Leapp Desktop App CD - nightly - approval #40
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Leapp Desktop App CD - nightly - approval | |
on: | |
workflow_dispatch: | |
env: | |
CERTIFICATE_APPLICATION_OSX_P12: ${{ secrets.CERTIFICATE_APPLICATION_OSX_P12 }} | |
CERTIFICATE_OSX_P12: ${{ secrets.CERTIFICATE_OSX_P12 }} | |
DECODE_PASSWORD: ${{ secrets.DECODE_PASSWORD }} | |
DISTRIBUTION_ID: ${{ secrets.DISTRIBUTION_ID }} | |
GH_TOKEN: ${{ secrets.GH_TOKEN }} | |
KEYCHAIN_PASSWORD: ${{ secrets.KEYCHAIN_PASSWORD }} | |
S3_BUCKET: s3://noovolari-leapp-website-distribution | |
WIN_CERTIFICATE: ${{ secrets.WIN_CERTIFICATE }} | |
WIN_CSC_KEY_PASSWORD: ${{ secrets.WIN_CSC_KEY_PASSWORD }} | |
NPM_TOKEN: ${{ secrets.NPM_TOKEN }} | |
TEAM_REPOSITORY: ${{ secrets.TEAM_REPOSITORY }} | |
APPLE_ID: ${{ secrets.APPLE_ID }} | |
APPLE_APP_SPECIFIC_PASSWORD: ${{ secrets.APPLE_APP_SPECIFIC_PASSWORD }} | |
jobs: | |
generate-build-identifier: | |
outputs: | |
build-identifier: ${{ steps.build-identifier-generator.outputs.BUILD_IDENTIFIER }} | |
runs-on: ubuntu-latest | |
steps: | |
- name: generate build identifier | |
id: build-identifier-generator | |
run: | | |
IDENTIFIER=$(date +%Y%m%d%H%M%S) | |
echo "::set-output name=BUILD_IDENTIFIER::$IDENTIFIER" | |
build-and-release-core-and-cli: | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v3 | |
- name: Build and release core (nightly) | |
run: | | |
cd packages/core | |
echo "//registry.npmjs.org/:_authToken=\${NPM_TOKEN}" > .npmrc | |
npm install | |
npm run nightly | |
- name: Build and release CLI (nightly) | |
run: | | |
cd packages/cli | |
echo "//registry.npmjs.org/:_authToken=\${NPM_TOKEN}" > .npmrc | |
npm install | |
npm run nightly | |
build-win: | |
runs-on: windows-2022 | |
needs: [ build-and-release-core-and-cli, generate-build-identifier ] | |
steps: | |
- name: Prepare GIT | |
shell: bash | |
run: | | |
git config --global core.autocrlf false | |
git config --global core.eol lf | |
- uses: actions/checkout@v3 | |
- uses: actions/checkout@v3 | |
if: ${{ env.TEAM_REPOSITORY != '' }} | |
with: | |
repository: ${{ env.TEAM_REPOSITORY }} | |
ref: development | |
token: ${{ secrets.GH_TOKEN }} | |
path: leapp-team | |
- uses: actions/setup-python@v4 | |
with: | |
python-version: "3.11" | |
- name: Inject Team Feature | |
if: ${{ env.TEAM_REPOSITORY != '' }} | |
run: | | |
mv leapp-team .. | |
cd ../leapp-team/packages/leapp-team-service | |
npm run enable-team-features-dev | |
- name: Build Win desktop app (nightly) | |
shell: bash | |
run: | | |
cd packages/desktop-app | |
npm install | |
npm run nightly-win | |
rm -Rf ./release/win-unpacked | |
rm -Rf ./release/.cache | |
rm -Rf ./release/builder-debug.yml | |
rm -Rf ./release/builder-effective-config.yaml | |
TAG_VERSION=$(cat nightly-version) | |
rm "./release/Leapp-$TAG_VERSION-win.zip" ||: | |
powershell "Compress-Archive './release/Leapp Setup $TAG_VERSION.exe' './release/Leapp-$TAG_VERSION-win.zip'" | |
- name: Prepare tag version for artifact upload | |
