Build 74 of branch main by @NGPixel #74
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Build and Release | |
run-name: Build ${{ github.run_number }} of branch ${{ github.ref_name }} by @${{ github.actor }} | |
on: | |
workflow_dispatch: | |
jobs: | |
# ----------------------------------------------------------------- | |
# PREPARE | |
# ----------------------------------------------------------------- | |
prepare: | |
name: Prepare Release | |
runs-on: ubuntu-latest | |
permissions: | |
id-token: write | |
contents: write | |
outputs: | |
pkg_version: ${{ steps.semver.outputs.nextStrict }} | |
steps: | |
- uses: actions/checkout@v4 | |
with: | |
fetch-depth: 0 | |
- name: Get Next Version | |
id: semver | |
uses: ietf-tools/semver-action@v1 | |
with: | |
token: ${{ github.token }} | |
branch: main | |
skipInvalidTags: true | |
- name: Create Draft Release | |
uses: ncipollo/[email protected] | |
with: | |
prerelease: true | |
draft: false | |
commit: ${{ github.sha }} | |
tag: ${{ steps.semver.outputs.nextStrict }} | |
name: ${{ steps.semver.outputs.nextStrict }} | |
body: '*pending*' | |
token: ${{ secrets.GITHUB_TOKEN }} | |
- name: Generate CHANGELOG | |
id: changelog | |
uses: Requarks/changelog-action@v1 | |
with: | |
token: ${{ github.token }} | |
fromTag: ${{ steps.semver.outputs.nextStrict }} | |
toTag: ${{ steps.semver.outputs.current }} | |
writeToFile: false | |
- name: Update Release Body | |
uses: ncipollo/[email protected] | |
with: | |
prerelease: true | |
updateOnlyUnreleased: true | |
allowUpdates: true | |
commit: ${{ github.sha }} | |
tag: ${{ steps.semver.outputs.nextStrict }} | |
name: ${{ steps.semver.outputs.nextStrict }} | |
body: ${{ steps.changelog.outputs.changes }} | |
token: ${{ secrets.GITHUB_TOKEN }} | |
# ----------------------------------------------------------------- | |
# BUILD ELECTRON | |
# ----------------------------------------------------------------- | |
build-electron: | |
name: Build Electron | |
needs: [prepare] | |
runs-on: ${{ matrix.os }} | |
permissions: | |
id-token: write | |
contents: write | |
strategy: | |
fail-fast: false | |
matrix: | |
include: | |
- os: ubuntu-latest | |
platform: linux | |
ext: tar.gz | |
- os: macos-latest | |
platform: darwin | |
ext: dmg | |
- os: windows-latest | |
platform: win32 | |
ext: exe | |
env: | |
PKG_VERSION: ${{needs.prepare.outputs.pkg_version}} | |
steps: | |
- uses: actions/checkout@v4 | |
- uses: actions/setup-node@v4 | |
with: | |
node-version: '20' | |
- name: Fetch Secrets from Vault | |
if: ${{ matrix.platform == 'darwin' }} | |
uses: hashicorp/[email protected] | |
with: | |
method: jwt | |
url: ${{ secrets.VAULT_URL }} | |
role: ${{ secrets.VAULT_ROLE }} | |
secrets: | | |
kv/data/draftforge/apple API_ISSUER_ID | APPLE_API_ISSUER ; | |
kv/data/draftforge/apple API_KEY_ID | APPLE_API_KEY_ID ; | |
kv/data/draftforge/apple API_KEY_P8 | API_KEY_P8 ; | |
kv/data/draftforge/apple DIST_CERT_P12 | CSC_LINK ; | |
kv/data/draftforge/apple DIST_CERT_P12_PWD | CSC_KEY_PASSWORD ; | |
- name: Save signing certs | |
if: ${{ matrix.platform == 'darwin' }} | |
run: | | |
mkdir -p private_keys | |
echo "APPLE_API_KEY=private_keys/AuthKeys_$APPLE_API_KEY_ID.p8" >> "$GITHUB_ENV" | |
