forked from janhq/jan
-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Regression fix assitant extension codesign (janhq#1918)
* Separated build macos arm64 and x86_x64 * Update dependencies jobs name * Remove arch from electron-builder command for mac * Add combine latest-mac.yml jobs * Remove unuse workflow job * Add prefix to install js-yaml * Run merge script from /tmp * workflow update release draft depend on combile-latest-mac * correct template path * upload assert release latest-mac.yml overwrite set to true * upload assert release latest-mac.yml overwrite set to true * Grant permission for combine latest-mac jobs --------- Co-authored-by: Hien To <[email protected]>
- Loading branch information
Showing
7 changed files
with
331 additions
and
13 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -9,8 +9,42 @@ jobs: | |
get-update-version: | ||
uses: ./.github/workflows/template-get-update-version.yml | ||
|
||
build-macos: | ||
uses: ./.github/workflows/template-build-macos.yml | ||
create-draft-release: | ||
runs-on: ubuntu-latest | ||
if: github.event_name == 'push' && startsWith(github.ref, 'refs/tags/') | ||
outputs: | ||
upload_url: ${{ steps.create_release.outputs.upload_url }} | ||
version: ${{ steps.get_version.outputs.version }} | ||
permissions: | ||
contents: write | ||
steps: | ||
- name: Extract tag name without v prefix | ||
id: get_version | ||
run: echo "VERSION=${GITHUB_REF#refs/tags/v}" >> $GITHUB_ENV && echo "::set-output name=version::${GITHUB_REF#refs/tags/v}" | ||
env: | ||
GITHUB_REF: ${{ github.ref }} | ||
- name: Create Draft Release | ||
id: create_release | ||
uses: actions/create-release@v1 | ||
env: | ||
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | ||
with: | ||
tag_name: ${{ github.ref_name }} | ||
release_name: "${{ env.VERSION }}" | ||
draft: true | ||
prerelease: false | ||
|
||
build-macos-x64: | ||
uses: ./.github/workflows/template-build-macos-x64.yml | ||
secrets: inherit | ||
needs: [get-update-version] | ||
with: | ||
ref: ${{ github.ref }} | ||
public_provider: github | ||
new_version: ${{ needs.get-update-version.outputs.new_version }} | ||
|
||
build-macos-arm64: | ||
uses: ./.github/workflows/template-build-macos-arm64.yml | ||
secrets: inherit | ||
needs: [get-update-version] | ||
with: | ||
|
@@ -36,8 +70,52 @@ jobs: | |
public_provider: github | ||
new_version: ${{ needs.get-update-version.outputs.new_version }} | ||
|
||
combine-latest-mac-yml: | ||
needs: [build-macos-x64, build-macos-arm64, create-draft-release] | ||
runs-on: ubuntu-latest | ||
permissions: | ||
contents: write | ||
steps: | ||
- name: Getting the repo | ||
uses: actions/checkout@v3 | ||
|
||
- name: Download mac-x64 artifacts | ||
uses: actions/download-artifact@v3 | ||
with: | ||
name: latest-mac-x64 | ||
path: ./latest-mac-x64 | ||
- name: Download mac-arm artifacts | ||
uses: actions/download-artifact@v3 | ||
with: | ||
name: latest-mac-arm64 | ||
path: ./latest-mac-arm64 | ||
|
||
- name: 'Merge latest-mac.yml' | ||
# unfortunately electron-builder doesn't understand that we have two different releases for mac-x64 and mac-arm, so we need to manually merge the latest files | ||
# see https://github.com/electron-userland/electron-builder/issues/5592 | ||
run: | | ||
ls -la . | ||
ls -la ./latest-mac-x64 | ||
ls -la ./latest-mac-arm64 | ||
ls -la ./electron | ||
cp ./electron/merge-latest-ymls.js /tmp/merge-latest-ymls.js | ||
npm install js-yaml --prefix /tmp | ||
node /tmp/merge-latest-ymls.js ./latest-mac-x64/latest-mac.yml ./latest-mac-arm64/latest-mac.yml ./latest-mac.yml | ||
cat ./latest-mac.yml | ||
- name: Yet Another Upload Release Asset Action | ||
uses: shogo82148/[email protected] | ||
