diff --git a/.github/workflows/desktop-app-cd-prod.yml b/.github/workflows/desktop-app-cd-prod.yml index bb560b24c..d3c519c90 100644 --- a/.github/workflows/desktop-app-cd-prod.yml +++ b/.github/workflows/desktop-app-cd-prod.yml @@ -25,45 +25,8 @@ env: APPLE_APP_SPECIFIC_PASSWORD: ${{ secrets.APPLE_APP_SPECIFIC_PASSWORD }} jobs: - tag-validation: - outputs: - validator: ${{ steps.validator.outputs.VALID_TAG }} - tag-version: ${{ steps.validator.outputs.TAG_VERSION }} - tag-version-without-v: ${{ steps.validator.outputs.TAG_VERSION_WITHOUT_V }} - runs-on: macos-latest - steps: - - name: Checkout - uses: actions/checkout@v3 - with: - ref: master - - - name: Check Tag Validity - id: validator - run: | - git fetch - TAG=$(git tag --points-at $GITHUB_SHA) - TAG_WITHOUT_V=${TAG:1} - REGEX="^v[0-9]+\.[0-9]+.[0-9]+" - if [[ $TAG =~ $REGEX ]]; then IS_VALID_TAG=1; else IS_VALID_TAG=0; fi; - echo "::set-output name=VALID_TAG::$IS_VALID_TAG" - echo "::set-output name=TAG_VERSION::$TAG" - echo "::set-output name=TAG_VERSION::$TAG" - echo "::set-output name=TAG_VERSION_WITHOUT_V::$TAG_WITHOUT_V" - - - name: If valid tag set - if: steps.validator.outputs.VALID_TAG == 1 - run: | - echo "Valid Tag Found - Building Desktop App..." - - - name: If not valid tag set - if: steps.validator.outputs.VALID_TAG != 1 - run: | - echo "Not a Desktop App Release Tag or Invalid one Found - Exiting..." - build-win: runs-on: windows-2022 - needs: [ tag-validation ] - if: needs.tag-validation.outputs.validator == 1 steps: - name: Prepare GIT shell: bash @@ -123,326 +86,3 @@ jobs: with: name: Leapp-${{ needs.tag-validation.outputs.tag-version-without-v }}-win.zip path: packages/desktop-app/release/Leapp-${{ needs.tag-validation.outputs.tag-version-without-v }}-win.zip - - build-linux: - runs-on: ubuntu-latest - needs: [ tag-validation ] - if: needs.tag-validation.outputs.validator == 1 - steps: - - uses: actions/checkout@v3 - - - uses: actions/checkout@v3 - if: ${{ env.TEAM_REPOSITORY != '' }} - with: - repository: ${{ env.TEAM_REPOSITORY }} - ref: main - token: ${{ secrets.GH_TOKEN }} - path: leapp-team - - name: Inject Team Feature - if: ${{ env.TEAM_REPOSITORY != '' }} - run: | - cd packages/core - npm install - npm run build - cd ../.. - mv leapp-team .. - cd ../leapp-team/packages/leapp-team-core - npm run bootstrap - cd ../leapp-team-service - npm install - npm run test - npm run enable-team-features-prod - - - name: Build Linux desktop app - run: | - cd packages/desktop-app - npm install - npm run release-linux - rm -Rf ./release/linux-unpacked - rm -Rf ./release/.cache - rm -Rf ./release/builder-debug.yml - rm -Rf ./release/builder-effective-config.yaml - - TAG_VERSION=${{ needs.tag-validation.outputs.tag-version }} - TAG_VERSION=${TAG_VERSION:1} - zip "./release/Leapp-deb.zip" "./release/Leapp_${TAG_VERSION}_amd64.deb" - zip "./release/Leapp-appImage.zip" "./release/Leapp-${TAG_VERSION}.AppImage" - - - name: Configure AWS credentials - uses: aws-actions/configure-aws-credentials@v1 - with: - aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} - aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} - aws-region: eu-west-1 - - - name: Release draft to S3 - run: | - cd packages/desktop-app - TAG_VERSION=${{ needs.tag-validation.outputs.tag-version }} - TAG_VERSION=${TAG_VERSION:1} - aws s3 cp ./release/ "${{ env.S3_BUCKET }}/${TAG_VERSION}/" --recursive - - build-macos-x64: - runs-on: macos-latest - needs: [ tag-validation ] - if: needs.tag-validation.outputs.validator == 1 - steps: - - uses: actions/checkout@v3 - - - uses: actions/checkout@v3 - if: ${{ env.TEAM_REPOSITORY != '' }} - with: - repository: ${{ env.TEAM_REPOSITORY }} - ref: main - token: ${{ secrets.GH_TOKEN }} - path: leapp-team - - uses: actions/setup-python@v4 - with: - python-version: "3.11" - - name: Inject Team Feature - if: ${{ env.TEAM_REPOSITORY != '' }} - run: | - cd packages/core - npm install - npm run build - cd ../.. - mv leapp-team .. - cd ../leapp-team/packages/leapp-team-core - npm run bootstrap - cd ../leapp-team-service - npm install - npm run