mirror of
https://github.com/wavetermdev/waveterm.git
synced 2024-12-21 16:38:23 +01:00
edb3290349
## Summary We are moving our docsite to this repo for better coordination. ## What's changed? - The docsite codebase is now in docs/ - The docsite will replace storybook as the published GitHub Pages site for this repo - Storybook will now be hosted at https://docs.waveterm.dev/storybook - A new CI workflow will validate any changes to Storybook or the docsite - A combined CD workflow will build and deploy Storybook and the docsite as a single artifact - The Build Helper workflow will now build an embedded version of the docsite before building the app, ensuring the docsite version it has is always the latest
209 lines
10 KiB
YAML
209 lines
10 KiB
YAML
# Build Helper workflow - Builds, signs, and packages binaries for each supported platform, then uploads to a staging bucket in S3 for wider distribution.
|
|
# For more information on the macOS signing and notarization, see https://www.electron.build/code-signing and https://www.electron.build/configuration/mac
|
|
# For more information on the Windows Code Signing, see https://docs.digicert.com/en/digicert-keylocker/ci-cd-integrations/plugins/github-custom-action-for-keypair-signing.html and https://docs.digicert.com/en/digicert-keylocker/signing-tools/sign-authenticode-with-electron-builder-using-ksp-integration.html
|
|
|
|
name: Build Helper
|
|
run-name: Build ${{ github.ref_name }}${{ github.event_name == 'workflow_dispatch' && ' - Manual' || '' }}
|
|
on:
|
|
push:
|
|
tags:
|
|
- "v[0-9]+.[0-9]+.[0-9]+*"
|
|
workflow_dispatch:
|
|
env:
|
|
GO_VERSION: "1.22"
|
|
NODE_VERSION: "20"
|
|
STATIC_DOCSITE_PATH: docsite
|
|
jobs:
|
|
build-docsite:
|
|
runs-on: ubuntu-latest
|
|
steps:
|
|
- uses: actions/checkout@v4
|
|
- uses: actions/setup-node@v4
|
|
with:
|
|
node-version: ${{env.NODE_VERSION}}
|
|
- name: Install Yarn
|
|
run: |
|
|
corepack enable
|
|
yarn install
|
|
working-directory: docs/
|
|
- name: Build embedded docsite
|
|
run: yarn build-embedded
|
|
working-directory: docs/
|
|
- name: Upload Build Artifact
|
|
uses: actions/upload-artifact@v4
|
|
with:
|
|
name: docsite
|
|
path: docs/build
|
|
build-app:
|
|
needs: build-docsite
|
|
outputs:
|
|
version: ${{ steps.set-version.outputs.WAVETERM_VERSION }}
|
|
strategy:
|
|
matrix:
|
|
include:
|
|
- platform: "darwin"
|
|
runner: "macos-latest"
|
|
- platform: "linux"
|
|
runner: "ubuntu-latest"
|
|
- platform: "linux"
|
|
runner: ubuntu-24.04-arm64-16core
|
|
- platform: "windows"
|
|
runner: "windows-latest"
|
|
# - platform: "windows"
|
|
# runner: "windows-11-arm64-16core"
|
|
runs-on: ${{ matrix.runner }}
|
|
steps:
|
|
- uses: actions/checkout@v4
|
|
- name: Install Linux Build Dependencies (Linux only)
|
|
if: matrix.platform == 'linux'
|
|
run: |
|
|
sudo apt-get update
|
|
sudo apt-get install --no-install-recommends -y libarchive-tools libopenjp2-tools rpm squashfs-tools
|
|
sudo snap install snapcraft --classic
|
|
sudo snap install zig --classic --beta # We use Zig instead of glibc for cgo compilation as it is more-easily statically linked
|
|
|
|
# The pre-installed version of the AWS CLI has a segfault problem so we'll install it via Homebrew instead.
|
|
- name: Upgrade AWS CLI (Mac only)
|
|
if: matrix.platform == 'darwin'
|
|
run: brew install awscli
|
|
|
|
# The version of FPM that comes bundled with electron-builder doesn't include a Linux ARM target. Installing Gems onto the runner is super quick so we'll just do this for all targets.
