Release app #3

Workflow file for this run

.github/workflows/release.yml at c8b5f13

	name: Release app
	on:
	workflow_dispatch:
	push:
	tags:
	- 'v*'
	jobs:
	build-linux:
	strategy:
	matrix:
	os:
	[
	{ name: 'linux', image: 'ubuntu-latest' }
	]
	runs-on: ${{ matrix.os.image }}
	defaults:
	run:
	working-directory: ./src/gui
	steps:
	- name: Github checkout
	uses: actions/checkout@v4
	- name: Use Node.js
	uses: actions/setup-node@v4
	with:
	node-version: 20
	- name: Use Cargo
	uses: dtolnay/rust-toolchain@stable
	- name: Install Flatpak dependencies
	# Needed to build the Flatpak.
	#
	# Also, during make, electron-forge will install Electron app dependencies, namely:
	# - org.freedesktop.Platform
	# - org.freedesktop.SDK
	# - org.electronjs.Electron2.BaseApp, and
	# - https://github.com/refi64/zypak (yes, it pulls a git repo)
	#
	# I would install them here, but the bundler seems to require a specific version
	# and doing it here would be annoying.
	#
	# If you wish to change the version of any of those dependencies, do it in forge.config.ts.
	run: \|
	sudo apt-get update
	sudo apt-get install -y flatpak flatpak-builder elfutils
	flatpak remote-add --user --if-not-exists flathub https://dl.flathub.org/repo/flathub.flatpakrepo
	git config --global protocol.file.allow always
	- name: Install dependencies
	run: npm install
	- name: Build backend
	run: npm run build-backend
	- name: Publish app
	env:
	GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
	run: DEBUG=@malept/flatpak-bundler* npm run publish
	build-win:
	strategy:
	matrix:
	os:
	[
	{ name: 'windows', image: 'windows-latest' }
	]
	runs-on: ${{ matrix.os.image }}
	defaults:
	run:
	working-directory: ./src/gui
	steps:
	- name: Github checkout
	uses: actions/checkout@v4
	- name: Use Node.js
	uses: actions/setup-node@v4
	with:
	node-version: 20
	- name: Use Cargo
	uses: dtolnay/rust-toolchain@stable
	- name: Install dependencies
	run: npm install
	- name: Build backend
	run: npm run build-backend
	- name: Publish app
	env:
	GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
	run: npm run publish
	build-mac:
	strategy:
	matrix:
	os:
	[
	{ name: 'macos', image: 'macos-latest' },
	{ name: 'macos-x86', image: 'macos-13' },
	]
	runs-on: ${{ matrix.os.image }}
	defaults:
	run:
	working-directory: ./src/gui
	steps:
	- name: Github checkout
	uses: actions/checkout@v4
	- name: Use Node.js
	uses: actions/setup-node@v4
	with:
	node-version: 20
	- name: Use Cargo
	uses: dtolnay/rust-toolchain@stable
	# https://github.com/electron/forge/issues/3371#issuecomment-2281115374
	# setuptools is required to build appdmg (a dependency for creating DMGs).
	#
	# To install it, we set up a Python environment for both Mac builds and
	# install via pip.
	- name: Install Python 3.12 (macOS)
	uses: actions/setup-python@v5
	with:
	python-version: '3.12'
	- name: Install python-setuptools (macOS)
	run: python3 -m pip install setuptools
	- name: Install dependencies
	run: npm install
	- name: Build backend
	run: npm run build-backend
	- name: Install the Apple certificate and provisioning profile
	# https://docs.github.com/en/actions/use-cases-and-examples/deploying/installing-an-apple-certificate-on-macos-runners-for-xcode-development#add-a-step-to-your-workflow
	# We're not uploading to MAS, so we do not include BUILD_PROVISION_PROFILE_BASE64.
	env:
	BUILD_CERTIFICATE_BASE64: ${{ secrets.BUILD_CERTIFICATE_BASE64 }}
	P12_PASSWORD: ${{ secrets.P12_PASSWORD }}
	KEYCHAIN_PASSWORD: ${{ secrets.KEYCHAIN_PASSWORD }}
	run: \|
	# create variables
	CERTIFICATE_PATH=$RUNNER_TEMP/build_certificate.p12
	PP_PATH=$RUNNER_TEMP/build_pp.mobileprovision
	KEYCHAIN_PATH=$RUNNER_TEMP/app-signing.keychain-db

	# import certificate and provisioning profile from secrets
	echo -n "$BUILD_CERTIFICATE_BASE64" \| base64 --decode -o $CERTIFICATE_PATH

	# create temporary keychain
	security create-keychain -p "$KEYCHAIN_PASSWORD" $KEYCHAIN_PATH
	security set-keychain-settings -lut 21600 $KEYCHAIN_PATH
	security unlock-keychain -p "$KEYCHAIN_PASSWORD" $KEYCHAIN_PATH

	# import certificate to keychain
	security import $CERTIFICATE_PATH -P "$P12_PASSWORD" -A -t cert -f pkcs12 -k $KEYCHAIN_PATH
	security set-key-partition-list -S apple-tool:,apple: -k "$KEYCHAIN_PASSWORD" $KEYCHAIN_PATH
	security list-keychain -d user -s $KEYCHAIN_PATH
	- name: Publish app (macOS)
	env:
	GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
	SIGNING_IDENTITY: ${{ secrets.SIGNING_IDENTITY }}
	NOTARIZE_EMAIL: ${{ secrets.NOTARIZE_EMAIL }}
	NOTARIZE_PASSWORD: ${{ secrets.NOTARIZE_PASSWORD }}
	TEAM_ID: ${{ secrets.TEAM_ID }}
	# Note to future developers:
	# If we ever lose the Apple dev profile,
	# we can return to an ad-hoc signature to get the program to work with warnings.
	#
	# To do so, remove the `Install the Apple certificate and provisioning profile` step,
	# and replace this step with:
	# run: \|
	# npm run package
	# codesign --force --deep -s - ./out//.app
	# npm run publish -- --skip-package
	#
	# This reverts the program to the error that is usually seen on Intel Macs:
	# ("LC3Tools.app" cannot be opened because Apple cannot check it for malicious software.)
	#
	# https://github.com/electron-userland/electron-builder/issues/5850#issuecomment-1821648559
	run: \|
	npm run publish

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Release app #3

Workflow file

Release app #3

Jobs

Run details

Workflow file for this run