* Sign and notarize in CI * add dmg * remove flag * fix env var * add team id * conditionally set apple specific env vars * publish to a staging location * upload unzipped * add script to publish to staging, update publish url * turn off autodiscovery again * update scripts * deprecate old method * move stuff * remove autodiscovery
3.6 KiB
Building for release
Build Helper workflow
Our release builds are managed by the "Build Helper" GitHub Action, which is defined
in build-helper.yml
.
Under the hood, this will call the build-package
and build-package-linux
scripts in
scripthaus.md
, which will build the Electron codebase using
WebPack and then the wavesrv
and mshell
binaries, then it will call electron-builder
to generate the distributable app packages. The configuration for electron-builder
is electron-builder.config.js
.
This will also sign and notarize the macOS app package.
Once a build is complete, it will be placed in s3://waveterm-github-artifacts/staging/<version>
.
It can be downloaded for testing using the download-staged-artifact.sh
script. When you are ready to publish the artifacts to the public release feed, use the
publish-from-staging.sh
script to directly copy the artifacts from
the staging bucket to the releases bucket.
Automatic updates
Thanks to electron-updater
, we are able to provide automatic app updates for macOS and Linux,
as long as the app was distributed as a DMG, AppImage, RPM, or DEB file.
With each release, latest-mac.yml
and latest-linux.yml
files will be produced that point to the
newest release. These also include file sizes and checksums to aid in validating the packages. The app
will check these files in our S3 bucket every hour to see if a new version is available.
Local signing and notarizing for macOS (Deprecated)
The prepare-macos.sh
script will download the latest build
artifacts from S3 and sign and notarize the macOS binaries within it. It will then
generate a DMG and a new ZIP archive with the new signed app.
This will call a few different JS scripts to perform more complicated operations.
osx-sign.js
and osx-notarize.js
call
underlying Electron APIs to sign and notarize the package.
update-latest-mac.js
will then update the latest-mac.yml
file with the SHA512 checksum and file size of the new signed and notarized installer. This
is important for the electron-updater
auto-update mechanism to then find and validate new releases.
Uploading release artifacts for distribution (Deprecated)
Upload script
Once the build has been fully validated and is ready to be released, the
upload-release.sh
script is then used to grab the completed
artifacts and upload them to the dl.waveterm.dev
S3 bucket for distribution.
Homebrew
Homebrew currently requires a manual bump of the version, but now that we have auto-updates, we should add our cask to the list of apps that can be automatically bumped.
Linux
We do not currently submit the Linux packages to any of the package repositories. We are working on addressing this in the near future.
electron-build
configuration
Most of our configuration is fairly standard. The main exception to this is that we exclude our Go binaries from the ASAR archive that Electron generates. ASAR files cannot be executed by NodeJS because they are not seen as files and therefore cannot be executed via a Shell command. More information can be found here.
We also exclude most of our node_modules
from packaging, as WebPack handles packaging
of any dependencies for us. The one exception is monaco-editor
.