toeverything/AFFiNE
1
1
Fork 0
mirror of https://github.com/toeverything/AFFiNE.git synced 2024-11-23 15:26:04 +03:00
Code Issues Packages Projects Releases Wiki Activity

build(electron): re-enable windows signing (#7682)

Browse Source 
ref https://github.com/toeverything/AFFiNE/pull/7645
This commit is contained in:
pengx17 2024-07-31 10:00:19 +00:00
parent 49529b7e63
commit 10e78d617e
No known key found for this signature in database
GPG Key ID: 23F23D9E8B3971ED
1 changed files with 103 additions and 174 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

277
.github/workflows/release-desktop.yml vendored
View File

@ -181,7 +181,7 @@ jobs:
name: affine-${{ matrix.spec.platform }}-${{ matrix.spec.arch }}-builds
path: builds
make-distribution-windows-skip-signing:
package-distribution-windows:
strategy:
matrix:
spec:
@ -191,6 +191,8 @@ jobs:
target: x86_64-pc-windows-msvc
runs-on: ${{ matrix.spec.runner }}
needs: before-make
outputs:
FILES_TO_BE_SIGNED: ${{ steps.get_files_to_be_signed.outputs.FILES_TO_BE_SIGNED }}
env:
SKIP_GENERATE_ASSETS: 1
SENTRY_ORG: ${{ secrets.SENTRY_ORG }}
@ -230,12 +232,111 @@ jobs:
SKIP_WEB_BUILD: 1
HOIST_NODE_MODULES: 1
- name: get all files to be signed
id: get_files_to_be_signed
run: |
Set-Variable -Name FILES_TO_BE_SIGNED -Value ((Get-ChildItem -Path packages/frontend/electron/out -Recurse -File | Where-Object { $_.Extension -in @(".exe", ".node", ".dll", ".msi") } | ForEach-Object { '"' + $_.FullName.Replace((Get-Location).Path + '\packages\frontend\electron\out\', '') + '"' }) -join ' ')
"FILES_TO_BE_SIGNED=$FILES_TO_BE_SIGNED" >> $env:GITHUB_OUTPUT
echo $FILES_TO_BE_SIGNED
- name: Zip artifacts for faster upload
run: Compress-Archive -CompressionLevel Fastest -Path packages/frontend/electron/out/* -DestinationPath archive.zip
- name: Save packaged artifacts for signing
uses: actions/upload-artifact@v4
with:
name: packaged-${{ matrix.spec.platform }}-${{ matrix.spec.arch }}
path: |
archive.zip
!**/*.map
sign-packaged-artifacts-windows:
needs: package-distribution-windows
uses: ./.github/workflows/windows-signer.yml
with:
files: ${{ needs.package-distribution-windows.outputs.FILES_TO_BE_SIGNED }}
artifact-name: packaged-win32-x64
make-windows-installer:
needs: sign-packaged-artifacts-windows
strategy:
matrix:
spec:
- runner: windows-latest
platform: win32
arch: x64
target: x86_64-pc-windows-msvc
runs-on: ${{ matrix.spec.runner }}
outputs:
FILES_TO_BE_SIGNED: ${{ steps.get_files_to_be_signed.outputs.FILES_TO_BE_SIGNED }}
steps:
- uses: actions/checkout@v4
- name: Setup Version
id: version
uses: ./.github/actions/setup-version
- name: Setup Node.js
timeout-minutes: 10
uses: ./.github/actions/setup-node
with:
extra-flags: workspaces focus @affine/electron @affine/monorepo
hard-link-nm: false
nmHoistingLimits: workspaces
- name: Download and overwrite packaged artifacts
uses: actions/download-artifact@v4
with:
name: signed-packaged-${{ matrix.spec.platform }}-${{ matrix.spec.arch }}
path: .
