Add the auto update for Windows #135
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Build Electron App | |
on: | |
push: | |
branches: | |
- main | |
pull_request: | |
jobs: | |
build-macos: | |
runs-on: macos-latest | |
env: | |
APPLE_ID: ${{ secrets.APPLE_ID }} | |
APPLE_APP_SPECIFIC_PASSWORD: ${{ secrets.APPLE_APP_SPECIFIC_PASSWORD }} | |
APPLE_DEVELOPER_TEAM_ID: ${{ secrets.APPLE_DEVELOPER_TEAM_ID }} | |
DEBUG: electron-osx-sign*,electron-notarize* | |
steps: | |
- name: Check out repository | |
uses: actions/checkout@v3 | |
- name: Set up Node.js | |
uses: actions/setup-node@v3 | |
with: | |
node-version: '20.10.0' | |
- name: Install Python and set up venv | |
run: | | |
brew install [email protected] | |
python3.9 -m venv myenv | |
source myenv/bin/activate | |
python3.9 -m ensurepip | |
python3.9 -m pip install --upgrade pip | |
python3.9 -m pip install setuptools | |
working-directory: ./jccm | |
- name: Install dependencies | |
run: | | |
source myenv/bin/activate | |
npm install | |
working-directory: ./jccm | |
- name: Install appdmg | |
run: | | |
source myenv/bin/activate | |
npm install --save-dev appdmg | |
working-directory: ./jccm | |
- name: Generate Keychain Credentials | |
run: | | |
# Generate keychain name and password dynamically | |
export KEYCHAIN_NAME="build.keychain" | |
export KEYCHAIN_PASSWORD=$(openssl rand -base64 12) | |
# Mask the password to hide it from logs | |
echo "::add-mask::$KEYCHAIN_PASSWORD" | |
# Store them in the GITHUB_ENV to use in later steps | |
echo "KEYCHAIN_NAME=$KEYCHAIN_NAME" >> $GITHUB_ENV | |
echo "KEYCHAIN_PASSWORD=$KEYCHAIN_PASSWORD" >> $GITHUB_ENV | |
- name: Install signing certificate | |
run: | | |
echo "Decode signing certificate..." | |
echo "${{ secrets.SIGNING_CERTIFICATE }}" | base64 --decode > signing_certificate.p12 | |
echo "${{ secrets.INSTALLING_CERTIFICATE }}" | base64 --decode > installing_certificate.p12 | |
echo "Creating keychain..." | |
security create-keychain -p $KEYCHAIN_PASSWORD $KEYCHAIN_NAME | |
echo "Setting default keychain..." | |
security default-keychain -s $KEYCHAIN_NAME | |
echo "Unlocking keychain..." | |
security unlock-keychain -p $KEYCHAIN_PASSWORD $KEYCHAIN_NAME | |
echo "Preventing keychain from locking..." | |
security set-keychain-settings -t 3600 $KEYCHAIN_NAME | |
security show-keychain-info $KEYCHAIN_NAME | |
echo "Showing keychain info..." | |
security show-keychain-info $KEYCHAIN_NAME | |
echo "Importing certificate..." | |
security import signing_certificate.p12 -k $KEYCHAIN_NAME -P "${{ secrets.SIGNING_CERTIFICATE_PASSWORD }}" -T /usr/bin/codesign | |
security import installing_certificate.p12 -k $KEYCHAIN_NAME -P "${{ secrets.INSTALLING_CERTIFICATE_PASSWORD }}" -T /usr/bin/codesign -T /usr/bin/productbuild | |
echo "Listing keychains..." | |
security list-keychains -s $KEYCHAIN_NAME | |
echo "Setting key partition list..." | |
security set-key-partition-list -S apple-tool:,apple: -s -k $KEYCHAIN_PASSWORD $KEYCHAIN_NAME | |
working-directory: ./jccm | |
- name: Build and package (arm64) | |
run: | | |
echo "Unlocking keychain..." | |
security unlock-keychain -p $KEYCHAIN_PASSWORD $KEYCHAIN_NAME | |
security show-keychain-info $KEYCHAIN_NAME | |
source myenv/bin/activate | |
npm run make -- --platform=darwin --arch=arm64 | |
working-directory: ./jccm | |
- name: Build and package (x64) | |
run: | | |
echo "Unlocking keychain..." | |
security unlock-keychain -p $KEYCHAIN_PASSWORD $KEYCHAIN_NAME | |
security show-keychain-info $KEYCHAIN_NAME | |
source myenv/bin/activate | |
npm run make -- --platform=darwin --arch=x64 | |
working-directory: ./jccm | |
- name: Notarize and Staple Packages | |
run: | | |
set -ex # Exit on error and print commands | |
function notarize_and_verify() { | |
architecture=$1 | |
pkg_path="./out/make/jccm-darwin-$architecture.pkg" | |
echo "Unlocking keychain for ${architecture}..." | |
security unlock-keychain -p $KEYCHAIN_PASSWORD $KEYCHAIN_NAME | |
security show-keychain-info $KEYCHAIN_NAME | |
echo "Submitting $pkg_path for Notarization..." | |
xcrun notarytool submit $pkg_path --keychain-profile jccm --wait | |
echo "Stapling the Notarization Ticket to $pkg_path..." | |
xcrun stapler staple $pkg_path | |
echo "Verifying the Notarization of $pkg_path..." | |
spctl -a -t install -vv $pkg_path | |
} | |
# Log in to Notarytool | |
echo "Storing notary credentials..." | |
