0.8.1-beta #282
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Build release | |
on: | |
pull_request: | |
branches: | |
- main | |
types: | |
- closed | |
jobs: | |
build-macos: | |
runs-on: macos-latest | |
if: github.event.pull_request.merged == true | |
env: | |
CERTIFICATE: ${{ secrets.PROD_MACOS_CERTIFICATE }} | |
CERTIFICATE_PWD: ${{ secrets.PROD_MACOS_CERTIFICATE_PWD }} | |
CERTIFICATE_CHECKSUM: ${{ secrets.PROD_MACOS_CERTIFICATE_CHECKSUM }} | |
KEYCHAIN_NAME: "build.keychain" | |
KEYCHAIN_PATH: "/Users/runner/Library/Keychains/" | |
KEYCHAIN_PWD: ${{ secrets.PROD_MACOS_CI_KEYCHAIN_PWD }} | |
APPLE_ID: ${{ secrets.PROD_MACOS_NOTARIZATION_APPLE_ID }} | |
APPLE_TEAM_ID: ${{ secrets.PROD_MACOS_NOTARIZATION_TEAM_ID }} | |
APPLE_APP_SPECIFIC_PASSWORD: ${{ secrets.PROD_MACOS_NOTARIZATION_PWD }} | |
NOTARYTOOL_PROFILE: "notarytool-profile" | |
steps: | |
- name: Checkout code | |
uses: actions/checkout@v4 | |
- name: Setup Node.js | |
uses: actions/setup-node@v4 | |
with: | |
node-version: '18.14.0' | |
- name: Install dependencies | |
run: npm install | |
- name: Decode Apple Developer certificate | |
run: | | |
echo ${{ env.CERTIFICATE }} | base64 --decode > certificate.p12 | |
ls -la certificate* | |
diff <( printf '%s\n' "${{ env.CERTIFICATE_CHECKSUM }}" ) <( printf '%s\n' "$(md5 -q certificate.p12)") | |
[ $? -eq 0 ] && (echo "File is identical" && exit 0) || (echo "File is different" && exit 1) | |
- name: Create keychain storage | |
run: | | |
security create-keychain -p "${{ env.KEYCHAIN_PWD }}" ${{env.KEYCHAIN_NAME}} | |
security default-keychain -s ${{ env.KEYCHAIN_NAME }} | |
security unlock-keychain -p "${{ env.KEYCHAIN_PWD }}" ${{ env.KEYCHAIN_NAME }} | |
security import certificate.p12 -k ${{ env.KEYCHAIN_NAME }} -P "${{ env.CERTIFICATE_PWD }}" -T /usr/bin/codesign | |
security set-key-partition-list -S apple-tool:,apple:,codesign: -s -k "${{ env.KEYCHAIN_PWD }}" ${{ env.KEYCHAIN_NAME }} | |
- name: Create keychain profile for notarytool | |
run: | | |
security unlock-keychain -p "${{ env.KEYCHAIN_PWD }}" ${{ env.KEYCHAIN_NAME }} | |
xcrun notarytool store-credentials ${{ env.NOTARYTOOL_PROFILE }} \ | |
--apple-id ${{ env.APPLE_ID }} \ | |
--team-id ${{ env.APPLE_TEAM_ID }} \ | |
--password "${{ env.APPLE_APP_SPECIFIC_PASSWORD }}" \ | |
--keychain "${{ env.KEYCHAIN_PATH }}${{ env.KEYCHAIN_NAME }}-db" | |
- name: Build the artifacts and upload them on Github | |
env: | |
KEYCHAIN: "${{ env.KEYCHAIN_PATH }}${{ env.KEYCHAIN_NAME }}-db" | |
KEYCHAIN_PROFILE: ${{ env.NOTARYTOOL_PROFILE }} | |
GH_TOKEN: ${{ github.token }} | |
PUBLISH_FOR_PULL_REQUEST: true | |
CSC_FOR_PULL_REQUEST: true | |
run: | | |
npm run ship -- --mac --universal | |
build-windows: | |
runs-on: windows-latest | |
if: github.event.pull_request.merged == true | |
steps: | |
- name: Checkout code | |
uses: actions/checkout@v4 | |
- name: Setup Node.js | |
uses: actions/setup-node@v4 | |
with: | |
node-version: '18.14.0' | |
- name: Install dependencies | |
run: npm install | |
- name: Build the artifacts and upload them on Github | |
env: | |
GH_TOKEN: ${{ github.token }} | |
PUBLISH_FOR_PULL_REQUEST: true | |
run: | | |
npm run ship -- --windows | |
build-linux: | |
runs-on: ubuntu-latest | |
if: github.event.pull_request.merged == true | |
steps: | |
- name: Checkout code | |
uses: actions/checkout@v4 | |
- name: Setup Node.js | |
uses: actions/setup-node@v4 | |
with: | |
node-version: '18.14.0' | |
- name: Install dependencies | |
run: npm install | |
- name: Build the artifacts and upload them on Github | |
