Show device token while signing in #1855
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: build-publish-apps | |
| on: | |
| pull_request: | |
| push: | |
| branches: | |
| - main | |
| release: | |
| types: [published] | |
| schedule: | |
| - cron: '0 4 * * *' | |
| # Daily at 04:00 AM UTC | |
| # Will checkout the last commit from the default branch (main as of 2023-10-04) | |
| env: | |
| CUT_RELEASE_PR: ${{ github.event_name == 'pull_request' && (contains(github.event.pull_request.title, 'Cut release v')) }} | |
| BUILD_RELEASE: ${{ github.event_name == 'release' || github.event_name == 'schedule' || github.event_name == 'pull_request' && (contains(github.event.pull_request.title, 'Cut release v')) }} | |
| concurrency: | |
| group: ${{ github.workflow }}-${{ github.head_ref || github.run_id }} | |
| cancel-in-progress: true | |
| jobs: | |
| prepare-files: | |
| runs-on: ubuntu-22.04 # seperate job on Ubuntu for easy string manipulations (compared to Windows) | |
| outputs: | |
| version: ${{ steps.export_version.outputs.version }} | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - uses: actions/setup-node@v4 | |
| with: | |
| node-version-file: '.nvmrc' | |
| cache: 'yarn' | |
| - run: yarn install | |
| - name: Setup Rust | |
| uses: dtolnay/rust-toolchain@stable | |
| - uses: Swatinem/rust-cache@v2 | |
| with: | |
| workspaces: './src/wasm-lib' | |
| # TODO: see if we can fetch from main instead if no diff at src/wasm-lib | |
| - name: Run build:wasm | |
| run: "yarn build:wasm" | |
| - name: Set nightly version | |
| if: github.event_name == 'schedule' | |
| run: | | |
| VERSION=$(date +'%-y.%-m.%-d') yarn bump-jsons | |
| # TODO: see if we need to inject updater nightly URL here https://dl.zoo.dev/releases/modeling-app/nightly/last_update.json | |
| - uses: actions/upload-artifact@v3 | |
| with: | |
| name: prepared-files | |
| path: | | |
| package.json | |
| src/wasm-lib/pkg/wasm_lib* | |
| - id: export_version | |
| run: echo "version=`cat package.json | jq -r '.version'`" >> "$GITHUB_OUTPUT" | |
| - name: Prepare electron-builder.yml file for updater test | |
| if: ${{ env.CUT_RELEASE_PR == 'true' }} | |
| run: | | |
| yq -i '.publish[0].url = "https://dl.zoo.dev/releases/modeling-app/updater-test"' electron-builder.yml | |
| - uses: actions/upload-artifact@v3 | |
| with: | |
| name: prepared-files-updater-test | |
| path: | | |
| electron-builder.yml | |
| build-apps: | |
| needs: [prepare-files] | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| os: [macos-14, windows-2022, ubuntu-22.04] | |
| runs-on: ${{ matrix.os }} | |
| env: | |
| APPLE_ID: ${{ secrets.APPLE_ID }} | |
| APPLE_PASSWORD: ${{ secrets.APPLE_PASSWORD }} | |
| APPLE_APP_SPECIFIC_PASSWORD: ${{ secrets.APPLE_PASSWORD }} | |
| APPLE_TEAM_ID: ${{ secrets.APPLE_TEAM_ID }} | |
| CSC_LINK: ${{ secrets.APPLE_CERTIFICATE }} | |
| CSC_KEY_PASSWORD: ${{ secrets.APPLE_CERTIFICATE_PASSWORD }} | |
| CSC_KEYCHAIN: ${{ secrets.APPLE_SIGNING_IDENTITY }} | |
| CSC_FOR_PULL_REQUEST: true | |
| VERSION: ${{ github.event_name == 'schedule' && needs.prepare-files.outputs.version || format('v{0}', needs.prepare-files.outputs.version) }} | |
| VERSION_NO_V: ${{ needs.prepare-files.outputs.version }} | |
| WINDOWS_CERTIFICATE_THUMBPRINT: F4C9A52FF7BC26EE5E054946F6B11DEEA94C748D | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - uses: actions/download-artifact@v3 | |
| name: prepared-files | |
| - name: Copy prepared files | |
| run: | | |
| ls -R prepared-files | |
| cp prepared-files/package.json package.json | |
| cp prepared-files/src/wasm-lib/pkg/wasm_lib_bg.wasm public | |
| mkdir src/wasm-lib/pkg | |
| cp prepared-files/src/wasm-lib/pkg/wasm_lib* src/wasm-lib/pkg | |
| - name: Sync node version and setup cache | |
