diff --git a/.circleci/config.yml b/.circleci/config.yml deleted file mode 100644 index 4e26ee1..0000000 --- a/.circleci/config.yml +++ /dev/null @@ -1,216 +0,0 @@ -version: 2.1 -workflows: - macos: - jobs: - - build_for_macos: - context: scratch-desktop-and-link - windows: - jobs: - - build_for_windows: - context: scratch-desktop-and-link -orbs: - node: circleci/node@5.1.0 - windows: circleci/windows@5.0.0 -aliases: - # condition to indicate whether or not we should sign this build - - &should_sign - or: - - equal: [ develop, << pipeline.git.branch >> ] - - equal: [ main, << pipeline.git.branch >> ] - - equal: [ master, << pipeline.git.branch >> ] - # clear large environment variables from the "scratch-desktop-and-link" context - # this helps when a program (like NPM) encounters errors with a large environment - - &clear_context - CSC_MACOS: "" - MAC_PROVISION_PROFILE: "" - SDM_CERT: "" - SDM_CERT_CA_BUNDLE: "" - SDM_CERT_KEY: "" - WIN_CSC_LINK: "" -jobs: - build_for_macos: - macos: - # See https://circleci.com/docs/using-macos/#supported-xcode-versions for CircleCI's supported Xcode versions - xcode: 12.5.1 - resource_class: macos.x86.medium.gen2 # "medium" has been deprecated - steps: - - node/install: - node-version: "16.*" - - run: node --version && npm --version - - checkout - - node/install-packages: - include-branch-in-cache-key: false - override-ci-command: npm ci --loglevel info --prefer-offline - - run: - name: Test - command: npm run test - - when: - condition: - *should_sign - steps: - - add_ssh_keys - - run: - name: Import CI context - command: | - set -e - fastlane circleci - - restore_cache: - # Caching Homebrew's files (see the save_cache step below) means that Homebrew doesn't have to update as - # much. The Homebrew update can take several minutes without this, but with the cache it tends to take less - # than a minute most of the time. The cache will expire periodically and be replaced by a more up-to-date - # cache, which should effectively cap the amount of updating that Homebrew needs to do on top of the cache. - name: Restore Homebrew cache - key: homebrew-cache-v2 - - run: - name: Work around electron-userland/electron-builder#4964 - environment: - HOMEBREW_NO_AUTO_UPDATE: 1 - command: | - brew install go go-bindata - git -C ~ clone https://github.com/develar/app-builder.git - git -C ~/app-builder checkout b85740334fec875f5dd8dcd22eb1f729599109db - make --directory=~/app-builder build - ln -sfv ~/app-builder/dist/app-builder_darwin_amd64/app-builder ./node_modules/app-builder-bin/mac/ - - save_cache: - name: Save Homebrew cache - paths: - - ~/Library/Caches/Homebrew - - /Library/Caches/Homebrew - key: homebrew-cache-v2 - - build - - run: - name: Move DMG to artifacts directory - command: | - mkdir -p Artifacts/ - mv -v dist/Scratch*.dmg Artifacts/ - - when: - condition: - *should_sign - steps: - - run: - name: Zip MAS-Dev to artifacts directory - # If you use `zip` for this it will throw away some metadata (resource forks?) and - # the app will crash on startup with "EXC_CRASH (Code Signature Invalid)". - # To preserve that metadata, use `ditto` instead. - # See also: https://stackoverflow.com/a/22370486 - command: | - NPM_APP_VERSION="`node -pe "require('./package.json').version"`" - cd dist/mas-dev - ditto -v -c -k --sequesterRsrc --keepParent --zlibCompressionLevel 9 \ - Scratch*.app ../../Artifacts/mas-dev-${NPM_APP_VERSION}.zip - - run: - name: Move PKG to artifacts directory - command: | - mv -v dist/mas/Scratch*.pkg Artifacts/ - - store_artifacts: - path: Artifacts/ - build_for_windows: - executor: - name: windows/default - shell: bash.exe # defaulting to bash at the executor level makes the Node orb kinda work - steps: - - run: - # work around https://github.com/appveyor/ci/issues/2420 which seems to affect CircleCI too - # see also https://circleci.com/docs/2.0/env-vars/#using-parameters-and-bash-environment - name: Work around git-sh-setup issue - shell: bash - command: | - echo 'Adding libexec/git-core to PATH...' - echo 'For more details see https://github.com/appveyor/ci/issues/2420' - echo 'export PATH="$PATH:/c/Program Files/Git/mingw64/libexec/git-core"' >> $BASH_ENV - - run: # node/install doesn't work right on Windows - name: Install Node - # as of today, the Windows image