enso-org/enso
1
1
Fork 0
mirror of https://github.com/enso-org/enso.git synced 2024-12-22 18:01:38 +03:00
Code Issues Projects Releases Wiki Activity

Bump electron-builder on CI macOS runners. (#8284)

Browse Source 
This PR avoids #8119 by selectively bumping the `electron-builder` on macOS CI runners. We do this only on macOS, as we do not want to trigger https://github.com/electron-userland/electron-builder/issues/6865 on Windows.
This commit is contained in:
Michał Wawrzyniec Urbańczyk 2023-11-16 20:07:29 +01:00 committed by GitHub
parent febce5dad7
commit 4b181c38d0
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
8 changed files with 131 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
.github/workflows/gui.yml vendored
View File

@ -817,11 +817,18 @@ jobs:
run: ./run git-clean
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- name: NPM install
run: npm install
- name: Uninstall old Electron Builder
run: npm uninstall --save --workspace enso electron-builder
- name: Install new Electron Builder
run: npm install --save-dev --workspace enso electron-builder@24.6.4
- run: ./run ide2 build --backend-source current-ci-run --gui2-upload-artifact false
env:
APPLEID: ${{ secrets.APPLE_NOTARIZATION_USERNAME }}
APPLEIDPASS: ${{ secrets.APPLE_NOTARIZATION_PASSWORD }}
APPLETEAMID: ${{ secrets.APPLE_NOTARIZATION_TEAM_ID }}
CSC_FOR_PULL_REQUEST: "true"
CSC_IDENTITY_AUTO_DISCOVERY: "true"
CSC_KEY_PASSWORD: ${{ secrets.APPLE_CODE_SIGNING_CERT_PASSWORD }}
CSC_LINK: ${{ secrets.APPLE_CODE_SIGNING_CERT }}
@ -1005,11 +1012,18 @@ jobs:
run: ./run git-clean
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- name: NPM install
run: npm install
- name: Uninstall old Electron Builder
run: npm uninstall --save --workspace enso electron-builder
- name: Install new Electron Builder
run: npm install --save-dev --workspace enso electron-builder@24.6.4
- run: ./run ide build --wasm-source current-ci-run --backend-source current-ci-run
env:
APPLEID: ${{ secrets.APPLE_NOTARIZATION_USERNAME }}
APPLEIDPASS: ${{ secrets.APPLE_NOTARIZATION_PASSWORD }}
APPLETEAMID: ${{ secrets.APPLE_NOTARIZATION_TEAM_ID }}
CSC_FOR_PULL_REQUEST: "true"
CSC_IDENTITY_AUTO_DISCOVERY: "true"
CSC_KEY_PASSWORD: ${{ secrets.APPLE_CODE_SIGNING_CERT_PASSWORD }}
CSC_LINK: ${{ secrets.APPLE_CODE_SIGNING_CERT }}

14
.github/workflows/release.yml vendored
View File

@ -624,11 +624,18 @@ jobs:
run: ./run git-clean
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- name: NPM install
run: npm install
- name: Uninstall old Electron Builder
run: npm uninstall --save --workspace enso electron-builder
- name: Install new Electron Builder
run: npm install --save-dev --workspace enso electron-builder@24.6.4
- run: ./run ide upload --wasm-source current-ci-run --backend-source release --backend-release ${{env.ENSO_RELEASE_ID}}
env:
APPLEID: ${{ secrets.APPLE_NOTARIZATION_USERNAME }}
APPLEIDPASS: ${{ secrets.APPLE_NOTARIZATION_PASSWORD }}
APPLETEAMID: ${{ secrets.APPLE_NOTARIZATION_TEAM_ID }}
CSC_FOR_PULL_REQUEST: "true"
CSC_IDENTITY_AUTO_DISCOVERY: "true"
CSC_KEY_PASSWORD: ${{ secrets.APPLE_CODE_SIGNING_CERT_PASSWORD }}
CSC_LINK: ${{ secrets.APPLE_CODE_SIGNING_CERT }}
@ -823,11 +830,18 @@ jobs:
run: ./run git-clean
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- name: NPM install
run: npm install
- name: Uninstall old Electron Builder
run: npm uninstall --save --workspace enso electron-builder
- name: Install new Electron Builder
run: npm install --save-dev --workspace enso electron-builder@24.6.4
- run: ./run ide2 upload --backend-source release --backend-release ${{env.ENSO_RELEASE_ID}}
env:
APPLEID: ${{ secrets.APPLE_NOTARIZATION_USERNAME }}
APPLEIDPASS: ${{ secrets.APPLE_NOTARIZATION_PASSWORD }}
APPLETEAMID: ${{ secrets.APPLE_NOTARIZATION_TEAM_ID }}
CSC_FOR_PULL_REQUEST: "true"
CSC_IDENTITY_AUTO_DISCOVERY: "true"
CSC_KEY_PASSWORD: ${{ secrets.APPLE_CODE_SIGNING_CERT_PASSWORD }}
CSC_LINK: ${{ secrets.APPLE_CODE_SIGNING_CERT }}

