Updated License #340
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: 📦🚀 Build & Release | |
| on: | |
| push: | |
| tags: | |
| - '**' | |
| pull_request: | |
| branches: | |
| - '**' | |
| concurrency: | |
| # SHA is added to the end if on `main` to let all main workflows run | |
| group: ${{ github.ref }}-${{ github.workflow }}-${{ github.event_name }}-${{ github.ref == 'refs/heads/main' && github.sha || '' }} | |
| cancel-in-progress: true | |
| permissions: | |
| id-token: write | |
| contents: write | |
| defaults: | |
| run: | |
| shell: bash | |
| jobs: | |
| build: | |
| name: 👷 ${{ matrix.os.emoji }} ${{ matrix.preconfiguration.name }} ${{ matrix.os.name }} ${{ matrix.arch.name }} | |
| runs-on: ${{ matrix.os.runs-on[matrix.arch.matrix] }} | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| configuration: | |
| - token-driver-artifact-ref: '' # Set to blank string for latest version. Use taga only - job artifacts are not accessible | |
| python-version: [3.9] | |
| os: | |
| # TODO: use old versions for improved compatibility? | |
| - name: Linux | |
| matrix: linux | |
| emoji: 🐧 | |
| runs-on: | |
| arm: [Linux, ARM64] | |
| intel: [ubuntu-latest] | |
| electron-builder-options: --linux | |
| electron-builder-unpacked: linux-unpacked | |
| executable-extension: '' | |
| build-result-pattern: '"climate-wallet"*".deb"' | |
| artifact-name: linux | |
| - name: macOS | |
| matrix: macos | |
| emoji: 🍎 | |
| runs-on: | |
| arm: [macOS, ARM64] | |
| intel: [macos-latest] | |
| electron-builder-options: --macos | |
| electron-builder-unpacked: mac | |
| executable-extension: '' | |
| build-result-pattern: '"Climate Wallet-"*".dmg"' | |
| artifact-name: macos | |
| - name: Windows | |
| matrix: windows | |
| emoji: 🪟 | |
| runs-on: | |
| intel: [windows-latest] | |
| electron-builder-options: --windows | |
| electron-builder-unpacked: win-unpacked | |
| executable-extension: '.exe' | |
| build-result-pattern: '"Climate Wallet Setup "*".exe"' | |
| artifact-name: windows | |
| arch: | |
| - name: ARM | |
| matrix: arm | |
| artifact-name: arm64 | |
| electron-builder-options: --arm64 | |
| - name: Intel | |
| matrix: intel | |
| artifact-name: x64 | |
| electron-builder-options: --x64 | |
| preconfiguration: | |
| - name: default | |
| cadt-api-server-host: 'https://observer.climateactiondata.org/api' | |
| cadt-ui-host: 'https://observer.climateactiondata.org' | |
| filename-string: '' | |
| - name: testneta | |
| cadt-api-server-host: 'https://chia-cadt-demo.chiamanaged.com/observer' | |
| cadt-ui-host: 'https://chia-cadt-demo.chiamanaged.com/' | |
| filename-string: '-testneta' | |
| exclude: | |
| - os: | |
| matrix: windows | |
| arch: | |
| matrix: arm | |
| steps: | |
| - name: Checkout Code | |
| uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: 0 | |
| - name: Setup Node 18.x | |
| uses: actions/setup-node@v4 | |
| with: | |
| node-version: '18' | |
| - name: install dmg-license | |
| if: matrix.os.matrix == 'macos' | |
| run: | | |
| npm install dmg-license | |
| - name: Download Token Driver Client from release | |
| env: | |
| GH_TOKEN: ${{ secrets.GH_READ_REPOS }} | |
| DESTINATION: extraResources/token-driver-client${{ matrix.os.executable-extension }} | |
| shell: bash | |
| run: | | |
| # Figure out the version string to use | |
| if [ -z ${{ matrix.configuration.token-driver-artifact-ref }} ]; then | |
| echo "No version specified - getting latest version number from Github" | |
| location_string=$(curl -sI https://github.com/Chia-Network/climate-token-driver/releases/latest | grep -i 'Location:' | tr -d '\r') | |
| token_driver_version=$(echo "$location_string" | awk -F '/' '{print $NF}') | |
| else | |
| token_driver_version=${{ matrix.configuration.token-driver-artifact-ref }} | |
| fi | |
| echo "Token Driver version to download: ${token_driver_version}" | |
