-
Notifications
You must be signed in to change notification settings - Fork 0
176 lines (160 loc) · 5.71 KB
/
Copy path_build.yml
File metadata and controls
176 lines (160 loc) · 5.71 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
name: Build (reusable)
on:
workflow_call:
inputs:
tag:
description: "Tag to check out and build from (e.g. v1.0.1 or v1.0.1-nightly.202605160530)"
required: true
type: string
channel:
description: "Lightcode release channel (stable | nightly)"
required: true
type: string
sentry_environment:
description: "Value to send as SENTRY_ENVIRONMENT"
required: false
type: string
default: production
secrets:
MAC_CSC_LINK:
required: false
MAC_CSC_KEY_PASSWORD:
required: false
APPLE_ID:
required: false
APPLE_APP_SPECIFIC_PASSWORD:
required: false
APPLE_TEAM_ID:
required: false
SENTRY_AUTH_TOKEN:
required: false
permissions:
contents: read
jobs:
build:
strategy:
fail-fast: false
matrix:
include:
- os: windows-latest
artifact: dist-windows
platform: win
- os: ubuntu-latest
artifact: dist-linux
platform: linux
- os: macos-latest
artifact: dist-mac
platform: mac
runs-on: ${{ matrix.os }}
steps:
- name: Checkout tag
uses: actions/checkout@v6
with:
ref: ${{ inputs.tag }}
- name: Setup pnpm
uses: pnpm/action-setup@v6
- name: Setup Node.js
uses: actions/setup-node@v6
with:
node-version: "24"
cache: pnpm
- name: Cache Electron binary
uses: actions/cache@v5
with:
path: ~/.cache/electron
key: electron-${{ runner.os }}-${{ hashFiles('pnpm-lock.yaml') }}
- name: Install dependencies
run: pnpm install --frozen-lockfile
env:
# The packaging pipeline never launches Electron from the project's
# node_modules: `pnpm run build` only bundles, and packaging runs
# electron-builder in a clean staging dir that fetches its own Electron
# dist. The root postinstall's enforced Chromium download is therefore
# dead weight here, and its flaky/partial extractions (which exit 0 yet
# leave no usable binary) intermittently fail the build. Skip it; the
# other native deps (node-pty, better-sqlite3) are still verified.
ELECTRON_SKIP_BINARY_DOWNLOAD: "1"
- name: Build app
run: pnpm run build
shell: bash
env:
LIGHTCODE_CHANNEL: ${{ inputs.channel }}
SENTRY_DSN: ${{ vars.SENTRY_DSN }}
SENTRY_ENVIRONMENT: ${{ inputs.sentry_environment }}
POSTHOG_ENABLED: ${{ vars.POSTHOG_ENABLED || '1' }}
POSTHOG_KEY: ${{ vars.POSTHOG_KEY }}
POSTHOG_HOST: ${{ vars.POSTHOG_HOST || 'https://us.i.posthog.com' }}
POSTHOG_ENABLE_DEV: "0"
- name: Upload Sentry source maps
if: matrix.os == 'ubuntu-latest'
run: |
# Local `pnpm run dist` cleans source maps before packaging. Release CI
# uploads them from the build output first, then removes them below.
if [ -z "$SENTRY_AUTH_TOKEN" ] || [ -z "$SENTRY_ORG" ] || [ -z "$SENTRY_PROJECT" ]; then
echo "Sentry secrets are not configured; skipping source map upload."
exit 0
fi
pnpm run sentry:sourcemaps
shell: bash
env:
SENTRY_AUTH_TOKEN: ${{ secrets.SENTRY_AUTH_TOKEN }}
SENTRY_ORG: ${{ vars.SENTRY_ORG }}
SENTRY_PROJECT: ${{ vars.SENTRY_PROJECT }}
- name: Remove packaged source maps
run: pnpm run clean:sourcemaps
shell: bash
- name: Package Windows/Linux
if: matrix.os != 'macos-latest'
run: |
pnpm run prepare:package-assets
node scripts/build-desktop-artifact.mjs --platform "${{ matrix.platform }}" --skip-build
shell: bash
env:
LIGHTCODE_CHANNEL: ${{ inputs.channel }}
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
CSC_IDENTITY_AUTO_DISCOVERY: false
- name: Package macOS
if: matrix.os == 'macos-latest'
run: |
pnpm run prepare:package-assets
node scripts/build-desktop-artifact.mjs --platform mac --skip-build
shell: bash
env:
LIGHTCODE_CHANNEL: ${{ inputs.channel }}
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
# macOS Developer ID signing (base64-encoded .p12 + password).
CSC_LINK: ${{ secrets.MAC_CSC_LINK }}
CSC_KEY_PASSWORD: ${{ secrets.MAC_CSC_KEY_PASSWORD }}
# macOS notarization via Apple ID + app-specific password.
APPLE_ID: ${{ secrets.APPLE_ID }}
APPLE_APP_SPECIFIC_PASSWORD: ${{ secrets.APPLE_APP_SPECIFIC_PASSWORD }}
APPLE_TEAM_ID: ${{ secrets.APPLE_TEAM_ID }}
- name: Verify macOS app bundle
if: matrix.os == 'macos-latest'
run: |
set -euo pipefail
shopt -s nullglob
apps=(release/mac*/Lightcode*.app)
if [ "${#apps[@]}" -eq 0 ]; then
echo "::error::No packaged macOS app bundles found under release/mac*."
exit 1
fi
for app in "${apps[@]}"; do
codesign --verify --deep --strict --verbose=4 "$app"
done
shell: bash
- name: Upload built artifacts
uses: actions/upload-artifact@v7
with:
name: ${{ matrix.artifact }}
path: |
release/Lightcode-*.exe
release/Lightcode-*.dmg
release/Lightcode-*.zip
release/Lightcode-*.AppImage
release/Lightcode-*.deb
release/latest*.yml
release/nightly*.yml
release/*.blockmap
if-no-files-found: error
retention-days: 7