💚 Fix keychain import #53
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: build | |
on: | |
push: | |
branches: | |
- main | |
paths-ignore: | |
- "**.md" | |
- "**.spec.js" | |
- ".idea" | |
- ".gitignore" | |
- ".github/**" | |
- "!.github/workflows/build.yml" | |
- "!.github/workflows/import_cert.sh" | |
pull_request: | |
branches: | |
- main | |
concurrency: | |
group: release-${{ github.ref }} | |
cancel-in-progress: true | |
defaults: | |
run: | |
shell: "bash" | |
jobs: | |
pre_job: | |
# continue-on-error: true # Uncomment once integration is finished | |
runs-on: ubuntu-latest | |
# Map a step output to a job output | |
outputs: | |
should_skip: ${{ steps.skip_check.outputs.should_skip }} | |
steps: | |
- id: skip_check | |
uses: fkirc/skip-duplicate-actions@master | |
with: | |
paths: | | |
[ | |
".github/workflows/build.yml", | |
".github/workflows/import_cert.sh", | |
"app/package.json", | |
"app/package-lock.json", | |
"app/electron-builder.config.js", | |
"app/get_version.js", | |
"app/src/vite_main.config.js", | |
"app/src/vite_renderer.config.js", | |
"app/src/scripts/*", | |
"app/assets/*", | |
"server/build_server.sh", | |
"server/poetry.lock", | |
"server/pyoxidizer.bzl", | |
"server/pyproject.toml", | |
"server/requirements.txt" | |
] | |
get_metadata: | |
runs-on: ubuntu-latest | |
needs: pre_job | |
if: ${{ needs.pre_job.outputs.should_skip != 'true' || github.event_name == 'push' }} | |
outputs: | |
branch: ${{ steps.extract_branch.outputs.branch }} | |
steps: | |
- name: checkout | |
uses: actions/checkout@v3 | |
with: | |
fetch-depth: 0 | |
- name: setup node | |
uses: actions/setup-node@v3 | |
with: | |
node-version: 16 | |
- name: extract branch name | |
shell: bash | |
run: echo "branch=${GITHUB_REF#refs/heads/}" >> $GITHUB_OUTPUT | |
id: extract_branch | |
- name: echo branch name | |
shell: bash | |
run: echo "Currently on branch '${{ steps.extract_branch.outputs.branch }}'" | |
build: | |
needs: [get_metadata, pre_job] | |
strategy: | |
matrix: | |
os: [macos-latest, ubuntu-latest, windows-latest] | |
runs-on: ${{ matrix.os }} | |
steps: | |
- name: checkout | |
uses: actions/checkout@v3 | |
with: | |
fetch-depth: 0 | |
- name: import and trust codesigning cert for macOS | |
if: startsWith(matrix.os, 'macos') # && (github.ref_name == 'main' || github.ref_type == 'tag') | |
shell: bash | |
run: ./.github/workflows/import_cert.sh | |
env: | |
MAC_KEY_PASSWORD: ${{ secrets.mac_key_password }} | |
MAC_KEY: ${{ secrets.mac_key }} | |
MAC_CERT: ${{ secrets.mac_cert }} | |
# Build server | |
- name: setup python | |
uses: actions/setup-python@v4 | |
with: | |
python-version: 3.8 | |
- name: cache cargo | |
uses: actions/cache@v3 | |
with: | |
path: | | |
~/.cargo/ | |
key: ${{ runner.os }}-cargo | |
- name: install rust | |
uses: actions-rs/toolchain@v1 | |
with: | |
toolchain: stable | |
- name: install pyoxidizer | |
run: python3 -m pip install pyoxidizer | |
- name: install poetry | |
uses: snok/install-poetry@v1 | |
- name: build server | |
run: ./server/build_server.sh | |
- name: setup node | |
uses: actions/setup-node@v3 | |
with: | |
node-version: 16 | |
cache: "npm" | |
cache-dependency-path: app/package-lock.json | |
- name: install npm dependencies | |
run: npm --prefix app/ ci | |
- name: delete outdated draft releases | |
uses: hugo19941994/[email protected] | |
continue-on-error: true | |
with: | |
threshold: 5d | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
# From https://github.com/samuelmeuli/action-electron-builder/issues/42 | |
- name: install libarchive-tools for pacman build # Related https://github.com/electron-userland/electron-builder/issues/4181 | |
if: startsWith(matrix.os, 'ubuntu') | |
run: sudo apt-get install libarchive-tools | |
# Compile app and upload artifacts | |
- name: build & release electron app | |
uses: samuelmeuli/action-electron-builder@v1 | |
with: | |
build_script_name: build | |
package_root: app/ | |
args: --config electron-builder.config.js ${{ (github.event_name != 'push' || needs.get_metadata.outputs.branch != 'main') && '--publish never' || ''}} | |
# GitHub token, automatically provided to the action | |
# (No need to define this secret in the repo settings) | |
github_token: ${{ secrets.github_token }} | |
# If the commit is in the main branch and this does not run on a PR, release | |
release: ${{ github.event_name == 'push' && needs.get_metadata.outputs.branch == 'main' }} | |
# Sometimes the build may fail due to a connection problem with Apple, GitHub, etc. servers. | |
# This option will restart the build as many attempts as possible | |
max_attempts: 3 | |
# Code Signing params | |
# Base64-encoded code signing certificate for Windows | |
# windows_certs: '' | |
# Password for decrypting `windows_certs` | |
# windows_certs_password: '' | |
# Base64-encoded code signing certificate for macOS | |
mac_certs: ${{ secrets.mac_certs }} | |
# Password for decrypting `mac_certs` | |
mac_certs_password: ${{ secrets.mac_certs_password }} | |
- name: upload artifacts to github actions | |
uses: actions/upload-artifact@v3 | |
with: | |
name: build-${{matrix.os}} | |
path: | | |
app/dist/*.deb | |
app/dist/*.pacman | |
app/dist/*.AppImage | |
app/dist/*.rpm | |
app/dist/*.dmg | |
app/dist/*.zip | |
app/dist/*.exe | |
finalize: | |
needs: [build] | |
runs-on: ubuntu-latest | |
steps: | |
- name: check that build succeeded or was skipped | |
shell: bash | |
run: "[[ '${{needs.build.result}}' == 'success' || '${{needs.build.result}}' == 'skipped' ]]" |