Skip to content

Commit

Permalink
Run on CI
Browse files Browse the repository at this point in the history
  • Loading branch information
dfunckt committed Nov 9, 2023
1 parent 150faeb commit 5fa0588
Show file tree
Hide file tree
Showing 7 changed files with 160 additions and 147 deletions.
115 changes: 57 additions & 58 deletions .github/actions/publish/action.yml
Original file line number Diff line number Diff line change
Expand Up @@ -48,19 +48,49 @@ runs:
node-version: ${{ inputs.NODE_VERSION }}
cache: npm

- name: Install yq
- name: Install host dependencies
if: runner.os == 'Linux'
shell: bash --noprofile --norc -eo pipefail -x {0}
run: choco install yq
run: |
set -ea
sudo apt-get update
sudo apt-get install -y --no-install-recommends fakeroot dpkg rpm
- name: Install host dependencies
if: runner.os == 'Windows'
shell: bash --noprofile --norc -eo pipefail -x {0}
run: choco install yq

# https://www.electron.build/code-signing.html
# https://github.com/Apple-Actions/import-codesign-certs
# https://dev.to/rwwagner90/signing-electron-apps-with-github-actions-4cof
- name: Import Apple code signing certificate
if: runner.os == 'macOS'
uses: apple-actions/import-codesign-certs@v1
with:
p12-file-base64: ${{ fromJSON(inputs.secrets).APPLE_SIGNING }}
p12-password: ${{ fromJSON(inputs.secrets).APPLE_SIGNING_PASSWORD }}
shell: bash --noprofile --norc -eo pipefail -x {0}
run: |
KEY_CHAIN=build.keychain
CERTIFICATE_P12=certificate.p12
# Recreate the certificate from the secure environment variable
echo $CERTIFICATE_P12_B64 | base64 --decode > $CERTIFICATE_P12
#create a keychain
security create-keychain -p actions $KEY_CHAIN
# Make the keychain the default so identities are found
security default-keychain -s $KEY_CHAIN
# Unlock the keychain
security unlock-keychain -p actions $KEY_CHAIN
security import $CERTIFICATE_P12 -k $KEY_CHAIN -P $CERTIFICATE_PASSWORD -T /usr/bin/codesign
security set-key-partition-list -S apple-tool:,apple: -s -k actions $KEY_CHAIN
# remove certs
rm -fr *.p12
env:
CERTIFICATE_P12_B64: ${{ fromJSON(inputs.secrets).APPLE_SIGNING }}
CERTIFICATE_PASSWORD: ${{ fromJSON(inputs.secrets).APPLE_SIGNING_PASSWORD }}

- name: Import Windows code signing certificate
if: runner.os == 'Windows'
Expand All @@ -81,10 +111,6 @@ runs:
WINDOWS_CERTIFICATE: ${{ fromJSON(inputs.secrets).WINDOWS_SIGNING }}
WINDOWS_CERTIFICATE_PASSWORD: ${{ fromJSON(inputs.secrets).WINDOWS_SIGNING_PASSWORD }}