# echo "CSC_LINK=private_keys/distribution.p12" >> "$GITHUB_ENV" | |
openssl base64 -d <<< "$API_KEY_P8" -out "private_keys/AuthKeys_$APPLE_API_KEY_ID.p8" | |
# openssl base64 -d <<< "$DIST_CERT_P12" -out "private_keys/distribution.p12" | |
- name: Import Certs into keychain | |
if: ${{ matrix.platform == 'darwin' }} | |
uses: apple-actions/import-codesign-certs@v3 | |
with: | |
p12-file-base64: ${{ env.CSC_LINK }} | |
p12-password: ${{ env.CSC_KEY_PASSWORD }} | |
- name: Set Version | |
run: | | |
node -e "const fs = require('node:fs'); const pkg = require('./package.json'); pkg.version = '${{ env.PKG_VERSION }}'; fs.writeFileSync('package.json', JSON.stringify(pkg, null, 2));" | |
- name: Build package | |
run: | | |
echo "Installing dependencies..." | |
npm ci | |
echo "Build package..." | |
npx quasar build -m electron -T ${{ matrix.platform }} -P always | |
- name: Upload Build Artifact | |
id: artifactupload | |
uses: actions/upload-artifact@v4 | |
with: | |
name: ${{ matrix.platform }}-build | |
path: "dist/electron/Packaged/*.${{ matrix.ext }}" | |
- id: signpath | |
if: ${{ matrix.platform == 'win32' }} | |
uses: signpath/github-action-submit-signing-request@v1 | |
with: | |
api-token: '${{ secrets.SIGNPATH_API_TOKEN }}' | |
organization-id: '${{ secrets.SIGNPATH_ORG_ID }}' | |
project-slug: 'editor' | |
signing-policy-slug: 'release-signing' | |
github-artifact-id: '${{ steps.artifactupload.outputs.artifact-id }}' | |
wait-for-completion: true | |
output-artifact-directory: signed-build | |
- name: Add Signed Package to Release | |
if: ${{ matrix.platform == 'win32' }} | |
uses: ncipollo/[email protected] | |
with: | |
prerelease: true | |
updateOnlyUnreleased: true | |
allowUpdates: true | |
omitBody: true | |
tag: ${{ env.PKG_VERSION }} | |
name: ${{ env.PKG_VERSION }} | |
artifacts: "signed-build/*.${{ matrix.ext }},dist/electron/Packaged/latest.yml" | |
token: ${{ secrets.GITHUB_TOKEN }} | |
- name: Add Package to Release | |
if: ${{ matrix.platform != 'win32' }} | |
uses: ncipollo/[email protected] | |
with: | |
prerelease: true | |
updateOnlyUnreleased: true | |
allowUpdates: true | |
omitBody: true | |
tag: ${{ env.PKG_VERSION }} | |
name: ${{ env.PKG_VERSION }} | |
artifacts: "dist/electron/Packaged/*.${{ matrix.ext }},dist/electron/Packaged/latest*.yml" | |
token: ${{ secrets.GITHUB_TOKEN }} | |
- name: Purge signing certs | |
if: ${{ matrix.platform == 'darwin' && always() }} | |
run: | | |
rm -rf private_keys | |
# ----------------------------------------------------------------- | |
# RELEASE | |
# ----------------------------------------------------------------- | |
release: | |
name: Publish Release | |
needs: [prepare, build-electron] | |
runs-on: ubuntu-latest | |
permissions: | |
id-token: write | |
contents: write | |
env: | |
PKG_VERSION: ${{needs.prepare.outputs.pkg_version}} | |
steps: | |
- name: Finalize Release | |
uses: ncipollo/[email protected] | |
with: | |
allowUpdates: true | |
makeLatest: true | |
prerelease: false | |
omitBody: true | |
draft: false | |
tag: ${{ env.PKG_VERSION }} | |
name: ${{ env.PKG_VERSION }} | |
token: ${{ secrets.GITHUB_TOKEN }} |