Release v1.0.7-win #293
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Publish Release | |
| on: | |
| push: | |
| tags: | |
| - 'v*' | |
| jobs: | |
| build: | |
| runs-on: ${{ matrix.image }} | |
| strategy: | |
| matrix: | |
| include: | |
| - image: macos-latest | |
| id: macos | |
| platform: macos | |
| node: macOS | |
| arch: '' # x64 | |
| - image: windows-latest | |
| id: windows | |
| platform: windows | |
| node: Windows | |
| arch: '' # x64 | |
| - image: ubuntu-latest | |
| id: linux | |
| platform: linux | |
| node: Linux | |
| arch: amd64 | |
| - image: [self-hosted, macos, arm64] | |
| id: macos-arm64 | |
| platform: macos | |
| node: macOS_ARM64 | |
| arch: arm64 | |
| - image: [self-hosted, linux, arm64] | |
| id: linux-arm64 | |
| platform: linux | |
| node: Linux_ARM64 | |
| arch: arm64 | |
| outputs: | |
| tagName: ${{ steps.tagName.outputs.tag }} | |
| version: ${{ steps.package-version.outputs.version }} | |
| steps: | |
| # Prepare workspace | |
| - name: Check out Git repository | |
| uses: actions/checkout@v2 | |
| - name: Install Node.js, NPM | |
| uses: actions/setup-node@v3 | |
| with: | |
| node-version: '16' | |
| cache: 'yarn' | |
| - name: Install Yarn | |
| run: npm install -g yarn | |
| - name: Get Smapp version | |
| id: package-version | |
| uses: tyankatsu0105/read-package-version-actions@v1 | |
| - uses: olegtarasov/get-tag@v2.1 | |
| id: tagName | |
| - name: Tag and version are equals | |
| if: ${{ steps.tagName.outputs.tag != format('v{0}', steps.package-version.outputs.version) }} | |
| run: | | |
| echo "Tag does not match Version." | |
| echo "Tag: ${{ steps.tagName.outputs.tag }}" | |
| echo "Version: v${{ steps.package-version.outputs.version }}" | |
| exit 1 | |
| # Install & Lint | |
| - name: yarn install | |
| run: | | |
| yarn config set network-timeout 300000 | |
| yarn install --prefer-offline | |
| - name: Lint | |
| run: yarn lint | |
| # Download go-spacemesh | |
| - name: Get specified Go-spacemesh version | |
| id: latestNode | |
| run: echo "::set-output name=version::$(cat ./node/use-version)" | |
| - name: Restore go-spacemesh from cache | |
| id: cache-gospacemesh | |
| uses: actions/cache@v3 | |
| with: | |
| path: | | |
| ./node/* | |
| !./node/use-version | |
| key: ${{ matrix.node }}-${{ hashFiles('./node/use-version') }}-4 | |
| restore-keys: ${{ matrix.node }}-${{ hashFiles('./node/use-version') }}-4 | |
| - name: Prepare link to go-spacemesh release archive | |
| if: steps.cache-gospacemesh.outputs.cache-hit != 'true' | |
| id: node-link | |
| run: | | |
| echo "::set-output name=link::https://storage.googleapis.com/go-spacemesh-release-builds/${{ steps.latestNode.outputs.version }}/${{ matrix.node }}.zip" | |
| - name: Check for go-spacemesh release archive existence | |
| if: steps.cache-gospacemesh.outputs.cache-hit != 'true' | |
| run: | | |
| [[ $(curl -I -L -w "%{http_code}" -o ${{ matrix.platform == 'windows' && 'NUL' || '/dev/null'}} ${{steps.node-link.outputs.link}}) == "200" ]] && | |
| echo "Atifacts found: ${{steps.node-link.outputs.link}}" && exit 0 || | |
| echo "Not found: ${{steps.node-link.outputs.link}}" && exit 1 | |
