gitbutler/.github/workflows/publish.yaml

name: "Publish"
on:
  workflow_run:
    workflows: ["Nightly build"]
    types:
      - completed

  workflow_dispatch:
    inputs:
      channel:
        type: choice
        required: true
        description: channel
        options:
          - release
          - nightly
      bump:
        type: choice
        required: true
        description: update type
        options:
          - undefined
          - patch
          - minor
          - major

jobs:
  build-tauri:
    strategy:
      fail-fast: false
      matrix:
        platform:
          - macos-latest # [macOs, x64]
          - macos-latest-xlarge # [macOs, ARM64]
          - ubuntu-20.04 # [linux, x64]
          - windows-latest # [windows, x64]

    runs-on: ${{ matrix.platform }}

    outputs:
      platform: ${{ matrix.platform }}
      channel: ${{ env.channel }}

    env:
      SENTRY_AUTH_TOKEN: ${{ secrets.SENTRY_AUTH_TOKEN }}

    steps:
       # Because GitHub broke perl installations sometime in 2022 on Windows.
      - name: perl -V (before re-install)
        if: runner.os == 'Windows'
        run: which perl && perl -V
      - name: Setup perl
        if: runner.os == 'Windows'
        uses: shogo82148/actions-setup-perl@v1
        with:
          perl-version: "5.38"
          distribution: strawberry
      - name: Set git to use LF
        if: runner.os == 'Windows'
        run: |
          git config --global core.autocrlf false
          git config --global core.eol lf          
      - name: perl -V
        if: runner.os == 'Windows'
        run: which perl && perl -V
      - name: Ensure we have a working Perl toolchain
        if: runner.os == 'Windows'
        run: cpanm ExtUtils::Manifest App::cpanminus Locale::Maketext::Simple
      - name: Set Perl environment variables
        if: runner.os == 'Windows'
        run: |
          echo "PERL=$((where.exe perl)[0])" | Out-File -FilePath $env:GITHUB_ENV -Append -Encoding utf8
          echo "OPENSSL_SRC_PERL=$((where.exe perl)[0])" | Out-File -FilePath $env:GITHUB_ENV -Append -Encoding utf8          

      - uses: actions/checkout@v4
        with:
          token: ${{ secrets.PAT_NGALAIKO }} # custom token here so that we can push tags later
      - uses: ./.github/actions/init-env-rust
      - uses: ./.github/actions/init-env-node

      - name: Set nightly params
        shell: bash
        if: ${{!!github.event.workflow_run }}
        run: |
          echo "channel=nightly" >> $GITHUB_ENV
          echo "bump=patch" >> $GITHUB_ENV          

      - name: Use input params
        shell: bash
        if: ${{ !github.event.workflow_run }}
        run: |
          echo "channel=${{ github.event.inputs.channel }}" >> $GITHUB_ENV
          echo "bump=${{ github.event.inputs.bump }}" >> $GITHUB_ENV          

      - name: Set env variable with version
        shell: bash
        run: |
          CURRENT_VERSION="$(curl --silent "https://app.gitbutler.com/releases/${{ env.channel }}" | jq -r '.version')"
          NEXT_VERSION=$(./scripts/next.sh "${CURRENT_VERSION}" "${{ env.bump }}")
          echo "version=$NEXT_VERSION" >> $GITHUB_ENV          

      - name: import gpg key
        if: runner.os == 'Linux'
        uses: crazy-max/ghaction-import-gpg@v6
        with:
          gpg_private_key: ${{ secrets.APPIMAGE_PRIVATE_KEY }}
          passphrase: ${{ secrets.APPIMAGE_KEY_PASSPHRASE }}

      - name: install linux dependencies
        shell: bash
        if: runner.os == 'Linux'
        run: sudo apt-get install -y libwebkit2gtk-4.0-dev build-essential curl wget file libssl-dev libgtk-3-dev libayatana-appindicator3-dev librsvg2-dev

