renterd: v1.0.6 #47
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: PR | |
on: | |
pull_request: | |
types: [opened, synchronize, reopened, closed] | |
# Cancel previous runs when the PR is updated. | |
concurrency: | |
group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} | |
cancel-in-progress: true | |
jobs: | |
mac: | |
if: ${{ github.event_name == 'pull_request' && github.event.action != 'closed' }} | |
strategy: | |
matrix: | |
app: [hostd, renterd] | |
runs-on: macos-latest | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Setup | |
uses: ./.github/actions/setup | |
with: | |
node_version: 20.10.0 | |
- name: Setup signing | |
env: | |
APPLE_CERT_ID: ${{ secrets.APPLE_CERT_ID }} | |
APPLE_API_KEY: ${{ secrets.APPLE_API_KEY }} | |
APPLE_API_ISSUER: ${{ secrets.APPLE_API_ISSUER }} | |
APPLE_KEY_B64: ${{ secrets.APPLE_KEY_B64 }} | |
APPLE_CERT_B64: ${{ secrets.APPLE_CERT_B64 }} | |
APPLE_CERT_PASSWORD: ${{ secrets.APPLE_CERT_PASSWORD }} | |
APPLE_KEYCHAIN_PASSWORD: ${{ secrets.APPLE_KEYCHAIN_PASSWORD }} | |
run: | | |
# extract apple cert | |
APPLE_CERT_PATH=$RUNNER_TEMP/apple_cert.p12 | |
KEYCHAIN_PATH=$RUNNER_TEMP/app-signing.keychain-db | |
echo -n "$APPLE_CERT_B64" | base64 --decode --output $APPLE_CERT_PATH | |
# extract apple key | |
mkdir -p ~/private_keys | |
APPLE_API_KEY_PATH=~/private_keys/AuthKey_$APPLE_API_KEY.p8 | |
echo "APPLE_API_KEY_PATH=$APPLE_API_KEY_PATH" >> $GITHUB_ENV | |
echo -n "$APPLE_KEY_B64" | base64 --decode --output $APPLE_API_KEY_PATH | |
# create temp keychain | |
security create-keychain -p "$APPLE_KEYCHAIN_PASSWORD" $KEYCHAIN_PATH | |
security default-keychain -s $KEYCHAIN_PATH | |
security set-keychain-settings -lut 21600 $KEYCHAIN_PATH | |
security unlock-keychain -p "$APPLE_KEYCHAIN_PASSWORD" $KEYCHAIN_PATH | |
# import keychain | |
security import $APPLE_CERT_PATH -P $APPLE_CERT_PASSWORD -A -t cert -f pkcs12 -k $KEYCHAIN_PATH | |
security find-identity -v $KEYCHAIN_PATH -p codesigning | |
security set-key-partition-list -S apple-tool:,apple:,codesign: -s -k $APPLE_KEYCHAIN_PASSWORD $KEYCHAIN_PATH | |
- name: Build | |
run: yarn workspace ${{ matrix.app }} build | |
shell: bash | |
- name: Download daemon binary | |
run: yarn workspace ${{ matrix.app }} download:binary | |
shell: bash | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
- name: Package executable bundles, sign and notarize, make distributables | |
env: | |
APPLE_API_KEY: ${{ secrets.APPLE_API_KEY }} | |
APPLE_API_ISSUER: ${{ secrets.APPLE_API_ISSUER }} | |
APPLE_API_KEY_PATH: ${{ env.APPLE_API_KEY_PATH }} | |
run: yarn workspace ${{ matrix.app }} make --arch=arm64,x64 | |
shell: bash | |
linux: | |
if: ${{ github.event_name == 'pull_request' && github.event.action != 'closed' }} | |
strategy: | |
matrix: | |
app: [hostd, renterd] | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Setup | |
uses: ./.github/actions/setup | |
with: | |
node_version: 20.10.0 | |
- name: Build | |
run: yarn workspace ${{ matrix.app }} build | |
shell: bash | |
- name: Download daemon binary | |
run: yarn workspace ${{ matrix.app }} download:binary | |
shell: bash | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
- name: Package executable bundles, make distributables | |
run: yarn workspace ${{ matrix.app }} make --arch=arm64,x64 | |
shell: bash | |
windows: | |
if: ${{ github.event_name == 'pull_request' && github.event.action != 'closed' }} | |
strategy: | |
matrix: | |
app: [hostd, renterd] | |
runs-on: windows-latest | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Setup | |
uses: ./.github/actions/setup | |
with: | |
node_version: 20.10.0 | |
- name: Setup signing | |
run: dotnet tool install --global AzureSignTool | |
- name: Build | |
run: yarn workspace ${{ matrix.app }} build | |
shell: bash | |
- name: Download daemon binary | |
run: yarn workspace ${{ matrix.app }} download:binary | |
shell: bash | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
- name: Package executable bundles, sign and notarize, make distributables | |
run: | | |
yarn workspace ${{ matrix.app }} make --arch=x64 | |
# #TODO: probably not correct | |
# APP_PATH="out/${{ matrix.app }}-win32-x64/${{ matrix.app }}.app" | |
# BINARY_PATH="$APP_PATH/Contents/Windows/${{ matrix.app }}.exe" | |
# azuresigntool sign -kvu "${{ secrets.AZURE_KEY_VAULT_URI }}" -kvi "${{ secrets.AZURE_CLIENT_ID }}" -kvt "${{ secrets.AZURE_TENANT_ID }}" -kvs "${{ secrets.AZURE_CLIENT_SECRET }}" -kvc ${{ secrets.AZURE_CERT_NAME }} -tr http://timestamp.digicert.com -v $BINARY_PATH | |
shell: bash |