| shell: bash | |
| - id: platform | |
| if: steps.cache-gospacemesh.outputs.cache-hit != 'true' | |
| run: | | |
| echo "::set-output name=dir::${{ matrix.platform == 'windows' && 'windows' || matrix.platform == 'macos' && 'mac' || 'linux'}}" | |
| echo "::set-output name=ext::${{ matrix.platform == 'windows' && '.exe' || ''}}" | |
| echo "::set-output name=rm_flag::${{ matrix.platform == 'windows' && '-Recurse -Force' || '-rf' }}" | |
| - name: Download go-spacemesh release archive | |
| if: steps.cache-gospacemesh.outputs.cache-hit != 'true' | |
| run: | | |
| curl -L --output ./node/release.zip --create-dirs ${{steps.node-link.outputs.link}} | |
| - name: Unzip archive & get rid of redundant files | |
| if: steps.cache-gospacemesh.outputs.cache-hit != 'true' | |
| run: | | |
| 7z e -onode/${{ steps.platform.outputs.dir }}/ ./node/release.zip 'go-spacemesh*' '*.dylib' 'Molt*' '*.so' '*.dll' '*.lib' '*.h' 'profiler*' -r | |
| - name: Set CHMOD on Go-Spacemesh and libs | |
| if: matrix.platform != 'windows' | |
| run: chmod -R +x ./node/${{ steps.platform.outputs.dir }}/* | |
| - name: Disable quarantine for Go-Spacemesh and libs (macOS x64) | |
| if: matrix.id == 'macos' | |
| run: sudo xattr -rd com.apple.quarantine ./node/${{ steps.platform.outputs.dir }}/* | |
| - name: Disable quarantine for Go-Spacemesh and libs (macOS ARM64) | |
| if: matrix.id == 'macos-arm64' | |
| run: sudo /Users/aviv/xattr.sh | |
| - name: ls archive and ./node | |
| run: | | |
| 7z l ./node/release.zip | |
| ls ${{matrix.platform != 'windows' && '-la' || ''}} ./node/${{ steps.platform.outputs.dir }}/ | |
| - name: Install libOpenCL.so | |
| if: matrix.id == 'linux' | |
| run: | | |
| sudo apt update | |
| sudo apt install ocl-icd-opencl-dev | |
| # Run tests and build | |
| - name: Test | |
| if: matrix.image == 'macos-latest' | |
| run: yarn test --forceExit | |
| - name: Build | |
| run: yarn build | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| SENTRY_DSN: ${{ secrets.SENTRY_DSN }} | |
| SENTRY_AUTH_TOKEN: ${{ secrets.SENTRY_AUTH_TOKEN }} | |
| # Create binaries | |
| - if: matrix.platform == 'linux' | |
| name: Build linux app | |
| run: yarn package-linux | |
| env: | |
| SENTRY_DSN: ${{ secrets.SENTRY_DSN }} | |
| SENTRY_AUTH_TOKEN: ${{ secrets.SENTRY_AUTH_TOKEN }} | |
| USE_SYSTEM_FPM: ${{ matrix.id == 'linux-arm64' && 'true' }} | |
| - if: matrix.platform == 'windows' | |
| name: Build windows app | |
| run: yarn package-win | |
| env: | |
| SENTRY_DSN: ${{ secrets.SENTRY_DSN }} | |
| SENTRY_AUTH_TOKEN: ${{ secrets.SENTRY_AUTH_TOKEN }} | |
| - if: matrix.platform == 'macos' | |
| name: Build mac app | |
| run: yarn package-mac | |
| env: | |
| SENTRY_DSN: ${{ secrets.SENTRY_DSN }} | |
| SENTRY_AUTH_TOKEN: ${{ secrets.SENTRY_AUTH_TOKEN }} | |
| CSC_LINK: ${{ secrets.SIGNING_CERTIFICATE_P12_DATA }} | |
| CSC_KEY_PASSWORD: ${{ secrets.SIGNING_CERTIFICATE_PASSWORD }} | |
| APPLEID: ${{ secrets.APPLE_ID }} | |
| APPLEIDPASS: ${{ secrets.APPLE_ID_PASS }} | |
| APPLETEAMID: ${{ secrets.APPLE_TEAM_ID }} | |
| # TODO: Move notarizing MacOS application to another job, like `sign-win-app` | |
| # Copy checksum util to release dir | |
