-
-
Notifications
You must be signed in to change notification settings - Fork 48
206 lines (188 loc) · 8.87 KB
/
electron.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
name: Sign with Software Trust Manager KSP
on: push
jobs:
build:
runs-on: ${{ matrix.os }}
strategy:
matrix:
os: [windows-latest, ubuntu-latest, macos-latest]
fail-fast: false
steps:
- name: Check out Git repository
uses: actions/checkout@v3
- name: Set Version from package.json
id: variables
run: |
PACKAGE_VERSION=$(cat launcher/package.json \
| grep version \
| head -1 \
| awk -F: '{ print $2 }' \
| sed 's/[ ",]//g')
echo "Found Version: $PACKAGE_VERSION in package.json"
echo "version=$PACKAGE_VERSION" >> "$GITHUB_OUTPUT"
shell: bash
- name: Set Certificates and Variables for windows-latest
id: win-variables
run: |
# windows
echo "${{secrets.SM_CLIENT_CERT_FILE_B64 }}" | base64 --decode > /d/Certificate_pkcs12.p12
echo "SM_CLIENT_CERT_FILE=D:\Certificate_pkcs12.p12" >> "$GITHUB_ENV"
echo "SM_CLIENT_CERT_PASSWORD=${{ secrets.SM_CLIENT_CERT_PASSWORD }}" >> "$GITHUB_ENV"
echo "SM_API_KEY=${{ secrets.SM_API_KEY }}" >> "$GITHUB_ENV"
echo "SM_HOST=${{ vars.SM_HOST }}" >> "$GITHUB_ENV"
echo "C:\Program Files (x86)\Windows Kits\10\App Certification Kit" >> $GITHUB_PATH
echo "C:\Program Files (x86)\Microsoft SDKs\Windows\v10.0A\bin\NETFX 4.8 Tools" >> $GITHUB_PATH
echo "C:\Program Files\DigiCert\DigiCert Keylocker Tools" >> $GITHUB_PATH
shell: bash
if: matrix.os == 'windows-latest'
- name: Setup SSM KSP on windows-latest
run: |
curl -s -X GET https://one.digicert.com/signingmanager/api-ui/v1/releases/Keylockertools-windows-x64.msi/download -H "x-api-key:%SM_API_KEY%" -o Keylockertools-windows-x64.msi
msiexec /i Keylockertools-windows-x64.msi /quiet /qn
smksp_registrar.exe list
smctl.exe keypair ls
C:\Windows\System32\certutil.exe -csp "DigiCert Signing Manager KSP" -key -user
smctl healthcheck --all
smctl windows certsync --keypair-alias=${{ secrets.KEYPAIR_ALIAS }}
shell: cmd
if: matrix.os == 'windows-latest'
- name: macOS build args
if: matrix.os == 'macos-latest'
run: echo "BUILD_ARGS=--universal" >> $GITHUB_ENV
- name: Build Electron app
uses: samuelmeuli/action-electron-builder@v1
with:
github_token: ${{ secrets.github_token }}
package_root: launcher
use_vue_cli: true
release: never
build_script_name: dist
mac_certs: ${{ secrets.mac_certs }}
mac_certs_password: ${{ secrets.mac_certs_password }}
args: ${{ env.BUILD_ARGS }}
env:
APPLE_ID: ${{ secrets.apple_id }}
APPLE_ID_PASSWORD: ${{ secrets.apple_id_password }}
TEAM_SHORT_NAME: ${{ secrets.team_short_name }}
APP_ID: "com.stereum.launcher"
TEAM_ID: ${{ secrets.team_id }}
KEYPAIR_ALIAS: ${{ secrets.KEYPAIR_ALIAS }}
if: ${{ !contains(github.event.head_commit.message, '[NOCI]') }}
- name: Verify Signing using Signtool on windows-latest
run: |
dir D:\a\ethereum-node\ethereum-node\launcher\dist\win32\
signtool.exe verify /v /pa "D:\a\ethereum-node\ethereum-node\launcher\dist\win32\Stereum-Launcher-Setup-${{ steps.variables.outputs.version }}.exe"
shell: cmd
if: ${{ !contains(github.event.head_commit.message, '[NOCI]') && matrix.os == 'windows-latest' }}
- name: Debug
run: |
ls -la launcher/dist/linux
shell: bash
if: ${{ !contains(github.event.head_commit.message, '[NOCI]') && matrix.os == 'ubuntu-latest' }}
- name: Upload artifacts for ubuntu-latest
uses: actions/upload-artifact@v4
with:
name: app-${{ matrix.os }}
path: |
launcher/dist/linux/Stereum-Launcher-${{ steps.variables.outputs.version }}.AppImage
launcher/dist/linux/latest*.yml
launcher/dist/linux/*.blockmap
if: ${{ !contains(github.event.head_commit.message, '[NOCI]') && matrix.os == 'ubuntu-latest' }}
- name: Debug
run: |
