mirror of
https://github.com/felixrieseberg/macintosh.js.git
synced 2024-06-03 07:29:40 +00:00
build: Baby's first GitHub Action
This commit is contained in:
parent
ad7e313fb5
commit
0f91d7c62a
97
.github/workflows/build.yml
vendored
Normal file
97
.github/workflows/build.yml
vendored
Normal file
|
@ -0,0 +1,97 @@
|
||||||
|
name: Build & Release
|
||||||
|
|
||||||
|
on:
|
||||||
|
push:
|
||||||
|
branches:
|
||||||
|
- master
|
||||||
|
tags:
|
||||||
|
- v*
|
||||||
|
pull_request:
|
||||||
|
|
||||||
|
jobs:
|
||||||
|
lint:
|
||||||
|
runs-on: ubuntu-latest
|
||||||
|
steps:
|
||||||
|
- uses: actions/checkout@v2
|
||||||
|
- name: Setup Node.js
|
||||||
|
uses: actions/setup-node@v1
|
||||||
|
with:
|
||||||
|
node-version: 12.x
|
||||||
|
- name: Get yarn cache directory path
|
||||||
|
id: yarn-cache-dir-path
|
||||||
|
run: echo "::set-output name=dir::$(yarn cache dir)"
|
||||||
|
- uses: actions/cache@v1
|
||||||
|
id: yarn-cache # use this to check for `cache-hit` (`steps.yarn-cache.outputs.cache-hit != 'true'`)
|
||||||
|
with:
|
||||||
|
path: ${{ steps.yarn-cache-dir-path.outputs.dir }}
|
||||||
|
key: ${{ runner.os }}-yarn-${{ hashFiles('**/yarn.lock') }}
|
||||||
|
restore-keys: |
|
||||||
|
${{ runner.os }}-yarn-
|
||||||
|
- name: Install
|
||||||
|
run: yarn
|
||||||
|
- name: lint
|
||||||
|
run: yarn lint
|
||||||
|
build:
|
||||||
|
needs: lint
|
||||||
|
runs-on: ${{ matrix.platform.host }}
|
||||||
|
strategy:
|
||||||
|
matrix:
|
||||||
|
platform:
|
||||||
|
- host: windows-latest
|
||||||
|
target: win32
|
||||||
|
- host: macOS-latest
|
||||||
|
target: darwin
|
||||||
|
- host: ubuntu-latest
|
||||||
|
target: linux
|
||||||
|
steps:
|
||||||
|
- uses: actions/checkout@v2
|
||||||
|
- name: Setup Node.js
|
||||||
|
uses: actions/setup-node@v1
|
||||||
|
with:
|
||||||
|
node-version: 12.x
|
||||||
|
- name: Get yarn cache directory path
|
||||||
|
id: yarn-cache-dir-path
|
||||||
|
run: echo "::set-output name=dir::$(yarn cache dir)"
|
||||||
|
- uses: actions/cache@v1
|
||||||
|
if: matrix.platform.host != 'macOS-latest'
|
||||||
|
id: yarn-cache # use this to check for `cache-hit` (`steps.yarn-cache.outputs.cache-hit != 'true'`)
|
||||||
|
with:
|
||||||
|
path: ${{ steps.yarn-cache-dir-path.outputs.dir }}
|
||||||
|
key: ${{ runner.os }}-yarn-${{ hashFiles('**/yarn.lock') }}
|
||||||
|
restore-keys: |
|
||||||
|
${{ runner.os }}-yarn-
|
||||||
|
- name: Set MacOS signing certs
|
||||||
|
if: matrix.os == 'macos-latest'
|
||||||
|
run: chmod +x tools/add-osx-cert.sh && ./tools/add-osx-cert.sh
|
||||||
|
env:
|
||||||
|
CERTIFICATE_OSX_APPLICATION: ${{ secrets.MACOS_CERT_P12 }}
|
||||||
|
CERTIFICATE_PASSWORD: ${{ secrets.MACOS_CERT_PASSWORD }}
|
||||||
|
- name: Set Windows signing certificate
|
||||||
|
if: matrix.os == 'windows-latest'
|
||||||
|
id: write_file
|
||||||
|
uses: timheuer/base64-to-file@v1
|
||||||
|
with:
|
||||||
|
fileName: 'win-certificate.pfx'
|
||||||
|
encodedString: ${{ secrets.WINDOWS_CODESIGN_P12 }}
|
||||||
|
- name: Install
|
||||||
|
run: yarn
|
||||||
|
- name: Make
|
||||||
|
# if: startsWith(github.ref, 'refs/tags/')
|
||||||
|
run: yarn make
|
||||||
|
env:
|
||||||
|
