Session Desktop (push) #2024
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Session Desktop | |
| on: | |
| push: | |
| branches: | |
| - master | |
| - dev | |
| - "release/**" | |
| - "feature/**" | |
| - "ci/**" | |
| pull_request: | |
| branches: | |
| - dev | |
| - "release/**" | |
| - "feature/**" | |
| - "ci/**" | |
| workflow_dispatch: | |
| inputs: | |
| target_branch: | |
| description: "Branch to make a release of" | |
| required: true | |
| default: "master" | |
| # Dynamic name for the run | |
| run-name: > | |
| Session Desktop ${{ github.event_name == 'workflow_dispatch' && format('(manual run on {0})', github.event.inputs.target_branch) || format('(push)', github.event.pull_request.number || github.ref) }} | |
| concurrency: | |
| group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} | |
| cancel-in-progress: true | |
| jobs: | |
| create_draft_release_if_needed: | |
| runs-on: ubuntu-22.04 | |
| env: | |
| GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| # we only want to publish on "push to master" or alpha releases. When we don't want to publish, we want to upload artefacts | |
| SHOULD_PUBLISH: ${{ github.event_name == 'push' && github.ref == 'refs/heads/master' }} | |
| SHOULD_PUBLISH_ALPHA: ${{ github.event_name == 'push' && startsWith(github.ref, 'refs/heads/release') && contains(github.ref, '-alpha.') }} | |
| outputs: | |
| # Note: It is very important to only set this when we want to do a release, | |
| # as this will be used in the others jobs to know if we need to make a release/upload artefacts | |
| version_tag: ${{ steps.get_version.outputs.VERSION_TAG }} | |
| steps: | |
| - name: Checkout git repo | |
| uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5 | |
| if: ${{ env.SHOULD_PUBLISH == 'true' || env.SHOULD_PUBLISH_ALPHA == 'true' }} | |
| # We only need a few files in this run, no point cloning everything | |
| with: | |
| sparse-checkout: | | |
| package.json | |
| build/release-notes.md | |
| build/release-notes-alpha.md | |
| sparse-checkout-cone-mode: false | |
| ref: ${{ github.event_name == 'workflow_dispatch' && github.event.inputs.target_branch || github.ref }} | |
| - name: Get version tag from package.json | |
| # Make sure to skip this step if we do not want to make a release, as the other jobs will otherwise create a release. | |
| if: ${{ env.SHOULD_PUBLISH == 'true' || env.SHOULD_PUBLISH_ALPHA == 'true' }} | |
| id: get_version | |
| run: | | |
| version=$(node -p "require('./package.json').version") | |
| echo "VERSION_TAG=$version" >> "$GITHUB_OUTPUT" | |
| - name: Create draft release | |
| # only run this on "push" to "master" or alpha releases | |
| if: ${{ env.SHOULD_PUBLISH == 'true' || env.SHOULD_PUBLISH_ALPHA == 'true' }} | |
| uses: ncipollo/release-action@v1 | |
| with: | |
| tag: v${{ steps.get_version.outputs.VERSION_TAG }} | |
| name: "Session ${{ steps.get_version.outputs.VERSION_TAG }}" | |
| draft: true # important to keep this, so we **NEVER** make a live release through the CI | |
| bodyFile: ${{ env.SHOULD_PUBLISH_ALPHA == 'true' && 'build/release-notes-alpha.md' || 'build/release-notes.md' }} | |
| allowUpdates: true | |
| # updateOnlyUnreleased: true Not needed as we already have `skipIfReleaseExists` | |
| skipIfReleaseExists: true | |
| makeLatest: false | |
| omitBodyDuringUpdate: true | |
| omitNameDuringUpdate: true | |
| lint: | |
| runs-on: ubuntu-22.04 | |
| timeout-minutes: 10 | |
| steps: | |
| - name: Checkout git repo | |
| uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5 | |
| with: | |
| ref: ${{ github.event_name == 'workflow_dispatch' && github.event.inputs.target_branch || github.ref }} | |
| submodules: "recursive" | |
| - name: Setup | |
| uses: ./actions/setup | |
| with: | |
| cache_suffix: "linux_x64" | |
| - name: Setup ESLint cache | |
| uses: actions/cache@0057852bfaa89a56745cba8c7296529d2fc39830 # v4 | |
| with: | |
| path: .eslintcache | |
