Skip to content

CD

CD #681

Workflow file for this run

name: CD
on:
schedule:
- cron: 0 1 * * * # every night at 1am on dev
workflow_dispatch:
env:
GIT_AUTHOR_EMAIL: ${{ secrets.SOCIALGROOVYBOT_EMAIL }}
GIT_AUTHOR_NAME: ${{ secrets.SOCIALGROOVYBOT_NAME }}
GIT_COMMITTER_EMAIL: ${{ secrets.SOCIALGROOVYBOT_EMAIL }}
GIT_COMMITTER_NAME: ${{ secrets.SOCIALGROOVYBOT_NAME }}
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
WIN_CSC_LINK: ${{ github.workspace }}/certwin.p12
CSC_LINK: ${{ github.workspace }}/certmac.p12
jobs:
compile:
name: Compile
runs-on: ubuntu-latest
if: "${{ github.event_name == 'schedule'}}
|| (${{ github.event_name == 'workflow_dispatch' }} && contains('refs/heads/main,refs/heads/beta,refs/heads/dev', github.ref))"
outputs:
current-version: ${{ steps.compile.outputs.current-version }}
next-version: ${{ steps.compile.outputs.next-version }}
steps:
- uses: actions/checkout@v3
with:
fetch-depth: 0
- name: Decode certificates
env:
WIN_CSC_LINK_RAW: ${{ secrets.WIN_CSC_LINK }}
CSC_LINK_RAW: ${{ secrets.CSC_LINK }}
run: |
echo "$WIN_CSC_LINK_RAW" > certwin.txt
base64 --decode certwin.txt > $WIN_CSC_LINK
echo "$CSC_LINK_RAW" > certmac.txt
base64 --decode certmac.txt > $CSC_LINK
- name: Archive certificates
uses: actions/upload-artifact@v2
with:
if-no-files-found: error
name: certificates
path: |
${{ env.WIN_CSC_LINK }}
${{ env.CSC_LINK }}
- name: Setup Node
uses: ./.github/actions/setup-node
# >> NO Secrets
- name: Temp NO_SECRETS as .env file
run: |
touch ${{ github.run_id }}_${{ github.sha }}.env
echo "${{ secrets.NO_SECRETS }}" >> ${{ github.run_id }}_${{ github.sha }}.env
- name: Convert dotenv as output
id: nosecrets
uses: falti/dotenv-action@v1
with:
path: ${{ github.run_id }}_${{ github.sha }}.env
log-variables: true
mask-variables: false
- name: Remove temp .env file
run: rm -rf ${{ github.run_id }}_${{ github.sha }}.env
# << NO Secrets
- name: Yarn install
env:
npm_config_build_from_source: true
run: yarn --frozen-lockfile --perfer-offline
- name: Import GPG key
uses: crazy-max/ghaction-import-gpg@v5
with:
gpg_private_key: ${{ secrets.SOCIALGROOVYBOT_GPG_PRIVATE_KEY }}
passphrase: ${{ secrets.SOCIALGROOVYBOT_GPG_PASSPHRASE }}
git_user_signingkey: true
git_commit_gpgsign: true
git_push_gpgsign: false
git_tag_gpgsign: true
- id: compile
name: Compile
run: |
export PATH="$(pwd)/.github/bin/:$PATH"
# override because of "env-ci" used by semantic-release
# GITHUB_REF should not be default branch when "workflow_run" event is triggered
echo "current-version=$(node -e "console.log(require('./package.json').version)")" >> $GITHUB_OUTPUT
yarn semantic-release
echo "next-version=$(node -e "console.log(require('./package.json').version)")" >> $GITHUB_OUTPUT
yarn compile --no-progress
yarn compile-workers --no-progress
env:
ARCHIFILTRE_RELEASE_MODE: version
TRACKER_MATOMO_ID_SITE: ${{ steps.nosecrets.outputs.tracker_matomo_id_site }}
TRACKER_PROVIDER: ${{ steps.nosecrets.outputs.tracker_provider }}
SENTRY_ORG: ${{ steps.nosecrets.outputs.sentry_org }}
TRACKER_MATOMO_URL: ${{ secrets.TRACKER_MATOMO_URL }}
