Build and Release Desktop #58
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Build and Release Desktop | |
env: | |
NETWORK: IOTA | |
NETWORK_CODE: iota | |
on: | |
push: | |
tags: | |
- desktop-iota-* | |
workflow_dispatch: | |
inputs: | |
debugElectronBuilder: | |
description: 'Verbose electron-builder output' | |
required: true | |
type: choice | |
options: | |
- 'false' | |
- 'true' | |
stage: | |
description: 'Stage' | |
required: true | |
type: choice | |
options: | |
- alpha | |
- beta | |
- prod | |
jobs: | |
setup: | |
runs-on: ubuntu-latest | |
if: startsWith(github.ref, 'refs/tags/desktop') | |
outputs: | |
version: ${{ steps.set_outputs.outputs.version }} | |
release_name: ${{ steps.set_outputs.outputs.release_name }} | |
stage: ${{ steps.set_outputs.outputs.stage }} | |
steps: | |
- id: set_outputs | |
name: Set outputs for version, release name, and stage | |
run: | | |
VERSION=${GITHUB_REF#refs/*/desktop-iota-} | |
RELEASE_NAME=$(echo $VERSION | perl -0777 -pe 's/^([0-9]\d*\.[0-9]\d*\.[0-9]\d*)(?:-([a-z]*)-(\d*))?$/$1 \u$2 $3/') | |
STAGE=$(echo $VERSION | perl -0777 -pe 's/^([0-9]\d*\.[0-9]\d*\.[0-9]\d*)(?:-([a-z]*)-([0-9]\d*(\.[0-9]\d*)*))?$/$2/') | |
if [ -z "$STAGE" ]; then | |
STAGE="prod" | |
fi | |
echo "version=$VERSION" >> $GITHUB_OUTPUT | |
echo "release_name=$RELEASE_NAME" >> $GITHUB_OUTPUT | |
echo "stage=$STAGE" >> $GITHUB_OUTPUT | |
build: | |
runs-on: ${{ matrix.os }} | |
if: ${{ always() }} | |
needs: [setup] | |
strategy: | |
matrix: | |
os: [ubuntu-20.04, macos-11, windows-2019] | |
fail-fast: true | |
env: | |
VERSION: ${{ needs.setup.outputs.version }} | |
STAGE: ${{ needs.setup.outputs.stage || github.event.inputs.stage }} | |
steps: | |
- uses: actions/checkout@v2 | |
- name: Set up Node.js | |
uses: actions/setup-node@v1 | |
with: | |
node-version: 18.15.0 | |
# Used to read the `binding.gyp` file from `@iota/wallet` | |
- name: Set up Python 3.10 | |
uses: actions/setup-python@v4 | |
with: | |
python-version: '3.10' | |
- name: Install Rust toolchain | |
uses: actions-rs/toolchain@v1 | |
with: | |
toolchain: stable | |
profile: minimal | |
- name: Install LLVM and Clang (Windows) # required for bindgen to work, see https://github.com/rust-lang/rust-bindgen/issues/1797 | |
uses: KyleMayes/install-llvm-action@32c4866ebb71e0949e8833eb49beeebed48532bd | |
if: matrix.os == 'windows-2019' | |
with: | |
version: '11.0' | |
directory: ${{ runner.temp }}/llvm | |
- name: Set LIBCLANG_PATH (Windows) | |
run: echo "LIBCLANG_PATH=$((gcm clang).source -replace "clang.exe")" >> $env:GITHUB_ENV | |
if: matrix.os == 'windows-2019' | |
- name: Set deployment target (macOS) | |
run: echo "MACOSX_DEPLOYMENT_TARGET=10.14" >> $GITHUB_ENV # TODO: set this to 10.12 once rocksDB issue is fixed | |
if: matrix.os == 'macos-11' | |
- name: Install required packages (Linux) | |
run: | | |
sudo apt update | |
sudo apt install -y gcc-multilib g++-multilib build-essential libssl-dev rpm libsecret-1-dev \ | |
software-properties-common apt-transport-https libudev-dev libusb-1.0-0-dev \ | |
llvm-dev libclang-dev clang | |
if: matrix.os == 'ubuntu-20.04' | |
- name: Enable verbose output for electron-builder (macOS/Linux) | |
run: echo "DEBUG=electron-builder" >> $GITHUB_ENV | |
if: matrix.os != 'windows-2019' && github.event.inputs.debugElectronBuilder && github.event.inputs.debugElectronBuilder == 'true' | |
- name: Enable verbose output for electron-builder (Windows) | |
run: echo "DEBUG=electron-builder" | Out-File -FilePath $env:GITHUB_ENV -Encoding utf8 -Append | |
if: matrix.os == 'windows-2019' && github.event.inputs.debugElectronBuilder && github.event.inputs.debugElectronBuilder == 'true' | |
- name: Install dependencies | |
# Increase network timeout threshold to reduce build failures on Windows | |
run: yarn --network-timeout 1000000 | |
- name: Install Sentry CLI | |
# Yarn has issues putting binaries in the PATH on Windows | |
run: npm i -g @sentry/cli | |
