Skip to content
Publish Release

Release v1.3.4 #384

Sign in to view logs

Release v1.3.4

Release v1.3.4 #384

Workflow file for this run

.github/workflows/release.yml at c288638
name: Publish Release
on:
push:
tags:
- 'v*'
jobs:
build:
runs-on: ${{ matrix.image }}
strategy:
matrix:
include:
- image: macos-latest
id: macos
platform: macos
node: mac-amd64
arch: '' # x64
- image: windows-latest
id: windows
platform: windows
node: win-amd64
arch: '' # x64
- image: ubuntu-latest
id: linux
platform: linux
node: linux-amd64
arch: amd64
- image: [self-hosted, macos, arm64]
id: macos-arm64
platform: macos
node: mac-arm64
arch: arm64
- image: [self-hosted, linux, arm64]
id: linux-arm64
platform: linux
node: linux-arm64
arch: arm64
outputs:
tagName: ${{ steps.tagName.outputs.tag }}
version: ${{ steps.package-version.outputs.version }}
steps:
# Prepare workspace
- name: Check out Git repository
uses: actions/checkout@v2
- name: Install Node.js, NPM
id: setup-node
uses: actions/setup-node@v3
with:
node-version-file: 'package.json'
- name: Install Yarn
run: npm install -g [email protected]
- name: Get node_modules cache
uses: actions/[email protected]
id: node_modules
with:
path: |
**/node_modules
# Add node version as a cache key to avoid yarn recompilation for particular node as it doesn't change often
key: ${{ matrix.arch }}-${{ runner.os }}-node_modules-${{ hashFiles('**/yarn.lock') }}-${{ steps.setup-node.outputs.node-version }}
- name: Get Smapp version
id: package-version
uses: tyankatsu0105/read-package-version-actions@v1
- uses: olegtarasov/[email protected]
id: tagName
- name: Tag and version are equals
if: ${{ steps.tagName.outputs.tag != format('v{0}', steps.package-version.outputs.version) }}
run: |
echo "Tag does not match Version."
echo "Tag: ${{ steps.tagName.outputs.tag }}"
echo "Version: v${{ steps.package-version.outputs.version }}"
exit 1
# Install & Lint
- name: yarn install
run: |
yarn config set network-timeout 300000
yarn install --prefer-offline --immutable
- name: Lint
run: yarn lint
# Download go-spacemesh
- name: Get specified Go-spacemesh version
id: latestNode
run: echo "::set-output name=version::$(cat ./node/use-version)"
- name: Restore go-spacemesh from cache
id: cache-gospacemesh
uses: actions/cache@v3
with:
path: |
./node/*
!./node/use-version
key: ${{ matrix.node }}-${{ hashFiles('./node/use-version') }}-4
restore-keys: ${{ matrix.node }}-${{ hashFiles('./node/use-version') }}-4
- name: Prepare link to go-spacemesh release archive
if: steps.cache-gospacemesh.outputs.cache-hit != 'true'
id: node-link
run: |
echo "::set-output name=link::https://storage.googleapis.com/go-spacemesh-release-builds/${{ steps.latestNode.outputs.version }}/go-spacemesh-${{ steps.latestNode.outputs.version }}-${{ matrix.node }}.zip"
- name: Check for go-spacemesh release archive existence
if: steps.cache-gospacemesh.outputs.cache-hit != 'true'
run: |
[[ $(curl -I -L -w "%{http_code}" -o ${{ matrix.platform == 'windows' && 'NUL' || '/dev/null'}} ${{steps.node-link.outputs.link}}) == "200" ]] &&
echo "Atifacts found: ${{steps.node-link.outputs.link}}" && exit 0 ||
echo "Not found: ${{steps.node-link.outputs.link}}" && exit 1
shell: bash
- id: platform
if: steps.cache-gospacemesh.outputs.cache-hit != 'true'
