From 3f793436bee9aa907428d9f35c8c4a40dd2138c9 Mon Sep 17 00:00:00 2001 From: Alfredo Gallardo Date: Mon, 1 Apr 2024 13:03:29 -0300 Subject: [PATCH] - feature: added shinkai-tray cicd for production --- .github/workflows/release-dev.yml | 8 +- .github/workflows/release-prod.yml | 203 ++++++++++++++++-- .../src-tauri/tauri.conf.development.json | 3 +- apps/shinkai-tray/src-tauri/tauri.conf.json | 2 +- 4 files changed, 189 insertions(+), 27 deletions(-) diff --git a/.github/workflows/release-dev.yml b/.github/workflows/release-dev.yml index 8037c28ac..103321ced 100644 --- a/.github/workflows/release-dev.yml +++ b/.github/workflows/release-dev.yml @@ -77,7 +77,7 @@ jobs: if-no-files-found: error retention-days: 5 - release-shinkai-tray-macos: + release-shinkai-tray: needs: prebuild name: Release Shinkai Tray strategy: @@ -185,14 +185,14 @@ jobs: - name: (Linux) Run NX build on shinkai-tray if: ${{ matrix.arch == 'x86_64-unknown-linux-gnu' }} - run: npx nx build shinkai-tray --skip-nx-cache + run: npx nx build shinkai-tray --config="./src-tauri/tauri.conf.development.json" --skip-nx-cache env: TAURI_PRIVATE_KEY: ${{ secrets.TAURI_PRIVATE_KEY }} TAURI_KEY_PASSWORD: ${{ secrets.TAURI_KEY_PASSWORD }} - name: (Macos) Run NX build on shinkai-tray if: ${{ matrix.arch == 'aarch64-apple-darwin' }} - run: npx nx build shinkai-tray --skip-nx-cache + run: npx nx build shinkai-tray --config="./src-tauri/tauri.conf.development.json" --skip-nx-cache env: APPLE_SIGNING_IDENTITY: ${{ secrets.APPLE_SIGNING_IDENTITY }} APPLE_CERTIFICATE: ${{ secrets.APPLE_CERTIFICATE }} @@ -202,7 +202,7 @@ jobs: - name: (Windows) Run NX build on shinkai-tray if: ${{ matrix.arch == 'x86_64-pc-windows-msvc' }} - run: npx nx build shinkai-tray --skip-nx-cache + run: npx nx build shinkai-tray --config="./src-tauri/tauri.conf.development.json" --skip-nx-cache env: TAURI_PRIVATE_KEY: ${{ secrets.TAURI_PRIVATE_KEY }} TAURI_KEY_PASSWORD: ${{ secrets.TAURI_KEY_PASSWORD }} diff --git a/.github/workflows/release-prod.yml b/.github/workflows/release-prod.yml index 4dbfe5174..7119fcde1 100644 --- a/.github/workflows/release-prod.yml +++ b/.github/workflows/release-prod.yml @@ -4,13 +4,36 @@ on: push: tags: - '[0-9]+.[0-9]+.[0-9]+' - + branches: + - agallardol/production-cicd defaults: run: working-directory: ./ jobs: + prebuild: + runs-on: ubuntu-latest + outputs: + version: ${{ steps.package-version.outputs.version }} + steps: + - name: Check out repository + uses: actions/checkout@v4 + with: + fetch-depth: 0 + + - name: get npm version + id: package-version + uses: Saionaro/extract-package-version@v1.2.1 + + # - name: Check version match + # if: ${{ github.ref_name != steps.package-version.outputs.version }} + # uses: actions/github-script@v3 + # with: + # script: | + # core.setFailed('Version mismatch') + release-shinkai-visor: + needs: prebuild runs-on: ubuntu-latest environment: production steps: @@ -28,17 +51,6 @@ jobs: cache: 'npm' cache-dependency-path: package-lock.json - - name: get-npm-version - id: package-version - uses: martinbeentjes/npm-get-version-action@v1.3.1 - - - name: Check version match - if: ${{ github.ref_name != steps.package-version.outputs.current-version }} - uses: actions/github-script@v3 - with: - script: | - core.setFailed('Version mismatch') - - name: Install dependencies run: | npm cache verify @@ -47,7 +59,7 @@ jobs: - name: Run NX build on shinkai-visor run: npx nx build shinkai-visor --skip-nx-cache env: - VERSION: ${{ steps.package-version.outputs.current-version }}.