xcrun notarytool store-credentials jccm --apple-id $APPLE_ID --team-id ${APPLE_DEVELOPER_TEAM_ID} --password ${APPLE_APP_SPECIFIC_PASSWORD} | |
# Notarize and verify for both architectures | |
notarize_and_verify "arm64" | |
notarize_and_verify "x64" | |
set +x # Stop printing commands | |
working-directory: ./jccm | |
- name: Upload macOS artifacts | |
uses: actions/upload-artifact@v3 | |
with: | |
name: macos-installers | |
path: | | |
./jccm/out/make/*.dmg | |
./jccm/out/make/*.pkg | |
./jccm/out/make/zip/darwin/**/*.zip | |
build-windows: | |
runs-on: windows-latest | |
steps: | |
- uses: actions/checkout@v3 | |
- name: Set up Node.js | |
uses: actions/setup-node@v3 | |
with: | |
node-version: '20.10.0' | |
- name: Install dependencies | |
run: npm install | |
working-directory: ./jccm | |
- name: Build and package (x64) | |
run: npm run make -- --platform=win32 --arch=x64 | |
working-directory: ./jccm | |
- name: Sign Artifact with CodeSignTool | |
uses: sslcom/esigner-codesign@develop | |
continue-on-error: true | |
with: | |
command: sign | |
username: ${{secrets.ES_USERNAME}} | |
password: ${{secrets.ES_PASSWORD}} | |
credential_id: ${{secrets.ES_CREDENTIAL_ID}} | |
totp_secret: ${{secrets.ES_TOTP_SECRET}} | |
file_path: jccm/out/make/squirrel.windows/x64/jccm-windows-x64-setup.exe | |
malware_block: false | |
# Overrides the input file after signing, if this parameter is set and no -output_dir_path parameter | |
override: true | |
- name: Upload windows artifacts | |
uses: actions/upload-artifact@v3 | |
with: | |
name: windows-installers | |
path: | | |
./jccm/out/make/squirrel.windows/x64/*.exe | |
build-deb: | |
runs-on: ubuntu-latest | |
env: | |
DEBUG: electron-installer* | |
steps: | |
- name: Checkout code | |
uses: actions/checkout@v3 | |
- name: Install deb tools | |
run: | | |
sudo apt-get update | |
sudo apt-get install -y dpkg fakeroot | |
- name: Set up Node.js | |
uses: actions/setup-node@v3 | |
with: | |
node-version: '20.10.0' | |
- name: Install dependencies | |
working-directory: ./jccm | |
run: npm install | |
- name: Package Electron app (.deb) | |
working-directory: ./jccm | |
run: | | |
npm run make-deb | |
mv out/make/deb/x64/*.deb out/make/deb/x64/jccm-linux-x64.deb | |
ls -alR out/make | |
- name: Archive .deb artifact | |
uses: actions/upload-artifact@v3 | |
with: | |
name: deb-package | |
path: ./jccm/out/make/deb/x64/*.deb | |
build-rpm: | |
runs-on: ubuntu-latest | |
env: | |
DEBUG: electron-installer* | |
steps: | |
- name: Checkout code | |
uses: actions/checkout@v3 | |
- name: Install rpm tools | |
run: | | |
sudo apt-get update | |
sudo apt-get install -y rpm fakeroot alien | |
- name: Set up Node.js | |
uses: actions/setup-node@v3 | |
with: | |
node-version: '20.10.0' | |
- name: Install dependencies | |
working-directory: ./jccm | |
run: npm install | |
- name: Package Electron app (.rpm) | |
working-directory: ./jccm | |
run: | | |
npm run make-deb | |
sudo alien -v -r --scripts out/make/deb/x64/*.deb | |
mkdir -p out/make/rpm/x64 | |
mv *.rpm out/make/rpm/x64/jccm-linux-x64.rpm | |
ls -alR out/make | |
- name: Archive .rpm artifact | |
uses: actions/upload-artifact@v3 | |
with: | |
name: rpm-package | |
path: ./jccm/out/make/rpm/x64/*.rpm | |
release: | |
needs: [build-macos, build-windows, build-deb, build-rpm] | |
runs-on: ubuntu-latest | |
steps: | |
- name: Check out repository | |
uses: actions/checkout@v3 | |
- name: Read version from package.json | |
run: echo "VERSION=$(jq -r '.version' ./jccm/package.json)" >> $GITHUB_ENV | |
- name: Download Artifacts | |
uses: actions/download-artifact@v3 | |
with: | |
path: ./installers | |
- name: Install GitHub CLI | |
run: sudo apt-get install gh | |
- name: Check for existing release and delete if it exists | |
run: | | |
if gh release view ${{ env.VERSION }}; then | |
gh release delete ${{ env.VERSION }} --yes | |
fi | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
- name: Create Release | |
id: create_release | |
uses: actions/[email protected] | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
with: | |
tag_name: ${{ env.VERSION }} | |
release_name: 'Release ${{ env.VERSION }}' | |
draft: false | |
prerelease: false | |
- name: Upload Release Assets | |
run: | | |
find ./installers -type f -exec echo "Uploading {}..." \; -exec gh release upload ${{ env.VERSION }} "{}" --clobber \; | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} |