Skip to content

ci: update phcode version to 3.9.2 #35

ci: update phcode version to 3.9.2

ci: update phcode version to 3.9.2 #35

name: 'generate production draft GitHub release'
on:
push:
branches: [ prod ]
jobs:
create-release:
permissions:
contents: write
runs-on: ubuntu-latest
outputs:
release_id: ${{ steps.create-release.outputs.result }}
steps:
- uses: actions/checkout@v4
- name: setup node
uses: actions/setup-node@v4
with:
node-version: 20
- name: get version
run: |
echo "PACKAGE_VERSION=$(node -p "require('./package.json').version")" >> $GITHUB_ENV
echo "GIT_TAG_NAME=prod-app-v$(node -p "require('./package.json').version")" >> $GITHUB_ENV
- name: create release
id: create-release
uses: actions/github-script@v7
with:
script: |
const { data } = await github.rest.repos.createRelease({
owner: context.repo.owner,
repo: context.repo.repo,
tag_name: `${process.env.GIT_TAG_NAME}`,
target_commitish: 'prod',
name: `Phoenix Code Stable Release v${process.env.PACKAGE_VERSION}`,
body: `**Phoenix Code Release Notes**\n\nPlease include detailed release notes here, highlighting new features, bug fixes, and improvements. Ensure to make these notes informative and clear for end-users.\n\n**For Maintainers:**\nTo distribute these release notes through the desktop application:\n1. Wait for a pull request with the updated release notes.\n3. Once the pull request is merged, merge to the update-notifications branch and the release notes will be automatically shown in the desktop builds.`,
draft: true,
prerelease: false
})
return data.id
build-mac-m1-node-modules:
permissions:
contents: write
timeout-minutes: 15
runs-on: macos-14
steps:
- uses: actions/checkout@v4
- name: macos hardware info
run: system_profiler SPSoftwareDataType SPHardwareDataType
- name: setup node
uses: actions/setup-node@v4
with:
node-version: 20
- name: install frontend dependencies
env:
GH_TOKEN: ${{ github.token }}
run: |
npm ci
npm run _ci-cloneAndBuildPhoenix
npm run _ci_make_src-node
cd src-tauri
mv src-node src-node-darwin-arm64
tar -czvf src-node-darwin-arm64.tar.gz src-node-darwin-arm64
mv src-node-darwin-arm64 src-node
cd ..
- name: Upload src-node.tar.gz with installed mac bins
uses: actions/upload-artifact@v4
with:
name: src-node-darwin-arm64.tar.gz
path: src-tauri/src-node-darwin-arm64.tar.gz
build-tauri:
needs: [create-release, build-mac-m1-node-modules]
permissions:
contents: write
timeout-minutes: 60
strategy:
fail-fast: false
matrix:
platform: [ macos-12, windows-latest ]
runs-on: ${{ matrix.platform }}
steps:
- uses: actions/checkout@v4
- name: get Git Tag
shell: bash
run: echo "GIT_TAG_NAME=prod-app-v$(node -p "require('./package.json').version")" >> $GITHUB_ENV
- name: setup node
uses: actions/setup-node@v4
with:
node-version: 20
- name: Download src-node built on mac arm (Mac only)
if: matrix.platform == 'macos-12'
uses: actions/download-artifact@v4
with:
name: src-node-darwin-arm64.tar.gz