${{github.run_number}} + VERSION: ${{ needs.prebuild.outputs.version }}.${{github.run_number}} NAME_PREFIX: '' DESCRIPTION_PREFIX: '' PUBLIC_KEY: ${{ secrets.CHROME_EXTENSION_PUBLIC_KEY }} @@ -55,12 +67,161 @@ jobs: - name: Zip extension run: cd ./dist/apps && zip -r shinkai-visor.zip shinkai-visor - - name: Upload & Release - uses: mnao305/chrome-extension-upload@v4.0.1 + # - name: Upload & Release + # uses: mnao305/chrome-extension-upload@v4.0.1 + # with: + # file-path: dist/apps/shinkai-visor.zip + # extension-id: ${{ secrets.CHROME_EXTENSION_ID }} + # client-id: ${{ secrets.CHROME_CLIENT_ID }} + # client-secret: ${{ secrets.CHROME_CLIENT_SECRET }} + # refresh-token: ${{ secrets.CHROME_REFRESH_TOKEN }} + # publish: false + + release-shinkai-tray: + needs: prebuild + name: Release Shinkai Tray + environment: production + strategy: + matrix: + include: + - arch: x86_64-unknown-linux-gnu + os: ubuntu-22.04 + build_output_file_path: apps/shinkai-tray/src-tauri/target/release/bundle/appimage/shinkai-tray_${{ needs.prebuild.outputs.version }}_amd64.AppImage + build_output_update_file_path: apps/shinkai-tray/src-tauri/target/release/bundle/appimage/shinkai-tray_${{ needs.prebuild.outputs.version }}_amd64.AppImage.tar.gz + build_output_update_signature_file_path: apps/shinkai-tray/src-tauri/target/release/bundle/appimage/shinkai-tray_${{ needs.prebuild.outputs.version }}_amd64.AppImage.tar.gz.sig + distributable_file_name: Shinkai-Tray-${{ needs.prebuild.outputs.version }}.${{ github.run_number }}_x86_64-unknown-linux-gnu.AppImage + distributable_update_file_name: Shinkai-Tray-${{ needs.prebuild.outputs.version }}.${{ github.run_number }}_x86_64-unknown-linux-gnu.AppImage.tar.gz + distributable_update_signature_file_name: Shinkai-Tray-${{ needs.prebuild.outputs.version }}.${{ github.run_number }}_x86_64-unknown-linux-gnu.AppImage.tar.gz.sig + + - arch: aarch64-apple-darwin + os: macos-14 + build_output_file_path: apps/shinkai-tray/src-tauri/target/release/bundle/dmg/Shinkai Tray_${{ needs.prebuild.outputs.version }}_aarch64.dmg + build_output_update_file_path: apps/shinkai-tray/src-tauri/target/release/bundle/macos/Shinkai Tray.app.tar.gz + build_output_update_signature_file_path: apps/shinkai-tray/src-tauri/target/release/bundle/macos/Shinkai Tray.app.tar.gz.sig + distributable_file_name: Shinkai-Tray-${{ needs.prebuild.outputs.version }}.${{ github.run_number }}_aarch64-apple-darwin.dmg + distributable_update_file_name: Shinkai-Tray-${{ needs.prebuild.outputs.version }}.${{ github.run_number }}_aarch64-apple-darwin.app.tar.gz + distributable_update_signature_file_name: Shinkai-Tray-${{ needs.prebuild.outputs.version }}.${{ github.run_number }}_aarch64-apple-darwin.app.tar.gz.sig + + - arch: x86_64-pc-windows-msvc + os: windows-2022 + build_output_file_path: apps/shinkai-tray/src-tauri/target/release/bundle/nsis/Shinkai Tray_${{ needs.prebuild.outputs.version }}_x64-setup.exe + build_output_update_file_path: apps/shinkai-tray/src-tauri/target/release/bundle/nsis/Shinkai Tray_${{ needs.prebuild.outputs.version }}_x64-setup.nsis.zip + build_output_update_signature_file_path: apps/shinkai-tray/src-tauri/target/release/bundle/nsis/Shinkai Tray_${{ needs.prebuild.outputs.version }}_x64-setup.nsis.zip.sig + distributable_file_name: Shinkai-Tray-${{ needs.prebuild.outputs.version }}.