id: release | |
shell: bash | |
run: | | |
cd packages/desktop-app | |
TAG_VERSION=$(cat nightly-version) | |
echo "::set-output name=TAG_VERSION::$TAG_VERSION" | |
- name: Upload artifacts | |
uses: actions/upload-artifact@v3 | |
with: | |
name: Leapp-${{ steps.release.outputs.TAG_VERSION }}-win.zip | |
path: packages/desktop-app/release/Leapp-${{ steps.release.outputs.TAG_VERSION }}-win.zip | |
build-linux: | |
runs-on: ubuntu-latest | |
needs: [ build-and-release-core-and-cli, generate-build-identifier ] | |
steps: | |
- uses: actions/checkout@v3 | |
- uses: actions/checkout@v3 | |
if: ${{ env.TEAM_REPOSITORY != '' }} | |
with: | |
repository: ${{ env.TEAM_REPOSITORY }} | |
ref: development | |
token: ${{ secrets.GH_TOKEN }} | |
path: leapp-team | |
- uses: actions/setup-python@v4 | |
with: | |
python-version: "3.11" | |
- name: Inject Team Feature | |
if: ${{ env.TEAM_REPOSITORY != '' }} | |
run: | | |
mv leapp-team .. | |
cd ../leapp-team/packages/leapp-team-service | |
npm run enable-team-features-dev | |
- name: Build Linux desktop app (nightly) | |
run: | | |
cd packages/desktop-app | |
npm install | |
npm run nightly-linux | |
rm -Rf ./release/linux-unpacked | |
rm -Rf ./release/.cache | |
rm -Rf ./release/builder-debug.yml | |
rm -Rf ./release/builder-effective-config.yaml | |
- name: Prepare tag version for artifact upload | |
id: release | |
run: | | |
cd packages/desktop-app | |
TAG_VERSION=$(cat nightly-version) | |
echo "::set-output name=TAG_VERSION::$TAG_VERSION" | |
- name: Upload artifacts (.deb) | |
uses: actions/upload-artifact@v3 | |
with: | |
name: Leapp-${{ steps.release.outputs.TAG_VERSION }}_amd64.deb | |
path: packages/desktop-app/release/Leapp_${{ steps.release.outputs.TAG_VERSION }}_amd64.deb | |
- name: Upload artifacts (.AppImage) | |
uses: actions/upload-artifact@v3 | |
with: | |
name: Leapp-${{ steps.release.outputs.TAG_VERSION }}.AppImage | |
path: packages/desktop-app/release/Leapp-${{ steps.release.outputs.TAG_VERSION }}.AppImage | |
build-macos-x64: | |
runs-on: macos-latest | |
needs: [ build-and-release-core-and-cli, generate-build-identifier ] | |
steps: | |
- uses: actions/checkout@v3 | |
- uses: actions/checkout@v3 | |
if: ${{ env.TEAM_REPOSITORY != '' }} | |
with: | |
repository: ${{ env.TEAM_REPOSITORY }} | |
ref: development | |
token: ${{ secrets.GH_TOKEN }} | |
path: leapp-team | |
- uses: actions/setup-python@v4 | |
with: | |
python-version: "3.11" | |
- name: Inject Team Feature | |
if: ${{ env.TEAM_REPOSITORY != '' }} | |
run: | | |
mv leapp-team .. | |
cd ../leapp-team/packages/leapp-team-service | |
npm run enable-team-features-dev | |
- name: Build macOS x64 desktop app (nightly) | |
uses: nick-fields/retry@v2 | |
env: | |
APPLE_NOTARISATION_PASSWORD: ${{ secrets.APPLE_NOTARISATION_PASSWORD }} | |
with: | |
timeout_minutes: 20 | |
max_attempts: 5 | |
command: | | |
cd packages/desktop-app | |
KEY_CHAIN=build.keychain | |
CERTIFICATE_P12=certificate.p12 | |
CERTIFICATE_APPLICATION_P12=certificate-application.p12 | |
