
|
prefix: ${{ inputs.s3-prefix }}
|
|
run: |
|
|
S3_KEY=s3://preview.gui.tea.xyz/$prefix/artifacts.tgz
|
|
aws s3 cp artifacts.tgz $S3_KEY
|
|
echo key=$S3_KEY >> $GITHUB_OUTPUT
|
|
|
|
- name: sync translation
|
|
if: inputs.sync-translation == '1'
|
|
run: |
|
|
cd modules/desktop && tea -SE node scripts/update-crowdin-source.cjs
|
|
env:
|
|
CROWDIN_API_TOKEN: ${{ secrets.CROWDIN_API_TOKEN }}
|
|
|
|
notarize-mac-installers:
|
|
if: inputs.s3-prefix != 'release'
|
|
# TODO: run only for mac, create separate Job for linux
|
|
needs: [get-platform, build]
|
|
runs-on: macos-11
|
|
outputs:
|
|
s3-installers-key: ${{ steps.s3-installers-upload.outputs.s3-key }}
|
|
strategy:
|
|
matrix:
|
|
platform:
|
|
# no need for x86-64
|
|
- darwin+aarch64
|
|
steps:
|
|
- uses: teaxyz/setup@v0
|
|
with:
|
|
version: 0.26.2
|
|
- uses: actions/checkout@v3
|
|
- run: rm -rf ./*.{dmg,zip} || true
|
|
|
|
- name: cache node_modules build
|
|
uses: actions/cache@v3
|
|
with:
|
|
key: darwin+x86-64-pnpm
|
|
path: |
|
|
./pnpm
|
|
./.pnpm-store
|
|
./node_modules
|
|
./modules/desktop/node_modules
|
|
./modules/ui/node_modules
|
|
- uses: aws-actions/configure-aws-credentials@v1
|
|
with:
|
|
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
|
|
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
|
|
aws-region: us-east-1
|
|
|
|
- name: s3 artifact download
|
|
env:
|
|
S3_KEY: ${{ needs.build.outputs.s3-artifacts-key }}
|
|
run: aws s3 cp $S3_KEY artifacts.tgz
|
|
|
|
# prepare folders
|
|
- run: mkdir dist
|
|
- run: tar xzf artifacts.tgz -C dist
|
|
|
|
- name: get .zip of arm64 and x86+64
|
|
id: app_files
|
|
working-directory: ./dist
|
|
run: |
|
|
ARM64_ZIP=$(ls | grep -Ev blockmap | grep arm64-mac.zip)
|
|
X86_ZIP=$(ls | grep -Ev blockmap | grep -Ev arm64 | grep mac.zip)
|
|
ARM64_DMG=$(ls | grep -Ev blockmap | grep arm64.dmg)
|
|
X86_DMG=$(ls | grep -Ev blockmap | grep -Ev arm64 | grep dmg)
|
|
echo zip_arm64=$ARM64_ZIP >> $GITHUB_OUTPUT
|
|
echo zip_x86=$X86_ZIP >> $GITHUB_OUTPUT
|
|
echo dmg_arm64=$ARM64_DMG >> $GITHUB_OUTPUT
|
|
echo dmg_x86=$X86_DMG >> $GITHUB_OUTPUT
|
|
|
|
# Notarize. Can take up to 10 minutes (and fail) asynchronously
|
|
# sometimes this might fail because exact the same zip has been uploaded already
|
|
- name: notarize .app arm64
|
|
run: xcrun altool --notarize-app --username "$APPLE_ID" --password "$APPLE_PASSWORD" --primary-bundle-id "com.tea.xyz" --file dist/$ZIP_FILE || true
|
|
env:
|
|
APPLE_ID: ${{ secrets.APPLE_ID }}
|
|
APPLE_PASSWORD: ${{ secrets.APPLE_PASSWORD }}
|
|
ZIP_FILE: ${{ steps.app_files.outputs.zip_arm64 }}
|
|
|
|
- name: notarize .app x86+64
|
|
run: xcrun altool --notarize-app --username "$APPLE_ID" --password "$APPLE_PASSWORD" --primary-bundle-id "com.tea.xyz" --file dist/$ZIP_FILE || true
|
|
env:
|
|
APPLE_ID: ${{ secrets.APPLE_ID }}
|
|
APPLE_PASSWORD: ${{ secrets.APPLE_PASSWORD }}
|
|
ZIP_FILE: ${{ steps.app_files.outputs.zip_x86 }}
|
|
|
|
# prepare for DMG creation
|
|
- name: prepare installer folders
|
|
run: |
|
|
mkdir x86_installer && mkdir arm64_installer
|
|
tar xzf dist/$ZIP_FILE_X86 -C x86_installer/
|
|
tar xzf dist/$ZIP_FILE_ARM64 -C arm64_installer/
|
|
env:
|
|
ZIP_FILE_X86: ${{ steps.app_files.outputs.zip_x86 }}
|
|
ZIP_FILE_ARM64: ${{ steps.app_files.outputs.zip_arm64 }}
|
|
|
|
- name: create x86 dmg
|
|
run: |
|
|
tea +github.com/create-dmg/create-dmg create-dmg \
|
|
--volname "Tea Installer" \
|
|
--window-pos 200 120 \
|
|
--window-size 800 400 \
|
|
--icon-size 100 \
|
|
--icon "tea.app" 200 190 \
|
|
--volicon "./modules/desktop/electron/mac-icon.icns" \
|
|
--hide-extension "tea.app" \
|
|
--app-drop-link 600 185 \
|
|
--sandbox-safe \
|
|
"$filename" \
|
|
"$installer_folder"
|
|
env:
|
|
filename: ${{ steps.app_files.outputs.dmg_x86 }}
|
|
installer_folder: x86_installer/
|
|
|
|
- name: create arm64 dmg
|
|
run: |
|
|
tea +github.com/create-dmg/create-dmg create-dmg \
|
|
--volname "Tea Installer" \
|
|
--window-pos 200 120 \
|
|
--window-size 800 400 \
|
|
--icon-size 100 \
|
|
--icon "tea.app" 200 190 \
|
|
--volicon "./modules/desktop/electron/mac-icon.icns" \
|
|
--hide-extension "tea.app" \
|
|
--app-drop-link 600 185 \
|
|
--sandbox-safe \
|
|
"$filename" \
|
|
"$installer_folder"
|
|
env:
|
|
filename: ${{ steps.app_files.outputs.dmg_arm64 }}
|
|
installer_folder: arm64_installer/
|
|
|
|
# finalize dist artifacts
|
|
- name: replace old DMG files in dist folder
|
|
run: |
|
|
mv $x86dmg dist
|
|
mv $arm64dmg dist
|
|
tea -E pnpm install
|
|
tea -E node .github/create-correct-release-yaml.js ./dist
|
|
tar -czvf dist.tgz -C dist/ .
|
|
env:
|
|
x86dmg: ${{ steps.app_files.outputs.dmg_x86 }}
|
|
arm64dmg: ${{ steps.app_files.outputs.dmg_arm64 }}
|
|
|
|
- name: s3 installers upload
|
|
id: s3-installers-upload
|
|
env:
|
|
prefix: ${{ inputs.s3-prefix }}
|
|
run: |
|
|
export S3_INSTALLERS_KEY=s3://preview.gui.tea.xyz/$prefix/dist.tgz
|
|
aws s3 cp dist.tgz $S3_INSTALLERS_KEY
|
|
echo s3-key=$S3_INSTALLERS_KEY >> $GITHUB_OUTPUT
|