CD #1201

Workflow file for this run

.github/workflows/release.yml at dbe9ff7

	name: CD
	on:
	workflow_run:
	workflows:
	- CI
	branches: [main, beta]
	types:
	- completed
	schedule:
	- cron: 0 1 * * * # every night at 1am on dev
	workflow_dispatch:

	env:
	GIT_AUTHOR_EMAIL: ${{ secrets.SOCIALGROOVYBOT_EMAIL }}
	GIT_AUTHOR_NAME: ${{ secrets.SOCIALGROOVYBOT_NAME }}
	GIT_COMMITTER_EMAIL: ${{ secrets.SOCIALGROOVYBOT_EMAIL }}
	GIT_COMMITTER_NAME: ${{ secrets.SOCIALGROOVYBOT_NAME }}
	GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
	WIN_CSC_LINK: ${{ github.workspace }}/certwin.p12
	CSC_LINK: ${{ github.workspace }}/certmac.p12
	GITHUB_REF_OVERRIDE: ${{ github.event.workflow_run.conclusion == 'success' && format('refs/heads/{0}', github.event.workflow_run.head_branch) \|\| github.ref }}

	jobs:
	compile:
	name: Compile
	runs-on: ubuntu-latest
	if: "${{ github.event.workflow_run.conclusion == 'success' }}
	\|\| ${{ github.event_name == 'schedule'}}
	\|\| (${{ github.event_name == 'workflow_dispatch' }} && contains('refs/heads/main,refs/heads/beta,refs/heads/dev', github.ref))"
	outputs:
	current-version: ${{ steps.compile.outputs.current-version }}
	next-version: ${{ steps.compile.outputs.next-version }}

	steps:
	- uses: actions/checkout@v4
	with:
	fetch-depth: 0
	ref: ${{ env.GITHUB_REF_OVERRIDE }}
	- name: Decode certificates
	env:
	WIN_CSC_LINK_RAW: ${{ secrets.WIN_CSC_LINK }}
	CSC_LINK_RAW: ${{ secrets.CSC_LINK }}
	run: \|
	echo "$WIN_CSC_LINK_RAW" > certwin.txt
	base64 --decode certwin.txt > $WIN_CSC_LINK
	echo "$CSC_LINK_RAW" > certmac.txt
	base64 --decode certmac.txt > $CSC_LINK
	- name: Archive certificates
	uses: actions/upload-artifact@v4
	with:
	if-no-files-found: error
	name: certificates
	path: \|
	${{ env.WIN_CSC_LINK }}
	${{ env.CSC_LINK }}
	- name: Set up Node.js
	uses: actions/setup-node@v4
	with:
	node-version-file: '.nvmrc'
	# >> NO Secrets
	- name: Temp NO_SECRETS as .env file
	run: \|
	touch ${{ github.run_id }}_${{ github.sha }}.env
	echo "${{ secrets.NO_SECRETS }}" >> ${{ github.run_id }}_${{ github.sha }}.env
	- name: Convert dotenv as output
	id: nosecrets
	uses: falti/dotenv-action@v1
	with:
	path: ${{ github.run_id }}_${{ github.sha }}.env
	log-variables: true
	mask-variables: false
	- name: Remove temp .env file
	run: rm -rf ${{ github.run_id }}_${{ github.sha }}.env
	# << NO Secrets
	- name: Yarn install
	run: yarn --frozen-lockfile --perfer-offline
	- name: Import GPG key
	uses: crazy-max/ghaction-import-gpg@v6
	with:
	gpg_private_key: ${{ secrets.SOCIALGROOVYBOT_GPG_PRIVATE_KEY }}
	passphrase: ${{ secrets.SOCIALGROOVYBOT_GPG_PASSPHRASE }}
	git_user_signingkey: true
	git_commit_gpgsign: true
	git_push_gpgsign: false
	git_tag_gpgsign: true
	- id: compile
	name: Compile
	run: \|
	export PATH="$(pwd)/.github/bin/:$PATH"
	# override because of "env-ci" used by semantic-release
	# GITHUB_REF should not be default branch when "workflow_run" event is triggered
	export GITHUB_REF=$GITHUB_REF_OVERRIDE
	echo "current-version=$(node -e "console.log(require('./package.json').version)")" >> $GITHUB_OUTPUT
	yarn semantic-release
	echo "next-version=$(node -e "console.log(require('./package.json').version)")" >> $GITHUB_OUTPUT
	yarn compile --no-progress
	env:
	ARCHIFILTRE_RELEASE_MODE: version
	TRACKER_MATOMO_ID_SITE: ${{ steps.nosecrets.outputs.tracker_matomo_id_site }}
	TRACKER_PROVIDER: ${{ steps.nosecrets.outputs.tracker_provider }}
	SENTRY_ORG: ${{ steps.nosecrets.outputs.sentry_org }}
	TRACKER_MATOMO_URL: ${{ secrets.TRACKER_MATOMO_URL }}
	TRACKER_POSTHOG_API_KEY: ${{ secrets.TRACKER_POSTHOG_API_KEY }}
	TRACKER_POSTHOG_URL: ${{ secrets.TRACKER_POSTHOG_URL }}
	SENTRY_DSN: ${{ secrets.SENTRY_DSN }}
	SENTRY_AUTH_TOKEN: ${{ secrets.SENTRY_AUTH_TOKEN }}
	SENTRY_URL: ${{ secrets.SENTRY_URL }}
	FORCE_TRACKING: false
	- name: Archive dist
	uses: actions/upload-artifact@v4
	with:
	name: compile-dist
	path: dist/
	build:
	if: ${{ success() }}
	needs: compile
	strategy:
	matrix:
	target:
	- linux
	- mac
	- win
	include:
	- target: linux
	os: ubuntu-latest
	- target: mac
	os: macos-latest
	- target: win
	os: windows-latest

