Skip to content

Build 74 of branch main by @NGPixel #74

Build 74 of branch main by @NGPixel

Build 74 of branch main by @NGPixel #74

Workflow file for this run

name: Build and Release
run-name: Build ${{ github.run_number }} of branch ${{ github.ref_name }} by @${{ github.actor }}
on:
workflow_dispatch:
jobs:
# -----------------------------------------------------------------
# PREPARE
# -----------------------------------------------------------------
prepare:
name: Prepare Release
runs-on: ubuntu-latest
permissions:
id-token: write
contents: write
outputs:
pkg_version: ${{ steps.semver.outputs.nextStrict }}
steps:
- uses: actions/checkout@v4
with:
fetch-depth: 0
- name: Get Next Version
id: semver
uses: ietf-tools/semver-action@v1
with:
token: ${{ github.token }}
branch: main
skipInvalidTags: true
- name: Create Draft Release
uses: ncipollo/[email protected]
with:
prerelease: true
draft: false
commit: ${{ github.sha }}
tag: ${{ steps.semver.outputs.nextStrict }}
name: ${{ steps.semver.outputs.nextStrict }}
body: '*pending*'
token: ${{ secrets.GITHUB_TOKEN }}
- name: Generate CHANGELOG
id: changelog
uses: Requarks/changelog-action@v1
with:
token: ${{ github.token }}
fromTag: ${{ steps.semver.outputs.nextStrict }}
toTag: ${{ steps.semver.outputs.current }}
writeToFile: false
- name: Update Release Body
uses: ncipollo/[email protected]
with:
prerelease: true
updateOnlyUnreleased: true
allowUpdates: true
commit: ${{ github.sha }}
tag: ${{ steps.semver.outputs.nextStrict }}
name: ${{ steps.semver.outputs.nextStrict }}
body: ${{ steps.changelog.outputs.changes }}
token: ${{ secrets.GITHUB_TOKEN }}
# -----------------------------------------------------------------
# BUILD ELECTRON
# -----------------------------------------------------------------
build-electron:
name: Build Electron
needs: [prepare]
runs-on: ${{ matrix.os }}
permissions:
id-token: write
contents: write
strategy:
fail-fast: false
matrix:
include:
- os: ubuntu-latest
platform: linux
ext: tar.gz
- os: macos-latest
platform: darwin
ext: dmg
- os: windows-latest
platform: win32
ext: exe
env:
PKG_VERSION: ${{needs.prepare.outputs.pkg_version}}
steps:
- uses: actions/checkout@v4
- uses: actions/setup-node@v4
with:
node-version: '20'
- name: Fetch Secrets from Vault
if: ${{ matrix.platform == 'darwin' }}
uses: hashicorp/[email protected]
with:
method: jwt
url: ${{ secrets.VAULT_URL }}
role: ${{ secrets.VAULT_ROLE }}
secrets: |
kv/data/draftforge/apple API_ISSUER_ID | APPLE_API_ISSUER ;
kv/data/draftforge/apple API_KEY_ID | APPLE_API_KEY_ID ;
kv/data/draftforge/apple API_KEY_P8 | API_KEY_P8 ;
kv/data/draftforge/apple DIST_CERT_P12 | CSC_LINK ;
kv/data/draftforge/apple DIST_CERT_P12_PWD | CSC_KEY_PASSWORD ;
- name: Save signing certs
if: ${{ matrix.platform == 'darwin' }}
run: |
mkdir -p private_keys
echo "APPLE_API_KEY=private_keys/AuthKeys_$APPLE_API_KEY_ID.p8" >> "$GITHUB_ENV"
# echo "CSC_LINK=private_keys/distribution.p12" >> "$GITHUB_ENV"
openssl base64 -d <<< "$API_KEY_P8" -out "private_keys/AuthKeys_$APPLE_API_KEY_ID.p8"
# openssl base64 -d <<< "$DIST_CERT_P12" -out "private_keys/distribution.p12"
- name: Import Certs into keychain
if: ${{ matrix.platform == 'darwin' }}
uses: apple-actions/import-codesign-certs@v3
with:
p12-file-base64: ${{ env.CSC_LINK }}
p12-password: ${{ env.CSC_KEY_PASSWORD }}
- name: Set Version
run: |
node -e "const fs = require('node:fs'); const pkg = require('./package.json'); pkg.version = '${{ env.PKG_VERSION }}'; fs.writeFileSync('package.json', JSON.stringify(pkg, null, 2));"
- name: Build package
run: |
echo "Installing dependencies..."
npm ci
echo "Build package..."
npx quasar build -m electron -T ${{ matrix.platform }} -P always
- name: Upload Build Artifact
id: artifactupload
uses: actions/upload-artifact@v4
with:
name: ${{ matrix.platform }}-build
path: "dist/electron/Packaged/*.${{ matrix.ext }}"
- id: signpath
if: ${{ matrix.platform == 'win32' }}
uses: signpath/github-action-submit-signing-request@v1
with:
api-token: '${{ secrets.SIGNPATH_API_TOKEN }}'
organization-id: '${{ secrets.SIGNPATH_ORG_ID }}'
project-slug: 'editor'
signing-policy-slug: 'release-signing'
github-artifact-id: '${{ steps.artifactupload.outputs.artifact-id }}'
wait-for-completion: true
output-artifact-directory: signed-build
- name: Add Signed Package to Release
if: ${{ matrix.platform == 'win32' }}
uses: ncipollo/[email protected]
with:
prerelease: true
updateOnlyUnreleased: true
allowUpdates: true
omitBody: true
tag: ${{ env.PKG_VERSION }}
name: ${{ env.PKG_VERSION }}
artifacts: "signed-build/*.${{ matrix.ext }},dist/electron/Packaged/latest.yml"
token: ${{ secrets.GITHUB_TOKEN }}
- name: Add Package to Release
if: ${{ matrix.platform != 'win32' }}
uses: ncipollo/[email protected]
with:
prerelease: true
updateOnlyUnreleased: true
allowUpdates: true
omitBody: true
tag: ${{ env.PKG_VERSION }}
name: ${{ env.PKG_VERSION }}
artifacts: "dist/electron/Packaged/*.${{ matrix.ext }},dist/electron/Packaged/latest*.yml"
token: ${{ secrets.GITHUB_TOKEN }}
- name: Purge signing certs
if: ${{ matrix.platform == 'darwin' && always() }}
run: |
rm -rf private_keys
# -----------------------------------------------------------------
# RELEASE
# -----------------------------------------------------------------
release:
name: Publish Release
needs: [prepare, build-electron]
runs-on: ubuntu-latest
permissions:
id-token: write
contents: write
env:
PKG_VERSION: ${{needs.prepare.outputs.pkg_version}}
steps:
- name: Finalize Release
uses: ncipollo/[email protected]
with:
allowUpdates: true
makeLatest: true
prerelease: false
omitBody: true
draft: false
tag: ${{ env.PKG_VERSION }}
name: ${{ env.PKG_VERSION }}
token: ${{ secrets.GITHUB_TOKEN }}