scratchfoundation/scratch-desktop
1
0
Fork 0
mirror of https://github.com/scratchfoundation/scratch-desktop.git synced 2025-01-03 11:25:42 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions

Merge pull request #341 from scratchfoundation/gha

Browse source 
Migrate scratch-desktop to GitHub Actions
This commit is contained in:
Ron de las Alas 2023-11-30 11:05:54 -05:00 committed by GitHub
commit d2f11a80e8
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
6 changed files with 111 additions and 218 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

216
.circleci/config.yml
View file

@ -1,216 +0,0 @@
version: 2.1
workflows:
macos:
jobs:
- build_for_macos:
context: scratch-desktop-and-link
windows:
jobs:
- build_for_windows:
context: scratch-desktop-and-link
orbs:
node: circleci/node@5.1.0
windows: circleci/windows@5.0.0
aliases:
# condition to indicate whether or not we should sign this build
- &should_sign
or:
- equal: [ develop, << pipeline.git.branch >> ]
- equal: [ main, << pipeline.git.branch >> ]
- equal: [ master, << pipeline.git.branch >> ]
# clear large environment variables from the "scratch-desktop-and-link" context
# this helps when a program (like NPM) encounters errors with a large environment
- &clear_context
CSC_MACOS: ""
MAC_PROVISION_PROFILE: ""
SDM_CERT: ""
SDM_CERT_CA_BUNDLE: ""
SDM_CERT_KEY: ""
WIN_CSC_LINK: ""
jobs:
build_for_macos:
macos:
# See https://circleci.com/docs/using-macos/#supported-xcode-versions for CircleCI's supported Xcode versions
xcode: 12.5.1
resource_class: macos.x86.medium.gen2 # "medium" has been deprecated
steps:
- node/install:
node-version: "16.*"
- run: node --version && npm --version
- checkout
- node/install-packages:
include-branch-in-cache-key: false
override-ci-command: npm ci --loglevel info --prefer-offline
- run:
name: Test
command: npm run test
- when:
condition:
*should_sign
steps:
- add_ssh_keys
- run:
name: Import CI context
command: |
set -e
fastlane circleci
- restore_cache:
# Caching Homebrew's files (see the save_cache step below) means that Homebrew doesn't have to update as
# much. The Homebrew update can take several minutes without this, but with the cache it tends to take less
# than a minute most of the time. The cache will expire periodically and be replaced by a more up-to-date
# cache, which should effectively cap the amount of updating that Homebrew needs to do on top of the cache.
name: Restore Homebrew cache
key: homebrew-cache-v2
- run:
name: Work around electron-userland/electron-builder#4964
environment:
HOMEBREW_NO_AUTO_UPDATE: 1
command: |
brew install go go-bindata
git -C ~ clone https://github.com/develar/app-builder.git
git -C ~/app-builder checkout b85740334fec875f5dd8dcd22eb1f729599109db
make --directory=~/app-builder build
ln -sfv ~/app-builder/dist/app-builder_darwin_amd64/app-builder ./node_modules/app-builder-bin/mac/
- save_cache:
name: Save Homebrew cache
paths:
- ~/Library/Caches/Homebrew
- /Library/Caches/Homebrew
key: homebrew-cache-v2
- build
- run:
name: Move DMG to artifacts directory
command: |
mkdir -p Artifacts/
mv -v dist/Scratch*.dmg Artifacts/
- when:
condition:
*should_sign
steps:
- run:
name: Zip MAS-Dev to artifacts directory
# If you use `zip` for this it will throw away some metadata (resource forks?) and
# the app will crash on startup with "EXC_CRASH (Code Signature Invalid)".
# To preserve that metadata, use `ditto` instead.
# See also: https://stackoverflow.com/a/22370486
command: |
NPM_APP_VERSION="`node -pe "require('./package.json').version"`"
cd dist/mas-dev
ditto -v -c -k --sequesterRsrc --keepParent --zlibCompressionLevel 9 \
Scratch*.app ../../Artifacts/mas-dev-${NPM_APP_VERSION}.zip
- run:
name: Move PKG to artifacts directory
command: |
mv -v dist/mas/Scratch*.pkg Artifacts/