# ... or refactor (e.g.) https://github.com/samuelmeuli/action-electron-builder
# https://github.com/product-os/scripts/tree/master/electron
# https://github.com/product-os/scripts/tree/master/shared
# https://github.com/product-os/balena-concourse/blob/master/pipelines/github-events/template.yml
- name: Package release
id: package_release
shell: bash --noprofile --norc -eo pipefail -x {0}
Expand All @@ -94,76 +120,49 @@ runs:
[[ '${{ inputs.VERBOSE }}' =~ on|On|Yes|yes|true|True ]] && set -x
runner_os="$(echo "${RUNNER_OS}" | tr '[:upper:]' '[:lower:]')"
runner_arch="$(echo "${RUNNER_ARCH}" | tr '[:upper:]' '[:lower:]')"
ELECTRON_BUILDER_ARCHITECTURE="${runner_arch}"
APPLICATION_VERSION="$(jq -r '.version' package.json)"
ARCHITECTURE_FLAGS="--${ELECTRON_BUILDER_ARCHITECTURE}"
if [[ $runner_os =~ linux ]]; then
ELECTRON_BUILDER_OS='--linux'
TARGETS="$(yq e .linux.target[] electron-builder.yml)"
if [[ $RUNNER_OS =~ linux ]]; then
BUILD_PLATFORM='linux'
BUILD_ARCH='x64'
elif [[ $runner_os =~ darwin|macos|osx ]]; then
CSC_KEY_PASSWORD=${{ fromJSON(inputs.secrets).APPLE_SIGNING_PASSWORD }}
CSC_KEYCHAIN=signing_temp
CSC_LINK=${{ fromJSON(inputs.secrets).APPLE_SIGNING }}
ELECTRON_BUILDER_OS='--mac'
TARGETS="$(yq e .mac.target[] electron-builder.yml)"
BUILD_PLATFORM='darwin'
BUILD_ARCH='x64,arm64'
elif [[ $runner_os =~ windows|win ]]; then
ARCHITECTURE_FLAGS="--ia32 ${ARCHITECTURE_FLAGS}"
CSC_KEY_PASSWORD=${{ fromJSON(inputs.secrets).WINDOWS_SIGNING_PASSWORD }}
CSC_LINK=${{ fromJSON(inputs.secrets).WINDOWS_SIGNING }}
ELECTRON_BUILDER_OS='--win'
TARGETS="$(yq e .win.target[] electron-builder.yml)"
BUILD_PLATFORM='win32'
BUILD_ARCH="ia32,x64"
else
exit 1
echo "ERROR: unexpected runner OS: ${runner_os}"
exit 1
fi
npm link electron-builder
for target in ${TARGETS}; do
electron-builder ${ELECTRON_BUILDER_OS} ${target} ${ARCHITECTURE_FLAGS} \
--c.extraMetadata.analytics.sentry.token='https://[email protected]/4504451487301632' \
--c.extraMetadata.analytics.amplitude.token='balena-etcher' \
--c.extraMetadata.packageType="${target}"
find dist -type f -maxdepth 1
done
npm run make -- --platform="${BUILD_PLATFORM}" --arch="${BUILD_ARCH}"
echo "version=${APPLICATION_VERSION}" >> $GITHUB_OUTPUT
env:
# Apple notarization (afterSignHook.js)
# ensure we sign the artifacts
NODE_ENV: production
# Apple notarization
XCODE_APP_LOADER_EMAIL: ${{ inputs.XCODE_APP_LOADER_EMAIL }}
XCODE_APP_LOADER_PASSWORD: ${{ fromJSON(inputs.secrets).XCODE_APP_LOADER_PASSWORD }}
XCODE_APP_LOADER_TEAM_ID: ${{ fromJSON(inputs.secrets).XCODE_APP_LOADER_TEAM_ID }}
# Windows signing
WINDOWS_SIGNING: ${{ fromJSON(inputs.secrets).WINDOWS_SIGNING }}
WINDOWS_SIGNING_PASSWORD: ${{ fromJSON(inputs.secrets).WINDOWS_SIGNING_PASSWORD }}
# https://github.blog/2020-08-03-github-actions-improvements-for-fork-and-pull-request-workflows/#improvements-for-public-repository-forks
# https://docs.github.com/en/actions/managing-workflow-runs/approving-workflow-runs-from-public-forks#about-workflow-runs-from-public-forks
CSC_FOR_PULL_REQUEST: true

