Termix/.github/workflows/electron-build.yml

name: Build Electron App

on:
  workflow_dispatch:
    inputs:
      build_type:
        description: "Build type to run"
        required: true
        default: "all"
        type: choice
        options:
          - all
          - windows
          - linux
          - macos

jobs:
  build-windows:
    runs-on: windows-latest
    if: github.event.inputs.build_type == 'all' || github.event.inputs.build_type == 'windows' || github.event.inputs.build_type == ''

    steps:
      - name: Checkout repository
        uses: actions/checkout@v5
        with:
          fetch-depth: 1

      - name: Setup Node.js
        uses: actions/setup-node@v4
        with:
          node-version: "20"
          cache: "npm"

      - name: Install dependencies
        run: npm ci

      - name: Build Windows Portable
        run: npm run build:win-portable

      - name: Build Windows Installer
        run: npm run build:win-installer

      - name: Create Windows Portable zip
        run: |
          Compress-Archive -Path "release/win-unpacked/*" -DestinationPath "Termix-Windows-Portable.zip"

      - name: Upload Windows Portable Artifact
        uses: actions/upload-artifact@v4
        with:
          name: Termix-Windows-Portable
          path: Termix-Windows-Portable.zip
          retention-days: 30

      - name: Upload Windows Installer Artifact
        uses: actions/upload-artifact@v4
        with:
          name: Termix-Windows-Installer
          path: release/*.exe
          retention-days: 30

  build-linux:
    runs-on: blacksmith-4vcpu-ubuntu-2404
    if: github.event.inputs.build_type == 'all' || github.event.inputs.build_type == 'linux' || github.event.inputs.build_type == ''

    steps:
      - name: Checkout repository
        uses: actions/checkout@v5
        with:
          fetch-depth: 1

      - name: Setup Node.js
        uses: actions/setup-node@v4
        with:
          node-version: "20"
          cache: "npm"

      - name: Install dependencies
        run: npm ci

      - name: Build Linux Portable
        run: npm run build:linux-portable

      - name: Create Linux Portable zip
        run: |
          cd release/linux-unpacked
          zip -r ../../Termix-Linux-Portable.zip *
          cd ../..

      - name: Upload Linux Portable Artifact
        uses: actions/upload-artifact@v4
        with:
          name: Termix-Linux-Portable
          path: Termix-Linux-Portable.zip
          retention-days: 30

  build-macos:
    runs-on: macos-latest
    if: github.event.inputs.build_type == 'all' || github.event.inputs.build_type == 'macos' || github.event.inputs.build_type == ''

    steps:
      - name: Checkout repository
        uses: actions/checkout@v5
        with:
          fetch-depth: 1

      - name: Setup Node.js
        uses: actions/setup-node@v4
        with:
          node-version: "20"

      - name: Install dependencies
        run: |
          rm -f package-lock.json
          npm install
          npm install --force @rollup/rollup-darwin-arm64

      - name: Build macOS DMG
        run: npm run build:mac-dmg
        env:
          CSC_IDENTITY_AUTO_DISCOVERY: false

      - name: Build macOS Zip
        run: npm run build:mac-zip
        env:
          CSC_IDENTITY_AUTO_DISCOVERY: false

      - name: Upload macOS DMG Artifact
        uses: actions/upload-artifact@v4
        with:
          name: Termix-macOS-DMG
          path: release/*.dmg
          retention-days: 30

      - name: Upload macOS Zip Artifact
        uses: actions/upload-artifact@v4
        with:
          name: Termix-macOS-Zip
          path: release/*.zip
          retention-days: 30

  build-macos-mas:
    runs-on: macos-latest
    if: github.event.inputs.build_type == 'macos' || github.event.inputs.build_type == 'all'
    needs: []

    steps:
      - name: Checkout repository
        uses: actions/checkout@v5
        with:
          fetch-depth: 1

      - name: Setup Node.js
        uses: actions/setup-node@v4
        with:
          node-version: "20"

      - name: Install dependencies
        run: |
          rm -f package-lock.json
          npm install
          npm install --force @rollup/rollup-darwin-arm64

      - name: Check for Code Signing Certificates
        id: check_certs
        run: |
          if [ -n "${{ secrets.MAC_BUILD_CERTIFICATE_BASE64 }}" ] && [ -n "${{ secrets.MAC_P12_PASSWORD }}" ]; then
            echo "has_certs=true" >> $GITHUB_OUTPUT
          else
            echo "has_certs=false" >> $GITHUB_OUTPUT
            echo "⚠️ Code signing certificates not configured. MAS build will be unsigned."
          fi