run: |
echo "::set-output name=dir::${{ matrix.platform == 'windows' && 'windows' || matrix.platform == 'macos' && 'mac' || 'linux'}}"
echo "::set-output name=ext::${{ matrix.platform == 'windows' && '.exe' || ''}}"
echo "::set-output name=rm_flag::${{ matrix.platform == 'windows' && '-Recurse -Force' || '-rf' }}"
- name: Download go-spacemesh release archive
if: steps.cache-gospacemesh.outputs.cache-hit != 'true'
run: |
curl -L --output ./node/release.zip --create-dirs ${{steps.node-link.outputs.link}}
- name: Unzip archive & get rid of redundant files
if: steps.cache-gospacemesh.outputs.cache-hit != 'true'
run: |
7z e -onode/${{ steps.platform.outputs.dir }}/ ./node/release.zip 'go-spacemesh*' '*.dylib' 'Molt*' '*.so' '*.dll' '*.lib' '*.h' 'profiler*' -r
- name: Set CHMOD on Go-Spacemesh and libs
if: matrix.platform != 'windows'
run: chmod -R +x ./node/${{ steps.platform.outputs.dir }}/*
- name: Disable quarantine for Go-Spacemesh and libs (macOS x64)
if: matrix.id == 'macos'
run: sudo xattr -rd com.apple.quarantine ./node/${{ steps.platform.outputs.dir }}/*
- name: Disable quarantine for Go-Spacemesh and libs (macOS ARM64)
if: matrix.id == 'macos-arm64'
run: sudo /Users/aviv/xattr.sh
- name: ls archive and ./node
run: |
7z l ./node/release.zip
ls ${{matrix.platform != 'windows' && '-la' || ''}} ./node/${{ steps.platform.outputs.dir }}/
- name: Install libOpenCL.so
if: matrix.id == 'linux'
run: |
sudo apt update
sudo apt install ocl-icd-opencl-dev
# Run tests and build
- name: Test
if: matrix.image == 'macos-latest'
run: yarn test --forceExit
- name: Build
run: yarn build
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
SENTRY_DSN: ${{ secrets.SENTRY_DSN }}
SENTRY_AUTH_TOKEN: ${{ secrets.SENTRY_AUTH_TOKEN }}
# Create binaries
- if: matrix.platform == 'linux'
name: Build linux app
run: yarn package-linux
env:
SENTRY_DSN: ${{ secrets.SENTRY_DSN }}
SENTRY_AUTH_TOKEN: ${{ secrets.SENTRY_AUTH_TOKEN }}
USE_SYSTEM_FPM: ${{ matrix.id == 'linux-arm64' && 'true' }}
- if: matrix.platform == 'windows'
name: Build windows app
run: yarn package-win
env:
SENTRY_DSN: ${{ secrets.SENTRY_DSN }}
SENTRY_AUTH_TOKEN: ${{ secrets.SENTRY_AUTH_TOKEN }}
- if: matrix.platform == 'macos'
name: Build mac app
run: yarn package-mac
env:
SENTRY_DSN: ${{ secrets.SENTRY_DSN }}
SENTRY_AUTH_TOKEN: ${{ secrets.SENTRY_AUTH_TOKEN }}
CSC_LINK: ${{ secrets.SIGNING_CERTIFICATE_P12_DATA }}
CSC_KEY_PASSWORD: ${{ secrets.SIGNING_CERTIFICATE_PASSWORD }}
APPLEID: ${{ secrets.APPLE_ID }}
APPLEIDPASS: ${{ secrets.APPLE_ID_PASS }}
APPLETEAMID: ${{ secrets.APPLE_TEAM_ID }}
# TODO: Move notarizing MacOS application to another job, like `sign-win-app`
# Copy checksum util to release dir
- name: Copy checksum tool
shell: bash
run: cp ./scripts/checksum.js ./release/checksum.js
# Store artifacts for further jobs
- name: Store artifacts
uses: actions/upload-artifact@v2
with:
name: ${{ matrix.id }}
path: |
./release/*
!./release/*-unpacked
!./release/mac*
if-no-files-found: error
sign-win-app:
# CodeSignTool works perfectly on any platform even it signs a windows file
# So we use ubuntu to make job faster and more stable
runs-on: ubuntu-latest
needs: build
steps:
- name: Download windows artifact
uses: actions/download-artifact@v2
with:
name: windows
