Publish distributables into new GitHub release #78
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Publish distributables into new GitHub release | |
# Currently this does not seem to be an issue, but saving the following as a potential | |
# improvement to make: https://github.com/electron/forge/issues/3577#issuecomment-2078502500 | |
on: | |
repository_dispatch: | |
types: [publish] | |
# Enable manual trigger | |
workflow_dispatch: | |
jobs: | |
mac-arm64: | |
strategy: | |
fail-fast: false | |
matrix: | |
app: [hostd, renterd, walletd] | |
runs-on: macos-latest | |
defaults: | |
run: | |
working-directory: ${{ matrix.app }} | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Setup | |
uses: ./.github/actions/daemon-setup | |
with: | |
daemon: ${{ matrix.app }} | |
node_version: 20.10.0 | |
- name: Setup signing | |
env: | |
APPLE_CERT_ID: ${{ secrets.APPLE_CERT_ID }} | |
APPLE_API_KEY: ${{ secrets.APPLE_API_KEY }} | |
APPLE_API_ISSUER: ${{ secrets.APPLE_API_ISSUER }} | |
APPLE_KEY_B64: ${{ secrets.APPLE_KEY_B64 }} | |
APPLE_CERT_B64: ${{ secrets.APPLE_CERT_B64 }} | |
APPLE_CERT_PASSWORD: ${{ secrets.APPLE_CERT_PASSWORD }} | |
APPLE_KEYCHAIN_PASSWORD: ${{ secrets.APPLE_KEYCHAIN_PASSWORD }} | |
run: | | |
# extract apple cert | |
APPLE_CERT_PATH=$RUNNER_TEMP/apple_cert.p12 | |
KEYCHAIN_PATH=$RUNNER_TEMP/app-signing.keychain-db | |
echo -n "$APPLE_CERT_B64" | base64 --decode --output $APPLE_CERT_PATH | |
# extract apple key | |
mkdir -p ~/private_keys | |
APPLE_API_KEY_PATH=~/private_keys/AuthKey_$APPLE_API_KEY.p8 | |
echo "APPLE_API_KEY_PATH=$APPLE_API_KEY_PATH" >> $GITHUB_ENV | |
echo -n "$APPLE_KEY_B64" | base64 --decode --output $APPLE_API_KEY_PATH | |
# create temp keychain | |
security create-keychain -p "$APPLE_KEYCHAIN_PASSWORD" $KEYCHAIN_PATH | |
security default-keychain -s $KEYCHAIN_PATH | |
security set-keychain-settings -lut 21600 $KEYCHAIN_PATH | |
security unlock-keychain -p "$APPLE_KEYCHAIN_PASSWORD" $KEYCHAIN_PATH | |
# import keychain | |
security import $APPLE_CERT_PATH -P $APPLE_CERT_PASSWORD -A -t cert -f pkcs12 -k $KEYCHAIN_PATH | |
security find-identity -v $KEYCHAIN_PATH -p codesigning | |
security set-key-partition-list -S apple-tool:,apple:,codesign: -s -k $APPLE_KEYCHAIN_PASSWORD $KEYCHAIN_PATH | |
- name: Build | |
uses: nick-fields/retry@v3 | |
with: | |
max_attempts: 3 | |
timeout_minutes: 30 | |
retry_wait_seconds: 30 | |
command: | | |
cd ${{ matrix.app }} | |
npm run build | |
- name: Download daemon binary | |
run: npm run download:binary -- --goos=darwin --goarch=amd64 | |
shell: bash | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
- name: Package executable bundles, sign and notarize, make and publish distributables | |
uses: nick-fields/retry@v3 | |
env: | |
APPLE_API_KEY: ${{ secrets.APPLE_API_KEY }} | |
APPLE_API_ISSUER: ${{ secrets.APPLE_API_ISSUER }} | |
APPLE_API_KEY_PATH: ${{ env.APPLE_API_KEY_PATH }} | |
RELEASE_BUCKET_ACCESS_KEY: ${{ secrets.RELEASE_BUCKET_ACCESS_KEY }} | |
RELEASE_BUCKET_SECRET_KEY: ${{ secrets.RELEASE_BUCKET_SECRET_KEY }} | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
with: | |
max_attempts: 3 | |
timeout_minutes: 30 | |
retry_wait_seconds: 30 | |
command: | | |
cd ${{ matrix.app }} | |
npm run publish -- --arch=arm64 | |
linux-arm64: | |
strategy: | |
fail-fast: false | |
matrix: | |
app: [hostd, renterd, walletd] | |
runs-on: ubuntu-latest | |
defaults: | |
run: | |
working-directory: ${{ matrix.app }} | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Setup | |
uses: ./.github/actions/daemon-setup | |
with: | |
