Migrate Project from npm to Yarn #8275
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Package | |
on: | |
pull_request: {} | |
push: | |
branches: | |
- main | |
- release-* | |
tags: | |
- '*' | |
workflow_dispatch: {} | |
defaults: | |
run: | |
shell: bash | |
jobs: | |
package: | |
strategy: | |
matrix: | |
include: | |
- platform: mac | |
arch: x86_64 | |
runs-on: macos-11 | |
- platform: mac | |
arch: aarch64 | |
runs-on: macos-11 | |
- platform: win | |
runs-on: windows-2019 | |
- platform: linux | |
runs-on: ubuntu-20.04 | |
runs-on: ${{ matrix.runs-on }} | |
steps: | |
- uses: actions/checkout@v3 | |
with: | |
persist-credentials: false | |
# Needed to run `git describe` to get full version info | |
fetch-depth: 0 | |
- uses: actions/setup-node@v3 | |
with: | |
node-version: '16.x' | |
- uses: actions/setup-python@v4 | |
with: | |
python-version: '3.x' | |
- uses: actions/setup-go@v4 | |
with: | |
go-version: '^1.18' | |
- name: Install Windows dependencies | |
if: runner.os == 'Windows' | |
shell: powershell | |
run: .\scripts\windows-setup.ps1 -SkipVisualStudio -SkipTools | |
- name: Flag build for M1 | |
if: matrix.arch == 'aarch64' && matrix.platform == 'mac' | |
run: echo "M1=1" >> "${GITHUB_ENV}" | |
- run: yarn config set registry https://registry.npmjs.org | |
- run: yarn install --frozen-lockfile | |
- run: yarn build | |
- run: yarn package -- --${{ matrix.platform }} --publish=never | |
- name: Build bats.tar.gz | |
if: matrix.platform == 'linux' | |
run: make -C bats bats.tar.gz | |
- name: Upload bats.tar.gz | |
uses: actions/upload-artifact@v3 | |
if: matrix.platform == 'linux' | |
with: | |
name: bats.tar.gz | |
path: bats/bats.tar.gz | |
if-no-files-found: error | |
- name: Upload mac disk image | |
uses: actions/upload-artifact@v3 | |
if: matrix.platform == 'mac' | |
with: | |
name: Rancher Desktop.${{ matrix.arch }}.dmg | |
path: dist/Rancher Desktop*.dmg | |
if-no-files-found: error | |
- name: Upload mac zip | |
uses: actions/upload-artifact@v3 | |
if: matrix.platform == 'mac' | |
with: | |
name: Rancher Desktop-mac.${{ matrix.arch }}.zip | |
path: dist/Rancher Desktop*.zip | |
if-no-files-found: error | |
- name: Upload Windows installer | |
uses: actions/upload-artifact@v3 | |
if: matrix.platform == 'win' | |
with: | |
name: Rancher Desktop Setup.msi | |
path: dist/Rancher Desktop*.msi | |
if-no-files-found: error | |
- name: Upload Windows zip | |
uses: actions/upload-artifact@v3 | |
if: matrix.platform == 'win' | |
with: | |
name: Rancher Desktop-win.zip | |
path: dist/Rancher Desktop-*-win.zip | |
if-no-files-found: error | |
- name: Upload Linux zip | |
uses: actions/upload-artifact@v3 | |
if: matrix.platform == 'linux' | |
with: | |
name: Rancher Desktop-linux.zip | |
path: dist/rancher-desktop-*-linux.zip | |
if-no-files-found: error | |
- id: has_s3 | |
name: Check if S3 secrets are available | |
continue-on-error: true | |
if: github.ref_type == 'branch' && ( startsWith(github.ref_name, 'main') || startsWith(github.ref_name, 'release-') ) | |
run: '[[ -n "${key}" ]]' | |
env: | |
key: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