env: | ||
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | ||
with: | ||
upload_url: ${{ needs.create-draft-release.outputs.upload_url }} | ||
asset_path: ./latest-mac.yml | ||
asset_name: latest-mac.yml | ||
asset_content_type: text/yaml | ||
overwrite: true | ||
|
||
update_release_draft: | ||
needs: [build-macos, build-windows-x64, build-linux-x64] | ||
needs: [build-macos-x64, build-macos-arm64, build-windows-x64, build-linux-x64, combine-latest-mac-yml] | ||
permissions: | ||
# write permission is required to create a github release | ||
contents: write | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,160 @@ | ||
name: build-macos | ||
on: | ||
workflow_call: | ||
inputs: | ||
ref: | ||
required: true | ||
type: string | ||
default: 'refs/heads/main' | ||
public_provider: | ||
required: true | ||
type: string | ||
default: none | ||
description: 'none: build only, github: build and publish to github, cloudflare: build and publish to cloudflare' | ||
new_version: | ||
required: true | ||
type: string | ||
default: '' | ||
cloudflare_r2_path: | ||
required: false | ||
type: string | ||
default: '/latest/' | ||
secrets: | ||
CLOUDFLARE_R2_BUCKET_NAME: | ||
required: false | ||
CLOUDFLARE_R2_ACCESS_KEY_ID: | ||
required: false | ||
CLOUDFLARE_R2_SECRET_ACCESS_KEY: | ||
required: false | ||
CLOUDFLARE_ACCOUNT_ID: | ||
required: false | ||
CODE_SIGN_P12_BASE64: | ||
required: false | ||
CODE_SIGN_P12_PASSWORD: | ||
required: false | ||
APPLE_ID: | ||
required: false | ||
APPLE_APP_SPECIFIC_PASSWORD: | ||
required: false | ||
DEVELOPER_ID: | ||
required: false | ||
|
||
jobs: | ||
build-macos: | ||
runs-on: macos-silicon | ||
environment: production | ||
permissions: | ||
contents: write | ||
steps: | ||
- name: Getting the repo | ||
uses: actions/checkout@v3 | ||
with: | ||
ref: ${{ inputs.ref }} | ||
|
||
- name: Installing node | ||
uses: actions/setup-node@v1 | ||
with: | ||
node-version: 20 | ||
- name: Unblock keychain | ||
run: | | ||
security unlock-keychain -p ${{ secrets.KEYCHAIN_PASSWORD }} ~/Library/Keychains/login.keychain-db | ||
# - uses: actions/setup-python@v5 | ||
# with: | ||
# python-version: '3.11' | ||
|
||
# - name: Install jq | ||
# uses: dcarbone/[email protected] | ||
|
||
- name: Update app version based on latest release tag with build number | ||
if: inputs.public_provider != 'github' | ||
run: | | ||
echo "Version: ${{ inputs.new_version }}" | ||
# Update the version in electron/package.json | ||
jq --arg version "${{ inputs.new_version }}" '.version = $version' electron/package.json > /tmp/package.json | ||
mv /tmp/package.json electron/package.json | ||
jq --arg version "${{ inputs.new_version }}" '.version = $version' web/package.json > /tmp/package.json | ||
mv /tmp/package.json web/package.json | ||
jq '.build.publish = [{"provider": "generic", "url": "${{ secrets.CLOUDFLARE_R2_PUBLIC_URL }}", "channel": "latest"}, {"provider": "s3", "bucket": "${{ secrets.CLOUDFLARE_R2_BUCKET_NAME }}", "region": "auto", "endpoint": "https://${{ secrets.CLOUDFLARE_ACCOUNT_ID }}.r2.cloudflarestorage.com", "path": "${{ inputs.cloudflare_r2_path }}", "channel": "latest"}]' electron/package.json > /tmp/package.json | ||
mv /tmp/package.json electron/package.json | ||
cat electron/package.json | ||
- name: Update app version base on tag | ||
if: github.event_name == 'push' && startsWith(github.ref, 'refs/tags/') && inputs.public_provider == 'github' | ||
run: | | ||
if [[ ! "${VERSION_TAG}" =~ ^v[0-9]+\.[0-9]+\.[0-9]+$ ]]; then | ||
echo "Error: Tag is not valid!" | ||
exit 1 | ||
fi | ||
jq --arg version "${VERSION_TAG#v}" '.version = $version' electron/package.json > /tmp/package.json | ||
mv /tmp/package.json electron/package.json | ||
