Fixes #2114 - Publication is encrypted but not licensed #3205
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: CI | |
on: | |
push: | |
branches: [ develop ] | |
tags-ignore: | |
- '*' | |
pull_request: | |
branches: [ develop ] | |
# https://docs.github.com/en/actions/security-guides/automatic-token-authentication#permissions-for-the-github_token | |
# https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#permissions | |
permissions: | |
actions: none | |
checks: none | |
contents: write | |
deployments: none | |
id-token: none | |
issues: none | |
packages: none | |
pages: none | |
pull-requests: none | |
repository-projects: none | |
security-events: none | |
statuses: none | |
env: | |
# secrets.GITHUB_TOKEN is restricted by default instead of permissive, so it does not allow release publishing. We can use a Personal Access Token with limited scope and expiration, or configure the token for this workflow using the 'permissions' key | |
# GITHUB_TOKEN_RELEASE_PUBLISH: ${{ secrets.RELEASE_PUBLISH }} | |
GITHUB_TOKEN_RELEASE_PUBLISH: ${{ secrets.GITHUB_TOKEN }} | |
# Electron Builder workaround | |
USE_HARD_LINKS: 'false' | |
jobs: | |
build: | |
# if: "!contains(toJSON(github.event.commits.*.message), '[skip-ci]')" | |
if: "github.event_name == 'pull_request' || !contains(github.event.head_commit.message, 'skip ci')" | |
# runs-on: ubuntu-latest # / ubuntu-18.04 ... or ubuntu-16.04, ubuntu-20.04 | |
# runs-on: macos-latest # / macos-10.15 | |
# runs-on: windows-2016 # not window-latest / windows-2019, see https://github.com/edrlab/thorium-reader/issues/1591 | |
runs-on: ${{ matrix.runson }} | |
strategy: | |
fail-fast: false | |
matrix: | |
# windows-arm | |
osarch: [windows-intel, macos-intel, macos-arm, linux-intel, linux-arm] | |
include: | |
- osarch: windows-intel | |
runson: windows-latest | |
packname: win | |
release_tag: latest-windows-intel | |
# - osarch: windows-arm | |
# runson: windows-latest | |
# packname: win | |
# release_tag: latest-windows-arm | |
- osarch: macos-intel | |
runson: macos-13 | |
packname: 'mac:skip-notarize' | |
release_tag: latest-macos-intel | |
- osarch: macos-arm | |
runson: macos-latest | |
packname: 'mac:skip-notarize' | |
release_tag: latest-macos-arm | |
- osarch: linux-intel | |
runson: ubuntu-20.04 | |
packname: linux | |
release_tag: latest-linux-intel | |
- osarch: linux-arm | |
runson: ubuntu-20.04 | |
packname: linux | |
release_tag: latest-linux-arm | |
env: | |
# OS_NAME_: ${{ matrix.osarch }} | |
RELEASE_TAG: ${{ matrix.release_tag }} | |
steps: | |
# - run: echo 'OS_NAME_:' ${{ env.OS_NAME_ }} | |
#- run: echo 'RELEASE_TAG=latest-${{ env.OS_NAME_ }}' | Out-File -FilePath $env:GITHUB_ENV -Encoding utf8 -Append | |
#- run: echo 'RELEASE_TAG=latest-${{ env.OS_NAME_ }}' >> $GITHUB_ENV | |
#- run: echo '::set-env name=RELEASE_TAG::latest-${{ env.OS_NAME_ }}' | |
- run: echo 'RELEASE_TAG:' ${{ env.RELEASE_TAG }} | |
- run: 'echo "GITHUB_RUN_NUMBER: ${{ github.run_number }}"' | |
- run: 'echo "GITHUB_RUN_ID: ${{ github.run_id }}"' | |
- run: 'echo "GITHUB_SHA: ${{ github.sha }}"' | |
- name: Check sys arch | |
if: ${{ matrix.osarch != 'windows-intel' }} | |
run: echo "${{ matrix.osarch }}" && uname -m && arch | |
- name: Checkout | |
uses: actions/checkout@v4 | |
# with: | |
# persist-credentials: false | |
# - name: Git config global dump (pre) | |
# run: 'git config --global --list || echo NO_GIT_GLOBAL_CONFIG || true' | |
# shell: bash | |
# - name: Git config local dump (pre) | |
# run: 'git config --list || echo NO_GIT_GLOBAL_CONFIG || true' | |
# shell: bash | |
# - name: git HTTP authentication instead SSH (NPM >=7) 1 | |
# run: > | |
# git config --global url."https://github.com/".insteadOf ssh://[email protected]/ | |
# shell: bash | |
# - name: git HTTP authentication instead SSH (NPM >=7) 2 | |
# run: > | |
# git config --global url."https://github.com".insteadOf ssh://[email protected] | |
# shell: bash | |
# - name: git HTTP authentication instead SSH (NPM >=7) 3 | |
# run: > | |
# git config --global url."http://github.com/".insteadOf [email protected]: | |
# shell: bash | |
# - name: git HTTP authentication instead SSH (NPM >=7) 4 | |
# run: > | |
# git config --global url."http://".insteadOf git:// | |
# shell: bash | |
- name: Git config global dump (post) | |
run: 'git config --global --list || echo NO_GIT_GLOBAL_CONFIG || true' | |
shell: bash | |
- name: Git config local dump (post) | |
run: 'git config --list || echo NO_GIT_GLOBAL_CONFIG || true' | |
shell: bash | |
- uses: actions/setup-node@v4 | |
with: | |
node-version: '20' | |
#check-latest: true | |
- run: node --version && npm --version | |
- run: npm --global install npm@^10 | |
- run: npm --version | |
- run: python --version || echo ok | |
- run: python3 --version || echo ok | |
