302 lines
11 KiB
YAML
302 lines
11 KiB
YAML
name: Build Electron App
|
|
|
|
on:
|
|
workflow_dispatch:
|
|
inputs:
|
|
build_type:
|
|
description: "Build type to run"
|
|
required: true
|
|
default: "all"
|
|
type: choice
|
|
options:
|
|
- all
|
|
- windows
|
|
- linux
|
|
- macos
|
|
|
|
jobs:
|
|
build-windows:
|
|
runs-on: windows-latest
|
|
if: github.event.inputs.build_type == 'all' || github.event.inputs.build_type == 'windows' || github.event.inputs.build_type == ''
|
|
|
|
steps:
|
|
- name: Checkout repository
|
|
uses: actions/checkout@v5
|
|
with:
|
|
fetch-depth: 1
|
|
|
|
- name: Setup Node.js
|
|
uses: actions/setup-node@v4
|
|
with:
|
|
node-version: "20"
|
|
cache: "npm"
|
|
|
|
- name: Install dependencies
|
|
run: npm ci
|
|
|
|
- name: Build Windows Portable
|
|
run: npm run build:win-portable
|
|
|
|
- name: Build Windows Installer
|
|
run: npm run build:win-installer
|
|
|
|
- name: Create Windows Portable zip
|
|
run: |
|
|
Compress-Archive -Path "release/win-unpacked/*" -DestinationPath "Termix-Windows-Portable.zip"
|
|
|
|
- name: Upload Windows Portable Artifact
|
|
uses: actions/upload-artifact@v4
|
|
with:
|
|
name: Termix-Windows-Portable
|
|
path: Termix-Windows-Portable.zip
|
|
retention-days: 30
|
|
|
|
- name: Upload Windows Installer Artifact
|
|
uses: actions/upload-artifact@v4
|
|
with:
|
|
name: Termix-Windows-Installer
|
|
path: release/*.exe
|
|
retention-days: 30
|
|
|
|
build-linux:
|
|
runs-on: blacksmith-4vcpu-ubuntu-2404
|
|
if: github.event.inputs.build_type == 'all' || github.event.inputs.build_type == 'linux' || github.event.inputs.build_type == ''
|
|
|
|
steps:
|
|
- name: Checkout repository
|
|
uses: actions/checkout@v5
|
|
with:
|
|
fetch-depth: 1
|
|
|
|
- name: Setup Node.js
|
|
uses: actions/setup-node@v4
|
|
with:
|
|
node-version: "20"
|
|
cache: "npm"
|
|
|
|
- name: Install dependencies
|
|
run: npm ci
|
|
|
|
- name: Build Linux Portable
|
|
run: npm run build:linux-portable
|
|
|
|
- name: Create Linux Portable zip
|
|
run: |
|
|
cd release/linux-unpacked
|
|
zip -r ../../Termix-Linux-Portable.zip *
|
|
cd ../..
|
|
|
|
- name: Upload Linux Portable Artifact
|
|
uses: actions/upload-artifact@v4
|
|
with:
|
|
name: Termix-Linux-Portable
|
|
path: Termix-Linux-Portable.zip
|
|
retention-days: 30
|
|
|
|
build-macos:
|
|
runs-on: macos-latest
|
|
if: github.event.inputs.build_type == 'macos' || github.event.inputs.build_type == 'all'
|
|
needs: []
|
|
|
|
steps:
|
|
- name: Checkout repository
|
|
uses: actions/checkout@v5
|
|
with:
|
|
fetch-depth: 1
|
|
|
|
- name: Setup Node.js
|
|
uses: actions/setup-node@v4
|
|
with:
|
|
node-version: "20"
|
|
|
|
- name: Install dependencies
|
|
run: |
|
|
rm -f package-lock.json
|
|
npm install
|
|
npm install --force @rollup/rollup-darwin-arm64
|
|
|
|
- name: Check for Code Signing Certificates
|
|
id: check_certs
|
|
run: |
|
|
if [ -n "${{ secrets.MAC_BUILD_CERTIFICATE_BASE64 }}" ] && [ -n "${{ secrets.MAC_P12_PASSWORD }}" ]; then
|
|
echo "has_certs=true" >> $GITHUB_OUTPUT
|
|
else
|
|
echo "has_certs=false" >> $GITHUB_OUTPUT
|
|
echo "⚠️ Code signing certificates not configured. MAS build will be unsigned."
