Try alternate signer #2
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: "Release" | |
# Build the ente-io/ente's desktop/rc branch and create/update a draft release. | |
# | |
# For more details, see `docs/release.md` in ente-io/ente. | |
on: | |
# Trigger manually or `gh workflow run desktop-release.yml`. | |
workflow_dispatch: | |
push: | |
# Run when a tag matching the pattern "v*"" is pushed. | |
# | |
# See: [Note: Testing release workflows that are triggered by tags]. | |
tags: | |
- "v*" | |
jobs: | |
release: | |
runs-on: ${{ matrix.os }} | |
defaults: | |
run: | |
working-directory: desktop | |
strategy: | |
matrix: | |
os: [windows-latest] | |
steps: | |
- name: Checkout code | |
uses: actions/checkout@v4 | |
with: | |
# Checkout the desktop/rc branch from the source repository. | |
repository: ente-io/ente | |
ref: desktop/rc | |
submodules: recursive | |
- name: Setup node | |
uses: actions/setup-node@v4 | |
with: | |
node-version: 20 | |
- name: Increase yarn timeout | |
# `yarn install` times out sometimes on the Windows runner, | |
# resulting in flaky builds. | |
run: yarn config set network-timeout 900000 -g | |
- name: Install dependencies | |
run: yarn install | |
- name: Install libarchive-tools for pacman build | |
if: startsWith(matrix.os, 'ubuntu') | |
# See: | |
# https://github.com/electron-userland/electron-builder/issues/4181 | |
run: sudo apt-get install libarchive-tools | |
- name: Export Windows code signing certificate | |
if: startsWith(matrix.os, 'windows') | |
run: echo "$CSC_LINK_PFX_B64" | base64 -d > windows-csc.pfx | |
shell: bash | |
env: | |
CSC_LINK_PFX_B64: ${{ secrets.WINDOWS_CSC_LINK_PFX_B64 }} | |
- name: Build Linux | |
uses: ente-io/[email protected] | |
if: startsWith(matrix.os, 'ubuntu') | |
with: | |
package_root: desktop | |
build_script_name: build:ci | |
# GitHub token, automatically provided to the action | |
# (No need to define this secret in the repo settings) | |
github_token: ${{ secrets.GITHUB_TOKEN }} | |
# If the commit is tagged with a version (e.g. "v1.0.0"), | |
# create a (draft) release after building. Otherwise upload | |
# assets to the existing draft named after the version. | |
release: ${{ startsWith(github.ref, 'refs/tags/v') }} | |
env: | |
# Workaround recommended in | |
# https://github.com/electron-userland/electron-builder/issues/3179 | |
USE_HARD_LINKS: false | |
- name: Build macOS | |
uses: ente-io/[email protected] | |
if: startsWith(matrix.os, 'macos') | |
with: | |
package_root: desktop | |
build_script_name: build:ci | |
github_token: ${{ secrets.GITHUB_TOKEN }} | |
release: ${{ startsWith(github.ref, 'refs/tags/v') }} | |
mac_certs: ${{ secrets.MAC_CERTS }} | |
mac_certs_password: ${{ secrets.MAC_CERTS_PASSWORD }} | |
env: | |
# macOS notarization credentials key details | |
APPLE_ID: ${{ secrets.APPLE_ID }} | |
APPLE_APP_SPECIFIC_PASSWORD: ${{ secrets.APPLE_APP_SPECIFIC_PASSWORD }} | |
APPLE_TEAM_ID: ${{ secrets.APPLE_TEAM_ID }} | |
USE_HARD_LINKS: false | |
- name: Build Windows | |
uses: ente-io/[email protected] | |
if: startsWith(matrix.os, 'windows') | |
with: | |
package_root: desktop | |
build_script_name: build:ci | |
github_token: ${{ secrets.GITHUB_TOKEN }} | |
release: ${{ startsWith(github.ref, 'refs/tags/v') }} | |
env: | |
# Windows signing credentials | |
# https://www.electron.build/code-signing | |
# CSC_LINK: "windows-csc.pfx" | |
# CSC_KEY_PASSWORD: ${{ secrets.WINDOWS_CSC_KEY_PASSWORD }} | |
USE_HARD_LINKS: false | |
- name: Code sign generated Windows installers | |
if: startsWith(matrix.os, 'windows') | |
steps: | |
uses: dlemstra/code-sign-action@v1 | |
with: | |
certificate: "${{ secrets.WINDOWS_CERTIFICATE }}" | |
password: "${{ secrets.WINDOWS_CERTIFICATE_PASSWORD }}" | |
folder: "dist" |