monokle-sign-notarize-publish #1763
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: monokle-sign-notarize-publish | |
on: | |
push: | |
branches: | |
- main | |
release: | |
types: | |
- prereleased | |
# Allows you to run this workflow manually from the Actions tab | |
workflow_dispatch: | |
jobs: | |
# This workflow contains a single job called "build" | |
build-and-publish-mac: | |
runs-on: macos-latest | |
steps: | |
- name: Context | |
env: | |
GITHUB_CONTEXT: ${{ toJson(github) }} | |
run: echo "$GITHUB_CONTEXT" | |
# Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it. | |
- name: Checkout Project | |
uses: actions/checkout@v2 | |
# Check memory and cpu | |
- name: Verify Runner Resources | |
run: | | |
sysctl -n machdep.cpu.brand_string | |
vm_stat | perl -ne '/page size of (\d+)/ and $size=$1; /Pages\s+([^:]+)[^\d]+(\d+)/ and printf("%-16s % 16.2f Mi\n", "$1:", $2 * $size / 1048576);' | |
- name: Install Tools | |
run: | | |
brew install jq | |
- name: Check MacOS certs expiration | |
run: | | |
ls -la | |
chmod +x .github/workflows/scripts/check-osx-cert-exp.sh && .github/workflows/scripts/check-osx-cert-exp.sh | |
env: | |
CERTIFICATE_OSX_APPLICATION: ${{ secrets.MONOKLE_MACOS_CERTS }} | |
CERTIFICATE_PASSWORD: ${{ secrets.MONOKLE_MACOS_CERTS_PASSWORD }} | |
- name: Add MacOS certs | |
run: | | |
ls -la | |
chmod +x .github/workflows/scripts/add-osx-cert.sh && .github/workflows/scripts/add-osx-cert.sh | |
env: | |
CERTIFICATE_OSX_APPLICATION: ${{ secrets.MONOKLE_MACOS_CERTS }} | |
CERTIFICATE_PASSWORD: ${{ secrets.MONOKLE_MACOS_CERTS_PASSWORD }} | |
- name: Electron mac os security identities | |
run: security find-identity -v | |
- name: Get Node Version | |
run: | | |
cat .nvmrc | |
echo "::set-output name=nodeversion::$(cat .nvmrc)" | |
id: get-node-version | |
- name: Use Node.js ${{ steps.get-node-version.outputs.nodeversion }} | |
uses: actions/setup-node@v2 | |
with: | |
node-version: ${{ steps.get-node-version.outputs.nodeversion }} | |
cache: 'npm' | |
# Fixes issues with node-gyp https://github.com/nodejs/node-gyp/issues/2869 | |
- name: Install Python utilities | |
run: python3 -m pip install setuptools | |
- name: Install Dependencies | |
run: | | |
env | |
echo "npm: $(npm --version)" | |
echo "node: $(node --version)" | |
npm install | |
- name: Install dmg-license | |
run: npm install dmg-license | |
# - name: Verify Dependencies | |
# run: | | |
# ls -la | |
# npm list --depth=1 | |
- name: Build | |
run: | | |
contents="$(jq --arg SENTRY_DSN $SENTRY_DSN '.SENTRY_DSN = $SENTRY_DSN' electron/env.json)" && echo "${contents}" > electron/env.json | |
contents="$(jq --arg MONOKLE_INSTALLS_URL $MONOKLE_INSTALLS_URL '.MONOKLE_INSTALLS_URL = $MONOKLE_INSTALLS_URL' electron/env.json)" && echo "${contents}" > electron/env.json | |
contents="$(jq --arg SEGMENT_API_KEY $SEGMENT_API_KEY '.SEGMENT_API_KEY = $SEGMENT_API_KEY' electron/env.json)" && echo "${contents}" > electron/env.json | |
