Skip to content

Update Managed Files #252

Update Managed Files

Update Managed Files #252

name: Build & Release
on:
push:
tags:
- '**'
pull_request:
branches:
- '**'
concurrency:
group: ${{ github.ref }}-${{ github.workflow }}
cancel-in-progress: true
permissions:
id-token: write
contents: write
env:
APP_NAME: core-registry-cadt-ui
jobs:
build_mac:
name: Build Mac Installer
runs-on: macos-latest
steps:
- uses: Chia-Network/actions/clean-workspace@main
- name: Checkout Code
uses: actions/checkout@v4
- name: Setup Node 20
uses: actions/setup-node@v4
with:
node-version: '20.16'
- name: Install Husky
run: npm install --save-dev husky
- name: install dmg-license
run: npm i dmg-license
- name: Change the package.json version if an RC tag
if: startsWith(github.ref, 'refs/tags/') && contains( github.ref, '-rc')
run: |
echo "Github ref: $GITHUB_REF"
IFS='/' read -r base directory tag <<< "$GITHUB_REF"
echo "Extracted tag is $tag"
jq ".version = \"${tag}\"" package.json > package.tmp
mv package.tmp package.json
- name: npm install
run: |
npm install
- name: Test for secrets access
id: check_secrets
shell: bash
run: |
unset HAS_SIGNING_SECRET
if [ -n "$SIGNING_SECRET" ]; then HAS_SIGNING_SECRET='true' ; fi
echo "HAS_SIGNING_SECRET=${HAS_SIGNING_SECRET}" >> "$GITHUB_OUTPUT"
env:
SIGNING_SECRET: "${{ secrets.SM_CLIENT_CERT_FILE_B64 }}"
- name: Import Apple installer signing certificate
if: steps.check_secrets.outputs.HAS_SIGNING_SECRET && startsWith(github.ref, 'refs/tags/')
uses: Apple-Actions/import-codesign-certs@v1
with:
p12-file-base64: ${{ secrets.APPLE_DEV_ID_APP }}
p12-password: ${{ secrets.APPLE_DEV_ID_APP_PASS }}
- name: Build electron app
env:
CSC_FOR_PULL_REQUEST: "true"
run: npm run electron:package:mac
- name: Notarize
if: steps.check_secrets.outputs.HAS_SIGNING_SECRET && startsWith(github.ref, 'refs/tags/')
run: |
DMG_FILE=$(find ${{ github.workspace }}/dist/ -type f -name '*.dmg')
xcrun notarytool submit \
--wait \
--apple-id "${{ secrets.APPLE_NOTARIZE_USERNAME }}" \
--password "${{ secrets.APPLE_NOTARIZE_PASSWORD }}" \
--team-id "${{ secrets.APPLE_TEAM_ID }}" \
"$DMG_FILE"
- name: Upload Mac Installer
uses: actions/upload-artifact@v4
with:
name: ${{ env.APP_NAME }}-mac-installer
path: ${{ github.workspace }}/dist/*.dmg
build_windows:
name: Build Windows Installer
runs-on: windows-2019
steps:
- name: Checkout Code
uses: actions/checkout@v4
- name: Setup Node 20.16
uses: actions/setup-node@v4
with:
node-version: '20.16'
- name: Install Husky
run: npm install --save-dev husky
- name: Ignore Husky where not compatible
run: npm pkg delete scripts.prepare
- name: Change the package.json version if an RC tag
if: startsWith(github.ref, 'refs/tags/') && contains( github.ref, '-rc')
shell: bash
run: |
IFS='/' read -r base directory tag <<< "$GITHUB_REF"
jq ".version = \"${tag}\"" package.json > package.tmp
mv package.tmp package.json
- name: npm install
run: |
node --version
npm install
- name: Build electron app
