Build 70 of branch main by @NGPixel #70
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Build and Release | |
| run-name: Build ${{ github.run_number }} of branch ${{ github.ref_name }} by @${{ github.actor }} | |
| on: | |
| workflow_dispatch: | |
| jobs: | |
| # ----------------------------------------------------------------- | |
| # PREPARE | |
| # ----------------------------------------------------------------- | |
| prepare: | |
| name: Prepare Release | |
| runs-on: ubuntu-latest | |
| permissions: | |
| id-token: write | |
| contents: write | |
| outputs: | |
| pkg_version: ${{ steps.semver.outputs.nextStrict }} | |
| steps: | |
| - uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: 0 | |
| - name: Get Next Version | |
| id: semver | |
| uses: ietf-tools/semver-action@v1 | |
| with: | |
| token: ${{ github.token }} | |
| branch: main | |
| skipInvalidTags: true | |
| - name: Create Draft Release | |
| uses: ncipollo/release-action@v1.14.0 | |
| with: | |
| prerelease: true | |
| draft: false | |
| commit: ${{ github.sha }} | |
| tag: ${{ steps.semver.outputs.nextStrict }} | |
| name: ${{ steps.semver.outputs.nextStrict }} | |
| body: '*pending*' | |
| token: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Generate CHANGELOG | |
| id: changelog | |
| uses: Requarks/changelog-action@v1 | |
| with: | |
| token: ${{ github.token }} | |
| fromTag: ${{ steps.semver.outputs.nextStrict }} | |
| toTag: ${{ steps.semver.outputs.current }} | |
| writeToFile: false | |
| - name: Update Release Body | |
| uses: ncipollo/release-action@v1.14.0 | |
| with: | |
| prerelease: true | |
| updateOnlyUnreleased: true | |
| allowUpdates: true | |
| commit: ${{ github.sha }} | |
| tag: ${{ steps.semver.outputs.nextStrict }} | |
| name: ${{ steps.semver.outputs.nextStrict }} | |
| body: ${{ steps.changelog.outputs.changes }} | |
| token: ${{ secrets.GITHUB_TOKEN }} | |
| # ----------------------------------------------------------------- | |
| # BUILD ELECTRON | |
| # ----------------------------------------------------------------- | |
| build-electron: | |
| name: Build Electron | |
| needs: [prepare] | |
| runs-on: ${{ matrix.os }} | |
| permissions: | |
| id-token: write | |
| contents: write | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| include: | |
| - os: ubuntu-latest | |
| platform: linux | |
| arch: x64 | |
| ext: tar.gz | |
| - os: ubuntu-latest | |
| platform: linux | |
| arch: arm64 | |
| ext: tar.gz | |
| - os: macos-latest | |
| platform: darwin | |
| arch: x64 | |
| ext: dmg | |
| - os: macos-latest | |
| platform: darwin | |
| arch: arm64 | |
| ext: dmg | |
| - os: windows-latest | |
| platform: win32 | |
| arch: x64 | |
| ext: exe | |
| - os: windows-latest | |
| platform: win32 | |
| arch: arm64 | |
| ext: exe | |
| env: | |
| PKG_VERSION: ${{needs.prepare.outputs.pkg_version}} | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - uses: actions/setup-node@v4 | |
| with: | |
| node-version: '20' | |
| - name: Fetch Secrets from Vault | |
| if: ${{ matrix.platform == 'darwin' }} | |
| uses: hashicorp/vault-action@v3.0.0 | |
| with: | |
| method: jwt | |
| url: ${{ secrets.VAULT_URL }} | |
| role: ${{ secrets.VAULT_ROLE }} | |
| secrets: | | |
| kv/data/draftforge/apple API_ISSUER_ID | APPLE_API_ISSUER ; | |
| kv/data/draftforge/apple API_KEY_ID | APPLE_API_KEY_ID ; | |
| kv/data/draftforge/apple API_KEY_P8 | API_KEY_P8 ; | |
| kv/data/draftforge/apple DIST_CERT_P12 | CSC_LINK ; | |
| kv/data/draftforge/apple DIST_CERT_P12_PWD | CSC_KEY_PASSWORD ; | |
| - name: Save signing certs | |
