CD #1222
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: CD | |
on: | |
workflow_run: | |
workflows: | |
- CI | |
branches: [main, beta] | |
types: | |
- completed | |
schedule: | |
- cron: 0 1 * * * # every night at 1am on dev | |
workflow_dispatch: | |
env: | |
GIT_AUTHOR_EMAIL: ${{ secrets.SOCIALGROOVYBOT_EMAIL }} | |
GIT_AUTHOR_NAME: ${{ secrets.SOCIALGROOVYBOT_NAME }} | |
GIT_COMMITTER_EMAIL: ${{ secrets.SOCIALGROOVYBOT_EMAIL }} | |
GIT_COMMITTER_NAME: ${{ secrets.SOCIALGROOVYBOT_NAME }} | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
WIN_CSC_LINK: ${{ github.workspace }}/certwin.p12 | |
CSC_LINK: ${{ github.workspace }}/certmac.p12 | |
GITHUB_REF_OVERRIDE: ${{ github.event.workflow_run.conclusion == 'success' && format('refs/heads/{0}', github.event.workflow_run.head_branch) || github.ref }} | |
jobs: | |
compile: | |
name: Compile | |
runs-on: ubuntu-latest | |
if: "${{ github.event.workflow_run.conclusion == 'success' }} | |
|| ${{ github.event_name == 'schedule'}} | |
|| (${{ github.event_name == 'workflow_dispatch' }} && contains('refs/heads/main,refs/heads/beta,refs/heads/dev', github.ref))" | |
outputs: | |
current-version: ${{ steps.compile.outputs.current-version }} | |
next-version: ${{ steps.compile.outputs.next-version }} | |
steps: | |
- uses: actions/checkout@v4 | |
with: | |
fetch-depth: 0 | |
ref: ${{ env.GITHUB_REF_OVERRIDE }} | |
- name: Decode certificates | |
env: | |
WIN_CSC_LINK_RAW: ${{ secrets.WIN_CSC_LINK }} | |
CSC_LINK_RAW: ${{ secrets.CSC_LINK }} | |
run: | | |
echo "$WIN_CSC_LINK_RAW" > certwin.txt | |
base64 --decode certwin.txt > $WIN_CSC_LINK | |
echo "$CSC_LINK_RAW" > certmac.txt | |
base64 --decode certmac.txt > $CSC_LINK | |
- name: Archive certificates | |
uses: actions/upload-artifact@v4 | |
with: | |
if-no-files-found: error | |
name: certificates | |
path: | | |
${{ env.WIN_CSC_LINK }} | |
${{ env.CSC_LINK }} | |
- name: Set up Node.js | |
uses: actions/setup-node@v4 | |
with: | |
node-version-file: '.nvmrc' | |
# >> NO Secrets | |
- name: Temp NO_SECRETS as .env file | |
run: | | |
touch ${{ github.run_id }}_${{ github.sha }}.env | |
echo "${{ secrets.NO_SECRETS }}" >> ${{ github.run_id }}_${{ github.sha }}.env | |
- name: Convert dotenv as output | |
id: nosecrets | |
uses: falti/dotenv-action@v1 | |
with: | |
path: ${{ github.run_id }}_${{ github.sha }}.env | |
log-variables: true | |
mask-variables: false | |
- name: Remove temp .env file | |
run: rm -rf ${{ github.run_id }}_${{ github.sha }}.env | |
# << NO Secrets | |
- name: Yarn install | |
run: yarn --frozen-lockfile --perfer-offline | |
- name: Import GPG key | |
uses: crazy-max/ghaction-import-gpg@v6 | |
with: | |
gpg_private_key: ${{ secrets.SOCIALGROOVYBOT_GPG_PRIVATE_KEY }} | |
passphrase: ${{ secrets.SOCIALGROOVYBOT_GPG_PASSPHRASE }} | |
git_user_signingkey: true | |
git_commit_gpgsign: true | |
git_push_gpgsign: false | |
git_tag_gpgsign: true | |
- id: compile | |
name: Compile | |
run: | | |
export PATH="$(pwd)/.github/bin/:$PATH" | |
# override because of "env-ci" used by semantic-release | |
# GITHUB_REF should not be default branch when "workflow_run" event is triggered | |
export GITHUB_REF=$GITHUB_REF_OVERRIDE | |
echo "current-version=$(node -e "console.log(require('./package.json').version)")" >> $GITHUB_OUTPUT | |
yarn semantic-release | |
echo "next-version=$(node -e "console.log(require('./package.json').version)")" >> $GITHUB_OUTPUT | |
yarn compile --no-progress | |
env: | |
ARCHIFILTRE_RELEASE_MODE: version | |
TRACKER_MATOMO_ID_SITE: ${{ steps.nosecrets.outputs.tracker_matomo_id_site }} | |
