CD #681
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: CD | |
on: | |
schedule: | |
- cron: 0 1 * * * # every night at 1am on dev | |
workflow_dispatch: | |
env: | |
GIT_AUTHOR_EMAIL: ${{ secrets.SOCIALGROOVYBOT_EMAIL }} | |
GIT_AUTHOR_NAME: ${{ secrets.SOCIALGROOVYBOT_NAME }} | |
GIT_COMMITTER_EMAIL: ${{ secrets.SOCIALGROOVYBOT_EMAIL }} | |
GIT_COMMITTER_NAME: ${{ secrets.SOCIALGROOVYBOT_NAME }} | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
WIN_CSC_LINK: ${{ github.workspace }}/certwin.p12 | |
CSC_LINK: ${{ github.workspace }}/certmac.p12 | |
jobs: | |
compile: | |
name: Compile | |
runs-on: ubuntu-latest | |
if: "${{ github.event_name == 'schedule'}} | |
|| (${{ github.event_name == 'workflow_dispatch' }} && contains('refs/heads/main,refs/heads/beta,refs/heads/dev', github.ref))" | |
outputs: | |
current-version: ${{ steps.compile.outputs.current-version }} | |
next-version: ${{ steps.compile.outputs.next-version }} | |
steps: | |
- uses: actions/checkout@v3 | |
with: | |
fetch-depth: 0 | |
- name: Decode certificates | |
env: | |
WIN_CSC_LINK_RAW: ${{ secrets.WIN_CSC_LINK }} | |
CSC_LINK_RAW: ${{ secrets.CSC_LINK }} | |
run: | | |
echo "$WIN_CSC_LINK_RAW" > certwin.txt | |
base64 --decode certwin.txt > $WIN_CSC_LINK | |
echo "$CSC_LINK_RAW" > certmac.txt | |
base64 --decode certmac.txt > $CSC_LINK | |
- name: Archive certificates | |
uses: actions/upload-artifact@v2 | |
with: | |
if-no-files-found: error | |
name: certificates | |
path: | | |
${{ env.WIN_CSC_LINK }} | |
${{ env.CSC_LINK }} | |
- name: Setup Node | |
uses: ./.github/actions/setup-node | |
# >> NO Secrets | |
- name: Temp NO_SECRETS as .env file | |
run: | | |
touch ${{ github.run_id }}_${{ github.sha }}.env | |
echo "${{ secrets.NO_SECRETS }}" >> ${{ github.run_id }}_${{ github.sha }}.env | |
- name: Convert dotenv as output | |
id: nosecrets | |
uses: falti/dotenv-action@v1 | |
with: | |
path: ${{ github.run_id }}_${{ github.sha }}.env | |
log-variables: true | |
mask-variables: false | |
- name: Remove temp .env file | |
run: rm -rf ${{ github.run_id }}_${{ github.sha }}.env | |
# << NO Secrets | |
- name: Yarn install | |
env: | |
npm_config_build_from_source: true | |
run: yarn --frozen-lockfile --perfer-offline | |
- name: Import GPG key | |
uses: crazy-max/ghaction-import-gpg@v5 | |
with: | |
gpg_private_key: ${{ secrets.SOCIALGROOVYBOT_GPG_PRIVATE_KEY }} | |
passphrase: ${{ secrets.SOCIALGROOVYBOT_GPG_PASSPHRASE }} | |
git_user_signingkey: true | |
git_commit_gpgsign: true | |
git_push_gpgsign: false | |
git_tag_gpgsign: true | |
- id: compile | |
name: Compile | |
run: | | |
export PATH="$(pwd)/.github/bin/:$PATH" | |
# override because of "env-ci" used by semantic-release | |
# GITHUB_REF should not be default branch when "workflow_run" event is triggered | |
echo "current-version=$(node -e "console.log(require('./package.json').version)")" >> $GITHUB_OUTPUT | |
yarn semantic-release | |
echo "next-version=$(node -e "console.log(require('./package.json').version)")" >> $GITHUB_OUTPUT | |
yarn compile --no-progress | |
yarn compile-workers --no-progress | |
env: | |
ARCHIFILTRE_RELEASE_MODE: version | |
TRACKER_MATOMO_ID_SITE: ${{ steps.nosecrets.outputs.tracker_matomo_id_site }} | |
TRACKER_PROVIDER: ${{ steps.nosecrets.outputs.tracker_provider }} | |
SENTRY_ORG: ${{ steps.nosecrets.outputs.sentry_org }} | |
TRACKER_MATOMO_URL: ${{ secrets.TRACKER_MATOMO_URL }} | |