|
|
- name: Install FPM (not Windows)
|
|
if: matrix.platform != 'windows'
|
|
run: sudo gem install fpm
|
|
- name: Install FPM (Windows only)
|
|
if: matrix.platform == 'windows'
|
|
run: gem install fpm
|
|
|
|
# General build dependencies
|
|
- uses: actions/setup-go@v5
|
|
with:
|
|
go-version: ${{env.GO_VERSION}}
|
|
cache-dependency-path: |
|
|
go.sum
|
|
- uses: actions/setup-node@v4
|
|
with:
|
|
node-version: ${{env.NODE_VERSION}}
|
|
- name: Install Yarn
|
|
run: |
|
|
corepack enable
|
|
yarn install
|
|
- name: Install Task
|
|
uses: arduino/setup-task@v2
|
|
with:
|
|
version: 3.x
|
|
repo-token: ${{ secrets.GITHUB_TOKEN }}
|
|
|
|
- name: "Set Version"
|
|
id: set-version
|
|
run: echo "WAVETERM_VERSION=$(task version)" >> "$GITHUB_OUTPUT"
|
|
shell: bash
|
|
|
|
# Windows Code Signing Setup
|
|
- name: Set up certificate (Windows only)
|
|
if: matrix.platform == 'windows' && github.event_name != 'workflow_dispatch'
|
|
run: |
|
|
echo "${{ secrets.SM_CLIENT_CERT_FILE_B64 }}" | base64 --decode > /d/Certificate_pkcs12.p12
|
|
shell: bash
|
|
- name: Set signing variables (Windows only)
|
|
if: matrix.platform == 'windows' && github.event_name != 'workflow_dispatch'
|
|
id: variables
|
|
run: |
|
|
echo "SM_HOST=${{ secrets.SM_HOST }}" >> "$GITHUB_ENV"
|
|
echo "SM_API_KEY=${{ secrets.SM_API_KEY }}" >> "$GITHUB_ENV"
|
|
echo "SM_CODE_SIGNING_CERT_SHA1_HASH=${{ secrets.SM_CODE_SIGNING_CERT_SHA1_HASH }}" >> "$GITHUB_ENV"
|
|
echo "SM_CLIENT_CERT_FILE=D:\\Certificate_pkcs12.p12" >> "$GITHUB_ENV"
|
|
echo "SM_CLIENT_CERT_FILE=D:\\Certificate_pkcs12.p12" >> "$GITHUB_OUTPUT"
|
|
echo "SM_CLIENT_CERT_PASSWORD=${{ secrets.SM_CLIENT_CERT_PASSWORD }}" >> "$GITHUB_ENV"
|
|
echo "C:\Program Files (x86)\Windows Kits\10\App Certification Kit" >> $GITHUB_PATH
|
|
echo "C:\Program Files (x86)\Microsoft SDKs\Windows\v10.0A\bin\NETFX 4.8 Tools" >> $GITHUB_PATH
|
|
echo "C:\Program Files\DigiCert\DigiCert Keylocker Tools" >> $GITHUB_PATH
|
|
shell: bash
|
|
- name: Setup Keylocker KSP (Windows only)
|
|
if: matrix.platform == 'windows' && github.event_name != 'workflow_dispatch'
|
|
run: |
|
|
curl -X GET https://one.digicert.com/signingmanager/api-ui/v1/releases/Keylockertools-windows-x64.msi/download -H "x-api-key:%SM_API_KEY%" -o Keylockertools-windows-x64.msi
|
|
msiexec /i Keylockertools-windows-x64.msi /quiet /qn
|
|
C:\Windows\System32\certutil.exe -csp "DigiCert Signing Manager KSP" -key -user
|
|
smctl windows certsync
|
|
shell: cmd
|
|
|
|
- name: Download embedded docsite
|
|
uses: actions/download-artifact@v4
|
|
with:
|
|
name: docsite
|
|
path: ${{env.STATIC_DOCSITE_PATH}}
|
|
|
|
# Build and upload packages
|
|
- name: Build (Linux)
|
|
if: matrix.platform == 'linux'
|
|
run: task package
|
|
env:
|
|
USE_SYSTEM_FPM: true # Ensure that the installed version of FPM is used rather than the bundled one.