run: npm run electron:package:win
- name: Test for secrets access
id: check_secrets
shell: bash
run: |
unset HAS_SIGNING_SECRET
if [ -n "$SIGNING_SECRET" ]; then HAS_SIGNING_SECRET='true' ; fi
echo "HAS_SIGNING_SECRET=${HAS_SIGNING_SECRET}" >> "$GITHUB_OUTPUT"
env:
SIGNING_SECRET: "${{ secrets.SM_CLIENT_CERT_FILE_B64 }}"
# Windows Code Signing
- name: Get installer name for signing
shell: bash
run: |
FILE=$(find dist -type f -maxdepth 1 -name '*.exe')
echo "Installer file is $FILE"
echo "INSTALLER_FILE=$FILE" >> "$GITHUB_ENV"
- name: Sign windows artifacts
if: steps.check_secrets.outputs.HAS_SIGNING_SECRET
uses: chia-network/actions/digicert/windows-sign@main
with:
sm_api_key: ${{ secrets.SM_API_KEY }}
sm_client_cert_file_b64: ${{ secrets.SM_CLIENT_CERT_FILE_B64 }}
sm_client_cert_password: ${{ secrets.SM_CLIENT_CERT_PASSWORD }}
sm_code_signing_cert_sha1_hash: ${{ secrets.SM_CODE_SIGNING_CERT_SHA1_HASH }}
file: "${{ github.workspace }}/${{ env.INSTALLER_FILE }}"
- name: Upload Windows Installer
uses: actions/upload-artifact@v4
with:
name: ${{ env.APP_NAME }}-windows-installer
path: "${{ github.workspace }}/${{ env.INSTALLER_FILE }}"
build_linux:
name: Build Linux Installer
runs-on: ubuntu-latest
steps:
- name: Checkout Code
uses: actions/checkout@v4
- name: Setup Node 20.16
uses: actions/setup-node@v4
with:
node-version: '20.16'
- name: Install Husky
run: npm install --save-dev husky
- name: Change the package.json version if an RC tag
if: startsWith(github.ref, 'refs/tags/') && contains( github.ref, '-rc')
run: |
IFS='/' read -r base directory tag <<< "$GITHUB_REF"
jq ".version = \"${tag}\"" package.json > package.tmp
mv package.tmp package.json
- name: npm install
run: |
node --version
npm install
- name: Build electron app
run: npm run electron:package:linux
- name: Rename Linux installer to be standard format for apt
run: |
ORIGINAL=$(ls dist/*.deb)
MODIFIED=${ORIGINAL:0:-10}-1${ORIGINAL#${ORIGINAL:0:-10}}
mv $ORIGINAL $MODIFIED
- name: Upload Linux Installer
uses: actions/upload-artifact@v4
with:
name: ${{ env.APP_NAME }}-linux-installer
path: ${{ github.workspace }}/dist/*.deb
build_web:
name: Build Web App
runs-on: ubuntu-latest
steps:
- name: Checkout Code
uses: actions/checkout@v4
- name: Setup Node 20.16
uses: actions/setup-node@v4
with:
node-version: '20.16'
- name: Install Husky
run: npm install --save-dev husky
- name: Change the package.json version if an RC tag
if: startsWith(github.ref, 'refs/tags/') && contains( github.ref, '-rc')
run: |
IFS='/' read -r base directory tag <<< "$GITHUB_REF"
jq ".version = \"${tag}\"" package.json > package.tmp
mv package.tmp package.json
- name: npm install and build
run: |
node --version
npm install
npm run web-build
- name: Create .tar.gz of the web build
run: tar -cvzf ${{ env.APP_NAME }}-web-build.tar.gz build
- name: Upload build artifact
uses: actions/upload-artifact@v4
with:
name: ${{ env.APP_NAME }}-web-build
path: ${{ env.APP_NAME }}-web-build.tar.gz
