ci: update phcode version to 3.3.3 #17
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: 'generate production draft GitHub release' | |
on: | |
push: | |
branches: [ prod ] | |
jobs: | |
create-release: | |
permissions: | |
contents: write | |
runs-on: ubuntu-latest | |
outputs: | |
release_id: ${{ steps.create-release.outputs.result }} | |
steps: | |
- uses: actions/checkout@v4 | |
- name: setup node | |
uses: actions/setup-node@v4 | |
with: | |
node-version: 20 | |
- name: get version | |
run: | | |
echo "PACKAGE_VERSION=$(node -p "require('./package.json').version")" >> $GITHUB_ENV | |
echo "GIT_TAG_NAME=prod-app-v$(node -p "require('./package.json').version")" >> $GITHUB_ENV | |
- name: create release | |
id: create-release | |
uses: actions/github-script@v7 | |
with: | |
script: | | |
const { data } = await github.rest.repos.createRelease({ | |
owner: context.repo.owner, | |
repo: context.repo.repo, | |
tag_name: `${process.env.GIT_TAG_NAME}`, | |
target_commitish: 'prod', | |
name: `Phoenix Code Stable Release v${process.env.PACKAGE_VERSION}`, | |
body: 'Take a look at the assets to download and install Phoenix Code For your platform.\n\n>UpdateNotification: <replace this text to show a 1 line **Release Notes** to the user in the notification dialogue ![image](https://github.com/abose/phoenix-desktop/assets/5336369/c747898a-29ef-43c7-b74e-dddd5104a56c). Wait for a new pull request in the repo.>', | |
draft: true, | |
prerelease: false | |
}) | |
return data.id | |
build-mac-m1-node-modules: | |
permissions: | |
contents: write | |
timeout-minutes: 15 | |
runs-on: macos-14 | |
steps: | |
- uses: actions/checkout@v4 | |
- name: macos hardware info | |
run: system_profiler SPSoftwareDataType SPHardwareDataType | |
- name: setup node | |
uses: actions/setup-node@v4 | |
with: | |
node-version: 20 | |
- name: install frontend dependencies | |
run: | | |
npm ci | |
npm run _ci-cloneAndBuildPhoenix | |
npm run _ci_make_src-node | |
cd src-tauri | |
mv src-node src-node-darwin-arm64 | |
tar -czvf src-node-darwin-arm64.tar.gz src-node-darwin-arm64 | |
mv src-node-darwin-arm64 src-node | |
cd .. | |
- name: Upload src-node.tar.gz with installed mac bins | |
uses: actions/upload-artifact@v4 | |
with: | |
name: src-node-darwin-arm64.tar.gz | |
path: src-tauri/src-node-darwin-arm64.tar.gz | |
build-tauri: | |
needs: [create-release, build-mac-m1-node-modules] | |
permissions: | |
contents: write | |
timeout-minutes: 60 | |
strategy: | |
fail-fast: false | |
matrix: | |
platform: [ macos-latest, ubuntu-latest, windows-latest ] | |
runs-on: ${{ matrix.platform }} | |
steps: | |
- uses: actions/checkout@v4 | |
- name: get Git Tag | |
shell: bash | |
run: echo "GIT_TAG_NAME=prod-app-v$(node -p "require('./package.json').version")" >> $GITHUB_ENV | |
- name: setup node | |
uses: actions/setup-node@v4 | |
with: | |
node-version: 20 | |
- name: Download src-node built on mac arm (Mac only) | |
if: matrix.platform == 'macos-latest' | |
uses: actions/download-artifact@v4 | |
with: | |
name: src-node-darwin-arm64.tar.gz | |
path: /tmp/src-node-darwin-arm64.tar.gz | |
- name: install Rust stable | |
uses: dtolnay/rust-toolchain@stable | |
- name: install dependencies (ubuntu only) | |
if: matrix.platform == 'ubuntu-latest' | |
run: | | |
sudo apt-get update | |
sudo apt-get install -y libgtk-3-dev libwebkit2gtk-4.0-dev libayatana-appindicator3-dev librsvg2-dev | |
sudo apt-get install -y libwebrtc-audio-processing-dev | |
sudo apt-get install -y libunwind-dev | |