path: ./release/
- name: Cache CodeSignTool
id: cache-codesigntool
uses: actions/cache@v3
with:
path: ./codesigntool
key: codesign-cache-2
restore-keys: codesign-cache-2
- name: Download CodeSignTool archive
if: steps.cache-codesigntool.outputs.cache-hit != 'true'
run: |
curl -L -k --output ./codesigntool.zip --create-dirs https://storage.googleapis.com/smapp/tools/codesigntool.zip
- name: Unzip archive
if: steps.cache-codesigntool.outputs.cache-hit != 'true'
run: |
unzip -d ./codesigntool/ ./codesigntool.zip
chmod 755 ./codesigntool/*
# CodeSignTool requires Java 11 and ubuntu-latest uses it by default
# but to make it robust add extra step to ensure a Java version
- name: Switch to Java 11
uses: actions/setup-java@v2
with:
distribution: 'adopt'
java-version: '11'
- name: Create directory for signed artifact
run: mkdir -p ./signed/
- name: Sign App
# Rename file and then vice versa, because CodeSignTool can't accept path with spaces
run: |
mv "./release/Spacemesh Setup ${{ needs.build.outputs.version }}.exe" ./release/spacemesh.exe
(cd ./codesigntool; ./CodeSignTool.sh sign -username=$USERNAME -password=$PASSWORD -totp_secret=$TOTP -input_file_path="../release/spacemesh.exe" -output_dir_path=../signed)
mv ./signed/spacemesh.exe "./signed/Spacemesh Setup ${{ needs.build.outputs.version }}.exe"
env:
USERNAME: ${{ secrets.EVCS_USERNAME }}
PASSWORD: ${{ secrets.EVCS_PASSWORD }}
TOTP: ${{ secrets.EVCS_TOTP_SECRET }}
- name: Copy latest.yml
run: cp "./release/latest.yml" "./signed/latest.yml"
- name: Install Node.js, NPM
uses: actions/setup-node@v2-beta
with:
node-version: '16'
- name: Get new sha512
id: sha512
run: |
echo "::set-output name=value::$(node ./release/checksum.js "./signed/Spacemesh Setup ${{ needs.build.outputs.version }}.exe")"
- name: Update latest.yml (sha512)
uses: endaft/[email protected]
with:
file: ./signed/latest.yml
path: sha512
set: ${{steps.sha512.outputs.value}}
- name: Update latest.yml (files.0.sha512)
uses: endaft/[email protected]
with:
file: ./signed/latest.yml
path: files.0.sha512
set: ${{steps.sha512.outputs.value}}
- name: Store signed artifact
uses: actions/upload-artifact@v2
with:
name: windows-signed
path: ./signed/*
if-no-files-found: error
sign-app-image:
runs-on: ubuntu-latest
needs: build
steps:
- name: Download x64 artifact
uses: actions/download-artifact@v2
with:
name: linux
path: ./release/linux
- name: Download arm64 artifact
uses: actions/download-artifact@v2
with:
name: linux-arm64
path: ./release/linux-arm64
- name: Set filename
id: filename
run: |
echo "::set-output name=x64::Spacemesh-${{ needs.build.outputs.version }}.AppImage"
echo "::set-output name=arm64::Spacemesh-${{ needs.build.outputs.version }}-arm64.AppImage"
- name: Import GPG keys
run: |
export GPG_TTY=$(tty)
echo -n "$GPG_SIGNING_KEY" | base64 --decode | gpg --import --pinentry-mode=loopback --passphrase "$GPG_PASSPHRASE"
env:
GPG_SIGNING_KEY: ${{ secrets.GPG_SIGNING_KEY }}
GPG_PASSPHRASE: ${{ secrets.GPG_PASSPHRASE }}
- name: List files
run: |
ls -la ./release
ls -la ./release/linux
ls -la ./release/linux-arm64
- name: Files to sign
run: |
echo "X64: ./release/linux/${{ steps.filename.outputs.x64 }}\n"
echo "ARM64: ./release/linux-arm64/${{ steps.filename.outputs.arm64 }}\n"
- name: Sign AppImages x64
