Skip to content

Update release-ci.yml #46

Update release-ci.yml

Update release-ci.yml #46

Workflow file for this run

name: Aesir Release Pipeline
on:
push:
branches:
- master
tags:
- '*'
jobs:
create-release:
name: Create GitHub Release
runs-on: ubuntu-latest
outputs:
upload_url: ${{steps.create_release.outputs.upload_url}}
if: startsWith(github.ref, 'refs/tags/')
steps:
- name: Create Release
id: create_release
uses: actions/create-release@v1
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
tag_name: ${{ github.ref }}
release_name: Release ${{ github.ref }}
draft: false
prerelease: false
build:
name: "Build: ${{ matrix.config.name }} / ${{ matrix.config.platform }}"
runs-on: ${{ matrix.config.os }}
needs: [create-release]
strategy:
fail-fast: true
matrix:
config:
- {
name: "Windows Latest",
os: windows-latest,
platform: x64
}
- {
name: "Ubuntu Latest",
os: ubuntu-latest,
platform: x64
}
- {
name: "macOS-x64",
os: macos-latest,
platform: x64
}
- {
name: "macOS arm64",
os: macos-latest,
platform: arm64
}
env:
PLATFORM: ${{ matrix.config.platform }}
VERSION: ${{ github.ref_name }} # This extracts the tag name
steps:
- name: Check out Git repository
uses: actions/checkout@v1
- name: Install Node.js, NPM and Yarn
uses: actions/setup-node@v1
with:
node-version: 18.13.0
- name: Install python-setuptools on macOS
if: matrix.config.os == 'macos-11' || matrix.config.os == 'macos-latest'
run: brew install python-setuptools
- name: Install snap on Linux
if: matrix.config.os == 'ubuntu-latest'
run: sudo snap install snapcraft --classic
- name: Install libudev on Linux
if: matrix.config.os == 'ubuntu-latest'
run: sudo apt-get install -y libudev-dev
- name: Install the Apple certificate and provisioning profile
if: matrix.config.os == 'macos-latest'
env:
BUILD_CERTIFICATE_BASE64: ${{ secrets.BUILD_CERTIFICATE_BASE64 }}
P12_PASSWORD: ${{ secrets.P12_PASSWORD }}
BUILD_PROVISION_PROFILE_BASE64: ${{ secrets.BUILD_PROVISION_PROFILE_BASE64 }}
KEYCHAIN_PASSWORD: ${{ secrets.KEYCHAIN_PASSWORD }}
run: |
CERTIFICATE_PATH=$RUNNER_TEMP/build_certificate.p12
PP_PATH=$RUNNER_TEMP/61be0696-8d71-4a17-8f96-53c50b8c6fdd.provisionprofile
KEYCHAIN_PATH=$RUNNER_TEMP/app-signing.keychain-db
# Import certificate and provisioning profile from secrets
echo -n "$BUILD_CERTIFICATE_BASE64" | base64 --decode -o $CERTIFICATE_PATH
echo -n "$BUILD_PROVISION_PROFILE_BASE64" | base64 --decode -o $PP_PATH
# Create temporary keychain
security create-keychain -p "$KEYCHAIN_PASSWORD" $KEYCHAIN_PATH
security set-keychain-settings -lut 21600 $KEYCHAIN_PATH
security unlock-keychain -p "$KEYCHAIN_PASSWORD" $KEYCHAIN_PATH
# Import certificate to keychain
security import $CERTIFICATE_PATH -P "$P12_PASSWORD" -A -t cert -f pkcs12 -k $KEYCHAIN_PATH
security set-key-partition-list -S apple-tool:,apple: -k "$KEYCHAIN_PASSWORD" $KEYCHAIN_PATH
security list-keychain -d user -s $KEYCHAIN_PATH
# Apply provisioning profile
mkdir -p ~/Library/Developer/Xcode/UserData/Provisioning\ Profiles
cp $PP_PATH ~/Library/Developer/Xcode/UserData/Provisioning\ Profiles
mkdir -p ~/Library/MobileDevice/Provisioning\ Profiles
