diff --git a/.github/workflows/electron.yml b/.github/workflows/electron.yml index b694378e..027685c9 100644 --- a/.github/workflows/electron.yml +++ b/.github/workflows/electron.yml @@ -27,7 +27,7 @@ on: jobs: build-windows: runs-on: windows-latest - if: github.event.inputs.build_type == 'all' || github.event.inputs.build_type == 'windows' || github.event.inputs.build_type == '' + if: (github.event.inputs.build_type == 'all' || github.event.inputs.build_type == 'windows' || github.event.inputs.build_type == '') && github.event.inputs.artifact_destination != 'submit' permissions: contents: write @@ -72,10 +72,6 @@ jobs: GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} run: npm run build && npx electron-builder --win --x64 --ia32 - - name: List release files - run: | - dir release - - name: Upload Windows x64 NSIS Installer uses: actions/upload-artifact@v4 if: hashFiles('release/termix_windows_x64_nsis.exe') != '' && github.event.inputs.artifact_destination != 'none' @@ -136,7 +132,7 @@ jobs: build-linux: runs-on: blacksmith-4vcpu-ubuntu-2404 - if: github.event.inputs.build_type == 'all' || github.event.inputs.build_type == 'linux' || github.event.inputs.build_type == '' + if: (github.event.inputs.build_type == 'all' || github.event.inputs.build_type == 'linux' || github.event.inputs.build_type == '') && github.event.inputs.artifact_destination != 'submit' permissions: contents: write @@ -199,17 +195,6 @@ jobs: cd .. - - name: List release files - run: | - ls -la release/ - - - name: Debug electron-builder output - if: always() - run: | - if [ -f "release/builder-debug.yml" ]; then - cat release/builder-debug.yml - fi - - name: Upload Linux x64 AppImage uses: actions/upload-artifact@v4 if: hashFiles('release/termix_linux_x64_appimage.AppImage') != '' && github.event.inputs.artifact_destination != 'none' @@ -425,11 +410,6 @@ jobs: export GH_TOKEN="${{ secrets.GITHUB_TOKEN }}" npx electron-builder --mac dmg --universal --x64 --arm64 --publish never - - name: List release directory - if: steps.check_certs.outputs.has_certs == 'true' - run: | - ls -R release/ || echo "Release directory not found" - - name: Upload macOS MAS PKG if: steps.check_certs.outputs.has_certs == 'true' && hashFiles('release/termix_macos_universal_mas.pkg') != '' && (github.event.inputs.artifact_destination == 'file' || github.event.inputs.artifact_destination == 'release' || github.event.inputs.artifact_destination == 'submit') uses: actions/upload-artifact@v4 @@ -463,42 +443,6 @@ jobs: path: release/termix_macos_arm64_dmg.dmg retention-days: 30 - - name: Check for App Store Connect API credentials - if: steps.check_certs.outputs.has_certs == 'true' - id: check_asc_creds - run: | - if [ -n "${{ secrets.APPLE_KEY_ID }}" ] && [ -n "${{ secrets.APPLE_ISSUER_ID }}" ] && [ -n "${{ secrets.APPLE_KEY_CONTENT }}" ]; then - echo "has_credentials=true" >> $GITHUB_OUTPUT - fi - - - name: Setup Ruby for Fastlane - if: steps.check_asc_creds.outputs.has_credentials == 'true' && github.event.inputs.artifact_destination == 'submit' - uses: ruby/setup-ruby@v1 - with: - ruby-version: "3.2" - bundler-cache: false - - - name: Install Fastlane - if: steps.check_asc_creds.outputs.has_credentials == 'true' && github.event.inputs.artifact_destination == 'submit' - run: | - gem install