|
|
STATIC_DOCSITE_PATH: ${{env.STATIC_DOCSITE_PATH}}
|
|
SNAPCRAFT_BUILD_ENVIRONMENT: host
|
|
- name: Build (Darwin)
|
|
if: matrix.platform == 'darwin'
|
|
run: task package
|
|
env:
|
|
USE_SYSTEM_FPM: true # Ensure that the installed version of FPM is used rather than the bundled one.
|
|
CSC_LINK: ${{ matrix.platform == 'darwin' && secrets.PROD_MACOS_CERTIFICATE_2}}
|
|
CSC_KEY_PASSWORD: ${{ matrix.platform == 'darwin' && secrets.PROD_MACOS_CERTIFICATE_PWD_2 }}
|
|
APPLE_ID: ${{ matrix.platform == 'darwin' && secrets.PROD_MACOS_NOTARIZATION_APPLE_ID_2 }}
|
|
APPLE_APP_SPECIFIC_PASSWORD: ${{ matrix.platform == 'darwin' && secrets.PROD_MACOS_NOTARIZATION_PWD_2 }}
|
|
APPLE_TEAM_ID: ${{ matrix.platform == 'darwin' && secrets.PROD_MACOS_NOTARIZATION_TEAM_ID_2 }}
|
|
STATIC_DOCSITE_PATH: ${{env.STATIC_DOCSITE_PATH}}
|
|
- name: Build (Windows)
|
|
if: matrix.platform == 'windows'
|
|
run: task package
|
|
env:
|
|
USE_SYSTEM_FPM: true # Ensure that the installed version of FPM is used rather than the bundled one.
|
|
CSC_LINK: ${{ steps.variables.outputs.SM_CLIENT_CERT_FILE }}
|
|
CSC_KEY_PASSWORD: ${{ secrets.SM_CLIENT_CERT_PASSWORD }}
|
|
STATIC_DOCSITE_PATH: ${{env.STATIC_DOCSITE_PATH}}
|
|
shell: powershell # electron-builder's Windows code signing package has some compatibility issues with pwsh, so we need to use Windows Powershell
|
|
|
|
# Upload artifacts to the S3 staging and to the workflow output for the draft release job
|
|
- name: Upload to S3 staging
|
|
if: github.event_name != 'workflow_dispatch'
|
|
run: task artifacts:upload
|
|
env:
|
|
AWS_ACCESS_KEY_ID: "${{ secrets.ARTIFACTS_KEY_ID }}"
|
|
AWS_SECRET_ACCESS_KEY: "${{ secrets.ARTIFACTS_KEY_SECRET }}"
|
|
AWS_DEFAULT_REGION: us-west-2
|
|
- name: Upload artifacts
|
|
uses: actions/upload-artifact@v4
|
|
with:
|
|
name: ${{ matrix.runner }}
|
|
path: make
|
|
create-release:
|
|
runs-on: ubuntu-latest
|
|
needs: build-app
|
|
permissions:
|
|
contents: write
|
|
if: ${{ github.event_name != 'workflow_dispatch' }}
|
|
steps:
|
|
- name: Download artifacts
|
|
uses: actions/download-artifact@v4
|
|
with:
|
|
path: make
|
|
merge-multiple: true
|
|
- name: Create draft release
|
|
uses: softprops/action-gh-release@v2
|
|
with:
|
|
prerelease: ${{ contains(github.ref_name, '-beta') }}
|
|
name: Wave Terminal ${{ github.ref_name }} Release
|
|
generate_release_notes: true
|
|
draft: true
|
|
files: |
|
|
make/*.zip
|
|
make/*.dmg
|
|
make/*.exe
|
|
make/*.msi
|
|
make/*.rpm
|
|
make/*.deb
|
|
make/*.pacman
|
|
make/*.snap
|
|
make/*.flatpak
|
|
make/*.AppImage
|