.github/workflows/control_cd.yaml #5
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| on: | |
| workflow_dispatch: | |
| inputs: | |
| channel: | |
| description: "Release channel" | |
| required: true | |
| type: choice | |
| options: | |
| - staging | |
| - stable | |
| concurrency: | |
| group: ${{ github.workflow }}-${{ github.ref }}-${{ inputs.channel }} | |
| cancel-in-progress: true | |
| env: | |
| CN_APPLICATION: "fastrepl/hyprnote-control" | |
| RELEASE_CHANNEL: ${{ inputs.channel }} | |
| TAURI_CONF_PATH: ./src-tauri/tauri.conf.${{ inputs.channel }}.json | |
| NODE_OPTIONS: "--max-old-space-size=4096" | |
| jobs: | |
| compute-version: | |
| runs-on: ubuntu-latest | |
| outputs: | |
| version: ${{ steps.version.outputs.version }} | |
| steps: | |
| - uses: actions/checkout@v4 | |
| with: | |
| lfs: true | |
| fetch-depth: 0 | |
| fetch-tags: true | |
| - run: git fetch --tags --force | |
| - uses: ./.github/actions/doxxer_install | |
| - id: version | |
| run: | | |
| if [[ "${{ inputs.channel }}" == "staging" ]]; then | |
| VERSION=$(doxxer --config doxxer.control.toml next dev) | |
| elif [[ "${{ inputs.channel }}" == "stable" ]]; then | |
| VERSION=$(doxxer --config doxxer.control.toml next patch) | |
| fi | |
| echo "version=$VERSION" >> $GITHUB_OUTPUT | |
| echo "Computed version: $VERSION" | |
| cn-draft: | |
| if: ${{ inputs.channel != 'staging' }} | |
| needs: compute-version | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - run: ./scripts/version.sh "./apps/control/src-tauri/tauri.conf.json" "${{ needs.compute-version.outputs.version }}" | |
| - uses: ./.github/actions/cn_release | |
| with: | |
| cmd: draft | |
| app: ${{ env.CN_APPLICATION }} | |
| key: ${{ secrets.CN_API_KEY }} | |
| channel: ${{ env.RELEASE_CHANNEL }} | |
| framework: tauri | |
| working-directory: ./apps/control | |
| build-macos: | |
| needs: [compute-version, cn-draft] | |
| if: ${{ !cancelled() && (needs.cn-draft.result == 'success' || needs.cn-draft.result == 'skipped') }} | |
| permissions: | |
| contents: write | |
| runs-on: depot-macos-14 | |
| strategy: | |
| fail-fast: true | |
| matrix: | |
| include: | |
| - target: aarch64-apple-darwin | |
| arch: aarch64 | |
| artifact_name: silicon | |
| - target: x86_64-apple-darwin | |
| arch: x86_64 | |
| artifact_name: intel | |
| defaults: | |
| run: | |
| shell: bash | |
| steps: | |
| - uses: actions/checkout@v4 | |
| with: | |
| lfs: true | |
| fetch-depth: 0 | |
| fetch-tags: true | |
| - run: git fetch --tags --force | |
| - uses: ./.github/actions/macos_tcc | |
| - run: ./scripts/version.sh "./apps/control/src-tauri/tauri.conf.json" "${{ needs.compute-version.outputs.version }}" | |
| - uses: ./.github/actions/install_desktop_deps | |
| with: | |
| target: macos | |
| - uses: ./.github/actions/rust_install | |
| with: | |
| platform: macos | |
| - uses: ./.github/actions/pnpm_install | |
| - uses: ./.github/actions/apple_cert | |
| id: apple-cert | |
| with: | |
| apple-certificate: ${{ secrets.APPLE_CERTIFICATE }} | |
| apple-certificate-password: ${{ secrets.APPLE_CERTIFICATE_PASSWORD }} | |
| keychain-password: ${{ secrets.KEYCHAIN_PASSWORD }} | |
| - run: | | |
| FEATURES_FLAG="" | |
| if [[ "${{ inputs.channel }}" == "staging" ]]; then | |
| FEATURES_FLAG="--features devtools" | |
| fi | |
| pnpm -F @hypr/control tauri build --target ${{ matrix.target }} --config ${{ env.TAURI_CONF_PATH }} --verbose $FEATURES_FLAG | |
| env: | |
| CI: false | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| APP_VERSION: ${{ needs.compute-version.outputs.version }} | |
| APPLE_ID: ${{ secrets.APPLE_ID }} | |
| APPLE_PASSWORD: ${{ secrets.APPLE_PASSWORD }} | |
| APPLE_TEAM_ID: ${{ secrets.APPLE_TEAM_ID }} | |
| APPLE_CERTIFICATE: ${{ secrets.APPLE_CERTIFICATE }} | |
| APPLE_CERTIFICATE_PASSWORD: ${{ secrets.APPLE_CERTIFICATE_PASSWORD }} | |
