Skip to content

Leapp Desktop App CD - nightly - approval #58

Leapp Desktop App CD - nightly - approval

Leapp Desktop App CD - nightly - approval #58

name: Leapp Desktop App CD - nightly - approval
on:
workflow_dispatch:
env:
CERTIFICATE_APPLICATION_OSX_P12: ${{ secrets.CERTIFICATE_APPLICATION_OSX_P12 }}
CERTIFICATE_OSX_P12: ${{ secrets.CERTIFICATE_OSX_P12 }}
DECODE_PASSWORD: ${{ secrets.DECODE_PASSWORD }}
DISTRIBUTION_ID: ${{ secrets.DISTRIBUTION_ID }}
GH_TOKEN: ${{ secrets.GH_TOKEN }}
KEYCHAIN_PASSWORD: ${{ secrets.KEYCHAIN_PASSWORD }}
S3_BUCKET: s3://noovolari-leapp-website-distribution
WIN_CERTIFICATE: ${{ secrets.WIN_CERTIFICATE }}
WIN_CSC_KEY_PASSWORD: ${{ secrets.WIN_CSC_KEY_PASSWORD }}
NPM_TOKEN: ${{ secrets.NPM_TOKEN }}
TEAM_REPOSITORY: ${{ secrets.TEAM_REPOSITORY }}
APPLE_ID: ${{ secrets.APPLE_ID }}
APPLE_APP_SPECIFIC_PASSWORD: ${{ secrets.APPLE_APP_SPECIFIC_PASSWORD }}
jobs:
generate-build-identifier:
outputs:
build-identifier: ${{ steps.build-identifier-generator.outputs.BUILD_IDENTIFIER }}
runs-on: ubuntu-latest
steps:
- name: generate build identifier
id: build-identifier-generator
run: |
IDENTIFIER=$(date +%Y%m%d%H%M%S)
echo "::set-output name=BUILD_IDENTIFIER::$IDENTIFIER"
build-and-release-core-and-cli:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- name: Build and release core (nightly)
run: |
cd packages/core
echo "//registry.npmjs.org/:_authToken=\${NPM_TOKEN}" > .npmrc
npm install
npm run nightly
- name: Build and release CLI (nightly)
run: |
cd packages/cli
echo "//registry.npmjs.org/:_authToken=\${NPM_TOKEN}" > .npmrc
npm install
npm run nightly
build-win:
runs-on: windows-2022
needs: [ build-and-release-core-and-cli, generate-build-identifier ]
steps:
- name: Prepare GIT
shell: bash
run: |
git config --global core.autocrlf false
git config --global core.eol lf
- uses: actions/checkout@v3
- uses: actions/checkout@v3
if: ${{ env.TEAM_REPOSITORY != '' }}
with:
repository: ${{ env.TEAM_REPOSITORY }}
ref: development
token: ${{ secrets.GH_TOKEN }}
path: leapp-team
- uses: actions/setup-python@v4
with:
python-version: "3.11"
- name: Inject Team Feature
if: ${{ env.TEAM_REPOSITORY != '' }}
run: |
mv leapp-team ..
cd ../leapp-team/packages/leapp-team-service
npm run enable-team-features-dev
- name: Build Win desktop app (nightly)
shell: bash
run: |
cd packages/desktop-app
npm install
npm run nightly-win
rm -Rf ./release/win-unpacked
rm -Rf ./release/.cache
rm -Rf ./release/builder-debug.yml
rm -Rf ./release/builder-effective-config.yaml
TAG_VERSION=$(cat nightly-version)
rm "./release/Leapp-$TAG_VERSION-win.zip" ||:
powershell "Compress-Archive './release/Leapp Setup $TAG_VERSION.exe' './release/Leapp-$TAG_VERSION-win.zip'"
- name: Prepare tag version for artifact upload
id: release
shell: bash
run: |
cd packages/desktop-app
TAG_VERSION=$(cat nightly-version)
echo "::set-output name=TAG_VERSION::$TAG_VERSION"
- name: Upload artifacts
uses: actions/upload-artifact@v3
with:
name: Leapp-${{ steps.release.outputs.TAG_VERSION }}-win.zip
path: packages/desktop-app/release/Leapp-${{ steps.release.outputs.TAG_VERSION }}-win.zip
build-linux:
runs-on: ubuntu-latest
needs: [ build-and-release-core-and-cli, generate-build-identifier ]
steps:
- uses: actions/checkout@v3
- uses: actions/checkout@v3
if: ${{ env.TEAM_REPOSITORY != '' }}
with:
repository: ${{ env.TEAM_REPOSITORY }}
ref: development
token: ${{ secrets.GH_TOKEN }}
path: leapp-team
- uses: actions/setup-python@v4
with:
python-version: "3.11"
- name: Inject Team Feature
if: ${{ env.TEAM_REPOSITORY != '' }}
run: |
mv leapp-team ..
