Nicholai/jan
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add windows code sign to CI (#712)

Browse Source 
Co-authored-by: Hien To <tominhhien97@gmail.com>
This commit is contained in:
hiento09 2023-11-24 11:46:39 +07:00 committed by GitHub
parent df1148ee17
commit beafa676c4
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 97 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

104
.github/workflows/jan-electron-build.yml vendored
View File

@ -5,8 +5,34 @@ on:
tags: ["v[0-9]+.[0-9]+.[0-9]+"] tags: ["v[0-9]+.[0-9]+.[0-9]+"]
jobs: jobs:
create-draft-release:
runs-on: ubuntu-latest
if: github.event_name == 'push' && startsWith(github.ref, 'refs/tags/')
outputs:
upload_url: ${{ steps.create_release.outputs.upload_url }}
version: ${{ steps.get_version.outputs.version }}
permissions:
contents: write
steps:
- name: Extract tag name without v prefix
id: get_version
run: echo "VERSION=${GITHUB_REF#refs/tags/v}" >> $GITHUB_ENV && echo "::set-output name=version::${GITHUB_REF#refs/tags/v}"
env:
GITHUB_REF: ${{ github.ref }}
- name: Create Draft Release
id: create_release
uses: actions/create-release@v1
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
tag_name: ${{ github.ref_name }}
release_name: "${{ env.VERSION }}"
draft: true
prerelease: false
build-macos: build-macos:
runs-on: macos-latest runs-on: macos-latest
needs: create-draft-release
environment: production environment: production
permissions: permissions:
contents: write contents: write
@ -28,7 +54,12 @@ jobs:
- name: Update app version base on tag - name: Update app version base on tag
run: | run: |
make update-app-version if [[ ! "${VERSION_TAG}" =~ ^v[0-9]+\.[0-9]+\.[0-9]+$ ]]; then
echo "Error: Tag is not valid!"
exit 1
fi
jq --arg version "${VERSION_TAG#v}" '.version = $version' electron/package.json > /tmp/package.json
mv /tmp/package.json electron/package.json
env: env:
VERSION_TAG: ${{ steps.tag.outputs.tag }} VERSION_TAG: ${{ steps.tag.outputs.tag }}
@ -59,6 +90,7 @@ jobs:
build-windows-x64: build-windows-x64:
runs-on: windows-latest runs-on: windows-latest
needs: create-draft-release
permissions: permissions:
contents: write contents: write
steps: steps:
@ -80,18 +112,71 @@ jobs:
- name: Update app version base on tag - name: Update app version base on tag
shell: bash shell: bash
run: | run: |
make update-app-version if [[ ! "${VERSION_TAG}" =~ ^v[0-9]+\.[0-9]+\.[0-9]+$ ]]; then
echo "Error: Tag is not valid!"
exit 1
fi
jq --arg version "${VERSION_TAG#v}" '.version = $version' electron/package.json > /tmp/package.json
mv /tmp/package.json electron/package.json
env: env:
VERSION_TAG: ${{ steps.tag.outputs.tag }} VERSION_TAG: ${{ steps.tag.outputs.tag }}
- name: Build and publish app - name: Build uikit
run: | run: |
make build-and-publish cd uikit
yarn config set network-timeout 300000
yarn install
yarn build
- name: Install yarn dependencies
shell: powershell
run: |
yarn config set network-timeout 300000
yarn build:core
yarn install
$env:NITRO_VERSION = Get-Content .\plugins\inference-plugin\nitro\version.txt; echo $env:NITRO_VERSION
yarn build:plugins
yarn build
- name: Windows Code Sign with AzureSignTool
run: |
dotnet tool install --global AzureSignTool
cd ./electron/dist
azuresigntool.exe sign -kvu "${{ secrets.AZURE_KEY_VAULT_URI }}" -kvi "${{ secrets.AZURE_CLIENT_ID }}" -kvt "${{ secrets.AZURE_TENANT_ID }}" -kvs "${{ secrets.AZURE_CLIENT_SECRET }}" -kvc ${{ secrets.AZURE_CERT_NAME }} -tr http://timestamp.globalsign.com/tsa/r6advanced1 -v "jan-win-x64-${{ needs.create-draft-release.outputs.version }}.exe"
- uses: actions/upload-release-asset@v1.0.1
if: github.event_name == 'push' && startsWith(github.ref, 'refs/tags/')
env: env:
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
upload_url: ${{ needs.create-draft-release.outputs.upload_url }}
asset_path: ./electron/dist/jan-win-x64-${{ needs.create-draft-release.outputs.version }}.exe
asset_name: jan-win-x64-${{ needs.create-draft-release.outputs.version }}.exe
asset_content_type: application/octet-stream
- uses: actions/upload-release-asset@v1.0.1
if: github.event_name == 'push' && startsWith(github.ref, 'refs/tags/')
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
upload_url: ${{ needs.create-draft-release.outputs.upload_url }}
asset_path: ./electron/dist/jan-win-x64-${{ needs.create-draft-release.outputs.version }}.exe.blockmap
asset_name: jan-win-x64-${{ needs.create-draft-release.outputs.version }}.exe.blockmap
asset_content_type: text/xml
- uses: actions/upload-release-asset@v1.0.1
if: github.event_name == 'push' && startsWith(github.ref, 'refs/tags/')
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
upload_url: ${{ needs.create-draft-release.outputs.upload_url }}
asset_path: ./electron/dist/latest.yml
asset_name: latest.yml
asset_content_type: text/yaml
build-linux-x64: build-linux-x64:
runs-on: ubuntu-latest runs-on: ubuntu-latest
needs: create-draft-release
environment: production environment: production
env: env:
SNAPCRAFT_STORE_CREDENTIALS: ${{ secrets.SNAPCRAFT_TOKEN }} SNAPCRAFT_STORE_CREDENTIALS: ${{ secrets.SNAPCRAFT_TOKEN }}
@ -118,7 +203,12 @@ jobs:
- name: Update app version base on tag - name: Update app version base on tag
run: | run: |
make update-app-version if [[ ! "${VERSION_TAG}" =~ ^v[0-9]+\.[0-9]+\.[0-9]+$ ]]; then
echo "Error: Tag is not valid!"
exit 1
fi
jq --arg version "${VERSION_TAG#v}" '.version = $version' electron/package.json > /tmp/package.json
mv /tmp/package.json electron/package.json
env: env:
VERSION_TAG: ${{ steps.tag.outputs.tag }} VERSION_TAG: ${{ steps.tag.outputs.tag }}
@ -129,7 +219,7 @@ jobs:
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
update_release_draft: update_release_draft:
needs: [build-macos, build-windows-x64, build-linux-x64] needs: [build-macos, build-windows-x64, build-linux-x64, create-draft-release]
permissions: permissions:
# write permission is required to create a github release # write permission is required to create a github release
contents: write contents: write

8
Makefile
View File

@ -11,14 +11,6 @@ ifeq ($(OS),Windows_NT)
else else
cd uikit && yarn install && yarn build cd uikit && yarn install && yarn build
endif endif
# Updates the app version based on the tag
update-app-version:
if [[ ! "${VERSION_TAG}" =~ ^v[0-9]+\.[0-9]+\.[0-9]+$ ]]; then \
echo "Error: Tag is not valid!"; \
exit 1; \
fi
jq --arg version "${VERSION_TAG#v}" '.version = $version' electron/package.json > /tmp/package.json
mv /tmp/package.json electron/package.json
# Installs yarn dependencies and builds core and plugins # Installs yarn dependencies and builds core and plugins
install-and-build: build-uikit install-and-build: build-uikit