ci: use key locker to sign neuron for windows #217
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Package Neuron for Release Draft | |
on: | |
push: | |
branches: | |
- master | |
- "rc/**" | |
- "hotfix/**" | |
jobs: | |
default: | |
strategy: | |
matrix: | |
node: | |
- 18.12.0 | |
os: | |
- macos-latest | |
- ubuntu-20.04 | |
- windows-2019 | |
runs-on: ${{ matrix.os }} | |
name: ${{ matrix.os }}(Node.js ${{ matrix.node }}) | |
steps: | |
- name: Set git to use LF | |
run: | | |
git config --global core.autocrlf false | |
git config --global core.eol lf | |
- name: Checkout | |
uses: actions/checkout@v3 | |
- name: Setup Node | |
uses: actions/setup-node@v3 | |
with: | |
node-version: ${{ matrix.node }} | |
cache: "yarn" | |
- name: Restore | |
uses: actions/cache@v3 | |
with: | |
path: | | |
node_modules | |
*/*/node_modules | |
key: 2022-12-21-${{ runner.os }}-${{ hashFiles('**/yarn.lock')}} | |
- name: Add msbuild to PATH | |
if: matrix.os == 'windows-2019' | |
uses: microsoft/[email protected] | |
env: | |
ACTIONS_ALLOW_UNSECURE_COMMANDS: "true" | |
- name: Setup Certificate | |
if: matrix.os == 'windows-2019' | |
run: | | |
echo "${{ secrets.SM_CLIENT_CERT_FILE_BASE64 }}" | base64 --decode > /d/Certificate_pkcs12.p12 | |
shell: bash | |
- name: Set variables | |
if: matrix.os == 'windows-2019' | |
run: | | |
echo "SM_KEYPAIR_NAME=${{ secrets.SM_KEYPAIR_ALIAS }}" >> "$GITHUB_ENV" | |
echo "SM_HOST=${{ secrets.SM_HOST }}" >> "$GITHUB_ENV" | |
echo "SM_API_KEY=${{ secrets.SM_API_KEY }}" >> "$GITHUB_ENV" | |
echo "SM_CLIENT_CERT_FILE=D:\\Certificate_pkcs12.p12" >> "$GITHUB_ENV" | |
echo "SM_CLIENT_CERT_PASSWORD=${{ secrets.SM_CLIENT_CERT_PASSWORD }}" >> "$GITHUB_ENV" | |
echo "C:\Program Files (x86)\Windows Kits\10\App Certification Kit" >> $GITHUB_PATH | |
echo "C:\Program Files (x86)\Microsoft SDKs\Windows\v10.0A\bin\NETFX 4.8 Tools" >> $GITHUB_PATH | |
echo "C:\Program Files\DigiCert\DigiCert One Signing Manager Tools" >> $GITHUB_PATH | |
shell: bash | |
- name: Setting up the client tools | |
if: matrix.os == 'windows-2019' | |
run: | | |
curl -X GET https://one.digicert.com/signingmanager/api-ui/v1/releases/smtools-windows-x64.msi/download -H "x-api-key:%SM_API_KEY%" -o smtools-windows-x64.msi | |
msiexec /i smtools-windows-x64.msi /quiet /qn | |
C:\Windows\System32\certutil.exe -csp "DigiCert Signing Manager KSP" -key -user | |
shell: cmd | |
- name: Certificates Sync | |
if: matrix.os == 'windows-2019' | |
run: | | |
smctl windows certsync | |
shell: cmd | |
- name: Install libudev | |
if: matrix.os == 'ubuntu-20.04' | |
run: | | |
sudo apt-get update | |
sudo apt-get install -y libudev-dev | |
- name: Install Lerna | |
run: yarn global add lerna | |
- name: Bootstrap | |
run: | | |
yarn | |
env: | |
CI: false | |
- name: Package for MacOS | |
if: matrix.os == 'macos-latest' | |
run: | | |
./scripts/download-ckb.sh mac | |
yarn release mac | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
APPLE_ID: ${{ secrets.APPLE_ID }} | |
APPLE_ID_PASSWORD: ${{ secrets.APPLE_ID_PASSWORD }} | |
CSC_LINK: ${{ secrets.MAC_CERTIFICATE_BASE64 }} | |
CSC_KEY_PASSWORD: ${{ secrets.MAC_CERTIFICATE_PASSWORD }} | |
TEAM_ID: ${{ secrets.TEAM_ID }} | |
- name: Package for Windows | |
if: matrix.os == 'windows-2019' | |
run: | | |
bash ./scripts/download-ckb.sh win | |
yarn build | |
bash ./scripts/copy-ui-files.sh | |
bash ./scripts/release.sh win | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
- name: Package for Linux | |
if: matrix.os == 'ubuntu-20.04' | |
run: | | |
./scripts/download-ckb.sh | |
yarn release linux | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
- name: Upload Neuron App Zip | |
if: matrix.os == 'macos-latest' | |
uses: actions/upload-artifact@v3 | |
with: | |
name: Neuron-Mac | |
path: release/Neuron-*-mac-x64.zip | |
- name: Upload Neuron App Zip(arm64) | |
if: matrix.os == 'macos-latest' | |
uses: actions/upload-artifact@v3 | |
with: | |
name: Neuron-Mac | |
path: release/Neuron-*-mac-arm64.zip | |
- name: Upload Neuron Dmg | |
if: matrix.os == 'macos-latest' | |
uses: actions/upload-artifact@v3 | |
with: | |
name: Neuron-Dmg | |
path: release/Neuron-*-x64.dmg | |
- name: Upload Neuron Dmg(arm64) | |
if: matrix.os == 'macos-latest' | |
uses: actions/upload-artifact@v3 | |
with: | |
name: Neuron-Dmg | |
path: release/Neuron-*-arm64.dmg | |
- name: Upload Neuron Win | |
if: matrix.os == 'windows-2019' | |
uses: actions/upload-artifact@v3 | |
with: | |
name: Neuron-Win | |
path: release/Neuron-*-setup.exe | |
- name: Upload Neuron Linux | |
if: matrix.os == 'ubuntu-20.04' | |
uses: actions/upload-artifact@v3 | |
with: | |
name: Neuron-Linux | |
path: release/Neuron-*.AppImage |