- store_artifacts:
path: Artifacts/
build_for_windows:
executor:
name: windows/default
shell: bash.exe # defaulting to bash at the executor level makes the Node orb kinda work
steps:
- run:
# work around https://github.com/appveyor/ci/issues/2420 which seems to affect CircleCI too
# see also https://circleci.com/docs/2.0/env-vars/#using-parameters-and-bash-environment
name: Work around git-sh-setup issue
shell: bash
command: |
echo 'Adding libexec/git-core to PATH...'
echo 'For more details see https://github.com/appveyor/ci/issues/2420'
echo 'export PATH="$PATH:/c/Program Files/Git/mingw64/libexec/git-core"' >> $BASH_ENV
- run: # node/install doesn't work right on Windows
name: Install Node
# as of today, the Windows image comes with nvm 1.1.7
# nvm version 1.1.9 fixes an issue leading to "npm ERR! Unexpected token '.'"
# nvm version 1.1.10 will support "nvm install 16"
# but for now it needs the exact version
command: |
choco upgrade --yes nvm.portable
nvm --version
nvm install 16.20.0
nvm use 16.20.0
- run: node --version && npm --version
- checkout
- node/install-packages:
# the Node orb doesn't understand the default cache path on Windows
# make sure to use a path that works with Windows Node.js AND MSYS/MinGW bash
cache-path: "C:/tmp/npm-cache"
include-branch-in-cache-key: false
override-ci-command: npm ci --loglevel info --prefer-offline
- run:
name: Test
command: npm run test
environment: *clear_context
- when:
condition:
*should_sign
steps:
- run:
name: Import CI context
shell: bash
command: |
set -e
function decodeToFile () {
if [ -z "$1" ]; then
echo "Missing or invalid filename"
return 1
fi
if [ -z "$2" ]; then
echo "Missing environment variable contents for file: $1"
return 2
fi
echo "$2" | base64 --decode > "$1"
}
decodeToFile ~/codesign.pfx "${WIN_CSC_LINK}"
- run:
# In theory this should be unnecessary: the electron-builder documentation says that WIN_CSC_LINK can
# be a base64-encoded certificate, which is what's in the CI context. In practice that leads to an
# signtool.exe finding the certificate but not the key, for reasons I haven't been able to understand.
# Also, because of the non-standard user configuration on CircleCI's Windows VM, attempting to import
# a certificate into the user's certificate store ("Cert:/LocalUser/My") will fail. Instead, this code
# imports the PFX into the machine certificate store. That usually requires Administrator permissions,
# but on CircleCI's setup it works just fine. See also: https://github.com/ShabadOS/desktop/issues/265
# and https://github.com/ShabadOS/desktop/pull/266
name: Add CSC to machine store
shell: powershell
command: |
$securePassword = (ConvertTo-SecureString -String $env:WIN_CSC_KEY_PASSWORD -AsPlainText -Force)
Import-PfxCertificate -FilePath ~/codesign.pfx -Password $securePassword -CertStoreLocation "Cert:/LocalMachine/My"
- build
- run:
name: Move Windows build products to artifacts directory
shell: bash
command: |
mkdir -p Artifacts/
mv dist/{Scratch*.appx,Scratch*.exe} Artifacts/
- store_artifacts:
path: Artifacts/
commands:
build:
steps:
- when:
condition:
*should_sign
steps:
- run:
command: npm run dist
no_output_timeout: 30m # macOS notarization can take longer than the default 10 minutes
environment:
# blank big variables to avoid crash on Windows
<<: *clear_context
# let Windows know where to get the PFX (ignored on non-Windows builds)
WIN_CSC_LINK: ~/codesign.pfx
# blank CIRCLE_BUILD_NUM to work around electron-userland/electron-builder#5016
CIRCLE_BUILD_NUM: ""
# increased Node memory needed for macOS build
NODE_OPTIONS: --max-old-space-size=4096
- unless:
condition:
*should_sign
steps:
- run:
command: npm run distDev
environment:
<<: *clear_context
# increased Node memory needed for macOS build
NODE_OPTIONS: --max-old-space-size=4096

