mirror of
https://github.com/scratchfoundation/scratch-desktop.git
synced 2025-01-18 10:19:48 -05:00
Merge pull request #341 from scratchfoundation/gha
Migrate scratch-desktop to GitHub Actions
This commit is contained in:
commit
d2f11a80e8
6 changed files with 111 additions and 218 deletions
|
@ -1,216 +0,0 @@
|
|||
version: 2.1
|
||||
workflows:
|
||||
macos:
|
||||
jobs:
|
||||
- build_for_macos:
|
||||
context: scratch-desktop-and-link
|
||||
windows:
|
||||
jobs:
|
||||
- build_for_windows:
|
||||
context: scratch-desktop-and-link
|
||||
orbs:
|
||||
node: circleci/node@5.1.0
|
||||
windows: circleci/windows@5.0.0
|
||||
aliases:
|
||||
# condition to indicate whether or not we should sign this build
|
||||
- &should_sign
|
||||
or:
|
||||
- equal: [ develop, << pipeline.git.branch >> ]
|
||||
- equal: [ main, << pipeline.git.branch >> ]
|
||||
- equal: [ master, << pipeline.git.branch >> ]
|
||||
# clear large environment variables from the "scratch-desktop-and-link" context
|
||||
# this helps when a program (like NPM) encounters errors with a large environment
|
||||
- &clear_context
|
||||
CSC_MACOS: ""
|
||||
MAC_PROVISION_PROFILE: ""
|
||||
SDM_CERT: ""
|
||||
SDM_CERT_CA_BUNDLE: ""
|
||||
SDM_CERT_KEY: ""
|
||||
WIN_CSC_LINK: ""
|
||||
jobs:
|
||||
build_for_macos:
|
||||
macos:
|
||||
# See https://circleci.com/docs/using-macos/#supported-xcode-versions for CircleCI's supported Xcode versions
|
||||
xcode: 12.5.1
|
||||
resource_class: macos.x86.medium.gen2 # "medium" has been deprecated
|
||||
steps:
|
||||
- node/install:
|
||||
node-version: "16.*"
|
||||
- run: node --version && npm --version
|
||||
- checkout
|
||||
- node/install-packages:
|
||||
include-branch-in-cache-key: false
|
||||
override-ci-command: npm ci --loglevel info --prefer-offline
|
||||
- run:
|
||||
name: Test
|
||||
command: npm run test
|
||||
- when:
|
||||
condition:
|
||||
*should_sign
|
||||
steps:
|
||||
- add_ssh_keys
|
||||
- run:
|
||||
name: Import CI context
|
||||
command: |
|
||||
set -e
|
||||
fastlane circleci
|
||||
- restore_cache:
|
||||
# Caching Homebrew's files (see the save_cache step below) means that Homebrew doesn't have to update as
|
||||
# much. The Homebrew update can take several minutes without this, but with the cache it tends to take less
|
||||
# than a minute most of the time. The cache will expire periodically and be replaced by a more up-to-date
|
||||
# cache, which should effectively cap the amount of updating that Homebrew needs to do on top of the cache.
|
||||
name: Restore Homebrew cache
|
||||
key: homebrew-cache-v2
|
||||
- run:
|
||||
name: Work around electron-userland/electron-builder#4964
|
||||
environment:
|
||||
HOMEBREW_NO_AUTO_UPDATE: 1
|
||||
command: |
|
||||
brew install go go-bindata
|
||||
git -C ~ clone https://github.com/develar/app-builder.git
|
||||
git -C ~/app-builder checkout b85740334fec875f5dd8dcd22eb1f729599109db
|
||||
make --directory=~/app-builder build
|
||||
ln -sfv ~/app-builder/dist/app-builder_darwin_amd64/app-builder ./node_modules/app-builder-bin/mac/
|
||||
- save_cache:
|
||||
name: Save Homebrew cache
|
||||
paths:
|
||||
- ~/Library/Caches/Homebrew
|
||||
- /Library/Caches/Homebrew
|
||||
key: homebrew-cache-v2
|
||||
- build
|
||||
- run:
|
||||
name: Move DMG to artifacts directory
|
||||
command: |
|
||||
mkdir -p Artifacts/
|
||||
mv -v dist/Scratch*.dmg Artifacts/
|
||||
- when:
|
||||
condition:
|
||||
*should_sign
|
||||
steps:
|
||||
- run:
