mirror of
https://github.com/enso-org/enso.git
synced 2025-01-05 15:42:52 +03:00
Bump electron-builder
on CI macOS runners. (#8284)
This PR avoids #8119 by selectively bumping the `electron-builder` on macOS CI runners. We do this only on macOS, as we do not want to trigger https://github.com/electron-userland/electron-builder/issues/6865 on Windows.
This commit is contained in:
parent
febce5dad7
commit
4b181c38d0
14
.github/workflows/gui.yml
vendored
14
.github/workflows/gui.yml
vendored
@ -817,11 +817,18 @@ jobs:
|
||||
run: ./run git-clean
|
||||
env:
|
||||
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
|
||||
- name: NPM install
|
||||
run: npm install
|
||||
- name: Uninstall old Electron Builder
|
||||
run: npm uninstall --save --workspace enso electron-builder
|
||||
- name: Install new Electron Builder
|
||||
run: npm install --save-dev --workspace enso electron-builder@24.6.4
|
||||
- run: ./run ide2 build --backend-source current-ci-run --gui2-upload-artifact false
|
||||
env:
|
||||
APPLEID: ${{ secrets.APPLE_NOTARIZATION_USERNAME }}
|
||||
APPLEIDPASS: ${{ secrets.APPLE_NOTARIZATION_PASSWORD }}
|
||||
APPLETEAMID: ${{ secrets.APPLE_NOTARIZATION_TEAM_ID }}
|
||||
CSC_FOR_PULL_REQUEST: "true"
|
||||
CSC_IDENTITY_AUTO_DISCOVERY: "true"
|
||||
CSC_KEY_PASSWORD: ${{ secrets.APPLE_CODE_SIGNING_CERT_PASSWORD }}
|
||||
CSC_LINK: ${{ secrets.APPLE_CODE_SIGNING_CERT }}
|
||||
@ -1005,11 +1012,18 @@ jobs:
|
||||
run: ./run git-clean
|
||||
env:
|
||||
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
|
||||
- name: NPM install
|
||||
run: npm install
|
||||
- name: Uninstall old Electron Builder
|
||||
run: npm uninstall --save --workspace enso electron-builder
|
||||
- name: Install new Electron Builder
|
||||
run: npm install --save-dev --workspace enso electron-builder@24.6.4
|
||||
- run: ./run ide build --wasm-source current-ci-run --backend-source current-ci-run
|
||||
env:
|
||||
APPLEID: ${{ secrets.APPLE_NOTARIZATION_USERNAME }}
|
||||
APPLEIDPASS: ${{ secrets.APPLE_NOTARIZATION_PASSWORD }}
|
||||
APPLETEAMID: ${{ secrets.APPLE_NOTARIZATION_TEAM_ID }}
|
||||
CSC_FOR_PULL_REQUEST: "true"
|
||||
CSC_IDENTITY_AUTO_DISCOVERY: "true"
|
||||
CSC_KEY_PASSWORD: ${{ secrets.APPLE_CODE_SIGNING_CERT_PASSWORD }}
|
||||
CSC_LINK: ${{ secrets.APPLE_CODE_SIGNING_CERT }}
|
||||
|
14
.github/workflows/release.yml
vendored
14
.github/workflows/release.yml
vendored
@ -624,11 +624,18 @@ jobs:
|
||||
run: ./run git-clean
|
||||
env:
|
||||
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
|
||||
- name: NPM install
|
||||
run: npm install
|
||||
- name: Uninstall old Electron Builder
|
||||
run: npm uninstall --save --workspace enso electron-builder
|
||||
- name: Install new Electron Builder
|
||||
run: npm install --save-dev --workspace enso electron-builder@24.6.4
|
||||
- run: ./run ide upload --wasm-source current-ci-run --backend-source release --backend-release ${{env.ENSO_RELEASE_ID}}
|
||||
env:
|
||||
APPLEID: ${{ secrets.APPLE_NOTARIZATION_USERNAME }}
|
||||
APPLEIDPASS: ${{ secrets.APPLE_NOTARIZATION_PASSWORD }}
|
||||
APPLETEAMID: ${{ secrets.APPLE_NOTARIZATION_TEAM_ID }}
|
||||
CSC_FOR_PULL_REQUEST: "true"
|
||||
CSC_IDENTITY_AUTO_DISCOVERY: "true"
|
||||
CSC_KEY_PASSWORD: ${{ secrets.APPLE_CODE_SIGNING_CERT_PASSWORD }}
|
||||
CSC_LINK: ${{ secrets.APPLE_CODE_SIGNING_CERT }}
|
||||
@ -823,11 +830,18 @@ jobs:
|
||||
run: ./run git-clean
|
||||
env:
|
||||
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
|
||||
- name: NPM install
|
||||
run: npm install
|
||||
- name: Uninstall old Electron Builder
|
||||
run: npm uninstall --save --workspace enso electron-builder
|
||||
- name: Install new Electron Builder
|
||||
run: npm install --save-dev --workspace enso electron-builder@24.6.4
|
||||
- run: ./run ide2 upload --backend-source release --backend-release ${{env.ENSO_RELEASE_ID}}
|
||||
env:
|
||||
APPLEID: ${{ secrets.APPLE_NOTARIZATION_USERNAME }}
|
||||
APPLEIDPASS: ${{ secrets.APPLE_NOTARIZATION_PASSWORD }}