test - npm run enable-team-features-prod - - - name: Build macOS x64 desktop app - uses: nick-fields/retry@v2 - env: - APPLE_NOTARISATION_PASSWORD: ${{ secrets.APPLE_NOTARISATION_PASSWORD }} - with: - timeout_minutes: 20 - max_attempts: 5 - command: | - cd packages/desktop-app - KEY_CHAIN=build.keychain - CERTIFICATE_P12=certificate.p12 - CERTIFICATE_APPLICATION_P12=certificate-application.p12 - echo "Recreate the certificate from the secure environment variable" - echo "security create-keychain" - echo "${{ env.CERTIFICATE_OSX_P12 }}" | base64 --decode > $CERTIFICATE_P12 - echo "${{ env.CERTIFICATE_APPLICATION_OSX_P12 }}" | base64 --decode > $CERTIFICATE_APPLICATION_P12 - security create-keychain -p ${{ env.KEYCHAIN_PASSWORD }} $KEY_CHAIN - echo "security list-keychains" - security list-keychains -s login.keychain build.keychain - echo "security default-keychain" - security default-keychain -s $KEY_CHAIN - echo "security unlock-keychain" - security unlock-keychain -p ${{ env.KEYCHAIN_PASSWORD }} $KEY_CHAIN - echo "security import" - security import $CERTIFICATE_P12 -k $KEY_CHAIN -P '${{ env.DECODE_PASSWORD }}' -T /usr/bin/codesign; - security import $CERTIFICATE_APPLICATION_P12 -k $KEY_CHAIN -P '${{ env.DECODE_PASSWORD }}' -T /usr/bin/codesign; - echo "security find-identity" - security find-identity -v - echo "security set-key-partition-list" - security set-key-partition-list -S apple-tool:,apple:,codesign:, -s -k ${{ env.KEYCHAIN_PASSWORD }} $KEY_CHAIN - rm -fr *.p12 - npm install - npm run set-target-x64 - npm run release-mac - - - name: Clean build - run: | - cd packages/desktop-app - rm -Rf ./release/mac - rm -Rf ./release/mac-unpacked - rm -Rf ./release/.cache - rm -Rf ./release/builder-debug.yml - rm -Rf ./release/builder-effective-config.yaml - TAG_VERSION=${{ needs.tag-validation.outputs.tag-version }} - TAG_VERSION=${TAG_VERSION:1} - rm "./release/Leapp-${TAG_VERSION}-mac.zip" - rm "./release/Leapp-${TAG_VERSION}-mac.zip.blockmap" - zip "./release/Leapp-${TAG_VERSION}-mac.zip" "./release/Leapp-${TAG_VERSION}.dmg" - zip "./release/Leapp-mac.zip" "./release/Leapp-${TAG_VERSION}.dmg" - - - name: Configure AWS credentials - uses: aws-actions/configure-aws-credentials@v1 - with: - aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} - aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} - aws-region: eu-west-1 - - - name: Release draft to S3 - run: | - cd packages/desktop-app - TAG_VERSION=${{ needs.tag-validation.outputs.tag-version }} - TAG_VERSION=${TAG_VERSION:1} - aws s3 cp ./release/ "${{ env.S3_BUCKET }}/${TAG_VERSION}/" --recursive - - build-macos-arm: - runs-on: macos-latest - needs: [ tag-validation, build-macos-x64 ] - if: needs.tag-validation.outputs.validator == 1 - steps: - - uses: actions/checkout@v3 - - - uses: actions/checkout@v3 - if: ${{ env.TEAM_REPOSITORY != '' }} - with: - repository: ${{ env.TEAM_REPOSITORY }} - ref: main - token: ${{ secrets.GH_TOKEN }} - path: leapp-team - - uses: actions/setup-python@v4 - with: - python-version: "3.11" - - name: Inject Team Feature - if: ${{ env.TEAM_REPOSITORY != '' }} - run: | - cd packages/core - npm install - npm run build - cd ../.. - mv leapp-team .. - cd ../leapp-team/packages/leapp-team-core - npm run bootstrap - cd ../leapp-team-service - npm install - npm run test - npm run enable-team-features-prod - - - name: Build macOS arm64 desktop app - uses: nick-fields/retry@v2 - env: - APPLE_NOTARISATION_PASSWORD: ${{ secrets.APPLE_NOTARISATION_PASSWORD }} - with: - timeout_minutes: 20 - max_attempts: 5 - command: | - cd packages/desktop-app - KEY_CHAIN=build.keychain - CERTIFICATE_P12=certificate.p12 - CERTIFICATE_APPLICATION_P12=certificate-application.p12 - echo "Recreate the certificate from the secure environment variable" - echo "security create-keychain" - echo "${{ env.CERTIFICATE_OSX_P12 }}" | base64 --decode > $CERTIFICATE_P12 - echo "${{ env.CERTIFICATE_APPLICATION_OSX_P12 }}" | base64 --decode > $CERTIFICATE_APPLICATION_P12 - security create-keychain -p ${{ env.KEYCHAIN_PASSWORD }} $KEY_CHAIN - echo "security