mirror of
https://github.com/scratchfoundation/scratch-desktop.git
synced 2024-12-23 06:02:30 -05:00
163 lines
6.2 KiB
YAML
163 lines
6.2 KiB
YAML
version: 2.1
|
|
workflows:
|
|
macos:
|
|
jobs:
|
|
- build_for_macos:
|
|
context: scratch-desktop-and-link
|
|
windows:
|
|
jobs:
|
|
- build_for_windows:
|
|
context: scratch-desktop-and-link
|
|
orbs:
|
|
windows: circleci/windows@2.2.0
|
|
aliases:
|
|
- &should_sign
|
|
or:
|
|
- equal: [ develop, << pipeline.git.branch >> ]
|
|
- equal: [ main, << pipeline.git.branch >> ]
|
|
- equal: [ master, << pipeline.git.branch >> ]
|
|
jobs:
|
|
build_for_macos:
|
|
macos:
|
|
xcode: 11.1.0 # last version for which CircleCI uses macOS 10.14.x
|
|
steps:
|
|
- checkout
|
|
- npm_install:
|
|
npmCacheDir: ~/.npm
|
|
- run:
|
|
name: Test
|
|
command: npm run test
|
|
- when:
|
|
condition:
|
|
*should_sign
|
|
steps:
|
|
- run:
|
|
name: Import CI context
|
|
command: |
|
|
set -e
|
|
function decodeToFile () {
|
|
if [ -z "$1" ]; then
|
|
echo "Missing or invalid filename"
|
|
return 1
|
|
fi
|
|
if [ -z "$2" ]; then
|
|
echo "Missing environment variable contents for file: $1"
|
|
return 2
|
|
fi
|
|
echo "$2" | base64 --decode > "$1"
|
|
}
|
|
decodeToFile embedded.provisionprofile "${MAC_PROVISION_PROFILE}"
|
|
decodeToFile code-to-learn-macos.p12 "${CSC_MACOS}"
|
|
security -v create-keychain -p circleci circleci.keychain
|
|
security -v default-keychain -s circleci.keychain
|
|
security -v import code-to-learn-macos.p12 -k circleci.keychain -P "" -T /usr/bin/codesign -T /usr/bin/productbuild
|
|
security -v unlock-keychain -p circleci circleci.keychain
|
|
# "set-key-partition-list" prints extensive not-so-useful output and adding "-q" (even multiple times) doesn't suppress it.
|
|
# The "grep -v" at the end of this line suppresses all of that so any errors or warnings might be more visible.
|
|
security -v set-key-partition-list -S apple-tool:,apple:,codesign: -s -k circleci circleci.keychain | grep -v '^ 0x'
|
|
security -v set-keychain-settings -lut 600 circleci.keychain
|
|
security -v find-identity circleci.keychain
|
|
rm code-to-learn-macos.p12
|
|
- restore_cache:
|
|
name: Restore Homebrew cache
|
|
key: homebrew-cache-v1
|
|
- run:
|
|
name: Work around electron-userland/electron-builder#4964
|
|
command: |
|
|
brew install go go-bindata
|
|
git -C ~ clone https://github.com/develar/app-builder.git
|
|
git -C ~/app-builder checkout b85740334fec875f5dd8dcd22eb1f729599109db
|
|
make --directory=~/app-builder build
|
|
ln -sfv ~/app-builder/dist/app-builder_darwin_amd64/app-builder ./node_modules/app-builder-bin/mac/
|
|
- save_cache:
|
|
name: Save Homebrew cache
|
|
paths:
|
|
- ~/Library/Caches/Homebrew
|
|
- /usr/local/Homebrew
|
|
key: homebrew-cache-v1
|
|
- build
|
|
- run:
|
|
name: Move macOS build products to artifacts directory
|
|
command: |
|
|
mkdir -p Artifacts/
|
|
mv dist/{Scratch*.dmg,mas/Scratch*.pkg} Artifacts/
|
|
- store_artifacts:
|
|
path: Artifacts/
|
|
build_for_windows:
|
|
executor:
|
|
name: windows/default
|
|
shell: bash
|
|
steps:
|
|
- run:
|
|
# work around https://github.com/appveyor/ci/issues/2420 which seems to affect CircleCI too
|
|
# see also https://circleci.com/docs/2.0/env-vars/#using-parameters-and-bash-environment
|
|
name: Work around git-sh-setup issue
|
|
command: |
|
|
echo 'Adding libexec/git-core to PATH...'
|
|
echo 'For more details see https://github.com/appveyor/ci/issues/2420'
|
|
echo 'export PATH="$PATH:/c/Program Files/Git/mingw64/libexec/git-core"' >> $BASH_ENV
|
|
- checkout
|
|
- npm_install:
|
|
npmCacheDir: "C:/Users/circleci/AppData/Roaming/npm-cache"
|
|
- run:
|
|
name: Test
|
|
command: npm run test
|
|
- when:
|
|
condition:
|
|
false #*should_sign
|
|
steps:
|
|
- run:
|
|
name: Import code-signing certificate
|
|
shell: powershell
|
|
command: |
|
|
$ErrorActionPreference = "Stop"
|
|
# TODO: is there a way to avoid creating a temporary file?
|
|
$tempPfx = New-TemporaryFile
|
|
try {
|
|
$env:WIN_CSC_LINK | Set-Content $tempPfx
|
|
$securePassword = (ConvertTo-SecureString -String $env:WIN_CSC_KEY_PASSWORD -AsPlainText -Force)
|
|
Import-PfxCertificate -FilePath $tempPfx -Password $securePassword -CertStoreLocation "Cert:/LocalMachine/My"
|
|
}
|
|
finally {
|
|
Remove-Item -Force $tempPfx
|
|
}
|
|
- build
|
|
- run:
|
|
name: Move Windows build products to artifacts directory
|
|
command: |
|
|
mkdir -p Artifacts/
|
|
mv dist/{Scratch*.appx,Scratch*.exe} Artifacts/
|
|
- store_artifacts:
|
|
path: Artifacts/
|
|
commands:
|
|
npm_install:
|
|
description: Run 'npm install' with caching
|
|
parameters:
|
|
npmCacheDir:
|
|
type: string
|
|
description: NPM cache directory (`npm config cache get`) - usually either ~/.npm or %AppData%/npm-cache
|
|
steps:
|
|
- restore_cache:
|
|
keys:
|
|
- npm-cache-{{ arch }}-{{ checksum "package-lock.json" }}
|
|
- run:
|
|
name: Install node_modules
|
|
# --prefer-offline "will make npm skip any conditional requests (304 checks) for stale cache data, and only
|
|
# hit the network if something is missing from the cache"
|
|
command: npm ci --prefer-offline
|
|
- save_cache:
|
|
paths:
|
|
- << parameters.npmCacheDir >>
|
|
key: npm-cache-{{ arch }}-{{ checksum "package-lock.json" }}
|
|
build:
|
|
steps:
|
|
- when:
|
|
condition:
|
|
*should_sign
|
|
steps:
|
|
- run: npm run dist
|
|
- unless:
|
|
condition:
|
|
*should_sign
|
|
steps:
|
|
- run: npm run distDev
|