if: ${{ startsWith(github.ref, 'refs/tags/desktop') && matrix.os == 'windows-2019' }} | |
- name: Set productName | |
run: node scripts/fix-productName.js | |
working-directory: packages/desktop | |
- name: Bundle desktop JS | |
run: yarn build:${STAGE} | |
working-directory: packages/desktop | |
shell: bash | |
env: | |
HARDCODE_NODE_ENV: true | |
SENTRY: ${{ startsWith(github.ref, 'refs/tags/desktop') }} | |
SENTRY_DSN: ${{ secrets.SENTRY_DSN_PROD_DESKTOP }} | |
SENTRY_AUTH_TOKEN: ${{ secrets.SENTRY_AUTH_TOKEN }} | |
AMPLITUDE_API_KEY: ${{ secrets.AMPLITUDE_API_KEY }} | |
- name: Build Electron app (macOS) | |
run: yarn compile:${STAGE}:mac | |
env: | |
CSC_LINK: ${{ secrets.MAC_CERT_BASE64 }} | |
CSC_KEY_PASSWORD: ${{ secrets.MAC_CERT_PASSWORD }} | |
FIREFLY_APPLE_ID: ${{ secrets.APPLE_ID }} | |
FIREFLY_APPLE_ID_PASSWORD: ${{ secrets.APPLE_ID_PASSWORD }} | |
working-directory: packages/desktop | |
if: matrix.os == 'macos-11' | |
- name: Build Electron app (Windows) | |
run: yarn compile:${env:STAGE}:win | |
env: | |
CSC_LINK: ${{ secrets.WIN_CERT_BASE64 }} | |
CSC_KEY_PASSWORD: ${{ secrets.WIN_CERT_PASSWORD }} | |
working-directory: packages/desktop | |
if: matrix.os == 'windows-2019' | |
- name: Build Electron app (Linux) | |
run: yarn compile:${STAGE}:linux | |
working-directory: packages/desktop | |
if: matrix.os == 'ubuntu-20.04' | |
- name: Import GPG key (Linux) | |
run: | | |
echo "$GPG_PRIVATE_KEY" | base64 -d > /tmp/private.key && \ | |
echo "$GPG_PASSPHRASE" | gpg --batch --yes --passphrase-fd 0 --import /tmp/private.key | |
env: | |
GPG_PRIVATE_KEY: ${{ secrets.GPG_PRIVATE_KEY }} | |
GPG_PASSPHRASE: ${{ secrets.GPG_PASSPHRASE }} | |
if: matrix.os == 'ubuntu-20.04' | |
- name: Sign AppImage (Linux) | |
run: echo $GPG_PASSPHRASE | gpg --pinentry-mode loopback --batch --passphrase-fd 0 --armor --detach-sign --default-key [email protected] firefly-*.AppImage | |
working-directory: packages/desktop/out | |
env: | |
GPG_PASSPHRASE: ${{ secrets.GPG_PASSPHRASE }} | |
if: matrix.os == 'ubuntu-20.04' | |
- name: Compute checksums (Linux) | |
run: for i in `ls | grep 'firefly-*'` ; do sha256sum $i | awk {'print $1'} > $i.sha256 ; done | |
working-directory: packages/desktop/out | |
if: matrix.os == 'ubuntu-20.04' | |
- name: Compute checksums (macOS) | |
run: for i in `ls | grep 'firefly-*'` ; do shasum -a 256 $i | awk {'print $1'} > $i.sha256 ; done | |
working-directory: packages/desktop/out | |
if: matrix.os == 'macos-11' | |
- name: Compute checksums (Windows) | |
run: Get-ChildItem "." -Filter firefly-* | Foreach-Object { $(Get-FileHash -Path $_.FullName -Algorithm SHA256).Hash | Set-Content ($_.FullName + '.sha256') } | |
working-directory: packages/desktop/out | |
if: matrix.os == 'windows-2019' | |
- name: Upload artifacts | |
uses: actions/upload-artifact@v2 | |
with: | |
name: firefly-desktop-${{ matrix.os }} | |
path: | | |
packages/desktop/out/firefly-* | |
packages/desktop/out/latest* | |
release: | |
runs-on: ubuntu-latest | |
needs: [setup, build] | |
if: startsWith(github.ref, 'refs/tags/desktop') | |
env: | |
VERSION: ${{ needs.setup.outputs.version }} | |
RELEASE_NAME: ${{ needs.setup.outputs.release_name }} | |
STAGE: ${{ needs.setup.outputs.stage }} | |
steps: | |
- run: echo ${{ github.ref }} | |
- name: Checkout code | |
uses: actions/checkout@v2 | |
- name: Downloading artifacts | |
uses: actions/download-artifact@v2 | |
with: | |
name: firefly-desktop-windows-2019 | |
path: assets | |
- name: Downloading artifacts | |
uses: actions/download-artifact@v2 | |
with: | |
name: firefly-desktop-macos-11 | |
path: assets | |
- name: Downloading artifacts | |
uses: actions/download-artifact@v2 | |
with: | |
name: firefly-desktop-ubuntu-20.04 | |
path: assets | |
- name: Preparing release body | |
run: | | |
sed -i 's/\r$//' ../../assets/*.sha256 && sed -i '/^$/d' ../../assets/*.sha256 && sed -i -e 's/\(.*\)/\L\1/' ../../assets/*.sha256 | |
WIN_SHA256=$(cat ../../assets/firefly-${{ env.NETWORK_CODE }}-desktop-${{ env.VERSION }}.exe.sha256) | |