| mkdir -p downloaded-artifacts | |
| curl -L -o downloaded-artifacts/climate-token-driver${{ matrix.preconfiguration.filename-string }}_${{ matrix.os.matrix}}_${token_driver_version}_${{ matrix.arch.artifact-name }}.zip https://github.com/Chia-Network/climate-token-driver/releases/download/${token_driver_version}/climate-token-driver${{ matrix.preconfiguration.filename-string }}_${{ matrix.os.matrix}}_${token_driver_version}_${{ matrix.arch.artifact-name }}.zip | |
| pushd downloaded-artifacts | |
| unzip *.zip | |
| rm -f *.zip | |
| popd | |
| mkdir -p extraResources/ | |
| mv downloaded-artifacts/* "${DESTINATION}" | |
| chmod a+x "${DESTINATION}" | |
| ls -la extraResources/ || true | |
| - name: Prep .env file | |
| run: | | |
| cp .env.example .env | |
| - name: Populate .env file for custom builds | |
| run: | | |
| perl -pi -e 's{CADT_API_SERVER_HOST=.*}{CADT_API_SERVER_HOST=${{ matrix.preconfiguration.cadt-api-server-host }}}g' .env | |
| perl -pi -e 's{CADT_UI_HOST=.*}{CADT_UI_HOST=${{ matrix.preconfiguration.cadt-ui-host }}}g' .env | |
| cat .env | |
| if: matrix.preconfiguration.name != 'default' | |
| - name: Test for secrets access | |
| id: check_secrets | |
| shell: bash | |
| run: | | |
| unset HAS_SIGNING_SECRET | |
| if [ -n "$SIGNING_SECRET" ]; then HAS_SIGNING_SECRET='true' ; fi | |
| echo "HAS_SIGNING_SECRET=${HAS_SIGNING_SECRET}" >> "$GITHUB_OUTPUT" | |
| env: | |
| SIGNING_SECRET: "${{ secrets.SM_CLIENT_CERT_FILE_B64 }}" | |
| - name: Change the package.json version if an RC tag | |
| if: startsWith(github.ref, 'refs/tags/') && contains( github.ref, '-rc') | |
| shell: bash | |
| run: | | |
| echo "Github ref: $GITHUB_REF" | |
| IFS='/' read -r base directory tag <<< "$GITHUB_REF" | |
| echo "Extracted tag is $tag" | |
| jq ".version = \"${tag}\"" package.json > package.tmp | |
| mv package.tmp package.json | |
| - name: Import Apple installer signing certificate | |
| if: matrix.os.matrix == 'macos' && steps.check_secrets.outputs.HAS_SIGNING_SECRET | |
| uses: Apple-Actions/import-codesign-certs@v3 | |
| with: | |
| p12-file-base64: ${{ secrets.APPLE_DEV_ID_APP }} | |
| p12-password: ${{ secrets.APPLE_DEV_ID_APP_PASS }} | |
| - name: Prepare for Linux ARM electron-builder | |
| if: matrix.os.matrix == 'linux' && matrix.arch.matrix == 'arm' | |
| run: | | |
| # TODO: make this an action? | |
| # https://github.com/Chia-Network/chia-blockchain/blob/9b8cdd36daebf2efe8777c98e212e564f4cdd475/build_scripts/build_linux_deb-2-installer.sh#L72 | |
| # | |
| # Install Ruby Version Manager | |
| gpg --keyserver keyserver.ubuntu.com --recv-keys 409B6B1796C275462A1703113804BB82D39DC0E3 7D2BAF1CF37B13E2069D6956105BD0E739499BDB | |
| curl -sSL https://get.rvm.io | bash -s stable | |
| source ~/.rvm/scripts/rvm | |
| rvm reload | |
| # Install ruby3 | |
| rvm install ruby-3.2.1 | |
| rvm use ruby-3.2.1 | |
| ruby --version | |
| gem install public_suffix -v 4.0.7 | |
| gem install fpm | |
| echo "USE_SYSTEM_FPM=true" >> "${GITHUB_ENV}" | |
| - name: Build electron app | |
| if: (matrix.os.matrix == 'linux' && matrix.arch.matrix == 'intel') || matrix.os.matrix == 'windows' | |
| run: | | |
| npm install | |
| npm run build | |
| npm run package-none -- ${{ matrix.os.electron-builder-options }} ${{ matrix.arch.electron-builder-options }} | |
| - name: Build electron app (Linux ARM) | |
| if: matrix.os.matrix == 'linux' && matrix.arch.matrix == 'arm' | |
| run: | | |
| source ~/.rvm/scripts/rvm | |
| npm install | |
| npm run build | |
| npm run package-none -- ${{ matrix.os.electron-builder-options }} ${{ matrix.arch.electron-builder-options }} | |
| - name: Build electron app (macOS) | |
| if: matrix.os.matrix == 'macos' | |
| env: | |
| # macos | |
| CSC_FOR_PULL_REQUEST: 'true' | |
| run: | | |
| npm install | |
| npm run build | |
| npm run package-none -- ${{ matrix.os.electron-builder-options }} ${{ matrix.arch.electron-builder-options }} | |