npm run electron:build:ci | |
env: | |
# Set CI flag to false, or the build fails on all warnings, not just errors as locally. | |
CI: false | |
SENTRY_DSN: ${{ secrets.SENTRY_DSN }} | |
MONOKLE_INSTALLS_URL: ${{ secrets.MONOKLE_INSTALLS_URL }} | |
SEGMENT_API_KEY: ${{ secrets.SEGMENT_API_KEY }} | |
SENTRY_AUTH_TOKEN: ${{ secrets.SENTRY_AUTH_TOKEN }} | |
REACT_APP_NEWS_FEED_URL: ${{ secrets.REACT_APP_NEWS_FEED_URL }} | |
- name: Package | |
id: build | |
run: | | |
echo "::set-output name=TAG::v$(cat package.json | jq -r '.version')" | |
npm exec -c "electron-builder --publish \"never\"" | |
env: | |
GITHUB_TOKEN: ${{ secrets.github_token }} | |
EP_PRE_RELEASE: true | |
NOTARIZE: true | |
CSC_LINK: ${{ secrets.MONOKLE_MACOS_CERTS }} | |
CSC_KEY_PASSWORD: ${{ secrets.MONOKLE_MACOS_CERTS_PASSWORD }} | |
APPLE_ID: ${{ secrets.APPLE_ID }} | |
APPLE_ID_PASSWORD: ${{ secrets.APPLE_ID_PASSWORD }} | |
APPLE_APP_SPECIFIC_PASSWORD: ${{ secrets.APPLE_APP_SPECIFIC_PASSWORD }} | |
APPLE_TEAM_ID: ${{ secrets.APPLE_TEAM_ID }} | |
USE_HARD_LINKS: false | |
# Check Binary Size | |
- name: Build Succeeded | |
run: | | |
ls -alh dist | grep Monokle && du -sh dist/mac || true | |
if: ${{ success() }} | |
- name: Create release and upload artifacts | |
uses: ncipollo/release-action@v1 | |
with: | |
allowUpdates: true | |
prerelease: true | |
artifacts: 'dist/latest-mac.yml,dist/*.dmg,dist/*.blockmap,dist/*.zip' | |
omitBody: true | |
tag: ${{ steps.package.outputs.TAG }} | |
token: ${{ secrets.github_token }} | |
if: "!contains(github.ref, 'main')" | |
- name: Archive Binary | |
uses: actions/upload-artifact@v2 | |
with: | |
name: dist-mac | |
path: dist | |
if: ${{ success() }} | |
- name: Build Failed - Output Build Logs | |
run: | | |
cat /Users/runner/.npm/_logs/*-debug.log || true | |
if: ${{ failure() || cancelled() }} | |
- name: Build Failed - Archive Build Logs | |
uses: actions/upload-artifact@v2 | |
with: | |
name: logs | |
path: /Users/runner/.npm/_logs | |
if: ${{ failure() || cancelled() }} | |
# Make sure no secrets or certs are left on the runner | |
- name: Cleanup files after run | |
run: | | |
rm -rf * | |
ls -la | |
if: ${{ always() }} | |
build-and-publish-windows: | |
runs-on: windows-latest | |
steps: | |
- name: Context | |
env: | |
GITHUB_CONTEXT: ${{ toJson(github) }} | |
run: echo "$GITHUB_CONTEXT" | |
# Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it. | |
- name: Checkout Project | |
uses: actions/checkout@v2 | |
- name: Install Tools | |
run: | | |
choco install jq dotnet-5.0-runtime dotnetcore-sdk -y | |
dotnet tool install --version 3.0.0 --global AzureSignTool | |
- name: Get Node Version | |
run: | | |
Set-PSDebug -Trace 1 | |
$filePath = "D:\a\monokle\monokle\.nvmrc" | |
Get-Content $filePath -Raw | |
$content = Get-Content $filePath -Raw | |
echo "::set-output name=nodeversion::$content" | |
id: get-node-version | |
- name: Use Node.js ${{ steps.get-node-version.outputs.nodeversion }} | |
uses: actions/setup-node@v2 | |