|
||||
name: Zip MAS-Dev to artifacts directory
|
||||
# If you use `zip` for this it will throw away some metadata (resource forks?) and
|
||||
# the app will crash on startup with "EXC_CRASH (Code Signature Invalid)".
|
||||
# To preserve that metadata, use `ditto` instead.
|
||||
# See also: https://stackoverflow.com/a/22370486
|
||||
command: |
|
||||
NPM_APP_VERSION="`node -pe "require('./package.json').version"`"
|
||||
cd dist/mas-dev
|
||||
ditto -v -c -k --sequesterRsrc --keepParent --zlibCompressionLevel 9 \
|
||||
Scratch*.app ../../Artifacts/mas-dev-${NPM_APP_VERSION}.zip
|
||||
- run:
|
||||
name: Move PKG to artifacts directory
|
||||
command: |
|
||||
mv -v dist/mas/Scratch*.pkg Artifacts/
|
||||
- store_artifacts:
|
||||
path: Artifacts/
|
||||
build_for_windows:
|
||||
executor:
|
||||
name: windows/default
|
||||
shell: bash.exe # defaulting to bash at the executor level makes the Node orb kinda work
|
||||
steps:
|
||||
- run:
|
||||
# work around https://github.com/appveyor/ci/issues/2420 which seems to affect CircleCI too
|
||||
# see also https://circleci.com/docs/2.0/env-vars/#using-parameters-and-bash-environment
|
||||
name: Work around git-sh-setup issue
|
||||
shell: bash
|
||||
command: |
|
||||
echo 'Adding libexec/git-core to PATH...'
|
||||
echo 'For more details see https://github.com/appveyor/ci/issues/2420'
|
||||
echo 'export PATH="$PATH:/c/Program Files/Git/mingw64/libexec/git-core"' >> $BASH_ENV
|
||||
- run: # node/install doesn't work right on Windows
|
||||
name: Install Node
|
||||
# as of today, the Windows image comes with nvm 1.1.7
|
||||
# nvm version 1.1.9 fixes an issue leading to "npm ERR! Unexpected token '.'"
|
||||
# nvm version 1.1.10 will support "nvm install 16"
|
||||
# but for now it needs the exact version
|
||||
command: |
|
||||
choco upgrade --yes nvm.portable
|
||||
nvm --version
|
||||
nvm install 16.20.0
|
||||
nvm use 16.20.0
|
||||
- run: node --version && npm --version
|
||||
- checkout
|
||||
- node/install-packages:
|
||||
# the Node orb doesn't understand the default cache path on Windows
|
||||
# make sure to use a path that works with Windows Node.js AND MSYS/MinGW bash
|
||||
cache-path: "C:/tmp/npm-cache"
|
||||
include-branch-in-cache-key: false
|
||||
override-ci-command: npm ci --loglevel info --prefer-offline
|
||||
- run:
|
||||
name: Test
|
||||
command: npm run test
|
||||
environment: *clear_context
|
||||
- when:
|
||||
condition:
|
||||
*should_sign
|
||||
steps:
|
||||
- run:
|
||||
name: Import CI context
|
||||
shell: bash
|
||||
command: |
|
||||
set -e
|
||||
function decodeToFile () {
|
||||
if [ -z "$1" ]; then
|
||||
echo "Missing or invalid filename"
|
||||
return 1
|
||||
fi
|
||||
if [ -z "$2" ]; then
|
||||
echo "Missing environment variable contents for file: $1"
|
||||
return 2
|
||||
fi
|
||||
echo "$2" | base64 --decode > "$1"
|
||||
}
|
||||
decodeToFile ~/codesign.pfx "${WIN_CSC_LINK}"
|
||||
- run:
|
||||
# In theory this should be unnecessary: the electron-builder documentation says that WIN_CSC_LINK can
|
||||
# be a base64-encoded certificate, which is what's in the CI context. In practice that leads to an
|
||||
# signtool.exe finding the certificate but not the key, for reasons I haven't been able to understand.
|
||||
# Also, because of the non-standard user configuration on CircleCI's Windows VM, attempting to import
|
||||
# a certificate into the user's certificate store ("Cert:/LocalUser/My") will fail. Instead, this code
|
||||
# imports the PFX into the machine certificate store. That usually requires Administrator permissions,
|
||||
# but on CircleCI's setup it works just fine. See also: https://github.com/ShabadOS/desktop/issues/265
|
||||
# and https://github.com/ShabadOS/desktop/pull/266
|
||||
name: Add CSC to machine store
|
||||
shell: powershell
|
||||
command: |
|
||||
$securePassword = (ConvertTo-SecureString -String $env:WIN_CSC_KEY_PASSWORD -AsPlainText -Force)
|
||||
Import-PfxCertificate -FilePath ~/codesign.pfx -Password $securePassword -CertStoreLocation "Cert:/LocalMachine/My"
|
||||
- build
|
||||
- run:
|
||||
name: Move Windows build products to artifacts directory
|
||||
shell: bash
|
||||
command: |
|
||||
mkdir -p Artifacts/
|
||||
mv dist/{Scratch*.appx,Scratch*.exe} Artifacts/
|
||||
- store_artifacts:
|
||||
path: Artifacts/
|
||||
commands:
|
||||
build:
|
||||
steps:
|
||||
- when:
|
||||
condition:
|
||||
*should_sign
|
||||
steps:
|
||||
- run:
|
||||
command: npm run dist
|
||||
no_output_timeout: 30m # macOS notarization can take longer than the default 10 minutes
|
||||
environment:
|
||||
# blank big variables to avoid crash on Windows
|
||||
<<: *clear_context
|
||||
# let Windows know where to get the PFX (ignored on non-Windows builds)
|
||||
WIN_CSC_LINK: ~/codesign.pfx
|
||||
# blank CIRCLE_BUILD_NUM to work around electron-userland/electron-builder#5016
|
||||
CIRCLE_BUILD_NUM: ""
|
||||
# increased Node memory needed for macOS build
|
||||
NODE_OPTIONS: --max-old-space-size=4096
|
||||
- unless:
|
||||
condition:
|
||||
*should_sign
|
||||
steps:
|
||||
- run:
|
||||
command: npm run distDev
|
||||
environment:
|
||||
<<: *clear_context
|
||||
# increased Node memory needed for macOS build
|
||||
NODE_OPTIONS: --max-old-space-size=4096
|
101
.github/workflows/ci-cd.yml
vendored
Normal file
101
.github/workflows/ci-cd.yml
vendored
Normal file
|
@ -0,0 +1,101 @@
|
|||
name: CI/CD
|
||||
on:
|
||||
push:
|
||||
|
||||
concurrency:
|
||||
group: '${{ github.workflow }} @ ${{ github.head_ref || github.ref }}'
|
||||
|
||||
permissions:
|
||||
contents: write # publish a GitHub release
|
||||
pages: write # deploy to GitHub Pages
|
||||
issues: write # comment on released issues
|
||||
pull-requests: write # comment on released pull requests
|
||||
|
||||
jobs:
|
||||
ci-cd:
|
||||
strategy:
|
||||
matrix:
|
||||
os:
|
||||
- macos-latest
|
||||
- windows-latest
|
||||
runs-on: ${{ matrix.os }}
|
||||
defaults:
|
||||
run:
|
||||
shell: bash
|
||||
environment:
|
||||
name: ${{ matrix.os }}
|
||||
env:
|
||||
SCRATCH_SHOULD_SIGN: ${{ github.ref_name == 'main' }}
|
||||
AC_USERNAME: ${{ github.ref_name == 'main' && secrets.AC_USERNAME }}
|
||||
AC_PASSWORD: ${{ github.ref_name == 'main' && secrets.AC_PASSWORD }}
|
||||
steps:
|
||||
- uses: actions/checkout@v3
|
||||
- uses: actions/setup-node@v3
|
||||
with:
|
||||
cache: 'npm'
|
||||
node-version-file: '.nvmrc'
|
||||
- name: Debug info
|
||||
run: |
|
||||
cat <<EOF
|
||||
Node version: $(node --version)
|
||||