| uses: actions/setup-node@v4 | |
| with: | |
| node-version-file: '.nvmrc' | |
| cache: 'yarn' # Set this to npm, yarn or pnpm. | |
| - run: yarn install | |
| - run: yarn tronb:vite | |
| - name: Prepare certificate and variables (Windows only) | |
| if: ${{ env.BUILD_RELEASE == 'true' && matrix.os == 'windows-2022' }} | |
| run: | | |
| echo "${{secrets.SM_CLIENT_CERT_FILE_B64 }}" | base64 --decode > /d/Certificate_pkcs12.p12 | |
| cat /d/Certificate_pkcs12.p12 | |
| echo "::set-output name=version::${GITHUB_REF#refs/tags/v}" | |
| echo "SM_HOST=${{ secrets.SM_HOST }}" >> "$GITHUB_ENV" | |
| echo "SM_API_KEY=${{ secrets.SM_API_KEY }}" >> "$GITHUB_ENV" | |
| echo "SM_CLIENT_CERT_FILE=D:\\Certificate_pkcs12.p12" >> "$GITHUB_ENV" | |
| echo "SM_CLIENT_CERT_PASSWORD=${{ secrets.SM_CLIENT_CERT_PASSWORD }}" >> "$GITHUB_ENV" | |
| echo "C:\Program Files (x86)\Windows Kits\10\App Certification Kit" >> $GITHUB_PATH | |
| echo "C:\Program Files (x86)\Microsoft SDKs\Windows\v10.0A\bin\NETFX 4.8 Tools" >> $GITHUB_PATH | |
| echo "C:\Program Files\DigiCert\DigiCert One Signing Manager Tools" >> $GITHUB_PATH | |
| shell: bash | |
| - name: Setup certicate with SSM KSP (Windows only) | |
| if: ${{ env.BUILD_RELEASE == 'true' && matrix.os == 'windows-2022' }} | |
| run: | | |
| curl -X GET https://one.digicert.com/signingmanager/api-ui/v1/releases/smtools-windows-x64.msi/download -H "x-api-key:%SM_API_KEY%" -o smtools-windows-x64.msi | |
| msiexec /i smtools-windows-x64.msi /quiet /qn | |
| smksp_registrar.exe list | |
| smctl.exe keypair ls | |
| C:\Windows\System32\certutil.exe -csp "DigiCert Signing Manager KSP" -key -user | |
| smksp_cert_sync.exe | |
| shell: cmd | |
| - name: Build the app | |
| run: yarn electron-builder --config ${{ env.BUILD_RELEASE && '--publish always' || '' }} | |
| - name: List artifacts in out/ | |
| run: ls -R out | |
| - uses: actions/upload-artifact@v3 | |
| with: | |
| name: out-${{ matrix.os }} | |
| path: | | |
| out/Zoo*.* | |
| out/latest*.yml | |
| # TODO: add the 'Build for Mac TestFlight (nightly)' stage back | |
| - uses: actions/download-artifact@v3 | |
| if: ${{ env.CUT_RELEASE_PR == 'true' }} | |
| name: prepared-files-updater-test | |
| - name: Copy updated electron-builder.yml file for updater test | |
| if: ${{ env.CUT_RELEASE_PR == 'true' }} | |
| run: | | |
| ls -R prepared-files-updater-test | |
| cp prepared-files-updater-test/electron-builder.yml electron-builder.yml | |
| - name: Build the app (updater-test) | |
| if: ${{ env.CUT_RELEASE_PR == 'true' }} | |
| run: yarn electron-builder --config ${{ env.BUILD_RELEASE && '--publish always' || '' }} | |
| - uses: actions/upload-artifact@v3 | |
| if: ${{ env.CUT_RELEASE_PR == 'true' }} | |
| with: | |
| name: updater-test-${{ matrix.os }} | |
| path: | | |
| out/Zoo*.* | |
| out/latest*.yml | |
| publish-apps-release: | |
| runs-on: ubuntu-22.04 | |
| permissions: | |
| contents: write | |
| if: ${{ github.event_name == 'release' || github.event_name == 'schedule' }} | |
| needs: [prepare-files, build-apps] | |
| env: | |
| VERSION_NO_V: ${{ needs.prepare-files.outputs.version }} | |
| VERSION: ${{ github.event_name == 'schedule' && needs.prepare-files.outputs.version || format('v{0}', needs.prepare-files.outputs.version) }} | |
| PUB_DATE: ${{ github.event_name == 'release' && github.event.release.created_at || github.event.repository.updated_at }} | |
| NOTES: ${{ github.event_name == 'release' && github.event.release.body || format('Non-release build, commit {0}', github.sha) }} | |
| BUCKET_DIR: ${{ github.event_name == 'schedule' && 'dl.kittycad.io/releases/modeling-app/nightly' || 'dl.kittycad.io/releases/modeling-app' }} | |
| WEBSITE_DIR: ${{ github.event_name == 'schedule' && 'dl.zoo.dev/releases/modeling-app/nightly' || 'dl.zoo.dev/releases/modeling-app' }} | |
