chore: remove win code signing #1472
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Debug build | |
on: [pull_request] | |
jobs: | |
announce-start: | |
runs-on: ubuntu-20.04 | |
permissions: write-all | |
steps: | |
- uses: lucasmotta/[email protected] | |
if: github.repository == 'leather-wallet/desktop' | |
with: | |
header: '> _Building new release, please wait for the latest_ <img src="https://user-images.githubusercontent.com/1618764/97873036-51dfb200-1d17-11eb-89f5-0a922dc3ac92.gif" width="12" />' | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
debug-build: | |
runs-on: ${{ matrix.os }} | |
needs: | |
- announce-start | |
env: | |
STX_NETWORK: ${{ matrix.stx_network }} | |
SENTRY_DSN: ${{ secrets.SENTRY_DSN }} | |
SEGMENT_WRITE_KEY: ${{ secrets.SEGMENT_WRITE_KEY }} | |
strategy: | |
matrix: | |
os: [macos-11, ubuntu-20.04, windows-latest] | |
stx_network: [testnet, mainnet] | |
include: | |
- os: macos-11 | |
NPM_COMMAND: mac | |
UPLOAD_ASSETS: release/**/*.dmg | |
CSC_LINK_SECRET_NAME: CODE_SIGNING_CERTIFICATE_APPLE | |
CSC_KEY_PASSWORD_SECRET_NAME: CODE_SIGNING_PASSWORD_APPLE | |
- os: ubuntu-20.04 | |
NPM_COMMAND: linux | |
UPLOAD_ASSETS: | | |
release/**/*.deb | |
release/**/*.rpm | |
- os: windows-latest | |
NPM_COMMAND: win | |
UPLOAD_ASSETS: release/**/*.exe | |
steps: | |
- name: Cancel Previous Runs | |
uses: styfle/[email protected] | |
with: | |
access_token: ${{ secrets.GITHUB_TOKEN }} | |
- name: Check out Git repository | |
uses: actions/checkout@v2 | |
- name: Add required Linux dependencies | |
uses: ./.github/actions/linux-deps | |
if: matrix.os == 'ubuntu-20.04' | |
- name: Import GPG key | |
id: import_gpg_key | |
uses: crazy-max/ghaction-import-gpg@v5 | |
with: | |
gpg_private_key: ${{ secrets.GPG_PRIVATE_KEY }} | |
passphrase: ${{ secrets.GPG_PASSPHRASE }} | |
- uses: actions/cache@v2 | |
id: cache-node-modules | |
with: | |
path: '**/node_modules' | |
key: ${{ runner.os }}-${{ hashFiles('**/yarn.lock') }}-${{ hashFiles('**/package.json') }}-${{ secrets.CACHE_BUSTER }} | |
- name: Variables | |
id: vars | |
run: | | |
echo "::set-output name=version::$(cat package.json | jq -r .version)" | |
echo "::set-output name=branch_name::$(echo ${GITHUB_REF#refs/heads/})" | |
echo "::set-output name=pull_request_id::$(echo $GITHUB_REF)" | |
- name: Install code-signing certs - Apple only | |
uses: apple-actions/import-codesign-certs@v1 | |
if: matrix.os == 'macos-11' | |
with: | |
p12-file-base64: ${{ secrets.CODE_SIGNING_CERTIFICATE_APPLE }} | |
p12-password: ${{ secrets.CODE_SIGNING_PASSWORD_APPLE }} | |
- uses: actions/setup-node@v3 | |
with: | |
node-version: 18 | |
- uses: actions/setup-python@v4 | |
with: | |
architecture: x64 | |
# | |
# Windows build breaks when using the package.json script to install `app/` packages | |
# using separate run to install those packages separately | |
- name: Install packages | |
uses: nick-invision/retry@v2 | |
if: steps.cache-node-modules.outputs.cache-hit != 'true' | |
with: | |
timeout_seconds: 600 | |
max_attempts: 3 | |
retry_on: error | |
command: yarn --frozen-lockfile --ignore-scripts | |
- name: Install `app/` packages | |
if: steps.cache-node-modules.outputs.cache-hit != 'true' | |
run: cd app && yarn --frozen-lockfile --ignore-scripts | |
- name: Extract version | |
id: extract_version | |
uses: Saionaro/[email protected] | |
- name: Build releases | |
run: ./node_modules/.bin/cross-env yarn package-${{ matrix.NPM_COMMAND }} | |
env: | |
DEBUG_PROD: true | |
NODE_ENV: production | |
SHA: ${{ github.event.pull_request.head.sha }} | |
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
PULL_REQUEST: ${{ steps.vars.outputs.pull_request_id }} | |
BRANCH_NAME: ${{ steps.vars.outputs.branch_name }} | |
CSC_LINK: ${{ secrets[matrix.CSC_LINK_SECRET_NAME] }} | |
CSC_KEY_PASSWORD: ${{ secrets[matrix.CSC_KEY_PASSWORD_SECRET_NAME] }} | |
SENTRY_DSN: ${{ secrets.SENTRY_DSN }} | |
APPLE_ID: ${{ secrets.APPLE_ID }} | |
APPLE_ID_PASS: ${{ secrets.APPLE_ID_PASS }} | |
- run: ls -R release | |
- uses: actions/upload-artifact@v2 | |
name: ${{ matrix.NPM_COMMAND }} ${{ matrix.stx_network }} upload | |
with: | |
name: stacks-wallet-${{ matrix.stx_network }}-${{ matrix.NPM_COMMAND }} | |
path: ${{ matrix.UPLOAD_ASSETS }} | |
asset-signatures: | |
runs-on: ubuntu-20.04 | |
needs: | |
- debug-build | |
steps: | |
- name: Download binaries | |
uses: actions/download-artifact@v2 | |
with: | |
path: downloads | |
- name: Import GPG key | |
id: import_gpg_key | |
uses: crazy-max/ghaction-import-gpg@v5 | |
with: | |
gpg_private_key: ${{ secrets.GPG_PRIVATE_KEY }} | |
passphrase: ${{ secrets.GPG_PASSPHRASE }} | |
- name: Generate binary shasums | |
run: | | |
find downloads -type f -exec mv '{}' . \; && rm -rf downloads | |
ls | xargs -I{} shasum -a 256 {} | grep -v shasum.txt | tee -a shasum.txt | |
gpg --armor --output shasum.txt.asc --clearsign shasum.txt | |
- name: Upload binary shasums | |
uses: actions/upload-artifact@v2 | |
with: | |
name: shasum.txt.asc | |
path: shasum.txt.asc | |
announce-completion: | |
runs-on: ubuntu-20.04 | |
permissions: write-all | |
if: always() | |
needs: | |
- debug-build | |
steps: | |
- uses: lucasmotta/[email protected] | |
if: (!contains(needs.*.result, 'failure')) && github.repository == 'leather-wallet/desktop' | |
with: | |
header: '> [Download the latest build](https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }})' | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
- uses: lucasmotta/[email protected] | |
if: (contains(needs.*.result, 'failure')) && github.repository == 'leather-wallet/desktop' | |
with: | |
header: '> _Build failed, [see here for details](https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }})_' | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} |