ls -la launcher/dist/win32
shell: bash
if: ${{ !contains(github.event.head_commit.message, '[NOCI]') && matrix.os == 'windows-latest' }}
- name: Upload artifacts for windows-latest
uses: actions/upload-artifact@v4
with:
name: app-${{ matrix.os }}
path: |
launcher/dist/win32/Stereum-Launcher-Setup-${{ steps.variables.outputs.version }}.exe
launcher/dist/win32/latest*.yml
launcher/dist/win32/*.blockmap
if: ${{ !contains(github.event.head_commit.message, '[NOCI]') && matrix.os == 'windows-latest' }}
- name: Debug
run: |
sed -i '' 's/Stereum-Launcher-${{ steps.variables.outputs.version }}.zip/Stereum-Launcher-${{ steps.variables.outputs.version }}-mac.zip/g' launcher/dist/darwin/latest-mac.yml
ls -la launcher/dist/darwin
mv launcher/dist/darwin/Stereum-Launcher-${{ steps.variables.outputs.version }}.zip launcher/dist/darwin/Stereum-Launcher-${{ steps.variables.outputs.version }}-mac.zip
mv launcher/dist/darwin/Stereum-Launcher-${{ steps.variables.outputs.version }}.zip.blockmap launcher/dist/darwin/Stereum-Launcher-${{ steps.variables.outputs.version }}-mac.zip.blockmap
shell: bash
if: ${{ !contains(github.event.head_commit.message, '[NOCI]') && matrix.os == 'macos-latest' }}
- name: Upload artifacts for macos-latest
uses: actions/upload-artifact@v4
with:
name: app-${{ matrix.os }}
path: |
launcher/dist/darwin/Stereum-Launcher-${{ steps.variables.outputs.version }}.dmg
launcher/dist/darwin/Stereum-Launcher-${{ steps.variables.outputs.version }}-mac.zip
launcher/dist/darwin/latest*.yml
launcher/dist/darwin/*.blockmap
if: ${{ !contains(github.event.head_commit.message, '[NOCI]') && matrix.os == 'macos-latest' }}
release:
runs-on: ubuntu-latest
needs: build
permissions:
contents: write
steps:
- name: Check out Git repository
uses: actions/checkout@v3
- name: Set Versions
id: variables
run: |
echo "release=${GITHUB_REF#refs/*/}" >> $GITHUB_OUTPUT
APP_VERSION=$(cat launcher/package.json \
| grep version \
| head -1 \
| awk -F: '{ print $2 }' \
| sed 's/[ ",]//g')
echo "version=$APP_VERSION" >> "$GITHUB_OUTPUT"
shell: bash
# download artifacts from build
- name: create dist folder
run: |
mkdir dist
shell: bash
- name: Download ubuntu binary from build into dist
uses: actions/download-artifact@v4
with:
name: app-ubuntu-latest
path: dist
if: ${{ !contains(github.event.head_commit.message, '[NOCI]') }}
- name: Download windows binary from build into dist
uses: actions/download-artifact@v4
with:
name: app-windows-latest
path: dist
if: ${{ !contains(github.event.head_commit.message, '[NOCI]') }}
- name: Download macos binary from build into dist
uses: actions/download-artifact@v4
with:
name: app-macos-latest
path: dist
if: ${{ !contains(github.event.head_commit.message, '[NOCI]') }}
# create release if [DRAFT] is in commit using the version from package.json.
# during creation, upload all the downloaded build artifacts
- name: Create Draft Release
uses: ncipollo/release-action@v1
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
tag: "${{ steps.variables.outputs.version }}-draft"
name: "${{ steps.variables.outputs.version }}"
skipIfReleaseExists: true
updateOnlyUnreleased: true
artifacts: dist/*
draft: true
allowUpdates: true
replacesArtifacts: true
prerelease: true
if: ${{ contains(github.event.head_commit.message, '[DRAFT]') }}
# if no release was created, just update the artifacts
- name: "Upload artifacts to existing draft release ${{ steps.variables.outputs.version }}"
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: |
gh release upload --clobber "${{ steps.variables.outputs.version }}-draft" dist/*
if: ${{ !contains(github.event.head_commit.message, '[NOCI]') && !contains(github.event.head_commit.message, '[DRAFT]') }}