run: |
gpg --pinentry-mode=loopback --passphrase "$GPG_PASSPHRASE" --output ./release/linux/${{ steps.filename.outputs.x64 }}.sig --detach-sign ./release/linux/${{ steps.filename.outputs.x64 }}
gpg --pinentry-mode=loopback --passphrase "$GPG_PASSPHRASE" --output ./release/linux-arm64/${{ steps.filename.outputs.arm64 }}.sig --detach-sign ./release/linux-arm64/${{ steps.filename.outputs.arm64 }}
env:
GPG_PASSPHRASE: ${{ secrets.GPG_PASSPHRASE }}
- name: Store x64 signature
uses: actions/upload-artifact@v2
with:
name: linux
path: ./release/linux/${{ steps.filename.outputs.x64 }}.sig
if-no-files-found: error
- name: Store arm64 signature
uses: actions/upload-artifact@v2
with:
name: linux-arm64
path: ./release/linux-arm64/${{ steps.filename.outputs.arm64 }}.sig
if-no-files-found: error
release:
runs-on: ubuntu-latest
needs: [build, sign-win-app, sign-app-image]
steps:
- name: Download all artifacts
uses: actions/download-artifact@v2
with:
path: ./release/
# Merge `latest-mac.yml` (x64 and arm64)
- name: Merge latest-mac.yml
uses: mikefarah/yq@master
with:
cmd: yq ea '. as $item ireduce ({}; . *+ $item)' ./release/macos/latest-mac.yml ./release/macos-arm64/latest-mac.yml > ./release/latest-merged.yml
- run: cat ./release/latest-merged.yml
- run: cp -f ./release/latest-merged.yml ./release/macos/latest-mac.yml
- run: cp -f ./release/latest-merged.yml ./release/macos-arm64/latest-mac.yml
# Upload artifacts to GCS
- name: Set up GCloud SDK
uses: google-github-actions/setup-gcloud@v0
with:
project_id: ${{ secrets.GCP_PROJECT_ID }}
service_account_key: ${{ secrets.GCP_SA_KEY }}
export_default_credentials: true
- name: Upload macos artifact
uses: google-github-actions/upload-cloud-storage@v0
with:
path: ./release/macos/
destination: ${{ secrets.GCP_BUCKET }}/${{ needs.build.outputs.tagName }}
parent: false
- name: Upload macos arm64 artifact
uses: google-github-actions/upload-cloud-storage@v0
with:
path: ./release/macos-arm64/
destination: ${{ secrets.GCP_BUCKET }}/${{ needs.build.outputs.tagName }}
parent: false
- name: Upload windows build
uses: google-github-actions/upload-cloud-storage@v0
with:
path: ./release/windows-signed/
destination: ${{ secrets.GCP_BUCKET }}/${{ needs.build.outputs.tagName }}
parent: false
- name: Upload linux build
uses: google-github-actions/upload-cloud-storage@v0
with:
path: ./release/linux/
destination: ${{ secrets.GCP_BUCKET }}/${{ needs.build.outputs.tagName }}
parent: false
- name: Upload linux arm64 build
uses: google-github-actions/upload-cloud-storage@v0
with:
path: ./release/linux-arm64/
destination: ${{ secrets.GCP_BUCKET }}/${{ needs.build.outputs.tagName }}
parent: false
# Upload artifacts to Cloudflare
- name: Upload macos artifact CF
uses: shallwefootball/s3-upload-action@master
with:
aws_key_id: ${{ secrets.CLOUDFLARE_ACCESS_KEY_ID }}
aws_secret_access_key: ${{ secrets.CLOUDFLARE_SECRET_ACCESS_KEY}}
aws_bucket: ${{ secrets.CLOUDFLARE_BUCKET }}
source_dir: ./release/macos/
destination_dir: dist/${{ needs.build.outputs.tagName }}
endpoint: https://${{ secrets.CLOUDFLARE_ACCOUNT_ID }}.r2.cloudflarestorage.com
- name: Upload macos arm64 artifact CF
uses: shallwefootball/s3-upload-action@master
with:
aws_key_id: ${{ secrets.CLOUDFLARE_ACCESS_KEY_ID }}
