chore: versions and build (#15)

* chore: versions and build

* chore: format

* chore: build

* chore: build

* chore: prettier

* chore: format electron

* chore: git attributes

* chore: format

* chore: build python 11 macos

* chore: build

* chore: try publish

* chore: publish script

* chore: electron scripts

* chore: env

* chore: build GITHUB_TOKEN

* chore: build self hosted windows

* chore: labels

* chore: runs on self hosted

* chore: power shell

* chore: build wind

* chore: windows build

* chore:  build

* chore: build

* chore: delete shell

* chore: shell

* chore: shell

* chore: build

* chore: package

* chore: sign app win

* chore: sign tool

* chore: sign

* chore: build

* chore: build nuclia

* chore: cert

* chore: avoid sign

* chore: publish win

* chore: release

* chore: release

* chore: build release

* chore: release files

* chore: sign win

* chore: sign exe win

* chore: ios release

* chore: build

* chore: build

* echo: build

* chore: build

* chore: use b64

* chore: release actions

* chore: delete unused code

.github/workflows/build-win.yml

@@ -0,0 +1,69 @@
+name: build-windows
+on:
+  push:
+    branches:
+      - main
+
+jobs:
+  build_job:
+    runs-on: self-hosted
+
+    steps:
+    - uses: actions/checkout@v4
+      with:
+        fetch-depth: 0
+    - uses: justincy/[email protected]
+      id: release
+    - uses: actions/setup-node@master
+      with:
+        node-version: 20
+    - name: install dependencies electron-app
+      run: npm install
+      working-directory: electron-app
+
+    - name: install dependencies server
+      run: npm install
+      working-directory: server
+
+    - name: lint/format electron-app
+      env:
+        CI: false
+      run: npm run ci:format
+      working-directory: electron-app
+
+    - name: lint/format server
+      env:
+        CI: false
+      run: npm run ci:format
+      working-directory: server
+
+    - name: test
+      env:
+        CI: false
+      run: npm run test
+      working-directory: server
+
+    - name: compile server
+      env:
+        CI: false
+      run: npm run compile
+      working-directory: server
+
+    - name: build
+      env:
+        GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        CERTIFICATE_PASSWORD: ${{ secrets.CERTIFICATE_PASSWORD }}
+        CERTIFICATE_CONTAINER_ID: ${{ secrets.CERTIFICATE_CONTAINER_ID }}
+        CERTIFICATE_READER: ${{ secrets.CERTIFICATE_READER }}
+      run: |
+        Copy-Item server/src electron-app/src/sync-agent -r
+        npm run make-win
+        & 'C:\Program Files (x86)\Windows Kits\10\bin\10.0.22621.0\x86\signtool.exe' sign /tr http://timestamp.digicert.com /td sha256 /fd sha256 /f C:\Users\user\Documents\nuclia-certificate.cer /csp "eToken Base Cryptographic Provider" /kc "[$env:CERTIFICATE_READER{{$env:CERTIFICATE_PASSWORD}}]=$env:CERTIFICATE_CONTAINER_ID" electron-app/out/make/squirrel.windows/x64/Nuclia-Sync-Setup.exe
+
+    - name: Release Windows installer
+      uses: softprops/action-gh-release@v1
+      if: steps.release.outputs.released == 'true'
+      with:
+        tag_name: ${{ steps.release.outputs.release_id }}
+        files: |
+          C:/Users/user/actions-runner/_work/sync-agent/sync-agent/electron-app/out/make/squirrel.windows/x64/Nuclia-Sync-Setup.exe

.github/workflows/build.yml

@@ -3,37 +3,43 @@ on:
   push:
     branches:
       - main
-  pull_request:
-    branches:
-      - main
+
 jobs:
   build_job:
-    runs-on: ${{ matrix.os }}
+    runs-on: ${{ matrix.os }} 
 
     strategy:
       matrix:
-        os: [ubuntu-latest]
+        os: [macos-latest, ubuntu-latest]
 
     steps:
-    - uses: actions/checkout@v3
+    - uses: actions/checkout@v4
+      with:
+        fetch-depth: 0
+    - uses: justincy/[email protected]
+      id: release
+    - uses: actions/setup-python@v5
+      if: matrix.os == 'macos-latest'
+      with:
+        python-version: '3.11'
     - uses: actions/setup-node@master
       with:
         node-version: 20
-    - name: install dependencies
+    - name: install dependencies electron-app
       run: npm install
       working-directory: electron-app
 
-    - name: install dependencies
+    - name: install dependencies server
       run: npm install
       working-directory: server
 
-    - name: lint/format
+    - name: lint/format electron-app
       env:
         CI: false
       run: npm run ci:format
       working-directory: electron-app
 
-    - name: lint/format
+    - name: lint/format server
       env:
         CI: false
       run: npm run ci:format
@@ -50,8 +56,28 @@ jobs:
         CI: false
       run: npm run compile
       working-directory: server
+    - name: Add MacOS certs
+      if: matrix.os == 'macos-latest' && steps.release.outputs.released == 'true'
+      run: chmod +x add-osx-cert.sh && ./add-osx-cert.sh
+      working-directory: electron-app
+      env:
+        CERTIFICATE_OSX_APPLICATION_BASE64: ${{ secrets.CERTIFICATE_OSX_APPLICATION_BASE64 }}
+        CERTIFICATE_OSX_PASSWORD: ${{ secrets.CERTIFICATE_OSX_PASSWORD }}
+    - name: Prepare for app notarization
+      if: matrix.os == 'macos-latest' && steps.release.outputs.released == 'true'
+      run: |-
+        mkdir -p ~/private_keys/
+        echo '${{ secrets.APPLE_API_SECRET_BASE_64 }}' | base64 --decode > ~/private_keys/AuthKey_${{ secrets.APPLE_API_KEY_ID }}.p8
+    - name: build and publish
+      if: steps.release.outputs.released == 'true'
+      env:
+        GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        APPLE_API_KEY: "~/private_keys/AuthKey_${{ secrets.APPLE_API_KEY_ID }}.p8"
+        APPLE_API_ISSUER: ${{ secrets.APPLE_API_ISSUER }}
+        APPLE_API_KEY_ID: ${{ secrets.APPLE_API_KEY_ID }}
+        CI: false
+      run: npm run publish
 