path: /tmp/src-node-darwin-arm64.tar.gz
- name: install Rust stable
uses: dtolnay/rust-toolchain@stable
- name: install frontend dependencies
env:
GH_TOKEN: ${{ github.token }}
run: |
npm ci
npm run _ci-release:prod
- name: setup src-node built on mac arm (Mac only)
if: matrix.platform == 'macos-12'
run: |
ls /tmp/src-node-darwin-arm64.tar.gz
rm -rf src-node
tar -xzvf /tmp/src-node-darwin-arm64.tar.gz/src-node-darwin-arm64.tar.gz
ls src-node-darwin-arm64
mv src-node-darwin-arm64 src-node
- name: install AzureSignTool (windows only)
if: matrix.platform == 'windows-latest'
run: |
dotnet tool install --global AzureSignTool
- name: import certificate for signing (windows only)
if: matrix.platform == 'windows-latest'
run: |
echo "${{ secrets.AZURE_EV_CERT }}" > secret.cer
Import-Certificate -FilePath .\secret.cer -CertStoreLocation Cert:\LocalMachine\My
shell: powershell
- name: patch signTool (windows only)
if: matrix.platform == 'windows-latest'
run: Start-Process -FilePath .\src-build\win\copy_sign_tool.exe -Verb RunAs
shell: powershell
- name: setup env for signing (windows only)
if: matrix.platform == 'windows-latest'
env:
TAURI_PRIVATE_KEY: ${{ secrets.TAURI_PRIVATE_KEY }}
TAURI_KEY_PASSWORD: ${{ secrets.TAURI_KEY_PASSWORD }}
AZURE_KEY_VAULT_URI: ${{ secrets.AZURE_KEY_VAULT_URI }}
AZURE_CLIENT_ID: ${{ secrets.AZURE_CLIENT_ID }}
AZURE_TENANT_ID: ${{ secrets.AZURE_TENANT_ID }}
AZURE_CLIENT_SECRET: ${{ secrets.AZURE_CLIENT_SECRET }}
AZURE_CERT_NAME: ${{ secrets.AZURE_CERT_NAME }}
AZURE_COMPANY_NAME: ${{ secrets.AZURE_COMPANY_NAME }}
run: |
$jsonContent = @{
"AZURE_KEY_VAULT_URI" = $env:AZURE_KEY_VAULT_URI
"AZURE_CLIENT_ID" = $env:AZURE_CLIENT_ID
"AZURE_TENANT_ID" = $env:AZURE_TENANT_ID
"AZURE_CLIENT_SECRET" = $env:AZURE_CLIENT_SECRET
"AZURE_CERT_NAME" = $env:AZURE_CERT_NAME
"AZURE_COMPANY_NAME" = $env:AZURE_COMPANY_NAME
}
$jsonContent | ConvertTo-Json | Out-File -FilePath ./secrets.json -Encoding utf8
# Load content from the file
$content = Get-Content -Path "./secrets.json" -Raw
# Replace \r\n with \n
$content = $content -replace "`r`n", "`n"
# Write the content back to the file
Set-Content -Path "./secrets.json" -Value $content
shell: powershell
- name: Sign embedded executables for (Mac Only)
if: matrix.platform == 'macos-12'
env :
APPLE_KEY_IDENTITY_NAME: ${{ secrets.APPLE_KEY_IDENTITY_NAME }}
APPLE_CERTIFICATE: ${{ secrets.APPLE_CERTIFICATE }}
APPLE_CERTIFICATE_PASSWORD: ${{ secrets.APPLE_CERTIFICATE_PASSWORD }}
run: |
echo "Listing all files in src-tauri/src-node"
echo "======================================="
find src-tauri/src-node -type f
echo "======================================="
echo "Listing all files in src-node/"
echo "======================================="
find src-node/ -type f
certificate_encoded="$APPLE_CERTIFICATE"
certificate_password="$APPLE_CERTIFICATE_PASSWORD"
echo "Setting up keychain from environment variables..."