|
||||
APPLETEAMID: ${{ secrets.APPLE_NOTARIZATION_TEAM_ID }}
|
||||
CSC_FOR_PULL_REQUEST: "true"
|
||||
CSC_IDENTITY_AUTO_DISCOVERY: "true"
|
||||
CSC_KEY_PASSWORD: ${{ secrets.APPLE_CODE_SIGNING_CERT_PASSWORD }}
|
||||
CSC_LINK: ${{ secrets.APPLE_CODE_SIGNING_CERT }}
|
||||
|
@ -93,14 +93,31 @@ export const args: Arguments = await yargs(process.argv.slice(2))
|
||||
|
||||
/** Based on the given arguments, creates a configuration for the Electron Builder. */
|
||||
export function createElectronBuilderConfig(passedArgs: Arguments): electronBuilder.Configuration {
|
||||
let version = BUILD_INFO.version
|
||||
if (
|
||||
passedArgs.target === 'msi' ||
|
||||
(passedArgs.target == null && process.platform === 'win32')
|
||||
) {
|
||||
// MSI installer imposes some restrictions on the version number. Namely, product version must have a major
|
||||
// version less than 256, a minor version less than 256, and a build version less than 65536.
|
||||
//
|
||||
// As a workaround (we use year, like 2023, as a major version), we drop two leading digits from the major
|
||||
// version number.
|
||||
version = version.substring(2)
|
||||
}
|
||||
|
||||
return {
|
||||
appId: 'org.enso',
|
||||
productName: common.PRODUCT_NAME,
|
||||
extraMetadata: {
|
||||
version: BUILD_INFO.version,
|
||||
version,
|
||||
},
|
||||
copyright: `Copyright © ${new Date().getFullYear()} ${common.COMPANY_NAME}`,
|
||||
artifactName: 'enso-${os}-${version}.${ext}',
|
||||
|
||||
// Note that the `artifactName` uses the "canonical" version of the product, not one that might have been
|
||||
// simplified for the MSI installer to cope.
|
||||
artifactName: 'enso-${os}-' + BUILD_INFO.version + '.${ext}',
|
||||
|
||||
/** Definitions of URL {@link electronBuilder.Protocol} schemes used by the IDE.
|
||||
*
|
||||
* Electron will register all URL protocol schemes defined here with the OS.
|
||||
@ -186,6 +203,9 @@ export function createElectronBuilderConfig(passedArgs: Arguments): electronBuil
|
||||
directories: {
|
||||
output: `${passedArgs.ideDist}`,
|
||||
},
|
||||
msi: {
|
||||
runAfterFinish: false,
|
||||
},
|
||||
nsis: {
|
||||
// Disables "block map" generation during electron building. Block maps
|
||||
// can be used for incremental package update on client-side. However,
|
||||
|
@ -27,6 +27,7 @@
|
||||
"string-length": "^5.0.1",
|
||||
"@types/tar": "^6.1.4",
|
||||
"tar": "^6.1.13",
|
||||
"@types/yargs": "^17.0.30",
|
||||
"yargs": "17.6.2"
|
||||
},
|
||||
"comments": {
|
||||
|
@ -1,8 +1,8 @@
|
||||
use crate::prelude::*;
|
||||
|
||||
use crate::ci_gen::job::expose_os_specific_signing_secret;
|
||||
use crate::ci_gen::job::plain_job;
|
||||
use crate::ci_gen::job::plain_job_customized;
|
||||
use crate::ci_gen::job::with_packaging_steps;
|
||||
use crate::ci_gen::job::RunsOn;
|
||||
use crate::version::promote::Designation;
|
||||
use crate::version::ENSO_EDITION;
|
||||
@ -235,9 +235,7 @@ impl JobArchetype for PublishRelease {
|
||||
pub struct UploadIde;
|
||||
impl JobArchetype for UploadIde {
|
||||
fn job(&self, os: OS) -> Job {
|
||||
plain_job_customized(&os, "Build Old IDE", "ide upload --wasm-source current-ci-run --backend-source release --backend-release ${{env.ENSO_RELEASE_ID}}", |step|
|
||||
vec![expose_os_specific_signing_secret(os, step)]
|
||||
)
|
||||
plain_job_customized(&os, "Build Old IDE", "ide upload --wasm-source current-ci-run --backend-source release --backend-release ${{env.ENSO_RELEASE_ID}}", with_packaging_steps(os))
|
||||
}
|
||||
}
|
||||
|
||||
@ -249,7 +247,7 @@ impl JobArchetype for UploadIde2 {
|
||||
&os,
|
||||
"Build New IDE",
|
||||
"ide2 upload --backend-source release --backend-release ${{env.ENSO_RELEASE_ID}}",
|
||||
|step| vec![expose_os_specific_signing_secret(os, step)],
|
||||
with_packaging_steps(os),
|
||||
)
|
||||
}
|
||||
}
|
||||
|
@ -15,6 +15,15 @@ use ide_ci::actions::workflow::definition::Strategy;
|
||||
|
||||
|
||||
|
||||
/// This should be kept as recent as possible.
