fixed tag #128
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: 'publish' | |
on: | |
push: | |
branches: | |
- debug/windows-code-signing | |
jobs: | |
publish: | |
strategy: | |
fail-fast: false | |
matrix: | |
platform: [windows-2019] | |
# platform: [macos-11] | |
# platform: [windows-2019, macos-11, ubuntu-22.04] | |
# platform: [windows-2019, ubuntu-22.04] | |
env: | |
MACOSX_DEPLOYMENT_TARGET: 10.13 | |
permissions: | |
contents: write | |
runs-on: ${{ matrix.platform }} | |
steps: | |
- uses: actions/checkout@v2 | |
- name: Setup for macOS code signing | |
if: matrix.platform == 'macos-11' | |
uses: matthme/import-codesign-certs@5565bb656f60c98c8fc515f3444dd8db73545dc2 | |
with: | |
p12-file-base64: ${{ secrets.HBE_APPLE_CERTIFICATE_BASE64 }} | |
p12-password: ${{ secrets.HBE_APPLE_CERTIFICATE_PASS }} | |
- name: setup node | |
uses: actions/setup-node@v1 | |
with: | |
node-version: 20 | |
- name: Retrieve version | |
run: | | |
echo "Retrieved App version: $(node -p -e "require('./package.json').version")" | |
echo "APP_VERSION=$(node -p -e "require('./package.json').version")" >> $GITHUB_OUTPUT | |
id: version | |
shell: bash | |
- name: install Rust | |
uses: dtolnay/[email protected] | |
- name: install Go stable | |
uses: actions/setup-go@v4 | |
with: | |
go-version: 'stable' | |
- name: Environment setup | |
run: | | |
mkdir resources/default-apps | |
mkdir resources/bins | |
yarn setup:release | |
- name: Build zomes | |
run: | | |
rustup target add wasm32-unknown-unknown | |
yarn build:zomes | |
- name: build and upload the app (macOS) | |
if: matrix.platform == 'macos-11' | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
APPLE_DEV_IDENTITY: ${{ secrets.APPLE_DEV_IDENTITY }} | |
APPLE_ID_EMAIL: ${{ secrets.APPLE_ID_EMAIL }} | |
APPLE_ID_PASSWORD: ${{ secrets.APPLE_ID_PASSWORD }} | |
APPLE_TEAM_ID: ${{ secrets.APPLE_TEAM_ID }} | |
DEBUG: electron-osx-sign*,electron-notarize* | |
run: | | |
yarn build:mac | |
ls dist | |
- name: build and upload the app (Ubuntu 22.04) | |
if: matrix.platform == 'ubuntu-22.04' | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
run: | | |
yarn build:linux | |
ls dist | |
- name: build, sign and upload the app (Windows) | |
shell: bash | |
if: matrix.platform == 'windows-2019' | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
run: | | |
# Retry 5 times on Windows due to weird flaky issue | |
yarn build:win || yarn build:win || yarn build:win || yarn build:win || yarn build:win | |
ls dist | |
# Sign the .exe file | |
dotnet tool install --global --version 4.0.1 AzureSignTool | |
echo "sha512 before code signing" | |
CertUtil -hashfile "dist/org.lightningrodlabs.moss-0.12-${{ steps.version.outputs.APP_VERSION }}-setup.exe" SHA512 | |
AzureSignTool sign -kvu "${{ secrets.AZURE_KEY_VAULT_URI }}" -kvi "${{ secrets.AZURE_CLIENT_ID }}" -kvt "${{ secrets.AZURE_TENANT_ID }}" -kvs "${{ secrets.AZURE_CLIENT_SECRET }}" -kvc ${{ secrets.AZURE_CERT_NAME }} -tr http://timestamp.digicert.com -v "dist/org.lightningrodlabs.moss-0.12-${{ steps.version.outputs.APP_VERSION }}-setup.exe" | |
echo "sha512 after code signing" | |
CertUtil -hashfile "dist/org.lightningrodlabs.moss-0.12-${{ steps.version.outputs.APP_VERSION }}-setup.exe" SHA512 | |
# Overwrite the latest.yml one with one containing the sha512 of the code signed .exe file | |
node ./scripts/latest-yaml.js | |
gh release upload "v${{ steps.version.outputs.APP_VERSION }}" "latest.yml" --clobber | |
gh release upload "v${{ steps.version.outputs.APP_VERSION }}" "dist/org.lightningrodlabs.moss-0.12-${{ steps.version.outputs.APP_VERSION }}-setup.exe" --clobber |