env: | |
GH_TOKEN: ${{ github.token }} | |
PUBLISH_FOR_PULL_REQUEST: true | |
run: | | |
npm run ship -- --linux | |
clean-release: | |
needs: [build-macos, build-windows, build-linux] | |
runs-on: ubuntu-latest | |
steps: | |
- name: Get the release data | |
id: releases_data_first | |
env: | |
HOST: "https://api.github.com" | |
ENDPOINT: "/repos/${{ github.repository_owner }}/${{ github.event.repository.name }}/releases" | |
run: | | |
data=$( | |
curl -X GET -s \ | |
-H "Authorization: token ${{ secrets.GITHUB_TOKEN }}" \ | |
"${HOST}${ENDPOINT}" | |
) | |
data=$(echo "${data}" | jq '.[0] | {name, id, assets: (.assets | map({name, id}))} | tostring') | |
echo "release_data=${data}" >> $GITHUB_OUTPUT | |
- name: Read the output | |
run: | | |
echo ${{ steps.releases_data_first.outputs.release_data }} | jq '.' | |
- name: Filter requested data for blockmaps | |
id: jq_filter_blockmap | |
run: | | |
blockmaps=$( | |
echo '${{ steps.releases_data_first.outputs.release_data }}' | jq -r \ | |
'fromjson | .assets | map(select(.name | endswith(".blockmap"))) | map(.id | tostring) | join(" ")' | |
) | |
echo "( ${blockmaps} )" | |
echo "blockmap_list=( ${blockmaps} )" >> $GITHUB_OUTPUT | |
- name: Remove the blockmap files | |
env: | |
HOST: "https://api.github.com" | |
ENDPOINT: "/repos/${{ github.repository_owner }}/${{ github.event.repository.name }}/releases/assets/" | |
run: | | |
assets_array="${{ steps.jq_filter_blockmap.outputs.blockmap_list }}" | |
assets_array="${assets_array#(}" | |
assets_array="${assets_array%)}" | |
# Convert the array string to an actual array | |
IFS=', ' read -ra assets <<< "$assets_array" | |
# Iterate over the array elements | |
echo "Iterating over the assets:" | |
for asset_id in "${assets[@]}"; do | |
echo "Deleting asset with ID: $asset_id" | |
curl -X DELETE -s \ | |
-H "Authorization: token ${{ secrets.GITHUB_TOKEN }}" \ | |
"${HOST}${ENDPOINT}$asset_id" | |
done | |
- name: Get the release data | |
id: releases_data_second | |
env: | |
HOST: "https://api.github.com" | |
ENDPOINT: "/repos/${{ github.repository_owner }}/${{ github.event.repository.name }}/releases" | |
run: | | |
data=$( | |
curl -X GET -s \ | |
-H "Authorization: token ${{ secrets.GITHUB_TOKEN }}" \ | |
"${HOST}${ENDPOINT}" | |
) | |
data=$(echo "${data}" | jq '.[0] | {name, id, assets: (.assets | map({name, id}))} | tostring') | |
echo "release_data=${data}" >> $GITHUB_OUTPUT | |
- name: Filter requested data for mac universal distros | |
id: jq_filter_macuni | |
run: | | |
macuni=$( | |
echo '${{ steps.releases_data_second.outputs.release_data }}' | jq -r \ | |
'fromjson | .assets | map(select(.name | contains("universal"))) | map(.id | tostring) | join(" ")' | |
) | |
echo "( ${macuni} )" | |
echo "macuni_list=( ${macuni} )" >> $GITHUB_OUTPUT | |
- name: Remove the mac universal files | |
env: | |
HOST: "https://api.github.com" | |
ENDPOINT: "/repos/${{ github.repository_owner }}/${{ github.event.repository.name }}/releases/assets/" | |
run: | | |
assets_array="${{ steps.jq_filter_macuni.outputs.macuni_list }}" | |
assets_array="${assets_array#(}" | |
assets_array="${assets_array%)}" | |
# Convert the array string to an actual array | |
IFS=', ' read -ra assets <<< "$assets_array" | |
# Iterate over the array elements | |
echo "Iterating over the assets:" | |
for asset_id in "${assets[@]}"; do | |
echo "Deleting asset with ID: $asset_id" | |
curl -X DELETE -s \ | |
-H "Authorization: token ${{ secrets.GITHUB_TOKEN }}" \ | |
"${HOST}${ENDPOINT}$asset_id" | |
done |