Add windows code sign to CI (#712)
Co-authored-by: Hien To <tominhhien97@gmail.com>
This commit is contained in:
hiento09
GitHub
parent
df1148ee17
commit
beafa676c4
104
.github/workflows/jan-electron-build.yml
vendored
104
.github/workflows/jan-electron-build.yml
vendored
@ -5,8 +5,34 @@ on:
|
||||
tags: ["v[0-9]+.[0-9]+.[0-9]+"]
|
||||
|
||||
jobs:
|
||||
create-draft-release:
|
||||
runs-on: ubuntu-latest
|
||||
if: github.event_name == 'push' && startsWith(github.ref, 'refs/tags/')
|
||||
outputs:
|
||||
upload_url: ${{ steps.create_release.outputs.upload_url }}
|
||||
version: ${{ steps.get_version.outputs.version }}
|
||||
permissions:
|
||||
contents: write
|
||||
steps:
|
||||
- name: Extract tag name without v prefix
|
||||
id: get_version
|
||||
run: echo "VERSION=${GITHUB_REF#refs/tags/v}" >> $GITHUB_ENV && echo "::set-output name=version::${GITHUB_REF#refs/tags/v}"
|
||||
env:
|
||||
GITHUB_REF: ${{ github.ref }}
|
||||
- name: Create Draft Release
|
||||
id: create_release
|
||||
uses: actions/create-release@v1
|
||||
env:
|
||||
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
|
||||
with:
|
||||
tag_name: ${{ github.ref_name }}
|
||||
release_name: "${{ env.VERSION }}"
|
||||
draft: true
|
||||
prerelease: false
|
||||
|
||||
build-macos:
|
||||
runs-on: macos-latest
|
||||
needs: create-draft-release
|
||||
environment: production
|
||||
permissions:
|
||||
contents: write
|
||||
@ -28,7 +54,12 @@ jobs:
|
||||
|
||||
- name: Update app version base on tag
|
||||
run: |
|
||||
make update-app-version
|
||||
if [[ ! "${VERSION_TAG}" =~ ^v[0-9]+\.[0-9]+\.[0-9]+$ ]]; then
|
||||
echo "Error: Tag is not valid!"
|
||||
exit 1
|
||||
fi
|
||||
jq --arg version "${VERSION_TAG#v}" '.version = $version' electron/package.json > /tmp/package.json
|
||||
mv /tmp/package.json electron/package.json
|
||||
env:
|
||||
VERSION_TAG: ${{ steps.tag.outputs.tag }}
|
||||
|
||||
@ -59,6 +90,7 @@ jobs:
|
||||
|
||||
build-windows-x64:
|
||||
runs-on: windows-latest
|
||||
needs: create-draft-release
|
||||
permissions:
|
||||
contents: write
|
||||
steps:
|
||||
@ -80,18 +112,71 @@ jobs:
|
||||
- name: Update app version base on tag
|
||||
shell: bash
|
||||
run: |
|
||||
make update-app-version
|
||||
if [[ ! "${VERSION_TAG}" =~ ^v[0-9]+\.[0-9]+\.[0-9]+$ ]]; then
|
||||
echo "Error: Tag is not valid!"
