Build & Release #268
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Build & Release | |
on: | |
push: | |
tags: | |
- '**' | |
branches: | |
- refactor/refactor-base #remove this once rebuild is merged | |
pull_request: | |
branches: | |
- '**' | |
concurrency: | |
# SHA is added to the end if on `main` to let all main workflows run | |
group: ${{ github.ref }}-${{ github.workflow }}-${{ github.event_name }}-${{ github.ref == 'refs/heads/main' && github.sha || '' }} | |
cancel-in-progress: true | |
permissions: | |
id-token: write | |
contents: write | |
env: | |
APP_NAME: climate-explorer-ui | |
jobs: | |
build_mac: | |
name: Build Mac Installer | |
runs-on: macos-latest | |
steps: | |
- uses: Chia-Network/actions/clean-workspace@main | |
- name: Checkout Code | |
uses: actions/checkout@v4 | |
- name: Setup Node 20 | |
uses: actions/setup-node@v4 | |
with: | |
node-version: '20.10' | |
- name: Install Husky | |
run: npm install --save-dev husky | |
- name: install dmg-license | |
run: npm i dmg-license | |
- name: npm install | |
run: | | |
npm install | |
- name: Test for secrets access | |
id: check_secrets | |
shell: bash | |
run: | | |
unset HAS_SIGNING_SECRET | |
if [ -n "$SIGNING_SECRET" ]; then HAS_SIGNING_SECRET='true' ; fi | |
echo "HAS_SIGNING_SECRET=${HAS_SIGNING_SECRET}" >> "$GITHUB_OUTPUT" | |
env: | |
SIGNING_SECRET: "${{ secrets.SM_CLIENT_CERT_FILE_B64 }}" | |
- name: Import Apple installer signing certificate | |
if: steps.check_secrets.outputs.HAS_SIGNING_SECRET | |
uses: Apple-Actions/import-codesign-certs@v3 | |
with: | |
p12-file-base64: ${{ secrets.APPLE_DEV_ID_APP }} | |
p12-password: ${{ secrets.APPLE_DEV_ID_APP_PASS }} | |
- name: Build electron app | |
env: | |
CSC_FOR_PULL_REQUEST: "true" | |
run: npm run electron:package:mac | |
- name: Notarize | |
if: steps.check_secrets.outputs.HAS_SIGNING_SECRET | |
run: | | |
DMG_FILE=$(find ${{ github.workspace }}/dist/ -type f -name '*.dmg') | |
xcrun notarytool submit \ | |
--wait \ | |
--apple-id "${{ secrets.APPLE_NOTARIZE_USERNAME }}" \ | |
--password "${{ secrets.APPLE_NOTARIZE_PASSWORD }}" \ | |
--team-id "${{ secrets.APPLE_TEAM_ID }}" \ | |
"$DMG_FILE" | |
- name: Upload Mac Installer | |
uses: actions/upload-artifact@v3 | |
with: | |
name: ${{ env.APP_NAME }}-mac-installer | |
path: ${{ github.workspace }}/dist/*.dmg | |
build_windows: | |
name: Build Windows Installer | |
runs-on: windows-2019 | |
steps: | |
- name: Checkout Code | |
uses: actions/checkout@v4 | |
- name: Setup Node 20.10 | |
uses: actions/setup-node@v4 | |
with: | |
node-version: '20.10' | |
- name: Install Husky | |
run: npm install --save-dev husky | |
- name: Ignore Husky where not compatible | |
run: npm pkg delete scripts.prepare | |
- name: npm install | |
run: | | |
node --version | |
npm install | |
- name: Build electron app | |
run: npm run electron:package:win | |
- name: Test for secrets access | |
id: check_secrets | |
shell: bash | |
run: | | |
unset HAS_SIGNING_SECRET | |
if [ -n "$SIGNING_SECRET" ]; then HAS_SIGNING_SECRET='true' ; fi | |
echo "HAS_SIGNING_SECRET=${HAS_SIGNING_SECRET}" >> "$GITHUB_OUTPUT" | |
env: | |
SIGNING_SECRET: "${{ secrets.SM_CLIENT_CERT_FILE_B64 }}" | |
# Windows Code Signing | |
- name: Get installer name for signing | |
shell: bash | |
run: | | |
FILE=$(find dist -type f -maxdepth 1 -name '*.exe') | |
echo "Installer file is $FILE" | |
echo "INSTALLER_FILE=$FILE" >> "$GITHUB_ENV" | |
- name: Sign windows artifacts | |
if: steps.check_secrets.outputs.HAS_SIGNING_SECRET | |
uses: chia-network/actions/digicert/windows-sign@main | |
with: | |
sm_api_key: ${{ secrets.SM_API_KEY }} | |
sm_client_cert_file_b64: ${{ secrets.SM_CLIENT_CERT_FILE_B64 }} | |
sm_client_cert_password: ${{ secrets.SM_CLIENT_CERT_PASSWORD }} | |
sm_code_signing_cert_sha1_hash: ${{ secrets.SM_CODE_SIGNING_CERT_SHA1_HASH }} | |
file: "${{ github.workspace }}/${{ env.INSTALLER_FILE }}" | |
- name: Upload Windows Installer | |
uses: actions/upload-artifact@v3 | |
with: | |
name: ${{ env.APP_NAME }}-windows-installer | |