	name: Build binary for ${{ matrix.target }} on ${{ matrix.os }}
	runs-on: ${{ matrix.os }}
	env:
	WIN_CSC_KEY_PASSWORD: ${{ secrets.WIN_CSC_KEY_PASSWORD }}
	CSC_KEY_PASSWORD: ${{ secrets.CSC_KEY_PASSWORD }}
	APPLE_ID: ${{ secrets.APPLE_ID }}
	APPLE_ID_PASSWORD: ${{ secrets.APPLE_ID_PASSWORD }}
	APPLE_ID_TEAM: ${{ secrets.APPLE_ID_TEAM }}
	ELECTRON_CACHE: ${{ github.workspace }}/.cache/electron
	ELECTRON_BUILDER_CACHE: ${{ github.workspace }}/.cache/electron-builder

	steps:
	- uses: actions/checkout@v4
	with:
	fetch-depth: 0
	ref: ${{ env.GITHUB_REF_OVERRIDE }}
	- name: Set up Node.js
	uses: actions/setup-node@v4
	with:
	node-version-file: '.nvmrc'
	- name: Yarn install
	run: \|
	yarn config set network-timeout 300000
	yarn --frozen-lockfile --prefer-offline
	- name: Replace version in package.json
	shell: bash
	run: \|
	yarn global add replace
	$(yarn global bin)/replace '"version": "${{ needs.compile.outputs.current-version }}"' '"version": "${{ needs.compile.outputs.next-version }}"' package.json
	yarn replaceForChannel
	- name: Download dist
	uses: actions/download-artifact@v4
	with:
	name: compile-dist
	path: dist/
	- name: Download certificates
	uses: actions/download-artifact@v4
	with:
	name: certificates
	- name: Build bin
	run: yarn dist:${{ matrix.target }}
	env:
	USE_HARD_LINKS: false
	- name: Archive bin
	uses: actions/upload-artifact@v4
	with:
	name: ${{ matrix.target }}-bin
	path: \|
	electron/dist//archifiltre.*
	electron/dist//latest.yml
	release:
	needs: build
	runs-on: ubuntu-latest

	steps:
	- uses: actions/checkout@v4
	with:
	fetch-depth: 0
	ref: ${{ env.GITHUB_REF_OVERRIDE }}
	- name: Download all dist form build jobs
	uses: actions/download-artifact@v4
	with:
	path: bin
	- name: Generate hashes
	run: >-
	find . -regextype posix-extended
	-regex "./bin/./archifiltre.*\.(exe\|AppImage\|dmg\|msi\|zip)$"
	-type f
	-exec bash -c "openssl dgst -sha512 {} > {}.sha512" \;
	- name: Set up Node.js
	uses: actions/setup-node@v4
	with:
	node-version-file: '.nvmrc'
	- name: Yarn install
	run: yarn --frozen-lockfile --perfer-offline
	- name: Import GPG key
	uses: crazy-max/ghaction-import-gpg@v6
	with:
	gpg_private_key: ${{ secrets.SOCIALGROOVYBOT_GPG_PRIVATE_KEY }}
	passphrase: ${{ secrets.SOCIALGROOVYBOT_GPG_PASSPHRASE }}
	git_user_signingkey: true
	git_commit_gpgsign: true
	git_push_gpgsign: false
	git_tag_gpgsign: true
	- name: Semantic Release
	run: \|
	export PATH="$(pwd)/.github/bin/:$PATH"
	export GITHUB_REF=$GITHUB_REF_OVERRIDE
	yarn semantic-release

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

CD #1201

Workflow file

CD #1201

Jobs

Run details

Workflow file for this run