aws_secret_access_key: ${{ secrets.CLOUDFLARE_SECRET_ACCESS_KEY}}
aws_bucket: ${{ secrets.CLOUDFLARE_BUCKET }}
source_dir: ./release/macos-arm64/
destination_dir: dist/${{ needs.build.outputs.tagName }}
endpoint: https://${{ secrets.CLOUDFLARE_ACCOUNT_ID }}.r2.cloudflarestorage.com
- name: Upload windows artifact CF
uses: shallwefootball/s3-upload-action@master
with:
aws_key_id: ${{ secrets.CLOUDFLARE_ACCESS_KEY_ID }}
aws_secret_access_key: ${{ secrets.CLOUDFLARE_SECRET_ACCESS_KEY}}
aws_bucket: ${{ secrets.CLOUDFLARE_BUCKET }}
source_dir: ./release/windows-signed/
destination_dir: dist/${{ needs.build.outputs.tagName }}
endpoint: https://${{ secrets.CLOUDFLARE_ACCOUNT_ID }}.r2.cloudflarestorage.com
- name: Upload linux artifact CF
uses: shallwefootball/s3-upload-action@master
with:
aws_key_id: ${{ secrets.CLOUDFLARE_ACCESS_KEY_ID }}
aws_secret_access_key: ${{ secrets.CLOUDFLARE_SECRET_ACCESS_KEY}}
aws_bucket: ${{ secrets.CLOUDFLARE_BUCKET }}
source_dir: ./release/linux/
destination_dir: dist/${{ needs.build.outputs.tagName }}
endpoint: https://${{ secrets.CLOUDFLARE_ACCOUNT_ID }}.r2.cloudflarestorage.com
- name: Upload linux arm64 artifact CF
uses: shallwefootball/s3-upload-action@master
with:
aws_key_id: ${{ secrets.CLOUDFLARE_ACCESS_KEY_ID }}
aws_secret_access_key: ${{ secrets.CLOUDFLARE_SECRET_ACCESS_KEY}}
aws_bucket: ${{ secrets.CLOUDFLARE_BUCKET }}
source_dir: ./release/linux-arm64/
destination_dir: dist/${{ needs.build.outputs.tagName }}
endpoint: https://${{ secrets.CLOUDFLARE_ACCOUNT_ID }}.r2.cloudflarestorage.com
- name: Create Release
id: create-release
uses: softprops/action-gh-release@v1
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
name: Release ${{ needs.build.outputs.tagName }}
body: |
## Compiled Binaries
- Windows: [x64](https://smapp.spacemesh.network/dist/${{ needs.build.outputs.tagName }}/Spacemesh%20Setup%20${{ needs.build.outputs.version }}.exe)
- macOS: [x64](https://smapp.spacemesh.network/dist/${{ needs.build.outputs.tagName }}/Spacemesh-${{ needs.build.outputs.version }}.dmg) [arm64](https://smapp.spacemesh.network/dist/${{ needs.build.outputs.tagName }}/Spacemesh-${{ needs.build.outputs.version }}-arm64.dmg)
- Linux
- AppImage [x64](https://smapp.spacemesh.network/dist/${{ needs.build.outputs.tagName }}/Spacemesh-${{ needs.build.outputs.version }}.AppImage) [arm64](https://smapp.spacemesh.network/dist/${{ needs.build.outputs.tagName }}/Spacemesh-${{ needs.build.outputs.version }}-arm64.AppImage)
GPG signatures: [x64](https://smapp.spacemesh.network/dist/${{ needs.build.outputs.tagName }}/Spacemesh-${{ needs.build.outputs.version }}.AppImage.sig) [arm64](https://smapp.spacemesh.network/dist/${{ needs.build.outputs.tagName }}/Spacemesh-${{ needs.build.outputs.version }}-arm64.AppImage.sig) [public.key](https://discover.spacemesh.io/public.key)
- deb [x64](https://smapp.spacemesh.network/dist/${{ needs.build.outputs.tagName }}/spacemesh_app_${{ needs.build.outputs.version }}_amd64.deb) [arm64](https://smapp.spacemesh.network/dist/${{ needs.build.outputs.tagName }}/spacemesh_app_${{ needs.build.outputs.version }}_arm64.deb)
draft: true
prerelease: true
- name: Delete all artifacts
uses: geekyeggo/delete-artifact@v1
with:
name: |
windows-signed
windows
linux
linux-arm64
macos
macos-arm64