mirror of
https://github.com/wavetermdev/waveterm.git
synced 2024-12-21 16:38:23 +01:00
Attempt to fix chrome-sandbox permissions issue on Linux (#1089)
Also allows for test runs of build-helper, which will not upload to staging
This commit is contained in:
Evan Simkowitz
GitHub
parent
d1018e852e
commit
f41a844a38
17
.github/workflows/build-helper.yml
vendored
17
.github/workflows/build-helper.yml
vendored
@ -8,6 +8,7 @@ on:
|
|||||||
push:
|
push:
|
||||||
tags:
|
tags:
|
||||||
- "v[0-9]+.[0-9]+.[0-9]+*"
|
- "v[0-9]+.[0-9]+.[0-9]+*"
|
||||||
|
workflow_dispatch:
|
||||||
env:
|
env:
|
||||||
GO_VERSION: "1.22"
|
GO_VERSION: "1.22"
|
||||||
NODE_VERSION: "20"
|
NODE_VERSION: "20"
|
||||||
@ -84,12 +85,12 @@ jobs:
|
|||||||
|
|
||||||
# Windows Code Signing Setup
|
# Windows Code Signing Setup
|
||||||
- name: Set up certificate (Windows only)
|
- name: Set up certificate (Windows only)
|
||||||
if: matrix.platform == 'windows'
|
if: matrix.platform == 'windows' && github.event_name != 'workflow_dispatch'
|
||||||
run: |
|
run: |
|
||||||
echo "${{ secrets.SM_CLIENT_CERT_FILE_B64 }}" | base64 --decode > /d/Certificate_pkcs12.p12
|
echo "${{ secrets.SM_CLIENT_CERT_FILE_B64 }}" | base64 --decode > /d/Certificate_pkcs12.p12
|
||||||
shell: bash
|
shell: bash
|
||||||
- name: Set signing variables (Windows only)
|
- name: Set signing variables (Windows only)
|
||||||
if: matrix.platform == 'windows'
|
if: matrix.platform == 'windows' && github.event_name != 'workflow_dispatch'
|
||||||
id: variables
|
id: variables
|
||||||
run: |
|
run: |
|
||||||
echo "SM_HOST=${{ secrets.SM_HOST }}" >> "$GITHUB_ENV"
|
echo "SM_HOST=${{ secrets.SM_HOST }}" >> "$GITHUB_ENV"
|
||||||
@ -103,7 +104,7 @@ jobs:
|
|||||||
echo "C:\Program Files\DigiCert\DigiCert Keylocker Tools" >> $GITHUB_PATH
|
echo "C:\Program Files\DigiCert\DigiCert Keylocker Tools" >> $GITHUB_PATH
|
||||||
shell: bash
|
shell: bash
|
||||||
- name: Setup Keylocker KSP (Windows only)
|
- name: Setup Keylocker KSP (Windows only)
|
||||||
if: matrix.platform == 'windows'
|
if: matrix.platform == 'windows' && github.event_name != 'workflow_dispatch'
|
||||||
run: |
|
run: |
|
||||||
curl -X GET https://one.digicert.com/signingmanager/api-ui/v1/releases/Keylockertools-windows-x64.msi/download -H "x-api-key:%SM_API_KEY%" -o Keylockertools-windows-x64.msi
|
curl -X GET https://one.digicert.com/signingmanager/api-ui/v1/releases/Keylockertools-windows-x64.msi/download -H "x-api-key:%SM_API_KEY%" -o Keylockertools-windows-x64.msi
|
||||||
msiexec /i Keylockertools-windows-x64.msi /quiet /qn
|
msiexec /i Keylockertools-windows-x64.msi /quiet /qn
|
||||||
@ -141,14 +142,16 @@ jobs:
|
|||||||
CSC_KEY_PASSWORD: ${{ secrets.SM_CLIENT_CERT_PASSWORD }}
|
CSC_KEY_PASSWORD: ${{ secrets.SM_CLIENT_CERT_PASSWORD }}
|
||||||
STATIC_DOCSITE_PATH: ${{env.STATIC_DOCSITE_PATH}}
|
STATIC_DOCSITE_PATH: ${{env.STATIC_DOCSITE_PATH}}
|
||||||
shell: powershell # electron-builder's Windows code signing package has some compatibility issues with pwsh, so we need to use Windows Powershell
|
shell: powershell # electron-builder's Windows code signing package has some compatibility issues with pwsh, so we need to use Windows Powershell
|
||||||
|
|
||||||
- name: Upload to S3 staging
|
- name: Upload to S3 staging
|
||||||
|
if: github.event_name != 'workflow_dispatch'
|
||||||
run: task artifacts:upload
|
run: task artifacts:upload
|
||||||
env:
|
env:
|
||||||
AWS_ACCESS_KEY_ID: "${{ secrets.ARTIFACTS_KEY_ID }}"
|
AWS_ACCESS_KEY_ID: "${{ secrets.ARTIFACTS_KEY_ID }}"
|
||||||
AWS_SECRET_ACCESS_KEY: "${{ secrets.ARTIFACTS_KEY_SECRET }}"
|
AWS_SECRET_ACCESS_KEY: "${{ secrets.ARTIFACTS_KEY_SECRET }}"
|
||||||
AWS_DEFAULT_REGION: us-west-2
|
AWS_DEFAULT_REGION: us-west-2
|
||||||
|
|
||||||
- name: Create draft release
|
- name: Create draft release
|
||||||
|
if: github.event_name != 'workflow_dispatch'
|
||||||
uses: softprops/action-gh-release@v2
|
uses: softprops/action-gh-release@v2
|
||||||
with:
|
with:
|
||||||
prerelease: ${{ contains(github.ref_name, '-beta') }}
|
prerelease: ${{ contains(github.ref_name, '-beta') }}
|
||||||
@ -166,3 +169,9 @@ jobs:
|
|||||||
make/*.snap
|
make/*.snap
|
||||||
make/*.flatpak
|
make/*.flatpak
|
||||||
make/*.AppImage
|
make/*.AppImage
|
||||||
|
- name: Upload build artifacts to workflow (manual runs only)
|
||||||
|
if: github.event_name == 'workflow_dispatch'
|
||||||
|
uses: actions/upload-artifact@v4
|
||||||
|
with:
|
||||||
|
name: ${{matrix.runner}}
|
||||||
|
path: make
|
||||||
|
|||||||
@ -111,6 +111,10 @@ const config = {
|
|||||||
})
|
})
|
||||||
.filter((f) => f.isFile() && f.name.startsWith("wavesrv"))
|
.filter((f) => f.isFile() && f.name.startsWith("wavesrv"))
|
||||||
.forEach((f) => fs.chmodSync(path.resolve(f.parentPath ?? f.path, f.name), 0o755)); // 0o755 corresponds to -rwxr-xr-x
|
.forEach((f) => fs.chmodSync(path.resolve(f.parentPath ?? f.path, f.name), 0o755)); // 0o755 corresponds to -rwxr-xr-x
|
||||||
|
} else if (context.electronPlatformName === "linux") {
|
||||||
|
const chromeSandboxPath = path.resolve(context.appOutDir, "Wave", "chrome-sandbox");
|
||||||
|
fs.chmodSync(chromeSandboxPath, 0o4755);
|
||||||
|
fs.chownSync(chromeSandboxPath, 0, 0);
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
};
|
};
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user