fastlane -N - - - name: Deploy to App Store Connect (TestFlight) - if: steps.check_asc_creds.outputs.has_credentials == 'true' && github.event.inputs.artifact_destination == 'submit' - run: | - PKG_FILE=$(find release -name "*.pkg" -type f | head -n 1) - if [ -z "$PKG_FILE" ]; then - exit 1 - fi - - mkdir -p ~/private_keys - echo "${{ secrets.APPLE_KEY_CONTENT }}" | base64 --decode > ~/private_keys/AuthKey_${{ secrets.APPLE_KEY_ID }}.p8 - - xcrun altool --upload-app -f "$PKG_FILE" \ - --type macos \ - --apiKey "${{ secrets.APPLE_KEY_ID }}" \ - --apiIssuer "${{ secrets.APPLE_ISSUER_ID }}" - continue-on-error: true - name: Clean up keychains if: always() @@ -614,7 +558,7 @@ jobs: submit-to-flatpak: runs-on: ubuntu-latest if: github.event.inputs.artifact_destination == 'submit' - needs: [build-linux] + needs: [] permissions: contents: read @@ -632,31 +576,28 @@ jobs: echo "version=$VERSION" >> $GITHUB_OUTPUT echo "release_date=$RELEASE_DATE" >> $GITHUB_OUTPUT - - name: Download Linux x64 AppImage artifact - uses: actions/download-artifact@v4 - with: - name: termix_linux_x64_appimage - path: artifact-x64 - - - name: Download Linux arm64 AppImage artifact - uses: actions/download-artifact@v4 - with: - name: termix_linux_arm64_appimage - path: artifact-arm64 - - - name: Get AppImage file info + - name: Download and prepare AppImage info from public release id: appimage-info run: | VERSION="${{ steps.package-version.outputs.version }}" - - APPIMAGE_X64_FILE=$(find artifact-x64 -name "*.AppImage" -type f | head -n 1) - APPIMAGE_X64_NAME=$(basename "$APPIMAGE_X64_FILE") - CHECKSUM_X64=$(sha256sum "$APPIMAGE_X64_FILE" | awk '{print $1}') - - APPIMAGE_ARM64_FILE=$(find artifact-arm64 -name "*.AppImage" -type f | head -n 1) - APPIMAGE_ARM64_NAME=$(basename "$APPIMAGE_ARM64_FILE") - CHECKSUM_ARM64=$(sha256sum "$APPIMAGE_ARM64_FILE" | awk '{print $1}') - + mkdir -p release_assets + + APPIMAGE_X64_NAME="termix_linux_x64_appimage.AppImage" + URL_X64="https://github.com/Termix-SSH/Termix/releases/download/release-$VERSION-tag/$APPIMAGE_X64_NAME" + PATH_X64="release_assets/$APPIMAGE_X64_NAME" + echo "Downloading x64 AppImage from $URL_X64" + curl -L -o "$PATH_X64" "$URL_X64" + chmod +x "$PATH_X64" + CHECKSUM_X64=$(sha256sum "$PATH_X64" | awk '{print $1}') + + APPIMAGE_ARM64_NAME="termix_linux_arm64_appimage.AppImage" + URL_ARM64="https://github.com/Termix-SSH/Termix/releases/download/release-$VERSION-tag/$APPIMAGE_ARM64_NAME" + PATH_ARM64="release_assets/$APPIMAGE_ARM64_NAME" + echo "Downloading arm64 AppImage from $URL_ARM64" + curl -L -o "$PATH_ARM64" "$URL_ARM64" + chmod +x "$PATH_ARM64" + CHECKSUM_ARM64=$(sha256sum "$PATH_ARM64" | awk '{print $1}') + echo "appimage_x64_name=$APPIMAGE_X64_NAME" >> $GITHUB_OUTPUT echo "checksum_x64=$CHECKSUM_X64" >> $GITHUB_OUTPUT echo "appimage_arm64_name=$APPIMAGE_ARM64_NAME" >> $GITHUB_OUTPUT @@ -694,10 +635,6 @@ jobs: sed -i "s/VERSION_PLACEHOLDER/$VERSION/g" flatpak-submission/com.karmaa.termix.metainfo.xml sed -i "s/DATE_PLACEHOLDER/$RELEASE_DATE/g" flatpak-submission/com.karmaa.termix.metainfo.xml - - name: List submission files - run: | - ls -la flatpak-submission/ - - name: Upload Flatpak submission as artifact uses: actions/upload-artifact@v4 with: @@ -708,7 +645,7 @@ jobs: submit-to-homebrew: runs-on: macos-latest