cd ../leapp-team/packages/leapp-team-service
npm run enable-team-features-dev
- name: Build Linux desktop app (nightly)
run: |
cd packages/desktop-app
npm install
npm run nightly-linux
rm -Rf ./release/linux-unpacked
rm -Rf ./release/.cache
rm -Rf ./release/builder-debug.yml
rm -Rf ./release/builder-effective-config.yaml
- name: Prepare tag version for artifact upload
id: release
run: |
cd packages/desktop-app
TAG_VERSION=$(cat nightly-version)
echo "::set-output name=TAG_VERSION::$TAG_VERSION"
- name: Upload artifacts (.deb)
uses: actions/upload-artifact@v3
with:
name: Leapp-${{ steps.release.outputs.TAG_VERSION }}_amd64.deb
path: packages/desktop-app/release/Leapp_${{ steps.release.outputs.TAG_VERSION }}_amd64.deb
- name: Upload artifacts (.AppImage)
uses: actions/upload-artifact@v3
with:
name: Leapp-${{ steps.release.outputs.TAG_VERSION }}.AppImage
path: packages/desktop-app/release/Leapp-${{ steps.release.outputs.TAG_VERSION }}.AppImage
build-macos-x64:
runs-on: macos-latest
needs: [ build-and-release-core-and-cli, generate-build-identifier ]
steps:
- uses: actions/checkout@v3
- uses: actions/checkout@v3
if: ${{ env.TEAM_REPOSITORY != '' }}
with:
repository: ${{ env.TEAM_REPOSITORY }}
ref: development
token: ${{ secrets.GH_TOKEN }}
path: leapp-team
- uses: actions/setup-python@v4
with:
python-version: "3.11"
- name: Inject Team Feature
if: ${{ env.TEAM_REPOSITORY != '' }}
run: |
mv leapp-team ..
cd ../leapp-team/packages/leapp-team-service
npm run enable-team-features-dev
- name: Build macOS x64 desktop app (nightly)
uses: nick-fields/retry@v2
env:
APPLE_NOTARISATION_PASSWORD: ${{ secrets.APPLE_NOTARISATION_PASSWORD }}
with:
timeout_minutes: 20
max_attempts: 5
command: |
cd packages/desktop-app
KEY_CHAIN=build.keychain
CERTIFICATE_P12=certificate.p12
CERTIFICATE_APPLICATION_P12=certificate-application.p12
echo "Recreate the certificate from the secure environment variable"
echo "security create-keychain"
echo "${{ env.CERTIFICATE_OSX_P12 }}" | base64 --decode > $CERTIFICATE_P12
echo "${{ env.CERTIFICATE_APPLICATION_OSX_P12 }}" | base64 --decode > $CERTIFICATE_APPLICATION_P12
security create-keychain -p ${{ env.KEYCHAIN_PASSWORD }} $KEY_CHAIN
echo "security list-keychains"
security list-keychains -s login.keychain build.keychain
echo "security default-keychain"
security default-keychain -s $KEY_CHAIN
echo "security unlock-keychain"
security unlock-keychain -p ${{ env.KEYCHAIN_PASSWORD }} $KEY_CHAIN
echo "security import"
security import $CERTIFICATE_P12 -k $KEY_CHAIN -P '${{ env.DECODE_PASSWORD }}' -T /usr/bin/codesign;
security import $CERTIFICATE_APPLICATION_P12 -k $KEY_CHAIN -P '${{ env.DECODE_PASSWORD }}' -T /usr/bin/codesign;
echo "security find-identity"
security find-identity -v
echo "security set-key-partition-list"
security set-key-partition-list -S apple-tool:,apple:,codesign:, -s -k ${{ env.KEYCHAIN_PASSWORD }} $KEY_CHAIN
rm -fr *.p12
npm install
npm run set-target-x64
npm run nightly
- name: Clean build
run: |
cd packages/desktop-app
rm -Rf ./release/mac
rm -Rf ./release/mac-unpacked
rm -Rf ./release/.cache
rm -Rf ./release/builder-debug.yml
rm -Rf ./release/builder-effective-config.yaml
TAG_VERSION=$(cat nightly-version)
rm "./release/Leapp-$TAG_VERSION-mac.zip"
rm "./release/Leapp-$TAG_VERSION-mac.zip.blockmap"
zip "./release/Leapp-$TAG_VERSION-mac.zip" "./release/Leapp-$TAG_VERSION.dmg"
- name: Prepare tag version for artifact upload
id: release
run: |
cd packages/desktop-app
TAG_VERSION=$(cat nightly-version)
echo "::set-output name=TAG_VERSION::$TAG_VERSION"
- name: Upload artifacts
uses: actions/upload-artifact@v3
with:
name: Leapp-${{ steps.release.outputs.TAG_VERSION }}.dmg
path: packages/desktop-app/release/Leapp-${{ steps.release.outputs.TAG_VERSION }}.dmg
build-macos-arm:
runs-on: macos-latest
needs: [ build-and-release-core-and-cli, generate-build-identifier, build-macos-x64]
steps:
- uses: actions/checkout@v3
- uses: actions/checkout@v3
if: ${{ env.TEAM_REPOSITORY != '' }}
with:
repository: ${{ env.TEAM_REPOSITORY }}
ref: development
token: ${{ secrets.GH_TOKEN }}
path: leapp-team
- uses: actions/setup-python@v4
with:
python-version: "3.11"
- name: Inject Team Feature
if: ${{ env.TEAM_REPOSITORY != '' }}
run: |
mv leapp-team ..