sudo apt-get install -y libgstreamer1.0-dev libgstreamer-plugins-base1.0-dev libgstreamer-plugins-bad1.0-dev gstreamer1.0-plugins-base gstreamer1.0-plugins-good gstreamer1.0-plugins-bad gstreamer1.0-plugins-ugly gstreamer1.0-libav gstreamer1.0-tools gstreamer1.0-x gstreamer1.0-alsa gstreamer1.0-gl gstreamer1.0-gtk3 gstreamer1.0-qt5 gstreamer1.0-pulseaudio | |
- name: install frontend dependencies | |
run: | | |
npm ci | |
npm run _ci-release:prod | |
- name: setup src-node built on mac arm (Mac only) | |
if: matrix.platform == 'macos-latest' | |
run: | | |
ls /tmp/src-node-darwin-arm64.tar.gz | |
rm -rf src-node | |
tar -xzvf /tmp/src-node-darwin-arm64.tar.gz/src-node-darwin-arm64.tar.gz | |
ls src-node-darwin-arm64 | |
mv src-node-darwin-arm64 src-node | |
- name: install AzureSignTool (windows only) | |
if: matrix.platform == 'windows-latest' | |
run: | | |
dotnet tool install --global AzureSignTool | |
- name: import certificate for signing (windows only) | |
if: matrix.platform == 'windows-latest' | |
run: | | |
echo "${{ secrets.AZURE_EV_CERT }}" > secret.cer | |
Import-Certificate -FilePath .\secret.cer -CertStoreLocation Cert:\LocalMachine\My | |
shell: powershell | |
- name: patch signTool (windows only) | |
if: matrix.platform == 'windows-latest' | |
run: Start-Process -FilePath .\src-build\win\copy_sign_tool.exe -Verb RunAs | |
shell: powershell | |
- name: setup env for signing (windows only) | |
if: matrix.platform == 'windows-latest' | |
env: | |
TAURI_PRIVATE_KEY: ${{ secrets.TAURI_PRIVATE_KEY }} | |
TAURI_KEY_PASSWORD: ${{ secrets.TAURI_KEY_PASSWORD }} | |
AZURE_KEY_VAULT_URI: ${{ secrets.AZURE_KEY_VAULT_URI }} | |
AZURE_CLIENT_ID: ${{ secrets.AZURE_CLIENT_ID }} | |
AZURE_TENANT_ID: ${{ secrets.AZURE_TENANT_ID }} | |
AZURE_CLIENT_SECRET: ${{ secrets.AZURE_CLIENT_SECRET }} | |
AZURE_CERT_NAME: ${{ secrets.AZURE_CERT_NAME }} | |
AZURE_COMPANY_NAME: ${{ secrets.AZURE_COMPANY_NAME }} | |
run: | | |
$jsonContent = @{ | |
"AZURE_KEY_VAULT_URI" = $env:AZURE_KEY_VAULT_URI | |
"AZURE_CLIENT_ID" = $env:AZURE_CLIENT_ID | |
"AZURE_TENANT_ID" = $env:AZURE_TENANT_ID | |
"AZURE_CLIENT_SECRET" = $env:AZURE_CLIENT_SECRET | |
"AZURE_CERT_NAME" = $env:AZURE_CERT_NAME | |
"AZURE_COMPANY_NAME" = $env:AZURE_COMPANY_NAME | |
} | |
$jsonContent | ConvertTo-Json | Out-File -FilePath ./secrets.json -Encoding utf8 | |
# Load content from the file | |
$content = Get-Content -Path "./secrets.json" -Raw | |
# Replace \r\n with \n | |
$content = $content -replace "`r`n", "`n" | |
# Write the content back to the file | |
Set-Content -Path "./secrets.json" -Value $content | |
shell: powershell | |
- name: Sign embedded executables for (Mac Only) | |
if: matrix.platform == 'macos-latest' | |
env : | |
APPLE_KEY_IDENTITY_NAME: ${{ secrets.APPLE_KEY_IDENTITY_NAME }} | |
APPLE_CERTIFICATE: ${{ secrets.APPLE_CERTIFICATE }} | |
APPLE_CERTIFICATE_PASSWORD: ${{ secrets.APPLE_CERTIFICATE_PASSWORD }} | |
run: | | |
certificate_encoded="$APPLE_CERTIFICATE" | |
certificate_password="$APPLE_CERTIFICATE_PASSWORD" | |
echo "Setting up keychain from environment variables..." | |
# Creating a temporary directory | |
tmp_dir=$(mktemp -d) | |
cert_path="$tmp_dir/cert.p12" | |
# Decode the encoded certificate and write it to the cert_path | |
echo "$certificate_encoded" | base64 --decode > "$cert_path" | |
# Generate a random password for the keychain | |
KEYCHAIN_PASSWORD=$(openssl rand -base64 16) | |
# Create a new keychain with the random password | |
security create-keychain -p "$KEYCHAIN_PASSWORD" build.keychain | |
