bug:SP-1685 Fixes export setting #96
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Publish | |
| on: | |
| workflow_dispatch: | |
| push: | |
| tags: | |
| - 'v*.*.*' | |
| env: | |
| ARTIFACT_NAME_PREFIX: "sbom-workbench" ##This is the build.artifactName on package.json prefix | |
| jobs: | |
| build_w: | |
| name: "Build for Windows" | |
| runs-on: windows-latest | |
| steps: | |
| - name: Checkout git repo | |
| uses: actions/checkout@v3 | |
| - name: Install Node and NPM | |
| uses: actions/setup-node@v3 | |
| with: | |
| node-version: 16 | |
| cache: npm | |
| - name: Install dependencies | |
| run: | | |
| npm install --legacy-peer-deps | |
| npm run postinstall | |
| npm run build | |
| - name: Build binaries for Windows | |
| run: | | |
| npm exec -- electron-builder build --win --publish never | |
| - uses: actions/upload-artifact@v4 | |
| with: | |
| name: artifact_w_unsigned | |
| path: | | |
| release/build/${{ env.ARTIFACT_NAME_PREFIX }}*.exe | |
| release/build/latest.yml | |
| release/build/*exe.blockmap | |
| build_w_sign: | |
| name: "Sign with CodeSignTool" | |
| needs: [build_w] | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Download artifact W unsigned | |
| uses: actions/download-artifact@v4 | |
| with: | |
| name: artifact_w_unsigned | |
| #This stage locates the unsigned .exe binary and move to win_unsigned folder. | |
| #CodeSignTool does not support reading and writting into the same filepath | |
| - name: Find Windows Artifact Path | |
| id: win-path-artifact | |
| run: | | |
| export WIN_BINARY_FILEPATH=$(ls ${{ env.ARTIFACT_NAME_PREFIX }}*.exe) | |
| mkdir win_unsigned | |
| mv "$WIN_BINARY_FILEPATH" win_unsigned/ | |
| echo "ARTIFACT_WIN_PATH=win_unsigned/$WIN_BINARY_FILEPATH" >> "$GITHUB_OUTPUT" | |
| - name: Sign Windows Artifact with CodeSignTool | |
| uses: sslcom/actions-codesigner@develop | |
| env: | |
| ARTIFACT_WIN_PATH: ${{ steps.win-path-artifact.outputs.ARTIFACT_WIN_PATH }} | |
| with: | |
| command: sign | |
| username: ${{secrets.ES_USERNAME}} | |
| password: ${{secrets.ES_PASSWORD}} | |
| credential_id: ${{secrets.CREDENTIAL_ID}} | |
| totp_secret: ${{secrets.ES_TOTP_SECRET}} | |
| file_path: ${GITHUB_WORKSPACE}/${{ env.ARTIFACT_WIN_PATH }} | |
| output_path: ${GITHUB_WORKSPACE} | |
| - uses: actions/upload-artifact@v4 | |
| with: | |
| name: artifact_w | |
| path: | | |
| ${{ env.ARTIFACT_NAME_PREFIX }}*.exe | |
| latest.yml | |
| *exe.blockmap | |
| build_m: | |
| name: "Build for MacOS" | |
| runs-on: macos-latest | |
| steps: | |
| - name: Checkout git repo | |
| uses: actions/checkout@v3 | |
| - name: Install Node and NPM | |
| uses: actions/setup-node@v3 | |
| with: | |
| node-version: 16 | |
| cache: npm | |
| - name: Install dependencies | |
| run: | | |
| npm install --legacy-peer-deps | |
| npm run postinstall | |
| npm run build | |
| - name: Build Binaries for MacOs & Windows | |
| env: | |
| APPLE_ID: ${{ secrets.APPLE_ID }} | |
| APPLE_ID_PASS: ${{ secrets.APPLE_ID_PASS }} | |
| APPLE_TEAM_ID: ${{ secrets.APPLE_TEAM_ID }} | |
| CSC_LINK: ${{ secrets.CSC_LINK }} | |
| CSC_KEY_PASSWORD: ${{ secrets.CSC_KEY_PASSWORD }} | |
| run: | | |
| npm exec -- electron-builder build --mac --publish never | |
| - uses: actions/upload-artifact@v4 | |
| with: | |
| name: artifact_m | |
| path: | | |
| release/build/${{ env.ARTIFACT_NAME_PREFIX }}*.dmg | |
| release/build/latest-mac.yml | |
| release/build/*dmg.blockmap | |
| build_l: | |
| name: "Build for Linux" | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout git repo | |
| uses: actions/checkout@v3 | |
| - name: Install Node and NPM | |
| uses: actions/setup-node@v3 | |
| with: | |
| node-version: 16 | |
| cache: npm | |
| - name: Install and build | |
| run: | | |
| npm install --legacy-peer-deps | |
| npm run postinstall | |
| npm run build | |
| - name: Build binaries for linux | |
| run: | | |
| npm exec -- electron-builder build --linux --publish never | |
| - uses: actions/upload-artifact@v4 | |
| with: | |
| name: artifact_l | |
| path: | | |
| release/build/${{ env.ARTIFACT_NAME_PREFIX }}*.AppImage | |
| release/build/latest-linux.yml | |
| create_release: | |
| needs: [build_w_sign, build_m, build_l] | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Download artifact W | |
| uses: actions/download-artifact@v4 | |
| with: | |
| name: artifact_w | |
| - name: Download artifact M | |
| uses: actions/download-artifact@v4 | |
| with: | |
| name: artifact_m | |
| - name: Download artifact L | |
| uses: actions/download-artifact@v4 | |
| with: | |
| name: artifact_l | |
| - name: Publish release draft | |
| env: | |
| GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| GH_PROMPT_DISABLED: "disable" | |
| run: | | |
| gh release create ${{github.ref_name}} \ | |
| --repo ${{ github.server_url }}/${{ github.repository }} \ | |
| --generate-notes \ | |
| --draft \ | |
| $(ls *.AppImage *.exe *.dmg *.yml *.blockmap) |