- run: pip --version || echo ok | |
# PYTHON 3.12 distutils deprecation remediation: | |
#- run: python3 -m pip install packaging || python -m pip install packaging | |
- run: python3 -m pip install setuptools || python -m pip install setuptools | |
# - run: npm --global install asar | |
- name: package patch 1 | |
run: node scripts/package-ci-patch.js package.json ${{ github.run_id }} && cat package.json | grep -i VERSION && cat package.json | |
shell: bash | |
- name: package patch 2 | |
run: node scripts/package-ci-patch.js src/package.json ${{ github.run_id }} && cat src/package.json | grep -i VERSION && cat src/package.json | |
shell: bash | |
- name: package lock patch | |
run: node scripts/package-lock-patch.js && cat package-lock.json | grep -i divina-player-js | |
shell: bash | |
- run: git --no-pager diff | |
- run: npm cache clean --force | |
- run: npm cache verify | |
- run: cat package-lock.json | grep -i divina-player-js | |
- run: npm ci | |
- run: npm list -g node-gyp || echo ok | |
- run: npm list node-gyp || echo ok | |
- name: PR action (just build) | |
if: ${{ github.event_name == 'pull_request' }} | |
run: npm run build:prod | |
# && npm run test SEE https://github.com/edrlab/thorium-reader/issues/1697 | |
- name: non-PR action, Windows (build and package) | |
if: ${{ github.event_name != 'pull_request' && ( matrix.osarch == 'windows-intel' || matrix.osarch == 'windows-arm' ) }} | |
run: npm run package:${{ matrix.packname }} | |
- name: non-PR action, non-Windows (build and package) | |
if: ${{ github.event_name != 'pull_request' && matrix.osarch != 'windows-intel' && matrix.osarch != 'windows-arm' }} | |
run: echo "${{ matrix.osarch }}" && (if [[ ${{ matrix.osarch }} == 'macos-arm' || ${{ matrix.osarch }} == 'linux-arm' ]]; then uname -m && arch && sed 's/x64/arm64/g' ./package.json > ./package.json.new && mv ./package.json.new ./package.json && npm run package:${{ matrix.packname }} && sed 's/arm64/x64/g' ./package.json > ./package.json.new && mv ./package.json.new ./package.json; else npm run package:${{ matrix.packname }}; fi) | |
#- run: ls -alsR release | |
#- run: npm install @octokit/rest | |
- name: GitHub Tagged Release Delete/ReCreate and Upload Build Artefacts | |
if: ${{ github.event_name != 'pull_request' }} | |
run: node scripts/release-github.mjs | |
# - name: Upload Artifact | |
# if: ${{ github.event_name != 'pull_request' }} | |
# uses: actions/upload-artifact@v2 | |
# with: | |
# name: Thorium | |
# path: ./release/*.exe | |
# - name: Delete Release | |
# if: ${{ github.event_name != 'pull_request' }} | |
# uses: author/action-rollback@stable | |
# with: | |
# tag: $RELEASE_TAG | |
# always_delete_tag: true | |
# - name: GitHub Release | |
# if: ${{ github.event_name != 'pull_request' }} | |
# id: create_release | |
# uses: actions/create-release@v1 | |
# with: | |
# tag_name: $RELEASE_TAG | |
# release_name: '[$RELEASE_TAG] continuous test build (prerelease)' | |
# body: 'GitHub Action build job: $GITHUB_SERVER_URL/$GITHUB_REPOSITORY/actions/runs/$GITHUB_RUN_ID' | |
# draft: false | |
# prerelease: true | |
# - name: GitHub Release Assets | |
# if: ${{ github.event_name != 'pull_request' }} | |
# id: upload-release-asset | |
# uses: actions/upload-release-asset@v1 | |
# with: | |
# upload_url: ${{ steps.create_release.outputs.upload_url }} | |
# asset_path: ./release/*.exe | |
# asset_name: Thorium.exe | |
# asset_content_type: application/octet-stream | |
# - name: GitHub Script Release And Assets | |
# if: ${{ github.event_name != 'pull_request' }} | |
# env: | |
# - GH_RELEASE_ID: ${{ steps.create_release.outputs.id }} | |
# uses: actions/github-script@v2 | |
# with: | |
# github-token: ${{ secrets.GITHUB_TOKEN }} | |
# script: | | |
# console.log('process.versions', process.versions, process.env.GH_RELEASE_ID); | |
# const fs = require('fs').promises; | |
# const { repo: { owner, repo }, sha } = context; | |
# /* | |
# const release = await github.repos.createRelease({ | |
# name: `[${process.env.RELEASE_TAG}] continuous test build (prerelease)`, | |
# body: `GitHub Action build job: ${process.env.GITHUB_SERVER_URL}/${process.env.GITHUB_REPOSITORY}/actions/runs/${process.env.GITHUB_RUN_ID}`, | |
# owner, | |
# repo, | |
# tag_name: process.env.RELEASE_TAG, | |
# draft: false, | |
# prerelease: true, | |
# target_commitish: sha | |
# }); | |
# */ | |
# for (let file of await fs.readdir('release')) { | |
# if (!file.endsWith('.exe') || !file.endsWith('.AppImage') || !file.endsWith('.msi') || !file.endsWith('.deb') || !file.endsWith('.dmg')) { | |
# continue; | |
# } | |
# await github.repos.uploadReleaseAsset({ | |
# owner, | |
# repo, | |
# release_id: process.env.GH_RELEASE_ID, // release.data.id, | |
# name: file, | |
# data: await fs.readFile(`./release/${file}`) | |
# }); | |
# } |