# Creating a temporary directory
tmp_dir=$(mktemp -d)
cert_path="$tmp_dir/cert.p12"
# Decode the encoded certificate and write it to the cert_path
echo "$certificate_encoded" | base64 --decode > "$cert_path"
# Generate a random password for the keychain
KEYCHAIN_PASSWORD=$(openssl rand -base64 16)
# Create a new keychain with the random password
security create-keychain -p "$KEYCHAIN_PASSWORD" build.keychain
security default-keychain -s build.keychain
security unlock-keychain -p "$KEYCHAIN_PASSWORD" build.keychain
security import "$cert_path" -k build.keychain -P "$certificate_password" -T /usr/bin/codesign
security set-key-partition-list -S apple-tool:,apple: -s -k "$KEYCHAIN_PASSWORD" build.keychain
# Sign the files specified in src-build/mac/filesToSign
while IFS= read -r file; do
if [ -f "$file" ]; then
codesign --sign "$APPLE_KEY_IDENTITY_NAME" --keychain build.keychain --timestamp --options runtime "$file"
else
echo "File to sign not found, ignoring: $file"
fi
done < src-build/mac/filesToSign
# Clean up
security delete-keychain build.keychain
rm -rf "$tmp_dir" # removes the temporary directory and the certificate file within it
shell: bash
- uses: tauri-apps/tauri-action@v0
env:
GITHUB_TOKEN: ${{ github.token }}
TAURI_PRIVATE_KEY: ${{ secrets.TAURI_PRIVATE_KEY }}
TAURI_KEY_PASSWORD: ${{ secrets.TAURI_KEY_PASSWORD }}
ENABLE_CODE_SIGNING: ${{ secrets.APPLE_CERTIFICATE }}
APPLE_CERTIFICATE: ${{ secrets.APPLE_CERTIFICATE }}
APPLE_CERTIFICATE_PASSWORD: ${{ secrets.APPLE_CERTIFICATE_PASSWORD }}
APPLE_SIGNING_IDENTITY: ${{ secrets.APPLE_SIGNING_IDENTITY }}
APPLE_ID: ${{ secrets.APPLE_ID }}
APPLE_PASSWORD: ${{ secrets.APPLE_PASSWORD }}
APPLE_TEAM_ID: ${{ secrets.APPLE_TEAM_ID }}
with:
releaseId: ${{ needs.create-release.outputs.release_id }}
updaterJsonPreferNsis: true
tagName: ${{ env.GIT_TAG_NAME }}
- name: inject src-node built on mac arm (Mac only)
if: matrix.platform == 'macos-12'
run: |
ls src-node
rm -rf src-tauri/src-node
mv src-node src-tauri/src-node
ls src-tauri/src-node
- name: setup env for mac arm (Mac only)
env:
GH_TOKEN: ${{ github.token }}
if: matrix.platform == 'macos-12'
run: |
rustup target add aarch64-apple-darwin
npm run installNodeArmDarwin
- name: build for mac arm (Mac only)
if: matrix.platform == 'macos-12'
uses: tauri-apps/tauri-action@v0
env:
GITHUB_TOKEN: ${{ github.token }}
TAURI_PRIVATE_KEY: ${{ secrets.TAURI_PRIVATE_KEY }}
TAURI_KEY_PASSWORD: ${{ secrets.TAURI_KEY_PASSWORD }}
ENABLE_CODE_SIGNING: ${{ secrets.APPLE_CERTIFICATE }}
APPLE_CERTIFICATE: ${{ secrets.APPLE_CERTIFICATE }}
APPLE_CERTIFICATE_PASSWORD: ${{ secrets.APPLE_CERTIFICATE_PASSWORD }}
APPLE_SIGNING_IDENTITY: ${{ secrets.APPLE_SIGNING_IDENTITY }}
APPLE_ID: ${{ secrets.APPLE_ID }}
APPLE_PASSWORD: ${{ secrets.APPLE_PASSWORD }}
APPLE_TEAM_ID: ${{ secrets.APPLE_TEAM_ID }}
with:
releaseId: ${{ needs.create-release.outputs.release_id }}
args: --target aarch64-apple-darwin
tagName: ${{ env.GIT_TAG_NAME }}
build-linux-bins:
needs: [ create-release ]
permissions:
contents: write
timeout-minutes: 60