echo "Recreate the certificate from the secure environment variable" | |
echo "security create-keychain" | |
echo "${{ env.CERTIFICATE_OSX_P12 }}" | base64 --decode > $CERTIFICATE_P12 | |
echo "${{ env.CERTIFICATE_APPLICATION_OSX_P12 }}" | base64 --decode > $CERTIFICATE_APPLICATION_P12 | |
security create-keychain -p ${{ env.KEYCHAIN_PASSWORD }} $KEY_CHAIN | |
echo "security list-keychains" | |
security list-keychains -s login.keychain build.keychain | |
echo "security default-keychain" | |
security default-keychain -s $KEY_CHAIN | |
echo "security unlock-keychain" | |
security unlock-keychain -p ${{ env.KEYCHAIN_PASSWORD }} $KEY_CHAIN | |
echo "security import" | |
security import $CERTIFICATE_P12 -k $KEY_CHAIN -P '${{ env.DECODE_PASSWORD }}' -T /usr/bin/codesign; | |
security import $CERTIFICATE_APPLICATION_P12 -k $KEY_CHAIN -P '${{ env.DECODE_PASSWORD }}' -T /usr/bin/codesign; | |
echo "security find-identity" | |
security find-identity -v | |
echo "security set-key-partition-list" | |
security set-key-partition-list -S apple-tool:,apple:,codesign:, -s -k ${{ env.KEYCHAIN_PASSWORD }} $KEY_CHAIN | |
rm -fr *.p12 | |
npm install | |
npm run set-target-x64 | |
npm run nightly | |
- name: Clean build | |
run: | | |
cd packages/desktop-app | |
rm -Rf ./release/mac | |
rm -Rf ./release/mac-unpacked | |
rm -Rf ./release/.cache | |
rm -Rf ./release/builder-debug.yml | |
rm -Rf ./release/builder-effective-config.yaml | |
TAG_VERSION=$(cat nightly-version) | |
rm "./release/Leapp-$TAG_VERSION-mac.zip" | |
rm "./release/Leapp-$TAG_VERSION-mac.zip.blockmap" | |
zip "./release/Leapp-$TAG_VERSION-mac.zip" "./release/Leapp-$TAG_VERSION.dmg" | |
- name: Prepare tag version for artifact upload | |
id: release | |
run: | | |
cd packages/desktop-app | |
TAG_VERSION=$(cat nightly-version) | |
echo "::set-output name=TAG_VERSION::$TAG_VERSION" | |
- name: Upload artifacts | |
uses: actions/upload-artifact@v3 | |
with: | |
name: Leapp-${{ steps.release.outputs.TAG_VERSION }}.dmg | |
path: packages/desktop-app/release/Leapp-${{ steps.release.outputs.TAG_VERSION }}.dmg | |
build-macos-arm: | |
runs-on: macos-latest | |
needs: [ build-and-release-core-and-cli, generate-build-identifier, build-macos-x64] | |
steps: | |
- uses: actions/checkout@v3 | |
- uses: actions/checkout@v3 | |
if: ${{ env.TEAM_REPOSITORY != '' }} | |
with: | |
repository: ${{ env.TEAM_REPOSITORY }} | |
ref: development | |
token: ${{ secrets.GH_TOKEN }} | |
path: leapp-team | |
- uses: actions/setup-python@v4 | |
with: | |
python-version: "3.11" | |
- name: Inject Team Feature | |
if: ${{ env.TEAM_REPOSITORY != '' }} | |
run: | | |
mv leapp-team .. | |
cd ../leapp-team/packages/leapp-team-service | |
npm run enable-team-features-dev | |
- name: Build macOS arm64 desktop app (nightly) | |
uses: nick-fields/retry@v2 | |
env: | |
APPLE_NOTARISATION_PASSWORD: ${{ secrets.APPLE_NOTARISATION_PASSWORD }} | |
with: | |
timeout_minutes: 20 | |
max_attempts: 5 | |
command: | | |
cd packages/desktop-app | |