24
app/ide-desktop/lib/client/electron-builder-config.ts
View File

@ -93,14 +93,31 @@ export const args: Arguments = await yargs(process.argv.slice(2))
/** Based on the given arguments, creates a configuration for the Electron Builder. */
export function createElectronBuilderConfig(passedArgs: Arguments): electronBuilder.Configuration {
let version = BUILD_INFO.version
if (
passedArgs.target === 'msi' ||
(passedArgs.target == null && process.platform === 'win32')
) {
// MSI installer imposes some restrictions on the version number. Namely, product version must have a major
// version less than 256, a minor version less than 256, and a build version less than 65536.
//
// As a workaround (we use year, like 2023, as a major version), we drop two leading digits from the major
// version number.
version = version.substring(2)
}
return {
appId: 'org.enso',
productName: common.PRODUCT_NAME,
extraMetadata: {
version: BUILD_INFO.version,
version,
},
copyright: `Copyright © ${new Date().getFullYear()} ${common.COMPANY_NAME}`,
artifactName: 'enso-${os}-${version}.${ext}',
// Note that the `artifactName` uses the "canonical" version of the product, not one that might have been
// simplified for the MSI installer to cope.
artifactName: 'enso-${os}-' + BUILD_INFO.version + '.${ext}',
/** Definitions of URL {@link electronBuilder.Protocol} schemes used by the IDE.
*
* Electron will register all URL protocol schemes defined here with the OS.
@ -186,6 +203,9 @@ export function createElectronBuilderConfig(passedArgs: Arguments): electronBuil
directories: {
output: `${passedArgs.ideDist}`,
},
msi: {
runAfterFinish: false,
},
nsis: {
// Disables "block map" generation during electron building. Block maps
// can be used for incremental package update on client-side. However,

1
app/ide-desktop/lib/client/package.json
View File

@ -27,6 +27,7 @@
"string-length": "^5.0.1",
"@types/tar": "^6.1.4",
"tar": "^6.1.13",
"@types/yargs": "^17.0.30",
"yargs": "17.6.2"
},
"comments": {

8
build/build/src/ci_gen.rs
View File

@ -1,8 +1,8 @@
use crate::prelude::*;
use crate::ci_gen::job::expose_os_specific_signing_secret;
use crate::ci_gen::job::plain_job;
use crate::ci_gen::job::plain_job_customized;
use crate::ci_gen::job::with_packaging_steps;
use crate::ci_gen::job::RunsOn;
use crate::version::promote::Designation;
use crate::version::ENSO_EDITION;
@ -235,9 +235,7 @@ impl JobArchetype for PublishRelease {
pub struct UploadIde;
impl JobArchetype for UploadIde {
fn job(&self, os: OS) -> Job {
plain_job_customized(&os, "Build Old IDE", "ide upload --wasm-source current-ci-run --backend-source release --backend-release ${{env.ENSO_RELEASE_ID}}", |step|
vec![expose_os_specific_signing_secret(os, step)]
)
plain_job_customized(&os, "Build Old IDE", "ide upload --wasm-source current-ci-run --backend-source release --backend-release ${{env.ENSO_RELEASE_ID}}", with_packaging_steps(os))
}
}
@ -249,7 +247,7 @@ impl JobArchetype for UploadIde2 {
&os,
"Build New IDE",
"ide2 upload --backend-source release --backend-release ${{env.ENSO_RELEASE_ID}}",
|step| vec![expose_os_specific_signing_secret(os, step)],
with_packaging_steps(os),
)
}
}