cp $PP_PATH ~/Library/MobileDevice/Provisioning\ Profiles
cp $PP_PATH .
cp $PP_PATH bin/
ls
ls bin
security find-identity -p codesigning -v
- name: Install dependencies
run: npm install --quiet
- name: Build ${{ matrix.config.name }}
if: matrix.config.os == 'windows-latest'
run: npm run build:win-x64
- name: Build ${{ matrix.config.name }}
if: matrix.config.os == 'ubuntu-latest'
run: npm run build:linux-$PLATFORM
- name: Build ${{ matrix.config.name }}
if: matrix.config.os == 'macos-latest'
env:
appleId: ${{ secrets.APPLE_ID }}
appleIdPassword: ${{ secrets.APP_SPECIFIC_PASSWORD }}
teamId: ${{ secrets.TEAM_ID }}
run: npm run build:mac-$PLATFORM
- name: Check artifacts --DEBUG--
run: ls dist
- name: Sign the macOS Application
if: matrix.config.os == 'macos-latest-not'
run: |
codesign --deep --force --verify --verbose --sign "$SIGNING_IDENTITY" dist/Aesir-${{ env.VERSION }}.dmg
env:
SIGNING_IDENTITY: ${{ secrets.SIGNING_IDENTITY }}
- name: Check macOS signature
if: matrix.config.os == 'macos-latest-not'
run: codesign -vvv --deep --strict dist/Aesir-${{ env.VERSION }}.dmg
- name: Notarize macOS App
if: matrix.config.os == 'macos-latest-not'
run: xcrun notarytool submit --apple-id "$APPLE_ID" --team-id "$TEAM_ID" --password "$APP_SPECIFIC_PASSWORD" --wait dist/Aesir-${{ env.VERSION }}.dmg
env:
APPLE_ID: ${{ secrets.APPLE_ID }}
TEAM_ID: ${{ secrets.TEAM_ID }}
APP_SPECIFIC_PASSWORD: ${{ secrets.APP_SPECIFIC_PASSWORD }}
- name: Staple Notarization
if: matrix.config.os == 'macos-latest-not'
run: xcrun stapler staple dist/Aesir-${{ env.VERSION }}.dmg
- name: Upload Release Asset Ubuntu
if: matrix.config.os == 'ubuntu-latest'
uses: actions/upload-release-asset@v1
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
upload_url: ${{ needs.create-release.outputs.upload_url }}
asset_path: dist/Aesir_${{ env.VERSION }}_amd64.deb
asset_name: Aesir_${{ env.VERSION }}_amd64.deb
asset_content_type: application/octet-stream
- name: Upload Release Asset macOS x64
if: matrix.config.os == 'macos-latest' && matrix.config.platform == 'x64'
uses: actions/upload-release-asset@v1
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
upload_url: ${{ needs.create-release.outputs.upload_url }}
asset_path: dist/Aesir-${{ env.VERSION }}.dmg
asset_name: Aesir_${{ env.VERSION }}_x64.dmg
asset_content_type: application/octet-stream
- name: Upload Release Asset macOS arm64
if: matrix.config.os == 'macos-latest' && matrix.config.platform == 'arm64'
uses: actions/upload-release-asset@v1
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
upload_url: ${{ needs.create-release.outputs.upload_url }}
asset_path: dist/Aesir-${{ env.VERSION }}-arm64.dmg
asset_name: Aesir_${{ env.VERSION }}_arm64.dmg
asset_content_type: application/octet-stream
- name: Upload Release Asset Windows
if: matrix.config.os == 'windows-latest'
uses: actions/upload-release-asset@v1
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
upload_url: ${{ needs.create-release.outputs.upload_url }}
asset_path: dist/Aesir Setup ${{ env.VERSION }}.exe
asset_name: Aesir_Setup_${{ env.VERSION }}.exe
asset_content_type: application/x-msdownload