release:
runs-on: ubuntu-latest
if: startsWith(github.ref, 'refs/tags/')
needs:
- build_mac
- build_windows
- build_linux
- build_web
steps:
- name: Download Windows artifacts
uses: actions/download-artifact@v4
with:
name: ${{ env.APP_NAME }}-windows-installer
path: ${{ env.APP_NAME }}-windows-installer
- name: Download MacOS artifacts
uses: actions/download-artifact@v4
with:
name: ${{ env.APP_NAME }}-mac-installer
path: ${{ env.APP_NAME }}-mac-installer
- name: Download Linux artifacts
uses: actions/download-artifact@v4
with:
name: ${{ env.APP_NAME }}-linux-installer
path: ${{ env.APP_NAME }}-linux-installer
- name: Download Web artifact
uses: actions/download-artifact@v4
with:
name: ${{ env.APP_NAME }}-web-build
path: ${{ env.APP_NAME }}-web-build
- name: Get Filenames
run: |
DMG_FILE=$(find ${{ github.workspace }}/${{ env.APP_NAME }}-mac-installer/ -type f -name '*.dmg')
DEB_FILE=$(find ${{ github.workspace }}/${{ env.APP_NAME }}-linux-installer/ -type f -name '*.deb')
EXE_FILE=$(find ${{ github.workspace }}/${{ env.APP_NAME }}-windows-installer/ -type f -name '*.exe')
WEB_FILE=$(find ${{ github.workspace }}/${{ env.APP_NAME }}-web-build/ -type f -name '*.tar.gz')
echo "DMG_FILE=$DMG_FILE" >>$GITHUB_ENV
echo "DEB_FILE=$DEB_FILE" >>$GITHUB_ENV
echo "EXE_FILE=$EXE_FILE" >>$GITHUB_ENV
echo "WEB_FILE=$WEB_FILE" >>$GITHUB_ENV
# RC release should not be set as latest
- name: Decide if release should be set as latest
id: is_latest
shell: bash
run: |
unset IS_LATEST
echo "Github ref is $GITHUB_REF"
if [[ "$GITHUB_REF" =~ "-rc" ]]; then
echo "release candidate tag matched"
IS_LATEST='false'
IS_PRERELEASE='true'
else
echo "main branch release matched"
IS_LATEST='true'
IS_PRERELEASE='false'
fi
echo "IS_LATEST=${IS_LATEST}" >> "$GITHUB_OUTPUT"
echo "IS_PRERELEASE=${IS_PRERELEASE}" >> "$GITHUB_OUTPUT"
- name: Release
uses: softprops/[email protected]
with:
prerelease: ${{steps.is_latest.outputs.IS_PRERELEASE}}
make_latest: "${{steps.is_latest.outputs.IS_LATEST}}"
files: |
${{ env.DMG_FILE }}
${{ env.DEB_FILE }}
${{ env.EXE_FILE }}
${{ env.WEB_FILE }}
- name: Get repo name
if: startsWith(github.ref, 'refs/tags/') && !contains( github.ref, '-rc')
id: repo-name
run: |
echo "REPO_NAME=$(echo "$GITHUB_REPOSITORY" | cut -d "/" -f 2)" >>$GITHUB_OUTPUT
- name: Get tag name
if: startsWith(github.ref, 'refs/tags/') && !contains( github.ref, '-rc')
id: tag-name
run: |
echo "TAGNAME=$(echo $GITHUB_REF | cut -d / -f 3)" >>$GITHUB_OUTPUT
- name: Trigger apt repo update
if: startsWith(github.ref, 'refs/tags/') && !contains( github.ref, '-rc')
uses: Chia-Network/actions/github/glue@main
with:
json_data: '{"climate_tokenization_repo":"${{ steps.repo-name.outputs.REPO_NAME }}","application_name":"[\"${{ env.APP_NAME }}\"]","release_version":"${{ steps.tag-name.outputs.TAGNAME }}","add_debian_version":"true","arm64":"available"}'
glue_url: ${{ secrets.GLUE_API_URL }}
glue_project: "climate-tokenization"
glue_path: "trigger"