TRACKER_POSTHOG_API_KEY: ${{ secrets.TRACKER_POSTHOG_API_KEY }} | |
TRACKER_POSTHOG_URL: ${{ secrets.TRACKER_POSTHOG_URL }} | |
SENTRY_DSN: ${{ secrets.SENTRY_DSN }} | |
SENTRY_AUTH_TOKEN: ${{ secrets.SENTRY_AUTH_TOKEN }} | |
SENTRY_URL: ${{ secrets.SENTRY_URL }} | |
CACHE_PROVIDER: localdb | |
- name: Archive dist | |
uses: actions/upload-artifact@v2 | |
with: | |
name: compile-dist | |
path: dist/ | |
build: | |
if: ${{ success() }} | |
needs: compile | |
strategy: | |
matrix: | |
target: | |
- linux | |
- mac | |
- win | |
include: | |
- target: linux | |
os: ubuntu-latest | |
- target: mac | |
os: macos-latest | |
- target: win | |
os: windows-latest | |
name: Build binary for ${{ matrix.target }} on ${{ matrix.os }} | |
runs-on: ${{ matrix.os }} | |
env: | |
WIN_CSC_KEY_PASSWORD: ${{ secrets.WIN_CSC_KEY_PASSWORD }} | |
CSC_KEY_PASSWORD: ${{ secrets.CSC_KEY_PASSWORD }} | |
APPLE_ID: ${{ secrets.APPLE_ID }} | |
APPLE_ID_PASSWORD: ${{ secrets.APPLE_ID_PASSWORD }} | |
ELECTRON_CACHE: ${{ github.workspace }}/.cache/electron | |
ELECTRON_BUILDER_CACHE: ${{ github.workspace }}/.cache/electron-builder | |
steps: | |
- uses: actions/checkout@v3 | |
with: | |
fetch-depth: 0 | |
- name: Setup Node | |
uses: ./.github/actions/setup-node | |
- name: Yarn install | |
run: | | |
yarn config set network-timeout 300000 | |
yarn --frozen-lockfile --perfer-offline | |
- name: Replace version in package.json | |
shell: bash | |
run: | | |
yarn global add replace | |
$(yarn global bin)/replace '"version": "${{ needs.compile.outputs.current-version }}"' '"version": "${{ needs.compile.outputs.next-version }}"' package.json | |
yarn replaceForChannel | |
####### Activate only if windows msi build fail with "ICE error" | |
# - name: Hack msi compilation | |
# if: contains(matrix.os, 'windows') | |
# shell: bash | |
# run: $(yarn global bin)/replace 'lightArgs\.push\(\.\.\.objectFiles\);' 'lightArgs.push("-sval", ...objectFiles);' node_modules/app-builder-lib/out/targets/MsiTarget.js | |
- name: Download dist | |
uses: actions/download-artifact@v2 | |
with: | |
name: compile-dist | |
path: dist/ | |
- name: Download cetificates | |
uses: actions/download-artifact@v2 | |
with: | |
name: certificates | |
- name: Build bin | |
run: yarn dist:${{ matrix.target }} | |
- name: Archive bin | |
uses: actions/upload-artifact@v2 | |
with: | |
name: ${{ matrix.target }}-bin | |
path: | | |
electron/dist/*/archifiltre*.* | |
electron/dist/*/latest*.yml | |
release: | |
needs: build | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v3 | |
with: | |
fetch-depth: 0 | |
- name: Download all dist form build jobs | |
uses: actions/download-artifact@v2 | |
with: | |
path: bin | |
- name: Generate hashes | |
run: >- | |
find . -regextype posix-extended | |
-regex ".*/bin/.*/archifiltre.*\.(exe|AppImage|dmg|msi|zip)$" | |
-type f | |
-exec bash -c "openssl dgst -sha512 {} > {}.sha512" \; | |
- name: Setup Node | |
uses: ./.github/actions/setup-node | |
- name: Yarn install | |
run: yarn --frozen-lockfile --perfer-offline | |
- name: Import GPG key | |
uses: crazy-max/ghaction-import-gpg@v5 | |
with: | |
gpg_private_key: ${{ secrets.SOCIALGROOVYBOT_GPG_PRIVATE_KEY }} | |
passphrase: ${{ secrets.SOCIALGROOVYBOT_GPG_PASSPHRASE }} | |
git_user_signingkey: true | |
git_commit_gpgsign: true | |
git_push_gpgsign: false | |
git_tag_gpgsign: true | |
- name: Semantic Release | |
run: | | |
export PATH="$(pwd)/.github/bin/:$PATH" | |
yarn semantic-release |