-
-
Notifications
You must be signed in to change notification settings - Fork 146
152 lines (134 loc) · 5.79 KB
/
desktop-app-cd-nightly-approval.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
name: Leapp Desktop App CD - nightly - approval
on:
workflow_dispatch:
env:
CERTIFICATE_APPLICATION_OSX_P12: ${{ secrets.CERTIFICATE_APPLICATION_OSX_P12 }}
CERTIFICATE_OSX_P12: ${{ secrets.CERTIFICATE_OSX_P12 }}
DECODE_PASSWORD: ${{ secrets.DECODE_PASSWORD }}
DISTRIBUTION_ID: ${{ secrets.DISTRIBUTION_ID }}
GH_TOKEN: ${{ secrets.GH_TOKEN }}
KEYCHAIN_PASSWORD: ${{ secrets.KEYCHAIN_PASSWORD }}
S3_BUCKET: s3://noovolari-leapp-website-distribution
WIN_CERTIFICATE: ${{ secrets.WIN_CERTIFICATE }}
WIN_CSC_KEY_PASSWORD: ${{ secrets.WIN_CSC_KEY_PASSWORD }}
NPM_TOKEN: ${{ secrets.NPM_TOKEN }}
TEAM_REPOSITORY: ${{ secrets.TEAM_REPOSITORY }}
jobs:
generate-build-identifier:
outputs:
build-identifier: ${{ steps.build-identifier-generator.outputs.BUILD_IDENTIFIER }}
runs-on: ubuntu-latest
steps:
- name: generate build identifier
id: build-identifier-generator
run: |
IDENTIFIER=$(date +%Y%m%d%H%M%S)
echo "::set-output name=BUILD_IDENTIFIER::$IDENTIFIER"
clean-nightly-latest:
runs-on: ubuntu-latest
steps:
- name: Configure AWS credentials
uses: aws-actions/configure-aws-credentials@v1
with:
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
aws-region: eu-west-1
- name: Move draft to nightly latest
run: |
aws s3 rm "${{ env.S3_BUCKET }}/nightly/latest-temp" --recursive
build-and-release-core-and-cli:
runs-on: ubuntu-latest
needs: [ clean-nightly-latest ]
steps:
- uses: actions/checkout@v3
- name: Build and release core (nightly)
run: |
cd packages/core
echo "//registry.npmjs.org/:_authToken=\${NPM_TOKEN}" > .npmrc
npm install
npm run nightly
- name: Build and release CLI (nightly)
run: |
cd packages/cli
echo "//registry.npmjs.org/:_authToken=\${NPM_TOKEN}" > .npmrc
npm install
npm run nightly
build-macos-arm:
runs-on: macos-latest
needs: [ build-and-release-core-and-cli, build-macos-x64, generate-build-identifier ]
steps:
- uses: actions/checkout@v3
- uses: actions/checkout@v3
if: ${{ env.TEAM_REPOSITORY != '' }}
with:
repository: ${{ env.TEAM_REPOSITORY }}
ref: development
token: ${{ secrets.GH_TOKEN }}
path: leapp-team
- name: Inject Team Feature
if: ${{ env.TEAM_REPOSITORY != '' }}
run: |
mv leapp-team ..
cd ../leapp-team/packages/leapp-team-service
npm run enable-team-features-dev
- name: Build macOS arm64 desktop app (nightly)
uses: nick-fields/retry@v2
env:
APPLE_NOTARISATION_PASSWORD: ${{ secrets.APPLE_NOTARISATION_PASSWORD }}
with:
timeout_minutes: 20
max_attempts: 5
command: |
cd packages/desktop-app
KEY_CHAIN=build.keychain
CERTIFICATE_P12=certificate.p12
CERTIFICATE_APPLICATION_P12=certificate-application.p12
echo "Recreate the certificate from the secure environment variable"
echo "security create-keychain"
echo "${{ env.CERTIFICATE_OSX_P12 }}" | base64 --decode > $CERTIFICATE_P12
echo "${{ env.CERTIFICATE_APPLICATION_OSX_P12 }}" | base64 --decode > $CERTIFICATE_APPLICATION_P12
security create-keychain -p ${{ env.KEYCHAIN_PASSWORD }} $KEY_CHAIN
echo "security list-keychains"
security list-keychains -s login.keychain build.keychain
echo "security default-keychain"
security default-keychain -s $KEY_CHAIN
echo "security unlock-keychain"
security unlock-keychain -p ${{ env.KEYCHAIN_PASSWORD }} $KEY_CHAIN
echo "security import"
security import $CERTIFICATE_P12 -k $KEY_CHAIN -P '${{ env.DECODE_PASSWORD }}' -T /usr/bin/codesign;
security import $CERTIFICATE_APPLICATION_P12 -k $KEY_CHAIN -P '${{ env.DECODE_PASSWORD }}' -T /usr/bin/codesign;
echo "security find-identity"
security find-identity -v
echo "security set-key-partition-list"
security set-key-partition-list -S apple-tool:,apple:,codesign:, -s -k ${{ env.KEYCHAIN_PASSWORD }} $KEY_CHAIN
rm -fr *.p12
npm install
npm run set-target-arm64
npm run nightly
- name: Clean build
run: |
cd packages/desktop-app
rm -Rf ./release/mac
rm -Rf ./release/mac-unpacked
rm -Rf ./release/.cache
rm -Rf ./release/builder-debug.yml
rm -Rf ./release/builder-effective-config.yaml
rm -Rf ./release/mac-arm64
TAG_VERSION=$(cat nightly-version)
rm "./release/Leapp-$TAG_VERSION-arm64-mac.zip"
rm "./release/Leapp-$TAG_VERSION-arm64-mac.zip.blockmap"
zip "./release/Leapp-$TAG_VERSION-mac-arm64.zip" "./release/Leapp-$TAG_VERSION-arm64.dmg"
- name: Configure AWS Credentials
uses: aws-actions/configure-aws-credentials@v1
with:
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
aws-region: eu-west-1
- name: Release draft to S3 (nightly)
run: |
cd packages/desktop-app
TAG_VERSION=$(cat nightly-version)
BUILD_IDENTIFIER=${{ needs.generate-build-identifier.outputs.build-identifier }}
aws s3 cp ./release/ "${{ env.S3_BUCKET }}/nightly/${BUILD_IDENTIFIER}/" --recursive
PRESIGN_URL=aws s3 presign "${{ env.S3_BUCKET }}/nightly/${BUILD_IDENTIFIER}/Leapp-${TAG_VERSION}-arm64.dmg"
echo "Leapp-${TAG_VERSION}-arm64.dmg: ${PRESIGN_URL}"