- name: set zip_name env var | |
id: zip_name | |
if: matrix.platform == 'linux' && steps.has_s3.outcome == 'success' | |
run: | | |
# in pull requests GITHUB_REF_NAME is in the form "<pr_number>/merge"; | |
# remove slashes since they aren't valid in filenames | |
no_slash_ref_name="${GITHUB_REF_NAME//\//-/}" | |
zip_name="rancher-desktop-linux-${no_slash_ref_name}.zip" | |
echo "zip_name=${zip_name}" >> "${GITHUB_OUTPUT}" | |
- name: Copy zip file to S3 | |
uses: prewk/s3-cp-action@74701625561055a306f92fa5c18e948f9d14a54a | |
if: matrix.platform == 'linux' && steps.has_s3.outcome == 'success' | |
with: | |
aws_access_key_id: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
aws_secret_access_key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
source: dist/rancher-desktop-*-linux.zip | |
dest: s3://rancher-desktop-assets-for-obs/${{ steps.zip_name.outputs.zip_name }} | |
- name: Trigger OBS services for relevant package in dev channel | |
if: matrix.platform == 'linux' && steps.has_s3.outcome == 'success' | |
run: | | |
curl -X POST \ | |
-H "Authorization: Token ${OBS_WEBHOOK_TOKEN}" \ | |
"https://build.opensuse.org/trigger/runservice?project=isv:Rancher:dev&package=rancher-desktop-${GITHUB_REF_NAME}" | |
env: | |
OBS_WEBHOOK_TOKEN: ${{ secrets.OBS_WEBHOOK_TOKEN }} | |
sign: | |
name: Test Signing | |
needs: package | |
runs-on: windows-2022 | |
if: >- | |
(github.event_name == 'push' && github.ref == 'refs/heads/main') || | |
(github.event_name == 'push' && startsWith(github.ref, 'refs/heads/release-')) || | |
(github.event_name == 'push' && startsWith(github.ref, 'refs/tags')) || | |
(github.event_name == 'workflow_dispatch') | |
permissions: | |
contents: read | |
steps: | |
- uses: actions/checkout@v3 | |
with: | |
persist-credentials: false | |
- name: Install Windows dependencies | |
if: runner.os == 'Windows' | |
shell: powershell | |
run: .\scripts\windows-setup.ps1 -SkipVisualStudio -SkipTools | |
- uses: actions/setup-go@v4 | |
with: | |
go-version: '^1.18' | |
- uses: actions/setup-node@v3 | |
with: | |
node-version: '16.x' | |
- run: yarn install --frozen-lockfile | |
- uses: actions/download-artifact@v3 | |
if: runner.os == 'Windows' | |
with: | |
name: Rancher Desktop-win.zip | |
- if: runner.os == 'Windows' | |
shell: powershell | |
run: | | |
# Generate a test signing certificate | |
$cert = New-SelfSignedCertificate ` | |
-Type Custom ` | |
-Subject "CN=Rancher-Sandbox, C=CA" ` | |
-KeyUsage DigitalSignature ` | |
-CertStoreLocation Cert:\CurrentUser\My ` | |
-FriendlyName "Rancher-Sandbox Code Signing" ` | |
-TextExtension @("2.5.29.37={text}1.3.6.1.5.5.7.3.3", "2.5.29.19={text}") | |
Write-Output $cert | |
$env:CSC_FINGERPRINT = $cert.Thumbprint | |
# Run the signing script | |
yarn sign -- (Get-Item "Rancher Desktop*-win.zip") | |
# Check that the msi file was signed by the expected cert | |
$usedCert = (Get-AuthenticodeSignature -FilePath 'dist\Rancher Desktop Setup*.msi').SignerCertificate | |
Write-Output $usedCert | |
if ($cert -ne $usedCert) { | |
Write-Output "Expected Certificate" $cert "Actual Certificate" $usedCert | |
Throw "Installer signed with wrong certificate" | |
} |