| - name: Copy to artifacts/ | |
| run: | | |
| ls -la dist || true | |
| mkdir -p artifacts/ | |
| cp -v dist/${{ matrix.os.build-result-pattern }} artifacts/ | |
| - name: Notarize | |
| if: matrix.os.matrix == 'macos' && steps.check_secrets.outputs.HAS_SIGNING_SECRET | |
| run: | | |
| DMG_FILE=$(find ${{ github.workspace }}/artifacts/ -type f -name '*.dmg') | |
| xcrun notarytool submit \ | |
| --wait \ | |
| --apple-id "${{ secrets.APPLE_NOTARIZE_USERNAME }}" \ | |
| --password "${{ secrets.APPLE_NOTARIZE_PASSWORD }}" \ | |
| --team-id "${{ secrets.APPLE_TEAM_ID }}" \ | |
| "$DMG_FILE" | |
| # Windows Code Signing | |
| - name: Get installer name for signing | |
| if: matrix.os.matrix == 'windows' | |
| shell: bash | |
| run: | | |
| FILE=$(find artifacts -type f -maxdepth 1 -name '*.exe') | |
| echo "Installer file is $FILE" | |
| echo "INSTALLER_FILE=$FILE" >> "$GITHUB_ENV" | |
| - name: Sign windows artifacts | |
| if: matrix.os.matrix == 'windows' && steps.check_secrets.outputs.HAS_SIGNING_SECRET | |
| uses: chia-network/actions/digicert/windows-sign@main | |
| with: | |
| sm_api_key: ${{ secrets.SM_API_KEY }} | |
| sm_client_cert_file_b64: ${{ secrets.SM_CLIENT_CERT_FILE_B64 }} | |
| sm_client_cert_password: ${{ secrets.SM_CLIENT_CERT_PASSWORD }} | |
| sm_code_signing_cert_sha1_hash: ${{ secrets.SM_CODE_SIGNING_CERT_SHA1_HASH }} | |
| file: '${{ github.workspace }}/${{ env.INSTALLER_FILE }}' | |
| # RC release should not be set as latest | |
| - name: Decide if release should be set as latest | |
| id: is_latest | |
| shell: bash | |
| run: | | |
| unset IS_LATEST | |
| echo "Github ref is $GITHUB_REF" | |
| if [[ "$GITHUB_REF" =~ "-rc" ]]; then | |
| echo "release candidate tag matched" | |
| IS_LATEST='false' | |
| IS_PRERELEASE='true' | |
| else | |
| echo "main branch release matched" | |
| IS_LATEST='true' | |
| IS_PRERELEASE='false' | |
| fi | |
| echo "IS_LATEST=${IS_LATEST}" >> "$GITHUB_OUTPUT" | |
| echo "IS_PRERELEASE=${IS_PRERELEASE}" >> "$GITHUB_OUTPUT" | |
| - name: Release | |
| uses: softprops/action-gh-release@v2 | |
| with: | |
| files: artifacts/* | |
| fail_on_unmatched_files: true | |
| target_commitish: ${{ github.sha }} | |
| prerelease: ${{steps.is_latest.outputs.IS_PRERELEASE}} | |
| make_latest: "${{steps.is_latest.outputs.IS_LATEST}}" | |
| if: startsWith(github.ref, 'refs/tags/') | |
| # Create aritifacts so we have builds to test from pull requests | |
| - name: Upload installer to artifacts | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: ${{ matrix.os.artifact-name }}-${{ matrix.arch.artifact-name}}${{ matrix.preconfiguration.filename-string }}-installer | |
| path: 'artifacts/*' | |
| # We want to delete this no matter what happened in the previous steps (failures, success, etc) | |
| - name: Delete signing keychain | |
| if: always() | |
| run: security delete-keychain signing_temp.keychain || true | |
| release: | |
| runs-on: ubuntu-latest | |
| if: startsWith(github.ref, 'refs/tags/') && !contains( github.ref, '-rc') | |
| needs: | |
| - build | |
| steps: | |
| - name: Get repo name | |
| id: repo-name | |
| shell: bash | |
| run: | | |
| echo "REPO_NAME=$(echo "$GITHUB_REPOSITORY" | cut -d "/" -f 2)" >>$GITHUB_OUTPUT | |
| - name: Get tag name | |
| id: tag-name | |
| shell: bash | |
| run: | | |
| echo "TAGNAME=$(echo $GITHUB_REF | cut -d / -f 3)" >>$GITHUB_OUTPUT | |
| - name: Trigger apt repo update | |
| uses: Chia-Network/actions/github/glue@main | |
| with: | |
| json_data: '{"climate_tokenization_repo":"${{ steps.repo-name.outputs.REPO_NAME }}","application_name":"[\"climate-wallet\"]","release_version":"${{ steps.tag-name.outputs.TAGNAME }}","add_debian_version":"false","arm64":"available"}' | |
| glue_url: ${{ secrets.GLUE_API_URL }} | |
| glue_project: 'climate-tokenization' | |
| glue_path: 'trigger' |