-
Notifications
You must be signed in to change notification settings - Fork 2
132 lines (129 loc) · 4.29 KB
/
build-electron.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
name: build-electron
on:
workflow_call:
inputs:
must_sign:
required: false
type: boolean
default: false
jobs:
# Build the happ
call-build-webhapps:
uses: ./.github/workflows/build-webhapps.yml
# Build the electron app per platform
build-electron:
needs: call-build-webhapps
strategy:
matrix:
os:
- ubuntu-latest
- macos-11
- windows-latest
runs-on: ${{ matrix.os }}
steps:
- uses: actions/checkout@v3
# Set NPM shell (windows-only)
- name: Set NPM shell (windows-only)
if: ${{ runner.os == 'Windows' }}
shell: bash
run: |
npm config set script-shell "C:\\Program Files\\git\\bin\\bash.exe"
# Setup AzureSignTool for Windows signing
- name: Setup AzureSignTool for Windows signing
if: ${{ runner.os == 'Windows' && inputs.must_sign }}
shell: bash
run: |
dotnet tool install --global AzureSignTool
# Download submodules
- name: Download submodules
shell: bash
run: |
npm run install:submodules
# Download previously uploaded artifacts
- uses: actions/download-artifact@master
with:
name: all-happ-artifact
path: artifacts
# Display artifacts folder
- name: Display artifacts folder
run: ls
working-directory: artifacts
# Dispatch artifacts
- name: Dispatch artifacts
run: |
cp ./artifacts/snapmail.happ ./electron/bin
cp ./artifacts/snapmail_zome_hash.txt ./electron/bin
# Install npm dependencies
- name: Install npm dependencies
shell: bash
run: |
npm install
# list electron/bin
- name: list electron/bin
continue-on-error: true
run: ls
working-directory: electron/bin
# build webapp
- name: build webapp
shell: bash
run: |
npm run build:webapp
# Dist webapp
- name: Dist webapp
run: |
npm run dist -w webapp
# build electron
- name: build electron
shell: bash
run: |
npm run build -w electron
# Setup sign & notarize # HBE_APPLE_CERTIFICATE_PASS
- name: Setup sign and notarize (macos only)
if: ${{ runner.os == 'macOs' && inputs.must_sign }}
uses: figleafteam/import-codesign-certs@v2
with:
p12-file-base64: ${{ secrets.HBE_APPLE_CERTIFICATE_BASE64 }}
p12-password: ${{ secrets.HBE_APPLE_CERTIFICATE_PASS }}
# Dist Electron
- name: Dist Electron
shell: bash
env:
#WIN_CSC_LINK: ${{ steps.write_file.outputs.filePath }}
#WIN_CSC_KEY_PASSWORD: ${{ secrets.WINDOWS_PFX_PASSWORD }}
APPLE_DEV_IDENTITY: ${{ secrets.APPLE_DEV_IDENTITY }}
APPLE_ID_EMAIL: ${{ secrets.APPLE_ID_EMAIL }}
APPLE_ID_PASSWORD: ${{ secrets.APPLE_ID_PASSWORD }}
DEBUG: electron-osx-sign*,electron-notarize*
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: |
npm run dist:electron
# list out folder
- name: list out-builder folder
continue-on-error: true
run: ls
working-directory: electron/out-builder
# Move binary for each platform
- name: Move binary
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: |
cp electron/out-builder/Snapmail* ./artifacts
# List artifacts folder
- name: List artifacts folder
run: ls -R
working-directory: artifacts
# Sign Windows certificate
- name: Sign Windows certificate
if: ${{ runner.os == 'Windows' && inputs.must_sign }}
shell: bash
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
working-directory: artifacts
run: |
echo exe filename: $(ls|grep "\.exe$")
AzureSignTool sign -kvu "${{ secrets.AZURE_KEY_VAULT_URI }}" -kvi "${{ secrets.AZURE_CLIENT_ID }}" -kvt "${{ secrets.AZURE_TENANT_ID }}" -kvs "${{ secrets.AZURE_CLIENT_SECRET }}" -kvc ${{ secrets.AZURE_CERT_NAME }} -tr http://timestamp.digicert.com -v "$(ls|grep "\.exe$")"
# "upload" artifacts
- uses: actions/upload-artifact@master
with:
name: all-happ-artifact
path: artifacts/