Publish AUR package #11
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: CI | |
| on: | |
| push: | |
| branches: | |
| - development | |
| - linux | |
| - 'linux-release-*' | |
| tags: | |
| - 'release-*.*.*-linux*' | |
| - 'v*.*.*' | |
| pull_request: | |
| branches: | |
| - linux | |
| - 'linux-release-*' | |
| workflow_call: | |
| inputs: | |
| repository: | |
| default: desktop/desktop | |
| required: false | |
| type: string | |
| ref: | |
| required: true | |
| type: string | |
| upload-artifacts: | |
| default: false | |
| required: false | |
| type: boolean | |
| environment: | |
| type: string | |
| required: true | |
| sign: | |
| type: boolean | |
| default: true | |
| required: false | |
| secrets: | |
| AZURE_CODE_SIGNING_TENANT_ID: | |
| AZURE_CODE_SIGNING_CLIENT_ID: | |
| AZURE_CODE_SIGNING_CLIENT_SECRET: | |
| DESKTOP_OAUTH_CLIENT_ID: | |
| DESKTOP_OAUTH_CLIENT_SECRET: | |
| APPLE_ID: | |
| APPLE_ID_PASSWORD: | |
| APPLE_TEAM_ID: | |
| APPLE_APPLICATION_CERT: | |
| APPLE_APPLICATION_CERT_PASSWORD: | |
| env: | |
| NODE_VERSION: 20.17.0 | |
| jobs: | |
| lint: | |
| name: Lint | |
| runs-on: ubuntu-latest | |
| env: | |
| RELEASE_CHANNEL: ${{ inputs.environment }} | |
| steps: | |
| - uses: actions/checkout@v4 | |
| with: | |
| repository: ${{ inputs.repository || github.repository }} | |
| ref: ${{ inputs.ref }} | |
| submodules: recursive | |
| - uses: actions/setup-node@v4 | |
| with: | |
| node-version: ${{ env.NODE_VERSION }} | |
| cache: yarn | |
| - run: yarn | |
| - run: yarn validate-electron-version | |
| - run: yarn lint | |
| - run: yarn validate-changelog | |
| - name: Ensure a clean working directory | |
| run: git diff --name-status --exit-code | |
| build: | |
| name: ${{ matrix.friendlyName }} ${{ matrix.arch }} | |
| runs-on: ${{ matrix.os }} | |
| permissions: | |
| contents: read | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| os: [macos-13, windows-2019] | |
| arch: [x64, arm64] | |
| include: | |
| - os: macos-13 | |
| friendlyName: macOS | |
| - os: windows-2019 | |
| friendlyName: Windows | |
| timeout-minutes: 60 | |
| environment: ${{ inputs.environment }} | |
| env: | |
| RELEASE_CHANNEL: ${{ inputs.environment }} | |
| steps: | |
| - uses: actions/checkout@v4 | |
| with: | |
| repository: ${{ inputs.repository || github.repository }} | |
| ref: ${{ inputs.ref }} | |
| submodules: recursive | |
| - uses: actions/setup-python@v5 | |
| with: | |
| python-version: '3.11' | |
| - name: Use Node.js ${{ env.NODE_VERSION }} | |
| uses: actions/setup-node@v4 | |
| with: | |
| node-version: ${{ env.NODE_VERSION }} | |
| cache: yarn | |
| - name: Install and build dependencies | |
| run: yarn | |
| env: | |
| npm_config_arch: ${{ matrix.arch }} | |
| TARGET_ARCH: ${{ matrix.arch }} | |
| - name: Build production app | |
| run: yarn build:prod | |
| env: | |
| DESKTOP_OAUTH_CLIENT_ID: ${{ secrets.DESKTOP_OAUTH_CLIENT_ID }} | |
| DESKTOP_OAUTH_CLIENT_SECRET: | |
| ${{ secrets.DESKTOP_OAUTH_CLIENT_SECRET }} | |
| APPLE_ID: ${{ secrets.APPLE_ID }} | |
| APPLE_ID_PASSWORD: ${{ secrets.APPLE_ID_PASSWORD }} | |
| APPLE_TEAM_ID: ${{ secrets.APPLE_TEAM_ID }} | |
| APPLE_APPLICATION_CERT: ${{ secrets.APPLE_APPLICATION_CERT }} | |
| KEY_PASSWORD: ${{ secrets.APPLE_APPLICATION_CERT_PASSWORD }} | |
| npm_config_arch: ${{ matrix.arch }} | |
| TARGET_ARCH: ${{ matrix.arch }} | |
| - name: Prepare testing environment | |
| if: matrix.arch == 'x64' | |
| run: yarn test:setup | |
| env: | |
| npm_config_arch: ${{ matrix.arch }} | |
| - name: Run unit tests | |
| if: matrix.arch == 'x64' | |
| run: yarn test:unit | |
| - name: Run script tests | |
| if: matrix.arch == 'x64' | |
