@@ -34,35 +34,92 @@ jobs:
3434 # # Log in to Snap Store
3535 # snapcraft_token: ${{ secrets.snapcraft_token }}
3636
37+
38+ - run : yarn compile
39+
3740 - name : Prepare for app notarization (macOS)
3841 if : startsWith(matrix.os, 'macos')
3942 # Import Apple API key for app notarization on macOS
4043 run : |
4144 mkdir -p ~/private_keys/
4245 echo '${{ secrets.APPLE_API_KEY }}' > ~/private_keys/AuthKey_${{ secrets.APPLE_API_KEY_ID }}.p8
4346
44- name : Build/release Electron app
45- uses : samuelmeuli/action-electron-builder@v1
46- with :
47- # Run `yarn compile` before `yarn electron-builder --mac`
48- build_script_name : " compile"
49-
50- # GitHub token, automatically provided to the action
51- # (No need to define this secret in the repo settings)
52- github_token : ${{ secrets.github_token }}
5347
54- # macOS code signing certificate
55- mac_certs : ${{ secrets.mac_certs }}
56- mac_certs_password : ${{ secrets.mac_certs_password }}
48+ name : Run yarn dist for a maximum of 5 times
49+ run : |
5750
58- # If the commit is tagged with a version (e.g. "v1.0.0"),
59- # release the app after building
60- release : ${{ startsWith(github.ref, 'refs/tags/v') }}
51+ notarization_log="notarization-error.log"
52+
53+ if [[ ${{ inputs.os }} = macos-* ]]
54+ then
55+ export CSC_KEY_PASSWORD='${{ secrets.MAC_CERTS_PASSWORD }}'
56+ export CSC_LINK='${{ secrets.MAC_CERTS }}'
57+ # Windows codesigning disabled until cloud HSM has been set up.
58+ # elif [[ ${{ inputs.os }} = windows-* ]]
59+ # then
60+ # export CSC_KEY_PASSWORD='${{ secrets.WINDOWS_CERTS_PASSWORD }}'
61+ # export CSC_LINK='${{ secrets.WINDOWS_CERTS }}'
62+ fi
63+
64+ # Unset empty variables for electron-builder (mainly for Windows but may also help with other OSs)
65+ for var in CSC_LINK CSC_KEY_PASSWORD
66+ do
67+ if [[ -z "${!var:-}" ]]
68+ then
69+ >&2 echo "info: unsetting empty \$${var} variable."
70+ unset "${var}"
71+ else
72+ >&2 echo "info: keeping non-empty \$${var} variable."
73+ fi
74+ done
75+
76+ attempt=1
77+ until yarn dist
78+ do
79+ >&2 echo "warning: ⚠️ Attempt #${attempt} failed."
80+ if ((attempt >= 5))
81+ then
82+ >&2 echo "error: ❌ Attempted 5 times and all have failed. Aborting."
83+ if [[ -r "${notarization_log}" ]]
84+ then
85+ >&2 printf "📝 \e[1;93mPrinting out notarization error log:\e[m\n"
86+ >&2 echo
87+ >&2 printf "\e[1m<NotarizationLog>\e[;33m\n"
88+ >&2 echo
89+ >&2 cat "${notarization_log}"
90+ >&2 echo
91+ >&2 printf "\e[;1m</NotarizationLog>\e[m\n"
92+ >&2 echo
93+ echo 'has_notarization_error=1' >> $GITHUB_ENV
94+ fi
95+ exit 1
96+ fi
97+ ((attempt++))
98+ done
99+ >&2 echo "info: ✅ Completed after attempt #${attempt}."
100+ shell : bash
61101 env :
62- # macOS notarization API key
102+ # Always helpful for debugging non-interactive sessions
103+ DEBUG : electron-builder
104+
105+ # macOS notarization
106+ # APPLE_ID: ${{ secrets.APPLE_ID }}
107+ # APPLE_ID_PASSWORD: ${{ secrets.APPLE_ID_PASSWORD }}
108+ # APPLE_TEAM_ID: ${{ secrets.APPLE_TEAM_ID }}
63109 API_KEY_ID : ${{ secrets.APPLE_API_KEY_ID }}
64110 API_KEY_ISSUER_ID : ${{ secrets.APPLE_API_KEY_ISSUER_ID }}
65111
112+ # Windows codesigning
113+ WINDOWS_CERTS_PASSWORD : ${{ secrets.WINDOWS_CERTS_PASSWORD }}
114+ WINDOWS_CERTS : ${{ secrets.WINDOWS_CERTS }}
115+
116+ # macOS notarization
117+ MAC_CERTS_PASSWORD : ${{ secrets.MAC_CERTS_PASSWORD }}
118+ MAC_CERTS : ${{ secrets.MAC_CERTS }}
119+
120+ # electron-builder publishing
121+ GH_TOKEN : ${{ secrets.GITHUB_TOKEN }}
122+
66123 - name : Upload DMG
67124 uses : actions/upload-artifact@v4
68125 if : startsWith(matrix.os, 'macos')
@@ -94,3 +151,11 @@ jobs:
94151 name : EXE
95152 path : dist/*.exe
96153 if-no-files-found : error
154+
155+ - name : Upload error logs
156+ uses : actions/upload-artifact@v4
157+ if : env.has_notarization_error == 1
158+ with :
159+ name : error-logs-${{ matrix.os }}
160+ path : |
161+ notarization-error.log
0 commit comments