Skip to content

Commit

Permalink
WIP
Browse files Browse the repository at this point in the history
Signed-off-by: Joaquim Rocha <[email protected]>
  • Loading branch information
joaquimrocha committed Feb 21, 2024
1 parent e44d21e commit 7c822de
Showing 1 changed file with 112 additions and 112 deletions.
224 changes: 112 additions & 112 deletions .github/workflows/app-artifacts-mac.yml
Original file line number Diff line number Diff line change
Expand Up @@ -12,64 +12,8 @@ on:
default: false
type: boolean
jobs:
# build-mac:
# runs-on: macos-latest
# steps:
# - uses: actions/checkout@v4
# with:
# ref: ${{ github.event.inputs.buildBranch }}
# - name: Setup nodejs
# uses: actions/setup-node@v4
# with:
# node-version: 18.x
# cache: 'npm'
# cache-dependency-path: |
# app/package-lock.json
# frontend/package-lock.json
# - uses: actions/setup-go@v5
# with:
# go-version: '1.20.*'
# cache-dependency-path: |
# backend/go.sum
# - name: Dependencies
# run: brew install make
# - name: Build Backend and Frontend
# run: |
# make
# - name: Add MacOS certs
# run: cd ./app/mac/scripts/ && sh ./setup-certificate.sh
# env:
# APPLE_CERTIFICATE: ${{ secrets.TEST_APPLE_DEV_CERT }}
# APPLE_CERTIFICATE_PASSWORD: ${{ secrets.TEST_APPLE_DEV_CERT_PASS }}
# - name: Build Notarized App Mac
# if: ${{ inputs.signBinaries }}
# run: |
# make app-build
# # env:
# # APPLEID: ${{ secrets.APPLEID }}
# # APPLEIDPASS: ${{ secrets.APPLEIDPASS }}
# # APPLETEAMID: ${{ secrets.APPLETEAMID }}
# # - name: Build App Mac
# # if: ${{ ! inputs.signBinaries }}
# # run: |
# # make app-mac
# - name: CodeSign
# run: |
# cd ./app/dist/mac && codesign -s ${{ secrets.TEST_APPLE_TEAM_ID }} --deep --force --options runtime --entitlements ../../mac/entitlements.mac.plist ./Headlamp.app
# - name: Zip Artifact
# run: |
# cd ./app/dist/mac/ && ditto -c -k --sequesterRsrc --keepParent Headlamp.app ./Headlamp.zip
# - name: Upload artifact
# uses: actions/upload-artifact@v4
# with:
# name: zipbuild
# path: ./app/dist/mac/Headlamp.zip
# if-no-files-found: error
# retention-days: 1
notarize:
runs-on: windows-latest
# needs: build-mac
if: ${{ inputs.signBinaries }}
build-mac:
runs-on: macos-latest
steps:
- uses: actions/checkout@v4
with:
Expand All @@ -82,66 +26,122 @@ jobs:
cache-dependency-path: |
app/package-lock.json
frontend/package-lock.json
# - name: Download Direct (test/temp)
# shell: pwsh
# run: |
# $currentPath = (Get-Location).Path
# Invoke-WebRequest -Uri 'https://productionresultssa11.blob.core.windows.net/actions-results/e4420c55-2c75-424d-bd2a-6d68d68ae923/workflow-job-run-6f8d8423-5c14-5ef4-cc1e-ef33e16df4c9/artifacts/700818bb65e893a1e8bc92c8d61be9906c54ffaec4cedca1e84eb903f43dd9de.zip?rscd=attachment%3B+filename%3D%22zipbuild.zip%22&se=2024-02-16T13%3A20%3A21Z&sig=KdKO7YoEyQWSgbqqFtIYrnHhvXDR%2F1WfIUpnTTWipdU%3D&sp=r&spr=https&sr=b&st=2024-02-16T13%3A10%3A21Z&sv=2021-12-02' -OutFile $currentPath\app\dist
- name: Download artifact
id: download-artifact
uses: dawidd6/action-download-artifact@v3
- uses: actions/setup-go@v5
with:
# Optional, GitHub token, a Personal Access Token with `public_repo` scope if needed
# Required, if the artifact is from a different repo
# Required, if the repo is private a Personal Access Token with `repo` scope is needed or GitHub token in a job where the permissions `action` scope set to `read`
github_token: ${{secrets.GITHUB_TOKEN}}
run_id: 7933816288