path: "${{ github.workspace }}/${{ env.INSTALLER_FILE }}" | |
build_linux: | |
name: Build Linux Installer | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout Code | |
uses: actions/checkout@v4 | |
- name: Setup Node 20.10 | |
uses: actions/setup-node@v4 | |
with: | |
node-version: '20.10' | |
- name: Install Husky | |
run: npm install --save-dev husky | |
- name: npm install | |
run: | | |
node --version | |
npm install | |
- name: Build electron app | |
run: npm run electron:package:linux | |
- name: Rename Linux installer to be standard format for apt | |
run: | | |
ORIGINAL=$(ls dist/*.deb) | |
MODIFIED=${ORIGINAL:0:-10}-1${ORIGINAL#${ORIGINAL:0:-10}} | |
mv $ORIGINAL $MODIFIED | |
- name: Upload Linux Installer | |
uses: actions/upload-artifact@v3 | |
with: | |
name: ${{ env.APP_NAME }}-linux-installer | |
path: ${{ github.workspace }}/dist/*.deb | |
build_web: | |
name: Build Web App | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout Code | |
uses: actions/checkout@v4 | |
- name: Setup Node 20.10 | |
uses: actions/setup-node@v4 | |
with: | |
node-version: '20.10' | |
- name: Install Husky | |
run: npm install --save-dev husky | |
- name: npm install and build | |
run: | | |
node --version | |
npm install | |
npm run build | |
- name: Create .tar.gz of the web build | |
run: tar -cvzf ${{ env.APP_NAME }}-web-build.tar.gz build | |
- name: Upload build artifact | |
uses: actions/upload-artifact@v3 | |
with: | |
name: ${{ env.APP_NAME }}-web-build | |
path: ${{ env.APP_NAME }}-web-build.tar.gz | |
release: | |
runs-on: ubuntu-latest | |
if: startsWith(github.ref, 'refs/tags/') | |
needs: | |
- build_mac | |
- build_windows | |
- build_linux | |
- build_web | |
steps: | |
- name: Download Windows artifacts | |
uses: actions/download-artifact@v4 | |
with: | |
name: ${{ env.APP_NAME }}-windows-installer | |
path: ${{ env.APP_NAME }}-windows-installer | |
- name: Download MacOS artifacts | |
uses: actions/download-artifact@v4 | |
with: | |
name: ${{ env.APP_NAME }}-mac-installer | |
path: ${{ env.APP_NAME }}-mac-installer | |
- name: Download Linux artifacts | |
uses: actions/download-artifact@v4 | |
with: | |
name: ${{ env.APP_NAME }}-linux-installer | |
path: ${{ env.APP_NAME }}-linux-installer | |
- name: Download Web artifact | |
uses: actions/download-artifact@v4 | |
with: | |
name: ${{ env.APP_NAME }}-web-build | |
path: ${{ env.APP_NAME }}-web-build | |
- name: Get Filenames | |
run: | | |
DMG_FILE=$(find ${{ github.workspace }}/${{ env.APP_NAME }}-mac-installer/ -type f -name '*.dmg') | |
DEB_FILE=$(find ${{ github.workspace }}/${{ env.APP_NAME }}-linux-installer/ -type f -name '*.deb') | |
EXE_FILE=$(find ${{ github.workspace }}/${{ env.APP_NAME }}-windows-installer/ -type f -name '*.exe') | |
WEB_FILE=$(find ${{ github.workspace }}/${{ env.APP_NAME }}-web-build/ -type f -name '*.tar.gz') | |
echo "DMG_FILE=$DMG_FILE" >>$GITHUB_ENV | |
echo "DEB_FILE=$DEB_FILE" >>$GITHUB_ENV | |
echo "EXE_FILE=$EXE_FILE" >>$GITHUB_ENV | |
echo "WEB_FILE=$WEB_FILE" >>$GITHUB_ENV | |
- name: Release | |
uses: softprops/[email protected] | |
with: | |
files: | | |
${{ env.DMG_FILE }} | |
${{ env.DEB_FILE }} | |
${{ env.EXE_FILE }} | |
${{ env.WEB_FILE }} | |
- name: Get repo name | |
id: repo-name | |
run: | | |
echo "REPO_NAME=$(echo "$GITHUB_REPOSITORY" | cut -d "/" -f 2)" >>$GITHUB_OUTPUT | |
- name: Get tag name | |
id: tag-name | |
run: | | |
echo "TAGNAME=$(echo $GITHUB_REF | cut -d / -f 3)" >>$GITHUB_OUTPUT | |
- name: Gets JWT Token from GitHub | |
uses: Chia-Network/actions/github/jwt@main | |
- name: Trigger apt repo update | |
uses: Chia-Network/actions/github/glue@main | |
with: | |
json_data: '{"climate_tokenization_repo":"${{ steps.repo-name.outputs.REPO_NAME }}","application_name":"[\"${{ env.APP_NAME }}\"]","release_version":"${{ steps.tag-name.outputs.TAGNAME }}","add_debian_version":"true","arm64":"available"}' | |
glue_url: ${{ secrets.GLUE_API_URL }} | |
glue_project: "climate-tokenization" | |
glue_path: "trigger" |