Build

Version 1.6.8 #164

Workflow file for this run

	# TODO cache playwright browsers

	name: Build

	# SECURITY Third-party pull requests (thankfully) can't access secrets, so need separate workflow
	on:
	push: {}
	workflow_dispatch:
	inputs:
	run_tests:
	description: Whether to run tests
	required: false
	default: 'true'

	defaults:
	run:
	shell: bash # Windows doesn't default to bash

	jobs:

	audit_code:
	# This is done separately to speed up build, since ok to do in parallel
	name: Audit types & lint
	runs-on: ubuntu-latest
	if: github.event.inputs.run_tests != 'false'
	steps:
	- uses: actions/checkout@v4
	- uses: actions/setup-node@v4
	with:
	node-version: '16'
	cache: 'npm'
	cache-dependency-path: '**/package-lock.json'
	- run: .bin/all_node npm ci
	- run: .bin/audit_lint_errors # TODO Do full linting when ready
	- run: .bin/audit_types
	- run: .bin/audit_test


	build_app_base:
	name: Build app base
	runs-on: ubuntu-latest
	steps:
	- uses: actions/checkout@v4
	- uses: actions/setup-python@v5
	with:
	python-version: '3.11'
	- uses: actions/setup-node@v4
	with:
	node-version: '16'
	cache: 'npm'
	cache-dependency-path: '**/package-lock.json'
	- run: .bin/all_node npm ci
	- run: .bin/build_responder_aws
	- run: .bin/build_displayer
	env:
	VITE_ROLLBAR_DISPLAYER: ${{ secrets.ROLLBAR_DISPLAYER }}
	- run: .bin/build_app
	env:
	VITE_OAUTH_ID_GOOGLE: ${{ secrets.OAUTH_ID_GOOGLE }}
	VITE_OAUTH_ID_MICROSOFT: ${{ secrets.OAUTH_ID_MICROSOFT }}
	VITE_OAUTH_SECRET_GOOGLE: ${{ secrets.OAUTH_SECRET_GOOGLE }}
	VITE_ROLLBAR_APP: ${{ secrets.ROLLBAR_APP }}
	VITE_ROLLBAR_RESPONDER: ${{ secrets.ROLLBAR_RESPONDER }}
	VITE_HOSTED_REGION: us-west-2
	VITE_HOSTED_USER_POOL: us-west-2_35JlR4J4Y
	VITE_HOSTED_USER_POOL_CLIENT: 6go9el36qqr5egm92s20b8fuer
	VITE_HOSTED_IDENTITY_POOL: us-west-2:457eead7-c848-47d1-8f09-81cb85f818d0
	VITE_HOSTED_BUCKET: stello-hosted
	VITE_HOSTED_API: https://api.encrypted.news/
	VITE_HOSTED_DOMAIN_BRANDED: stello.news
	VITE_HOSTED_DOMAIN_UNBRANDED: encrypted.news
	- if: github.event.inputs.run_tests != 'false'
	name: .bin/audit_e2e_displayer
	run: \|
	npx playwright install --with-deps
	.bin/audit_e2e_displayer
	- uses: actions/upload-artifact@v4
	with:
	name: app_base
	path: app/dist


	build_electron:
	name: Package the app with Electron for all OSs
	needs: [build_app_base]
	strategy:
	fail-fast: false
	matrix:
	# WARN macos-14 creates dmg incompatible with OSX 10.11
	os: [ubuntu-latest, macos-13, windows-latest]
	runs-on: ${{ matrix.os }}
	steps:
	- uses: actions/checkout@v4
	- uses: actions/setup-node@v4
	with:
	node-version: '16'
	cache: 'npm'
	cache-dependency-path: '**/package-lock.json'
	- run: npm ci
	env:
	PLAYWRIGHT_SKIP_BROWSER_DOWNLOAD: 1
	- run: npx playwright install --with-deps chromium
	- run: cd electron; npm ci
	- run: .bin/build_electron
	env:
	ROLLBAR_ELECTRON: ${{ secrets.ROLLBAR_ELECTRON }}
	HOSTED_API: https://api.encrypted.news/
	- uses: actions/download-artifact@v4
	with:
	name: app_base
	path: electron/dist/app
	# WARN Electron builder will publish (to proposed) before confirming tests pass
	# TODO Waiting on https://github.com/electron-userland/electron-builder/issues/4535
	- run: .bin/build_electron_package
	env:
	AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
	AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
	# Only mac needs the following
	CSC_LINK: ${{ secrets.APPLE_CERT_P12_BASE64 }}
	CSC_KEY_PASSWORD: abc123 # Public since contents already secret
	APPLE_ID: ${{ secrets.APPLE_ID_EMAIL }}
	APPLE_APP_SPECIFIC_PASSWORD: ${{ secrets.APPLE_APP_SPECIFIC_PASSWORD }}
	APPLE_TEAM_ID: ${{ secrets.APPLE_TEAM_ID }}
	- if: github.event.inputs.run_tests != 'false'
	run: .bin/audit_e2e_electron

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Version 1.6.8 #164

Workflow file

Version 1.6.8 #164

Jobs

Run details

Workflow file for this run