feat: nethcti-middleware (#72) #39
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Build and release prod apps | |
| on: | |
| push: | |
| tags: | |
| - '**' | |
| jobs: | |
| release: | |
| runs-on: ${{ matrix.os }} | |
| strategy: | |
| matrix: | |
| include: | |
| - os: macos-latest | |
| arch: x64 | |
| - os: macos-latest | |
| arch: arm64 | |
| - os: ubuntu-latest | |
| arch: x64 | |
| - os: windows-latest | |
| arch: x64 | |
| steps: | |
| - name: Check out Git repository | |
| uses: actions/checkout@v4 | |
| - name: Install Node.js, NPM and Yarn | |
| uses: actions/setup-node@v4 | |
| with: | |
| node-version: 22 | |
| - name: Prepare for app notarization | |
| if: startsWith(matrix.os, 'macos') | |
| # Import Apple API key for app notarization on macOS | |
| run: | | |
| mkdir -p ~/private_keys/ | |
| echo '${{ secrets.api_key }}' > ~/private_keys/AuthKey_${{ secrets.api_key_id }}.p8 | |
| xcrun --find notarytool | |
| - name: Build/release Electron app | |
| uses: samuelmeuli/action-electron-builder@v1 | |
| with: | |
| # GitHub token, automatically provided to the action | |
| # (No need to define this secret in the repo settings) | |
| github_token: ${{ secrets.github_token }} | |
| # If the commit is tagged with a version (e.g. "v1.0.0"), | |
| # release the app after building | |
| release: ${{ startsWith(github.ref, 'refs/tags/v') }} | |
| # macOS certificate files | |
| mac_certs: ${{ secrets.mac_certs }} | |
| mac_certs_password: ${{ secrets.mac_certs_psw }} | |
| # Pass arch here | |
| args: --${{ matrix.arch }} | |
| env: | |
| # macOS notarization API key | |
| APPLE_ID: ${{ secrets.apple_id }} | |
| APPLE_ID_PASSWORD: ${{ secrets.apple_id_password }} | |
| APPLE_APP_SPECIFIC_PASSWORD: ${{ secrets.apple_id_password }} | |
| APPLE_TEAM_ID: 8D66VDADVH | |
| DEBUG: electron-notarize* | |
| - name: Archive notorization logs | |
| if: always() | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: notorization-logs | |
| path: notarization-error.log | |
| if-no-files-found: ignore | |
| update-release-notes: | |
| needs: release | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/checkout@v3 | |
| - name: Generate Release Notes between Tags | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.github_token }} | |
| id: generate_notes | |
| run: | | |
| # Get the tag being pushed (e.g., v1.0.0) | |
| TAG=${GITHUB_REF#refs/tags/} | |
| # Find the previous tag, ensuring it exists (exclude the current tag) | |
| PREV_TAG=$(git tag --sort=v:refname | grep -B 1 "$TAG" | head -n 1) | |
| # If PREV_TAG is the same as the current tag, adjust | |
| if [ "$PREV_TAG" == "$TAG" ]; then | |
| PREV_TAG=$(git tag --sort=v:refname | grep -B 2 "$TAG" | head -n 1) | |
| fi | |
| if [ -z "$PREV_TAG" ]; then | |
| echo "Error: Previous tag not found." | |
| exit 1 | |
| fi | |
| # Generate the release notes using GitHub API | |
| NOTES=$(gh api repos/NethServer/nethlink/releases/generate-notes \ | |
| -f tag_name="$TAG" -f previous_tag_name="$PREV_TAG" -q .body \ | |
| ) | |
| # Escape newlines and special characters properly | |
| NOTES_ESCAPED=$(printf '%s' "$NOTES" | sed 's/%/%25/g; s/\r/%0D/g; s/\n/%0A/g') | |
| # Save the release notes to the output file | |
| echo "release_notes=$NOTES_ESCAPED" >> "$GITHUB_OUTPUT" | |
| - name: Update Release Notes in GitHub | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.github_token }} | |
| run: | | |
| # Get the tag being pushed | |
| TAG=${GITHUB_REF#refs/tags/} | |
| # Update the release with the generated notes | |
| gh release edit $TAG --title $TAG --notes "${{ steps.generate_notes.outputs.release_notes }}" | |
| - name: Generate SBOM (CycloneDX) | |
| uses: aquasecurity/[email protected] | |
| with: | |
| scan-type: 'fs' | |
| scan-ref: '.' | |
| format: cyclonedx | |
| output: sbom.cdx.json | |
| - name: Attach SBOM to release | |
| env: | |
| GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| run: | | |
| # Get the tag being pushed | |
| TAG=${GITHUB_REF#refs/tags/} | |
| # Update the release with the generated notes | |
| gh release upload $TAG sbom.cdx.json --clobber |