| run: yarn test:script | |
| - name: Install Azure Code Signing Client | |
| if: ${{ runner.os == 'Windows' }} | |
| run: | | |
| $acsZip = Join-Path $env:RUNNER_TEMP "acs.zip" | |
| $acsDir = Join-Path $env:RUNNER_TEMP "acs" | |
| Invoke-WebRequest -Uri https://www.nuget.org/api/v2/package/Microsoft.Trusted.Signing.Client/1.0.52 -OutFile $acsZip -Verbose | |
| Expand-Archive $acsZip -Destination $acsDir -Force -Verbose | |
| # Replace ancient signtool in electron-winstall with one that supports ACS | |
| Copy-Item -Path "C:\Program Files (x86)\Windows Kits\10\bin\10.0.22621.0\x64\*" -Include signtool.exe,signtool.exe.manifest,Microsoft.Windows.Build.Signing.mssign32.dll.manifest,mssign32.dll,Microsoft.Windows.Build.Signing.wintrust.dll.manifest,wintrust.dll,Microsoft.Windows.Build.Appx.AppxSip.dll.manifest,AppxSip.dll,Microsoft.Windows.Build.Appx.AppxPackaging.dll.manifest,AppxPackaging.dll,Microsoft.Windows.Build.Appx.OpcServices.dll.manifest,OpcServices.dll -Destination "node_modules\electron-winstaller\vendor" -Verbose | |
| - name: Package production app | |
| run: yarn package | |
| env: | |
| npm_config_arch: ${{ matrix.arch }} | |
| AZURE_TENANT_ID: ${{ secrets.AZURE_CODE_SIGNING_TENANT_ID }} | |
| AZURE_CLIENT_ID: ${{ secrets.AZURE_CODE_SIGNING_CLIENT_ID }} | |
| AZURE_CLIENT_SECRET: ${{ secrets.AZURE_CODE_SIGNING_CLIENT_SECRET }} | |
| - name: Upload artifacts | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: ${{matrix.friendlyName}}-${{matrix.arch}} | |
| path: | | |
| dist/GitHub Desktop-${{matrix.arch}}.zip | |
| dist/GitHubDesktop-*.nupkg | |
| dist/GitHubDesktopSetup-${{matrix.arch}}.exe | |
| dist/GitHubDesktopSetup-${{matrix.arch}}.msi | |
| dist/bundle-size.json | |
| if-no-files-found: error | |
| publish: | |
| name: Publish artifacts | |
| runs-on: ubuntu-latest | |
| needs: build | |
| steps: | |
| - name: Set release tag | |
| run: echo "RELEASE_TAG=${GITHUB_REF/refs\/tags\//}" >> $GITHUB_ENV | |
| - name: Download all artifacts | |
| uses: actions/download-artifact@v4 | |
| with: | |
| path: './artifacts' | |
| - name: Display structure of downloaded files | |
| run: ls -R | |
| working-directory: './artifacts' | |
| - name: Wait for release to be available | |
| run: | | |
| echo "Waiting for release ${{ env.RELEASE_TAG }} to be available..." | |
| for i in {1..180}; do | |
| response=$(curl --silent -H "Authorization: token ${{ secrets.GITHUB_TOKEN }}" "https://api.github.com/repos/${{ github.repository }}/releases/tags/$RELEASE_TAG") | |
| if echo "$response" | grep -q '"id":'; then | |
| echo "Release found." | |
| exit 0 | |
| fi | |
| echo "Release not found. Retrying in 10 seconds..." | |
| sleep 10 | |
| done | |
| echo "Release ${{ env.RELEASE_TAG }} not found after 30 minutes." | |
| exit 1 | |
| - name: Rename artifacts | |
| run: | | |
| # GitHubDesktopSetup-<arch>.<ext> -> GitHubDesktopPlus-<release_tag>-windows-<arch>.<ext> | |
| for file in $(find ./artifacts -type f -name "GitHubDesktopSetup-*"); do | |
| new_name=$(echo "$file" | sed -E "s/GitHubDesktopSetup-(.*)\\.(.*)/GitHubDesktopPlus-${{ env.RELEASE_TAG }}-windows-\\1.\\2/") | |
| mv --verbose "$file" "$new_name" | |
| done | |
| # GitHub Desktop-<arch>.zip -> GitHubDesktopPlus-<release_tag>-macOS-<arch>.zip | |
| for file in $(find ./artifacts -type f -name "GitHub Desktop-*.zip"); do | |
| new_name=$(echo "$file" | sed -E "s/GitHub Desktop-(.*)\\.zip/GitHubDesktopPlus-${{ env.RELEASE_TAG }}-macOS-\\1.zip/") | |
| mv --verbose "$file" "$new_name" | |
| done | |
| - name: Upload assets to release | |
| run: gh release upload $RELEASE_TAG ./artifacts/* --clobber | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} |