- name: unzip file
run: Expand-Archive -Path signed.zip -DestinationPath packages/frontend/electron/out
- name: Make squirrel.windows installer
run: yarn workspace @affine/electron make-squirrel --platform=${{ matrix.spec.platform }} --arch=${{ matrix.spec.arch }}
- name: Make nsis.windows installer
run: yarn workspace @affine/electron make-nsis --platform=${{ matrix.spec.platform }} --arch=${{ matrix.spec.arch }}
- name: Zip artifacts for faster upload
run: Compress-Archive -CompressionLevel Fastest -Path packages/frontend/electron/out/${{ env.BUILD_TYPE }}/make/* -DestinationPath archive.zip
- name: get all files to be signed
id: get_files_to_be_signed
run: |
Set-Variable -Name FILES_TO_BE_SIGNED -Value ((Get-ChildItem -Path packages/frontend/electron/out/${{ env.BUILD_TYPE }}/make -Recurse -File | Where-Object { $_.Extension -in @(".exe", ".node", ".dll", ".msi") } | ForEach-Object { '"' + $_.FullName.Replace((Get-Location).Path + '\packages\frontend\electron\out\${{ env.BUILD_TYPE }}\make\', '') + '"' }) -join ' ')
"FILES_TO_BE_SIGNED=$FILES_TO_BE_SIGNED" >> $env:GITHUB_OUTPUT
echo $FILES_TO_BE_SIGNED
- name: Save installer for signing
uses: actions/upload-artifact@v4
with:
name: installer-${{ matrix.spec.platform }}-${{ matrix.spec.arch }}
path: archive.zip
sign-installer-artifacts-windows:
needs: make-windows-installer
uses: ./.github/workflows/windows-signer.yml
with:
files: ${{ needs.make-windows-installer.outputs.FILES_TO_BE_SIGNED }}
artifact-name: installer-win32-x64
finalize-installer-windows:
needs: [sign-installer-artifacts-windows, before-make]
strategy:
matrix:
spec:
- runner: windows-latest
platform: win32
arch: x64
target: x86_64-pc-windows-msvc
runs-on: ${{ matrix.spec.runner }}
steps:
- name: Download and overwrite installer artifacts
uses: actions/download-artifact@v4
with:
name: signed-installer-${{ matrix.spec.platform }}-${{ matrix.spec.arch }}
path: .
- name: unzip file
run: Expand-Archive -Path signed.zip -DestinationPath packages/frontend/electron/out/${{ env.BUILD_TYPE }}/make
- name: Save artifacts
run: |
mkdir -p builds
@ -256,180 +357,8 @@ jobs:
name: affine-${{ matrix.spec.platform }}-${{ matrix.spec.arch }}-builds
path: builds
# package-distribution-windows:
# strategy:
# matrix:
# spec:
# - runner: windows-latest
# platform: win32
# arch: x64
# target: x86_64-pc-windows-msvc
# runs-on: ${{ matrix.spec.runner }}
# needs: before-make
# outputs:
# FILES_TO_BE_SIGNED: ${{ steps.get_files_to_be_signed.outputs.FILES_TO_BE_SIGNED }}
# env:
# SKIP_GENERATE_ASSETS: 1
# SENTRY_ORG: ${{ secrets.SENTRY_ORG }}
# SENTRY_PROJECT: 'affine'
# SENTRY_AUTH_TOKEN: ${{ secrets.SENTRY_AUTH_TOKEN }}
# SENTRY_DSN: ${{ secrets.SENTRY_DSN }}
# MIXPANEL_TOKEN: ${{ secrets.MIXPANEL_TOKEN }}
# steps:
# - uses: actions/checkout@v4
# - name: Setup Version
# id: version
# uses: ./.github/actions/setup-version
# - name: Setup Node.js
# timeout-minutes: 10
# uses: ./.github/actions/setup-node
# with:
# extra-flags: workspaces focus @affine/electron @affine/monorepo
# hard-link-nm: false
# nmHoistingLimits: workspaces
# - name: Build AFFiNE native
# uses: ./.github/actions/build-rust
# with:
# target: ${{ matrix.spec.target }}
# package: '@affine/native'
# nx_token: ${{ secrets.NX_CLOUD_ACCESS_TOKEN }}
# - uses: actions/download-artifact@v4
# with:
# name: web
# path: packages/frontend/electron/resources/web-static
# - name: Build Desktop Layers
# run: yarn workspace @affine/electron build
# - name: package
# run: yarn workspace @affine/electron package --platform=${{ matrix.spec.platform }} --arch=${{ matrix.spec.arch }}
# env:
# SKIP_WEB_BUILD: 1
# HOIST_NODE_MODULES: 1
# - name: get all files to be signed
# id: get_files_to_be_signed
# run: |
# Set-Variable -Name FILES_TO_BE_SIGNED -Value ((Get-ChildItem -Path packages/frontend/electron/out -Recurse -File | Where-Object { $_.Extension -in @(".exe", ".node", ".dll", ".msi") } | ForEach-Object { '"' + $_.FullName.Replace((Get-Location).Path + '\packages\frontend\electron\out\', '') + '"' }) -join ' ')
