Skip to content

Commit

Permalink
chore: created approval pipeline
Browse files Browse the repository at this point in the history
  • Loading branch information
@ericvilla
ericvilla committed Sep 12, 2023
1 parent 032ed99 commit fd18d48
Showing 1 changed file with 152 additions and 0 deletions.
152 changes: 152 additions & 0 deletions .github/workflows/desktop-app-cd-nightly-approval.yml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,152 @@
name: Leapp Desktop App CD - nightly - approval

on:
workflow_dispatch:

env:
CERTIFICATE_APPLICATION_OSX_P12: ${{ secrets.CERTIFICATE_APPLICATION_OSX_P12 }}
CERTIFICATE_OSX_P12: ${{ secrets.CERTIFICATE_OSX_P12 }}
DECODE_PASSWORD: ${{ secrets.DECODE_PASSWORD }}
DISTRIBUTION_ID: ${{ secrets.DISTRIBUTION_ID }}
GH_TOKEN: ${{ secrets.GH_TOKEN }}
KEYCHAIN_PASSWORD: ${{ secrets.KEYCHAIN_PASSWORD }}
S3_BUCKET: s3://noovolari-leapp-website-distribution
WIN_CERTIFICATE: ${{ secrets.WIN_CERTIFICATE }}
WIN_CSC_KEY_PASSWORD: ${{ secrets.WIN_CSC_KEY_PASSWORD }}
NPM_TOKEN: ${{ secrets.NPM_TOKEN }}
TEAM_REPOSITORY: ${{ secrets.TEAM_REPOSITORY }}

jobs:
generate-build-identifier:
outputs:
build-identifier: ${{ steps.build-identifier-generator.outputs.BUILD_IDENTIFIER }}
runs-on: ubuntu-latest
steps:
- name: generate build identifier
id: build-identifier-generator
run: |
IDENTIFIER=$(date +%Y%m%d%H%M%S)
echo "::set-output name=BUILD_IDENTIFIER::$IDENTIFIER"
clean-nightly-latest:
runs-on: ubuntu-latest
steps:

- name: Configure AWS credentials
uses: aws-actions/configure-aws-credentials@v1
with:
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
aws-region: eu-west-1

- name: Move draft to nightly latest
run: |
aws s3 rm "${{ env.S3_BUCKET }}/nightly/latest-temp" --recursive
build-and-release-core-and-cli:
runs-on: ubuntu-latest
needs: [ clean-nightly-latest ]
steps:
- uses: actions/checkout@v3

- name: Build and release core (nightly)
run: |
cd packages/core
echo "//registry.npmjs.org/:_authToken=\${NPM_TOKEN}" > .npmrc
npm install
npm run nightly
- name: Build and release CLI (nightly)
run: |
cd packages/cli
echo "//registry.npmjs.org/:_authToken=\${NPM_TOKEN}" > .npmrc
npm install
npm run nightly
build-macos-arm:
runs-on: macos-latest
needs: [ build-and-release-core-and-cli, build-macos-x64, generate-build-identifier ]
steps:
- uses: actions/checkout@v3

- uses: actions/checkout@v3
if: ${{ env.TEAM_REPOSITORY != '' }}
with:
repository: ${{ env.TEAM_REPOSITORY }}
ref: development
token: ${{ secrets.GH_TOKEN }}
path: leapp-team
- name: Inject Team Feature
if: ${{ env.TEAM_REPOSITORY != '' }}
run: |
mv leapp-team ..
cd ../leapp-team/packages/leapp-team-service
npm run enable-team-features-dev
- name: Build macOS arm64 desktop app (nightly)
uses: nick-fields/retry@v2
env:
APPLE_NOTARISATION_PASSWORD: ${{ secrets.APPLE_NOTARISATION_PASSWORD }}
with:
timeout_minutes: 20
max_attempts: 5
command: |
cd packages/desktop-app
KEY_CHAIN=build.keychain
CERTIFICATE_P12=certificate.p12
CERTIFICATE_APPLICATION_P12=certificate-application.p12
echo "Recreate the certificate from the secure environment variable"
echo "security create-keychain"
echo "${{ env.CERTIFICATE_OSX_P12 }}" | base64 --decode > $CERTIFICATE_P12
echo "${{ env.CERTIFICATE_APPLICATION_OSX_P12 }}" | base64 --decode > $CERTIFICATE_APPLICATION_P12
security create-keychain -p ${{ env.KEYCHAIN_PASSWORD }} $KEY_CHAIN
echo "security list-keychains"
security list-keychains -s login.keychain build.keychain
echo "security default-keychain"
security default-keychain -s $KEY_CHAIN
echo "security unlock-keychain"
security unlock-keychain -p ${{ env.KEYCHAIN_PASSWORD }} $KEY_CHAIN
echo "security import"
security import $CERTIFICATE_P12 -k $KEY_CHAIN -P '${{ env.DECODE_PASSWORD }}' -T /usr/bin/codesign;
security import $CERTIFICATE_APPLICATION_P12 -k $KEY_CHAIN -P '${{ env.DECODE_PASSWORD }}' -T /usr/bin/codesign;
echo "security find-identity"
security find-identity -v
echo "security set-key-partition-list"
security set-key-partition-list -S apple-tool:,apple:,codesign:, -s -k ${{ env.KEYCHAIN_PASSWORD }} $KEY_CHAIN
rm -fr *.p12
npm install
npm run set-target-arm64
npm run nightly
- name: Clean build
run: |
cd packages/desktop-app
rm -Rf ./release/mac
rm -Rf ./release/mac-unpacked
rm -Rf ./release/.cache
rm -Rf ./release/builder-debug.yml
rm -Rf ./release/builder-effective-config.yaml
rm -Rf ./release/mac-arm64
TAG_VERSION=$(cat nightly-version)
rm "./release/Leapp-$TAG_VERSION-arm64-mac.zip"
rm "./release/Leapp-$TAG_VERSION-arm64-mac.zip.blockmap"
zip "./release/Leapp-$TAG_VERSION-mac-arm64.zip" "./release/Leapp-$TAG_VERSION-arm64.dmg"
- name: Configure AWS Credentials
uses: aws-actions/configure-aws-credentials@v1
with:
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
aws-region: eu-west-1

- name: Release draft to S3 (nightly)
run: |
cd packages/desktop-app
TAG_VERSION=$(cat nightly-version)
BUILD_IDENTIFIER=${{ needs.generate-build-identifier.outputs.build-identifier }}
aws s3 cp ./release/ "${{ env.S3_BUCKET }}/nightly/${BUILD_IDENTIFIER}/" --recursive
PRESIGN_URL=aws s3 presign "${{ env.S3_BUCKET }}/nightly/${BUILD_IDENTIFIER}/Leapp-${TAG_VERSION}-arm64.dmg"
echo "Leapp-${TAG_VERSION}-arm64.dmg: ${PRESIGN_URL}"

0 comments on commit fd18d48

Please sign in to comment.