-    # - name: build
-    #   env:
-    #     CI: false
-    #   run: npm run make
+    - name: build
+      if: steps.release.outputs.released != 'true'
+      run: npm run make

electron-app/.gitattributes

@@ -0,0 +1 @@
+* text=auto eol=lf

electron-app/.prettierignore

@@ -3,4 +3,5 @@ node_modules
 out
 package.json
 package-lock.json
-src/sync-agent
+src/sync-agent
+forge.config.js

electron-app/add-osx-cert.sh

@@ -0,0 +1,23 @@
+#!/usr/bin/env sh
+
+KEY_CHAIN=build.keychain
+CERTIFICATE_P12=certificate.p12
+
+# Recreate the certificate from the secure environment variable
+echo $CERTIFICATE_OSX_APPLICATION_BASE64 | base64 --decode > $CERTIFICATE_P12
+
+#create a keychain
+security create-keychain -p actions $KEY_CHAIN
+
+# Make the keychain the default so identities are found
+security default-keychain -s $KEY_CHAIN
+
+# Unlock the keychain
+security unlock-keychain -p actions $KEY_CHAIN
+
+security import $CERTIFICATE_P12 -k $KEY_CHAIN -P $CERTIFICATE_OSX_PASSWORD -T /usr/bin/codesign;
+
+security set-key-partition-list -S apple-tool:,apple: -s -k actions $KEY_CHAIN
+
+# remove certs
+rm -fr *.p12

electron-app/entitlements.plist

@@ -0,0 +1,16 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
+<plist version="1.0">
+  <dict>
+    <key>com.apple.security.cs.allow-jit</key>
+    <true/>
+    <key>com.apple.security.cs.allow-unsigned-executable-memory</key>
+    <true/>
+    <key>com.apple.security.cs.disable-library-validation</key>
+    <true/>
+    <key>com.apple.security.cs.disable-executable-page-protection</key>
+    <true/>
+    <key>com.apple.security.automation.apple-events</key>
+    <true/>
+  </dict>
+</plist>

electron-app/forge.config.js

@@ -4,6 +4,19 @@ module.exports = {
     icon: 'public/logo.*',
     name: 'Nuclia sync',
     executableName: 'nuclia-sync-agent',
+    osxSign: {
+      entitlements: 'entitlements.plist',
+      'entitlements-inherit': 'entitlements.plist',
+      'gatekeeper-assess': false,
+      hardenedRuntime: true,
+      identity: 'Developer ID Application: BOSUTECH XXI SL (DF2C2RHNCR)',
+    },
+    osxNotarize: {
+      tool: 'notarytool',
+      appleApiKey: process.env.APPLE_API_KEY,
+      appleApiKeyId: process.env.APPLE_API_KEY_ID,
+      appleApiIssuer: process.env.APPLE_API_ISSUER,
+    },
   },
   rebuildConfig: {},
   makers: [
@@ -12,7 +25,7 @@ module.exports = {
       config: {
         // An URL to an ICO file to use as the application icon (displayed in Control Panel > Programs and Features).
         iconUrl: 'https://storage.googleapis.com/iskra/logo.ico',
-        setupExe: `Nuclia-Sync-Setup.exe`,
+        setupExe: 'Nuclia-Sync-Setup.exe',
       },
     },
     {

electron-app/package.json

@@ -9,11 +9,11 @@
     "start": "npm run compile && electron-forge start",
     "package": "electron-forge package",
     "make": "npm run compile && electron-forge make",
-    "publish": "electron-forge publish",
-    "lint": "eslint .",
-    "format:check": "prettier . --check",
-    "format": "prettier . --write",
-    "ci:format": "prettier . --check && eslint ."
+    "publish": "npm run compile && electron-forge publish",
+    "lint": "eslint src/index.ts",
+    "format:check": "prettier src/index.ts --check",
+    "format": "prettier src/index.ts --write",
+    "ci:format": "prettier src/index.ts --check && eslint ."
   },
   "keywords": [],
   "author": {
@@ -32,6 +32,7 @@
     "localstorage-polyfill": "^1.0.1",
     "mime-types": "^2.1.35",
     "rxjs": "^7.8.1",
+    "socks": "^2.7.3",
     "typescript": "^5.2.2",
     "uuid": "^9.0.1",
     "zod": "^3.22.4"

package.json

@@ -6,7 +6,9 @@
   "scripts": {
     "copy-server-to-electron": "rm -rf electron-app/src/sync-agent && cp -r server/src electron-app/src/sync-agent",
     "start": "npm run copy-server-to-electron && cd electron-app && npm run start",
-    "make": "npm run copy-server-to-electron && cd electron-app && npm run make"
+    "make": "npm run copy-server-to-electron && cd electron-app && npm run make",
+    "publish": "npm run copy-server-to-electron && cd electron-app && npm run publish",
+    "make-win": "cd electron-app && npm run make"
   },
   "keywords": [
     "electron",

server/.gitattributes

@@ -0,0 +1 @@
+* text=auto eol=lf