element-desktop/.github/workflows/build_macos.yaml
2023-04-24 12:24:36 +01:00

159 lines
6.6 KiB
YAML

# This workflow relies on actions/cache to store the hak dependency artifacts as they take a long time to build
# Due to this extra care must be taken to only ever run all build_* scripts against the same branch to ensure
# the correct cache scoping, and additional care must be taken to not run untrusted actions on the develop branch.
on:
workflow_call:
secrets:
APPLE_ID:
required: false
APPLE_ID_PASSWORD:
required: false
APPLE_TEAM_ID:
required: false
APPLE_CSC_KEY_PASSWORD:
required: false
APPLE_CSC_LINK:
required: false
inputs:
version:
type: string
required: false
description: "Version string to override the one in package.json, used for non-release builds"
sign:
type: string
required: false
description: "Whether to sign & notarise the build, requires 'packages.element.io' environment"
deploy-mode:
type: boolean
required: false
description: "Whether to arrange artifacts in the arrangement needed for deployment, skipping unrelated ones"
base-url:
type: string
required: false
description: "The URL to which the output will be deployed, required if deploy-mode is enabled."
jobs:
build:
runs-on: macos-latest
environment: ${{ inputs.sign && 'packages.element.io' || '' }}
steps:
- uses: actions/checkout@v3
- uses: actions/download-artifact@v3
with:
name: webapp
- name: Cache .hak
id: cache
uses: actions/cache@v3
with:
key: ${{ runner.os }}-${{ hashFiles('hakDependencies.json', 'electronVersion') }}
path: |
./.hak
- name: Install Rust
if: steps.cache.outputs.cache-hit != 'true'
uses: actions-rs/toolchain@v1
with:
default: true
toolchain: stable
target: aarch64-apple-darwin
- uses: actions/setup-node@v3
with:
cache: "yarn"
# Does not need branch matching as only analyses this layer
- name: Install Deps
run: "yarn install --frozen-lockfile"
- name: Build Natives
if: steps.cache.outputs.cache-hit != 'true'
run: "yarn build:native:universal"
- name: "[Nightly] Resolve version"
id: nightly
if: inputs.version != ''
run: |
echo "config-args=--nightly '${{ inputs.version }}'" >> $GITHUB_OUTPUT
# We split these because electron-builder gets upset if we set CSC_LINK even to an empty string
- name: "[Signed] Build App"
if: inputs.sign != ''
run: |
scripts/generate-builder-config.ts ${{ steps.nightly.outputs.config-args }} --notarytool-team-id='${{ secrets.APPLE_TEAM_ID }}'
yarn build:universal --publish never --config electron-builder.json
env:
APPLE_ID: ${{ secrets.APPLE_ID }}
APPLE_APP_SPECIFIC_PASSWORD: ${{ secrets.APPLE_ID_PASSWORD }}
CSC_KEY_PASSWORD: ${{ secrets.APPLE_CSC_KEY_PASSWORD }}
CSC_LINK: ${{ secrets.APPLE_CSC_LINK }}
- name: Check app was signed & notarised successfully
if: inputs.sign != ''
run: |
hdiutil attach dist/*.dmg
codesign -dv --verbose=4 /Volumes/Element*/*.app
spctl -a -vvv -t install /Volumes/Element*/*.app
hdiutil detach /Volumes/Element*
- name: "[Unsigned] Build App"
if: inputs.sign == ''
run: |
scripts/generate-builder-config.ts ${{ steps.nightly.outputs.config-args }}
yarn build:universal --publish never --config electron-builder.json
env:
CSC_IDENTITY_AUTO_DISCOVERY: false
- name: Prepare artifacts for deployment
if: inputs.deploy-mode
run: |
mv dist _dist
mkdir -p dist/install/macos dist/update/macos
mv _dist/*-mac.zip dist/update/macos/
mv _dist/*.dmg dist/install/macos/
PKG_JSON_VERSION=$(cat package.json | jq -r .version)
LATEST=$(find dist -type f -iname "*-mac.zip" | xargs -0 -n1 -- basename)
# Encode spaces in the URL as Squirrel.Mac complains about bad JSON otherwise
URL="${{ inputs.base-url }}/update/macos/${LATEST// /%20}"
jq -n --arg version "${VERSION:-$PKG_JSON_VERSION}" --arg url "$URL" '
{
currentRelease: $version,
releases: [{
version: $version,
updateTo: {
version: $version,
url: $url,
},
}],
}
' > dist/update/macos/releases.json
jq -n --arg url "$URL" '
{ url: $url }
' > dist/update/macos/releases-legacy.json
env:
VERSION: ${{ inputs.version }}
# We don't wish to store the installer for every nightly ever, so we only keep the latest
- name: "[Nightly] Strip version from installer file"
if: inputs.deploy-mode && inputs.version != ''
run: |
mv dist/install/macos/*.dmg "dist/install/macos/Element Nightly.dmg"
- name: "[Release] Prepare release latest symlink"
if: inputs.deploy-mode && inputs.version == ''
run: |
ln -s "$(find . -type f -iname "*.dmg" | xargs -0 -n1 -- basename)" "Element.dmg"
working-directory: "dist/install/macos"
# We exclude mac-universal as the unpacked app takes forever to upload and zip and dmg already contain it
- name: Upload Artifacts
uses: actions/upload-artifact@v3
with:
name: ${{ inputs.deploy-mode && 'packages.element.io' || 'macos' }}
path: |
dist
!dist/mac-universal/**
retention-days: 1