54
build/build/src/ci_gen/job.rs
View File

@ -15,6 +15,15 @@ use ide_ci::actions::workflow::definition::Strategy;
/// This should be kept as recent as possible.
///
/// macOS must use a recent version of Electron Builder to have Python 3 support. Otherwise, build
/// would fail due to Python 2 missing.
///
/// We keep old versions of Electron Builder for Windows to avoid NSIS installer bug:
/// https://github.com/electron-userland/electron-builder/issues/6865
const ELECTRON_BUILDER_MACOS_VERSION: Version = Version::new(24, 6, 4);
pub trait RunsOn {
fn strategy(&self) -> Option<Strategy> {
None
@ -236,11 +245,50 @@ pub fn expose_os_specific_signing_secret(os: OS, step: Step) -> Step {
secret::APPLE_NOTARIZATION_TEAM_ID,
&crate::ide::web::env::APPLETEAMID,
)
.with_env(&crate::ide::web::env::CSC_IDENTITY_AUTO_DISCOVERY, "true"),
.with_env(&crate::ide::web::env::CSC_IDENTITY_AUTO_DISCOVERY, "true")
.with_env(&crate::ide::web::env::CSC_FOR_PULL_REQUEST, "true"),
_ => step,
}
}
/// The sequence of steps that bumps the version of the Electron-Builder to
/// [`ELECTRON_BUILDER_MACOS_VERSION`].
pub fn bump_electron_builder() -> Vec<Step> {
let npm_install =
Step { name: Some("NPM install".into()), run: Some("npm install".into()), ..default() };
let uninstall_old = Step {
name: Some("Uninstall old Electron Builder".into()),
run: Some("npm uninstall --save --workspace enso electron-builder".into()),
..default()
};
let command = format!(
"npm install --save-dev --workspace enso electron-builder@{ELECTRON_BUILDER_MACOS_VERSION}"
);
let install_new =
Step { name: Some("Install new Electron Builder".into()), run: Some(command), ..default() };
vec![npm_install, uninstall_old, install_new]
}
/// Prepares the packaging steps for the given OS.
///
/// This involves exposing secrets necessary for code signing and notarization. Additionally, on
/// macOS, it bumps the version of the Electron Builder to [`ELECTRON_BUILDER_MACOS_VERSION`].
pub fn prepare_packaging_steps(os: OS, step: Step) -> Vec<Step> {
let mut steps = Vec::new();
if os == OS::MacOS {
steps.extend(bump_electron_builder());
}
steps.push(expose_os_specific_signing_secret(os, step));
steps
}
/// Convenience for [`prepare_packaging_steps`].
///
/// This function is useful when you want to use [`prepare_packaging_steps`] as a closure.
pub fn with_packaging_steps(os: OS) -> impl FnOnce(Step) -> Vec<Step> {
move |step| prepare_packaging_steps(os, step)
}
#[derive(Clone, Copy, Debug)]
pub struct PackageOldIde;
impl JobArchetype for PackageOldIde {
@ -249,7 +297,7 @@ impl JobArchetype for PackageOldIde {
&os,
"Package Old IDE",
"ide build --wasm-source current-ci-run --backend-source current-ci-run",
|step| vec![expose_os_specific_signing_secret(os, step)],
with_packaging_steps(os),
)
}
}
@ -262,7 +310,7 @@ impl JobArchetype for PackageNewIde {
&os,
"Package New IDE",
"ide2 build --backend-source current-ci-run --gui2-upload-artifact false",
|step| vec![expose_os_specific_signing_secret(os, step)],
with_packaging_steps(os),
)
}
}

18
build/build/src/ide/web.rs
View File

@ -94,6 +94,16 @@ pub mod env {
/// Path to the python2 executable, used by electron-builder on macOS to package DMG.
PYTHON_PATH, PathBuf;
/// Note that enabling CSC_FOR_PULL_REQUEST can pose serious security risks. Refer to the
/// [CircleCI documentation](https://circleci.com/docs/1.0/fork-pr-builds/) for more
/// information. If the project settings contain SSH keys, sensitive environment variables,
/// or AWS credentials, and untrusted forks can submit pull requests to your repository, it
/// is not recommended to enable this option.
///
/// In our case we are careful to not expose any sensitive information to third-party forks,
/// so we can safely enable this option.
CSC_FOR_PULL_REQUEST, bool;
}
}
@ -379,7 +389,13 @@ impl IdeDesktop {
// We can work around this by setting the `PYTHON_PATH` env variable. We attempt to
// locate `python2` in PATH which is enough to work on GitHub-hosted macOS
// runners.
Some(ide_ci::program::lookup("python2")?)
ide_ci::program::lookup("python2")
.inspect_err(|e| {
// We do not fail, as this requirement might have been lifted by the
// electron-builder bump. As for now, we do best effort to support both cases.
warn!("Failed to locate python2 in PATH: {e}");
})
.ok()
} else {
None
};

10
package-lock.json generated
View File

@ -140,6 +140,7 @@
"@types/mime-types": "^2.1.1",
"@types/opener": "^1.4.0",
"@types/tar": "^6.1.4",
"@types/yargs": "^17.0.30",
"chalk": "^5.2.0",
"create-servers": "3.2.0",
"electron-is-dev": "^2.0.0",
@ -333,6 +334,14 @@
"to-ico": "^1.1.5"
}
},
"app/ide-desktop/node_modules/@types/yargs": {
"version": "17.0.31",
"resolved": "https://registry.npmjs.org/@types/yargs/-/yargs-17.0.31.tgz",
"integrity": "sha512-bocYSx4DI8TmdlvxqGpVNXOgCNR1Jj0gNPhhAY+iz1rgKDAaYrAYdFYnhDV1IFuiuVc9HkOwyDcFxaTElF3/wg==",
"dependencies": {
"@types/yargs-parser": "*"
}
},
"app/ide-desktop/node_modules/eslint-plugin-jsdoc": {
"version": "40.3.0",
"dev": true,
@ -4140,7 +4149,6 @@
},
"node_modules/@types/yargs-parser": {
"version": "21.0.0",
"dev": true,
"license": "MIT"
},
"node_modules/@types/yauzl": {