| if: ${{ matrix.platform == 'darwin' }} | |
| run: | | |
| mkdir -p private_keys | |
| echo "APPLE_API_KEY=private_keys/AuthKeys_$APPLE_API_KEY_ID.p8" >> "$GITHUB_ENV" | |
| # echo "CSC_LINK=private_keys/distribution.p12" >> "$GITHUB_ENV" | |
| openssl base64 -d <<< "$API_KEY_P8" -out "private_keys/AuthKeys_$APPLE_API_KEY_ID.p8" | |
| # openssl base64 -d <<< "$DIST_CERT_P12" -out "private_keys/distribution.p12" | |
| - name: Import Certs into keychain | |
| if: ${{ matrix.platform == 'darwin' }} | |
| uses: apple-actions/import-codesign-certs@v3 | |
| with: | |
| p12-file-base64: ${{ env.CSC_LINK }} | |
| p12-password: ${{ env.CSC_KEY_PASSWORD }} | |
| - name: Set Version | |
| run: | | |
| node -e "const fs = require('node:fs'); const pkg = require('./package.json'); pkg.version = '${{ env.PKG_VERSION }}'; fs.writeFileSync('package.json', JSON.stringify(pkg, null, 2));" | |
| - name: Build package | |
| env: | |
| DEBUG: "electron-notarize*" | |
| run: | | |
| echo "Installing dependencies..." | |
| npm ci | |
| echo "Build package..." | |
| npx quasar build -m electron -T ${{ matrix.platform }} --arch ${{ matrix.arch }} -P never | |
| - name: Upload Build Artifact | |
| id: artifactupload | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: ${{ matrix.platform }}-${{ matrix.arch }}-build | |
| path: "dist/electron/Packaged/*.${{ matrix.ext }}" | |
| - id: signpath | |
| if: ${{ matrix.platform == 'win32' && matrix.arch == 'x64' }} | |
| uses: signpath/github-action-submit-signing-request@v1 | |
| with: | |
| api-token: '${{ secrets.SIGNPATH_API_TOKEN }}' | |
| organization-id: '${{ secrets.SIGNPATH_ORG_ID }}' | |
| project-slug: 'editor' | |
| signing-policy-slug: 'test-signing' | |
| github-artifact-id: '${{ steps.artifactupload.outputs.artifact-id }}' | |
| wait-for-completion: true | |
| output-artifact-directory: signed-build | |
| - name: Add Signed Package to Release | |
| if: ${{ matrix.platform == 'win32' && matrix.arch == 'x64' }} | |
| uses: ncipollo/release-action@v1.14.0 | |
| with: | |
| prerelease: true | |
| updateOnlyUnreleased: true | |
| allowUpdates: true | |
| omitBody: true | |
| tag: ${{ env.PKG_VERSION }} | |
| name: ${{ env.PKG_VERSION }} | |
| artifacts: "signed-build/*.${{ matrix.ext }}" | |
| token: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Add Package to Release | |
| if: ${{ !(matrix.platform == 'win32' && matrix.arch == 'x64') }} | |
| uses: ncipollo/release-action@v1.14.0 | |
| with: | |
| prerelease: true | |
| updateOnlyUnreleased: true | |
| allowUpdates: true | |
| omitBody: true | |
| tag: ${{ env.PKG_VERSION }} | |
| name: ${{ env.PKG_VERSION }} | |
| artifacts: "dist/electron/Packaged/*.${{ matrix.ext }}" | |
| token: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Purge signing certs | |
| if: ${{ matrix.platform == 'darwin' && always() }} | |
| run: | | |
| rm -rf private_keys | |
| # ----------------------------------------------------------------- | |
| # RELEASE | |
| # ----------------------------------------------------------------- | |
| release: | |
| name: Publish Release | |
| needs: [prepare, build-electron] | |
| runs-on: ubuntu-latest | |
| permissions: | |
| id-token: write | |
| contents: write | |
| env: | |
| PKG_VERSION: ${{needs.prepare.outputs.pkg_version}} | |
| steps: | |
| - name: Finalize Release | |
| uses: ncipollo/release-action@v1.14.0 | |
| with: | |
| allowUpdates: true | |
| makeLatest: true | |
| prerelease: false | |
| omitBody: true | |
| draft: false | |
| tag: ${{ env.PKG_VERSION }} | |
| name: ${{ env.PKG_VERSION }} | |
| token: ${{ secrets.GITHUB_TOKEN }} |