mirror of
https://github.com/toeverything/AFFiNE.git
synced 2024-12-23 19:42:19 +03:00
build(electron): re-enable windows signing (#7682)
ref https://github.com/toeverything/AFFiNE/pull/7645
This commit is contained in:
parent
49529b7e63
commit
10e78d617e
277
.github/workflows/release-desktop.yml
vendored
277
.github/workflows/release-desktop.yml
vendored
@ -181,7 +181,7 @@ jobs:
|
||||
name: affine-${{ matrix.spec.platform }}-${{ matrix.spec.arch }}-builds
|
||||
path: builds
|
||||
|
||||
make-distribution-windows-skip-signing:
|
||||
package-distribution-windows:
|
||||
strategy:
|
||||
matrix:
|
||||
spec:
|
||||
@ -191,6 +191,8 @@ jobs:
|
||||
target: x86_64-pc-windows-msvc
|
||||
runs-on: ${{ matrix.spec.runner }}
|
||||
needs: before-make
|
||||
outputs:
|
||||
FILES_TO_BE_SIGNED: ${{ steps.get_files_to_be_signed.outputs.FILES_TO_BE_SIGNED }}
|
||||
env:
|
||||
SKIP_GENERATE_ASSETS: 1
|
||||
SENTRY_ORG: ${{ secrets.SENTRY_ORG }}
|
||||
@ -230,12 +232,111 @@ jobs:
|
||||
SKIP_WEB_BUILD: 1
|
||||
HOIST_NODE_MODULES: 1
|
||||
|
||||
- name: get all files to be signed
|
||||
id: get_files_to_be_signed
|
||||
run: |
|
||||
Set-Variable -Name FILES_TO_BE_SIGNED -Value ((Get-ChildItem -Path packages/frontend/electron/out -Recurse -File | Where-Object { $_.Extension -in @(".exe", ".node", ".dll", ".msi") } | ForEach-Object { '"' + $_.FullName.Replace((Get-Location).Path + '\packages\frontend\electron\out\', '') + '"' }) -join ' ')
|
||||
"FILES_TO_BE_SIGNED=$FILES_TO_BE_SIGNED" >> $env:GITHUB_OUTPUT
|
||||
echo $FILES_TO_BE_SIGNED
|
||||
|
||||
- name: Zip artifacts for faster upload
|
||||
run: Compress-Archive -CompressionLevel Fastest -Path packages/frontend/electron/out/* -DestinationPath archive.zip
|
||||
|
||||
- name: Save packaged artifacts for signing
|
||||
uses: actions/upload-artifact@v4
|
||||
with:
|
||||
name: packaged-${{ matrix.spec.platform }}-${{ matrix.spec.arch }}
|
||||
path: |
|
||||
archive.zip
|
||||
!**/*.map
|
||||
|
||||
sign-packaged-artifacts-windows:
|
||||
needs: package-distribution-windows
|
||||
uses: ./.github/workflows/windows-signer.yml
|
||||
with:
|
||||
files: ${{ needs.package-distribution-windows.outputs.FILES_TO_BE_SIGNED }}
|
||||
artifact-name: packaged-win32-x64
|
||||
|
||||
make-windows-installer:
|
||||
needs: sign-packaged-artifacts-windows
|
||||
strategy:
|
||||
matrix:
|
||||
spec:
|
||||
- runner: windows-latest
|
||||
platform: win32
|
||||
arch: x64
|
||||
target: x86_64-pc-windows-msvc
|
||||
runs-on: ${{ matrix.spec.runner }}
|
||||
outputs:
|
||||
FILES_TO_BE_SIGNED: ${{ steps.get_files_to_be_signed.outputs.FILES_TO_BE_SIGNED }}
|
||||
steps:
|
||||
- uses: actions/checkout@v4
|
||||
- name: Setup Version
|
||||
id: version
|
||||
uses: ./.github/actions/setup-version
|
||||
- name: Setup Node.js
|
||||
timeout-minutes: 10
|
||||
uses: ./.github/actions/setup-node
|
||||
with:
|
||||
extra-flags: workspaces focus @affine/electron @affine/monorepo
|
||||
hard-link-nm: false
|
||||
nmHoistingLimits: workspaces
|
||||
- name: Download and overwrite packaged artifacts
|
||||
uses: actions/download-artifact@v4
|
||||
with:
|
||||
name: signed-packaged-${{ matrix.spec.platform }}-${{ matrix.spec.arch }}
|
||||
path: .