| URL_CODED_NAME: ${{ github.event_name == 'schedule' && 'Zoo%20Modeling%20App%20%28Nightly%29' || 'Zoo%20Modeling%20App' }} | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - uses: actions/download-artifact@v3 | |
| with: | |
| name: out-windows-2022 | |
| path: out | |
| - uses: actions/download-artifact@v3 | |
| with: | |
| name: out-macos-14 | |
| path: out | |
| - uses: actions/download-artifact@v3 | |
| with: | |
| name: out-ubuntu-22.04 | |
| path: out | |
| - name: Generate the download static endpoint | |
| run: | | |
| RELEASE_DIR=https://${WEBSITE_DIR} | |
| jq --null-input \ | |
| --arg version "${VERSION}" \ | |
| --arg pub_date "${PUB_DATE}" \ | |
| --arg notes "${NOTES}" \ | |
| --arg mac_arm64_url "$RELEASE_DIR/${{ env.URL_CODED_NAME }}-${VERSION_NO_V}-arm64-mac.dmg" \ | |
| --arg mac_x64_url "$RELEASE_DIR/${{ env.URL_CODED_NAME }}-${VERSION_NO_V}-x64-mac.dmg" \ | |
| --arg windows_arm64_url "$RELEASE_DIR/${{ env.URL_CODED_NAME }}-${VERSION_NO_V}-arm64-win.exe" \ | |
| --arg windows_x64_url "$RELEASE_DIR/${{ env.URL_CODED_NAME }}-${VERSION_NO_V}-x64-win.exe" \ | |
| --arg linux_arm64_url "$RELEASE_DIR/${{ env.URL_CODED_NAME }}-${VERSION_NO_V}-arm64-linux.AppImage" \ | |
| --arg linux_x64_url "$RELEASE_DIR/${{ env.URL_CODED_NAME }}-${VERSION_NO_V}-x86_64-linux.AppImage" \ | |
| '{ | |
| "version": $version, | |
| "pub_date": $pub_date, | |
| "notes": $notes, | |
| "platforms": { | |
| "dmg-arm64": { | |
| "url": $mac_arm64_url | |
| }, | |
| "dmg-x64": { | |
| "url": $mac_x64_url | |
| }, | |
| "exe-arm64": { | |
| "url": $windows_arm64_url | |
| }, | |
| "exe-x64": { | |
| "url": $windows_x64_url | |
| }, | |
| "appimage-arm64": { | |
| "url": $linux_arm64_url | |
| }, | |
| "appimage-x64": { | |
| "url": $linux_x64_url | |
| } | |
| } | |
| }' > last_download.json | |
| cat last_download.json | |
| - name: List artifacts | |
| run: "ls -R out" | |
| - name: Authenticate to Google Cloud | |
| uses: 'google-github-actions/[email protected]' | |
| with: | |
| credentials_json: '${{ secrets.GOOGLE_CLOUD_DL_SA }}' | |
| - name: Set up Google Cloud SDK | |
| uses: google-github-actions/[email protected] | |
| with: | |
| project_id: ${{ env.GOOGLE_CLOUD_PROJECT_ID }} | |
| - name: Upload release files to public bucket | |
| uses: google-github-actions/[email protected] | |
| with: | |
| path: out | |
| glob: 'Zoo*' | |
| parent: false | |
| destination: ${{ env.BUCKET_DIR }} | |
| - name: Upload update endpoint to public bucket | |
| uses: google-github-actions/[email protected] | |
| with: | |
| path: out | |
| glob: 'latest*' | |
| parent: false | |
| destination: ${{ env.BUCKET_DIR }} | |
| - name: Upload download endpoint to public bucket | |
| uses: google-github-actions/[email protected] | |
| with: | |
| path: last_download.json | |
| destination: ${{ env.BUCKET_DIR }} | |
| - name: Upload release files to Github | |
| if: ${{ github.event_name == 'release' }} | |
| uses: softprops/action-gh-release@v2 | |
| with: | |
| files: 'out/Zoo*' | |
| # TODO: Add GitHub publisher | |
| announce_release: | |
| needs: [publish-apps-release] | |
| runs-on: ubuntu-22.04 | |
| if: github.event_name == 'release' | |
| steps: | |
| - name: Check out code | |
| uses: actions/checkout@v4 | |
| - name: Set up Python | |
| uses: actions/setup-python@v5 | |
| with: | |
| python-version: '3.x' | |
| - name: Install dependencies | |
| run: | | |
| python -m pip install --upgrade pip | |
| pip install requests | |
| - name: Announce Release | |
| env: | |
| DISCORD_WEBHOOK_URL: ${{ secrets.DISCORD_WEBHOOK_URL }} | |
| RELEASE_VERSION: ${{ github.event.release.tag_name }} | |
| RELEASE_BODY: ${{ github.event.release.body}} | |
| run: python public/announce_release.py |