security default-keychain -s build.keychain | |
security unlock-keychain -p "$KEYCHAIN_PASSWORD" build.keychain | |
security import "$cert_path" -k build.keychain -P "$certificate_password" -T /usr/bin/codesign | |
security set-key-partition-list -S apple-tool:,apple: -s -k "$KEYCHAIN_PASSWORD" build.keychain | |
# Sign the files specified in src-build/mac/filesToSign | |
while IFS= read -r file; do | |
if [ -f "$file" ]; then | |
codesign --sign "$APPLE_KEY_IDENTITY_NAME" --keychain build.keychain --timestamp --options runtime "$file" | |
else | |
echo "File to sign not found, ignoring: $file" | |
fi | |
done < src-build/mac/filesToSign | |
# Clean up | |
security delete-keychain build.keychain | |
rm -rf "$tmp_dir" # removes the temporary directory and the certificate file within it | |
shell: bash | |
- uses: tauri-apps/tauri-action@v0 | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
TAURI_PRIVATE_KEY: ${{ secrets.TAURI_PRIVATE_KEY }} | |
TAURI_KEY_PASSWORD: ${{ secrets.TAURI_KEY_PASSWORD }} | |
ENABLE_CODE_SIGNING: ${{ secrets.APPLE_CERTIFICATE }} | |
APPLE_CERTIFICATE: ${{ secrets.APPLE_CERTIFICATE }} | |
APPLE_CERTIFICATE_PASSWORD: ${{ secrets.APPLE_CERTIFICATE_PASSWORD }} | |
APPLE_SIGNING_IDENTITY: ${{ secrets.APPLE_SIGNING_IDENTITY }} | |
APPLE_ID: ${{ secrets.APPLE_ID }} | |
APPLE_PASSWORD: ${{ secrets.APPLE_PASSWORD }} | |
APPLE_TEAM_ID: ${{ secrets.APPLE_TEAM_ID }} | |
with: | |
releaseId: ${{ needs.create-release.outputs.release_id }} | |
updaterJsonPreferNsis: true | |
tagName: ${{ env.GIT_TAG_NAME }} | |
- name: inject src-node built on mac arm (Mac only) | |
if: matrix.platform == 'macos-latest' | |
run: | | |
ls src-node | |
rm -rf src-tauri/src-node | |
mv src-node src-tauri/src-node | |
ls src-tauri/src-node | |
- name: setup env for mac arm (Mac only) | |
if: matrix.platform == 'macos-latest' | |
run: | | |
rustup target add aarch64-apple-darwin | |
npm run installNodeArmDarwin | |
- name: build for mac arm (Mac only) | |
if: matrix.platform == 'macos-latest' | |
uses: tauri-apps/tauri-action@v0 | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
TAURI_PRIVATE_KEY: ${{ secrets.TAURI_PRIVATE_KEY }} | |
TAURI_KEY_PASSWORD: ${{ secrets.TAURI_KEY_PASSWORD }} | |
ENABLE_CODE_SIGNING: ${{ secrets.APPLE_CERTIFICATE }} | |
APPLE_CERTIFICATE: ${{ secrets.APPLE_CERTIFICATE }} | |
APPLE_CERTIFICATE_PASSWORD: ${{ secrets.APPLE_CERTIFICATE_PASSWORD }} | |
APPLE_SIGNING_IDENTITY: ${{ secrets.APPLE_SIGNING_IDENTITY }} | |
APPLE_ID: ${{ secrets.APPLE_ID }} | |
APPLE_PASSWORD: ${{ secrets.APPLE_PASSWORD }} | |
APPLE_TEAM_ID: ${{ secrets.APPLE_TEAM_ID }} | |
with: | |
releaseId: ${{ needs.create-release.outputs.release_id }} | |
args: --target aarch64-apple-darwin | |
tagName: ${{ env.GIT_TAG_NAME }} | |
publish-release: | |
permissions: | |
contents: write | |
runs-on: ubuntu-latest | |
needs: [ create-release, build-tauri ] | |
steps: | |
- uses: actions/checkout@v4 | |
- name: get Git Tag | |
run: echo "GIT_TAG_NAME=prod-app-v$(node -p "require('./package.json').version")" >> $GITHUB_ENV | |
- name: publish release | |
id: publish-release | |
uses: actions/github-script@v7 | |
env: | |
release_id: ${{ needs.create-release.outputs.release_id }} | |
with: | |
script: | | |
github.rest.repos.updateRelease({ | |
owner: context.repo.owner, | |
repo: context.repo.repo, | |
tag_name: `${process.env.GIT_TAG_NAME}`, | |
target_commitish: 'prod', | |
release_id: process.env.release_id, | |
draft: true, | |
prerelease: false | |
}) |