fix: add missing build steps in GitHub Actions #17
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Build and Release | |
| on: | |
| push: | |
| tags: | |
| - 'v*' | |
| workflow_dispatch: | |
| jobs: | |
| build: | |
| runs-on: ${{ matrix.os }} | |
| timeout-minutes: 30 | |
| strategy: | |
| matrix: | |
| # os: [ubuntu-latest, windows-latest, macos-latest] | |
| os: [macos-latest] | |
| env: | |
| CSC_IDENTITY_AUTO_DISCOVERY: "false" | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| - name: Setup Node.js | |
| uses: actions/setup-node@v4 | |
| with: | |
| node-version: '22' | |
| cache: 'npm' | |
| - name: Install dependencies | |
| run: npm ci | |
| - name: Install native dependencies (Linux) | |
| if: matrix.os == 'ubuntu-latest' | |
| run: | | |
| sudo apt-get update | |
| sudo apt-get install -y libnss3-dev libatk-bridge2.0-dev libdrm2 libxcomposite1 libxdamage1 libxrandr2 libgbm1 libxss1 libasound2-dev | |
| - name: Build React app | |
| run: npm run build | |
| - name: Copy electron files | |
| run: cp -r electron build/ | |
| - name: Rebuild native dependencies | |
| run: npx electron-rebuild | |
| - name: Build application | |
| run: npx electron-builder --mac --publish=never | |
| env: | |
| GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Unify code signing (macOS) | |
| if: matrix.os == 'macos-latest' | |
| run: | | |
| APP="dist/mac/Git Diff Viewer.app" | |
| if [ -d "$APP" ]; then | |
| echo "======================================" | |
| echo "Unifying code signatures for: $APP" | |
| echo "======================================" | |
| # Remove all existing signatures | |
| find "$APP" -type d -name '*.app' -exec codesign --remove-signature {} \; 2>/dev/null || true | |
| find "$APP" -type f \( -perm /111 -o -name '*.dylib' -o -name '*.so' -o -name '*.node' \) \ | |
| -exec codesign --remove-signature {} \; 2>/dev/null || true | |
| # Sign frameworks and libraries first | |
| echo "Signing frameworks and libraries..." | |
| find "$APP/Contents/Frameworks" -type f \( -perm /111 -o -name '*.dylib' -o -name '*.so' -o -name '*.node' \) \ | |
| -exec codesign --force --sign - {} \; 2>/dev/null || true | |
| # Sign nested helper apps | |
| echo "Signing helper apps..." | |
| find "$APP/Contents/Frameworks" -type d -name '*.app' | while read -r helper; do | |
| codesign --force --deep --sign - "$helper" | |
| done | |
| # Sign main app with hardened runtime | |
| echo "Signing main app with hardened runtime..." | |
| codesign --force --deep --options runtime --timestamp=none --sign - "$APP" | |
| # Remove quarantine attributes | |
| xattr -cr "$APP" | |
| # Verify signature | |
| echo "======================================" | |
| echo "Verifying signature..." | |
| echo "======================================" | |
| codesign --verify --deep --strict --verbose=2 "$APP" | |
| fi | |
| - name: Create ZIP with ditto (macOS) | |
| if: matrix.os == 'macos-latest' | |
| run: | | |
| APP="dist/mac/Git Diff Viewer.app" | |
| if [ -d "$APP" ]; then | |
| ditto -c -k --sequesterRsrc --keepParent "$APP" "dist/Git-Diff-Viewer-${GITHUB_REF##*/}-mac.zip" | |
| fi | |
| - name: Upload artifacts (macOS) | |
| if: matrix.os == 'macos-latest' | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: macos-build | |
| path: | | |
| dist/*.dmg | |
| dist/*-mac.zip | |
| - name: Upload artifacts (Windows) | |
| if: matrix.os == 'windows-latest' | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: windows-build | |
| path: | | |
| dist/*.exe | |
| dist/*.msi | |
| - name: Upload artifacts (Linux) | |
| if: matrix.os == 'ubuntu-latest' | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: linux-build | |
| path: | | |
| dist/*.AppImage | |
| dist/*.deb | |
| dist/*.rpm | |
| dist/*.snap | |
| release: | |
| if: startsWith(github.ref, 'refs/tags/') | |
| needs: build | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: write | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| - name: Download all artifacts | |
| uses: actions/download-artifact@v4 | |
| with: | |
| path: ./artifacts | |
| - name: Display structure of downloaded files | |
| run: ls -la artifacts/*/ | |
| - name: Create Release | |
| uses: softprops/action-gh-release@v2 | |
| with: | |
| files: | | |
| artifacts/**/*.dmg | |
| artifacts/**/*.zip | |
| artifacts/**/*.exe | |
| artifacts/**/*.msi | |
| artifacts/**/*.AppImage | |
| artifacts/**/*.deb | |
| artifacts/**/*.rpm | |
| artifacts/**/*.snap | |
| draft: false | |
| prerelease: false | |
| generate_release_notes: true | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} |