Skip to content

ci: update phcode version to 3.2.15 #2

ci: update phcode version to 3.2.15

ci: update phcode version to 3.2.15 #2

name: 'generate pre-release/staging draft GitHub release'
on:
push:
branches: [ staging ]
jobs:
create-release:
permissions:
contents: write
runs-on: ubuntu-latest
outputs:
release_id: ${{ steps.create-release.outputs.result }}
steps:
- uses: actions/checkout@v4
- name: setup node
uses: actions/setup-node@v4
with:
node-version: 20
- name: get version
run: |
echo "PACKAGE_VERSION=$(node -p "require('./package.json').version")" >> $GITHUB_ENV
echo "GIT_TAG_NAME=staging-app-v$(node -p "require('./package.json').version")" >> $GITHUB_ENV
- name: create release
id: create-release
uses: actions/github-script@v7
with:
script: |
const { data } = await github.rest.repos.createRelease({
owner: context.repo.owner,
repo: context.repo.repo,
tag_name: `${process.env.GIT_TAG_NAME}`,
target_commitish: 'staging',
name: `Phoenix Code Pre-release v${process.env.PACKAGE_VERSION}`,
body: 'Take a look at the assets to download and install Phoenix Code For your platform.\n\n>UpdateNotification: <replace this text to show a 1 line **Release Notes** to the user in the notification dialogue ![image](https://github.com/abose/phoenix-desktop/assets/5336369/c747898a-29ef-43c7-b74e-dddd5104a56c). Wait for a new pull request in the repo.>',
draft: true,
prerelease: true
})
return data.id
build-tauri:
needs: create-release
permissions:
contents: write
strategy:
fail-fast: false
matrix:
platform: [ macos-latest, ubuntu-latest, windows-latest ]
runs-on: ${{ matrix.platform }}
steps:
- uses: actions/checkout@v4
- name: get Git Tag
shell: bash
run: echo "GIT_TAG_NAME=staging-app-v$(node -p "require('./package.json').version")" >> $GITHUB_ENV
- name: setup node
uses: actions/setup-node@v4
with:
node-version: 20
- name: install Rust stable
uses: dtolnay/rust-toolchain@stable
- name: install dependencies (ubuntu only)
if: matrix.platform == 'ubuntu-latest'
run: |
sudo apt-get update
sudo apt-get install -y libgtk-3-dev libwebkit2gtk-4.0-dev libayatana-appindicator3-dev librsvg2-dev
sudo apt-get install -y libwebrtc-audio-processing-dev
sudo apt-get install -y libunwind-dev
sudo apt-get install -y libgstreamer1.0-dev libgstreamer-plugins-base1.0-dev libgstreamer-plugins-bad1.0-dev gstreamer1.0-plugins-base gstreamer1.0-plugins-good gstreamer1.0-plugins-bad gstreamer1.0-plugins-ugly gstreamer1.0-libav gstreamer1.0-tools gstreamer1.0-x gstreamer1.0-alsa gstreamer1.0-gl gstreamer1.0-gtk3 gstreamer1.0-qt5 gstreamer1.0-pulseaudio
- name: install frontend dependencies
run: |
npm ci
npm run _ci-release:staging
- name: install AzureSignTool (windows only)
if: matrix.platform == 'windows-latest'
run: |
dotnet tool install --global AzureSignTool
- name: import certificate for signing (windows only)
if: matrix.platform == 'windows-latest'
run: |
echo "${{ secrets.AZURE_EV_CERT }}" > secret.cer
Import-Certificate -FilePath .\secret.cer -CertStoreLocation Cert:\LocalMachine\My
shell: powershell
- name: patch signTool (windows only)
if: matrix.platform == 'windows-latest'
run: Start-Process -FilePath .\src-build\win\copy_sign_tool.exe -Verb RunAs
shell: powershell
- name: setup env for signing (windows only)
if: matrix.platform == 'windows-latest'
env:
TAURI_PRIVATE_KEY: ${{ secrets.TAURI_PRIVATE_KEY }}
TAURI_KEY_PASSWORD: ${{ secrets.TAURI_KEY_PASSWORD }}
AZURE_KEY_VAULT_URI: ${{ secrets.AZURE_KEY_VAULT_URI }}
AZURE_CLIENT_ID: ${{ secrets.AZURE_CLIENT_ID }}
AZURE_TENANT_ID: ${{ secrets.AZURE_TENANT_ID }}
AZURE_CLIENT_SECRET: ${{ secrets.AZURE_CLIENT_SECRET }}
AZURE_CERT_NAME: ${{ secrets.AZURE_CERT_NAME }}
AZURE_COMPANY_NAME: ${{ secrets.AZURE_COMPANY_NAME }}
run: |
$jsonContent = @{
"AZURE_KEY_VAULT_URI" = $env:AZURE_KEY_VAULT_URI
"AZURE_CLIENT_ID" = $env:AZURE_CLIENT_ID
"AZURE_TENANT_ID" = $env:AZURE_TENANT_ID
"AZURE_CLIENT_SECRET" = $env:AZURE_CLIENT_SECRET
"AZURE_CERT_NAME" = $env:AZURE_CERT_NAME
"AZURE_COMPANY_NAME" = $env:AZURE_COMPANY_NAME
}
$jsonContent | ConvertTo-Json | Out-File -FilePath ./secrets.json -Encoding utf8