if: github.event.inputs.artifact_destination == 'submit' - needs: [build-macos] + needs: [] permissions: contents: read @@ -724,20 +661,20 @@ jobs: VERSION=$(node -p "require('./package.json').version") echo "version=$VERSION" >> $GITHUB_OUTPUT - - name: Download macOS Universal DMG artifact - uses: actions/download-artifact@v4 - with: - name: termix_macos_universal_dmg - path: artifact - - - name: Get DMG file info + - name: Download and prepare DMG info from public release id: dmg-info run: | VERSION="${{ steps.package-version.outputs.version }}" - DMG_FILE=$(find artifact -name "*.dmg" -type f | head -n 1) - DMG_NAME=$(basename "$DMG_FILE") - CHECKSUM=$(shasum -a 256 "$DMG_FILE" | awk '{print $1}') - + DMG_NAME="termix_macos_universal_dmg.dmg" + URL="https://github.com/Termix-SSH/Termix/releases/download/release-$VERSION-tag/$DMG_NAME" + + mkdir -p release_asset + PATH="release_asset/$DMG_NAME" + echo "Downloading DMG from $URL" + curl -L -o "$PATH" "$URL" + + CHECKSUM=$(shasum -a 256 "$PATH" | awk '{print $1}') + echo "dmg_name=$DMG_NAME" >> $GITHUB_OUTPUT echo "checksum=$CHECKSUM" >> $GITHUB_OUTPUT @@ -756,16 +693,8 @@ jobs: - name: Verify Cask syntax run: | - if ! command -v brew &> /dev/null; then - /bin/bash -c "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/HEAD/install.sh)" - fi - ruby -c homebrew-submission/Casks/t/termix.rb - - name: List submission files - run: | - find homebrew-submission -type f - - name: Upload Homebrew submission as artifact uses: actions/upload-artifact@v4 with: @@ -793,10 +722,6 @@ jobs: env: GH_TOKEN: ${{ github.token }} - - name: Display artifact structure - run: | - ls -R artifacts/ - - name: Upload artifacts to latest release run: | cd artifacts @@ -812,3 +737,130 @@ jobs: done env: GH_TOKEN: ${{ github.token }} + + submit-to-testflight: + runs-on: macos-latest + if: github.event.inputs.artifact_destination == 'submit' + needs: [] + permissions: + contents: write + + steps: + - name: Checkout repository + uses: actions/checkout@v5 + with: + fetch-depth: 1 + + - name: Setup Node.js + uses: actions/setup-node@v4 + with: + node-version: "20" + cache: "npm" + + - name: Install dependencies + run: | + for i in 1 2 3; + do + if npm ci; then + break + else + if [ $i -eq 3 ]; then + exit 1 + fi + sleep 10 + fi + done + npm install --force @rollup/rollup-darwin-arm64 + npm install dmg-license + + - name: Check for Code Signing Certificates + id: check_certs + run: | + if [ -n "${{ secrets.MAC_BUILD_CERTIFICATE_BASE64 }}" ] && [ -n "${{ secrets.MAC_P12_PASSWORD }}" ]; then + echo "has_certs=true" >> $GITHUB_OUTPUT + fi + + - name: Import Code Signing Certificates + if: steps.check_certs.outputs.has_certs == 'true' + env: + MAC_BUILD_CERTIFICATE_BASE64: ${{ secrets.MAC_BUILD_CERTIFICATE_BASE64 }} + MAC_INSTALLER_CERTIFICATE_BASE64: ${{ secrets.MAC_INSTALLER_CERTIFICATE_BASE64 }} + MAC_P12_PASSWORD: ${{ secrets.MAC_P12_PASSWORD }} + MAC_KEYCHAIN_PASSWORD: ${{ secrets.MAC_KEYCHAIN_PASSWORD }} + run: | + APP_CERT_PATH=$RUNNER_TEMP/app_certificate.p12 + INSTALLER_CERT_PATH=$RUNNER_TEMP/installer_certificate.p12 + KEYCHAIN_PATH=$RUNNER_TEMP/app-signing.keychain-db + + echo -n "$MAC_BUILD_CERTIFICATE_BASE64" | base64 --decode -o $APP_CERT_PATH + + if [ -n "$MAC_INSTALLER_CERTIFICATE_BASE64" ]; then + echo -n "$MAC_INSTALLER_CERTIFICATE_BASE64" | base64 --decode -o $INSTALLER_CERT_PATH + fi + + security create-keychain -p "$MAC_KEYCHAIN_PASSWORD" $KEYCHAIN_PATH + security set-keychain-settings -lut 21600 $KEYCHAIN_PATH + security unlock-keychain -p "$MAC_KEYCHAIN_PASSWORD" $KEYCHAIN_PATH + + security import $APP_CERT_PATH -P "$MAC_P12_PASSWORD" -A -t cert -f pkcs12 -k $KEYCHAIN_PATH + + if [ -f "$INSTALLER_CERT_PATH" ]; then + security import $INSTALLER_CERT_PATH -P "$MAC_P12_PASSWORD" -A -t cert -f pkcs12 -k $KEYCHAIN_PATH + fi + + security list-keychain -d user -s $KEYCHAIN_PATH + + security find-identity -v -p codesigning $KEYCHAIN_PATH + + - name: Build macOS App Store Package + if: steps.check_certs.outputs.has_certs == 'true' + env: + ELECTRON_BUILDER_ALLOW_UNRESOLVED_DEPENDENCIES: true + GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} + run: | + CURRENT_VERSION=$(node -p "require('./package.json').version") + BUILD_VERSION="${{ github.run_number }}" + + npm run build && npx electron-builder --mac mas --universal --config.buildVersion="$BUILD_VERSION" + + - name: Check for App Store Connect API credentials + id: check_asc_creds + run: | + if [ -n "${{ secrets.APPLE_KEY_ID }}" ] && [ -n "${{ secrets.APPLE_ISSUER_ID }}" ] && [ -n "${{ secrets.APPLE_KEY_CONTENT }}" ]; then + echo "has_credentials=true" >> $GITHUB_OUTPUT + fi + + - name: Setup Ruby for Fastlane + if: steps.check_asc_creds.outputs.has_credentials == 'true' + uses: ruby/setup-ruby@v1 + with: + ruby-version: "3.2" + bundler-cache: false + + - name: Install Fastlane + if: steps.check_asc_creds.outputs.has_credentials == 'true' + run: | + gem install fastlane -N + + - name: Deploy to App Store Connect (TestFlight) + if: steps.check_asc_creds.outputs.has_credentials == 'true' + run: | + PKG_FILE=$(find artifact-mas -name "*.pkg" -type f | head -n 1) + if [ -z "$PKG_FILE" ]; then + echo "PKG file not found, exiting." + exit 1 + fi + + mkdir -p ~/private_keys + echo "${{ secrets.APPLE_KEY_CONTENT }}" | base64 --decode > ~/private_keys/AuthKey_${{ secrets.APPLE_KEY_ID }}.p8 + + xcrun altool --upload-app -f "$PKG_FILE" \ + --type macos \ + --apiKey "${{ secrets.APPLE_KEY_ID }}" \ + --apiIssuer "${{ secrets.APPLE_ISSUER_ID }}" + continue-on-error: true + + - name: Clean up keychains + if: always() + run: | + security delete-keychain $RUNNER_TEMP/app-signing.keychain-db || true \ No newline at end of file diff --git a/homebrew/termix.rb b/homebrew/termix.rb deleted file mode 100644 index 9522fa73..00000000 --- a/homebrew/termix.rb +++ /dev/null @@ -1,24 +0,0 @@ -cask "termix" do - version "VERSION_PLACEHOLDER" - sha256 "CHECKSUM_PLACEHOLDER" - - url "https://github.com/Termix-SSH/Termix/releases/download/release-#{version}-tag/termix_macos_universal_#{version}_dmg.dmg" - name "Termix" - desc "Web-based server management platform with SSH terminal, tunneling, and file editing" - homepage "https://github.com/Termix-SSH/Termix" - - livecheck do - url :url - strategy :github_latest - end - - app "Termix.app" - - zap trash: [ - "~/Library/Application Support/termix", - "~/Library/Caches/com.karmaa.termix", - "~/Library/Caches/com.karmaa.termix.ShipIt", - "~/Library/Preferences/com.karmaa.termix.plist", - "~/Library/Saved Application State/com.karmaa.termix.savedState", - ] -end