# - name: Download artifact
# uses: actions/download-artifact@v2
# with:
# name: zipbuild
- name: Fetch certificates
if: ${{ inputs.signBinaries }}
shell: pwsh
go-version: '1.20.*'
cache-dependency-path: |
backend/go.sum
- name: Dependencies
run: brew install make
- name: Build Backend and Frontend
run: |
az login --service-principal -u ${{ secrets.WINDOWS_CLIENT_ID }} -p ${{ secrets.AZ_LOGIN_PASS }} --tenant 72f988bf-86f1-41af-91ab-2d7cd011db47
az keyvault secret download --subscription ${{ secrets.AZ_SUBSCRIPTION_ID }} --vault-name headlamp --name HeadlampAuthCert --file c:\HeadlampAuthCert.pfx --encoding base64
az keyvault secret download --subscription ${{ secrets.AZ_SUBSCRIPTION_ID }} --vault-name headlamp --name ESRPHeadlampReqCert --file c:\HeadlampReqCert.pfx --encoding base64
- name: Set up certificates
make
- name: Add MacOS certs
run: cd ./app/mac/scripts/ && sh ./setup-certificate.sh
env:
APPLE_CERTIFICATE: ${{ secrets.TEST_APPLE_DEV_CERT }}
APPLE_CERTIFICATE_PASSWORD: ${{ secrets.TEST_APPLE_DEV_CERT_PASS }}
- name: Build Notarized App Mac
if: ${{ inputs.signBinaries }}
shell: pwsh
run: |
Import-PfxCertificate -FilePath c:\HeadlampAuthCert.pfx -CertStoreLocation Cert:\LocalMachine\My -Exportable
Import-PfxCertificate -FilePath c:\HeadlampReqCert.pfx -CertStoreLocation Cert:\LocalMachine\My -Exportable
- name: Download and Set up ESRPClient
if: ${{ inputs.signBinaries }}
shell: pwsh
make app-build
# env:
# APPLEID: ${{ secrets.APPLEID }}
# APPLEIDPASS: ${{ secrets.APPLEIDPASS }}
# APPLETEAMID: ${{ secrets.APPLETEAMID }}
# - name: Build App Mac
# if: ${{ ! inputs.signBinaries }}
# run: |
# make app-mac
- name: CodeSign
run: |
nuget.exe sources add -name esrp -source ${{ secrets.ESRP_NUGET_INDEX_URL }} -username headlamp -password ${{ secrets.AZ_DEVOPS_TOKEN }}
nuget.exe install Microsoft.EsrpClient -Version 1.2.80 -source ${{ secrets.ESRP_NUGET_INDEX_URL }} | out-null
- name: App Windows
shell: pwsh
cd ./app/dist/mac && codesign -s ${{ secrets.TEST_APPLE_TEAM_ID }} --deep --force --options runtime --entitlements ../../mac/entitlements.mac.plist ./Headlamp.app
- name: Zip Artifact
run: |
ls app/mac/scripts
ls
if ("${{ inputs.signBinaries }}" -eq "true") {
$env:ESRP_PATH="$(Get-Location)\Microsoft.EsrpClient.1.2.80\tools\EsrpClient.exe"
$env:HEADLAMP_WINDOWS_CLIENT_ID="${{ secrets.WINDOWS_CLIENT_ID }}"
$env:HEADLAMP_WINDOWS_SIGN_EMAIL="${{ secrets.WINDOWS_SIGN_EMAIL }}"
} else {
echo "Not signing binaries"
}
cd ./app/mac/scripts
ls ../../../zipbuild
node ./esrp-notarize.js ../../../zipbuild/Headlamp.zip
- name: Upload Notarized
cd ./app/dist/mac/ && ditto -c -k --sequesterRsrc --keepParent Headlamp.app ./Headlamp.zip
- name: Upload artifact
uses: actions/upload-artifact@v4
with:
name: Win exes
path: ./app/dist/Headlamp*.*
name: zipbuild
path: ./app/dist/mac/Headlamp.zip
if-no-files-found: error
retention-days: 2
retention-days: 1
# notarize:
# runs-on: windows-latest
# # needs: build-mac
# if: ${{ inputs.signBinaries }}
# steps:
# - uses: actions/checkout@v4
# with:
# ref: ${{ github.event.inputs.buildBranch }}
# - name: Setup nodejs
# uses: actions/setup-node@v4
# with:
# node-version: 18.x
# cache: 'npm'
# cache-dependency-path: |
# app/package-lock.json
# frontend/package-lock.json
# # - name: Download Direct (test/temp)
# # shell: pwsh
# # run: |
# # $currentPath = (Get-Location).Path
# # Invoke-WebRequest -Uri 'https://productionresultssa11.blob.core.windows.net/actions-results/e4420c55-2c75-424d-bd2a-6d68d68ae923/workflow-job-run-6f8d8423-5c14-5ef4-cc1e-ef33e16df4c9/artifacts/700818bb65e893a1e8bc92c8d61be9906c54ffaec4cedca1e84eb903f43dd9de.zip?rscd=attachment%3B+filename%3D%22zipbuild.zip%22&se=2024-02-16T13%3A20%3A21Z&sig=KdKO7YoEyQWSgbqqFtIYrnHhvXDR%2F1WfIUpnTTWipdU%3D&sp=r&spr=https&sr=b&st=2024-02-16T13%3A10%3A21Z&sv=2021-12-02' -OutFile $currentPath\app\dist
# - name: Download artifact
# id: download-artifact
# uses: dawidd6/action-download-artifact@v3
# with:
# # Optional, GitHub token, a Personal Access Token with `public_repo` scope if needed
# # Required, if the artifact is from a different repo
# # Required, if the repo is private a Personal Access Token with `repo` scope is needed or GitHub token in a job where the permissions `action` scope set to `read`
# github_token: ${{secrets.GITHUB_TOKEN}}
# run_id: 7933816288