APPLE_ID: ${{ secrets.APPLE_ID }}
|
||||||
|
APPLE_ID_PASSWORD: ${{ secrets.APPLE_ID_PASSWORD }}
|
||||||
|
WINDOWS_CODESIGN_FILE: ${{ steps.write_file.outputs.filePath }}
|
||||||
|
WINDOWS_CODESIGN_PASSWORD: ${{ secrets.WINDOWS_CODESIGN_PASSWORD }}
|
||||||
|
- name: Release
|
||||||
|
uses: softprops/action-gh-release@v1
|
||||||
|
if: startsWith(github.ref, 'refs/tags/')
|
||||||
|
env:
|
||||||
|
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
|
||||||
|
with:
|
||||||
|
files: |
|
||||||
|
electron-app/out/**/*.deb
|
||||||
|
electron-app/out/**/*.dmg
|
||||||
|
electron-app/out/**/*Setup.exe
|
||||||
|
electron-app/out/**/*.rpm
|
||||||
|
electron-app/out/**/*.zip
|
BIN
assets/certs/apple.cer
Normal file
BIN
assets/certs/apple.cer
Normal file
Binary file not shown.
BIN
assets/certs/dac.cer
Normal file
BIN
assets/certs/dac.cer
Normal file
Binary file not shown.
16
assets/entitlements.plist
Normal file
16
assets/entitlements.plist
Normal file
|
@ -0,0 +1,16 @@
|
||||||
|
<?xml version="1.0" encoding="UTF-8"?>
|
||||||
|
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
|
||||||
|
<plist version="1.0">
|
||||||
|
<dict>
|
||||||
|
<key>com.apple.security.cs.allow-jit</key>
|
||||||
|
<true/>
|
||||||
|
<key>com.apple.security.cs.allow-unsigned-executable-memory</key>
|
||||||
|
<true/>
|
||||||
|
<key>com.apple.security.cs.disable-library-validation</key>
|
||||||
|
<true/>
|
||||||
|
<key>com.apple.security.cs.disable-executable-page-protection</key>
|
||||||
|
<true/>
|
||||||
|
<key>com.apple.security.automation.apple-events</key>
|
||||||
|
<true/>
|
||||||
|
</dict>
|
||||||
|
</plist>
|
|
@ -1,10 +1,17 @@
|
||||||
const path = require('path');
|
const path = require('path');
|
||||||
|
const fs = require('fs');
|
||||||
const package = require('./package.json');
|
const package = require('./package.json');
|
||||||
|
|
||||||
|
if (process.env['WINDOWS_CODESIGN_FILE']) {
|
||||||
|
const certPath = path.join(__dirname, 'win-certificate.pfx');
|
||||||
|
const certExists = fs.existsSync(certPath);
|
||||||
|
|
||||||
|
if (certExists) {
|
||||||
|
process.env['WINDOWS_CODESIGN_FILE'] = certPath;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
module.exports = {
|
module.exports = {
|
||||||
hooks: {
|
|
||||||
postPackage: require('./tools/notarize')
|
|
||||||
},
|
|
||||||
packagerConfig: {
|
packagerConfig: {
|
||||||
asar: false,
|
asar: false,
|
||||||
icon: path.resolve(__dirname, 'assets', 'icon'),
|
icon: path.resolve(__dirname, 'assets', 'icon'),
|
||||||
|
@ -18,10 +25,14 @@ module.exports = {
|
||||||
identity: 'Developer ID Application: Felix Rieseberg (LT94ZKYDCJ)',
|
identity: 'Developer ID Application: Felix Rieseberg (LT94ZKYDCJ)',
|
||||||
'hardened-runtime': true,
|
'hardened-runtime': true,
|
||||||
'gatekeeper-assess': false,
|
'gatekeeper-assess': false,
|
||||||
'entitlements': 'static/entitlements.plist',
|
'entitlements': 'assets/entitlements.plist',
|
||||||
'entitlements-inherit': 'static/entitlements.plist',
|
'entitlements-inherit': 'assets/entitlements.plist',
|
||||||
'signature-flags': 'library'
|
'signature-flags': 'library'
|
||||||
},
|
},
|
||||||
|
osxNotarize: {
|
||||||
|
