Skip to content

Build and Release Desktop #57

Build and Release Desktop

Build and Release Desktop #57

name: Build and Release Desktop
env:
NETWORK: IOTA
NETWORK_CODE: iota
on:
push:
tags:
- desktop-iota-*
workflow_dispatch:
inputs:
debugElectronBuilder:
description: 'Verbose electron-builder output'
required: true
type: choice
options:
- 'false'
- 'true'
stage:
description: 'Stage'
required: true
type: choice
options:
- alpha
- beta
- prod
jobs:
setup:
runs-on: ubuntu-latest
if: startsWith(github.ref, 'refs/tags/desktop')
outputs:
version: ${{ steps.set_outputs.outputs.version }}
release_name: ${{ steps.set_outputs.outputs.release_name }}
stage: ${{ steps.set_outputs.outputs.stage }}
steps:
- id: set_outputs
name: Set outputs for version, release name, and stage
run: |
VERSION=${GITHUB_REF#refs/*/desktop-iota-}
RELEASE_NAME=$(echo $VERSION | perl -0777 -pe 's/^([0-9]\d*\.[0-9]\d*\.[0-9]\d*)(?:-([a-z]*)-(\d*))?$/$1 \u$2 $3/')
STAGE=$(echo $VERSION | perl -0777 -pe 's/^([0-9]\d*\.[0-9]\d*\.[0-9]\d*)(?:-([a-z]*)-([0-9]\d*(\.[0-9]\d*)*))?$/$2/')
if [ -z "$STAGE" ]; then
STAGE="prod"
fi
echo "version=$VERSION" >> $GITHUB_OUTPUT
echo "release_name=$RELEASE_NAME" >> $GITHUB_OUTPUT
echo "stage=$STAGE" >> $GITHUB_OUTPUT
build:
runs-on: ${{ matrix.os }}
if: ${{ always() }}
needs: [setup]
strategy:
matrix:
os: [ubuntu-20.04, macos-11, windows-2019]
fail-fast: true
env:
VERSION: ${{ needs.setup.outputs.version }}
STAGE: ${{ needs.setup.outputs.stage || github.event.inputs.stage }}
steps:
- uses: actions/checkout@v2
- name: Set up Node.js
uses: actions/setup-node@v1
with:
node-version: 18.15.0
# Used to read the `binding.gyp` file from `@iota/wallet`
- name: Set up Python 3.10
uses: actions/setup-python@v4
with:
python-version: '3.10'
- name: Install Rust toolchain
uses: actions-rs/toolchain@v1
with:
toolchain: stable
profile: minimal
- name: Install LLVM and Clang (Windows) # required for bindgen to work, see https://github.com/rust-lang/rust-bindgen/issues/1797
uses: KyleMayes/install-llvm-action@32c4866ebb71e0949e8833eb49beeebed48532bd
if: matrix.os == 'windows-2019'
with:
version: '11.0'
directory: ${{ runner.temp }}/llvm
- name: Set LIBCLANG_PATH (Windows)
run: echo "LIBCLANG_PATH=$((gcm clang).source -replace "clang.exe")" >> $env:GITHUB_ENV
if: matrix.os == 'windows-2019'
- name: Set deployment target (macOS)
run: echo "MACOSX_DEPLOYMENT_TARGET=10.14" >> $GITHUB_ENV # TODO: set this to 10.12 once rocksDB issue is fixed
if: matrix.os == 'macos-11'
- name: Install required packages (Linux)
run: |
sudo apt update
sudo apt install -y gcc-multilib g++-multilib build-essential libssl-dev rpm libsecret-1-dev \
software-properties-common apt-transport-https libudev-dev libusb-1.0-0-dev \
llvm-dev libclang-dev clang
if: matrix.os == 'ubuntu-20.04'
- name: Enable verbose output for electron-builder (macOS/Linux)
run: echo "DEBUG=electron-builder" >> $GITHUB_ENV
if: matrix.os != 'windows-2019' && github.event.inputs.debugElectronBuilder && github.event.inputs.debugElectronBuilder == 'true'
- name: Enable verbose output for electron-builder (Windows)
run: echo "DEBUG=electron-builder" | Out-File -FilePath $env:GITHUB_ENV -Encoding utf8 -Append
if: matrix.os == 'windows-2019' && github.event.inputs.debugElectronBuilder && github.event.inputs.debugElectronBuilder == 'true'
- name: Install dependencies
# Increase network timeout threshold to reduce build failures on Windows
run: yarn --network-timeout 1000000
- name: Install Sentry CLI
# Yarn has issues putting binaries in the PATH on Windows
run: npm i -g @sentry/cli
if: ${{ startsWith(github.ref, 'refs/tags/desktop') && matrix.os == 'windows-2019' }}
