mirror of
https://github.com/vector-im/element-desktop.git
synced 2024-07-13 09:44:05 +00:00
145 lines
5.6 KiB
YAML
145 lines
5.6 KiB
YAML
# This workflow relies on actions/cache to store the hak dependency artifacts as they take a long time to build
|
|
# Due to this extra care must be taken to only ever run all build_* scripts against the same branch to ensure
|
|
# the correct cache scoping, and additional care must be taken to not run untrusted actions on the develop branch.
|
|
on:
|
|
workflow_call:
|
|
secrets:
|
|
APPLE_ID:
|
|
required: false
|
|
APPLE_ID_PASSWORD:
|
|
required: false
|
|
APPLE_TEAM_ID:
|
|
required: false
|
|
APPLE_CSC_KEY_PASSWORD:
|
|
required: false
|
|
APPLE_CSC_LINK:
|
|
required: false
|
|
inputs:
|
|
version:
|
|
type: string
|
|
required: false
|
|
description: "Version string to override the one in package.json, used for non-release builds"
|
|
sign:
|
|
type: string
|
|
required: false
|
|
description: "Whether to sign & notarise the build, requires 'packages.element.io' environment"
|
|
base-url:
|
|
type: string
|
|
required: false
|
|
description: "The URL to which the output will be deployed."
|
|
jobs:
|
|
build:
|
|
runs-on: macos-14 # M1
|
|
environment: ${{ inputs.sign && 'packages.element.io' || '' }}
|
|
steps:
|
|
- uses: actions/checkout@v4
|
|
|
|
- uses: actions/download-artifact@v4
|
|
with:
|
|
name: webapp
|
|
|
|
- name: Cache .hak
|
|
id: cache
|
|
uses: actions/cache@v4
|
|
with:
|
|
key: ${{ runner.os }}-${{ hashFiles('hakHash', 'electronVersion') }}
|
|
path: |
|
|
./.hak
|
|
|
|
- name: Install Rust
|
|
if: steps.cache.outputs.cache-hit != 'true'
|
|
run: |
|
|
rustup toolchain install stable --profile minimal --no-self-update
|
|
rustup default stable
|
|
rustup target add aarch64-apple-darwin
|
|
rustup target add x86_64-apple-darwin
|
|
|
|
# M1 macos-14 comes without Python preinstalled
|
|
- uses: actions/setup-python@v5
|
|
with:
|
|
python-version: "3.12"
|
|
|
|
- uses: actions/setup-node@v4
|
|
with:
|
|
node-version-file: package.json
|
|
cache: "yarn"
|
|
|
|
# Does not need branch matching as only analyses this layer
|
|
- name: Install Deps
|
|
run: "yarn install --frozen-lockfile"
|
|
|
|
- name: Build Natives
|
|
if: steps.cache.outputs.cache-hit != 'true'
|
|
run: |
|
|
# Python 3.12 drops distutils which keytar relies on
|
|
pip3 install setuptools
|
|
yarn build:native:universal
|
|
|
|
- name: "[Nightly] Resolve version"
|
|
if: inputs.version != ''
|
|
run: |
|
|
echo "ED_NIGHTLY=${{ inputs.version }}" >> $GITHUB_ENV
|
|
|
|
# We split these because electron-builder gets upset if we set CSC_LINK even to an empty string
|
|
- name: "[Signed] Build App"
|
|
if: inputs.sign != ''
|
|
run: |
|
|
yarn build:universal --publish never
|
|
env:
|
|
ED_NOTARYTOOL_TEAM_ID: ${{ secrets.APPLE_TEAM_ID }}
|
|
APPLE_ID: ${{ secrets.APPLE_ID }}
|
|
APPLE_APP_SPECIFIC_PASSWORD: ${{ secrets.APPLE_ID_PASSWORD }}
|
|
CSC_KEY_PASSWORD: ${{ secrets.APPLE_CSC_KEY_PASSWORD }}
|
|
CSC_LINK: ${{ secrets.APPLE_CSC_LINK }}
|
|
|
|
- name: Check app was signed & notarised successfully
|
|
if: inputs.sign != ''
|
|
run: |
|
|
hdiutil attach dist/*.dmg -mountpoint /Volumes/Element
|
|
codesign -dv --verbose=4 /Volumes/Element/*.app
|
|
spctl -a -vvv -t install /Volumes/Element/*.app
|
|
hdiutil detach /Volumes/Element
|
|
|
|
- name: "[Unsigned] Build App"
|
|
if: inputs.sign == ''
|
|
run: |
|
|
yarn build:universal --publish never
|
|
env:
|
|
CSC_IDENTITY_AUTO_DISCOVERY: false
|
|
|
|
- name: Generate releases.json
|
|
if: inputs.base-url
|
|
run: |
|
|
PKG_JSON_VERSION=$(cat package.json | jq -r .version)
|
|
LATEST=$(find dist -type f -iname "*-mac.zip" | xargs -0 -n1 -- basename)
|
|
# Encode spaces in the URL as Squirrel.Mac complains about bad JSON otherwise
|
|
URL="${{ inputs.base-url }}/update/macos/${LATEST// /%20}"
|
|
|
|
jq -n --arg version "${VERSION:-$PKG_JSON_VERSION}" --arg url "$URL" '
|
|
{
|
|
currentRelease: $version,
|
|
releases: [{
|
|
version: $version,
|
|
updateTo: {
|
|
version: $version,
|
|
url: $url,
|
|
},
|
|
}],
|
|
}
|
|
' > dist/releases.json
|
|
jq -n --arg url "$URL" '
|
|
{ url: $url }
|
|
' > dist/releases-legacy.json
|
|
env:
|
|
VERSION: ${{ inputs.version }}
|
|
|
|
# We exclude mac-universal as the unpacked app takes forever to upload and zip and dmg already contains it
|
|
- name: Upload Artifacts
|
|
uses: actions/upload-artifact@v4
|
|
with:
|
|
name: macos
|
|
path: |
|
|
dist
|
|
!dist/mac-universal/**
|
|
retention-days: 1
|