${{ github.run_number }}_x86_64-pc-windows-msvc.exe + distributable_update_file_name: Shinkai-Tray-${{ needs.prebuild.outputs.version }}.${{ github.run_number }}_x86_64-pc-windows-msvc.nsis.zip + distributable_update_signature_file_name: Shinkai-Tray-${{ needs.prebuild.outputs.version }}.${{ github.run_number }}_x86_64-pc-windows-msvc.nsis.zip.sig + runs-on: ${{ matrix.os }} + steps: + - name: Check out repository + uses: actions/checkout@v4 with: - file-path: dist/apps/shinkai-visor.zip - extension-id: ${{ secrets.CHROME_EXTENSION_ID }} - client-id: ${{ secrets.CHROME_CLIENT_ID }} - client-secret: ${{ secrets.CHROME_CLIENT_SECRET }} - refresh-token: ${{ secrets.CHROME_REFRESH_TOKEN }} - publish: false + fetch-depth: 0 + + - name: (Windows) Install asiosdk} + if: ${{ matrix.arch == 'x86_64-pc-windows-msvc' }} + shell: PowerShell + run: | + curl https://www.steinberg.net/asiosdk -o asiosdk.zip + Expand-Archive .\asiosdk.zip -DestinationPath .\ + choco install asio4all + choco install llvm + + - name: (Linux) Install build dependencies + if: ${{ matrix.arch == 'x86_64-unknown-linux-gnu' }} + run: | + sudo apt-get install -y libwebkit2gtk-4.0-dev build-essential wget libssl-dev libgtk-3-dev libayatana-appindicator3-dev librsvg2-dev libasound2-dev + + - name: (MACOS) Install the Apple certificate and provisioning profile + if: ${{ matrix.arch == 'aarch64-apple-darwin' }} + env: + BUILD_CERTIFICATE_BASE64: ${{ secrets.APPLE_CERTIFICATE }} + P12_PASSWORD: ${{ secrets.APPLE_CERTIFICATE_PASSWORD }} + KEYCHAIN_PASSWORD: ${{ secrets.KEYCHAIN_PASSWORD }} + + run: | + # create variables + CERTIFICATE_PATH=$RUNNER_TEMP/build_certificate.p12 + KEYCHAIN_PATH=$RUNNER_TEMP/app-signing.keychain-db + + # import certificate and provisioning profile from secrets + echo -n "$BUILD_CERTIFICATE_BASE64" | base64 --decode -o $CERTIFICATE_PATH + + # create temporary keychain + security create-keychain -p "$KEYCHAIN_PASSWORD" $KEYCHAIN_PATH + security set-keychain-settings -lut 21600 $KEYCHAIN_PATH + security unlock-keychain -p "$KEYCHAIN_PASSWORD" $KEYCHAIN_PATH + + # import certificate to keychain + security import $CERTIFICATE_PATH -P "$P12_PASSWORD" -A -t cert -f pkcs12 -k $KEYCHAIN_PATH + security set-key-partition-list -S apple-tool:,apple: -k "$KEYCHAIN_PASSWORD" $KEYCHAIN_PATH + security list-keychain -d user -s $KEYCHAIN_PATH + + - name: Cache cargo assets + id: cache + uses: actions/cache@v4 + with: + path: | + ~/.cargo/bin/ + ~/.cargo/registry/index/ + ~/.cargo/registry/cache/ + ~/.cargo/git/db/ + target/ + key: ${{ matrix.arch }}-build-cargo-${{ hashFiles('**/Cargo.lock') }} + + - name: Setup Node version + uses: actions/setup-node@v3 + with: + node-version: 18 + check-latest: false + registry-url: https://registry.npmjs.org + cache: 'npm' + cache-dependency-path: package-lock.json + + - name: Install dependencies + run: | + npm cache verify + npm ci --no-audit --prefer-offline + + - name: (Linux) Run NX