101
.github/workflows/ci-cd.yml vendored Normal file
View file

@ -0,0 +1,101 @@
name: CI/CD
on:
push:
concurrency:
group: '${{ github.workflow }} @ ${{ github.head_ref || github.ref }}'
permissions:
contents: write # publish a GitHub release
pages: write # deploy to GitHub Pages
issues: write # comment on released issues
pull-requests: write # comment on released pull requests
jobs:
ci-cd:
strategy:
matrix:
os:
- macos-latest
- windows-latest
runs-on: ${{ matrix.os }}
defaults:
run:
shell: bash
environment:
name: ${{ matrix.os }}
env:
SCRATCH_SHOULD_SIGN: ${{ github.ref_name == 'main' }}
AC_USERNAME: ${{ github.ref_name == 'main' && secrets.AC_USERNAME }}
AC_PASSWORD: ${{ github.ref_name == 'main' && secrets.AC_PASSWORD }}
steps:
- uses: actions/checkout@v3
- uses: actions/setup-node@v3
with:
cache: 'npm'
node-version-file: '.nvmrc'
- name: Debug info
run: |
cat <<EOF
Node version: $(node --version)
NPM version: $(npm --version)
GitHub ref: ${{ github.ref }}
GitHub head ref: ${{ github.head_ref }}
Working directory: $(pwd)
EOF
- name: Install NPM dependencies
run: npm ci
- name: Test
run: npm run test
- name: Install Python 2.7
if: matrix.os == 'macos-latest'
run: |
brew install pyenv
pyenv install 2.7.18
- name: Setup Keys for Fastlane
if: matrix.os == 'macos-latest'
uses: webfactory/ssh-agent@v0.7.0
with:
ssh-private-key: ${{ secrets.FASTLANE_DEPLOY_KEY }}
- name: Fastlane
env:
GIT_URL: ${{ secrets.FL_GIT_URL }}
STORAGE_MODE: ${{secrets.FL_STORAGE_MODE}}
MATCH_PASSWORD: ${{ secrets.MATCH_PASSWORD }}
if: matrix.os == 'macos-latest' && env.SCRATCH_SHOULD_SIGN == 'true'
run: fastlane circleci
- name: Build
timeout-minutes: 30 # macOS notarization can take a while
env:
# TODO: fix whatever is causing excessive memory usage during build
NODE_OPTIONS: --max-old-space-size=4096
# These will be blank on macOS and on unsigned builds
# macOS CSC info was set by Fastlane above
WIN_CSC_LINK: ${{ secrets.WIN_CSC_LINK }}
WIN_CSC_KEY_PASSWORD: ${{ secrets.WIN_CSC_KEY_PASSWORD }}
PYTHON_PATH: ${{ matrix.os == 'macos-latest' && '/Users/runner/.pyenv/versions/2.7.18/bin/python'}}
run: npm run ${{ env.SCRATCH_SHOULD_SIGN == true && 'dist' || 'distDev' }}
- name: Zip MAS-Dev build
if: matrix.os == 'macos-latest' && env.SCRATCH_SHOULD_SIGN == 'true'
run: |
NPM_APP_VERSION="`node -pe "require('./package.json').version"`"
cd dist/mas-dev
ditto -v -c -k --sequesterRsrc --keepParent --zlibCompressionLevel 9 \
Scratch*.app ../mas-dev-${NPM_APP_VERSION}.zip
- name: Upload macOS artifacts
uses: actions/upload-artifact@v3
if: matrix.os == 'macos-latest'
with:
name: macOS
path: |
dist/Scratch*.dmg
dist/mas/Scratch*.pkg
dist/mas-dev-*.zip
- name: Upload Windows artifacts
uses: actions/upload-artifact@v3
if: matrix.os == 'windows-latest'
with:
name: Windows
path: |
dist/Scratch*.appx
dist/Scratch*.exe

2
.gitignore vendored
View file

@ -27,7 +27,7 @@ npm-*
/locale /locale
# Fastlane # Fastlane
**/fastlane/Matchfile ## **/fastlane/Matchfile
**/fastlane/report.xml **/fastlane/report.xml
**/fastlane/Preview.html **/fastlane/Preview.html
**/fastlane/screenshots **/fastlane/screenshots

1
.nvmrc Normal file
View file

@ -0,0 +1 @@
v16

7
fastlane/Matchfile Normal file
View file

@ -0,0 +1,7 @@
git_url(ENV.fetch("GIT_URL"))
storage_mode(ENV.fetch("STORAGE_MODE"))
type("development") # The default type, can be: appstore, adhoc, enterprise or development
# app_identifier(["tools.fastlane.app", "tools.fastlane.app2"])
# username("user@fastlane.tools") # Your Apple Developer Portal username
app_identifier("edu.mit.scratch.scratch-desktop") # The bundle identifier of your app
username("bot-apple@scratch.mit.edu") # Your Apple email address

2
package.json
View file

@ -22,7 +22,7 @@
}, },
"repository": { "repository": {
"type": "git", "type": "git",
"url": "git+ssh://git@github.com/LLK/scratch-desktop.git" "url": "git+ssh://git@github.com/scratchfoundation/scratch-desktop.git"
}, },
"dependencies": { "dependencies": {
"source-map-support": "^0.5.19" "source-map-support": "^0.5.19"