LIN_SHA256=$(cat ../../assets/firefly-${{ env.NETWORK_CODE }}-desktop-${{ env.VERSION }}.AppImage.sha256) | |
MAC_SHA256=$(cat ../../assets/firefly-${{ env.NETWORK_CODE }}-desktop-${{ env.VERSION }}.dmg.sha256) | |
echo $WIN_SHA256 $LIN_SHA256 $MAC_SHA256 | |
touch CHANGELOG.md | |
echo '### Changelog' >> CHANGELOG.md | |
echo '------' >> CHANGELOG.md | |
echo '### File Hashes' >> CHANGELOG.md | |
echo '[How to verify the authenticity of your Firefly ${{ env.NETWORK }} Desktop download](https://wiki.iota.org/shimmer/introduction/how_tos/verify_download/#verify-your-firefly-desktop-download)' >> CHANGELOG.md | |
echo '| File | Platform | SHA256 Hash |' >> CHANGELOG.md | |
echo '| --- | --- | --- |' >> CHANGELOG.md | |
echo '| firefly-${{ env.NETWORK_CODE }}-desktop-${{ env.VERSION }}.exe | Windows |' $WIN_SHA256 '|' >> CHANGELOG.md | |
echo '| firefly-${{ env.NETWORK_CODE }}-desktop-${{ env.VERSION }}.AppImage | Linux |' $LIN_SHA256 '|' >> CHANGELOG.md | |
echo '| firefly-${{ env.NETWORK_CODE }}-desktop-${{ env.VERSION }}.dmg | MacOS | ' $MAC_SHA256 '|' >> CHANGELOG.md | |
cat CHANGELOG.md | |
working-directory: packages/desktop | |
- name: Create Release | |
id: create_release | |
uses: actions/[email protected] | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
with: | |
tag_name: ${{ github.ref }} | |
release_name: Firefly ${{ env.NETWORK }} Desktop ${{ env.RELEASE_NAME }} | |
body_path: packages/desktop/CHANGELOG.md | |
draft: true | |
prerelease: true | |
- name: Upload macOS binary asset | |
uses: actions/upload-release-asset@v1 | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
with: | |
upload_url: ${{ steps.create_release.outputs.upload_url }} | |
asset_path: assets/firefly-${{ env.NETWORK_CODE }}-desktop-${{ env.VERSION }}.dmg | |
asset_name: firefly-${{ env.NETWORK_CODE }}-desktop-${{ env.VERSION }}.dmg | |
asset_content_type: application/octet-stream | |
- name: Upload Windows binary asset | |
uses: actions/upload-release-asset@v1 | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
with: | |
upload_url: ${{ steps.create_release.outputs.upload_url }} | |
asset_path: assets/firefly-${{ env.NETWORK_CODE }}-desktop-${{ env.VERSION }}.exe | |
asset_name: firefly-${{ env.NETWORK_CODE }}-desktop-${{ env.VERSION }}.exe | |
asset_content_type: application/octet-stream | |
- name: Upload Linux binary asset | |
uses: actions/upload-release-asset@v1 | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
with: | |
upload_url: ${{ steps.create_release.outputs.upload_url }} | |
asset_path: assets/firefly-${{ env.NETWORK_CODE }}-desktop-${{ env.VERSION }}.AppImage | |
asset_name: firefly-${{ env.NETWORK_CODE }}-desktop-${{ env.VERSION }}.AppImage | |
asset_content_type: application/octet-stream | |
- name: Upload Linux code signature asset | |
uses: actions/upload-release-asset@v1 | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
with: | |
upload_url: ${{ steps.create_release.outputs.upload_url }} | |
asset_path: assets/firefly-${{ env.NETWORK_CODE }}-desktop-${{ env.VERSION }}.AppImage.asc | |
asset_name: firefly-${{ env.NETWORK_CODE }}-desktop-${{ env.VERSION }}.AppImage.asc | |
asset_content_type: application/pgp-signature | |
- name: Upload to S3 | |
run: | | |
aws s3 cp assets/ s3://iotaledger-files/4a1ddea1-10c1-4f1d-83f0-e14903931a46/releases/ --recursive --include "*" --exclude "*.sha256" --exclude "*.blockmap" --exclude "*.asc" --acl public-read | |
aws s3 cp assets/ s3://iotaledger-files/firefly/releases/ --recursive --include "*" --exclude "*.sha256" --exclude "*.blockmap" --exclude "*.asc" --acl public-read | |
env: | |
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
AWS_DEFAULT_REGION: eu-central-1 | |
- name: Invalidate CloudFront cache for auto-update files | |
run: aws cloudfront create-invalidation --distribution-id E32G4HRED4PO65 --paths "/latest*" | |
env: | |
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
AWS_DEFAULT_REGION: eu-central-1 |