Skip to content

CD

CD #1222

Workflow file for this run

name: CD
on:
workflow_run:
workflows:
- CI
branches: [main, beta]
types:
- completed
schedule:
- cron: 0 1 * * * # every night at 1am on dev
workflow_dispatch:
env:
GIT_AUTHOR_EMAIL: ${{ secrets.SOCIALGROOVYBOT_EMAIL }}
GIT_AUTHOR_NAME: ${{ secrets.SOCIALGROOVYBOT_NAME }}
GIT_COMMITTER_EMAIL: ${{ secrets.SOCIALGROOVYBOT_EMAIL }}
GIT_COMMITTER_NAME: ${{ secrets.SOCIALGROOVYBOT_NAME }}
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
WIN_CSC_LINK: ${{ github.workspace }}/certwin.p12
CSC_LINK: ${{ github.workspace }}/certmac.p12
GITHUB_REF_OVERRIDE: ${{ github.event.workflow_run.conclusion == 'success' && format('refs/heads/{0}', github.event.workflow_run.head_branch) || github.ref }}
jobs:
compile:
name: Compile
runs-on: ubuntu-latest
if: "${{ github.event.workflow_run.conclusion == 'success' }}
|| ${{ github.event_name == 'schedule'}}
|| (${{ github.event_name == 'workflow_dispatch' }} && contains('refs/heads/main,refs/heads/beta,refs/heads/dev', github.ref))"
outputs:
current-version: ${{ steps.compile.outputs.current-version }}
next-version: ${{ steps.compile.outputs.next-version }}
steps:
- uses: actions/checkout@v4
with:
fetch-depth: 0
ref: ${{ env.GITHUB_REF_OVERRIDE }}
- name: Decode certificates
env:
WIN_CSC_LINK_RAW: ${{ secrets.WIN_CSC_LINK }}
CSC_LINK_RAW: ${{ secrets.CSC_LINK }}
run: |
echo "$WIN_CSC_LINK_RAW" > certwin.txt
base64 --decode certwin.txt > $WIN_CSC_LINK
echo "$CSC_LINK_RAW" > certmac.txt
base64 --decode certmac.txt > $CSC_LINK
- name: Archive certificates
uses: actions/upload-artifact@v4
with:
if-no-files-found: error
name: certificates
path: |
${{ env.WIN_CSC_LINK }}
${{ env.CSC_LINK }}
- name: Set up Node.js
uses: actions/setup-node@v4
with:
node-version-file: '.nvmrc'
# >> NO Secrets
- name: Temp NO_SECRETS as .env file
run: |
touch ${{ github.run_id }}_${{ github.sha }}.env
echo "${{ secrets.NO_SECRETS }}" >> ${{ github.run_id }}_${{ github.sha }}.env
- name: Convert dotenv as output
id: nosecrets
uses: falti/dotenv-action@v1
with:
path: ${{ github.run_id }}_${{ github.sha }}.env
log-variables: true
mask-variables: false
- name: Remove temp .env file
run: rm -rf ${{ github.run_id }}_${{ github.sha }}.env
# << NO Secrets
- name: Yarn install
run: yarn --frozen-lockfile --perfer-offline
- name: Import GPG key
uses: crazy-max/ghaction-import-gpg@v6
with:
gpg_private_key: ${{ secrets.SOCIALGROOVYBOT_GPG_PRIVATE_KEY }}
passphrase: ${{ secrets.SOCIALGROOVYBOT_GPG_PASSPHRASE }}
git_user_signingkey: true
git_commit_gpgsign: true
git_push_gpgsign: false
git_tag_gpgsign: true
- id: compile
name: Compile
run: |
export PATH="$(pwd)/.github/bin/:$PATH"
# override because of "env-ci" used by semantic-release
# GITHUB_REF should not be default branch when "workflow_run" event is triggered
export GITHUB_REF=$GITHUB_REF_OVERRIDE
echo "current-version=$(node -e "console.log(require('./package.json').version)")" >> $GITHUB_OUTPUT
yarn semantic-release
echo "next-version=$(node -e "console.log(require('./package.json').version)")" >> $GITHUB_OUTPUT
yarn compile --no-progress
env:
ARCHIFILTRE_RELEASE_MODE: version
TRACKER_MATOMO_ID_SITE: ${{ steps.nosecrets.outputs.tracker_matomo_id_site }}