|
||||
///
|
||||
/// macOS must use a recent version of Electron Builder to have Python 3 support. Otherwise, build
|
||||
/// would fail due to Python 2 missing.
|
||||
///
|
||||
/// We keep old versions of Electron Builder for Windows to avoid NSIS installer bug:
|
||||
/// https://github.com/electron-userland/electron-builder/issues/6865
|
||||
const ELECTRON_BUILDER_MACOS_VERSION: Version = Version::new(24, 6, 4);
|
||||
|
||||
pub trait RunsOn {
|
||||
fn strategy(&self) -> Option<Strategy> {
|
||||
None
|
||||
@ -236,11 +245,50 @@ pub fn expose_os_specific_signing_secret(os: OS, step: Step) -> Step {
|
||||
secret::APPLE_NOTARIZATION_TEAM_ID,
|
||||
&crate::ide::web::env::APPLETEAMID,
|
||||
)
|
||||
.with_env(&crate::ide::web::env::CSC_IDENTITY_AUTO_DISCOVERY, "true"),
|
||||
.with_env(&crate::ide::web::env::CSC_IDENTITY_AUTO_DISCOVERY, "true")
|
||||
.with_env(&crate::ide::web::env::CSC_FOR_PULL_REQUEST, "true"),
|
||||
_ => step,
|
||||
}
|
||||
}
|
||||
|
||||
/// The sequence of steps that bumps the version of the Electron-Builder to
|
||||
/// [`ELECTRON_BUILDER_MACOS_VERSION`].
|
||||
pub fn bump_electron_builder() -> Vec<Step> {
|
||||
let npm_install =
|
||||
Step { name: Some("NPM install".into()), run: Some("npm install".into()), ..default() };
|
||||
let uninstall_old = Step {
|
||||
name: Some("Uninstall old Electron Builder".into()),
|
||||
run: Some("npm uninstall --save --workspace enso electron-builder".into()),
|
||||
..default()
|
||||
};
|
||||
let command = format!(
|
||||
"npm install --save-dev --workspace enso electron-builder@{ELECTRON_BUILDER_MACOS_VERSION}"
|
||||
);
|
||||
let install_new =
|
||||
Step { name: Some("Install new Electron Builder".into()), run: Some(command), ..default() };
|
||||
vec![npm_install, uninstall_old, install_new]
|
||||
}
|
||||
|
||||
/// Prepares the packaging steps for the given OS.
|
||||
///
|
||||
/// This involves exposing secrets necessary for code signing and notarization. Additionally, on
|
||||
/// macOS, it bumps the version of the Electron Builder to [`ELECTRON_BUILDER_MACOS_VERSION`].
|
||||
pub fn prepare_packaging_steps(os: OS, step: Step) -> Vec<Step> {
|
||||
let mut steps = Vec::new();
|
||||
if os == OS::MacOS {
|
||||
steps.extend(bump_electron_builder());
|
||||
}
|
||||
steps.push(expose_os_specific_signing_secret(os, step));
|
||||
steps
|
||||
}
|
||||
|
||||
/// Convenience for [`prepare_packaging_steps`].
|
||||
///
|
||||
/// This function is useful when you want to use [`prepare_packaging_steps`] as a closure.