comes with nvm 1.1.7 - # nvm version 1.1.9 fixes an issue leading to "npm ERR! Unexpected token '.'" - # nvm version 1.1.10 will support "nvm install 16" - # but for now it needs the exact version - command: | - choco upgrade --yes nvm.portable - nvm --version - nvm install 16.20.0 - nvm use 16.20.0 - - run: node --version && npm --version - - checkout - - node/install-packages: - # the Node orb doesn't understand the default cache path on Windows - # make sure to use a path that works with Windows Node.js AND MSYS/MinGW bash - cache-path: "C:/tmp/npm-cache" - include-branch-in-cache-key: false - override-ci-command: npm ci --loglevel info --prefer-offline - - run: - name: Test - command: npm run test - environment: *clear_context - - when: - condition: - *should_sign - steps: - - run: - name: Import CI context - shell: bash - command: | - set -e - function decodeToFile () { - if [ -z "$1" ]; then - echo "Missing or invalid filename" - return 1 - fi - if [ -z "$2" ]; then - echo "Missing environment variable contents for file: $1" - return 2 - fi - echo "$2" | base64 --decode > "$1" - } - decodeToFile ~/codesign.pfx "${WIN_CSC_LINK}" - - run: - # In theory this should be unnecessary: the electron-builder documentation says that WIN_CSC_LINK can - # be a base64-encoded certificate, which is what's in the CI context. In practice that leads to an - # signtool.exe finding the certificate but not the key, for reasons I haven't been able to understand. - # Also, because of the non-standard user configuration on CircleCI's Windows VM, attempting to import - # a certificate into the user's certificate store ("Cert:/LocalUser/My") will fail. Instead, this code - # imports the PFX into the machine certificate store. That usually requires Administrator permissions, - # but on CircleCI's setup it works just fine. See also: https://github.com/ShabadOS/desktop/issues/265 - # and https://github.com/ShabadOS/desktop/pull/266 - name: Add CSC to machine store - shell: powershell - command: | - $securePassword = (ConvertTo-SecureString -String $env:WIN_CSC_KEY_PASSWORD -AsPlainText -Force) - Import-PfxCertificate -FilePath ~/codesign.pfx -Password $securePassword -CertStoreLocation "Cert:/LocalMachine/My" - - build - - run: - name: Move Windows build products to artifacts directory - shell: bash - command: | - mkdir -p Artifacts/ - mv dist/{Scratch*.appx,Scratch*.exe} Artifacts/ - - store_artifacts: - path: Artifacts/ -commands: - build: - steps: - - when: - condition: - *should_sign - steps: - - run: - command: npm run dist - no_output_timeout: 30m # macOS notarization can take longer than the default 10 minutes - environment: - # blank big variables to avoid crash on Windows - <<: *clear_context - # let Windows know where to get the PFX (ignored on non-Windows builds) - WIN_CSC_LINK: ~/codesign.pfx - # blank CIRCLE_BUILD_NUM to work around electron-userland/electron-builder#5016 - CIRCLE_BUILD_NUM: "" - # increased Node memory needed for macOS build - NODE_OPTIONS: --max-old-space-size=4096 - - unless: - condition: - *should_sign - steps: - - run: - command: npm run distDev - environment: - <<: *clear_context - # increased Node memory needed for macOS build - NODE_OPTIONS: --max-old-space-size=4096 diff --git a/.github/workflows/ci-cd.yml b/.github/workflows/ci-cd.yml new file mode 100644 index 0000000..b4593bd --- /dev/null +++ b/.github/workflows/ci-cd.yml @@ -0,0 +1,101 @@ +name: CI/CD +on: + push: + +concurrency: + group: '${{ github.workflow }} @ ${{ github.head_ref || github.ref }}' + +permissions: + contents: write # publish a GitHub release + pages: write # deploy to GitHub Pages + issues: write # comment on released issues + pull-requests: write # comment on released pull requests + +jobs: + ci-cd: + strategy: + matrix: + os: + - macos-latest + - windows-latest + runs-on: ${{ matrix.os }} + defaults: + run: + shell: bash + environment: + name: ${{ matrix.os }} + env: + SCRATCH_SHOULD_SIGN: ${{ github.ref_name == 'main' }} + AC_USERNAME: ${{ github.ref_name == 'main' && secrets.AC_USERNAME }} + AC_PASSWORD: ${{ github.ref_name == 'main' && secrets.AC_PASSWORD }} + steps: + - uses: actions/checkout@v3 + - uses: actions/setup-node@v3 + with: + cache: 'npm' + node-version-file: '.nvmrc' + - name: Debug info + run: | + cat <