element-desktop/.github/workflows/build_macos.yaml

145 lines
5.6 KiB
YAML
Raw Normal View History

# This workflow relies on actions/cache to store the hak dependency artifacts as they take a long time to build
# Due to this extra care must be taken to only ever run all build_* scripts against the same branch to ensure
# the correct cache scoping, and additional care must be taken to not run untrusted actions on the develop branch.
on:
2022-12-15 11:00:58 +00:00
workflow_call:
secrets:
APPLE_ID:
required: false
APPLE_ID_PASSWORD:
required: false
APPLE_TEAM_ID:
required: false
APPLE_CSC_KEY_PASSWORD:
required: false
APPLE_CSC_LINK:
required: false
inputs:
version:
type: string
required: false
description: "Version string to override the one in package.json, used for non-release builds"
sign:
type: string
required: false
description: "Whether to sign & notarise the build, requires 'packages.element.io' environment"
base-url:
type: string
required: false
description: "The URL to which the output will be deployed."
jobs:
2022-12-15 11:00:58 +00:00
build:
runs-on: macos-14 # M1
environment: ${{ inputs.sign && 'packages.element.io' || '' }}
2022-12-15 11:00:58 +00:00
steps:
- uses: actions/checkout@v4
2022-12-15 11:00:58 +00:00
- uses: actions/download-artifact@v4
2022-12-15 11:00:58 +00:00
with:
name: webapp
- name: Cache .hak
id: cache
uses: actions/cache@v4
2022-12-15 11:00:58 +00:00
with:
key: ${{ runner.os }}-${{ hashFiles('hakHash', 'electronVersion') }}
2022-12-15 11:00:58 +00:00
path: |
./.hak
- name: Install Rust
if: steps.cache.outputs.cache-hit != 'true'
run: |
rustup toolchain install stable --profile minimal --no-self-update
rustup default stable
rustup target add aarch64-apple-darwin
rustup target add x86_64-apple-darwin
# M1 macos-14 comes without Python preinstalled
- uses: actions/setup-python@v5
with:
python-version: "3.12"
2022-12-15 11:00:58 +00:00
- uses: actions/setup-node@v4
2022-12-15 11:00:58 +00:00
with:
node-version-file: package.json
2022-12-15 11:00:58 +00:00
cache: "yarn"
# Does not need branch matching as only analyses this layer
- name: Install Deps
run: "yarn install --frozen-lockfile"
2022-12-15 11:00:58 +00:00
- name: Build Natives
if: steps.cache.outputs.cache-hit != 'true'
run: |
# Python 3.12 drops distutils which keytar relies on
pip3 install setuptools
yarn build:native:universal
2022-12-15 11:00:58 +00:00
Build & EV Sign Windows builds (#517 * Add way to provide apple ID and app password to notarise script * Add utility to generate electron-builder.json for release & nightly builds * Run Build & Test on staging too * First attempt at build & deploy for macOS with signing and notarisation * Fix quote mismatch * use correct quotes * add runs-on * Fix inputs.mode usage * remove quotes * chmod +x * Fix artifact paths * Fix deploy condition * Fix deploy condition * Fix artifact path * Iterate * Fix workflow * Fix env * Iterate * Fix missing env * Fix version calculation * Iterate * Fix config not taking effect * Update build_and_deploy.yaml * Fix alignments * delint * Fix alignment * Update build_macos.yaml * Add ability to EV sign using eSigner CKA * Initial work to build & sign Windows nightlies in CI * Format * Format * Fix gha * fix winSign * Fix install command * Add signtool to path * Update build_and_deploy.yaml * Fix quotes * Test * Fix comments * Fix cmd * Try again * arg slashes * Fix exe path * Fix matrix strategy * Use ampersand-call * fwd slash ftw? * ls * * 🌲 * tree dist * prepend path * Specify /fd and /td to modern signtool * /tr not /t for CKA * Test signing * missing comma * 🤦‍♂️ * Fix wrong mv * Lets sign * Fix config gen * Debug * Fix typo * Multiple drives why * Try NVL sandbox creds * Update * Attempt to disable logger * Try again * Iterate * Update build_macos.yaml * Update build_and_deploy.yaml * Update build_macos.yaml * Update build_and_deploy.yaml * Update build_and_deploy.yaml * Try custom build of eSigner CKA * Fix typos * Update build_windows.yaml * Update build_and_deploy.yaml * Update build_windows.yaml * Update build_and_deploy.yaml * Fix symlinking * Fix working-directory incantation * exe * remove debug * Prettier * Vendor check in SSL.com executable * Download CKA from packages.element.io instead * Use demo creds * StrictMode * Switch back to 0207 (unsigned) * Fix call syntax * Revert env inc * Partial rollback * Trace * Trace less * Fix CN being passed wrong * DEBUG * Debug 2 * Fix ConvertFrom-StringData * 0214 * Test * Test * Untested * Revert to 0207 * stash * Try with 20230221 * Restore scripts/electron_winSign.js * Prepare for merge * Update build_windows.yaml * Update build_and_deploy.yaml * Restore .github/workflows/build_and_deploy.yaml * Restore .github/workflows/build_and_deploy.yaml * Fix bad restore
2023-02-22 13:51:19 +00:00
- name: "[Nightly] Resolve version"
if: inputs.version != ''
run: |
echo "ED_NIGHTLY=${{ inputs.version }}" >> $GITHUB_ENV
2023-01-31 15:49:41 +00:00
# We split these because electron-builder gets upset if we set CSC_LINK even to an empty string
Build & EV Sign Windows builds (#517 * Add way to provide apple ID and app password to notarise script * Add utility to generate electron-builder.json for release & nightly builds * Run Build & Test on staging too * First attempt at build & deploy for macOS with signing and notarisation * Fix quote mismatch * use correct quotes * add runs-on * Fix inputs.mode usage * remove quotes * chmod +x * Fix artifact paths * Fix deploy condition * Fix deploy condition * Fix artifact path * Iterate * Fix workflow * Fix env * Iterate * Fix missing env * Fix version calculation * Iterate * Fix config not taking effect * Update build_and_deploy.yaml * Fix alignments * delint * Fix alignment * Update build_macos.yaml * Add ability to EV sign using eSigner CKA * Initial work to build & sign Windows nightlies in CI * Format * Format * Fix gha * fix winSign * Fix install command * Add signtool to path * Update build_and_deploy.yaml * Fix quotes * Test * Fix comments * Fix cmd * Try again * arg slashes * Fix exe path * Fix matrix strategy * Use ampersand-call * fwd slash ftw? * ls * * 🌲 * tree dist * prepend path * Specify /fd and /td to modern signtool * /tr not /t for CKA * Test signing * missing comma * 🤦‍♂️ * Fix wrong mv * Lets sign * Fix config gen * Debug * Fix typo * Multiple drives why * Try NVL sandbox creds * Update * Attempt to disable logger * Try again * Iterate * Update build_macos.yaml * Update build_and_deploy.yaml * Update build_macos.yaml * Update build_and_deploy.yaml * Update build_and_deploy.yaml * Try custom build of eSigner CKA * Fix typos * Update build_windows.yaml * Update build_and_deploy.yaml * Update build_windows.yaml * Update build_and_deploy.yaml * Fix symlinking * Fix working-directory incantation * exe * remove debug * Prettier * Vendor check in SSL.com executable * Download CKA from packages.element.io instead * Use demo creds * StrictMode * Switch back to 0207 (unsigned) * Fix call syntax * Revert env inc * Partial rollback * Trace * Trace less * Fix CN being passed wrong * DEBUG * Debug 2 * Fix ConvertFrom-StringData * 0214 * Test * Test * Untested * Revert to 0207 * stash * Try with 20230221 * Restore scripts/electron_winSign.js * Prepare for merge * Update build_windows.yaml * Update build_and_deploy.yaml * Restore .github/workflows/build_and_deploy.yaml * Restore .github/workflows/build_and_deploy.yaml * Fix bad restore