|
||||
exit 1
|
||||
fi
|
||||
jq --arg version "${VERSION_TAG#v}" '.version = $version' electron/package.json > /tmp/package.json
|
||||
mv /tmp/package.json electron/package.json
|
||||
env:
|
||||
VERSION_TAG: ${{ steps.tag.outputs.tag }}
|
||||
|
||||
- name: Build and publish app
|
||||
- name: Build uikit
|
||||
run: |
|
||||
make build-and-publish
|
||||
cd uikit
|
||||
yarn config set network-timeout 300000
|
||||
yarn install
|
||||
yarn build
|
||||
|
||||
- name: Install yarn dependencies
|
||||
shell: powershell
|
||||
run: |
|
||||
yarn config set network-timeout 300000
|
||||
yarn build:core
|
||||
yarn install
|
||||
$env:NITRO_VERSION = Get-Content .\plugins\inference-plugin\nitro\version.txt; echo $env:NITRO_VERSION
|
||||
yarn build:plugins
|
||||
yarn build
|
||||
|
||||
- name: Windows Code Sign with AzureSignTool
|
||||
run: |
|
||||
dotnet tool install --global AzureSignTool
|
||||
cd ./electron/dist
|
||||
azuresigntool.exe sign -kvu "${{ secrets.AZURE_KEY_VAULT_URI }}" -kvi "${{ secrets.AZURE_CLIENT_ID }}" -kvt "${{ secrets.AZURE_TENANT_ID }}" -kvs "${{ secrets.AZURE_CLIENT_SECRET }}" -kvc ${{ secrets.AZURE_CERT_NAME }} -tr http://timestamp.globalsign.com/tsa/r6advanced1 -v "jan-win-x64-${{ needs.create-draft-release.outputs.version }}.exe"
|
||||
|
||||
- uses: actions/upload-release-asset@v1.0.1
|
||||
if: github.event_name == 'push' && startsWith(github.ref, 'refs/tags/')
|
||||
env:
|
||||
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
|
||||
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
|
||||
with:
|
||||
upload_url: ${{ needs.create-draft-release.outputs.upload_url }}
|
||||
asset_path: ./electron/dist/jan-win-x64-${{ needs.create-draft-release.outputs.version }}.exe
|
||||
asset_name: jan-win-x64-${{ needs.create-draft-release.outputs.version }}.exe
|
||||
asset_content_type: application/octet-stream
|
||||
|
||||
- uses: actions/upload-release-asset@v1.0.1
|
||||
if: github.event_name == 'push' && startsWith(github.ref, 'refs/tags/')
|
||||
env:
|
||||
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
|
||||
with:
|
||||
upload_url: ${{ needs.create-draft-release.outputs.upload_url }}
|
||||
asset_path: ./electron/dist/jan-win-x64-${{ needs.create-draft-release.outputs.version }}.exe.blockmap
|
||||
asset_name: jan-win-x64-${{ needs.create-draft-release.outputs.version }}.exe.blockmap
|
||||
asset_content_type: text/xml
|
||||
|
||||
- uses: actions/upload-release-asset@v1.0.1
|
||||
if: github.event_name == 'push' && startsWith(github.ref, 'refs/tags/')
|
||||
env:
|
||||
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
|
||||
with:
|
||||
upload_url: ${{ needs.create-draft-release.outputs.upload_url }}
|
||||
asset_path: ./electron/dist/latest.yml
|
||||
asset_name: latest.yml
|
||||
asset_content_type: text/yaml
|
||||
|
||||
build-linux-x64:
|
||||
runs-on: ubuntu-latest
|
||||
needs: create-draft-release
|
||||
environment: production
|
||||
env:
|
||||
SNAPCRAFT_STORE_CREDENTIALS: ${{ secrets.SNAPCRAFT_TOKEN }}
|
||||
@ -118,7 +203,12 @@ jobs:
|
||||
|
||||
- name: Update app version base on tag
|
||||
run: |
|
||||
make update-app-version
|
||||
if [[ ! "${VERSION_TAG}" =~ ^v[0-9]+\.[0-9]+\.[0-9]+$ ]]; then
|
||||
echo "Error: Tag is not valid!"
|
||||
exit 1
|
||||
fi
|
||||
jq --arg version "${VERSION_TAG#v}" '.version = $version' electron/package.json > /tmp/package.json
|
||||
mv /tmp/package.json electron/package.json
|
||||
env:
|
||||
VERSION_TAG: ${{ steps.tag.outputs.tag }}
|
||||
|
||||
@ -129,7 +219,7 @@ jobs:
|
||||
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
|
||||
|
||||
update_release_draft:
|
||||
needs: [build-macos, build-windows-x64, build-linux-x64]
|
||||
needs: [build-macos, build-windows-x64, build-linux-x64, create-draft-release]
|
||||
permissions:
|
||||
# write permission is required to create a github release
|
||||
contents: write
|
||||
|
||||
8
Makefile
8
Makefile
@ -11,14 +11,6 @@ ifeq ($(OS),Windows_NT)
|
||||
else
|
||||
cd uikit && yarn install && yarn build
|
||||
endif
|
||||
# Updates the app version based on the tag
|
||||
update-app-version:
|
||||
if [[ ! "${VERSION_TAG}" =~ ^v[0-9]+\.[0-9]+\.[0-9]+$ ]]; then \
|
||||
echo "Error: Tag is not valid!"; \
|
||||
exit 1; \
|
||||
fi
|
||||
jq --arg version "${VERSION_TAG#v}" '.version = $version' electron/package.json > /tmp/package.json
|
||||
mv /tmp/package.json electron/package.json
|
||||
|
||||
# Installs yarn dependencies and builds core and plugins
|
||||
install-and-build: build-uikit
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user