|
||||
pub fn with_packaging_steps(os: OS) -> impl FnOnce(Step) -> Vec<Step> {
|
||||
move |step| prepare_packaging_steps(os, step)
|
||||
}
|
||||
|
||||
#[derive(Clone, Copy, Debug)]
|
||||
pub struct PackageOldIde;
|
||||
impl JobArchetype for PackageOldIde {
|
||||
@ -249,7 +297,7 @@ impl JobArchetype for PackageOldIde {
|
||||
&os,
|
||||
"Package Old IDE",
|
||||
"ide build --wasm-source current-ci-run --backend-source current-ci-run",
|
||||
|step| vec![expose_os_specific_signing_secret(os, step)],
|
||||
with_packaging_steps(os),
|
||||
)
|
||||
}
|
||||
}
|
||||
@ -262,7 +310,7 @@ impl JobArchetype for PackageNewIde {
|
||||
&os,
|
||||
"Package New IDE",
|
||||
"ide2 build --backend-source current-ci-run --gui2-upload-artifact false",
|
||||
|step| vec![expose_os_specific_signing_secret(os, step)],
|
||||
with_packaging_steps(os),
|
||||
)
|
||||
}
|
||||
}
|
||||
|
@ -94,6 +94,16 @@ pub mod env {
|
||||
|
||||
/// Path to the python2 executable, used by electron-builder on macOS to package DMG.
|
||||
PYTHON_PATH, PathBuf;
|
||||
|
||||
/// Note that enabling CSC_FOR_PULL_REQUEST can pose serious security risks. Refer to the
|
||||
/// [CircleCI documentation](https://circleci.com/docs/1.0/fork-pr-builds/) for more
|
||||
/// information. If the project settings contain SSH keys, sensitive environment variables,
|
||||
/// or AWS credentials, and untrusted forks can submit pull requests to your repository, it
|
||||
/// is not recommended to enable this option.
|
||||
///
|
||||
/// In our case we are careful to not expose any sensitive information to third-party forks,
|
||||
/// so we can safely enable this option.
|
||||
CSC_FOR_PULL_REQUEST, bool;
|
||||
}
|
||||
}
|
||||
|
||||
@ -379,7 +389,13 @@ impl IdeDesktop {
|
||||
// We can work around this by setting the `PYTHON_PATH` env variable. We attempt to
|
||||
// locate `python2` in PATH which is enough to work on GitHub-hosted macOS
|
||||
// runners.
|
||||
Some(ide_ci::program::lookup("python2")?)
|
||||
ide_ci::program::lookup("python2")
|
||||
.inspect_err(|e| {
|
||||
// We do not fail, as this requirement might have been lifted by the
|
||||
// electron-builder bump. As for now, we do best effort to support both cases.
|
||||
warn!("Failed to locate python2 in PATH: {e}");
|
||||
})
|
||||
.ok()
|
||||
} else {
|
||||
None
|
||||
};
|
||||
|
10
package-lock.json
generated
10
package-lock.json
generated
@ -140,6 +140,7 @@
|
||||
"@types/mime-types": "^2.1.1",
|
||||
"@types/opener": "^1.4.0",
|
||||
"@types/tar": "^6.1.4",
|
||||
"@types/yargs": "^17.0.30",
|
||||
"chalk": "^5.2.0",
|
||||
"create-servers": "3.2.0",
|
||||
"electron-is-dev": "^2.0.0",
|
||||
@ -333,6 +334,14 @@
|
||||
"to-ico": "^1.1.5"
|
||||
}
|
||||
},
|
||||
"app/ide-desktop/node_modules/@types/yargs": {
|
||||
"version": "17.0.31",
|
||||
"resolved": "https://registry.npmjs.org/@types/yargs/-/yargs-17.0.31.tgz",
|
||||
"integrity": "sha512-bocYSx4DI8TmdlvxqGpVNXOgCNR1Jj0gNPhhAY+iz1rgKDAaYrAYdFYnhDV1IFuiuVc9HkOwyDcFxaTElF3/wg==",
|
||||
"dependencies": {
|
||||
"@types/yargs-parser": "*"
|
||||
}
|
||||
},
|
||||
"app/ide-desktop/node_modules/eslint-plugin-jsdoc": {
|
||||
"version": "40.3.0",
|
||||
"dev": true,
|
||||
@ -4140,7 +4149,6 @@
|
||||
},
|
||||
"node_modules/@types/yargs-parser": {
|
||||
"version": "21.0.0",
|
||||
"dev": true,
|
||||
"license": "MIT"
|
||||
},
|
||||
"node_modules/@types/yauzl": {
|
||||
|
Loading…
Reference in New Issue
Block a user