# # - name: Download artifact
# # uses: actions/download-artifact@v2
# # with:
# # name: zipbuild
# - name: Fetch certificates
# if: ${{ inputs.signBinaries }}
# shell: pwsh
# run: |
# az login --service-principal -u ${{ secrets.WINDOWS_CLIENT_ID }} -p ${{ secrets.AZ_LOGIN_PASS }} --tenant 72f988bf-86f1-41af-91ab-2d7cd011db47
# az keyvault secret download --subscription ${{ secrets.AZ_SUBSCRIPTION_ID }} --vault-name headlamp --name HeadlampAuthCert --file c:\HeadlampAuthCert.pfx --encoding base64
# az keyvault secret download --subscription ${{ secrets.AZ_SUBSCRIPTION_ID }} --vault-name headlamp --name ESRPHeadlampReqCert --file c:\HeadlampReqCert.pfx --encoding base64
# - name: Set up certificates
# if: ${{ inputs.signBinaries }}
# shell: pwsh
# run: |
# Import-PfxCertificate -FilePath c:\HeadlampAuthCert.pfx -CertStoreLocation Cert:\LocalMachine\My -Exportable
# Import-PfxCertificate -FilePath c:\HeadlampReqCert.pfx -CertStoreLocation Cert:\LocalMachine\My -Exportable

# - name: Download and Set up ESRPClient
# if: ${{ inputs.signBinaries }}
# shell: pwsh
# run: |
# nuget.exe sources add -name esrp -source ${{ secrets.ESRP_NUGET_INDEX_URL }} -username headlamp -password ${{ secrets.AZ_DEVOPS_TOKEN }}
# nuget.exe install Microsoft.EsrpClient -Version 1.2.80 -source ${{ secrets.ESRP_NUGET_INDEX_URL }} | out-null

# - name: App Windows
# shell: pwsh
# run: |
# ls app/mac/scripts
# ls
# if ("${{ inputs.signBinaries }}" -eq "true") {
# $env:ESRP_PATH="$(Get-Location)\Microsoft.EsrpClient.1.2.80\tools\EsrpClient.exe"
# $env:HEADLAMP_WINDOWS_CLIENT_ID="${{ secrets.WINDOWS_CLIENT_ID }}"
# $env:HEADLAMP_WINDOWS_SIGN_EMAIL="${{ secrets.WINDOWS_SIGN_EMAIL }}"
# } else {
# echo "Not signing binaries"
# }
# cd ./app/mac/scripts
# ls ../../../zipbuild
# node ./esrp-notarize.js ../../../zipbuild/Headlamp.zip

# - name: Upload Notarized
# uses: actions/upload-artifact@v4
# with:
# name: Win exes
# path: ./app/dist/Headlamp*.*
# if-no-files-found: error
# retention-days: 2

0 comments on commit 7c822de

Please sign in to comment.