# Load content from the file
$content = Get-Content -Path "./secrets.json" -Raw
# Replace \r\n with \n
$content = $content -replace "`r`n", "`n"
# Write the content back to the file
Set-Content -Path "./secrets.json" -Value $content
shell: powershell
- name: Sign embedded executables for (Mac Only)
if: matrix.platform == 'macos-latest'
env :
APPLE_KEY_IDENTITY_NAME: ${{ secrets.APPLE_KEY_IDENTITY_NAME }}
APPLE_CERTIFICATE: ${{ secrets.APPLE_CERTIFICATE }}
APPLE_CERTIFICATE_PASSWORD: ${{ secrets.APPLE_CERTIFICATE_PASSWORD }}
run: |
certificate_encoded="$APPLE_CERTIFICATE"
certificate_password="$APPLE_CERTIFICATE_PASSWORD"
echo "Setting up keychain from environment variables..."
# Creating a temporary directory
tmp_dir=$(mktemp -d)
cert_path="$tmp_dir/cert.p12"
# Decode the encoded certificate and write it to the cert_path
echo "$certificate_encoded" | base64 --decode > "$cert_path"
# Generate a random password for the keychain
KEYCHAIN_PASSWORD=$(openssl rand -base64 16)
# Create a new keychain with the random password
security create-keychain -p "$KEYCHAIN_PASSWORD" build.keychain
security default-keychain -s build.keychain
security unlock-keychain -p "$KEYCHAIN_PASSWORD" build.keychain
security import "$cert_path" -k build.keychain -P "$certificate_password" -T /usr/bin/codesign
security set-key-partition-list -S apple-tool:,apple: -s -k "$KEYCHAIN_PASSWORD" build.keychain
# Sign the files specified in src-build/mac/filesToSign
while IFS= read -r file; do
codesign --sign "$APPLE_KEY_IDENTITY_NAME" --keychain build.keychain --timestamp --options runtime "$file"
done < src-build/mac/filesToSign
# Clean up
security delete-keychain build.keychain
rm -rf "$tmp_dir" # removes the temporary directory and the certificate file within it
shell: bash
- uses: tauri-apps/tauri-action@v0
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
TAURI_PRIVATE_KEY: ${{ secrets.TAURI_PRIVATE_KEY }}
TAURI_KEY_PASSWORD: ${{ secrets.TAURI_KEY_PASSWORD }}
ENABLE_CODE_SIGNING: ${{ secrets.APPLE_CERTIFICATE }}
APPLE_CERTIFICATE: ${{ secrets.APPLE_CERTIFICATE }}
APPLE_CERTIFICATE_PASSWORD: ${{ secrets.APPLE_CERTIFICATE_PASSWORD }}
APPLE_SIGNING_IDENTITY: ${{ secrets.APPLE_SIGNING_IDENTITY }}
APPLE_ID: ${{ secrets.APPLE_ID }}
APPLE_PASSWORD: ${{ secrets.APPLE_PASSWORD }}
APPLE_TEAM_ID: ${{ secrets.APPLE_TEAM_ID }}
with:
releaseId: ${{ needs.create-release.outputs.release_id }}
updaterJsonPreferNsis: true
tagName: ${{ env.GIT_TAG_NAME }}
- name: setup env for mac arm (Mac only)
if: matrix.platform == 'macos-latest'
run: |
rustup target add aarch64-apple-darwin
npm run installNodeArmDarwin
- name: build for mac arm (Mac only)
if: matrix.platform == 'macos-latest'
uses: tauri-apps/tauri-action@v0
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
TAURI_PRIVATE_KEY: ${{ secrets.TAURI_PRIVATE_KEY }}
TAURI_KEY_PASSWORD: ${{ secrets.TAURI_KEY_PASSWORD }}
ENABLE_CODE_SIGNING: ${{ secrets.APPLE_CERTIFICATE }}
APPLE_CERTIFICATE: ${{ secrets.APPLE_CERTIFICATE }}
APPLE_CERTIFICATE_PASSWORD: ${{ secrets.APPLE_CERTIFICATE_PASSWORD }}
APPLE_SIGNING_IDENTITY: ${{ secrets.APPLE_SIGNING_IDENTITY }}
APPLE_ID: ${{ secrets.APPLE_ID }}
APPLE_PASSWORD: ${{ secrets.APPLE_PASSWORD }}
APPLE_TEAM_ID: ${{ secrets.APPLE_TEAM_ID }}
with:
releaseId: ${{ needs.create-release.outputs.release_id }}
args: --target aarch64-apple-darwin
tagName: ${{ env.GIT_TAG_NAME }}
publish-release:
permissions:
contents: write
runs-on: ubuntu-latest
needs: [ create-release, build-tauri ]
steps:
- uses: actions/checkout@v4
- name: get Git Tag
run: echo "GIT_TAG_NAME=staging-app-v$(node -p "require('./package.json').version")" >> $GITHUB_ENV
- name: publish release
id: publish-release
uses: actions/github-script@v7
env:
release_id: ${{ needs.create-release.outputs.release_id }}
with:
script: |
github.rest.repos.updateRelease({
owner: context.repo.owner,
repo: context.repo.repo,
tag_name: `${process.env.GIT_TAG_NAME}`,
target_commitish: 'staging',
release_id: process.env.release_id,
draft: true,
prerelease: true
})