| APPLE_SIGNING_IDENTITY: ${{ steps.apple-cert.outputs.cert-id }} | |
| TAURI_SIGNING_PRIVATE_KEY: ${{ secrets.TAURI_SIGNING_PRIVATE_KEY }} | |
| TAURI_SIGNING_PRIVATE_KEY_PASSWORD: ${{ secrets.TAURI_SIGNING_PRIVATE_KEY_PASSWORD }} | |
| - run: | | |
| mkdir -p target/release/ | |
| find target/${{ matrix.target }}/release -type f -not -path "*/\.*" -exec cp {} target/release/ \; | |
| shell: bash | |
| working-directory: ./apps/control/src-tauri | |
| - if: ${{ inputs.channel != 'staging' }} | |
| uses: ./.github/actions/cn_release | |
| with: | |
| cmd: upload | |
| app: ${{ env.CN_APPLICATION }} | |
| key: ${{ secrets.CN_API_KEY }} | |
| channel: ${{ env.RELEASE_CHANNEL }} | |
| framework: tauri | |
| working-directory: ./apps/control | |
| - if: ${{ inputs.channel != 'staging' }} | |
| run: | | |
| DMG_FILE=$(find "apps/control/src-tauri/target/${{ matrix.target }}/release/bundle/dmg/" -name "*.dmg" -type f) | |
| cp "$DMG_FILE" "hyprnote-control-macos-${{ matrix.arch }}.dmg" | |
| aws s3 cp "hyprnote-control-macos-${{ matrix.arch }}.dmg" \ | |
| "s3://hyprnote-build/control/${{ needs.compute-version.outputs.version }}/hyprnote-control-macos-${{ matrix.arch }}.dmg" \ | |
| --endpoint-url ${{ secrets.CLOUDFLARE_R2_ENDPOINT_URL }} \ | |
| --region auto | |
| env: | |
| AWS_ACCESS_KEY_ID: ${{ secrets.CLOUDFLARE_R2_ACCESS_KEY_ID }} | |
| AWS_SECRET_ACCESS_KEY: ${{ secrets.CLOUDFLARE_R2_SECRET_ACCESS_KEY }} | |
| - if: ${{ inputs.channel == 'staging' }} | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: hyprnote-control-staging-macos-${{ matrix.artifact_name }} | |
| path: apps/control/src-tauri/target/${{ matrix.target }}/release/bundle/dmg/*.dmg | |
| retention-days: 3 | |
| cn-publish: | |
| if: ${{ inputs.channel != 'staging' }} | |
| needs: [compute-version, build-macos] | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - run: ./scripts/version.sh "./apps/control/src-tauri/tauri.conf.json" "${{ needs.compute-version.outputs.version }}" | |
| - uses: ./.github/actions/cn_release | |
| with: | |
| cmd: publish | |
| app: ${{ env.CN_APPLICATION }} | |
| key: ${{ secrets.CN_API_KEY }} | |
| channel: ${{ env.RELEASE_CHANNEL }} | |
| framework: tauri | |
| working-directory: ./apps/control | |
| release: | |
| if: ${{ inputs.channel != 'staging' }} | |
| needs: [compute-version, build-macos, cn-publish] | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: write | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - run: | | |
| aws s3 cp \ | |
| "s3://hyprnote-build/control/${{ needs.compute-version.outputs.version }}/hyprnote-control-macos-aarch64.dmg" \ | |
| "hyprnote-control-macos-aarch64.dmg" \ | |
| --endpoint-url ${{ secrets.CLOUDFLARE_R2_ENDPOINT_URL }} \ | |
| --region auto | |
| aws s3 cp \ | |
| "s3://hyprnote-build/control/${{ needs.compute-version.outputs.version }}/hyprnote-control-macos-x86_64.dmg" \ | |
| "hyprnote-control-macos-x86_64.dmg" \ | |
| --endpoint-url ${{ secrets.CLOUDFLARE_R2_ENDPOINT_URL }} \ | |
| --region auto | |
| env: | |
| AWS_ACCESS_KEY_ID: ${{ secrets.CLOUDFLARE_R2_ACCESS_KEY_ID }} | |
| AWS_SECRET_ACCESS_KEY: ${{ secrets.CLOUDFLARE_R2_SECRET_ACCESS_KEY }} | |
| - uses: mathieudutour/[email protected] | |
| with: | |
| github_token: ${{ secrets.GITHUB_TOKEN }} | |
| custom_tag: control_v${{ needs.compute-version.outputs.version }} | |
| tag_prefix: "" | |
| - id: checksums | |
| uses: ./.github/actions/generate_checksums | |
| with: | |
| files: | | |
| hyprnote-control-macos-aarch64.dmg | |
| hyprnote-control-macos-x86_64.dmg | |
| - uses: ncipollo/release-action@v1 | |
| with: | |
| tag: control_v${{ needs.compute-version.outputs.version }} | |
| name: control_v${{ needs.compute-version.outputs.version }} | |
| body: "Hyprnote Control ${{ needs.compute-version.outputs.version }}" | |
| artifacts: hyprnote-control-macos-aarch64.dmg,hyprnote-control-macos-x86_64.dmg,${{ steps.checksums.outputs.checksum_files }} |