ci: inject LOG_ENCRYPTION_PUBLIC_KEY from github env #300
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Package Neuron for Release Draft | |
on: | |
push: | |
branches: | |
- master | |
- "rc/**" | |
- "hotfix/**" | |
jobs: | |
default: | |
strategy: | |
matrix: | |
node: | |
- 20.15.1 | |
os: | |
- macos-latest | |
- ubuntu-20.04 | |
- windows-2019 | |
runs-on: ${{ matrix.os }} | |
environment: Release | |
permissions: | |
contents: write | |
name: ${{ matrix.os }}(Node.js ${{ matrix.node }}) | |
steps: | |
- name: Set git to use LF | |
run: | | |
git config --global core.autocrlf false | |
git config --global core.eol lf | |
- name: Checkout | |
uses: actions/checkout@v4 | |
- name: Setup Node | |
uses: actions/setup-node@v4 | |
with: | |
node-version: ${{ matrix.node }} | |
cache: "yarn" | |
- name: Restore | |
uses: actions/cache@v4 | |
with: | |
path: | | |
node_modules | |
*/*/node_modules | |
key: 2022-12-21-${{ runner.os }}-${{ hashFiles('**/yarn.lock')}} | |
- name: Add msbuild to PATH | |
if: matrix.os == 'windows-2019' | |
uses: microsoft/setup-msbuild@v2 | |
env: | |
ACTIONS_ALLOW_UNSECURE_COMMANDS: "true" | |
- name: Setup Certificate | |
if: matrix.os == 'windows-2019' | |
run: | | |
echo "${{ secrets.SM_CLIENT_CERT_FILE_BASE64 }}" | base64 --decode > /d/Certificate_pkcs12.p12 | |
shell: bash | |
- name: Set variables | |
if: matrix.os == 'windows-2019' | |
run: | | |
echo "SM_KEYPAIR_NAME=${{ secrets.SM_KEYPAIR_ALIAS }}" >> "$GITHUB_ENV" | |
echo "SM_HOST=${{ secrets.SM_HOST }}" >> "$GITHUB_ENV" | |
echo "SM_API_KEY=${{ secrets.SM_API_KEY }}" >> "$GITHUB_ENV" | |
echo "SM_CLIENT_CERT_FILE=D:\\Certificate_pkcs12.p12" >> "$GITHUB_ENV" | |
echo "SM_CLIENT_CERT_PASSWORD=${{ secrets.SM_CLIENT_CERT_PASSWORD }}" >> "$GITHUB_ENV" | |
echo "C:\Program Files (x86)\Windows Kits\10\App Certification Kit" >> $GITHUB_PATH | |
echo "C:\Program Files (x86)\Microsoft SDKs\Windows\v10.0A\bin\NETFX 4.8 Tools" >> $GITHUB_PATH | |
echo "C:\Program Files\DigiCert\DigiCert One Signing Manager Tools" >> $GITHUB_PATH | |
shell: bash | |
- name: Setting up the client tools | |
if: ${{ matrix.os == 'windows-2019' && env.SM_API_KEY != '' }} | |
run: | | |
curl -X GET https://one.digicert.com/signingmanager/api-ui/v1/releases/smtools-windows-x64.msi/download -H "x-api-key:%SM_API_KEY%" -o smtools-windows-x64.msi | |
msiexec /i smtools-windows-x64.msi /quiet /qn | |
C:\Windows\System32\certutil.exe -csp "DigiCert Signing Manager KSP" -key -user | |
shell: cmd | |
- name: Certificates Sync | |
if: ${{ matrix.os == 'windows-2019' && env.SM_API_KEY != '' }} | |
run: | | |
smctl windows certsync | |
shell: cmd | |
- name: Install libudev | |
if: matrix.os == 'ubuntu-20.04' | |
run: | | |
sudo apt-get update | |
sudo apt-get install -y libudev-dev | |
- name: Install Lerna | |
run: yarn global add lerna | |
- name: Bootstrap | |
run: | | |
yarn | |
env: | |
CI: false | |
- name: Inject LOG_ENCRYPTION_PUBLIC_KEY to encrypt sensitive log | |
run: | | |
echo "LOG_ENCRYPTION_PUBLIC_KEY=${{ secrets.LOG_ENCRYPTION_PUBLIC_KEY }}" >> packages/neuron-wallet/.env | |
- name: Package for MacOS | |
if: matrix.os == 'macos-latest' | |
run: | | |
./scripts/download-ckb.sh mac | |
yarn release mac | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
APPLE_ID: ${{ secrets.APPLE_ID }} | |
APPLE_ID_PASSWORD: ${{ secrets.APPLE_ID_PASSWORD }} | |
CSC_LINK: ${{ secrets.MAC_CERTIFICATE_BASE64 }} | |
CSC_KEY_PASSWORD: ${{ secrets.MAC_CERTIFICATE_PASSWORD }} | |
TEAM_ID: ${{ secrets.TEAM_ID }} | |
- name: Package for Windows | |
if: matrix.os == 'windows-2019' | |
run: | | |
bash ./scripts/download-ckb.sh win | |
yarn build | |
bash ./scripts/copy-ui-files.sh | |
bash ./scripts/release.sh win | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
- name: Package for Linux | |
if: matrix.os == 'ubuntu-20.04' | |
run: | | |
./scripts/download-ckb.sh | |
yarn release linux | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
- name: Upload Neuron App Zip | |
if: matrix.os == 'macos-latest' | |
uses: actions/upload-artifact@v4 | |
with: | |
name: Neuron-Mac-x64 | |
path: release/Neuron-*-mac-x64.zip | |
- name: Upload Neuron App Zip(arm64) | |
if: matrix.os == 'macos-latest' | |
uses: actions/upload-artifact@v4 | |
with: | |
name: Neuron-Mac-arm64 | |
path: release/Neuron-*-mac-arm64.zip | |
- name: Upload Neuron Dmg | |
if: matrix.os == 'macos-latest' | |
uses: actions/upload-artifact@v4 | |
with: | |
name: Neuron-Dmg-x64 | |
path: release/Neuron-*-x64.dmg | |
- name: Upload Neuron Dmg(arm64) | |
if: matrix.os == 'macos-latest' | |
uses: actions/upload-artifact@v4 | |
with: | |
name: Neuron-Dmg-arm64 | |
path: release/Neuron-*-arm64.dmg | |
- name: Upload Neuron Win | |
if: matrix.os == 'windows-2019' | |
uses: actions/upload-artifact@v4 | |
with: | |
name: Neuron-Win | |
path: release/Neuron-*-setup.exe | |
- name: Upload Neuron Linux | |
if: matrix.os == 'ubuntu-20.04' | |
uses: actions/upload-artifact@v4 | |
with: | |
name: Neuron-Linux | |
path: release/Neuron-*.AppImage |