gitbutler/.github/workflows/publish.yaml

267 lines
9.4 KiB
YAML

name: "Publish"
on:
workflow_run:
workflows: ["Nightly build"]
types:
- completed
workflow_dispatch:
inputs:
channel:
type: choice
required: true
description: channel
options:
- release
- nightly
bump:
type: choice
required: true
description: update type
options:
- undefined
- patch
- minor
- major
jobs:
build-tauri:
strategy:
fail-fast: false
matrix:
# https://docs.github.com/en/actions/using-github-hosted-runners/about-github-hosted-runners/about-github-hosted-runners#standard-github-hosted-runners-for-private-repositories
platform:
- macos-13 # [macOs, x64]
- macos-latest # [macOs, ARM64]
- ubuntu-20.04 # [linux, x64]
- windows-latest # [windows, x64]
runs-on: ${{ matrix.platform }}
outputs:
platform: ${{ matrix.platform }}
channel: ${{ env.channel }}
env:
SENTRY_AUTH_TOKEN: ${{ secrets.SENTRY_AUTH_TOKEN }}
steps:
# Because GitHub broke perl installations sometime in 2022 on Windows.
- name: perl -V (before re-install)
if: runner.os == 'Windows'
run: which perl && perl -V
- name: Setup perl
if: runner.os == 'Windows'
uses: shogo82148/actions-setup-perl@v1
with:
perl-version: "5.38"
distribution: strawberry
- name: Set git to use LF
if: runner.os == 'Windows'
run: |
git config --global core.autocrlf false
git config --global core.eol lf
- name: perl -V
if: runner.os == 'Windows'
run: which perl && perl -V
- name: Ensure we have a working Perl toolchain
if: runner.os == 'Windows'
run: cpanm ExtUtils::Manifest App::cpanminus Locale::Maketext::Simple
- name: Set Perl environment variables
if: runner.os == 'Windows'
run: |
echo "PERL=$((where.exe perl)[0])" | Out-File -FilePath $env:GITHUB_ENV -Append -Encoding utf8
echo "OPENSSL_SRC_PERL=$((where.exe perl)[0])" | Out-File -FilePath $env:GITHUB_ENV -Append -Encoding utf8
- uses: actions/checkout@v4
with:
token: ${{ secrets.PAT_JUNON }} # custom token here so that we can push tags later
- uses: ./.github/actions/init-env-rust
- uses: ./.github/actions/init-env-node
- name: Set nightly params
shell: bash
if: ${{!!github.event.workflow_run }}
run: |
echo "channel=nightly" >> $GITHUB_ENV
echo "bump=patch" >> $GITHUB_ENV
- name: Use input params
shell: bash
if: ${{ !github.event.workflow_run }}
run: |
echo "channel=${{ github.event.inputs.channel }}" >> $GITHUB_ENV
echo "bump=${{ github.event.inputs.bump }}" >> $GITHUB_ENV
- name: Set env variable with version
shell: bash
run: |
CURRENT_VERSION="$(curl --silent "https://app.gitbutler.com/releases/${{ env.channel }}" | jq -r '.version')"
NEXT_VERSION=$(./scripts/next.sh "${CURRENT_VERSION}" "${{ env.bump }}")
echo "version=$NEXT_VERSION" >> $GITHUB_ENV
mkdir -p release && echo "$NEXT_VERSION" > release/version
- name: import gpg key
if: runner.os == 'Linux'
uses: crazy-max/ghaction-import-gpg@v6
with:
gpg_private_key: ${{ secrets.APPIMAGE_PRIVATE_KEY }}
passphrase: ${{ secrets.APPIMAGE_KEY_PASSPHRASE }}
- name: install linux dependencies
shell: bash
if: runner.os == 'Linux'
run: sudo apt-get update; sudo apt-get install -y libwebkit2gtk-4.0-dev build-essential curl wget file libssl-dev libgtk-3-dev libayatana-appindicator3-dev librsvg2-dev
- name: Build binary
shell: bash
run: |
./scripts/release.sh \
--sign \
--channel "${{ env.channel }}" \
--dist "./release" \
--version "${{ env.version }}"
env:
TAURI_PRIVATE_KEY: ${{ secrets.TAURI_PRIVATE_KEY }}
TAURI_KEY_PASSWORD: ${{ secrets.TAURI_KEY_PASSWORD }}
APPLE_CERTIFICATE: ${{ secrets.APPLE_CERTIFICATE }}
APPLE_CERTIFICATE_PASSWORD: ${{ secrets.APPLE_CERTIFICATE_PASSWORD }}
APPLE_SIGNING_IDENTITY: ${{ secrets.APPLE_SIGNING_IDENTITY }}
APPLE_ID: ${{ secrets.APPLE_ID }}
APPLE_TEAM_ID: ${{ secrets.APPLE_PROVIDER_SHORT_NAME }}
APPLE_PASSWORD: ${{ secrets.APPLE_PASSWORD }}
APPIMAGE_KEY_ID: ${{ secrets.APPIMAGE_KEY_ID }}
APPIMAGE_KEY_PASSPHRASE: ${{ secrets.APPIMAGE_KEY_PASSPHRASE }}
