Skip to content

feat: notarize and staple dockit #96

feat: notarize and staple dockit

feat: notarize and staple dockit #96

Workflow file for this run

name: distributions release
on:
push:
branches: [ master ]
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
jobs:
pre-release:
strategy:
matrix:
os: [ macos-latest, ubuntu-latest, windows-latest ]
node-version: [ 20.x ]
runs-on: ${{ matrix.os }}
steps:
- name: Github checkout
uses: actions/checkout@v4
- name: Install rpm
run: sudo apt-get install -y rpm
if: matrix.os == 'ubuntu-latest'
- name: Use Node.js ${{ matrix.node-version }}
uses: actions/setup-node@v4
with:
node-version: ${{ matrix.node-version }}
cache: 'npm'
- uses: actions/setup-python@v4
with:
python-version: '3.10'
- name: Setup .NET Core SDK
if: matrix.os == 'windows-latest'
uses: actions/setup-dotnet@v2
with:
dotnet-version: 6.0.x
- run: npm ci
- run: npm run package
- name: Build app
shell: bash
run: ./scripts/make-distributions.sh
- name: Sign files with Trusted Signing
if: matrix.os == 'windows-latest'
uses: azure/[email protected]
with:
azure-tenant-id: ${{ secrets.AZURE_TENANT_ID }}
azure-client-id: ${{ secrets.AZURE_CLIENT_ID }}
azure-client-secret: ${{ secrets.AZURE_CLIENT_SECRET }}
endpoint: https://eus.codesigning.azure.net/
trusted-signing-account-name: geek-fun
certificate-profile-name: geek-fun
files-folder: ${{ github.workspace }}\out\make
files-folder-depth: 7
files-folder-filter: exe
file-digest: SHA256
timestamp-rfc3161: http://timestamp.acs.microsoft.com
timestamp-digest: SHA256
- name: Release App to Mac App Store
uses: GuillaumeFalourd/notary-tools@v1
# if: steps.tag_release.outputs.successful
if: matrix.os == 'macos-latest'
with:
product_path: out/make/**/*.dmg
apple_id: ${{ secrets.APPLE_ID }}
apple_id_password: ${{ secrets.APPLE_ID_PASSWORD }}
team_id: ${{ secrets.APPLE_TEAM_ID }}
- name: Upload artifacts
uses: actions/upload-artifact@v4
with:
name: artifacts-${{ matrix.os }}
path: out/make/*
release:
needs: pre-release
runs-on: ubuntu-latest
steps:
- name: Github checkout
uses: actions/checkout@v4
- name: Use Node.js 20.x
uses: actions/setup-node@v4
with:
node-version: 20.x
cache: 'npm'
- name: Generate changelog
uses: jaywcjlove/changelog-generator@main
id: changelog
with:
token: ${{ secrets.GITHUB_TOKEN }}
- name: Download artifacts
uses: actions/download-artifact@v4
with:
path: out/make/
merge-multiple: true
- name: Build Release
uses: jaywcjlove/create-tag-action@main
id: tag_release
with:
prerelease: true
token: ${{ secrets.GITHUB_TOKEN }}
body: |
${{ steps.changelog.outputs.compareurl }}
${{ steps.changelog.outputs.changelog }}
- name: Release App to GitHub
uses: "marvinpinto/action-automatic-releases@latest"
if: steps.tag_release.outputs.successful
with:
prerelease: false
automatic_release_tag: ${{ steps.tag_release.outputs.version }}
repo_token: "${{ secrets.GITHUB_TOKEN }}"
files: |
LICENSE
out/make/**/*.{dmg,rpm,deb,Setup.exe}
- name: Distribute artifacts to R2
uses: ryand56/r2-upload-action@master
if: steps.tag_release.outputs.successful
with:
r2-account-id: ${{ secrets.CLOUDFLARE_ACCOUNT_ID }}
r2-access-key-id: ${{ secrets.CLOUDFLARE_R2_ACCESS_KEY_ID }}
r2-secret-access-key: ${{ secrets.CLOUDFLARE_R2_SECRET_ACCESS_KEY }}
r2-bucket: ${{ secrets.CLOUDFLARE_ARTIFACTS_R2 }}
source-dir: out/make/
destination-dir: dockit