-
Notifications
You must be signed in to change notification settings - Fork 52
118 lines (104 loc) Β· 4.18 KB
/
release.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
name: Generate and Release bundled CLI
on:
push:
tags:
- 'v*.*.*'
jobs:
build:
strategy:
matrix:
settings:
- host: macos-12
target: macos-x64
- host: macos-14
target: macos-arm64
- host: windows-2022
target: win-x64
extension: .exe
- host: ubuntu-latest
target: linux-x64
runs-on: ${{ matrix.settings.host }}
name: dev build - ${{ matrix.settings.target }} - node@22
steps:
- uses: actions/checkout@v4
- name: Use Node.js
uses: actions/setup-node@v4
with:
node-version: 22.x
- if: matrix.settings.host == 'macos-14'
run: brew install python-setuptools
- if: matrix.settings.host == 'macos-12'
run: pip install setuptools
- run: yarn
- run: yarn run build
# remove dev dependencies before packaging
- run: yarn workspaces focus --all --production
# package final binaries
- run: |
yarn dlx @yao-pkg/[email protected] ./dist -t node22-${{ matrix.settings.target }} -o bundle/dcli-${{ matrix.settings.target }}${{ matrix.settings.extension }} -C Brotli "--public" "--public-packages" "tslib,thirty-two,node-hkdf-sync,vows" "--no-bytecode"
- name: Archive binary artifact
uses: actions/upload-artifact@v4
with:
name: dcli-${{ matrix.settings.target }}
path: bundle/dcli-${{ matrix.settings.target }}${{ matrix.settings.extension }}
retention-days: 1
sign:
runs-on: ubuntu-latest
needs: build
steps:
- uses: actions/checkout@v4
- name: Download all artifacts
uses: actions/download-artifact@v4
with:
path: artifacts
- name: List artifacts
run: ls -R artifacts
shell: bash
- name: Sign Artifact with CodeSignTool
uses: sslcom/esigner-codesign@develop
with:
command: sign
username: ${{ secrets.ES_USERNAME }}
password: ${{ secrets.ES_PASSWORD }}
# Credential ID for signing certificate.
credential_id: ${{ secrets.CREDENTIAL_ID }}
# OAuth TOTP Secret (https://www.ssl.com/how-to/automate-esigner-ev-code-signing)
totp_secret: ${{ secrets.ES_TOTP_SECRET }}
# Path of code object to be signed
file_path: artifacts/dcli-win-x64/dcli-win-x64.exe
# Directory where signed code object(s) will be written.
output_path: signed
malware_block: false
environment_name: PROD
- run: mv signed/dcli-win-x64.exe signed/dcli-win-x64-signed.exe
- name: Archive binary artifact
uses: actions/upload-artifact@v4
with:
name: dcli-win-x64-signed
path: signed/dcli-win-x64-signed.exe
retention-days: 1
release:
permissions:
contents: write
runs-on: ubuntu-latest
needs:
- build
- sign
steps:
- uses: actions/checkout@v4
- name: Download all artifacts
uses: actions/download-artifact@v4
with:
path: artifacts
- name: List artifacts
run: ls -R artifacts
shell: bash
- name: Release
uses: softprops/action-gh-release@v2
with:
files: |
artifacts/dcli-linux-x64/dcli-linux-x64
artifacts/dcli-macos-x64/dcli-macos-x64
artifacts/dcli-macos-arm64/dcli-macos-arm64
artifacts/dcli-win-x64/dcli-win-x64.exe
artifacts/dcli-win-x64-signed/dcli-win-x64-signed.exe