|
||||
- name: unzip file
|
||||
run: Expand-Archive -Path signed.zip -DestinationPath packages/frontend/electron/out
|
||||
|
||||
- name: Make squirrel.windows installer
|
||||
run: yarn workspace @affine/electron make-squirrel --platform=${{ matrix.spec.platform }} --arch=${{ matrix.spec.arch }}
|
||||
|
||||
- name: Make nsis.windows installer
|
||||
run: yarn workspace @affine/electron make-nsis --platform=${{ matrix.spec.platform }} --arch=${{ matrix.spec.arch }}
|
||||
|
||||
- name: Zip artifacts for faster upload
|
||||
run: Compress-Archive -CompressionLevel Fastest -Path packages/frontend/electron/out/${{ env.BUILD_TYPE }}/make/* -DestinationPath archive.zip
|
||||
|
||||
- name: get all files to be signed
|
||||
id: get_files_to_be_signed
|
||||
run: |
|
||||
Set-Variable -Name FILES_TO_BE_SIGNED -Value ((Get-ChildItem -Path packages/frontend/electron/out/${{ env.BUILD_TYPE }}/make -Recurse -File | Where-Object { $_.Extension -in @(".exe", ".node", ".dll", ".msi") } | ForEach-Object { '"' + $_.FullName.Replace((Get-Location).Path + '\packages\frontend\electron\out\${{ env.BUILD_TYPE }}\make\', '') + '"' }) -join ' ')
|
||||
"FILES_TO_BE_SIGNED=$FILES_TO_BE_SIGNED" >> $env:GITHUB_OUTPUT
|
||||
echo $FILES_TO_BE_SIGNED
|
||||
|
||||
- name: Save installer for signing
|
||||
uses: actions/upload-artifact@v4
|
||||
with:
|
||||
name: installer-${{ matrix.spec.platform }}-${{ matrix.spec.arch }}
|
||||
path: archive.zip
|
||||
|
||||
sign-installer-artifacts-windows:
|
||||
needs: make-windows-installer
|
||||
uses: ./.github/workflows/windows-signer.yml
|
||||
with:
|
||||
files: ${{ needs.make-windows-installer.outputs.FILES_TO_BE_SIGNED }}
|
||||
artifact-name: installer-win32-x64
|
||||
|
||||
finalize-installer-windows:
|
||||
needs: [sign-installer-artifacts-windows, before-make]
|
||||
strategy:
|
||||
matrix:
|
||||
spec:
|
||||
- runner: windows-latest
|
||||
platform: win32
|
||||
arch: x64
|
||||
target: x86_64-pc-windows-msvc
|
||||
runs-on: ${{ matrix.spec.runner }}
|
||||
steps:
|
||||
- name: Download and overwrite installer artifacts
|
||||
uses: actions/download-artifact@v4
|
||||
with:
|
||||
name: signed-installer-${{ matrix.spec.platform }}-${{ matrix.spec.arch }}
|
||||
path: .
|
||||
- name: unzip file
|
||||
run: Expand-Archive -Path signed.zip -DestinationPath packages/frontend/electron/out/${{ env.BUILD_TYPE }}/make
|
||||
|
||||
- name: Save artifacts
|
||||
run: |
|
||||
mkdir -p builds
|
||||
@ -256,180 +357,8 @@ jobs:
|
||||
name: affine-${{ matrix.spec.platform }}-${{ matrix.spec.arch }}-builds
|
||||
path: builds
|
||||
|
||||
# package-distribution-windows:
|
||||
# strategy:
|
||||
# matrix:
|
||||
# spec:
|
||||
# - runner: windows-latest
|
||||
# platform: win32
|
||||
# arch: x64
|
||||
# target: x86_64-pc-windows-msvc
|
||||
# runs-on: ${{ matrix.spec.runner }}
|
||||
# needs: before-make
|
||||
# outputs:
|
||||
# FILES_TO_BE_SIGNED: ${{ steps.get_files_to_be_signed.outputs.FILES_TO_BE_SIGNED }}
|
||||
# env:
|
||||
# SKIP_GENERATE_ASSETS: 1
|
||||
# SENTRY_ORG: ${{ secrets.SENTRY_ORG }}
|
||||
# SENTRY_PROJECT: 'affine'
|
||||
# SENTRY_AUTH_TOKEN: ${{ secrets.SENTRY_AUTH_TOKEN }}
|
||||
# SENTRY_DSN: ${{ secrets.SENTRY_DSN }}
|
||||
# MIXPANEL_TOKEN: ${{ secrets.MIXPANEL_TOKEN }}
|
||||
# steps:
|
||||
# - uses: actions/checkout@v4
|
||||
# - name: Setup Version
|
||||
# id: version
|
||||
# uses: ./.github/actions/setup-version
|
||||
# - name: Setup Node.js
|
||||
# timeout-minutes: 10
|
||||
# uses: ./.github/actions/setup-node
|
||||
# with:
|
||||
# extra-flags: workspaces focus @affine/electron @affine/monorepo
|
||||
# hard-link-nm: false
|
||||
# nmHoistingLimits: workspaces
|
||||
# - name: Build AFFiNE native
|
||||
# uses: ./.github/actions/build-rust
|
||||
# with:
|
||||
# target: ${{ matrix.spec.target }}
|
||||
# package: '@affine/native'
|
||||
# nx_token: ${{ secrets.NX_CLOUD_ACCESS_TOKEN }}
|
||||
# - uses: actions/download-artifact@v4
|
||||
# with:
|
||||
# name: web
|
||||
# path: packages/frontend/electron/resources/web-static
|
||||
|
||||
# - name: Build Desktop Layers
|
||||
# run: yarn workspace @affine/electron build
|
||||
|
||||
# - name: package
|
||||
# run: yarn workspace @affine/electron package --platform=${{ matrix.spec.platform }} --arch=${{ matrix.spec.arch }}
|
||||
# env:
|
||||
# SKIP_WEB_BUILD: 1
|
||||
# HOIST_NODE_MODULES: 1
|
||||
|
||||
# - name: get all files to be signed
|
||||
# id: get_files_to_be_signed
|
||||
# run: |
|
||||
# Set-Variable -Name FILES_TO_BE_SIGNED -Value ((Get-ChildItem -Path packages/frontend/electron/out -Recurse -File | Where-Object { $_.Extension -in @(".exe", ".node", ".dll", ".msi") } | ForEach-Object { '"' + $_.FullName.Replace((Get-Location).Path + '\packages\frontend\electron\out\', '') + '"' }) -join ' ')
|
||||
# "FILES_TO_BE_SIGNED=$FILES_TO_BE_SIGNED" >> $env:GITHUB_OUTPUT
|
||||
# echo $FILES_TO_BE_SIGNED
|
||||
|
||||
# - name: Zip artifacts for faster upload
|
||||
# run: Compress-Archive -CompressionLevel Fastest -Path packages/frontend/electron/out/* -DestinationPath archive.zip
|
||||
|
||||
# - name: Save packaged artifacts for signing
|
||||
# uses: actions/upload-artifact@v4
|
||||
# with:
|
||||
# name: packaged-${{ matrix.spec.platform }}-${{ matrix.spec.arch }}
|
||||
# path: |
|
||||
# archive.zip
|
||||
# !**/*.map
|
||||
|
||||
# sign-packaged-artifacts-windows:
|
||||
# needs: package-distribution-windows
|
||||
# uses: ./.github/workflows/windows-signer.yml
|
||||
# with:
|
||||
# files: ${{ needs.package-distribution-windows.outputs.FILES_TO_BE_SIGNED }}
|
||||
# artifact-name: packaged-win32-x64
|
||||
|
||||
# make-windows-installer:
|
||||
# needs: sign-packaged-artifacts-windows
|
||||
# strategy:
|
||||
# matrix:
|
||||
# spec:
|
||||
# - runner: windows-latest
|
||||
# platform: win32
|
||||
# arch: x64
|
||||
# target: x86_64-pc-windows-msvc
|
||||
# runs-on: ${{ matrix.spec.runner }}
|
||||
# outputs:
|
||||
# FILES_TO_BE_SIGNED: ${{ steps.get_files_to_be_signed.outputs.FILES_TO_BE_SIGNED }}
|
||||
# steps:
|
||||
# - uses: actions/checkout@v4
|
||||
# - name: Setup Version
|
||||
# id: version
|
||||
# uses: ./.github/actions/setup-version
|
||||
# - name: Setup Node.js
|
||||
# timeout-minutes: 10
|
||||
# uses: ./.github/actions/setup-node
|
||||
# with:
|
||||
# extra-flags: workspaces focus @affine/electron @affine/monorepo
|
||||
# hard-link-nm: false
|
||||
# nmHoistingLimits: workspaces
|
||||
# - name: Download and overwrite packaged artifacts
|
||||
# uses: actions/download-artifact@v4
|
||||
# with:
|
||||
# name: signed-packaged-${{ matrix.spec.platform }}-${{ matrix.spec.arch }}
|
||||
# path: .
|
||||
# - name: unzip file
|
||||
# run: Expand-Archive -Path signed.zip -DestinationPath packages/frontend/electron/out
|
||||
|
||||
# - name: Make squirrel.windows installer
|
||||
# run: yarn workspace @affine/electron make-squirrel --platform=${{ matrix.spec.platform }} --arch=${{ matrix.spec.arch }}
|
||||
|
||||
# - name: Make nsis.windows installer
|
||||
# run: yarn workspace @affine/electron make-nsis --platform=${{ matrix.spec.platform }} --arch=${{ matrix.spec.arch }}
|
||||
|
||||
# - name: Zip artifacts for faster upload
|
||||
# run: Compress-Archive -CompressionLevel Fastest -Path packages/frontend/electron/out/${{ env.BUILD_TYPE }}/make/* -DestinationPath archive.zip
|
||||
|
||||
# - name: get all files to be signed
|
||||
# id: get_files_to_be_signed
|
||||
# run: |
|
||||
# Set-Variable -Name FILES_TO_BE_SIGNED -Value ((Get-ChildItem -Path packages/frontend/electron/out/${{ env.BUILD_TYPE }}/make -Recurse -File | Where-Object { $_.Extension -in @(".exe", ".node", ".dll", ".msi") } | ForEach-Object { '"' + $_.FullName.Replace((Get-Location).Path + '\packages\frontend\electron\out\${{ env.BUILD_TYPE }}\make\', '') + '"' }) -join ' ')
|
||||
# "FILES_TO_BE_SIGNED=$FILES_TO_BE_SIGNED" >> $env:GITHUB_OUTPUT
|
||||
# echo $FILES_TO_BE_SIGNED
|
||||
|
||||
# - name: Save installer for signing
|
||||
# uses: actions/upload-artifact@v4
|
||||
# with:
|
||||
# name: installer-${{ matrix.spec.platform }}-${{ matrix.spec.arch }}
|
||||
# path: archive.zip
|
||||
|
||||
# sign-installer-artifacts-windows:
|
||||
# needs: make-windows-installer
|
||||
# uses: ./.github/workflows/windows-signer.yml
|
||||
# with:
|
||||
# files: ${{ needs.make-windows-installer.outputs.FILES_TO_BE_SIGNED }}
|
||||
# artifact-name: installer-win32-x64
|
||||
|
||||
# finalize-installer-windows:
|
||||
# needs: [sign-installer-artifacts-windows, before-make]
|
||||
# strategy:
|
||||
# matrix:
|
||||
# spec:
|
||||
# - runner: windows-latest
|
||||
# platform: win32
|
||||
# arch: x64
|
||||
# target: x86_64-pc-windows-msvc
|
||||
# runs-on: ${{ matrix.spec.runner }}
|
||||
# steps:
|
||||
# - name: Download and overwrite installer artifacts
|
||||
# uses: actions/download-artifact@v4
|
||||
# with:
|
||||
# name: signed-installer-${{ matrix.spec.platform }}-${{ matrix.spec.arch }}
|
||||
# path: .
|
||||
# - name: unzip file
|
||||
# run: Expand-Archive -Path signed.zip -DestinationPath packages/frontend/electron/out/${{ env.BUILD_TYPE }}/make
|
||||
|
||||
# - name: Save artifacts
|
||||
# run: |
|
||||
# mkdir -p builds
|
||||
# mv packages/frontend/electron/out/*/make/zip/win32/x64/AFFiNE*-win32-x64-*.zip ./builds/affine-${{ needs.before-make.outputs.RELEASE_VERSION }}-${{ env.BUILD_TYPE }}-windows-x64.zip
|
||||
# mv packages/frontend/electron/out/*/make/squirrel.windows/x64/*.exe ./builds/affine-${{ needs.before-make.outputs.RELEASE_VERSION }}-${{ env.BUILD_TYPE }}-windows-x64.exe
|
||||
# mv packages/frontend/electron/out/*/make/nsis.windows/x64/*.exe ./builds/affine-${{ needs.before-make.outputs.RELEASE_VERSION }}-${{ env.BUILD_TYPE }}-windows-x64.nsis.exe
|
||||
|
||||
# - name: Upload Artifact
|
||||
# uses: actions/upload-artifact@v4
|
||||
# with:
|
||||
# name: affine-${{ matrix.spec.platform }}-${{ matrix.spec.arch }}-builds
|
||||
# path: builds
|
||||
|
||||
release:
|
||||
needs:
|
||||
- before-make
|
||||
- make-distribution
|
||||
- make-distribution-windows-skip-signing
|
||||
needs: [before-make, make-distribution, finalize-installer-windows]
|
||||
runs-on: ubuntu-latest
|
||||
|
||||
steps:
|
||||
|
Loading…
Reference in New Issue
Block a user