| - name: Copy checksum tool | |
| shell: bash | |
| run: cp ./scripts/checksum.js ./release/checksum.js | |
| # Store artifacts for further jobs | |
| - name: Store artifacts | |
| uses: actions/upload-artifact@v2 | |
| with: | |
| name: ${{ matrix.id }} | |
| path: | | |
| ./release/* | |
| !./release/*-unpacked | |
| !./release/mac* | |
| if-no-files-found: error | |
| sign-win-app: | |
| # CodeSignTool works perfectly on any platform even it signs a windows file | |
| # So we use ubuntu to make job faster and more stable | |
| runs-on: ubuntu-latest | |
| needs: build | |
| steps: | |
| - name: Download windows artifact | |
| uses: actions/download-artifact@v2 | |
| with: | |
| name: windows | |
| path: ./release/ | |
| - name: Cache CodeSignTool | |
| id: cache-codesigntool | |
| uses: actions/cache@v3 | |
| with: | |
| path: ./codesigntool | |
| key: codesign-cache-2 | |
| restore-keys: codesign-cache-2 | |
| - name: Download CodeSignTool archive | |
| if: steps.cache-codesigntool.outputs.cache-hit != 'true' | |
| run: | | |
| curl -L -k --output ./codesigntool.zip --create-dirs https://storage.googleapis.com/smapp/tools/codesigntool.zip | |
| - name: Unzip archive | |
| if: steps.cache-codesigntool.outputs.cache-hit != 'true' | |
| run: | | |
| unzip -d ./codesigntool/ ./codesigntool.zip | |
| chmod 755 ./codesigntool/* | |
| # CodeSignTool requires Java 11 and ubuntu-latest uses it by default | |
| # but to make it robust add extra step to ensure a Java version | |
| - name: Switch to Java 11 | |
| uses: actions/setup-java@v2 | |
| with: | |
| distribution: 'adopt' | |
| java-version: '11' | |
| - name: Create directory for signed artifact | |
| run: mkdir -p ./signed/ | |
| - name: Sign App | |
| # Rename file and then vice versa, because CodeSignTool can't accept path with spaces | |
| run: | | |
| mv "./release/Spacemesh Setup ${{ needs.build.outputs.version }}.exe" ./release/spacemesh.exe | |
| (cd ./codesigntool; ./CodeSignTool.sh sign -username=$USERNAME -password=$PASSWORD -totp_secret=$TOTP -input_file_path="../release/spacemesh.exe" -output_dir_path=../signed) | |
| mv ./signed/spacemesh.exe "./signed/Spacemesh Setup ${{ needs.build.outputs.version }}.exe" | |
| env: | |
| USERNAME: ${{ secrets.EVCS_USERNAME }} | |
| PASSWORD: ${{ secrets.EVCS_PASSWORD }} | |
| TOTP: ${{ secrets.EVCS_TOTP_SECRET_OLD }} | |
| - name: Copy latest.yml | |
| run: cp "./release/latest.yml" "./signed/latest.yml" | |
| - name: Install Node.js, NPM | |
| uses: actions/setup-node@v2-beta | |
| with: | |
| node-version: '16' | |
| - name: Get new sha512 | |
| id: sha512 | |
| run: | | |
| echo "::set-output name=value::$(node ./release/checksum.js "./signed/Spacemesh Setup ${{ needs.build.outputs.version }}.exe")" | |
| - name: Update latest.yml (sha512) | |
| uses: endaft/action-yamler@v1.0.9 | |
| with: | |
| file: ./signed/latest.yml | |
| path: sha512 | |
| set: ${{steps.sha512.outputs.value}} | |
| - name: Update latest.yml (files.0.sha512) | |
| uses: endaft/action-yamler@v1.0.9 | |
| with: | |
| file: ./signed/latest.yml | |
| path: files.0.sha512 | |
| set: ${{steps.sha512.outputs.value}} | |
| - name: Store signed artifact | |
