publish #64
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: "publish" | |
| on: | |
| workflow_dispatch: | |
| inputs: | |
| environment: | |
| description: "Release Environment" | |
| type: choice | |
| required: true | |
| options: | |
| - development | |
| - production | |
| - staging | |
| default: production | |
| jobs: | |
| create-release: | |
| permissions: | |
| contents: write | |
| runs-on: ubuntu-latest | |
| outputs: | |
| release_id: ${{ steps.create-release.outputs.result }} | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: get version | |
| id: version | |
| uses: actions/github-script@v7 | |
| with: | |
| script: | | |
| const { version } = require('./package.json') | |
| core.setOutput('version', version) | |
| - name: create release | |
| id: create-release | |
| uses: actions/github-script@v7 | |
| env: | |
| ENVIRONMENT: ${{inputs.environment}} | |
| PACKAGE_VERSION: ${{ steps.version.outputs.version }} | |
| with: | |
| # TODO: see if release already exists (e.g. re-run of failed workflow), then re-use it | |
| script: | | |
| const { data } = await github.rest.repos.createRelease({ | |
| owner: context.repo.owner, | |
| repo: context.repo.repo, | |
| tag_name: `${process.env.ENVIRONMENT}/${process.env.PACKAGE_VERSION}`, | |
| name: `v${process.env.PACKAGE_VERSION}/${process.env.ENVIRONMENT}`, | |
| body: `This release is for the ${process.env.ENVIRONMENT} environment.`, | |
| draft: true, | |
| prerelease: process.env.ENVIRONMENT != "production" | |
| }) | |
| return data.id | |
| build-tauri: | |
| needs: create-release | |
| permissions: | |
| contents: write | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| include: | |
| - platform: "macos-latest" | |
| args: "--target aarch64-apple-darwin --bundles dmg,app" | |
| - platform: "macos-latest" | |
| args: "--target x86_64-apple-darwin --bundles dmg,app" | |
| - platform: "ubuntu-22.04" | |
| args: "" | |
| # Disabled, until needed | |
| # - platform: "windows-latest" | |
| # args: "--config src-tauri/tauri.microsoftstore.conf.json --bundles msi" | |
| - platform: "windows-latest" | |
| args: "--bundles nsis" | |
| runs-on: ${{ matrix.platform }} | |
| env: | |
| SENTRY_DSN: ${{ secrets.SENTRY_DSN }} | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: setup node | |
| uses: actions/setup-node@v4 | |
| with: | |
| node-version: 22.x | |
| - name: Set FREECODECAMP_API based on environment | |
| run: | | |
| if [ "${{ inputs.environment }}" = "development" ]; then | |
| echo "FREECODECAMP_API=http://localhost:3000" >> $GITHUB_ENV | |
| elif [ "${{ inputs.environment }}" = "staging" ]; then | |
| echo "FREECODECAMP_API=https://api.freecodecamp.dev" >> $GITHUB_ENV | |
| elif [ "${{ inputs.environment }}" = "production" ]; then | |
| echo "FREECODECAMP_API=https://api.freecodecamp.org" >> $GITHUB_ENV | |
| fi | |
| shell: bash | |
| - uses: oven-sh/setup-bun@v2 | |
| with: | |
| bun-version: latest | |
| - name: get version | |
| id: version | |
| uses: actions/github-script@v7 | |
| with: | |
| script: | | |
| const { version } = require('./package.json') | |
| core.setOutput('version', version) | |
| - name: install Rust stable | |
| uses: dtolnay/rust-toolchain@stable | |
| with: | |
| # Those targets are only used on macos runners so it's in an `if` to slightly speed up windows and linux builds. | |
| targets: ${{ matrix.platform == 'macos-latest' && 'aarch64-apple-darwin,x86_64-apple-darwin' || '' }} | |
| - name: install dependencies (ubuntu only) | |
| if: matrix.platform == 'ubuntu-22.04' # This must match the platform value defined above. | |
| run: | | |
| sudo apt-get update | |
| sudo apt-get install -y libwebkit2gtk-4.1-dev libappindicator3-dev librsvg2-dev patchelf | |
| - name: install frontend dependencies | |
| run: bun install && bun run prisma generate | |
| # The rust build requires the `.env` file to exist, even if none of the variables are used | |
| - name: prep env (non-windows) | |
| if: matrix.platform != 'windows-latest' | |
| run: touch .env | |
| - name: prep env (windows) | |
| if: matrix.platform == 'windows-latest' | |
| run: New-Item -Name ".env" -ItemType File | |
| - name: install Go stable (windows) | |
| if: matrix.platform == 'windows-latest' | |
| uses: actions/setup-go@v4 | |
| with: | |
| go-version: "stable" | |
