From f810a6f3ef43e5b173e60809b35421d4dff9874f Mon Sep 17 00:00:00 2001 From: Shlok Amin Date: Thu, 7 Nov 2024 09:15:33 -0800 Subject: [PATCH 1/4] feat(app): hide unused env vars from vite dist --- app/vite.config.mts | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/app/vite.config.mts b/app/vite.config.mts index 0d1ccadcc19..516ecfef87d 100644 --- a/app/vite.config.mts +++ b/app/vite.config.mts @@ -46,7 +46,10 @@ export default defineConfig( }, }, define: { - 'process.env': process.env, + 'process.env': { + NODE_ENV: process.env.NODE_ENV, + OT_APP_MIXPANEL_ID: process.env.OT_APP_MIXPANEL_ID, + }, global: 'globalThis', _PKG_VERSION_: JSON.stringify(version), _OPENTRONS_PROJECT_: JSON.stringify(project), From 11f2a18c15f7815c971a329a06b1b516e001b9a2 Mon Sep 17 00:00:00 2001 From: Seth Foster Date: Thu, 7 Nov 2024 12:31:02 -0500 Subject: [PATCH 2/4] chore(app): separate FE dist and electron bundle --- .github/workflows/app-test-build-deploy.yaml | 9 +++++++++ app-shell-odd/Makefile | 6 ++++-- app-shell/Makefile | 14 ++++++++------ 3 files changed, 21 insertions(+), 8 deletions(-) diff --git a/.github/workflows/app-test-build-deploy.yaml b/.github/workflows/app-test-build-deploy.yaml index f0bfe7d8946..2e84be343b3 100644 --- a/.github/workflows/app-test-build-deploy.yaml +++ b/.github/workflows/app-test-build-deploy.yaml @@ -331,6 +331,15 @@ jobs: smksp_cert_sync.exe smctl.exe healthcheck --all + # Do the frontend dist bundle + - name: 'bundle ${{matrix.variant}} frontend' + env: + OT_APP_MIXPANEL_ID: ${{ secrets.OT_APP_MIXPANEL_ID }} + OT_APP_INTERCOM_ID: ${{ secrets.OT_APP_INTERCOM_ID }} + OPENTRONS_PROJECT: ${{ steps.project.outputs.project }} + run: | + make -C app dist + # build the desktop app and deploy it - name: 'build ${{matrix.variant}} app for ${{ matrix.os }}' if: matrix.target == 'desktop' diff --git a/app-shell-odd/Makefile b/app-shell-odd/Makefile index 543ed2de95f..5d2d7ac37bd 100644 --- a/app-shell-odd/Makefile +++ b/app-shell-odd/Makefile @@ -65,12 +65,14 @@ deps: .PHONY: package-deps package-deps: clean lib deps +# Note: keep the push dep separate from the dist target so it doesn't accidentally +# do a js dist when we want to only build electron .PHONY: dist-ot3 -dist-ot3: package-deps +dist-ot3: clean lib NO_USB_DETECTION=true OT_APP_DEPLOY_BUCKET=opentrons-app OT_APP_DEPLOY_FOLDER=builds OPENTRONS_PROJECT=$(OPENTRONS_PROJECT) $(builder) --linux --arm64 .PHONY: push-ot3 -push-ot3: dist-ot3 +push-ot3: dist-ot3 deps tar -zcvf opentrons-robot-app.tar.gz -C ./dist/linux-arm64-unpacked/ ./ scp $(if $(ssh_key),-i $(ssh_key)) $(ssh_opts) -r ./opentrons-robot-app.tar.gz root@$(host): ssh $(if $(ssh_key),-i $(ssh_key)) $(ssh_opts) root@$(host) "mount -o remount,rw / && systemctl stop opentrons-robot-app && rm -rf /opt/opentrons-app && mkdir -p /opt/opentrons-app" diff --git a/app-shell/Makefile b/app-shell/Makefile index 5daafd82f44..74e4e4b1912 100644 --- a/app-shell/Makefile +++ b/app-shell/Makefile @@ -121,32 +121,34 @@ package dist-posix dist-osx dist-linux dist-win: export BUILD_ID := $(build_id) package dist-posix dist-osx dist-linux dist-win: export NO_PYTHON := $(if $(no_python_bundle),true,false) package dist-posix dist-osx dist-linux dist-win: export USE_HARD_LINKS := false +# Note: these depend on make -C app dist having been run; do not do this automatically because we separate these +# tasks in CI and even if you have a file dep it's easy to accidentally make the dist run. .PHONY: package -package: package-deps +package: $(builder) --dir .PHONY: dist-posix -dist-posix: package-deps +dist-posix: clean lib $(builder) --linux --mac $(MAKE) _dist-collect-artifacts .PHONY: dist-osx -dist-osx: package-deps +dist-osx: clean lib $(builder) --mac --x64 $(MAKE) _dist-collect-artifacts .PHONY: dist-linux -dist-linux: package-deps +dist-linux: clean lib $(builder) --linux $(MAKE) _dist-collect-artifacts .PHONY: dist-win -dist-win: package-deps +dist-win: clean lib $(builder) --win --x64 $(MAKE) _dist-collect-artifacts .PHONY: dist-ot3 -dist-ot3: package-deps +dist-ot3: clean lib NO_PYTHON=true $(builder) --linux --arm64 --dir cd dist/linux-arm64-unpacked From 9b1008d914fe680188e524346baca10bb6ed47ba Mon Sep 17 00:00:00 2001 From: Seth Foster Date: Thu, 7 Nov 2024 12:40:42 -0500 Subject: [PATCH 3/4] change some secret names --- .github/workflows/app-test-build-deploy.yaml | 26 +++++++++----------- 1 file changed, 11 insertions(+), 15 deletions(-) diff --git a/.github/workflows/app-test-build-deploy.yaml b/.github/workflows/app-test-build-deploy.yaml index 2e84be343b3..d443fae35a0 100644 --- a/.github/workflows/app-test-build-deploy.yaml +++ b/.github/workflows/app-test-build-deploy.yaml @@ -318,12 +318,12 @@ jobs: if: startsWith(matrix.os, 'windows') && contains(needs.determine-build-type.outputs.type, 'release') shell: cmd env: - SM_HOST: ${{ secrets.SM_HOST }} + SM_HOST: ${{ secrets.SM_HOST_V2 }} SM_CLIENT_CERT_FILE: "D:\\Certificate_pkcs12.p12" - SM_CLIENT_CERT_PASSWORD: ${{secrets.SM_CLIENT_CERT_PASSWORD}} - SM_API_KEY: ${{secrets.SM_API_KEY}} + SM_CLIENT_CERT_PASSWORD: ${{secrets.SM_CLIENT_CERT_PASSWORD_V2}} + SM_API_KEY: ${{secrets.SM_API_KEY_V2}} run: | - curl -X GET https://one.digicert.com/signingmanager/api-ui/v1/releases/Keylockertools-windows-x64.msi/download -H "x-api-key:${{secrets.SM_API_KEY}}" -o Keylockertools-windows-x64.msi + curl -X GET https://one.digicert.com/signingmanager/api-ui/v1/releases/Keylockertools-windows-x64.msi/download -H "x-api-key:${{secrets.SM_API_KEY_V2}}" -o Keylockertools-windows-x64.msi msiexec /i Keylockertools-windows-x64.msi /quiet /qn smksp_registrar.exe list smctl.exe keypair ls @@ -348,18 +348,14 @@ jobs: OT_APP_MIXPANEL_ID: ${{ secrets.OT_APP_MIXPANEL_ID }} OT_APP_INTERCOM_ID: ${{ secrets.OT_APP_INTERCOM_ID }} WINDOWS_SIGN: ${{ format('{0}', contains(needs.determine-build-type.outputs.type, 'release')) }} - SM_HOST: ${{secrets.SM_HOST}} - SM_CLIENT_CERT_FILE: "D:\\Certificate_pkcs12.p12" - SM_CLIENT_CERT_PASSWORD: ${{secrets.SM_CLIENT_CERT_PASSWORD}} - SM_API_KEY: ${{secrets.SM_API_KEY}} - SM_CODE_SIGNING_CERT_SHA1_HASH: ${{secrets.SM_CODE_SIGNING_CERT_SHA1_HASH}} - SM_KEYPAIR_ALIAS: ${{secrets.SM_KEYPAIR_ALIAS}} + SM_CODE_SIGNING_CERT_SHA1_HASH: ${{secrets.SM_CODE_SIGNING_CERT_SHA1_HASH_V2}} + SM_KEYPAIR_ALIAS: ${{secrets.SM_KEYPAIR_ALIAS_V2}} WINDOWS_CSC_FILEPATH: "D:\\opentrons_labworks_inc.crt" - CSC_LINK: ${{ secrets.OT_APP_CSC_MACOS }} - CSC_KEY_PASSWORD: ${{ secrets.OT_APP_CSC_KEY_MACOS }} - APPLE_ID: ${{ secrets.OT_APP_APPLE_ID }} - APPLE_APP_SPECIFIC_PASSWORD: ${{ secrets.OT_APP_APPLE_ID_PASSWORD }} - APPLE_TEAM_ID: ${{ secrets.OT_APP_APPLE_TEAM_ID }} + CSC_LINK: ${{ secrets.OT_APP_CSC_MACOS_V2 }} + CSC_KEY_PASSWORD: ${{ secrets.OT_APP_CSC_KEY_MACOS_V2 }} + APPLE_ID: ${{ secrets.OT_APP_APPLE_ID_V2 }} + APPLE_APP_SPECIFIC_PASSWORD: ${{ secrets.OT_APP_APPLE_ID_PASSWORD_V2 }} + APPLE_TEAM_ID: ${{ secrets.OT_APP_APPLE_TEAM_ID_V2 }} HOST_PYTHON: python OPENTRONS_PROJECT: ${{ steps.project.outputs.project }} OT_APP_DEPLOY_BUCKET: ${{ steps.project.outputs.bucket }} From 9cdec4e41d88492a923e17209641233ba251dfd1 Mon Sep 17 00:00:00 2001 From: Shlok Amin Date: Thu, 7 Nov 2024 10:16:04 -0800 Subject: [PATCH 4/4] bundle in opentrons project into env variables --- app/vite.config.mts | 1 + 1 file changed, 1 insertion(+) diff --git a/app/vite.config.mts b/app/vite.config.mts index 516ecfef87d..f10fedf4f7e 100644 --- a/app/vite.config.mts +++ b/app/vite.config.mts @@ -49,6 +49,7 @@ export default defineConfig( 'process.env': { NODE_ENV: process.env.NODE_ENV, OT_APP_MIXPANEL_ID: process.env.OT_APP_MIXPANEL_ID, + OPENTRONS_PROJECT: process.env.OPENTRONS_PROJECT, }, global: 'globalThis', _PKG_VERSION_: JSON.stringify(version),