TRACKER_POSTHOG_API_KEY: ${{ secrets.TRACKER_POSTHOG_API_KEY }}
TRACKER_POSTHOG_URL: ${{ secrets.TRACKER_POSTHOG_URL }}
SENTRY_DSN: ${{ secrets.SENTRY_DSN }}
SENTRY_AUTH_TOKEN: ${{ secrets.SENTRY_AUTH_TOKEN }}
SENTRY_URL: ${{ secrets.SENTRY_URL }}
CACHE_PROVIDER: localdb
- name: Archive dist
uses: actions/upload-artifact@v2
with:
name: compile-dist
path: dist/
build:
if: ${{ success() }}
needs: compile
strategy:
matrix:
target:
- linux
- mac
- win
include:
- target: linux
os: ubuntu-latest
- target: mac
os: macos-latest
- target: win
os: windows-latest
name: Build binary for ${{ matrix.target }} on ${{ matrix.os }}
runs-on: ${{ matrix.os }}
env:
WIN_CSC_KEY_PASSWORD: ${{ secrets.WIN_CSC_KEY_PASSWORD }}
CSC_KEY_PASSWORD: ${{ secrets.CSC_KEY_PASSWORD }}
APPLE_ID: ${{ secrets.APPLE_ID }}
APPLE_ID_PASSWORD: ${{ secrets.APPLE_ID_PASSWORD }}
ELECTRON_CACHE: ${{ github.workspace }}/.cache/electron
ELECTRON_BUILDER_CACHE: ${{ github.workspace }}/.cache/electron-builder
steps:
- uses: actions/checkout@v3
with:
fetch-depth: 0
- name: Setup Node
uses: ./.github/actions/setup-node
- name: Yarn install
run: |
yarn config set network-timeout 300000
yarn --frozen-lockfile --perfer-offline
- name: Replace version in package.json
shell: bash
run: |
yarn global add replace
$(yarn global bin)/replace '"version": "${{ needs.compile.outputs.current-version }}"' '"version": "${{ needs.compile.outputs.next-version }}"' package.json
yarn replaceForChannel
####### Activate only if windows msi build fail with "ICE error"
# - name: Hack msi compilation
# if: contains(matrix.os, 'windows')
# shell: bash
# run: $(yarn global bin)/replace 'lightArgs\.push\(\.\.\.objectFiles\);' 'lightArgs.push("-sval", ...objectFiles);' node_modules/app-builder-lib/out/targets/MsiTarget.js
- name: Download dist
uses: actions/download-artifact@v2
with:
name: compile-dist
path: dist/
- name: Download cetificates
uses: actions/download-artifact@v2
with:
name: certificates
- name: Build bin
run: yarn dist:${{ matrix.target }}
- name: Archive bin
uses: actions/upload-artifact@v2
with:
name: ${{ matrix.target }}-bin
path: |
electron/dist/*/archifiltre*.*
electron/dist/*/latest*.yml
release:
needs: build
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
with:
fetch-depth: 0
- name: Download all dist form build jobs
uses: actions/download-artifact@v2
with:
path: bin
- name: Generate hashes
run: >-
find . -regextype posix-extended
-regex ".*/bin/.*/archifiltre.*\.(exe|AppImage|dmg|msi|zip)$"
-type f
-exec bash -c "openssl dgst -sha512 {} > {}.sha512" \;
- name: Setup Node
uses: ./.github/actions/setup-node
- name: Yarn install
run: yarn --frozen-lockfile --perfer-offline
- name: Import GPG key
uses: crazy-max/ghaction-import-gpg@v5
with:
gpg_private_key: ${{ secrets.SOCIALGROOVYBOT_GPG_PRIVATE_KEY }}
passphrase: ${{ secrets.SOCIALGROOVYBOT_GPG_PASSPHRASE }}
git_user_signingkey: true
git_commit_gpgsign: true
git_push_gpgsign: false
git_tag_gpgsign: true
- name: Semantic Release
run: |
export PATH="$(pwd)/.github/bin/:$PATH"
yarn semantic-release