| key: eslint-${{ hashFiles('pnpm-lock.yaml', 'patches/**', '.eslintrc.js', '.eslint/**') }} | |
| restore-keys: | | |
| eslint- | |
| - name: Ensure pnpm-lock.yaml has no duplicates | |
| run: pnpm dedupe --check | |
| - name: Format & Lint | |
| run: pnpm run lint | |
| - name: Validate formatting & linting changed no files | |
| run: git diff --exit-code | |
| build_linux: | |
| # We want to run the linux builds at the same time as linting for faster dev iteration | |
| needs: [create_draft_release_if_needed] | |
| runs-on: ubuntu-22.04 | |
| timeout-minutes: 20 | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| # `electron_target` needs to be a valid target of https://www.electron.build/linux#target | |
| include: | |
| - identifier: deb | |
| electron_target: deb | |
| is_qa: false | |
| generate_release_metadata: true | |
| - identifier: rpm | |
| electron_target: rpm | |
| is_qa: false | |
| generate_release_metadata: true | |
| - identifier: AppImage | |
| electron_target: AppImage | |
| is_qa: false | |
| generate_release_metadata: true | |
| - identifier: freebsd | |
| electron_target: freebsd | |
| is_qa: false | |
| generate_release_metadata: false | |
| # Note: this deb-qa is currently broken. The deb and deb-qa are currently overwriting each others | |
| # during build-release-publish and maybe the upload-artefact too. | |
| # - identifier: deb-qa | |
| # electron_target: deb | |
| # is_qa: true | |
| # generate_release_metadata: false | |
| name: "${{ matrix.identifier }}" | |
| env: | |
| GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| USE_HARD_LINKS: false # see https://github.com/electron-userland/electron-builder/issues/7093 | |
| steps: | |
| - name: Checkout git repo | |
| uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5 | |
| with: | |
| ref: ${{ github.event_name == 'workflow_dispatch' && github.event.inputs.target_branch || github.ref }} | |
| submodules: "recursive" | |
| - name: Setup | |
| uses: ./actions/setup | |
| with: | |
| # All the x64 linux build run on the same machine so the setup cache is the same | |
| cache_suffix: "linux_x64" | |
| - name: Custom build for QA if needed | |
| if: ${{ matrix.is_qa == true }} | |
| uses: ./actions/sed_for_qa | |
| - name: Enforce static builds for libsession-util-nodejs | |
| uses: ./actions/enforce_static_builds | |
| - name: Build | |
| run: pnpm run build | |
| # we want to test on all platforms since some are testing the rendered menus (and are dependent on the platform) | |
| - name: Unit Test | |
| run: pnpm run test | |
| - name: Make release build but do not publish ${{ matrix.identifier }} | |
| # we do want this part to run only when version_tag is unset (i.e. we are not making a release) | |
| if: ${{ needs.create_draft_release_if_needed.outputs.version_tag == '' }} | |
| run: | | |
| sed -i 's/"target": "deb"/"target": "${{ matrix.electron_target }}"/g' package.json && pnpm run build-release | |
| - name: Upload artefacts ${{ matrix.identifier }} | |
| # we do want this part to run only when version_tag is unset (i.e. we are not making a release) | |
| if: ${{ needs.create_draft_release_if_needed.outputs.version_tag == '' }} | |
| uses: ./actions/upload_prod_artefacts | |
| with: | |
| upload_prefix: ${{ runner.os }}-${{ runner.arch }}-${{ matrix.identifier }} | |
| - name: Make release build & publish ${{ matrix.identifier }} | |
| if: ${{ needs.create_draft_release_if_needed.outputs.version_tag != '' }} | |
| run: | | |
| sed -i 's/"target": "deb"/"target": "${{ matrix.electron_target }}"/g' package.json && pnpm run build-release-publish | |
| - name: Backup release metadata | |
| # only run this on "push" to "master" or alpha releases | |
| # Note: The jobs are overwriting each other's latest-linux.yml. | |
| # So, we upload all of them as artifacts, and then merge them (see `post_build_linux`) | |