build on shinkai-tray + if: ${{ matrix.arch == 'x86_64-unknown-linux-gnu' }} + run: npx nx build shinkai-tray --skip-nx-cache + env: + TAURI_PRIVATE_KEY: ${{ secrets.TAURI_PRIVATE_KEY }} + TAURI_KEY_PASSWORD: ${{ secrets.TAURI_KEY_PASSWORD }} + + - name: (Macos) Run NX build on shinkai-tray + if: ${{ matrix.arch == 'aarch64-apple-darwin' }} + run: npx nx build shinkai-tray --skip-nx-cache + env: + APPLE_SIGNING_IDENTITY: ${{ secrets.APPLE_SIGNING_IDENTITY }} + APPLE_CERTIFICATE: ${{ secrets.APPLE_CERTIFICATE }} + APPLE_CERTIFICATE_PASSWORD: ${{ secrets.APPLE_CERTIFICATE_PASSWORD }} + TAURI_PRIVATE_KEY: ${{ secrets.TAURI_PRIVATE_KEY }} + TAURI_KEY_PASSWORD: ${{ secrets.TAURI_KEY_PASSWORD }} + + - name: (Windows) Run NX build on shinkai-tray + if: ${{ matrix.arch == 'x86_64-pc-windows-msvc' }} + run: npx nx build shinkai-tray --skip-nx-cache + env: + TAURI_PRIVATE_KEY: ${{ secrets.TAURI_PRIVATE_KEY }} + TAURI_KEY_PASSWORD: ${{ secrets.TAURI_KEY_PASSWORD }} + # Windows Only + CPAL_ASIO_DIR: ${{ github.workspace }}/asiosdk_2.3.3_2019-06-14 + LIBCLANG_PATH: C:\Program Files\LLVM\bin + + - name: Prepare binary files + run: | + mkdir files-to-r2 + cp "${{ matrix.build_output_file_path }}" files-to-r2/${{ matrix.distributable_file_name }} + cp "${{ matrix.build_output_update_file_path }}" files-to-r2/${{ matrix.distributable_update_file_name }} + cp "${{ matrix.build_output_update_signature_file_path }}" files-to-r2/${{ matrix.distributable_update_signature_file_name }} + + # - name: Upload binaries to R2 bucket + # uses: shallwefootball/s3-upload-action@master + # with: + # endpoint: https://54bf1bf573b3e6471e574cc4d318db64.r2.cloudflarestorage.com + # aws_key_id: ${{ secrets.R2_ACCESS_KEY_ID }} + # aws_secret_access_key: ${{ secrets.R2_SECRET_ACCESS_KEY }} + # aws_bucket: shinkai-download + # source_dir: files-to-r2 + # destination_dir: ./shinkai-tray/binaries/production/${{ matrix.arch }}/${{ needs.prebuild.outputs.version }}.${{ github.run_number }}/ diff --git a/apps/shinkai-tray/src-tauri/tauri.conf.development.json b/apps/shinkai-tray/src-tauri/tauri.conf.development.json index 3cdd258d0..8fd1832b1 100644 --- a/apps/shinkai-tray/src-tauri/tauri.conf.development.json +++ b/apps/shinkai-tray/src-tauri/tauri.conf.development.json @@ -3,7 +3,8 @@ "updater": { "endpoints": [ "https://download.shinkai.com/shinkai-tray/binaries/development/updates.json" - ] + ], + "pubkey": "dW50cnVzdGVkIGNvbW1lbnQ6IG1pbmlzaWduIHB1YmxpYyBrZXk6IDlCNzc1MjI1NEFEMzlFQjgKUldTNG50TktKVkozbSs0WXAzb1dOMy9oclJQdHZCcWNkcHRXeDcvMXNXeWRKM3g1SXR6eitJV0wK" } } } diff --git a/apps/shinkai-tray/src-tauri/tauri.conf.json b/apps/shinkai-tray/src-tauri/tauri.conf.json index 7208e3499..d2f4ed44d 100644 --- a/apps/shinkai-tray/src-tauri/tauri.conf.json +++ b/apps/shinkai-tray/src-tauri/tauri.conf.json @@ -100,7 +100,7 @@ "https://download.shinkai.com/shinkai-tray/binaries/production/updates.json" ], "dialog": true, - "pubkey": "dW50cnVzdGVkIGNvbW1lbnQ6IG1pbmlzaWduIHB1YmxpYyBrZXk6IDlCNzc1MjI1NEFEMzlFQjgKUldTNG50TktKVkozbSs0WXAzb1dOMy9oclJQdHZCcWNkcHRXeDcvMXNXeWRKM3g1SXR6eitJV0wK" + "pubkey": "dW50cnVzdGVkIGNvbW1lbnQ6IG1pbmlzaWduIHB1YmxpYyBrZXk6IDY5RTREOUVBODQ0QUYwRDQKUldUVThFcUU2dG5rYVV1MjlvS2FGKzZSMVFnRnFVdUh1ZnVWc2pDSHFqWThaYUFneC9rUU1Gc2MK" } } }