NPM version: $(npm --version)
|
||||
GitHub ref: ${{ github.ref }}
|
||||
GitHub head ref: ${{ github.head_ref }}
|
||||
Working directory: $(pwd)
|
||||
EOF
|
||||
- name: Install NPM dependencies
|
||||
run: npm ci
|
||||
- name: Test
|
||||
run: npm run test
|
||||
- name: Install Python 2.7
|
||||
if: matrix.os == 'macos-latest'
|
||||
run: |
|
||||
brew install pyenv
|
||||
pyenv install 2.7.18
|
||||
- name: Setup Keys for Fastlane
|
||||
if: matrix.os == 'macos-latest'
|
||||
uses: webfactory/ssh-agent@v0.7.0
|
||||
with:
|
||||
ssh-private-key: ${{ secrets.FASTLANE_DEPLOY_KEY }}
|
||||
- name: Fastlane
|
||||
env:
|
||||
GIT_URL: ${{ secrets.FL_GIT_URL }}
|
||||
STORAGE_MODE: ${{secrets.FL_STORAGE_MODE}}
|
||||
MATCH_PASSWORD: ${{ secrets.MATCH_PASSWORD }}
|
||||
if: matrix.os == 'macos-latest' && env.SCRATCH_SHOULD_SIGN == 'true'
|
||||
run: fastlane circleci
|
||||
- name: Build
|
||||
timeout-minutes: 30 # macOS notarization can take a while
|
||||
env:
|
||||
# TODO: fix whatever is causing excessive memory usage during build
|
||||
NODE_OPTIONS: --max-old-space-size=4096
|
||||
# These will be blank on macOS and on unsigned builds
|
||||
# macOS CSC info was set by Fastlane above
|
||||
WIN_CSC_LINK: ${{ secrets.WIN_CSC_LINK }}
|
||||
WIN_CSC_KEY_PASSWORD: ${{ secrets.WIN_CSC_KEY_PASSWORD }}
|
||||
PYTHON_PATH: ${{ matrix.os == 'macos-latest' && '/Users/runner/.pyenv/versions/2.7.18/bin/python'}}
|
||||
run: npm run ${{ env.SCRATCH_SHOULD_SIGN == true && 'dist' || 'distDev' }}
|
||||
- name: Zip MAS-Dev build
|
||||
if: matrix.os == 'macos-latest' && env.SCRATCH_SHOULD_SIGN == 'true'
|
||||
run: |
|
||||
NPM_APP_VERSION="`node -pe "require('./package.json').version"`"
|
||||
cd dist/mas-dev
|
||||
ditto -v -c -k --sequesterRsrc --keepParent --zlibCompressionLevel 9 \
|
||||
Scratch*.app ../mas-dev-${NPM_APP_VERSION}.zip
|
||||
- name: Upload macOS artifacts
|
||||
uses: actions/upload-artifact@v3
|
||||
if: matrix.os == 'macos-latest'
|
||||
with:
|
||||
name: macOS
|
||||
path: |
|
||||
dist/Scratch*.dmg
|
||||
dist/mas/Scratch*.pkg
|
||||
dist/mas-dev-*.zip
|
||||
- name: Upload Windows artifacts
|
||||
uses: actions/upload-artifact@v3
|
||||
if: matrix.os == 'windows-latest'
|
||||
with:
|
||||
name: Windows
|
||||
path: |
|
||||
dist/Scratch*.appx
|
||||
dist/Scratch*.exe
|
2
.gitignore
vendored
2
.gitignore
vendored
|
@ -27,7 +27,7 @@ npm-*
|
|||
/locale
|
||||
|
||||
# Fastlane
|
||||
**/fastlane/Matchfile
|
||||
## **/fastlane/Matchfile
|
||||
**/fastlane/report.xml
|
||||
**/fastlane/Preview.html
|
||||
**/fastlane/screenshots
|
||||
|
|
1
.nvmrc
Normal file
1
.nvmrc
Normal file
|
@ -0,0 +1 @@
|
|||
v16
|
7
fastlane/Matchfile
Normal file
7
fastlane/Matchfile
Normal file
|
@ -0,0 +1,7 @@
|
|||
git_url(ENV.fetch("GIT_URL"))
|
||||
storage_mode(ENV.fetch("STORAGE_MODE"))
|
||||
type("development") # The default type, can be: appstore, adhoc, enterprise or development
|
||||
# app_identifier(["tools.fastlane.app", "tools.fastlane.app2"])
|
||||
# username("user@fastlane.tools") # Your Apple Developer Portal username
|
||||
app_identifier("edu.mit.scratch.scratch-desktop") # The bundle identifier of your app
|
||||
username("bot-apple@scratch.mit.edu") # Your Apple email address
|
|
@ -22,7 +22,7 @@
|
|||
},
|
||||
"repository": {
|
||||
"type": "git",
|
||||
"url": "git+ssh://git@github.com/LLK/scratch-desktop.git"
|
||||
"url": "git+ssh://git@github.com/scratchfoundation/scratch-desktop.git"
|
||||
},
|
||||
"dependencies": {
|
||||
"source-map-support": "^0.5.19"
|
||||
|
|
Loading…
Reference in a new issue