-
Notifications
You must be signed in to change notification settings - Fork 285
122 lines (111 loc) · 4 KB
/
publish.yml
File metadata and controls
122 lines (111 loc) · 4 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
name: Publish
on:
workflow_call:
secrets:
OAUTH_CLIENT_ID:
required: true
# Signing certificates
CSC_LINK:
required: true
WIN_CSC_LINK:
required: true
CSC_KEY_PASSWORD:
required: true
WIN_CSC_KEY_PASSWORD:
required: true
# macOS specific
APPLE_ID_USERNAME:
required: true
APPLE_ID_PASSWORD:
required: true
APPLE_ID_TEAM_ID:
required: true
workflow_dispatch: # For manually running release process to verify code-signing of artifacts
permissions: {}
jobs:
prepare:
name: Prepare draft release
runs-on: ubuntu-latest
permissions:
contents: write
steps:
- name: Checkout
uses: actions/checkout@0c366fd6a839edf440554fa01a7085ccba70ac98
with:
persist-credentials: false
- name: Parse release branch
if: startsWith(github.ref, 'refs/heads/release/')
run: |
# Extract the branch name (e.g. release/v1.2.3[-meta])
ref=${GITHUB_REF#refs/heads/}
echo "RELEASE_BRANCH=$ref" >> "$GITHUB_ENV"
# Also export a RELEASE_TAG by removing the `release/` prefix (keeps leading 'v')
tag=${ref#release/}
echo "RELEASE_TAG=$tag" >> "$GITHUB_ENV"
shell: bash
- name: Create draft release
run: |
gh release create "${RELEASE_TAG}" \
--title "${RELEASE_TAG}" \
--draft \
--notes "# <img src=\"https://github.com/gitify-app/gitify/blob/3554605d32a6c08a3d4ec17b02b90e2dd276a152/assets/images/tray-active%402x.png\" /> Gitify ${RELEASE_TAG}" \
--generate-notes
env:
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
RELEASE_TAG: ${{ env.RELEASE_TAG }}
release:
name: Publish ${{ matrix.platform }} [electron-builder]
needs: prepare
permissions:
contents: write
strategy:
matrix:
include:
- os: macos-latest
platform: macOS
package-cmd: pnpm package:macos --publish onTagOrDraft
artifact-name: Gitify-release-mac
use-apple-notarization: true
- os: windows-latest
platform: Windows
package-cmd: pnpm package:win --publish onTagOrDraft
artifact-name: Gitify-release-win
use-apple-notarization: false
- os: ubuntu-latest
platform: Linux
package-cmd: pnpm package:linux --publish onTagOrDraft
artifact-name: Gitify-release-linux
use-apple-notarization: false
runs-on: ${{ matrix.os }}
steps:
- name: Checkout
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
with:
persist-credentials: false
- name: Setup Node.js
uses: ./.github/actions/setup-node
- name: Build application
run: pnpm build
env:
OAUTH_CLIENT_ID: ${{ secrets.OAUTH_CLIENT_ID }}
- name: Package and publish for ${{ matrix.platform }}
run: ${{ matrix.package-cmd }}
env:
# Signing certificates - important to use the correct cert per platform
CSC_LINK: ${{ matrix.platform == 'macOS' && secrets.CSC_LINK || (matrix.platform == 'windows' && secrets.WIN_CSC_LINK || '') }}
CSC_KEY_PASSWORD: ${{ matrix.platform == 'macOS' && secrets.CSC_KEY_PASSWORD || (matrix.platform == 'windows' && secrets.WIN_CSC_KEY_PASSWORD || '') }}
# macOS specific
APPLE_ID_USERNAME: ${{ secrets.APPLE_ID_USERNAME }}
APPLE_ID_PASSWORD: ${{ secrets.APPLE_ID_PASSWORD }}
APPLE_ID_TEAM_ID: ${{ secrets.APPLE_ID_TEAM_ID }}
NOTARIZE: ${{ matrix.use-apple-notarization }}
# General
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- name: Upload artifacts
uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0
with:
name: ${{ matrix.artifact-name }}
path: |
dist/*
!dist/*/
overwrite: true