| - name: install relic (windows) | |
| if: matrix.platform == 'windows-latest' | |
| run: | | |
| go install github.com/sassoftware/relic/v8@latest | |
| - name: install codemagic cli tools (macos) | |
| if: matrix.platform == 'macos-latest' | |
| run: pip3 install codemagic-cli-tools --break-system-packages | |
| - name: install apple certificates and provisioning profiles (macos) | |
| if: matrix.platform == 'macos-latest' | |
| env: | |
| KEYCHAIN_PASSWORD: ${{ secrets.KEYCHAIN_PASSWORD }} | |
| APPLE_DEVELOPER_ID_CERT: ${{ secrets.APPLE_DEVELOPER_ID_CERT }} | |
| PROVISIONING_PROFILE: ${{ secrets.MAC_APP_DIRECT_PROVISIONING_PROFILE }} | |
| APPLE_API_KEY_ID: ${{ secrets.APPLE_API_KEY_ID }} | |
| APPLE_API_KEY: ${{ secrets.APPLE_API_KEY }} | |
| run: | | |
| # create variables | |
| mkdir -p ~/.appstoreconnect/private_keys | |
| CERT_BASE_PATH=/Users/runner/Library/MobileDevice/Certificates | |
| mkdir -p $CERT_BASE_PATH | |
| DEVELOPER_ID_CERT_PATH=$CERT_BASE_PATH/developer_id_certificate.p12 | |
| PP_PATH=./src-tauri/embedded.provisionprofile | |
| KEYCHAIN_PATH=$RUNNER_TEMP/app-signing.keychain-db | |
| APPLE_API_KEY_PATH=~/.appstoreconnect/private_keys/AuthKey_$APPLE_API_KEY_ID.p8 | |
| # import certificate and provisioning profile from secrets | |
| echo -n "$APPLE_DEVELOPER_ID_CERT" | base64 --decode -o $DEVELOPER_ID_CERT_PATH | |
| echo -n "$PROVISIONING_PROFILE" | base64 --decode -o $PP_PATH | |
| echo -n "$APPLE_API_KEY" | base64 --decode -o $APPLE_API_KEY_PATH | |
| # create temporary keychain | |
| keychain initialize --password $KEYCHAIN_PASSWORD --path $KEYCHAIN_PATH --timeout 21600 | |
| # import certificate to keychain | |
| keychain add-certificates | |
| security set-key-partition-list -S apple-tool:,apple: -k "$KEYCHAIN_PASSWORD" $KEYCHAIN_PATH | |
| security find-identity -v | |
| - name: Set verbose flag if in debug mode | |
| uses: actions/github-script@v7 | |
| env: | |
| ACTIONS_STEP_DEBUG: ${{ secrets.ACTIONS_STEP_DEBUG }} | |
| with: | |
| script: | | |
| const isDebug = process.env.ACTIONS_STEP_DEBUG === 'true'; | |
| core.exportVariable('TAURI_VERBOSE_FLAG', isDebug ? '--verbose' : ''); | |
| - uses: tauri-apps/tauri-action@v0.6 | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| TAURI_SIGNING_PRIVATE_KEY: ${{ secrets.TAURI_SIGNING_PRIVATE_KEY }} | |
| TAURI_SIGNING_PRIVATE_KEY_PASSWORD: ${{ secrets.TAURI_SIGNING_PRIVATE_KEY_PASSWORD }} | |
| AZURE_VAULT_ID: ${{ secrets.AZURE_VAULT_ID }} | |
| AZURE_TENANT_ID: ${{ secrets.AZURE_TENANT_ID }} | |
| AZURE_CLIENT_SECRET: ${{ secrets.AZURE_CLIENT_SECRET }} | |
| AZURE_CLIENT_ID: ${{ secrets.AZURE_CLIENT_ID }} | |
| # MacOS specific | |
| APPLE_SIGNING_IDENTITY: "Developer ID Application: Free Code Camp, Inc. (L33K9LWVP9)" | |
| APPLE_API_ISSUER: ${{ secrets.APPLE_API_ISSUER }} | |
| APPLE_API_KEY: ${{ secrets.APPLE_API_KEY_ID }} | |
| SENTRY_DSN: ${{ secrets.SENTRY_DSN }} | |
| FREECODECAMP_API: ${{ env.FREECODECAMP_API }} | |
| ENVIRONMENT: ${{inputs.environment}} | |
| with: | |
| releaseId: ${{ needs.create-release.outputs.release_id }} | |
| args: ${{ matrix.args }} ${{ env.TAURI_VERBOSE_FLAG }} | |
| includeDebug: ${{ inputs.environment != 'production' }} | |
| includeRelease: ${{inputs.environment == 'production' }} | |
| includeUpdaterJson: true | |
| # tagName is required to prevent all update URLs from pointing to `/latest/`: | |
| # https://github.com/freeCodeCamp/exam-env/issues/54 | |
| tagName: ${{ inputs.environment }}/${{ steps.version.outputs.version }} | |
| # As the release is not published yet, this must be set: https://github.com/tauri-apps/tauri-action?tab=readme-ov-file#tips-and-caveats | |
| releaseDraft: true | |
| publish-release: | |
| permissions: | |
| contents: write | |
| runs-on: ubuntu-latest | |
| needs: [create-release, build-tauri] | |
| steps: | |
| - name: publish release | |
| id: publish-release | |
| uses: actions/github-script@v7 | |
| env: | |
| release_id: ${{ needs.create-release.outputs.release_id }} | |
| prerelease: ${{ inputs.environment != 'production' }} | |
| with: | |
| script: | | |
| github.rest.repos.updateRelease({ | |
| owner: context.repo.owner, | |
| repo: context.repo.repo, | |
| release_id: process.env.release_id, | |
| draft: false, | |
| prerelease: process.env.prerelease == "true" | |
| }) |