Skip to content

chore: remove win code signing #1471

chore: remove win code signing

chore: remove win code signing #1471

Workflow file for this run

name: Debug build
on: [pull_request]
jobs:
announce-start:
runs-on: ubuntu-20.04
permissions: write-all
steps:
- uses: lucasmotta/[email protected]
if: github.repository == 'leather-wallet/desktop'
with:
header: '> _Building new release, please wait for the latest_&nbsp; <img src="https://user-images.githubusercontent.com/1618764/97873036-51dfb200-1d17-11eb-89f5-0a922dc3ac92.gif" width="12" />'
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
debug-build:
runs-on: ${{ matrix.os }}
needs:
- announce-start
env:
STX_NETWORK: ${{ matrix.stx_network }}
SENTRY_DSN: ${{ secrets.SENTRY_DSN }}
SEGMENT_WRITE_KEY: ${{ secrets.SEGMENT_WRITE_KEY }}
strategy:
matrix:
os: [macos-11, ubuntu-20.04, windows-latest]
stx_network: [testnet, mainnet]
include:
- os: macos-11
NPM_COMMAND: mac
UPLOAD_ASSETS: release/**/*.dmg
CSC_LINK_SECRET_NAME: CODE_SIGNING_CERTIFICATE_APPLE
CSC_KEY_PASSWORD_SECRET_NAME: CODE_SIGNING_PASSWORD_APPLE
- os: ubuntu-20.04
NPM_COMMAND: linux
UPLOAD_ASSETS: |
release/**/*.deb
release/**/*.rpm
- os: windows-latest
NPM_COMMAND: win
UPLOAD_ASSETS: release/**/*.exe
steps:
- name: Cancel Previous Runs
uses: styfle/[email protected]
with:
access_token: ${{ secrets.GITHUB_TOKEN }}
- name: Check out Git repository
uses: actions/checkout@v2
- name: Add required Linux dependencies
uses: ./.github/actions/linux-deps
if: matrix.os == 'ubuntu-20.04'
- name: Import GPG key
id: import_gpg_key
uses: crazy-max/ghaction-import-gpg@v5
with:
gpg_private_key: ${{ secrets.GPG_PRIVATE_KEY }}
passphrase: ${{ secrets.GPG_PASSPHRASE }}
- uses: actions/cache@v2
id: cache-node-modules
with:
path: '**/node_modules'
key: ${{ runner.os }}-${{ hashFiles('**/yarn.lock') }}-${{ hashFiles('**/package.json') }}-${{ secrets.CACHE_BUSTER }}
- name: Variables
id: vars
run: |
echo "::set-output name=version::$(cat package.json | jq -r .version)"
echo "::set-output name=branch_name::$(echo ${GITHUB_REF#refs/heads/})"
echo "::set-output name=pull_request_id::$(echo $GITHUB_REF)"
- name: Install code-signing certs - Apple only
uses: apple-actions/import-codesign-certs@v1
if: matrix.os == 'macos-11'
with:
p12-file-base64: ${{ secrets.CODE_SIGNING_CERTIFICATE_APPLE }}
p12-password: ${{ secrets.CODE_SIGNING_PASSWORD_APPLE }}
- uses: actions/setup-node@v3
with:
node-version: 18
- uses: actions/setup-python@v4
with:
architecture: x64
#
# Windows build breaks when using the package.json script to install `app/` packages
# using separate run to install those packages separately
- name: Install packages
uses: nick-invision/retry@v2
if: steps.cache-node-modules.outputs.cache-hit != 'true'
with:
timeout_seconds: 600
max_attempts: 3
retry_on: error
command: yarn --frozen-lockfile --ignore-scripts
- name: Install `app/` packages
if: steps.cache-node-modules.outputs.cache-hit != 'true'
run: cd app && yarn --frozen-lockfile --ignore-scripts
- name: Extract version
id: extract_version
uses: Saionaro/[email protected]
- name: Build releases
run: ./node_modules/.bin/cross-env yarn package-${{ matrix.NPM_COMMAND }}
env:
DEBUG_PROD: true
NODE_ENV: production
SHA: ${{ github.event.pull_request.head.sha }}
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
PULL_REQUEST: ${{ steps.vars.outputs.pull_request_id }}
BRANCH_NAME: ${{ steps.vars.outputs.branch_name }}
CSC_LINK: ${{ secrets[matrix.CSC_LINK_SECRET_NAME] }}
CSC_KEY_PASSWORD: ${{ secrets[matrix.CSC_KEY_PASSWORD_SECRET_NAME] }}
SENTRY_DSN: ${{ secrets.SENTRY_DSN }}
APPLE_ID: ${{ secrets.APPLE_ID }}
APPLE_ID_PASS: ${{ secrets.APPLE_ID_PASS }}
- run: ls -R release
- uses: actions/upload-artifact@v2
name: ${{ matrix.NPM_COMMAND }} ${{ matrix.stx_network }} upload
with:
name: stacks-wallet-${{ matrix.stx_network }}-${{ matrix.NPM_COMMAND }}
path: ${{ matrix.UPLOAD_ASSETS }}
asset-signatures:
runs-on: ubuntu-20.04
needs:
- debug-build
steps:
- name: Download binaries
uses: actions/download-artifact@v2
with:
path: downloads
- name: Import GPG key
id: import_gpg_key
uses: crazy-max/ghaction-import-gpg@v5
with:
gpg_private_key: ${{ secrets.GPG_PRIVATE_KEY }}
passphrase: ${{ secrets.GPG_PASSPHRASE }}
- name: Generate binary shasums
run: |
find downloads -type f -exec mv '{}' . \; && rm -rf downloads
ls | xargs -I{} shasum -a 256 {} | grep -v shasum.txt | tee -a shasum.txt
gpg --armor --output shasum.txt.asc --clearsign shasum.txt
- name: Upload binary shasums
uses: actions/upload-artifact@v2
with:
name: shasum.txt.asc
path: shasum.txt.asc
announce-completion:
runs-on: ubuntu-20.04
permissions: write-all
if: always()
needs:
- debug-build
steps:
- uses: lucasmotta/[email protected]
if: (!contains(needs.*.result, 'failure')) && github.repository == 'leather-wallet/desktop'
with:
header: '> [Download the latest build](https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }})'
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- uses: lucasmotta/[email protected]
if: (contains(needs.*.result, 'failure')) && github.repository == 'leather-wallet/desktop'
with:
header: '> _Build failed, [see here for details](https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }})_'
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}