| uses: actions/upload-artifact@v2 | |
| with: | |
| name: windows-signed | |
| path: ./signed/* | |
| if-no-files-found: error | |
| sign-app-image: | |
| runs-on: ubuntu-latest | |
| needs: build | |
| steps: | |
| - name: Download x64 artifact | |
| uses: actions/download-artifact@v2 | |
| with: | |
| name: linux | |
| path: ./release/linux | |
| - name: Download arm64 artifact | |
| uses: actions/download-artifact@v2 | |
| with: | |
| name: linux-arm64 | |
| path: ./release/linux-arm64 | |
| - name: Set filename | |
| id: filename | |
| run: | | |
| echo "::set-output name=x64::Spacemesh-${{ needs.build.outputs.version }}.AppImage" | |
| echo "::set-output name=arm64::Spacemesh-${{ needs.build.outputs.version }}-arm64.AppImage" | |
| - name: Import GPG keys | |
| run: | | |
| export GPG_TTY=$(tty) | |
| echo -n "$GPG_SIGNING_KEY" | base64 --decode | gpg --import --pinentry-mode=loopback --passphrase "$GPG_PASSPHRASE" | |
| env: | |
| GPG_SIGNING_KEY: ${{ secrets.GPG_SIGNING_KEY }} | |
| GPG_PASSPHRASE: ${{ secrets.GPG_PASSPHRASE }} | |
| - name: List files | |
| run: | | |
| ls -la ./release | |
| ls -la ./release/linux | |
| ls -la ./release/linux-arm64 | |
| - name: Files to sign | |
| run: | | |
| echo "X64: ./release/linux/${{ steps.filename.outputs.x64 }}\n" | |
| echo "ARM64: ./release/linux-arm64/${{ steps.filename.outputs.arm64 }}\n" | |
| - name: Sign AppImages x64 | |
| run: | | |
| gpg --pinentry-mode=loopback --passphrase "$GPG_PASSPHRASE" --output ./release/linux/${{ steps.filename.outputs.x64 }}.sig --detach-sign ./release/linux/${{ steps.filename.outputs.x64 }} | |
| gpg --pinentry-mode=loopback --passphrase "$GPG_PASSPHRASE" --output ./release/linux-arm64/${{ steps.filename.outputs.arm64 }}.sig --detach-sign ./release/linux-arm64/${{ steps.filename.outputs.arm64 }} | |
| env: | |
| GPG_PASSPHRASE: ${{ secrets.GPG_PASSPHRASE }} | |
| - name: Store x64 signature | |
| uses: actions/upload-artifact@v2 | |
| with: | |
| name: linux | |
| path: ./release/linux/${{ steps.filename.outputs.x64 }}.sig | |
| if-no-files-found: error | |
| - name: Store arm64 signature | |
| uses: actions/upload-artifact@v2 | |
| with: | |
| name: linux-arm64 | |
| path: ./release/linux-arm64/${{ steps.filename.outputs.arm64 }}.sig | |
| if-no-files-found: error | |
| release: | |
| runs-on: ubuntu-latest | |
| needs: [build, sign-win-app, sign-app-image] | |
| steps: | |
| - name: Download all artifacts | |
| uses: actions/download-artifact@v2 | |
| with: | |
| path: ./release/ | |
| # Merge `latest-mac.yml` (x64 and arm64) | |
| - name: Merge latest-mac.yml | |
| uses: mikefarah/yq@master | |
| with: | |
| cmd: yq ea '. as $item ireduce ({}; . *+ $item)' ./release/macos/latest-mac.yml ./release/macos-arm64/latest-mac.yml > ./release/latest-merged.yml | |
| - run: cat ./release/latest-merged.yml | |
| - run: cp -f ./release/latest-merged.yml ./release/macos/latest-mac.yml | |
| - run: cp -f ./release/latest-merged.yml ./release/macos-arm64/latest-mac.yml | |
| # Upload artifacts to GCS | |
| - name: Set up GCloud SDK | |
| uses: google-github-actions/setup-gcloud@v0 | |
| with: | |
| project_id: ${{ secrets.GCP_PROJECT_ID }} | |
