release #178
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: release | |
| on: | |
| push: | |
| branches: | |
| - main | |
| release: | |
| types: [published] | |
| workflow_dispatch: | |
| inputs: | |
| dryrun: | |
| description: 'Run in dry-run mode (upload as artifact instead of release asset)' | |
| required: true | |
| type: boolean | |
| default: false | |
| permissions: {} | |
| # Cancel in-progress runs for when multiple PRs get merged | |
| # in quick succession. Ignore this for tag releases though. | |
| concurrency: | |
| group: ${{ github.workflow }}-${{ github.ref }} | |
| cancel-in-progress: ${{ !contains(github.ref, 'tags/')}} | |
| jobs: | |
| build: | |
| name: Build Coder Desktop | |
| runs-on: ${{ github.repository_owner == 'coder' && 'depot-macos-latest' || 'macos-latest'}} | |
| if: ${{ github.repository_owner == 'coder' }} | |
| permissions: | |
| # To upload assets to the release | |
| contents: write | |
| # for GCP auth | |
| id-token: write | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | |
| with: | |
| fetch-depth: 0 | |
| fetch-tags: true | |
| persist-credentials: false | |
| - name: Switch XCode Version | |
| uses: maxim-lobanov/setup-xcode@60606e260d2fc5762a71e64e74b2174e8ea3c8bd # v1.6.0 | |
| with: | |
| xcode-version: "16.0.0" | |
| - name: Setup Nix | |
| uses: ./.github/actions/nix-devshell | |
| - name: Authenticate to Google Cloud | |
| id: gcloud_auth | |
| uses: google-github-actions/auth@71f986410dfbc7added4569d411d040a91dc6935 # v2.1.8 | |
| with: | |
| workload_identity_provider: ${{ secrets.GCP_WORKLOAD_ID_PROVIDER }} | |
| service_account: ${{ secrets.GCP_SERVICE_ACCOUNT }} | |
| token_format: "access_token" | |
| - name: Build | |
| env: | |
| APPLE_DEVELOPER_ID_PKCS12_B64: ${{ secrets.APPLE_DEVELOPER_ID_PKCS12_B64 }} | |
| APPLE_DEVELOPER_ID_PKCS12_PASSWORD: ${{ secrets.APPLE_DEVELOPER_ID_PKCS12_PASSWORD }} | |
| APPLE_INSTALLER_PKCS12_B64: ${{ secrets.APPLE_INSTALLER_PKCS12_B64 }} | |
| APPLE_INSTALLER_PKCS12_PASSWORD: ${{ secrets.APPLE_INSTALLER_PKCS12_PASSWORD }} | |
| APPLE_ID: ${{ secrets.APPLE_NOTARYTOOL_USERNAME }} | |
| APPLE_ID_PASSWORD: ${{ secrets.APPLE_NOTARYTOOL_PASSWORD }} | |
| APP_PROF: ${{ secrets.CODER_DESKTOP_APP_PROVISIONPROFILE_B64 }} | |
| EXT_PROF: ${{ secrets.CODER_DESKTOP_EXTENSION_PROVISIONPROFILE_B64 }} | |
| SPARKLE_PRIVATE_KEY: ${{ secrets.SPARKLE_PRIVATE_KEY }} | |
| run: make release | |
| # Upload as artifact in dry-run mode | |
| - name: Upload Build Artifact | |
| if: ${{ inputs.dryrun }} | |
| uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2 | |
| with: | |
| name: coder-desktop-build | |
| path: ${{ github.workspace }}/outputs/out | |
| retention-days: 7 | |
| # Upload to release in non-dry-run mode | |
| - name: Upload Release Assets | |
| if: ${{ !inputs.dryrun }} | |
| run: gh release upload "$RELEASE_TAG" "$out"/* --clobber | |
| env: | |
| GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| RELEASE_TAG: ${{ github.event_name == 'release' && github.event.release.tag_name || 'preview' }} | |
| - name: Download Appcast | |
| # if: ${{ !inputs.dryrun }} | |
| run: | | |
| gsutil cp "gs://releases.coder.com/coder-desktop/mac/appcast.xml" ./oldappcast.xml | |
| - name: Update Appcast | |
| # if: ${{ !inputs.dryrun }} | |
| run: | | |
| pushd scripts/update-appcast | |
| swift run update-appcast \ | |
| -i ../../oldappcast.xml \ | |
| -s "$out"/Coder-Desktop.pkg.sig \ | |
| -v "$(../version.sh)" \ | |
| -o ../../appcast.xml | |
| -d "$VERSION_DESCRIPTION" | |
| popd | |
| env: | |
| VERSION_DESCRIPTION: ${{ github.event_name == 'release' && github.event.release.body || '' }} | |
| - name: Upload Appcast | |
| # if: ${{ !inputs.dryrun }} | |
| run: | | |
| gsutil -h "Cache-Control:no-cache,max-age=0" cp ./appcast.xml "gs://releases.coder.com/coder-desktop/mac/appcast.xml" | |
| update-cask: | |
| name: Update homebrew-coder cask | |
| runs-on: ${{ github.repository_owner == 'coder' && 'depot-macos-latest' || 'macos-latest'}} | |
| if: ${{ github.repository_owner == 'coder' && !inputs.dryrun }} | |
| needs: build | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | |
| with: | |
| fetch-depth: 0 | |
| fetch-tags: true | |
| persist-credentials: false | |
| - name: Setup Nix | |
| uses: ./.github/actions/nix-devshell | |
| - name: Update homebrew-coder | |
| env: | |
| GH_TOKEN: ${{ secrets.CODERCI_GITHUB_TOKEN }} | |
| RELEASE_TAG: ${{ github.event_name == 'release' && github.event.release.tag_name || 'preview' }} | |
| ASSIGNEE: ${{ github.actor }} | |
| run: | | |
| git config --global user.email "[email protected]" | |
| git config --global user.name "Coder CI" | |
| gh auth setup-git | |
| ./scripts/update-cask.sh --version "$RELEASE_TAG" --assignee "$ASSIGNEE" |