appleId: process.env['APPLE_ID'],
|
||||||
|
appleIdPassword: process.env['APPLE_ID_PASSWORD']
|
||||||
|
},
|
||||||
ignore: [
|
ignore: [
|
||||||
/\/assets(\/?)/,
|
/\/assets(\/?)/,
|
||||||
/\/docs(\/?)/,
|
/\/docs(\/?)/,
|
||||||
|
@ -46,8 +57,8 @@ module.exports = {
|
||||||
remoteReleases: '',
|
remoteReleases: '',
|
||||||
setupExe: `macintoshjs-${package.version}-setup-${arch}.exe`,
|
setupExe: `macintoshjs-${package.version}-setup-${arch}.exe`,
|
||||||
setupIcon: path.resolve(__dirname, 'assets', 'icon.ico'),
|
setupIcon: path.resolve(__dirname, 'assets', 'icon.ico'),
|
||||||
certificateFile: process.env.WINDOWS_CERTIFICATE_FILE,
|
certificateFile: process.env['WINDOWS_CODESIGN_FILE'],
|
||||||
certificatePassword: process.env.WINDOWS_CERTIFICATE_PASSWORD,
|
certificatePassword: process.env['WINDOWS_CODESIGN_PASSWORD'],
|
||||||
loadingGif: './assets/loadingGif.gif',
|
loadingGif: './assets/loadingGif.gif',
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
23
tools/add-macos-cert.sh
Normal file
23
tools/add-macos-cert.sh
Normal file
|
@ -0,0 +1,23 @@
|
||||||
|
#!/usr/bin/env sh
|
||||||
|
|
||||||
|
KEY_CHAIN=build.keychain
|
||||||
|
MACOS_CERT_P12_FILE=certificate.p12
|
||||||
|
|
||||||
|
# Recreate the certificate from the secure environment variable
|
||||||
|
echo $MACOS_CERT_P12 | base64 --decode > $MACOS_CERT_P12_FILE
|
||||||
|
|
||||||
|
#create a keychain
|
||||||
|
security create-keychain -p actions $KEY_CHAIN
|
||||||
|
|
||||||
|
# Make the keychain the default so identities are found
|
||||||
|
security default-keychain -s $KEY_CHAIN
|
||||||
|
|
||||||
|
# Unlock the keychain
|
||||||
|
security unlock-keychain -p actions $KEY_CHAIN
|
||||||
|
|
||||||
|
security import $MACOS_CERT_P12_FILE -k $KEY_CHAIN -P $MACOS_CERT_PASSWORD -T /usr/bin/codesign;
|
||||||
|
|
||||||
|
security set-key-partition-list -S apple-tool:,apple: -s -k actions $KEY_CHAIN
|
||||||
|
|
||||||
|
# remove certs
|
||||||
|
rm -fr *.p12
|
3
tools/make-distributable.sh
Normal file
3
tools/make-distributable.sh
Normal file
|
@ -0,0 +1,3 @@
|
||||||
|
#!/bin/bash -xe
|
||||||
|
|
||||||
|
yarn make --skip-package --platform $PLATFORM --targets=@electron-forge/maker-$MAKER
|
|
@ -1,30 +0,0 @@
|
||||||
const { notarize } = require('electron-notarize');
|
|
||||||
const path = require('path');
|
|
||||||
|
|
||||||
const buildOutput = path.resolve(
|
|
||||||
__dirname,
|
|
||||||
'..',
|
|
||||||
'out',
|
|
||||||
'macintosh.js-darwin-x64',
|
|
||||||
'macintosh.js.app'
|
|
||||||
);
|
|
||||||
|
|
||||||
module.exports = function () {
|
|
||||||
if (process.platform !== 'darwin') {
|
|
||||||
console.log('Not a Mac; skipping notarization');
|
|
||||||
return;
|
|
||||||
}
|
|
||||||
|
|
||||||
console.log('Notarizing...');
|
|
||||||
|
|
||||||
return notarize({
|
|
||||||
appBundleId: 'com.felixrieseberg.macintoshjs',
|
|
||||||
appPath: buildOutput,
|
|
||||||
appleId: process.env.APPLE_ID,
|
|
||||||
appleIdPassword: process.env.APPLE_ID_PASSWORD,
|
|
||||||
ascProvider: 'LT94ZKYDCJ'
|
|
||||||
}).catch((e) => {
|
|
||||||
console.error(e);
|
|
||||||
throw e;
|
|
||||||
});
|
|
||||||
}
|
|
Loading…
Reference in New Issue
Block a user