list-keychains" - security list-keychains -s login.keychain build.keychain - echo "security default-keychain" - security default-keychain -s $KEY_CHAIN - echo "security unlock-keychain" - security unlock-keychain -p ${{ env.KEYCHAIN_PASSWORD }} $KEY_CHAIN - echo "security import" - security import $CERTIFICATE_P12 -k $KEY_CHAIN -P '${{ env.DECODE_PASSWORD }}' -T /usr/bin/codesign; - security import $CERTIFICATE_APPLICATION_P12 -k $KEY_CHAIN -P '${{ env.DECODE_PASSWORD }}' -T /usr/bin/codesign; - echo "security find-identity" - security find-identity -v - echo "security set-key-partition-list" - security set-key-partition-list -S apple-tool:,apple:,codesign:, -s -k ${{ env.KEYCHAIN_PASSWORD }} $KEY_CHAIN - rm -fr *.p12 - npm install - npm run set-target-arm64 - npm run release-mac - - - name: Clean build - run: | - cd packages/desktop-app - rm -Rf ./release/mac - rm -Rf ./release/mac-unpacked - rm -Rf ./release/.cache - rm -Rf ./release/builder-debug.yml - rm -Rf ./release/builder-effective-config.yaml - rm -Rf ./release/mac-arm64 - TAG_VERSION=${{ needs.tag-validation.outputs.tag-version }} - TAG_VERSION=${TAG_VERSION:1} - rm "./release/Leapp-${TAG_VERSION}-arm64-mac.zip" - rm "./release/Leapp-${TAG_VERSION}-arm64-mac.zip.blockmap" - zip "./release/Leapp-${TAG_VERSION}-mac-arm64.zip" "./release/Leapp-${TAG_VERSION}-arm64.dmg" - zip "./release/Leapp-arm-mac.zip" "./release/Leapp-${TAG_VERSION}-arm64.dmg" - - - name: Configure AWS Credentials - uses: aws-actions/configure-aws-credentials@v1 - with: - aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} - aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} - aws-region: eu-west-1 - - - name: Release draft to S3 - run: | - cd packages/desktop-app - TAG_VERSION=${{ needs.tag-validation.outputs.tag-version }} - TAG_VERSION=${TAG_VERSION:1} - aws s3 cp ./release/ "${{ env.S3_BUCKET }}/${TAG_VERSION}/" --recursive - - publish-draft: - runs-on: ubuntu-latest - environment: prod - needs: [ tag-validation, build-linux, build-win, build-macos-arm, build-macos-x64 ] - if: needs.tag-validation.outputs.validator == 1 - steps: - - - name: Configure AWS credentials - uses: aws-actions/configure-aws-credentials@v1 - with: - aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} - aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} - aws-region: eu-west-1 - - - name: Move draft to latest - run: | - TAG_VERSION=${{ needs.tag-validation.outputs.tag-version }} - TAG_VERSION=${TAG_VERSION:1} - aws s3 rm "${{ env.S3_BUCKET }}/latest" --recursive - aws s3 cp "${{ env.S3_BUCKET }}/${TAG_VERSION}/" "${{ env.S3_BUCKET }}/latest" --recursive - - publish-changelog: - runs-on: ubuntu-latest - needs: [ publish-draft ] - if: needs.tag-validation.outputs.validator == 1 - steps: - - uses: actions/checkout@v3 - - - name: Configure AWS Credentials - uses: aws-actions/configure-aws-credentials@v1 - with: - aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} - aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} - aws-region: eu-west-1 - - - name: Publish changelog - run: | - aws s3 cp CHANGELOG.md "${{ env.S3_BUCKET }}/" - - invalidate-distribution: - runs-on: ubuntu-latest - needs: [ publish-changelog ] - if: needs.tag-validation.outputs.validator == 1 - steps: - - uses: actions/checkout@v3 - - - name: Configure AWS Credentials - uses: aws-actions/configure-aws-credentials@v1 - with: - aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} - aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} - aws-region: eu-west-1 - - - name: Invalidate distribution - run: | - aws cloudfront create-invalidation --distribution-id ${{ env.DISTRIBUTION_ID }} --paths "/*" - - publish-github-release: - runs-on: ubuntu-latest - needs: [ invalidate-distribution, tag-validation ] - if: needs.tag-validation.outputs.validator == 1 - steps: - - uses: actions/checkout@v3 - - - name: Create GitHub Release - uses: ncipollo/release-action@v1 - with: - token: ${{ secrets.GH_TOKEN }} - body: "Full changelog & Downloads ⇒ https://www.leapp.cloud/releases" - tag: ${{ needs.tag-validation.outputs.tag-version }} -