| # note: freebsd does not generate a latest-linux.yml file so we exclude it, same for the deb-qa build | |
| if: ${{ needs.create_draft_release_if_needed.outputs.version_tag != '' && matrix.generate_release_metadata == true }} | |
| shell: bash | |
| run: | | |
| mv release/latest-linux.yml release/latest-linux-${{ matrix.electron_target }}-${{ github.sha }}.yml | |
| - name: Upload release metadata | |
| # only run this on "push" to "master" or alpha releases | |
| if: ${{ needs.create_draft_release_if_needed.outputs.version_tag != '' && matrix.generate_release_metadata == true }} | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: latest-linux-${{ matrix.electron_target }}-${{ github.sha }}.yml | |
| path: release/latest-linux-${{ matrix.electron_target }}-${{ github.sha }}.yml | |
| post_build_linux: | |
| needs: [create_draft_release_if_needed, build_linux] | |
| runs-on: ubuntu-22.04 | |
| if: ${{ needs.create_draft_release_if_needed.outputs.version_tag != '' }} | |
| env: | |
| GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| steps: | |
| - name: Checkout git repo | |
| uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5 | |
| # We only need a few files in this run, no point cloning everything | |
| with: | |
| sparse-checkout: | | |
| package.json | |
| build/setup-release-combine.sh | |
| sparse-checkout-cone-mode: false | |
| ref: ${{ github.event_name == 'workflow_dispatch' && github.event.inputs.target_branch || github.ref }} | |
| - name: Download release metadata | |
| uses: actions/download-artifact@v4 | |
| with: | |
| pattern: latest-linux-*-${{ github.sha }}.yml | |
| path: release | |
| merge-multiple: true | |
| - name: Combine release metadata | |
| run: | | |
| ./build/setup-release-combine.sh ${{ github.sha }} linux | |
| - name: Upload changes to draft release | |
| uses: ncipollo/release-action@v1 | |
| with: | |
| # the if at the job level checks that version_tag is not empty | |
| tag: v${{ needs.create_draft_release_if_needed.outputs.version_tag }} | |
| artifacts: "release/latest-linux.yml" | |
| draft: true # important to keep this, so we **NEVER** make a live release through the CI | |
| allowUpdates: true | |
| omitNameDuringUpdate: true | |
| omitBodyDuringUpdate: true | |
| replacesArtifacts: true | |
| updateOnlyUnreleased: true | |
| makeLatest: false | |
| build_windows: | |
| runs-on: windows-2022 | |
| needs: [create_draft_release_if_needed, lint] | |
| env: | |
| GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| name: "windows x64" | |
| steps: | |
| - run: git config --global core.autocrlf false | |
| - run: git config --global core.eol lf | |
| # Not having this will break the windows build because the PATH won't be set by msbuild. | |
| - name: Add msbuild to PATH | |
| uses: microsoft/setup-msbuild@v2 | |
| if: runner.os == 'Windows' | |
| - name: Checkout git repo | |
| uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5 | |
| with: | |
| ref: ${{ github.event_name == 'workflow_dispatch' && github.event.inputs.target_branch || github.ref }} | |
| submodules: "recursive" | |
| - name: Setup | |
| uses: ./actions/setup | |
| with: | |
| cache_suffix: "windows_x64" | |
| - name: Build | |
| run: pnpm run build | |
| # we want to test on all platforms since some are testing the rendered menus (and are dependent on the platform) | |
| - name: Unit Test | |
| run: pnpm run test-hoisted | |
| - name: Make release build but do not publish | |
| # always run this, except on "push" to "master" or alpha releases | |
| if: ${{ needs.create_draft_release_if_needed.outputs.version_tag == '' }} | |
| run: pnpm run build-release | |
| - name: Upload artefacts | |
| # we do want this part to run only when version_tag is unset (i.e. we are not making a release) | |
| if: ${{ needs.create_draft_release_if_needed.outputs.version_tag == '' }} | |
| uses: ./actions/upload_prod_artefacts | |
| with: | |
| upload_prefix: ${{ runner.os }}-${{ runner.arch }} | |