- name: Set productName
run: node scripts/fix-productName.js
working-directory: packages/desktop
- name: Bundle desktop JS
run: yarn build:${STAGE}
working-directory: packages/desktop
shell: bash
env:
HARDCODE_NODE_ENV: true
SENTRY: ${{ startsWith(github.ref, 'refs/tags/desktop') }}
SENTRY_DSN: ${{ secrets.SENTRY_DSN_PROD_DESKTOP }}
SENTRY_AUTH_TOKEN: ${{ secrets.SENTRY_AUTH_TOKEN }}
AMPLITUDE_API_KEY: ${{ secrets.AMPLITUDE_API_KEY }}
- name: Build Electron app (macOS)
run: yarn compile:${STAGE}:mac
env:
CSC_LINK: ${{ secrets.MAC_CERT_BASE64 }}
CSC_KEY_PASSWORD: ${{ secrets.MAC_CERT_PASSWORD }}
FIREFLY_APPLE_ID: ${{ secrets.APPLE_ID }}
FIREFLY_APPLE_ID_PASSWORD: ${{ secrets.APPLE_ID_PASSWORD }}
working-directory: packages/desktop
if: matrix.os == 'macos-11'
- name: Build Electron app (Windows)
run: yarn compile:${env:STAGE}:win
env:
CSC_LINK: ${{ secrets.WIN_CERT_BASE64 }}
CSC_KEY_PASSWORD: ${{ secrets.WIN_CERT_PASSWORD }}
working-directory: packages/desktop
if: matrix.os == 'windows-2019'
- name: Build Electron app (Linux)
run: yarn compile:${STAGE}:linux
working-directory: packages/desktop
if: matrix.os == 'ubuntu-20.04'
- name: Import GPG key (Linux)
run: |
echo "$GPG_PRIVATE_KEY" | base64 -d > /tmp/private.key && \
echo "$GPG_PASSPHRASE" | gpg --batch --yes --passphrase-fd 0 --import /tmp/private.key
env:
GPG_PRIVATE_KEY: ${{ secrets.GPG_PRIVATE_KEY }}
GPG_PASSPHRASE: ${{ secrets.GPG_PASSPHRASE }}
if: matrix.os == 'ubuntu-20.04'
- name: Sign AppImage (Linux)
run: echo $GPG_PASSPHRASE | gpg --pinentry-mode loopback --batch --passphrase-fd 0 --armor --detach-sign --default-key [email protected] firefly-*.AppImage
working-directory: packages/desktop/out
env:
GPG_PASSPHRASE: ${{ secrets.GPG_PASSPHRASE }}
if: matrix.os == 'ubuntu-20.04'
- name: Compute checksums (Linux)
run: for i in `ls | grep 'firefly-*'` ; do sha256sum $i | awk {'print $1'} > $i.sha256 ; done
working-directory: packages/desktop/out
if: matrix.os == 'ubuntu-20.04'
- name: Compute checksums (macOS)
run: for i in `ls | grep 'firefly-*'` ; do shasum -a 256 $i | awk {'print $1'} > $i.sha256 ; done
working-directory: packages/desktop/out
if: matrix.os == 'macos-11'
- name: Compute checksums (Windows)
run: Get-ChildItem "." -Filter firefly-* | Foreach-Object { $(Get-FileHash -Path $_.FullName -Algorithm SHA256).Hash | Set-Content ($_.FullName + '.sha256') }
working-directory: packages/desktop/out
if: matrix.os == 'windows-2019'
- name: Upload artifacts
uses: actions/upload-artifact@v2
with:
name: firefly-desktop-${{ matrix.os }}
path: |
packages/desktop/out/firefly-*
packages/desktop/out/latest*
release:
runs-on: ubuntu-latest
needs: [setup, build]
if: startsWith(github.ref, 'refs/tags/desktop')
env:
VERSION: ${{ needs.setup.outputs.version }}
RELEASE_NAME: ${{ needs.setup.outputs.release_name }}
STAGE: ${{ needs.setup.outputs.stage }}
steps:
- run: echo ${{ github.ref }}
- name: Checkout code
uses: actions/checkout@v2
- name: Downloading artifacts
uses: actions/download-artifact@v2
with:
name: firefly-desktop-windows-2019
path: assets
- name: Downloading artifacts
uses: actions/download-artifact@v2
with:
name: firefly-desktop-macos-11
path: assets
- name: Downloading artifacts
uses: actions/download-artifact@v2
with:
name: firefly-desktop-ubuntu-20.04
path: assets
- name: Preparing release body
run: |
sed -i 's/\r$//' ../../assets/*.sha256 && sed -i '/^$/d' ../../assets/*.sha256 && sed -i -e 's/\(.*\)/\L\1/' ../../assets/*.sha256
WIN_SHA256=$(cat ../../assets/firefly-${{ env.NETWORK_CODE }}-desktop-${{ env.VERSION }}.exe.sha256)
LIN_SHA256=$(cat ../../assets/firefly-${{ env.NETWORK_CODE }}-desktop-${{ env.VERSION }}.AppImage.sha256)