|
|
fi
|
|
|
|
- name: Import Code Signing Certificates
|
|
if: steps.check_certs.outputs.has_certs == 'true'
|
|
env:
|
|
MAC_BUILD_CERTIFICATE_BASE64: ${{ secrets.MAC_BUILD_CERTIFICATE_BASE64 }}
|
|
MAC_INSTALLER_CERTIFICATE_BASE64: ${{ secrets.MAC_INSTALLER_CERTIFICATE_BASE64 }}
|
|
MAC_P12_PASSWORD: ${{ secrets.MAC_P12_PASSWORD }}
|
|
MAC_KEYCHAIN_PASSWORD: ${{ secrets.MAC_KEYCHAIN_PASSWORD }}
|
|
run: |
|
|
APP_CERT_PATH=$RUNNER_TEMP/app_certificate.p12
|
|
INSTALLER_CERT_PATH=$RUNNER_TEMP/installer_certificate.p12
|
|
KEYCHAIN_PATH=$RUNNER_TEMP/app-signing.keychain-db
|
|
|
|
# Decode certificates
|
|
echo -n "$MAC_BUILD_CERTIFICATE_BASE64" | base64 --decode -o $APP_CERT_PATH
|
|
echo -n "$MAC_INSTALLER_CERTIFICATE_BASE64" | base64 --decode -o $INSTALLER_CERT_PATH
|
|
|
|
# Create and configure keychain
|
|
security create-keychain -p "$MAC_KEYCHAIN_PASSWORD" $KEYCHAIN_PATH
|
|
security set-keychain-settings -lut 21600 $KEYCHAIN_PATH
|
|
security unlock-keychain -p "$MAC_KEYCHAIN_PASSWORD" $KEYCHAIN_PATH
|
|
|
|
# Import both certificates
|
|
security import $APP_CERT_PATH -P "$MAC_P12_PASSWORD" -A -t cert -f pkcs12 -k $KEYCHAIN_PATH
|
|
security import $INSTALLER_CERT_PATH -P "$MAC_P12_PASSWORD" -A -t cert -f pkcs12 -k $KEYCHAIN_PATH
|
|
security list-keychain -d user -s $KEYCHAIN_PATH
|
|
|
|
echo "Imported certificates:"
|
|
security find-identity -v -p codesigning $KEYCHAIN_PATH
|
|
|
|
- name: Build macOS App Store Package
|
|
if: steps.check_certs.outputs.has_certs == 'true'
|
|
env:
|
|
BUILD_NUMBER: ${{ github.run_number }}
|
|
run: |
|
|
npm run build:mac
|
|
|
|
# Fix CFBundleVersion in Info.plist to use just build number
|
|
APP_PATH="release/mas/Termix.app"
|
|
if [ -d "$APP_PATH" ]; then
|
|
echo "Fixing CFBundleVersion in Info.plist..."
|
|
/usr/libexec/PlistBuddy -c "Set :CFBundleVersion $BUILD_NUMBER" "$APP_PATH/Contents/Info.plist"
|
|
|
|
BUNDLE_VERSION=$(/usr/libexec/PlistBuddy -c "Print :CFBundleVersion" "$APP_PATH/Contents/Info.plist")
|
|
echo "✅ Updated CFBundleVersion to: $BUNDLE_VERSION"
|
|
|
|
# Re-sign all components recursively
|
|
echo "Re-signing app components..."
|
|
|
|
# Get signing identity
|
|
APP_IDENTITY=$(security find-identity -v -p codesigning $RUNNER_TEMP/app-signing.keychain-db | grep "Apple Distribution" | head -1 | cut -d'"' -f2)
|
|
INSTALLER_IDENTITY=$(security find-identity -v -p codesigning $RUNNER_TEMP/app-signing.keychain-db | grep "Installer" | head -1 | cut -d'"' -f2)
|
|
|
|
echo "Using app identity: $APP_IDENTITY"
|
|
echo "Using installer identity: $INSTALLER_IDENTITY"
|
|
|
|
if [ -z "$INSTALLER_IDENTITY" ]; then
|
|
echo "Available identities:"
|
|
security find-identity -v -p codesigning $RUNNER_TEMP/app-signing.keychain-db
|
|
echo "Error: Could not find installer identity"
|
|
exit 1
|
|
fi
|
|
|
|
# Sign helper apps first
|
|
codesign --force --sign "$APP_IDENTITY" \
|
|
--entitlements "build/entitlements.mas.inherit.plist" \
|
|
"$APP_PATH/Contents/Frameworks/Termix Helper.app" || true
|
|
|
|
codesign --force --sign "$APP_IDENTITY" \
|
|
--entitlements "build/entitlements.mas.inherit.plist" \
|
|
"$APP_PATH/Contents/Frameworks/Termix Helper (GPU).app" || true
|
|
|
|
codesign --force --sign "$APP_IDENTITY" \
|
|
--entitlements "build/entitlements.mas.inherit.plist" \
|
|
"$APP_PATH/Contents/Frameworks/Termix Helper (Plugin).app" || true
|
|
|
|
codesign --force --sign "$APP_IDENTITY" \
|
|
--entitlements "build/entitlements.mas.inherit.plist" \