| - name: Make release build & publish | |
| if: ${{ needs.create_draft_release_if_needed.outputs.version_tag != '' }} | |
| run: pnpm run build-release-publish # No other args needed for windows publish | |
| # We want both arm64 and intel mac builds, and according to this https://docs.github.com/en/actions/using-github-hosted-runners/using-github-hosted-runners/about-github-hosted-runners#supported-runners-and-hardware-resources macos-14 and above is always arm64 and macos-15 is the last intel runner | |
| # NOTE x64 builds made on an arm64 host will not bundle the native modules correctly https://github.com/electron-userland/electron-builder/issues/8646 | |
| build_mac: | |
| strategy: | |
| matrix: | |
| include: | |
| - architecture: arm64 | |
| cache_suffix: mac-arm64 | |
| runner: macos-14 | |
| - architecture: x64 | |
| cache_suffix: mac-x64 | |
| runner: macos-15-intel | |
| runs-on: ${{ matrix.runner }} | |
| name: "${{ matrix.architecture }}" | |
| needs: [create_draft_release_if_needed, lint] | |
| env: | |
| GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| MAC_CERTIFICATE: ${{ secrets.MAC_CERTIFICATE }} | |
| MAC_CERTIFICATE_PASSWORD: ${{ secrets.MAC_CERTIFICATE_PASSWORD }} | |
| SIGNING_APPLE_ID: ${{ secrets.SIGNING_APPLE_ID }} | |
| SIGNING_APP_PASSWORD: ${{ secrets.SIGNING_APP_PASSWORD }} | |
| SIGNING_TEAM_ID: ${{ secrets.SIGNING_TEAM_ID }} | |
| steps: | |
| - run: git config --global core.autocrlf false | |
| - name: Checkout git repo | |
| uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5 | |
| with: | |
| ref: ${{ github.event_name == 'workflow_dispatch' && github.event.inputs.target_branch || github.ref }} | |
| submodules: "recursive" | |
| - name: Setup | |
| uses: ./actions/setup | |
| with: | |
| cache_suffix: ${{ matrix.cache_suffix }} | |
| - name: Enforce static builds for libsession-util-nodejs | |
| uses: ./actions/enforce_static_builds | |
| - name: Build | |
| run: pnpm run build | |
| # we want to test on all platforms since some are testing the rendered menus (and are dependent on the platform) | |
| - name: Unit Test | |
| run: pnpm run test | |
| - name: Make release build ${{ matrix.architecture }} | |
| uses: ./actions/make_release_build | |
| with: | |
| architecture: ${{ matrix.architecture }} | |
| should_publish: ${{ needs.create_draft_release_if_needed.outputs.version_tag != '' }} | |
| post_build_mac: | |
| needs: [create_draft_release_if_needed, build_mac] | |
| runs-on: ubuntu-22.04 | |
| if: ${{ needs.create_draft_release_if_needed.outputs.version_tag != '' }} | |
| env: | |
| GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| steps: | |
| - name: Checkout git repo | |
| uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5 | |
| # We only need a few files in this run, no point cloning everything | |
| with: | |
| sparse-checkout: | | |
| package.json | |
| build/setup-release-combine.sh | |
| sparse-checkout-cone-mode: false | |
| ref: ${{ github.event_name == 'workflow_dispatch' && github.event.inputs.target_branch || github.ref }} | |
| - name: Download release metadata | |
| uses: actions/download-artifact@v4 | |
| with: | |
| pattern: latest-mac-*-${{ github.sha }}.yml | |
| path: release | |
| merge-multiple: true | |
| - name: Combine release metadata | |
| run: | | |
| ./build/setup-release-combine.sh ${{ github.sha }} mac | |
| - name: Upload changes to draft release | |
| uses: ncipollo/release-action@v1 | |
| # the if at the job level checks that version_tag is not empty | |
| with: | |
| tag: v${{ needs.create_draft_release_if_needed.outputs.version_tag }} | |
| artifacts: "release/latest-mac.yml" | |
| draft: true # important to keep this, so we **NEVER** make a live release through the CI | |
| allowUpdates: true | |
| omitNameDuringUpdate: true | |
| omitBodyDuringUpdate: true | |
| replacesArtifacts: true | |
| updateOnlyUnreleased: true | |
| makeLatest: false |