KEY_CHAIN=build.keychain | |
CERTIFICATE_P12=certificate.p12 | |
CERTIFICATE_APPLICATION_P12=certificate-application.p12 | |
echo "Recreate the certificate from the secure environment variable" | |
echo "security create-keychain" | |
echo "${{ env.CERTIFICATE_OSX_P12 }}" | base64 --decode > $CERTIFICATE_P12 | |
echo "${{ env.CERTIFICATE_APPLICATION_OSX_P12 }}" | base64 --decode > $CERTIFICATE_APPLICATION_P12 | |
security create-keychain -p ${{ env.KEYCHAIN_PASSWORD }} $KEY_CHAIN | |
echo "security list-keychains" | |
security list-keychains -s login.keychain build.keychain | |
echo "security default-keychain" | |
security default-keychain -s $KEY_CHAIN | |
echo "security unlock-keychain" | |
security unlock-keychain -p ${{ env.KEYCHAIN_PASSWORD }} $KEY_CHAIN | |
echo "security import" | |
security import $CERTIFICATE_P12 -k $KEY_CHAIN -P '${{ env.DECODE_PASSWORD }}' -T /usr/bin/codesign; | |
security import $CERTIFICATE_APPLICATION_P12 -k $KEY_CHAIN -P '${{ env.DECODE_PASSWORD }}' -T /usr/bin/codesign; | |
echo "security find-identity" | |
security find-identity -v | |
echo "security set-key-partition-list" | |
security set-key-partition-list -S apple-tool:,apple:,codesign:, -s -k ${{ env.KEYCHAIN_PASSWORD }} $KEY_CHAIN | |
rm -fr *.p12 | |
npm install | |
npm run set-target-arm64 | |
npm run nightly | |
- name: Clean build | |
run: | | |
cd packages/desktop-app | |
rm -Rf ./release/mac | |
rm -Rf ./release/mac-unpacked | |
rm -Rf ./release/.cache | |
rm -Rf ./release/builder-debug.yml | |
rm -Rf ./release/builder-effective-config.yaml | |
rm -Rf ./release/mac-arm64 | |
TAG_VERSION=$(cat nightly-version) | |
rm "./release/Leapp-$TAG_VERSION-arm64-mac.zip" | |
rm "./release/Leapp-$TAG_VERSION-arm64-mac.zip.blockmap" | |
zip "./release/Leapp-$TAG_VERSION-mac-arm64.zip" "./release/Leapp-$TAG_VERSION-arm64.dmg" | |
- name: Prepare tag version for artifact upload | |
id: release | |
run: | | |
cd packages/desktop-app | |
TAG_VERSION=$(cat nightly-version) | |
echo "::set-output name=TAG_VERSION::$TAG_VERSION" | |
- name: Upload artifacts | |
uses: actions/upload-artifact@v3 | |
with: | |
name: Leapp-${{ steps.release.outputs.TAG_VERSION }}-arm64.dmg | |
path: packages/desktop-app/release/Leapp-${{ steps.release.outputs.TAG_VERSION }}-arm64.dmg | |
post-to-slack: | |
runs-on: ubuntu-latest | |
needs: [ build-win, build-linux, build-macos-x64, build-macos-arm ] | |
steps: | |
- name: Post to Slack | |
id: slack | |
uses: slackapi/[email protected] | |
with: | |
# Slack channel id, channel name, or user id to post message. | |
# See also: https://api.slack.com/methods/chat.postMessage#channels | |
# You can pass in multiple channels to post to by providing a comma-delimited list of channel IDs. | |
channel-id: "C05S4TSQ919" | |
# For posting a simple plain text message | |
slack-message: "${{ github.ref }} approval builds: https://github.com/Noovolari/leapp/actions/runs/${{ github.run_id }}" | |
env: | |
SLACK_BOT_TOKEN: ${{ secrets.SLACK_TOKEN }} |