daemon: ${{ matrix.app }} | |
node_version: 20.10.0 | |
- name: Build | |
uses: nick-fields/retry@v3 | |
with: | |
max_attempts: 3 | |
timeout_minutes: 30 | |
retry_wait_seconds: 30 | |
command: | | |
cd ${{ matrix.app }} | |
npm run build | |
- name: Download daemon binary | |
run: npm run download:binary -- --goos=linux --goarch=arm64 | |
shell: bash | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
- name: Package executable bundles, make and publish distributables | |
uses: nick-fields/retry@v3 | |
env: | |
RELEASE_BUCKET_ACCESS_KEY: ${{ secrets.RELEASE_BUCKET_ACCESS_KEY }} | |
RELEASE_BUCKET_SECRET_KEY: ${{ secrets.RELEASE_BUCKET_SECRET_KEY }} | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
with: | |
max_attempts: 3 | |
timeout_minutes: 30 | |
retry_wait_seconds: 30 | |
command: | | |
cd ${{ matrix.app }} | |
npm run publish -- --arch=arm64 | |
linux-amd64: | |
strategy: | |
fail-fast: false | |
matrix: | |
app: [hostd, renterd, walletd] | |
runs-on: ubuntu-latest | |
defaults: | |
run: | |
working-directory: ${{ matrix.app }} | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Setup | |
uses: ./.github/actions/daemon-setup | |
with: | |
daemon: ${{ matrix.app }} | |
node_version: 20.10.0 | |
- name: Build | |
uses: nick-fields/retry@v3 | |
with: | |
max_attempts: 3 | |
timeout_minutes: 30 | |
retry_wait_seconds: 30 | |
command: | | |
cd ${{ matrix.app }} | |
npm run build | |
- name: Download daemon binary | |
run: npm run download:binary -- --goos=linux --goarch=amd64 | |
shell: bash | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
- name: Package executable bundles, make and publish distributables | |
uses: nick-fields/retry@v3 | |
env: | |
RELEASE_BUCKET_ACCESS_KEY: ${{ secrets.RELEASE_BUCKET_ACCESS_KEY }} | |
RELEASE_BUCKET_SECRET_KEY: ${{ secrets.RELEASE_BUCKET_SECRET_KEY }} | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
with: | |
max_attempts: 3 | |
timeout_minutes: 30 | |
retry_wait_seconds: 30 | |
command: | | |
cd ${{ matrix.app }} | |
npm run publish -- --arch=x64 | |
windows-amd64: | |
strategy: | |
fail-fast: false | |
matrix: | |
app: [hostd, renterd, walletd] | |
runs-on: windows-latest | |
defaults: | |
run: | |
working-directory: ${{ matrix.app }} | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Setup | |
uses: ./.github/actions/daemon-setup | |
with: | |
daemon: ${{ matrix.app }} | |
node_version: 20.10.0 | |
- name: Setup signing | |
run: dotnet tool install --global AzureSignTool | |
- name: Build | |
uses: nick-fields/retry@v3 | |
with: | |
max_attempts: 3 | |
timeout_minutes: 30 | |
retry_wait_seconds: 30 | |
command: | | |
cd ${{ matrix.app }} | |
npm run build | |
- name: Download daemon binary | |
run: npm run download:binary -- --goos=windows --goarch=amd64 | |
shell: bash | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
- name: Package executable bundles, sign and notarize, make and publish distributables | |
uses: nick-fields/retry@v3 | |
env: | |
RELEASE_BUCKET_ACCESS_KEY: ${{ secrets.RELEASE_BUCKET_ACCESS_KEY }} | |
RELEASE_BUCKET_SECRET_KEY: ${{ secrets.RELEASE_BUCKET_SECRET_KEY }} | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
AZURE_KEY_VAULT_URI: ${{ secrets.AZURE_KEY_VAULT_URI }} | |
AZURE_CLIENT_ID: ${{ secrets.AZURE_CLIENT_ID }} | |
AZURE_TENANT_ID: ${{ secrets.AZURE_TENANT_ID }} | |
AZURE_CLIENT_SECRET: ${{ secrets.AZURE_CLIENT_SECRET }} | |
AZURE_CERT_NAME: ${{ secrets.AZURE_CERT_NAME }} | |
with: | |
max_attempts: 3 | |
timeout_minutes: 30 | |
retry_wait_seconds: 30 | |
command: | | |
cd ${{ matrix.app }} | |
npm run publish -- --arch=x64 |