      - name: Build binary
        shell: bash
        run: |
          ./scripts/release.sh \
            --sign \
            --channel                    "${{ env.channel }}" \
            --dist                       "./release" \
            --version                    "${{ env.version }}"          
        env:
          TAURI_PRIVATE_KEY: ${{ secrets.TAURI_PRIVATE_KEY }}
          TAURI_KEY_PASSWORD: ${{ secrets.TAURI_KEY_PASSWORD }}
          APPLE_CERTIFICATE: ${{ secrets.APPLE_CERTIFICATE }}
          APPLE_CERTIFICATE_PASSWORD: ${{ secrets.APPLE_CERTIFICATE_PASSWORD }}
          APPLE_SIGNING_IDENTITY: ${{ secrets.APPLE_SIGNING_IDENTITY }}
          APPLE_ID: ${{ secrets.APPLE_ID }}
          APPLE_TEAM_ID: ${{ secrets.APPLE_PROVIDER_SHORT_NAME }}
          APPLE_PASSWORD: ${{ secrets.APPLE_PASSWORD }}
          APPIMAGE_KEY_ID: ${{ secrets.APPIMAGE_KEY_ID }}
          APPIMAGE_KEY_PASSPHRASE: ${{ secrets.APPIMAGE_KEY_PASSPHRASE }}

      - name: Upload Artifacts
        uses: actions/upload-artifact@v2
        with:
          name: release
          path: release/

  sign-tauri:
    needs: build-tauri
    runs-on: [self-hosted, evcodesignd]
    if: ${{ needs.build-tauri.outputs.channel == 'release' }} && ${{ needs.build-tauri.outputs.platform == 'windows-latest' }}
    steps:
      - name: Download unsigned artifacts
        uses: actions/download-artifact@v2
        with:
          name: release
          path: release
      - name: Sign Windows binary
        shell: bash
        run: |
          python3 /sign-with-evcodesignd.py release/*.msi          
        env:
          EVCODESIGND_PSK: ${{ secrets.EVCODESIGND_PSK }}
      - name: Upload signed artifacts
        uses: actions/upload-artifact@v2
        with:
          name: release
          path: release/

#  publish-tauri:
#    needs: sign-tauri
#    steps:
#      - name: Download artifacts
#        uses: actions/download-artifact@v2
#        with:
#          name: release
#          path: release
#      - uses: shallwefootball/s3-upload-action@master
#        name: Upload To S3
#        id: S3
#        with:
#          aws_key_id: ${{ secrets.AWS_ACCESS_KEY_ID }}
#          aws_secret_access_key: ${{ secrets.AWS_SECRET_ACCESS_KEY}}
#          aws_bucket: "releases.gitbutler.com"
#          source_dir: "release/"
#          destination_dir: "releases/${{ env.channel }}/${{ env.version }}-${{ github.run_number }}"
#
#      # tell our server to update with the version number
#      - name: Tell our server to update
#        shell: bash
#        run: |
#          curl 'https://app.gitbutler.com/api/releases' \
#            --fail \
#            --request POST \
#            --header 'Content-Type: application/json' \
#            --header 'X-Auth-Token: ${{ secrets.BOT_AUTH_TOKEN }}' \
#            --data '{"channel":"${{ env.channel }}","version":"${{ env.version }}-${{ github.run_number }}","sha":"${{ github.sha }}"}'
#
#      - name: Tag release
#        shell: bash
#        env:
#          TAG_NAME: "${{ env.channel }}/${{ env.version }}"
#        run: |
#          function tag_exists() {
#            git tag --list | grep -q "^$1$"
#          }
#          function fetch_tag() {
#            git fetch origin "refs/tags/$1:refs/tags/$1"
#          }
#          function delete_tag() {
#            git push --delete origin "$1"
#          }
#          function create_tag() {
#            git tag --force "$1"
#            git push --tags
#          }
#
#          fetch_tag "$TAG_NAME" || true
#          if tag_exists "$TAG_NAME"; then
#            delete_tag "$TAG_NAME"
#          fi
#          create_tag "$TAG_NAME"