|
|
"$APP_PATH/Contents/Frameworks/Termix Helper (Renderer).app" || true
|
|
|
|
# Sign frameworks
|
|
find "$APP_PATH/Contents/Frameworks" -name "*.framework" -o -name "*.dylib" | while read framework; do
|
|
codesign --force --sign "$APP_IDENTITY" "$framework" 2>/dev/null || true
|
|
done
|
|
|
|
# Sign main app last
|
|
codesign --force --deep --sign "$APP_IDENTITY" \
|
|
--entitlements "build/entitlements.mas.plist" \
|
|
--options runtime \
|
|
"$APP_PATH"
|
|
|
|
echo "✅ Re-signed app successfully"
|
|
|
|
# Remove old pkg and create new one
|
|
rm -f "release/mas/Termix-1.8.0.pkg"
|
|
productbuild --component "$APP_PATH" /Applications \
|
|
--sign "$INSTALLER_IDENTITY" \
|
|
"release/mas/Termix-1.8.0.pkg"
|
|
|
|
echo "✅ Created new package with build number: $BUILD_NUMBER"
|
|
else
|
|
echo "❌ Error: App not found at $APP_PATH"
|
|
exit 1
|
|
fi
|
|
|
|
- name: List release directory
|
|
if: steps.check_certs.outputs.has_certs == 'true'
|
|
run: |
|
|
echo "Contents of release directory:"
|
|
ls -R release/ || echo "Release directory not found"
|
|
|
|
- name: Upload macOS MAS Artifact
|
|
if: steps.check_certs.outputs.has_certs == 'true'
|
|
uses: actions/upload-artifact@v4
|
|
with:
|
|
name: Termix-macOS-MAS
|
|
path: |
|
|
release/*.pkg
|
|
release/mas/*.pkg
|
|
retention-days: 30
|
|
if-no-files-found: warn
|
|
|
|
- name: Check for App Store Connect API credentials
|
|
if: steps.check_certs.outputs.has_certs == 'true'
|
|
id: check_asc_creds
|
|
run: |
|
|
if [ -n "${{ secrets.APPLE_KEY_ID }}" ] && [ -n "${{ secrets.APPLE_ISSUER_ID }}" ] && [ -n "${{ secrets.APPLE_KEY_CONTENT }}" ]; then
|
|
echo "has_credentials=true" >> $GITHUB_OUTPUT
|
|
echo "✅ App Store Connect API credentials found. Will deploy to App Store Connect."
|
|
else
|
|
echo "has_credentials=false" >> $GITHUB_OUTPUT
|
|
echo "⚠️ App Store Connect API credentials not configured. Skipping deployment."
|
|
echo "Add APPLE_KEY_ID, APPLE_ISSUER_ID, and APPLE_KEY_CONTENT secrets to enable automatic deployment."
|
|
fi
|
|
|
|
- name: Setup Ruby for Fastlane
|
|
if: steps.check_asc_creds.outputs.has_credentials == 'true'
|
|
uses: ruby/setup-ruby@v1
|
|
with:
|
|
ruby-version: '3.2'
|
|
bundler-cache: false
|
|
|
|
- name: Install Fastlane
|
|
if: steps.check_asc_creds.outputs.has_credentials == 'true'
|
|
run: |
|
|
gem install fastlane -N
|
|
fastlane --version
|
|
|
|
- name: Deploy to App Store Connect (TestFlight)
|
|
if: steps.check_asc_creds.outputs.has_credentials == 'true'
|
|
run: |
|
|
PKG_FILE=$(find release -name "*.pkg" -type f | head -n 1)
|
|
if [ -z "$PKG_FILE" ]; then
|
|
echo "Error: No .pkg file found in release directory"
|
|
exit 1
|
|
fi
|
|
echo "Found package: $PKG_FILE"
|
|
|
|
# Create API key file
|
|
mkdir -p ~/private_keys
|
|
echo "${{ secrets.APPLE_KEY_CONTENT }}" | base64 --decode > ~/private_keys/AuthKey_${{ secrets.APPLE_KEY_ID }}.p8
|
|
|
|
# Upload to App Store Connect using xcrun altool
|
|
xcrun altool --upload-app -f "$PKG_FILE" \
|
|
--type macos \
|
|
--apiKey "${{ secrets.APPLE_KEY_ID }}" \
|
|
--apiIssuer "${{ secrets.APPLE_ISSUER_ID }}"
|
|
|
|
echo "✅ Upload complete! Build will appear in App Store Connect after processing (10-30 minutes)"
|
|
continue-on-error: true
|
|
|
|
- name: Clean up keychain
|
|
if: always() && steps.check_certs.outputs.has_certs == 'true'
|
|
run: |
|
|
security delete-keychain $RUNNER_TEMP/app-signing.keychain-db || true
|