scratchfoundation/scratch-desktop
1
0
Fork 0
mirror of https://github.com/scratchfoundation/scratch-desktop.git synced 2024-12-23 06:02:30 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions
scratch-desktop/.circleci/config.yml
Christopher Willis-Ford 62e23771db win: set WIN_CSC_LINK to filename
2020-07-24 17:07:21 -07:00

182 lines
7.4 KiB
YAML
Raw Blame History

version: 2.1
workflows:
macos:
jobs:
- build_for_macos:
context: scratch-desktop-and-link
windows:
jobs:
- build_for_windows:
context: scratch-desktop-and-link
orbs:
windows: circleci/windows@2.2.0
aliases:
- &should_sign
or:
- equal: [ develop, << pipeline.git.branch >> ]
- equal: [ main, << pipeline.git.branch >> ]
- equal: [ master, << pipeline.git.branch >> ]
jobs:
build_for_macos:
macos:
xcode: 11.1.0 # last version for which CircleCI uses macOS 10.14.x
steps:
- checkout
- npm_install:
npmCacheDir: ~/.npm
- run:
name: Test
command: npm run test
- when:
condition:
*should_sign
steps:
- run:
name: Import CI context
command: |
set -e
function decodeToFile () {
if [ -z "$1" ]; then
echo "Missing or invalid filename"
return 1
fi
if [ -z "$2" ]; then
echo "Missing environment variable contents for file: $1"
return 2
fi
echo "$2" | base64 --decode > "$1"
}
decodeToFile embedded.provisionprofile "${MAC_PROVISION_PROFILE}"
decodeToFile code-to-learn-macos.p12 "${CSC_MACOS}"
security -v create-keychain -p circleci circleci.keychain
security -v default-keychain -s circleci.keychain
security -v import code-to-learn-macos.p12 -k circleci.keychain -P "" -T /usr/bin/codesign -T /usr/bin/productbuild
security -v unlock-keychain -p circleci circleci.keychain
# "set-key-partition-list" prints extensive not-so-useful output and adding "-q" (even multiple times) doesn't suppress it.
# The "grep -v" at the end of this line suppresses all of that so any errors or warnings might be more visible.
security -v set-key-partition-list -S apple-tool:,apple:,codesign: -s -k circleci circleci.keychain | grep -v '^ 0x'
security -v set-keychain-settings -lut 600 circleci.keychain
security -v find-identity circleci.keychain
rm code-to-learn-macos.p12
- restore_cache:
name: Restore Homebrew cache
key: homebrew-cache-v1
- run:
name: Work around electron-userland/electron-builder#4964
command: |
brew install go go-bindata
git -C ~ clone https://github.com/develar/app-builder.git
git -C ~/app-builder checkout b85740334fec875f5dd8dcd22eb1f729599109db
make --directory=~/app-builder build
ln -sfv ~/app-builder/dist/app-builder_darwin_amd64/app-builder ./node_modules/app-builder-bin/mac/
- save_cache:
name: Save Homebrew cache
paths:
- ~/Library/Caches/Homebrew
- /usr/local/Homebrew
key: homebrew-cache-v1
- build
- run:
name: Move macOS build products to artifacts directory
command: |
mkdir -p Artifacts/
mv dist/{Scratch*.dmg,mas/Scratch*.pkg} Artifacts/
- store_artifacts:
path: Artifacts/
build_for_windows:
executor:
name: windows/default
shell: bash
steps:
- run:
# work around https://github.com/appveyor/ci/issues/2420 which seems to affect CircleCI too
# see also https://circleci.com/docs/2.0/env-vars/#using-parameters-and-bash-environment
name: Work around git-sh-setup issue
command: |
echo 'Adding libexec/git-core to PATH...'
echo 'For more details see https://github.com/appveyor/ci/issues/2420'
echo 'export PATH="$PATH:/c/Program Files/Git/mingw64/libexec/git-core"' >> $BASH_ENV
- checkout
- npm_install:
npmCacheDir: "C:/Users/circleci/AppData/Roaming/npm-cache"
- run:
name: Test
command: npm run test
- when:
condition:
*should_sign
steps:
- run:
name: Import CI context
shell: bash
command: |
set -e
function decodeToFile () {
if [ -z "$1" ]; then
echo "Missing or invalid filename"
return 1
fi
if [ -z "$2" ]; then
echo "Missing environment variable contents for file: $1"
return 2
fi
echo "$2" | base64 --decode > "$1"
}
decodeToFile ~/codesign.pfx "${WIN_CSC_LINK}"
- run:
# In theory this should be unnecessary: the electron-builder documentation says that WIN_CSC_LINK can
# be a base64-encoded certificate, which is what's in the CI context. In practice that leads to an
# signtool.exe finding the certificate but not the key, for reasons I haven't been able to understand.
# Also, because of the non-standard user configuration on CircleCI's Windows VM, attempting to import
# a certificate into the user's certificate store ("Cert:/LocalUser/My") will fail. Instead, this code
# imports the PFX into the machine certificate store. That usually requires Administrator permissions,
# but on CircleCI's setup it works just fine. See also: https://github.com/ShabadOS/desktop/issues/265
# and https://github.com/ShabadOS/desktop/pull/266
name: Add CSC to machine store
shell: powershell
command: |
$securePassword = (ConvertTo-SecureString -String $env:WIN_CSC_KEY_PASSWORD -AsPlainText -Force)
Import-PfxCertificate -FilePath ~/codesign.pfx -Password $securePassword -CertStoreLocation "Cert:/LocalMachine/My"
- build
- run:
name: Move Windows build products to artifacts directory
command: |
mkdir -p Artifacts/
mv dist/{Scratch*.appx,Scratch*.exe} Artifacts/
- store_artifacts:
path: Artifacts/
commands:
npm_install:
description: Run 'npm install' with caching
parameters:
npmCacheDir:
type: string
description: NPM cache directory (`npm config cache get`) - usually either ~/.npm or %AppData%/npm-cache
steps:
- restore_cache:
keys:
- npm-cache-{{ arch }}-{{ checksum "package-lock.json" }}
- run:
name: Install node_modules
# --prefer-offline "will make npm skip any conditional requests (304 checks) for stale cache data, and only
# hit the network if something is missing from the cache"
command: npm ci --prefer-offline
- save_cache:
paths:
- << parameters.npmCacheDir >>
key: npm-cache-{{ arch }}-{{ checksum "package-lock.json" }}
build:
steps:
- when:
condition:
*should_sign
steps:
- run:
command: npm run dist
environment:
- WIN_CSC_LINK: ~/codesign.pfx
- unless:
condition:
*should_sign
steps:
- run: npm run distDev
Reference in a new issue View git blame Copy permalink