- name: Upload Artifacts
uses: actions/upload-artifact@v4
with:
name: "${{ env.channel }}-${{ matrix.platform }}-${{ github.run_number }}"
path: release/
if-no-files-found: error
- name: Prepare Windows Aux Binary Artifacts
if: runner.os == 'Windows'
shell: bash
run: |
rm -rf tauri-aux-artifacts
mkdir -p tauri-aux-artifacts
cp target/release/gitbutler-git-askpass.exe tauri-aux-artifacts/
- name: Upload Windows Aux Binary Artifacts
uses: actions/upload-artifact@v4
if: runner.os == 'Windows'
with:
name: "${{ env.channel }}-windows-aux-${{ github.run_number }}"
path: tauri-aux-artifacts/
if-no-files-found: error
sign-tauri:
needs: build-tauri
runs-on: [self-hosted, evcodesignd]
strategy:
matrix:
platform:
- windows-latest # [windows, x64]
steps:
- name: Clear out old artifacts
shell: bash
run: rm -rf release
- name: Download unsigned artifacts
uses: actions/download-artifact@v4
with:
name: "${{ needs.build-tauri.outputs.channel }}-${{ matrix.platform }}-${{ github.run_number }}"
path: release
- name: Sign Windows binary
shell: bash
run: |
find release -name "*.msi" -type f -print0 | xargs -0 -n1 -I{} python3 /sign-with-evcodesignd.py "{}"
env:
EVCODESIGND_PSK: ${{ secrets.EVCODESIGND_PSK }}
- name: Upload signed artifacts
uses: actions/upload-artifact@v4
with:
name: "${{ needs.build-tauri.outputs.channel }}-${{ matrix.platform }}-${{ github.run_number }}"
path: release/
if-no-files-found: error
overwrite: true
publish-tauri:
needs: [sign-tauri, build-tauri]
runs-on: ubuntu-latest
strategy:
fail-fast: false
matrix:
# https://docs.github.com/en/actions/using-github-hosted-runners/about-github-hosted-runners/about-github-hosted-runners#standard-github-hosted-runners-for-private-repositories
platform:
- macos-13 # [macOs, x64]
- macos-latest # [macOs, ARM64]
- ubuntu-20.04 # [linux, x64]
- windows-latest # [windows, x64]
steps:
- uses: actions/checkout@v4
with:
token: ${{ secrets.PAT_JUNON }} # custom token here so that we can push tags later
- name: Download artifacts
uses: actions/download-artifact@v4
with:
name: "${{ needs.build-tauri.outputs.channel }}-${{ matrix.platform }}-${{ github.run_number }}"
path: release
- name: Extract version
shell: bash
run: |
VERSION="$(cat release/version)"
echo "version=$VERSION" >> $GITHUB_ENV
- name: Prepare S3 payload
shell: bash
run: |
rm -rf release-s3
mkdir -p release-s3
rsync -avE --prune-empty-dirs --include-from='.github/workflows/publish.include.txt' --exclude='*' release/ release-s3/
bash scripts/normalize-spaces.sh ./release-s3
- uses: shallwefootball/s3-upload-action@master
name: Upload To S3
id: S3
with:
aws_key_id: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws_secret_access_key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
aws_bucket: "releases.gitbutler.com"
source_dir: "release-s3/"
destination_dir: "releases/${{ needs.build-tauri.outputs.channel }}/${{ env.version }}-${{ github.run_number }}"
# tell our server to update with the version number
- name: Tell our server to update
shell: bash
run: |
curl 'https://app.gitbutler.com/api/releases' \
--fail \
--request POST \
--header 'Content-Type: application/json' \
--header 'X-Auth-Token: ${{ secrets.BOT_AUTH_TOKEN }}' \
--data '{"channel":"${{ needs.build-tauri.outputs.channel }}","version":"${{ env.version }}-${{ github.run_number }}","sha":"${{ github.sha }}"}'
- name: Tag release
shell: bash
env:
TAG_NAME: "${{ needs.build-tauri.outputs.channel }}/${{ env.version }}"
run: |
function tag_exists() {
git tag --list | grep -q "^$1$"
}
function fetch_tag() {
git fetch origin "refs/tags/$1:refs/tags/$1"
}
function delete_tag() {
git push --delete origin "$1"
}
function create_tag() {
git tag --force "$1"
git push --tags
}
fetch_tag "$TAG_NAME" || true
if tag_exists "$TAG_NAME"; then
delete_tag "$TAG_NAME"
fi
create_tag "$TAG_NAME"