2023-02-22 13:51:19 +00:00
- name: "[Signed] Build App"
2023-01-31 16:10:51 +00:00
if: inputs.sign != ''
run: |
yarn build:universal --publish never
env:
ED_NOTARYTOOL_TEAM_ID: ${{ secrets.APPLE_TEAM_ID }}
APPLE_ID: ${{ secrets.APPLE_ID }}
APPLE_APP_SPECIFIC_PASSWORD: ${{ secrets.APPLE_ID_PASSWORD }}
CSC_KEY_PASSWORD: ${{ secrets.APPLE_CSC_KEY_PASSWORD }}
CSC_LINK: ${{ secrets.APPLE_CSC_LINK }}
2023-01-31 15:49:41 +00:00
- name: Check app was signed & notarised successfully
if: inputs.sign != ''
run: |
hdiutil attach dist/*.dmg -mountpoint /Volumes/Element
codesign -dv --verbose=4 /Volumes/Element/*.app
spctl -a -vvv -t install /Volumes/Element/*.app
hdiutil detach /Volumes/Element
Build & EV Sign Windows builds (#517 * Add way to provide apple ID and app password to notarise script * Add utility to generate electron-builder.json for release & nightly builds * Run Build & Test on staging too * First attempt at build & deploy for macOS with signing and notarisation * Fix quote mismatch * use correct quotes * add runs-on * Fix inputs.mode usage * remove quotes * chmod +x * Fix artifact paths * Fix deploy condition * Fix deploy condition * Fix artifact path * Iterate * Fix workflow * Fix env * Iterate * Fix missing env * Fix version calculation * Iterate * Fix config not taking effect * Update build_and_deploy.yaml * Fix alignments * delint * Fix alignment * Update build_macos.yaml * Add ability to EV sign using eSigner CKA * Initial work to build & sign Windows nightlies in CI * Format * Format * Fix gha * fix winSign * Fix install command * Add signtool to path * Update build_and_deploy.yaml * Fix quotes * Test * Fix comments * Fix cmd * Try again * arg slashes * Fix exe path * Fix matrix strategy * Use ampersand-call * fwd slash ftw? * ls * * 🌲 * tree dist * prepend path * Specify /fd and /td to modern signtool * /tr not /t for CKA * Test signing * missing comma * 🤦‍♂️ * Fix wrong mv * Lets sign * Fix config gen * Debug * Fix typo * Multiple drives why * Try NVL sandbox creds * Update * Attempt to disable logger * Try again * Iterate * Update build_macos.yaml * Update build_and_deploy.yaml * Update build_macos.yaml * Update build_and_deploy.yaml * Update build_and_deploy.yaml * Try custom build of eSigner CKA * Fix typos * Update build_windows.yaml * Update build_and_deploy.yaml * Update build_windows.yaml * Update build_and_deploy.yaml * Fix symlinking * Fix working-directory incantation * exe * remove debug * Prettier * Vendor check in SSL.com executable * Download CKA from packages.element.io instead * Use demo creds * StrictMode * Switch back to 0207 (unsigned) * Fix call syntax * Revert env inc * Partial rollback * Trace * Trace less * Fix CN being passed wrong * DEBUG * Debug 2 * Fix ConvertFrom-StringData * 0214 * Test * Test * Untested * Revert to 0207 * stash * Try with 20230221 * Restore scripts/electron_winSign.js * Prepare for merge * Update build_windows.yaml * Update build_and_deploy.yaml * Restore .github/workflows/build_and_deploy.yaml * Restore .github/workflows/build_and_deploy.yaml * Fix bad restore
2023-02-22 13:51:19 +00:00
- name: "[Unsigned] Build App"
2023-01-31 16:10:51 +00:00
if: inputs.sign == ''