| service_account_key: ${{ secrets.GCP_SA_KEY }} | |
| export_default_credentials: true | |
| - name: Upload macos artifact | |
| uses: google-github-actions/upload-cloud-storage@v0 | |
| with: | |
| path: ./release/macos/ | |
| destination: ${{ secrets.GCP_BUCKET }}/${{ needs.build.outputs.tagName }} | |
| parent: false | |
| - name: Upload macos arm64 artifact | |
| uses: google-github-actions/upload-cloud-storage@v0 | |
| with: | |
| path: ./release/macos-arm64/ | |
| destination: ${{ secrets.GCP_BUCKET }}/${{ needs.build.outputs.tagName }} | |
| parent: false | |
| - name: Upload windows build | |
| uses: google-github-actions/upload-cloud-storage@v0 | |
| with: | |
| path: ./release/windows-signed/ | |
| destination: ${{ secrets.GCP_BUCKET }}/${{ needs.build.outputs.tagName }} | |
| parent: false | |
| - name: Upload linux build | |
| uses: google-github-actions/upload-cloud-storage@v0 | |
| with: | |
| path: ./release/linux/ | |
| destination: ${{ secrets.GCP_BUCKET }}/${{ needs.build.outputs.tagName }} | |
| parent: false | |
| - name: Upload linux arm64 build | |
| uses: google-github-actions/upload-cloud-storage@v0 | |
| with: | |
| path: ./release/linux-arm64/ | |
| destination: ${{ secrets.GCP_BUCKET }}/${{ needs.build.outputs.tagName }} | |
| parent: false | |
| - name: Create Release | |
| id: create-release | |
| uses: softprops/action-gh-release@v1 | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| with: | |
| name: Release ${{ needs.build.outputs.tagName }} | |
| body: | | |
| ## Compiled Binaries | |
| - Windows: [x64](https://storage.googleapis.com/smapp/${{ needs.build.outputs.tagName }}/Spacemesh%20Setup%20${{ needs.build.outputs.version }}.exe) | |
| - macOS: [x64](https://storage.googleapis.com/smapp/${{ needs.build.outputs.tagName }}/Spacemesh-${{ needs.build.outputs.version }}.dmg) [arm64](https://storage.googleapis.com/smapp/${{ needs.build.outputs.tagName }}/Spacemesh-${{ needs.build.outputs.version }}-arm64.dmg) | |
| - Linux | |
| - AppImage [x64](https://storage.googleapis.com/smapp/${{ needs.build.outputs.tagName }}/Spacemesh-${{ needs.build.outputs.version }}.AppImage) [arm64](https://storage.googleapis.com/smapp/${{ needs.build.outputs.tagName }}/Spacemesh-${{ needs.build.outputs.version }}-arm64.AppImage) | |
| GPG signatures: [x64](https://storage.googleapis.com/smapp/${{ needs.build.outputs.tagName }}/Spacemesh-${{ needs.build.outputs.version }}.AppImage.sig) [arm64](https://storage.googleapis.com/smapp/${{ needs.build.outputs.tagName }}/Spacemesh-${{ needs.build.outputs.version }}-arm64.AppImage.sig) [public.key](https://discover.spacemesh.io/public.key) | |
| - deb [x64](https://storage.googleapis.com/smapp/${{ needs.build.outputs.tagName }}/spacemesh_app_${{ needs.build.outputs.version }}_amd64.deb) [arm64](https://storage.googleapis.com/smapp/${{ needs.build.outputs.tagName }}/spacemesh_app_${{ needs.build.outputs.version }}_arm64.deb) | |
| draft: true | |
| prerelease: true | |
| - name: Delete all artifacts | |
| uses: geekyeggo/delete-artifact@v1 | |
| with: | |
| name: | | |
| windows-signed | |
| windows | |
| linux | |
| linux-arm64 | |
| macos | |
| macos-arm64 |