-
Notifications
You must be signed in to change notification settings - Fork 2
86 lines (75 loc) · 3.03 KB
/
release.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
name: 'Manual Release'
on:
workflow_dispatch:
jobs:
publish-studio:
permissions:
contents: write
strategy:
fail-fast: false
matrix:
# linux disabled until we get to work to support it
#platform: [macos-latest, ubuntu-20.04, windows-latest]
platform: [macos-latest, windows-latest]
runs-on: ${{ matrix.platform }}
steps:
- uses: actions/checkout@v4
- name: setup node
uses: actions/setup-node@v4
with:
node-version: 20
# try earlier python version for appdmg
# https://github.com/electron/forge/issues/3371#issuecomment-2105195302
- name: Install Python 3.11.4
uses: actions/setup-python@v4
with:
python-version: '3.11.4'
- name: install dependencies
run: npm ci
- name: setup macos keychain
if: startsWith(matrix.platform, 'macos-')
run: |
echo "$APPLE_API_KEY" > ./apple_api_key.p8
echo $APPLE_CERTIFICATE_P12 | base64 --decode > certificate.p12
security create-keychain -p "$CERTIFICATE_PASSWORD" build.keychain
security default-keychain -s build.keychain
security unlock-keychain -p "$CERTIFICATE_PASSWORD" build.keychain
security import certificate.p12 -k build.keychain -P "$CERTIFICATE_PASSWORD" -T /usr/bin/codesign
security set-key-partition-list -S apple-tool:,apple:,codesign: -s -k "$CERTIFICATE_PASSWORD" build.keychain
env:
APPLE_CERTIFICATE_P12: ${{ secrets.APPLE_CERTIFICATE_P12 }}
CERTIFICATE_PASSWORD: ${{ secrets.APPLE_CERTIFICATE_P12_PASSWORD }}
APPLE_API_KEY: ${{ secrets.APPLE_API_KEY }}
- name: setup windows certificate
if: startsWith(matrix.platform, 'windows-')
run: |
$bytes = [Convert]::FromBase64String("${{ secrets.WINDOWS_CERTIFICATE }}")
[IO.File]::WriteAllBytes("certificate.pfx", $bytes)
env:
WINDOWS_CERTIFICATE: ${{ secrets.WINDOWS_CERTIFICATE }}
- name: publish
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
# notarization
APPLE_API_KEY_ID: ${{ secrets.APPLE_API_KEY_ID }}
APPLE_API_ISSUER: ${{ secrets.APPLE_API_ISSUER }}
APPLE_API_KEY: ./apple_api_key.p8
# windows cert
WINDOWS_CERTIFICATE_PATH: ./certificate.pfx
WINDOWS_CERTIFICATE_PASSWORD: ${{ secrets.WINDOWS_CERTIFICATE_PASSWORD }}
# sentry integration
SENTRY_DSN: ${{ secrets.SENTRY_DSN }}
# sentry vite plugin integration during build
SENTRY_AUTH_TOKEN: ${{ secrets.SENTRY_AUTH_TOKEN }}
SENTRY_ORG: ${{ env.SENTRY_ORG }}
SENTRY_PROJECT: ${{ env.SENTRY_PROJECT }}
run: npm run publish
- name: cleanup macos certificates
if: startsWith(matrix.platform, 'macos-')
run: |
rm apple_api_key.p8
rm certificate.p12
- name: cleanup windows certificates
if: startsWith(matrix.platform, 'windows-')
run: |
del certificate.pfx