jq --arg version "${VERSION_TAG#v}" '.version = $version' web/package.json > /tmp/package.json | ||
mv /tmp/package.json web/package.json | ||
env: | ||
VERSION_TAG: ${{ inputs.new_version }} | ||
|
||
# - name: Get Cer for code signing | ||
# run: base64 -d <<< "$CODE_SIGN_P12_BASE64" > /tmp/codesign.p12 | ||
# shell: bash | ||
# env: | ||
# CODE_SIGN_P12_BASE64: ${{ secrets.CODE_SIGN_P12_BASE64 }} | ||
|
||
# - uses: apple-actions/import-codesign-certs@v2 | ||
# continue-on-error: true | ||
# with: | ||
# p12-file-base64: ${{ secrets.CODE_SIGN_P12_BASE64 }} | ||
# p12-password: ${{ secrets.CODE_SIGN_P12_PASSWORD }} | ||
|
||
- name: Build and publish app to cloudflare r2 or github artifactory | ||
if: inputs.public_provider != 'github' | ||
run: | | ||
# check public_provider is true or not | ||
echo "public_provider is ${{ inputs.public_provider }}" | ||
if [ "${{ inputs.public_provider }}" == "none" ]; then | ||
make build | ||
else | ||
make build-and-publish | ||
fi | ||
env: | ||
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} | ||
# CSC_LINK: "/tmp/codesign.p12" | ||
# CSC_KEY_PASSWORD: ${{ secrets.CODE_SIGN_P12_PASSWORD }} | ||
# CSC_IDENTITY_AUTO_DISCOVERY: "true" | ||
APPLE_ID: ${{ secrets.APPLE_ID }} | ||
APPLE_APP_SPECIFIC_PASSWORD: ${{ secrets.APPLE_APP_SPECIFIC_PASSWORD }} | ||
APP_PATH: "." | ||
DEVELOPER_ID: ${{ secrets.DEVELOPER_ID }} | ||
AWS_ACCESS_KEY_ID: ${{ secrets.CLOUDFLARE_R2_ACCESS_KEY_ID }} | ||
AWS_SECRET_ACCESS_KEY: ${{ secrets.CLOUDFLARE_R2_SECRET_ACCESS_KEY }} | ||
AWS_DEFAULT_REGION: auto | ||
AWS_EC2_METADATA_DISABLED: "true" | ||
|
||
- name: Build and publish app to github | ||
if: github.event_name == 'push' && startsWith(github.ref, 'refs/tags/') && inputs.public_provider == 'github' | ||
run: | | ||
make build-and-publish | ||
env: | ||
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} | ||
# CSC_LINK: "/tmp/codesign.p12" | ||
# CSC_KEY_PASSWORD: ${{ secrets.CODE_SIGN_P12_PASSWORD }} | ||
# CSC_IDENTITY_AUTO_DISCOVERY: "true" | ||
APPLE_ID: ${{ secrets.APPLE_ID }} | ||
APPLE_APP_SPECIFIC_PASSWORD: ${{ secrets.APPLE_APP_SPECIFIC_PASSWORD }} | ||
APP_PATH: "." | ||
DEVELOPER_ID: ${{ secrets.DEVELOPER_ID }} | ||
ANALYTICS_ID: ${{ secrets.JAN_APP_UMAMI_PROJECT_API_KEY }} | ||
ANALYTICS_HOST: ${{ secrets.JAN_APP_UMAMI_URL }} | ||
|
||
- name: Upload Artifact | ||
if: inputs.public_provider != 'github' | ||
uses: actions/upload-artifact@v2 | ||
with: | ||
name: jan-mac-arm64-${{ inputs.new_version }} | ||
path: ./electron/dist/jan-mac-arm64-${{ inputs.new_version }}.dmg | ||
|
||
- name: Upload Artifact | ||
uses: actions/upload-artifact@v2 | ||
with: | ||
name: latest-mac-arm64 | ||
path: ./electron/dist/latest-mac.yml |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,27 @@ | ||
const yaml = require('js-yaml') | ||
const fs = require('fs') | ||
|
||
// get two file paths from arguments: | ||
const [, , ...args] = process.argv | ||
const file1 = args[0] | ||
const file2 = args[1] | ||
const file3 = args[2] | ||
|
||
// check that all arguments are present and throw error instead | ||
if (!file1 || !file2 || !file3) { | ||
throw new Error('Please provide 3 file paths as arguments: path to file1, to file2 and destination path') | ||
} | ||
|
||
const doc1 = yaml.load(fs.readFileSync(file1, 'utf8')) | ||
console.log('doc1: ', doc1) | ||
|
||
const doc2 = yaml.load(fs.readFileSync(file2, 'utf8')) | ||
console.log('doc2: ', doc2) | ||
|
||
const merged = { ...doc1, ...doc2 } | ||
merged.files.push(...doc1.files) | ||
|
||
console.log('merged', merged) | ||
|
||
const mergedYml = yaml.dump(merged) | ||
fs.writeFileSync(file3, mergedYml, 'utf8') |
Oops, something went wrong.