MAC_SHA256=$(cat ../../assets/firefly-${{ env.NETWORK_CODE }}-desktop-${{ env.VERSION }}.dmg.sha256)
echo $WIN_SHA256 $LIN_SHA256 $MAC_SHA256
touch CHANGELOG.md
echo '### Changelog' >> CHANGELOG.md
echo '------' >> CHANGELOG.md
echo '### File Hashes' >> CHANGELOG.md
echo '[How to verify the authenticity of your Firefly ${{ env.NETWORK }} Desktop download](https://wiki.iota.org/shimmer/introduction/how_tos/verify_download/#verify-your-firefly-desktop-download)' >> CHANGELOG.md
echo '| File | Platform | SHA256 Hash |' >> CHANGELOG.md
echo '| --- | --- | --- |' >> CHANGELOG.md
echo '| firefly-${{ env.NETWORK_CODE }}-desktop-${{ env.VERSION }}.exe | Windows |' $WIN_SHA256 '|' >> CHANGELOG.md
echo '| firefly-${{ env.NETWORK_CODE }}-desktop-${{ env.VERSION }}.AppImage | Linux |' $LIN_SHA256 '|' >> CHANGELOG.md
echo '| firefly-${{ env.NETWORK_CODE }}-desktop-${{ env.VERSION }}.dmg | MacOS | ' $MAC_SHA256 '|' >> CHANGELOG.md
cat CHANGELOG.md
working-directory: packages/desktop
- name: Create Release
id: create_release
uses: actions/[email protected]
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
tag_name: ${{ github.ref }}
release_name: Firefly ${{ env.NETWORK }} Desktop ${{ env.RELEASE_NAME }}
body_path: packages/desktop/CHANGELOG.md
draft: true
prerelease: true
- name: Upload macOS binary asset
uses: actions/upload-release-asset@v1
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
upload_url: ${{ steps.create_release.outputs.upload_url }}
asset_path: assets/firefly-${{ env.NETWORK_CODE }}-desktop-${{ env.VERSION }}.dmg
asset_name: firefly-${{ env.NETWORK_CODE }}-desktop-${{ env.VERSION }}.dmg
asset_content_type: application/octet-stream
- name: Upload Windows binary asset
uses: actions/upload-release-asset@v1
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
upload_url: ${{ steps.create_release.outputs.upload_url }}
asset_path: assets/firefly-${{ env.NETWORK_CODE }}-desktop-${{ env.VERSION }}.exe
asset_name: firefly-${{ env.NETWORK_CODE }}-desktop-${{ env.VERSION }}.exe
asset_content_type: application/octet-stream
- name: Upload Linux binary asset
uses: actions/upload-release-asset@v1
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
upload_url: ${{ steps.create_release.outputs.upload_url }}
asset_path: assets/firefly-${{ env.NETWORK_CODE }}-desktop-${{ env.VERSION }}.AppImage
asset_name: firefly-${{ env.NETWORK_CODE }}-desktop-${{ env.VERSION }}.AppImage
asset_content_type: application/octet-stream
- name: Upload Linux code signature asset
uses: actions/upload-release-asset@v1
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
upload_url: ${{ steps.create_release.outputs.upload_url }}
asset_path: assets/firefly-${{ env.NETWORK_CODE }}-desktop-${{ env.VERSION }}.AppImage.asc
asset_name: firefly-${{ env.NETWORK_CODE }}-desktop-${{ env.VERSION }}.AppImage.asc
asset_content_type: application/pgp-signature
- name: Upload to S3
run: |
aws s3 cp assets/ s3://iotaledger-files/4a1ddea1-10c1-4f1d-83f0-e14903931a46/releases/ --recursive --include "*" --exclude "*.sha256" --exclude "*.blockmap" --exclude "*.asc" --acl public-read
aws s3 cp assets/ s3://iotaledger-files/firefly/releases/ --recursive --include "*" --exclude "*.sha256" --exclude "*.blockmap" --exclude "*.asc" --acl public-read
env:
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
AWS_DEFAULT_REGION: eu-central-1
- name: Invalidate CloudFront cache for auto-update files
run: aws cloudfront create-invalidation --distribution-id E32G4HRED4PO65 --paths "/latest*"
env:
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
AWS_DEFAULT_REGION: eu-central-1