strategy:
fail-fast: false
matrix:
platform: [ ubuntu-20.04, ubuntu-22.04]
runs-on: ${{ matrix.platform }}
steps:
- uses: actions/checkout@v4
- name: get Git Tag
run: echo "GIT_TAG_NAME=prod-app-v$(node -p "require('./package.json').version")" >> $GITHUB_ENV
- name: setup node
uses: actions/setup-node@v4
with:
node-version: 20
- name: GLIBC version
run: |
ldd --version
- name: install Rust stable
uses: dtolnay/rust-toolchain@stable
- name: install dependencies (ubuntu only)
run: |
sudo apt-get update
sudo apt-get install -y libgtk-3-dev libwebkit2gtk-4.0-dev libayatana-appindicator3-dev librsvg2-dev
sudo apt-get install -y libwebrtc-audio-processing-dev
sudo apt-get install -y libunwind-dev
sudo apt-get install -y libgstreamer1.0-dev libgstreamer-plugins-base1.0-dev libgstreamer-plugins-bad1.0-dev gstreamer1.0-plugins-base gstreamer1.0-plugins-good gstreamer1.0-plugins-bad gstreamer1.0-plugins-ugly gstreamer1.0-libav gstreamer1.0-tools gstreamer1.0-x gstreamer1.0-alsa gstreamer1.0-gl gstreamer1.0-gtk3 gstreamer1.0-qt5 gstreamer1.0-pulseaudio
- name: install frontend dependencies
env:
GH_TOKEN: ${{ github.token }}
run: |
npm ci
npm run _ci-release:prod
npm run _ci-disableBundleConfig
npm run tauri build
ls -alh ./src-tauri/target/release
mkdir ./src-tauri/target/release/binDist
cp ./src-tauri/target/release/phoenix-code ./src-tauri/target/release/binDist
cp ./src-build/linux/install-readme.txt ./src-tauri/target/release/binDist/readme.txt
cp ./src-tauri/target/release/phnode ./src-tauri/target/release/binDist
cp -r ./src-tauri/target/release/src-node ./src-tauri/target/release/binDist
ls -alh ./src-tauri/target/release/binDist
mv ./src-tauri/target/release/phoenix-code ./src-tauri/target/release/phoenix-code-backup
mv ./src-tauri/target/release/binDist ./src-tauri/target/release/phoenix-code
tar -cvzf phoenix-code.tar.gz -C ./src-tauri/target/release phoenix-code
ls -alh phoenix-code.tar.gz
GLIBC_VER=$(ldd --version | head -n1 | awk '{print $NF}')
OUTPUT_FILENAME="phoenix-code_$(node -p "require('./package.json').version")_amd64_linux_bin-GLIBC-${GLIBC_VER}.tar.gz"
mv phoenix-code.tar.gz "$OUTPUT_FILENAME"
echo "OUTPUT_FILENAME=$OUTPUT_FILENAME" >> $GITHUB_ENV
ls
- name: Upload Release Asset
uses: softprops/action-gh-release@v2
with:
files: ${{ env.OUTPUT_FILENAME }}
tag_name: ${{ env.GIT_TAG_NAME }}
draft: true
env:
GITHUB_TOKEN: ${{ github.token }}
publish-release:
permissions:
contents: write
runs-on: ubuntu-22.04
needs: [ create-release, build-tauri, build-linux-bins ]
steps:
- uses: actions/checkout@v4
- name: get Git Tag
run: echo "GIT_TAG_NAME=prod-app-v$(node -p "require('./package.json').version")" >> $GITHUB_ENV
- name: publish release
id: publish-release
uses: actions/github-script@v7
env:
release_id: ${{ needs.create-release.outputs.release_id }}
with:
script: |
github.rest.repos.updateRelease({
owner: context.repo.owner,
repo: context.repo.repo,
tag_name: `${process.env.GIT_TAG_NAME}`,
target_commitish: 'prod',
release_id: process.env.release_id,
draft: true,
prerelease: false
})