# https://www.electron.build/auto-update.html#staged-rollouts
- name: Configure staged rollout(s)
shell: bash --noprofile --norc -eo pipefail -x {0}
run: |
set -ea
[[ '${{ inputs.VERBOSE }}' =~ on|On|Yes|yes|true|True ]] && set -x
percentage="$(cat < repo.yml | yq e .triggerNotification.stagingPercentage)"
find dist -type f -maxdepth 1 \
-name "latest*.yml" \
-exec yq -i e .version=\"${{ steps.package_release.outputs.version }}\" {} \;
find dist -type f -maxdepth 1 \
-name "latest*.yml" \
-exec yq -i e .stagingPercentage=\"$percentage\" {} \;
- name: Upload artifacts
uses: actions/upload-artifact@v3
with:
name: gh-release-${{ github.event.pull_request.head.sha || github.event.head_commit.id }}
path: dist
path: |
out/**/*.{deb,rpm,dmg,zip}
out/**/*Setup.exe
retention-days: 1
31 changes: 25 additions & 6 deletions .github/actions/test/action.yml
Original file line number Diff line number Diff line change
Expand Up @@ -28,23 +28,42 @@ runs:
node-version: ${{ inputs.NODE_VERSION }}
cache: npm

- name: Test release
- name: Install host dependencies
if: runner.os == 'Linux'
shell: bash --noprofile --norc -eo pipefail -x {0}
run: |
set -ea
sudo apt-get update
sudo apt-get install -y --no-install-recommends xvfb libudev-dev
cat < package.json | jq -r '.hostDependencies[][]' - | \
xargs -L1 echo | sed 's/|//g' | xargs -L1 \
sudo apt-get --ignore-missing install || true
[[ '${{ inputs.VERBOSE }}' =~ on|On|Yes|yes|true|True ]] && set -x
- name: Install host dependencies
if: runner.os == 'Windows'
shell: bash --noprofile --norc -eo pipefail -x {0}
run: npx node-gyp install

runner_os="$(echo "${RUNNER_OS}" | tr '[:upper:]' '[:lower:]')"
- name: Install host dependencies
if: runner.os == 'macOS'
# FIXME: Python 3.12 dropped distutils that node-gyp depends upon.
# This is a temporary workaround to make the job use Python 3.11 until
# node-gyp catches up.
uses: actions/setup-python@d27e3f3d7c64b4bbf8e4abfb9b63b83e846e0435 # v4
with:
python-version: '3.11'

npm run flowzone-preinstall-${runner_os}
- name: Test release
shell: bash --noprofile --norc -eo pipefail -x {0}
run: |
set -ea
runner_os="$(echo "${RUNNER_OS}" | tr '[:upper:]' '[:lower:]')"
npm ci
npm run package
npm run test-${runner_os}
env:
# https://www.electronjs.org/docs/latest/api/environment-variables
ELECTRON_NO_ATTACH_CONSOLE: true
ELECTRON_NO_ATTACH_CONSOLE: 'true'

- name: Compress custom source
if: runner.os != 'Windows'
Expand Down
25 changes: 0 additions & 25 deletions afterSignHook.js

This file was deleted.

4 changes: 0 additions & 4 deletions dev-app-update.yml

This file was deleted.

73 changes: 31 additions & 42 deletions forge.config.ts
Original file line number Diff line number Diff line change
Expand Up @@ -11,11 +11,37 @@ import { ResourcePlugin } from 'electron-forge-resource-plugin';

import { mainConfig, rendererConfig } from './webpack.config';

const { hostDependencies } = require('./package.json');

const LONG_DESCRIPTION = `balenaEtcher is a powerful OS image flasher built with
web technologies to ensure flashing an SDCard or USB drive is a pleasant and safe
experience. It protects you from accidentally writing to your hard-drives, ensures
every byte of data was written correctly and much more.`;

let osxSigningConfig: any = {};
let winSigningConfig: any = {};

if (process.env.NODE_ENV === 'production') {
osxSigningConfig.osxSign = {
optionsForFile: () => ({
entitlements: './entitlements.mac.plist',
hardenedRuntime: true,
}),
};

osxSigningConfig.osxNotarize = {
tool: 'notarytool',
appleId: process.env.XCODE_APP_LOADER_EMAIL,
appleIdPassword: process.env.XCODE_APP_LOADER_PASSWORD,
teamId: process.env.XCODE_APP_LOADER_TEAM_ID,
};

winSigningConfig = {
certificateFile: process.env.WINDOWS_SIGNING,
certificatePassword: process.env.WINDOWS_SIGNING_PASSWORD
}
}

const config: ForgeConfig = {
packagerConfig: {
asar: true,
Expand All @@ -27,15 +53,14 @@ const config: ForgeConfig = {
protocols: [
{ name: 'etcher', schemes: ['etcher']},
],

