Skip to content
Release

0.4.0 #11

Sign in to view logs

0.4.0

0.4.0 #11

Workflow file for this run

.github/workflows/release.yml at e6b96a5
name: Release
on:
push:
tags:
- 'v*'
permissions:
contents: write
jobs:
create-release:
runs-on: ubuntu-latest
outputs:
release_id: ${{ steps.create.outputs.id }}
steps:
- uses: actions/checkout@v4
- name: Create draft release
id: create
uses: softprops/action-gh-release@v2
with:
draft: true
generate_release_notes: true
build-linux:
needs: create-release
runs-on: ubuntu-22.04
steps:
- uses: actions/checkout@v4
- uses: actions/setup-node@v4
with:
node-version: 'lts/*'
cache: npm
- run: npm ci
- run: npm run build -- --publish never
- name: Upload artifacts
uses: softprops/action-gh-release@v2
with:
tag_name: ${{ github.ref_name }}
files: |
release/*.AppImage
release/*.deb
draft: true
build-macos:
needs: create-release
runs-on: macos-latest
steps:
- uses: actions/checkout@v4
- uses: actions/setup-node@v4
with:
node-version: 'lts/*'
cache: npm
- name: Import code signing certificate
env:
DMG_CERT: ${{ secrets.DMG_CERT }}
DMG_CERT_PWD: ${{ secrets.DMG_CERT_PWD }}
run: |
CERTIFICATE_PATH="$RUNNER_TEMP/build_certificate.p12"
KEYCHAIN_PATH="$RUNNER_TEMP/app-signing.keychain-db"
KEYCHAIN_PWD=$(openssl rand -base64 32)
echo -n "$DMG_CERT" | base64 --decode -o "$CERTIFICATE_PATH"
security create-keychain -p "$KEYCHAIN_PWD" "$KEYCHAIN_PATH"
security set-keychain-settings -lut 3600 "$KEYCHAIN_PATH"
security unlock-keychain -p "$KEYCHAIN_PWD" "$KEYCHAIN_PATH"
security import "$CERTIFICATE_PATH" -P "$DMG_CERT_PWD" \
-A -t cert -f pkcs12 -k "$KEYCHAIN_PATH"
security set-key-partition-list -S apple-tool:,apple:,codesign: \
-s -k "$KEYCHAIN_PWD" "$KEYCHAIN_PATH"
security list-keychains -d user -s "$KEYCHAIN_PATH"
- name: Prepare API key for notarization
env:
APPLE_API_KEY_B64: ${{ secrets.APPLE_API_KEY }}
run: |
mkdir -p "$RUNNER_TEMP/private_keys"
echo -n "$APPLE_API_KEY_B64" | base64 --decode > "$RUNNER_TEMP/private_keys/AuthKey.p8"
- run: npm ci
- name: Build and sign
env:
APPLE_API_KEY: ${{ runner.temp }}/private_keys/AuthKey.p8
APPLE_API_KEY_ID: ${{ secrets.APPLE_API_KEY_ID }}
APPLE_API_ISSUER: ${{ secrets.APPLE_API_ISSUER }}
run: npm run build -- --universal --publish never
- name: Upload artifacts
uses: softprops/action-gh-release@v2
with:
tag_name: ${{ github.ref_name }}
files: release/*.dmg
draft: true
- name: Cleanup signing artifacts
if: always()
run: |
security delete-keychain "$RUNNER_TEMP/app-signing.keychain-db" 2>/dev/null || true
rm -f "$RUNNER_TEMP/private_keys/AuthKey.p8" 2>/dev/null || true
rm -f "$RUNNER_TEMP/build_certificate.p12" 2>/dev/null || true