TRACKER_PROVIDER: ${{ steps.nosecrets.outputs.tracker_provider }} | |
SENTRY_ORG: ${{ steps.nosecrets.outputs.sentry_org }} | |
TRACKER_MATOMO_URL: ${{ secrets.TRACKER_MATOMO_URL }} | |
TRACKER_POSTHOG_API_KEY: ${{ secrets.TRACKER_POSTHOG_API_KEY }} | |
TRACKER_POSTHOG_URL: ${{ secrets.TRACKER_POSTHOG_URL }} | |
SENTRY_DSN: ${{ secrets.SENTRY_DSN }} | |
SENTRY_AUTH_TOKEN: ${{ secrets.SENTRY_AUTH_TOKEN }} | |
SENTRY_URL: ${{ secrets.SENTRY_URL }} | |
FORCE_TRACKING: false | |
- name: Archive dist | |
uses: actions/upload-artifact@v4 | |
with: | |
name: compile-dist | |
path: dist/ | |
build: | |
if: ${{ success() }} | |
needs: compile | |
strategy: | |
matrix: | |
target: | |
- linux | |
- mac | |
- win | |
include: | |
- target: linux | |
os: ubuntu-latest | |
- target: mac | |
os: macos-latest | |
- target: win | |
os: windows-latest | |
name: Build binary for ${{ matrix.target }} on ${{ matrix.os }} | |
runs-on: ${{ matrix.os }} | |
env: | |
WIN_CSC_KEY_PASSWORD: ${{ secrets.WIN_CSC_KEY_PASSWORD }} | |
CSC_KEY_PASSWORD: ${{ secrets.CSC_KEY_PASSWORD }} | |
APPLE_ID: ${{ secrets.APPLE_ID }} | |
APPLE_ID_PASSWORD: ${{ secrets.APPLE_ID_PASSWORD }} | |
APPLE_ID_TEAM: ${{ secrets.APPLE_ID_TEAM }} | |
ELECTRON_CACHE: ${{ github.workspace }}/.cache/electron | |
ELECTRON_BUILDER_CACHE: ${{ github.workspace }}/.cache/electron-builder | |
steps: | |
- uses: actions/checkout@v4 | |
with: | |
fetch-depth: 0 | |
ref: ${{ env.GITHUB_REF_OVERRIDE }} | |
- name: Set up Node.js | |
uses: actions/setup-node@v4 | |
with: | |
node-version-file: '.nvmrc' | |
- name: Yarn install | |
run: | | |
yarn config set network-timeout 300000 | |
yarn --frozen-lockfile --prefer-offline | |
- name: Replace version in package.json | |
shell: bash | |
run: | | |
yarn global add replace | |
$(yarn global bin)/replace '"version": "${{ needs.compile.outputs.current-version }}"' '"version": "${{ needs.compile.outputs.next-version }}"' package.json | |
yarn replaceForChannel | |
- name: Download dist | |
uses: actions/download-artifact@v4 | |
with: | |
name: compile-dist | |
path: dist/ | |
- name: Download certificates | |
uses: actions/download-artifact@v4 | |
with: | |
name: certificates | |
- name: Build bin | |
run: yarn dist:${{ matrix.target }} | |
env: | |
USE_HARD_LINKS: false | |
- name: Archive bin | |
uses: actions/upload-artifact@v4 | |
with: | |
name: ${{ matrix.target }}-bin | |
path: | | |
electron/dist/*/archifiltre*.* | |
electron/dist/*/latest*.yml | |
release: | |
needs: build | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v4 | |
with: | |
fetch-depth: 0 | |
ref: ${{ env.GITHUB_REF_OVERRIDE }} | |
- name: Download all dist form build jobs | |
uses: actions/download-artifact@v4 | |
with: | |
path: bin | |
- name: Generate hashes | |
run: >- | |
find . -regextype posix-extended | |
-regex ".*/bin/.*/archifiltre.*\.(exe|AppImage|dmg|msi|zip)$" | |
-type f | |
-exec bash -c "openssl dgst -sha512 {} > {}.sha512" \; | |
- name: Set up Node.js | |
uses: actions/setup-node@v4 | |
with: | |
node-version-file: '.nvmrc' | |
- name: Yarn install | |
run: yarn --frozen-lockfile --perfer-offline | |
- name: Import GPG key | |
uses: crazy-max/ghaction-import-gpg@v6 | |
with: | |
gpg_private_key: ${{ secrets.SOCIALGROOVYBOT_GPG_PRIVATE_KEY }} | |
passphrase: ${{ secrets.SOCIALGROOVYBOT_GPG_PASSPHRASE }} | |
git_user_signingkey: true | |
git_commit_gpgsign: true | |
git_push_gpgsign: false | |
git_tag_gpgsign: true | |
- name: Semantic Release | |
run: | | |
export PATH="$(pwd)/.github/bin/:$PATH" | |
export GITHUB_REF=$GITHUB_REF_OVERRIDE | |
yarn semantic-release |