with: | |
node-version: ${{ steps.get-node-version.outputs.nodeversion }} | |
cache: 'npm' | |
# Fixes issues with node-gyp https://github.com/nodejs/node-gyp/issues/2869 | |
- name: Install Python utilities | |
run: python3 -m pip install setuptools | |
# Install Dependencies | |
- name: Install Dependencies | |
run: | | |
Set-PSDebug -Trace 1 | |
node --version | |
npm --version | |
npm install | |
# - name: Verify Dependencies | |
# run: | | |
# cmd /r dir | |
# npm list --depth=1 | |
- name: Build | |
shell: PowerShell | |
run: | | |
($contents=jq --arg SENTRY_DSN $env:SENTRY_DSN '.SENTRY_DSN = $SENTRY_DSN' electron\env.json) -and ($contents | set-content electron\env.json -Encoding Ascii) | |
($contents=jq --arg MONOKLE_INSTALLS_URL $env:MONOKLE_INSTALLS_URL '.MONOKLE_INSTALLS_URL = $MONOKLE_INSTALLS_URL' electron\env.json) -and ($contents | set-content electron\env.json -Encoding Ascii) | |
($contents=jq --arg SEGMENT_API_KEY $env:SEGMENT_API_KEY '.SEGMENT_API_KEY = $SEGMENT_API_KEY' electron\env.json) -and ($contents | set-content electron\env.json -Encoding Ascii) | |
npm run electron:build:ci | |
env: | |
# Set CI flag to false, or the build fails on all warnings, not just errors as locally. | |
CI: false | |
SENTRY_DSN: ${{ secrets.SENTRY_DSN }} | |
MONOKLE_INSTALLS_URL: ${{ secrets.MONOKLE_INSTALLS_URL }} | |
SEGMENT_API_KEY: ${{ secrets.SEGMENT_API_KEY }} | |
SENTRY_AUTH_TOKEN: ${{ secrets.SENTRY_AUTH_TOKEN }} | |
REACT_APP_NEWS_FEED_URL: ${{ secrets.REACT_APP_NEWS_FEED_URL }} | |
- name: Package | |
id: package | |
run: | | |
$p = get-content package.json | ConvertFrom-Json | |
echo "::set-output name=TAG::v$($p.version)" | |
npm exec -c 'electron-builder --publish "never"' | |
env: | |
GITHUB_TOKEN: ${{ secrets.github_token }} | |
AZURE_CREDENTIALS: ${{ secrets.AZURE_CREDENTIALS }} | |
EP_PRE_RELEASE: true | |
USE_HARD_LINKS: false | |
# Check Binary Size | |
- name: Build Succeeded | |
run: | | |
cmd /r dir .\dist | |
if: ${{ success() }} | |
- name: Create release and upload artifacts | |
uses: ncipollo/release-action@v1 | |
with: | |
allowUpdates: true | |
prerelease: true | |
artifacts: 'dist/latest.yml,dist/*.exe,dist/*.blockmap' | |
omitBody: true | |
tag: ${{ steps.package.outputs.TAG }} | |
token: ${{ secrets.github_token }} | |
if: "!contains(github.ref, 'main')" | |
- name: Archive Binary | |
uses: actions/upload-artifact@v2 | |
with: | |
name: dist-win | |
path: dist | |
if: ${{ success() }} | |
# This workflow contains a single job called "build" | |
build-and-publish-linux: | |
runs-on: ubuntu-latest | |
steps: | |
- name: Context | |
env: | |
GITHUB_CONTEXT: ${{ toJson(github) }} | |
run: echo "$GITHUB_CONTEXT" | |
# Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it. | |
- name: Checkout Project | |
uses: actions/checkout@v2 | |
- name: Get Node Version | |
run: | | |
cat .nvmrc | |
echo "::set-output name=nodeversion::$(cat .nvmrc)" | |
id: get-node-version | |