      - name: Import Code Signing Certificates
        if: steps.check_certs.outputs.has_certs == 'true'
        env:
          MAC_BUILD_CERTIFICATE_BASE64: ${{ secrets.MAC_BUILD_CERTIFICATE_BASE64 }}
          MAC_P12_PASSWORD: ${{ secrets.MAC_P12_PASSWORD }}
          MAC_KEYCHAIN_PASSWORD: ${{ secrets.MAC_KEYCHAIN_PASSWORD }}
        run: |
          CERTIFICATE_PATH=$RUNNER_TEMP/build_certificate.p12
          KEYCHAIN_PATH=$RUNNER_TEMP/app-signing.keychain-db

          echo -n "$MAC_BUILD_CERTIFICATE_BASE64" | base64 --decode -o $CERTIFICATE_PATH

          security create-keychain -p "$MAC_KEYCHAIN_PASSWORD" $KEYCHAIN_PATH
          security set-keychain-settings -lut 21600 $KEYCHAIN_PATH
          security unlock-keychain -p "$MAC_KEYCHAIN_PASSWORD" $KEYCHAIN_PATH

          security import $CERTIFICATE_PATH -P "$MAC_P12_PASSWORD" -A -t cert -f pkcs12 -k $KEYCHAIN_PATH
          security list-keychain -d user -s $KEYCHAIN_PATH

      - name: Build macOS App Store Package
        run: npm run build:mac-mas
        env:
          APPLE_ID: ${{ secrets.APPLE_ID }}
          APPLE_APP_SPECIFIC_PASSWORD: ${{ secrets.APPLE_APP_SPECIFIC_PASSWORD }}
          APPLE_TEAM_ID: ${{ secrets.APPLE_TEAM_ID }}
          CSC_IDENTITY_AUTO_DISCOVERY: false

      - name: List release directory
        if: always()
        run: |
          echo "Contents of release directory:"
          ls -R release/ || echo "Release directory not found"

      - name: Upload macOS MAS Artifact
        uses: actions/upload-artifact@v4
        with:
          name: Termix-macOS-MAS
          path: |
            release/*.pkg
            release/mas/*.pkg
          retention-days: 30
          if-no-files-found: warn

      - name: Check for App Store Connect API credentials
        id: check_asc_creds
        run: |
          if [ -n "${{ secrets.APPLE_KEY_ID }}" ] && [ -n "${{ secrets.APPLE_ISSUER_ID }}" ] && [ -n "${{ secrets.APPLE_KEY_CONTENT }}" ]; then
            echo "has_credentials=true" >> $GITHUB_OUTPUT
            echo "✅ App Store Connect API credentials found. Will deploy to App Store Connect."
          else
            echo "has_credentials=false" >> $GITHUB_OUTPUT
            echo "⚠️ App Store Connect API credentials not configured. Skipping deployment."
            echo "Add APPLE_KEY_ID, APPLE_ISSUER_ID, and APPLE_KEY_CONTENT secrets to enable automatic deployment."
          fi

      - name: Setup Ruby for Fastlane
        if: steps.check_asc_creds.outputs.has_credentials == 'true'
        uses: ruby/setup-ruby@v1
        with:
          ruby-version: '3.2'
          bundler-cache: false

      - name: Install Fastlane
        if: steps.check_asc_creds.outputs.has_credentials == 'true'
        run: |
          gem install fastlane -N
          fastlane --version

      - name: Deploy to App Store Connect (TestFlight)
        if: steps.check_asc_creds.outputs.has_credentials == 'true'
        env:
          APP_STORE_CONNECT_API_KEY_KEY_ID: ${{ secrets.APPLE_KEY_ID }}
          APP_STORE_CONNECT_API_KEY_ISSUER_ID: ${{ secrets.APPLE_ISSUER_ID }}
          APP_STORE_CONNECT_API_KEY_KEY: ${{ secrets.APPLE_KEY_CONTENT }}
          APP_STORE_CONNECT_API_KEY_IS_KEY_CONTENT_BASE64: true
        run: |
          PKG_FILE=$(find release -name "*.pkg" -type f | head -n 1)
          if [ -z "$PKG_FILE" ]; then
            echo "Error: No .pkg file found in release directory"
            exit 1
          fi
          echo "Found package: $PKG_FILE"

          fastlane pilot upload \
            --pkg "$PKG_FILE" \
            --platform osx \
            --skip_waiting_for_build_processing true \
            --skip_submission true \
            --changelog "Bug fixes and improvements"
        continue-on-error: true

      - name: Clean up keychain
        if: always()
        run: |
          security delete-keychain $RUNNER_TEMP/app-signing.keychain-db || true