TRACKER_PROVIDER: ${{ steps.nosecrets.outputs.tracker_provider }}
SENTRY_ORG: ${{ steps.nosecrets.outputs.sentry_org }}
TRACKER_MATOMO_URL: ${{ secrets.TRACKER_MATOMO_URL }}
TRACKER_POSTHOG_API_KEY: ${{ secrets.TRACKER_POSTHOG_API_KEY }}
TRACKER_POSTHOG_URL: ${{ secrets.TRACKER_POSTHOG_URL }}
SENTRY_DSN: ${{ secrets.SENTRY_DSN }}
SENTRY_AUTH_TOKEN: ${{ secrets.SENTRY_AUTH_TOKEN }}
SENTRY_URL: ${{ secrets.SENTRY_URL }}
FORCE_TRACKING: false
- name: Archive dist
uses: actions/upload-artifact@v4
with:
name: compile-dist
path: dist/
build:
if: ${{ success() }}
needs: compile
strategy:
matrix:
target:
- linux
- mac
- win
include:
- target: linux
os: ubuntu-latest
- target: mac
os: macos-latest
- target: win
os: windows-latest
name: Build binary for ${{ matrix.target }} on ${{ matrix.os }}
runs-on: ${{ matrix.os }}
env:
WIN_CSC_KEY_PASSWORD: ${{ secrets.WIN_CSC_KEY_PASSWORD }}
CSC_KEY_PASSWORD: ${{ secrets.CSC_KEY_PASSWORD }}
APPLE_ID: ${{ secrets.APPLE_ID }}
APPLE_ID_PASSWORD: ${{ secrets.APPLE_ID_PASSWORD }}
APPLE_ID_TEAM: ${{ secrets.APPLE_ID_TEAM }}
ELECTRON_CACHE: ${{ github.workspace }}/.cache/electron
ELECTRON_BUILDER_CACHE: ${{ github.workspace }}/.cache/electron-builder
steps:
- uses: actions/checkout@v4
with:
fetch-depth: 0
ref: ${{ env.GITHUB_REF_OVERRIDE }}
- name: Set up Node.js
uses: actions/setup-node@v4
with:
node-version-file: '.nvmrc'
- name: Yarn install
run: |
yarn config set network-timeout 300000
yarn --frozen-lockfile --prefer-offline
- name: Replace version in package.json
shell: bash
run: |
yarn global add replace
$(yarn global bin)/replace '"version": "${{ needs.compile.outputs.current-version }}"' '"version": "${{ needs.compile.outputs.next-version }}"' package.json
yarn replaceForChannel
- name: Download dist
uses: actions/download-artifact@v4
with:
name: compile-dist
path: dist/
- name: Download certificates
uses: actions/download-artifact@v4
with:
name: certificates
- name: Build bin
run: yarn dist:${{ matrix.target }}
env:
USE_HARD_LINKS: false
- name: Archive bin
uses: actions/upload-artifact@v4
with:
name: ${{ matrix.target }}-bin
path: |
electron/dist/*/archifiltre*.*
electron/dist/*/latest*.yml
release:
needs: build
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
with:
fetch-depth: 0
ref: ${{ env.GITHUB_REF_OVERRIDE }}
- name: Download all dist form build jobs
uses: actions/download-artifact@v4
with:
path: bin
- name: Generate hashes
run: >-
find . -regextype posix-extended
-regex ".*/bin/.*/archifiltre.*\.(exe|AppImage|dmg|msi|zip)$"
-type f
-exec bash -c "openssl dgst -sha512 {} > {}.sha512" \;
- name: Set up Node.js
uses: actions/setup-node@v4
with:
node-version-file: '.nvmrc'
- name: Yarn install
run: yarn --frozen-lockfile --perfer-offline
- name: Import GPG key
uses: crazy-max/ghaction-import-gpg@v6
with:
gpg_private_key: ${{ secrets.SOCIALGROOVYBOT_GPG_PRIVATE_KEY }}
passphrase: ${{ secrets.SOCIALGROOVYBOT_GPG_PASSPHRASE }}
git_user_signingkey: true
git_commit_gpgsign: true
git_push_gpgsign: false
git_tag_gpgsign: true
- name: Semantic Release
run: |
export PATH="$(pwd)/.github/bin/:$PATH"
export GITHUB_REF=$GITHUB_REF_OVERRIDE
yarn semantic-release