element-desktop/.github/workflows/build_prepare.yaml
Michael Telatynski a0a9ec830c
Build & EV Sign Windows builds (#517
* Add way to provide apple ID and app password to notarise script

* Add utility to generate electron-builder.json for release & nightly builds

* Run Build & Test on staging too

* First attempt at build & deploy for macOS with signing and notarisation

* Fix quote mismatch

* use correct quotes

* add runs-on

* Fix inputs.mode usage

* remove quotes

* chmod +x

* Fix artifact paths

* Fix deploy condition

* Fix deploy condition

* Fix artifact path

* Iterate

* Fix workflow

* Fix env

* Iterate

* Fix missing env

* Fix version calculation

* Iterate

* Fix config not taking effect

* Update build_and_deploy.yaml

* Fix alignments

* delint

* Fix alignment

* Update build_macos.yaml

* Add ability to EV sign using eSigner CKA

* Initial work to build & sign Windows nightlies in CI

* Format

* Format

* Fix gha

* fix winSign

* Fix install command

* Add signtool to path

* Update build_and_deploy.yaml

* Fix quotes

* Test

* Fix comments

* Fix cmd

* Try again

* arg slashes

* Fix exe path

* Fix matrix strategy

* Use ampersand-call

* fwd slash ftw?

* ls *

* 🌲

* tree dist

* prepend path

* Specify /fd and /td to modern signtool

* /tr not /t for CKA

* Test signing

* missing comma

* 🤦‍♂️

* Fix wrong mv

* Lets sign

* Fix config gen

* Debug

* Fix typo

* Multiple drives why

* Try NVL sandbox creds

* Update

* Attempt to disable logger

* Try again

* Iterate

* Update build_macos.yaml

* Update build_and_deploy.yaml

* Update build_macos.yaml

* Update build_and_deploy.yaml

* Update build_and_deploy.yaml

* Try custom build of eSigner CKA

* Fix typos

* Update build_windows.yaml

* Update build_and_deploy.yaml

* Update build_windows.yaml

* Update build_and_deploy.yaml

* Fix symlinking

* Fix working-directory incantation

* exe

* remove debug

* Prettier

* Vendor check in SSL.com executable

* Download CKA from packages.element.io instead

* Use demo creds

* StrictMode

* Switch back to 0207 (unsigned)

* Fix call syntax

* Revert env inc

* Partial rollback

* Trace

* Trace less

* Fix CN being passed wrong

* DEBUG

* Debug 2

* Fix ConvertFrom-StringData

* 0214

* Test

* Test

* Untested

* Revert to 0207

* stash

* Try with 20230221

* Restore scripts/electron_winSign.js

* Prepare for merge

* Update build_windows.yaml

* Update build_and_deploy.yaml

* Restore .github/workflows/build_and_deploy.yaml

* Restore .github/workflows/build_and_deploy.yaml

* Fix bad restore
2023-02-22 13:51:19 +00:00

99 lines
5.0 KiB
YAML

# This action helps perform common actions before the build_* actions are started in parallel.
on:
workflow_call:
inputs:
config:
type: string
required: true
description: "The config directory to use"
version:
type: string
required: false
description: "The version tag to fetch, or 'develop', will pick automatically if not passed"
calculate-nightly-versions:
type: string
required: false
description: "Whether to calculate the version strings new Nightly builds should use"
secrets:
# Required if `calculate-nightly-versions` is set
CF_R2_ACCESS_KEY_ID:
required: false
# Required if `calculate-nightly-versions` is set
CF_R2_TOKEN:
required: false
# Required if `calculate-nightly-versions` is set
CF_R2_S3_API:
required: false
outputs:
macos-version:
description: "The version string the next macOS Nightly should use, only output for calculate-nightly-versions"
value: ${{ jobs.prepare.outputs.macos-version }}
linux-version:
description: "The version string the next Linux Nightly should use, only output for calculate-nightly-versions"
value: ${{ jobs.prepare.outputs.linux-version }}
win32-x64-version:
description: "The version string the next Windows x64 Nightly should use, only output for calculate-nightly-versions"
value: ${{ jobs.prepare.outputs.win32-x64-version }}
win32-x86-version:
description: "The version string the next Windows x86 Nightly should use, only output for calculate-nightly-versions"
value: ${{ jobs.prepare.outputs.win32-x86-version }}
jobs:
prepare:
name: Prepare
environment: ${{ inputs.calculate-nightly-versions && 'packages.element.io' || '' }}
runs-on: ubuntu-latest
outputs:
macos-version: ${{ steps.versions.outputs.macos }}
linux-version: ${{ steps.versions.outputs.linux }}
win32-x64-version: ${{ steps.versions.outputs.win_x64 }}
win32-x86-version: ${{ steps.versions.outputs.win_x86 }}
steps:
- uses: actions/checkout@v3
- uses: actions/setup-node@v3
with:
cache: "yarn"
- name: Install Deps
run: "yarn install --pure-lockfile"
- name: Fetch Element Web
run: yarn run fetch --noverify -d ${{ inputs.config }} ${{ inputs.version }}
# We split this out to save the build_* scripts having to do it to make use of `hashFiles` in the cache action
- name: Generate cache hash files
run: |
yarn run --silent electron --version > electronVersion
cat package.json | jq -c .hakDependencies > hakDependencies.json
- uses: actions/upload-artifact@v3
with:
name: webapp
retention-days: 1
path: |
webapp.asar
package.json
electronVersion
hakDependencies.json
- name: Calculate Nightly versions
id: versions
if: inputs.calculate-nightly-versions
run: |
MACOS=$(aws s3 cp s3://$R2_BUCKET/nightly/update/macos/releases.json - --endpoint-url $R2_URL --region auto | jq -r .currentRelease)
echo "macos=$(scripts/generate-nightly-version.ts --latest $MACOS)" >> $GITHUB_OUTPUT
LINUX=$(aws s3 cp s3://$R2_BUCKET/debian/dists/default/main/binary-amd64/Packages - --endpoint-url $R2_URL --region auto | grep "Package: element-nightly" -A 50 | grep Version -m1 | sed -n 's/Version: //p')
echo "linux=$(scripts/generate-nightly-version.ts --latest $LINUX)" >> $GITHUB_OUTPUT
WINx64=$(aws s3 cp s3://$R2_BUCKET/nightly/update/win32/x64/RELEASES - --endpoint-url $R2_URL --region auto | awk '{print $2}' | cut -d "-" -f 5 | cut -c 8-)
echo "win_x64=$(scripts/generate-nightly-version.ts --latest $WINx64)" >> $GITHUB_OUTPUT
WINx86=$(aws s3 cp s3://$R2_BUCKET/nightly/update/win32/ia32/RELEASES - --endpoint-url $R2_URL --region auto | awk '{print $2}' | cut -d "-" -f 5 | cut -c 8-)
echo "win_x86=$(scripts/generate-nightly-version.ts --latest $WINx86)" >> $GITHUB_OUTPUT
env:
AWS_ACCESS_KEY_ID: ${{ secrets.CF_R2_ACCESS_KEY_ID }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.CF_R2_TOKEN }}
# XXX: UPDATE THIS BEFORE WHEN GOING LIVE
R2_BUCKET: "packages-element-io-test"
R2_URL: ${{ secrets.CF_R2_S3_API }}