# "FILES_TO_BE_SIGNED=$FILES_TO_BE_SIGNED" >> $env:GITHUB_OUTPUT
# echo $FILES_TO_BE_SIGNED
# - name: Zip artifacts for faster upload
# run: Compress-Archive -CompressionLevel Fastest -Path packages/frontend/electron/out/* -DestinationPath archive.zip
# - name: Save packaged artifacts for signing
# uses: actions/upload-artifact@v4
# with:
# name: packaged-${{ matrix.spec.platform }}-${{ matrix.spec.arch }}
# path: |
# archive.zip
# !**/*.map
# sign-packaged-artifacts-windows:
# needs: package-distribution-windows
# uses: ./.github/workflows/windows-signer.yml
# with:
# files: ${{ needs.package-distribution-windows.outputs.FILES_TO_BE_SIGNED }}
# artifact-name: packaged-win32-x64
# make-windows-installer:
# needs: sign-packaged-artifacts-windows
# strategy:
# matrix:
# spec:
# - runner: windows-latest
# platform: win32
# arch: x64
# target: x86_64-pc-windows-msvc
# runs-on: ${{ matrix.spec.runner }}
# outputs:
# FILES_TO_BE_SIGNED: ${{ steps.get_files_to_be_signed.outputs.FILES_TO_BE_SIGNED }}
# steps:
# - uses: actions/checkout@v4
# - name: Setup Version
# id: version
# uses: ./.github/actions/setup-version
# - name: Setup Node.js
# timeout-minutes: 10
# uses: ./.github/actions/setup-node
# with:
# extra-flags: workspaces focus @affine/electron @affine/monorepo
# hard-link-nm: false
# nmHoistingLimits: workspaces
# - name: Download and overwrite packaged artifacts
# uses: actions/download-artifact@v4
# with:
# name: signed-packaged-${{ matrix.spec.platform }}-${{ matrix.spec.arch }}
# path: .
# - name: unzip file
# run: Expand-Archive -Path signed.zip -DestinationPath packages/frontend/electron/out
# - name: Make squirrel.windows installer
# run: yarn workspace @affine/electron make-squirrel --platform=${{ matrix.spec.platform }} --arch=${{ matrix.spec.arch }}
# - name: Make nsis.windows installer
# run: yarn workspace @affine/electron make-nsis --platform=${{ matrix.spec.platform }} --arch=${{ matrix.spec.arch }}
# - name: Zip artifacts for faster upload
# run: Compress-Archive -CompressionLevel Fastest -Path packages/frontend/electron/out/${{ env.BUILD_TYPE }}/make/* -DestinationPath archive.zip
# - name: get all files to be signed
# id: get_files_to_be_signed
# run: |
# Set-Variable -Name FILES_TO_BE_SIGNED -Value ((Get-ChildItem -Path packages/frontend/electron/out/${{ env.BUILD_TYPE }}/make -Recurse -File | Where-Object { $_.Extension -in @(".exe", ".node", ".dll", ".msi") } | ForEach-Object { '"' + $_.FullName.Replace((Get-Location).Path + '\packages\frontend\electron\out\${{ env.BUILD_TYPE }}\make\', '') + '"' }) -join ' ')
# "FILES_TO_BE_SIGNED=$FILES_TO_BE_SIGNED" >> $env:GITHUB_OUTPUT
# echo $FILES_TO_BE_SIGNED
# - name: Save installer for signing
# uses: actions/upload-artifact@v4
# with:
# name: installer-${{ matrix.spec.platform }}-${{ matrix.spec.arch }}
# path: archive.zip
# sign-installer-artifacts-windows:
# needs: make-windows-installer
# uses: ./.github/workflows/windows-signer.yml
# with:
# files: ${{ needs.make-windows-installer.outputs.FILES_TO_BE_SIGNED }}
# artifact-name: installer-win32-x64
# finalize-installer-windows:
# needs: [sign-installer-artifacts-windows, before-make]
# strategy:
# matrix:
# spec:
# - runner: windows-latest
# platform: win32
# arch: x64
# target: x86_64-pc-windows-msvc
# runs-on: ${{ matrix.spec.runner }}
# steps:
# - name: Download and overwrite installer artifacts
# uses: actions/download-artifact@v4
# with:
# name: signed-installer-${{ matrix.spec.platform }}-${{ matrix.spec.arch }}
# path: .
# - name: unzip file
# run: Expand-Archive -Path signed.zip -DestinationPath packages/frontend/electron/out/${{ env.BUILD_TYPE }}/make
# - name: Save artifacts
# run: |
# mkdir -p builds
# mv packages/frontend/electron/out/*/make/zip/win32/x64/AFFiNE*-win32-x64-*.zip ./builds/affine-${{ needs.before-make.outputs.RELEASE_VERSION }}-${{ env.BUILD_TYPE }}-windows-x64.zip
# mv packages/frontend/electron/out/*/make/squirrel.windows/x64/*.exe ./builds/affine-${{ needs.before-make.outputs.RELEASE_VERSION }}-${{ env.BUILD_TYPE }}-windows-x64.exe
# mv packages/frontend/electron/out/*/make/nsis.windows/x64/*.exe ./builds/affine-${{ needs.before-make.outputs.RELEASE_VERSION }}-${{ env.BUILD_TYPE }}-windows-x64.nsis.exe
# - name: Upload Artifact
# uses: actions/upload-artifact@v4
# with:
# name: affine-${{ matrix.spec.platform }}-${{ matrix.spec.arch }}-builds
# path: builds
release:
needs:
- before-make
- make-distribution
- make-distribution-windows-skip-signing
needs: [before-make, make-distribution, finalize-installer-windows]
runs-on: ubuntu-latest
steps: