Skip to content

Build/release

Build/release #370

Workflow file for this run

name: Build/release
on:
push:
branches:
- V2
- master
- beta
- release
workflow_dispatch:
jobs:
release:
runs-on: ${{ matrix.os }}
strategy:
# don't quit checking one OS just because another failed
fail-fast: false
matrix:
os: [windows-latest, macos-latest]
steps:
- name: Sync clock (see https://github.com/actions/runner/issues/2996)
if: startsWith(matrix.os, 'macos') # in dec 2023, github action macs were having trouble with time
run: sudo sntp -sS time.windows.com
- name: Check out Git repository
uses: actions/checkout@v3
- name: Install Node.js, NPM and Yarn as specified in package.json
uses: volta-cli/action@v4
# install here may be breaking the macos run somehow. if this doesn'
# work, re-add - name: Install Node.js, NPM and Yarn # uses: actions/setup-node@v4
# - run: yarn install --frozen-lockfile
- name: Write out segment key
env:
SEGMENT_API: ${{ secrets.SEGMENT_API }}
run: |
# note: not really hidden from a determined user
echo "$SEGMENT_API" > ./assets/.segment
shell: bash
- name: Prepare for app notarization (macOS) # REVIEW: this may not be used anymore with the switch from altool to notarize
if: startsWith(matrix.os, 'macos')
# Import Apple API key for app notarization on macOS
run: |
mkdir -p ~/private_keys/
echo '${{ secrets.api_key }}' > ~/private_keys/AuthKey_${{ secrets.api_key_id }}.p8
- name: Build/release Electron app
# Let's only do this if the commit is tagged with a version
#if: startsWith(github.ref, 'refs/tags/v')
uses: samuelmeuli/action-electron-builder@v1.6.0
with:
# GitHub token, automatically provided to the action
# (No need to define this secret in the repo settings)
github_token: ${{ secrets.github_token }}
# If the commit is tagged with a version (e.g. "v1.0.0"),
# release the app after building
release: true # ${{ startsWith(github.ref, 'refs/tags/v') }}
env:
CSC_LINK: ${{ secrets.PROD_MACOS_CERTIFICATE }}
CSC_KEY_PASSWORD: ${{ secrets.PROD_MACOS_CERTIFICATE_PWD }}
# it's not clear which of these are used I see both in other people's yml
APPLEID: ${{ secrets.PROD_MACOS_NOTARIZATION_APPLE_ID}}
APPLEIDPASS: ${{ secrets.PROD_MACOS_NOTARIZATION_PWD }} # this is the "app-specific password", not the account password
APPLETEAMID: ${{ secrets.PROD_MACOS_NOTARIZATION_TEAM_ID }}
# These underline versions from https://github.com/karaggeorge/electron-builder-notarize
APPLE_ID: ${{ secrets.PROD_MACOS_NOTARIZATION_APPLE_ID }}
APPLE_ID_PASSWORD: ${{ secrets.PROD_MACOS_NOTARIZATION_PWD }} # this is the "app-specific password", not the account password
APPLE_TEAM_ID: ${{ secrets.PROD_MACOS_NOTARIZATION_TEAM_ID }}
# got an error specifically asking for this
APPLE_APP_SPECIFIC_PASSWORD: ${{ secrets.PROD_MACOS_NOTARIZATION_PWD }}
- name: Make new release on Sentry
env:
LAMETA_SENTRY_AUTH_TOKEN: ${{ secrets.LAMETA_SENTRY_AUTH_TOKEN }}
# Mac only because we only need this once per version, not once per operating system.
# this curl version doesn't work on windows because it calls `sudo`
if: startsWith(github.ref, 'refs/tags/v') && startsWith(matrix.os, 'macos')
run: |
curl -sL https://sentry.io/get-cli/ | bash
./make-sentry-release.sh