Skip to content
Release app

Release app #63

Sign in to view logs

Release app

Release app #63

Workflow file for this run

.github/workflows/release.yml at 8510d9e
# .github/workflows/release.yml
# -------------------------------------------------------
# GitHub Actions workflow to build, sign (if configured),
# and publish Electron apps for all major OS platforms.
# -------------------------------------------------------
name: Release app
on:
workflow_dispatch:
push:
branches: [ main, release/** ]
# Required for publishing release assets
permissions:
contents: write
jobs:
build:
name: Build & Publish App
environment: release
strategy:
# Prevent race conditions during concurrent release creation
max-parallel: 1
matrix:
os:
- { name: "windows", image: "windows-latest" }
- { name: "linux", image: "ubuntu-22.04" }
- { name: "macos-intel", image: "macos-13" }
- { name: "macos", image: "macos-latest" }
runs-on: ${{ matrix.os.image }}
steps:
- name: πŸ›ŽοΈ Checkout repository
uses: actions/checkout@v4
- name: 🧩 Setup Node.js
uses: actions/setup-node@v4
with:
node-version: 20
- name: 🧹 Clean up environment
shell: pwsh
run: |
if (Test-Path node_modules) { Remove-Item -Recurse -Force node_modules }
if (Test-Path package-lock.json) { Remove-Item -Force package-lock.json }
npm cache clean --force
- name: πŸ“¦ Install dependencies
run: npm install --include=optional
# Rebuild rollup for the appropriate platform
- name: πŸ› οΈ Rebuild Rollup (Linux)
if: contains(matrix.os.name, 'linux')
run: npm rebuild @rollup/rollup-linux-x64-gnu || true
- name: πŸ› οΈ Rebuild Rollup (macOS Intel)
if: contains(matrix.os.name, 'macos-intel')
run: npm rebuild @rollup/rollup-darwin-x64 || true
- name: πŸ› οΈ Rebuild Rollup (macOS ARM)
if: contains(matrix.os.name, 'macos')
run: npm rebuild @rollup/rollup-darwin-arm64 || true
- name: πŸ› οΈ Rebuild Rollup (Windows)
if: contains(matrix.os.name, 'windows')
run: npm rebuild @rollup/rollup-win32-x64-msvc || true
# Optional macOS signing setup (commented out)
# - name: Add macOS certificate
# if: contains(matrix.os.name, 'macos') && env.MACOS_CERT_P12 != ''
# env:
# MACOS_CERT_P12: ${{ secrets.MACOS_CERT_P12 }}
# MACOS_CERT_PASSWORD: ${{ secrets.MACOS_CERT_PASSWORD }}
# run: chmod +x tools/add-macos-cert.sh && ./tools/add-macos-cert.sh
# Optional Windows signing setup (commented out)
# - name: Set up Windows certificate
# if: contains(matrix.os.name, 'windows')
# shell: bash
# run: |
# echo "${{ secrets.SM_CLIENT_CERT_FILE_B64 }}" | base64 --decode > D:/Certificate_pkcs12.p12
# echo "SM_CLIENT_CERT_FILE=D:\\Certificate_pkcs12.p12" >> "$GITHUB_ENV"
- name: πŸš€ Publish App to GitHub Releases
env:
NODE_OPTIONS: "--max-old-space-size=4096"
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
APPLE_TEAM_ID: ${{ secrets.APPLE_TEAM_ID }}
APPLE_ID: ${{ secrets.APPLE_ID }}
APPLE_PASSWORD: ${{ secrets.APPLE_PASSWORD }}
SM_CODE_SIGNING_CERT_SHA1_HASH: ${{ secrets.SM_CODE_SIGNING_CERT_SHA1_HASH }}
run: npm run publish
verify-assets:
name: βœ… Verify Release Assets
needs: build
runs-on: ubuntu-latest
permissions:
contents: read
packages: read
actions: read
id-token: write
steps:
- name: πŸ›ŽοΈ Checkout repository
uses: actions/checkout@v4
- name: 🧩 Setup Node.js
uses: actions/setup-node@v4
with:
node-version: 20
- name: πŸ” Check GITHUB_TOKEN permissions
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: |
echo "πŸ” Verifying GitHub token access..."
response=$(curl -s -o /dev/null -w "%{http_code}" -H "Authorization: token $GITHUB_TOKEN" "https://api.github.com/repos/SFARPak/AliFullStack")
if [ "$response" != "200" ]; then
echo "❌ GITHUB_TOKEN invalid or lacks 'contents' permission. Response code: $response"
exit 1
fi
echo "βœ… GITHUB_TOKEN verified successfully."
- name: πŸ“¦ Verify release assets
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: node scripts/verify-release-assets.js