Merge pull request #2463 from planetarium/fix/revoke-selection #361
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Release | |
on: | |
push: | |
branches: | |
- release/* | |
- hotfix/* | |
tags: ["*"] | |
permissions: | |
id-token: write | |
contents: read | |
concurrency: | |
group: release | |
jobs: | |
release: | |
strategy: | |
fail-fast: false | |
matrix: | |
include: | |
- packCmd: l | |
os: ubuntu-latest | |
- packCmd: m | |
os: macos-latest | |
- packCmd: w | |
os: macos-latest | |
runs-on: ${{ matrix.os }} | |
environment: | |
name: ${{ startsWith(github.event.ref, 'refs/tags/') && 'main' || 'internal' }} | |
steps: | |
- uses: actions/checkout@v3.6.0 | |
- name: Configure AWS Credentials | |
uses: aws-actions/configure-aws-credentials@v3 | |
with: | |
role-to-assume: arn:aws:iam::${{ secrets.AWS_ACCOUNT_ID }}:role/${{ secrets.AWS_ROLE_TO_ASSUME }} | |
role-session-name: GitHubActions-${{ github.run_id }} | |
role-duration-seconds: 3000 | |
aws-region: ap-northeast-2 | |
- name: Set up Java | |
uses: actions/setup-java@v3.12.0 | |
with: | |
distribution: "temurin" | |
java-version: "11" | |
- name: Sync time on Ubuntu | |
continue-on-error: true | |
if: runner.os == 'Linux' | |
run: sudo chronyc -a makestep | |
- name: Sync time on macOS | |
continue-on-error: true | |
if: runner.os == 'macOS' | |
run: | | |
UNIX_TIMESTAMP=$(curl -s http://worldtimeapi.org/api/ip | jq '.unixtime') | |
echo "Unix timestamp is: $UNIX_TIMESTAMP" | |
sudo systemsetup -setusingnetworktime off | |
sudo date -r $UNIX_TIMESTAMP | |
sudo systemsetup -setusingnetworktime on | |
- name: Copy builder config | |
shell: bash | |
run: | | |
sh scripts/download-codesigner.sh | |
if [[ "${{ startsWith(github.event.ref, 'refs/tags/') }}" == true ]] | |
then | |
sed "s/Please replace it/${{ secrets.APPLE_TEAM_ID }}/g" electron-builder.main.yml > temp2.txt | |
mv temp2.txt electron-builder.main.yml | |
else | |
timestamp=$(date +%s) | |
version=$(jq -r .version package.json | awk -F'.' '{print $1"."$2}') | |
jq --arg version "$version.$timestamp" '.version = $version' package.json > tmp.$$.json && mv tmp.$$.json package.json | |
jq --arg suffix " Internal" '.productName += $suffix' package.json > tmp.$$.json && mv tmp.$$.json package.json | |
jq --arg suffix "Internal" '.name += $suffix' package.json > tmp.$$.json && mv tmp.$$.json package.json | |
sed 's/NineChronicles@workspace/NineChroniclesInternal@workspace/g' yarn.lock > temp1.txt | |
mv temp1.txt yarn.lock | |
mv ./signing/sandbox_code_sign_tool.properties ./tmp/codesign/conf/code_sign_tool.properties | |
sed "s/Please replace it/${{ secrets.APPLE_TEAM_ID }}/g" electron-builder.internal.yml > temp2.txt | |
mv temp2.txt electron-builder.internal.yml | |
fi | |
- name: Cache electron-gyp | |
uses: actions/cache@v3.3.1 | |
with: | |
path: ~/.electron-gyp | |
key: ${{ runner.os }}-electron-gyp | |
- uses: actions/setup-node@v3.8.1 | |
with: | |
node-version: 20 | |
cache: "yarn" | |
- name: Install | |
shell: bash | |
run: yarn | |
- name: Set environment variables for Mac | |
if: matrix.packCmd == 'm' | |
run: | | |
echo "CSC_LINK=${{ secrets.CSC_LINK }}" >> $GITHUB_ENV | |
echo "CSC_KEY_PASSWORD=${{ secrets.CSC_KEY_PASSWORD }}" >> $GITHUB_ENV | |
- name: release | |
shell: bash | |
run: | | |
if [[ "${{ startsWith(github.event.ref, 'refs/tags/') }}" == true ]] | |
then | |
sh ./scripts/release.sh main ${{ matrix.packCmd }} | |
aws cloudfront create-invalidation --distribution-id ${{ secrets.CF_DISTRIBUTION_ID }} --paths "/main/launcher/latest.yml" | |
aws cloudfront create-invalidation --distribution-id ${{ secrets.CF_DISTRIBUTION_ID }} --paths "/main/launcher/latest-mac.yml" | |
else | |
sh ./scripts/release.sh internal ${{ matrix.packCmd }} | |
aws cloudfront create-invalidation --distribution-id ${{ secrets.CF_DISTRIBUTION_ID }} --paths "/internal/launcher/latest.yml" | |
aws cloudfront create-invalidation --distribution-id ${{ secrets.CF_DISTRIBUTION_ID }} --paths "/internal/launcher/latest-mac.yml" | |
fi | |
bash ./scripts/purge-ncloud-cdn.sh ${{ secrets.NAVER_CLOUD_ACCESS_KEY }} ${{ secrets.NAVER_CLOUD_SECRET_KEY }} ${{ secrets.NAVER_CLOUD_CDN_ID }} | |
curl -X POST -H 'Content-type: application/json' --data '{"text":"[Launcher] Had success releasing with '${{ matrix.packCmd }}' pack-cmd"}' ${{ secrets.SLACK_WEBHOOK }} | |
rm -fR ./dist/*-unpacked | |
rm -fR ./dist/mac | |
rm -fR ./dist/mac-arm64 | |
env: | |
APPLE_ID: ${{ secrets.APPLE_ID }} | |
APPLE_APP_SPECIFIC_PASSWORD: ${{ secrets.APPLE_APP_SPECIFIC_PASSWORD }} | |
ESIGNER_CREDENTIAL_ID: ${{ secrets.ESIGNER_CREDENTIAL_ID }} | |
ESIGNER_USERNAME: ${{ secrets.ESIGNER_USERNAME }} | |
ESIGNER_PASSWORD: ${{ secrets.ESIGNER_PASSWORD }} | |
ESIGNER_TOTP_SECRET: ${{ secrets.ESIGNER_TOTP_SECRET }} | |
- uses: actions/upload-artifact@v3.1.2 | |
with: | |
path: dist | |
name: Dist-${{ matrix.packCmd }} | |
retention-days: 3 | |
if-no-files-found: error |