cd ../leapp-team/packages/leapp-team-service
npm run enable-team-features-dev
- name: Build macOS arm64 desktop app (nightly)
uses: nick-fields/retry@v2
env:
APPLE_NOTARISATION_PASSWORD: ${{ secrets.APPLE_NOTARISATION_PASSWORD }}
with:
timeout_minutes: 20
max_attempts: 5
command: |
cd packages/desktop-app
KEY_CHAIN=build.keychain
CERTIFICATE_P12=certificate.p12
CERTIFICATE_APPLICATION_P12=certificate-application.p12
echo "Recreate the certificate from the secure environment variable"
echo "security create-keychain"
echo "${{ env.CERTIFICATE_OSX_P12 }}" | base64 --decode > $CERTIFICATE_P12
echo "${{ env.CERTIFICATE_APPLICATION_OSX_P12 }}" | base64 --decode > $CERTIFICATE_APPLICATION_P12
security create-keychain -p ${{ env.KEYCHAIN_PASSWORD }} $KEY_CHAIN
echo "security list-keychains"
security list-keychains -s login.keychain build.keychain
echo "security default-keychain"
security default-keychain -s $KEY_CHAIN
echo "security unlock-keychain"
security unlock-keychain -p ${{ env.KEYCHAIN_PASSWORD }} $KEY_CHAIN
echo "security import"
security import $CERTIFICATE_P12 -k $KEY_CHAIN -P '${{ env.DECODE_PASSWORD }}' -T /usr/bin/codesign;
security import $CERTIFICATE_APPLICATION_P12 -k $KEY_CHAIN -P '${{ env.DECODE_PASSWORD }}' -T /usr/bin/codesign;
echo "security find-identity"
security find-identity -v
echo "security set-key-partition-list"
security set-key-partition-list -S apple-tool:,apple:,codesign:, -s -k ${{ env.KEYCHAIN_PASSWORD }} $KEY_CHAIN
rm -fr *.p12
npm install
npm run set-target-arm64
npm run nightly
- name: Clean build
run: |
cd packages/desktop-app
rm -Rf ./release/mac
rm -Rf ./release/mac-unpacked
rm -Rf ./release/.cache
rm -Rf ./release/builder-debug.yml
rm -Rf ./release/builder-effective-config.yaml
rm -Rf ./release/mac-arm64
TAG_VERSION=$(cat nightly-version)
rm "./release/Leapp-$TAG_VERSION-arm64-mac.zip"
rm "./release/Leapp-$TAG_VERSION-arm64-mac.zip.blockmap"
zip "./release/Leapp-$TAG_VERSION-mac-arm64.zip" "./release/Leapp-$TAG_VERSION-arm64.dmg"
- name: Prepare tag version for artifact upload
id: release
run: |
cd packages/desktop-app
TAG_VERSION=$(cat nightly-version)
echo "::set-output name=TAG_VERSION::$TAG_VERSION"
- name: Upload artifacts
uses: actions/upload-artifact@v3
with:
name: Leapp-${{ steps.release.outputs.TAG_VERSION }}-arm64.dmg
path: packages/desktop-app/release/Leapp-${{ steps.release.outputs.TAG_VERSION }}-arm64.dmg
post-to-slack:
runs-on: ubuntu-latest
needs: [ build-win, build-linux, build-macos-x64, build-macos-arm ]
steps:
- name: Post to Slack
id: slack
uses: slackapi/[email protected]
with:
# Slack channel id, channel name, or user id to post message.
# See also: https://api.slack.com/methods/chat.postMessage#channels
# You can pass in multiple channels to post to by providing a comma-delimited list of channel IDs.
channel-id: "C05S4TSQ919"
# For posting a simple plain text message
slack-message: "${{ github.ref }} approval builds: https://github.com/Noovolari/leapp/actions/runs/${{ github.run_id }}"
env:
SLACK_BOT_TOKEN: ${{ secrets.SLACK_TOKEN }}