// osxSign: {},
// osxNotarize: {},
...osxSigningConfig,
},
rebuildConfig: {},
makers: [
new MakerZIP(),
new MakerSquirrel({
setupIcon: 'assets/icon.ico',
...winSigningConfig,
}),
new MakerDMG({
background: './assets/dmg/background.tiff',
Expand Down Expand Up @@ -87,43 +112,7 @@ const config: ForgeConfig = {
scripts: {
postinst: './after-install.tpl',
},
depends: [
'gconf-service',
'gconf2',
'libasound2',
'libatk1.0-0',
'libc6',
'libcairo2',
'libcups2',
'libdbus-1-3',
'libexpat1',
'libfontconfig1',
'libfreetype6',
'libgbm1',
'libgcc1',
'libgconf-2-4',
'libgdk-pixbuf2.0-0',
'libglib2.0-0',
'libgtk-3-0',
'liblzma5',
'libnotify4',
'libnspr4',
'libnss3',
'libpango1.0-0 | libpango-1.0-0',
'libstdc++6',
'libx11-6',
'libxcomposite1',
'libxcursor1',
'libxdamage1',
'libxext6',
'libxfixes3',
'libxi6',
'libxrandr2',
'libxrender1',
'libxss1',
'libxtst6',
'polkit-1-auth-agent | policykit-1-gnome | polkit-kde-1',
],
depends: hostDependencies['debian'],
}
}),
],
Expand All @@ -148,9 +137,9 @@ const config: ForgeConfig = {
}),
new ResourcePlugin({
env: 'ETCHER_UTIL_BIN_PATH',
path: './out/sidecar/bin/etcher-util',
path: 'out/sidecar/bin',
build: {
command: 'tsc --project tsconfig.sidecar.json && pkg out/sidecar/util/api.js -c pkg-sidecar.json --target node18 --output out/sidecar/bin/etcher-util',
command: 'npm rebuild mountutils && tsc --project tsconfig.sidecar.json && pkg out/sidecar/util/api.js -c pkg-sidecar.json --target node18 --output out/sidecar/bin/etcher-util',
sources: './lib/util/',
},
}),
Expand Down
14 changes: 7 additions & 7 deletions lib/gui/etcher.ts
Original file line number Diff line number Diff line change
Expand Up @@ -246,8 +246,6 @@ electron.app.on('before-quit', () => {
declare const ETCHER_UTIL_BIN_PATH: string;

electron.ipcMain.handle('get-util-path', () => {
const binPath = ETCHER_UTIL_BIN_PATH;

// Workaround the fact that the Resource forge plugin hardcodes
// the resource path to `resources` which is only valid on Linux
// and Windows builds -- it fails on macOS.
Expand All @@ -256,11 +254,13 @@ electron.ipcMain.handle('get-util-path', () => {
// that will always point to Electron's resource folder, which in
// dev builds using the Electron binary from node modules is not
// at all what we want, since our build artifacts reside in `/out`.
if (process.env.NODE_ENV === 'development') {
return binPath;
} else {
return binPath.replace('resources', process.resourcesPath);
}
const filepath =
process.env.NODE_ENV === 'development'
? ETCHER_UTIL_BIN_PATH
: ETCHER_UTIL_BIN_PATH.replace('resources', process.resourcesPath);
const filename =
process.platform === 'win32' ? 'etcher-util.exe' : 'etcher-util';
return path.join(filepath, filename);
});

async function main(): Promise<void> {
Expand Down
Loading

0 comments on commit 5fa0588

Please sign in to comment.