- name: Use Node.js ${{ steps.get-node-version.outputs.nodeversion }} | |
uses: actions/setup-node@v2 | |
with: | |
node-version: ${{ steps.get-node-version.outputs.nodeversion }} | |
cache: 'npm' | |
# Fixes issues with node-gyp https://github.com/nodejs/node-gyp/issues/2869 | |
- name: Install Python utilities | |
run: python3 -m pip install setuptools | |
- name: Install Dependencies | |
run: | | |
env | |
echo "npm: $(npm --version)" | |
echo "node: $(node --version)" | |
npm install | |
# - name: Verify Dependencies | |
# run: | | |
# ls -la | |
# npm list --depth=1 | |
- name: Install Tools | |
run: | | |
sudo apt-get install jq | |
- name: Build | |
run: | | |
contents="$(jq --arg SENTRY_DSN $SENTRY_DSN '.SENTRY_DSN = $SENTRY_DSN' electron/env.json)" && echo "${contents}" > electron/env.json | |
contents="$(jq --arg MONOKLE_INSTALLS_URL $MONOKLE_INSTALLS_URL '.MONOKLE_INSTALLS_URL = $MONOKLE_INSTALLS_URL' electron/env.json)" && echo "${contents}" > electron/env.json | |
contents="$(jq --arg SEGMENT_API_KEY $SEGMENT_API_KEY '.SEGMENT_API_KEY = $SEGMENT_API_KEY' electron/env.json)" && echo "${contents}" > electron/env.json | |
npm run electron:build:ci | |
env: | |
# Set CI flag to false, or the build fails on all warnings, not just errors as locally. | |
CI: false | |
SENTRY_DSN: ${{ secrets.SENTRY_DSN }} | |
MONOKLE_INSTALLS_URL: ${{ secrets.MONOKLE_INSTALLS_URL }} | |
SEGMENT_API_KEY: ${{ secrets.SEGMENT_API_KEY }} | |
SENTRY_AUTH_TOKEN: ${{ secrets.SENTRY_AUTH_TOKEN }} | |
REACT_APP_NEWS_FEED_URL: ${{ secrets.REACT_APP_NEWS_FEED_URL }} | |
- name: Package | |
id: package | |
run: | | |
echo "::set-output name=TAG::v$(cat package.json | jq -r '.version')" | |
npm exec -c "electron-builder --publish \"never\"" | |
env: | |
GITHUB_TOKEN: ${{ secrets.github_token }} | |
EP_PRE_RELEASE: true | |
USE_HARD_LINKS: false | |
# Check Binary Size | |
- name: Build Succeeded | |
run: | | |
ls -alh dist | grep Monokle && du -sh dist || true | |
if: ${{ success() }} | |
- name: Create release and upload artifacts | |
uses: ncipollo/release-action@v1 | |
with: | |
allowUpdates: true | |
prerelease: true | |
artifacts: 'dist/latest-linux.yml,dist/latest-linux-arm64.yml,dist/*.deb,dist/*.AppImage,dist/*.rpm' | |
omitBody: true | |
tag: ${{ steps.package.outputs.TAG }} | |
token: ${{ secrets.github_token }} | |
if: "!contains(github.ref, 'main')" | |
- name: Archive Binary | |
uses: actions/upload-artifact@v2 | |
with: | |
name: dist-nix | |
path: dist | |
if: ${{ success() }} | |
- name: Build Failed - Output Build Logs | |
run: | | |
cat /Users/runner/.npm/_logs/*-debug.log || true | |
if: ${{ failure() || cancelled() }} | |
- name: Build Failed - Archive Build Logs | |
uses: actions/upload-artifact@v2 | |
with: | |
name: logs | |
path: /Users/runner/.npm/_logs | |
if: ${{ failure() || cancelled() }} | |
# Make sure no secrets or certs are left on the runner | |
- name: Cleanup files after run | |
run: | | |
rm -rf * | |
ls -la | |
if: ${{ always() }} |