2023-01-31 15:49:41 +00:00
run: |
yarn build:universal --publish never
2023-01-31 15:49:41 +00:00
env:
CSC_IDENTITY_AUTO_DISCOVERY: false
- name: Generate releases.json
if: inputs.base-url
run: |
PKG_JSON_VERSION=$(cat package.json | jq -r .version)
LATEST=$(find dist -type f -iname "*-mac.zip" | xargs -0 -n1 -- basename)
2023-02-27 09:45:54 +00:00
# Encode spaces in the URL as Squirrel.Mac complains about bad JSON otherwise
URL="${{ inputs.base-url }}/update/macos/${LATEST// /%20}"
Build & EV Sign Windows builds (#517 * Add way to provide apple ID and app password to notarise script * Add utility to generate electron-builder.json for release & nightly builds * Run Build & Test on staging too * First attempt at build & deploy for macOS with signing and notarisation * Fix quote mismatch * use correct quotes * add runs-on * Fix inputs.mode usage * remove quotes * chmod +x * Fix artifact paths * Fix deploy condition * Fix deploy condition * Fix artifact path * Iterate * Fix workflow * Fix env * Iterate * Fix missing env * Fix version calculation * Iterate * Fix config not taking effect * Update build_and_deploy.yaml * Fix alignments * delint * Fix alignment * Update build_macos.yaml * Add ability to EV sign using eSigner CKA * Initial work to build & sign Windows nightlies in CI * Format * Format * Fix gha * fix winSign * Fix install command * Add signtool to path * Update build_and_deploy.yaml * Fix quotes * Test * Fix comments * Fix cmd * Try again * arg slashes * Fix exe path * Fix matrix strategy * Use ampersand-call * fwd slash ftw? * ls * * 🌲 * tree dist * prepend path * Specify /fd and /td to modern signtool * /tr not /t for CKA * Test signing * missing comma * 🤦‍♂️ * Fix wrong mv * Lets sign * Fix config gen * Debug * Fix typo * Multiple drives why * Try NVL sandbox creds * Update * Attempt to disable logger * Try again * Iterate * Update build_macos.yaml * Update build_and_deploy.yaml * Update build_macos.yaml * Update build_and_deploy.yaml * Update build_and_deploy.yaml * Try custom build of eSigner CKA * Fix typos * Update build_windows.yaml * Update build_and_deploy.yaml * Update build_windows.yaml * Update build_and_deploy.yaml * Fix symlinking * Fix working-directory incantation * exe * remove debug * Prettier * Vendor check in SSL.com executable * Download CKA from packages.element.io instead * Use demo creds * StrictMode * Switch back to 0207 (unsigned) * Fix call syntax * Revert env inc * Partial rollback * Trace * Trace less * Fix CN being passed wrong * DEBUG * Debug 2 * Fix ConvertFrom-StringData * 0214 * Test * Test * Untested * Revert to 0207 * stash * Try with 20230221 * Restore scripts/electron_winSign.js * Prepare for merge * Update build_windows.yaml * Update build_and_deploy.yaml * Restore .github/workflows/build_and_deploy.yaml * Restore .github/workflows/build_and_deploy.yaml * Fix bad restore
2023-02-22 13:51:19 +00:00
jq -n --arg version "${VERSION:-$PKG_JSON_VERSION}" --arg url "$URL" '
{
currentRelease: $version,
releases: [{
version: $version,
updateTo: {
version: $version,
url: $url,
},
}],
}
' > dist/releases.json
jq -n --arg url "$URL" '
{ url: $url }
' > dist/releases-legacy.json
env:
VERSION: ${{ inputs.version }}
# We exclude mac-universal as the unpacked app takes forever to upload and zip and dmg already contains it
2022-12-15 11:00:58 +00:00
- name: Upload Artifacts
uses: actions/upload-artifact@v4
2022-12-15 11:00:58 +00:00
with:
name: macos
path: |
dist
!dist/mac-universal/**
2022-12-15 11:00:58 +00:00
retention-days: 1