universo-platform-2d
448 строк · 17.3 Кб
1name: Release Desktop App
2
3on:
4workflow_dispatch:
5inputs:
6build-type:
7description: 'Build Type'
8type: choice
9required: true
10default: canary
11options:
12- canary
13- beta
14- stable
15is-draft:
16description: 'Draft Release?'
17type: boolean
18required: true
19default: true
20is-pre-release:
21description: 'Pre Release? (labeled as "PreRelease")'
22type: boolean
23required: true
24default: true
25
26permissions:
27actions: write
28contents: write
29security-events: write
30id-token: write
31attestations: write
32
33env:
34BUILD_TYPE: ${{ github.event.inputs.build-type }}
35DEBUG: napi:*
36APP_NAME: affine
37MACOSX_DEPLOYMENT_TARGET: '10.13'
38
39jobs:
40before-make:
41runs-on: ubuntu-latest
42environment: ${{ github.event.inputs.build-type }}
43outputs:
44RELEASE_VERSION: ${{ steps.version.outputs.APP_VERSION }}
45steps:
46- uses: actions/checkout@v4
47- name: Setup Version
48id: version
49uses: ./.github/actions/setup-version
50- name: Setup Node.js
51uses: ./.github/actions/setup-node
52- name: Setup @sentry/cli
53uses: ./.github/actions/setup-sentry
54- name: generate-assets
55run: yarn workspace @affine/electron generate-assets
56env:
57SENTRY_ORG: ${{ secrets.SENTRY_ORG }}
58SENTRY_PROJECT: 'affine'
59SENTRY_AUTH_TOKEN: ${{ secrets.SENTRY_AUTH_TOKEN }}
60SENTRY_DSN: ${{ secrets.SENTRY_DSN }}
61SENTRY_RELEASE: ${{ steps.version.outputs.APP_VERSION }}
62RELEASE_VERSION: ${{ steps.version.outputs.APP_VERSION }}
63SKIP_NX_CACHE: 'true'
64MIXPANEL_TOKEN: ${{ secrets.MIXPANEL_TOKEN }}
65
66- name: Upload web artifact
67uses: actions/upload-artifact@v4
68with:
69name: web
70path: packages/frontend/apps/electron/resources/web-static
71
72make-distribution:
73strategy:
74matrix:
75spec:
76- runner: macos-14
77platform: darwin
78arch: x64
79target: x86_64-apple-darwin
80- runner: macos-14
81platform: darwin
82arch: arm64
83target: aarch64-apple-darwin
84- runner: ubuntu-latest
85platform: linux
86arch: x64
87target: x86_64-unknown-linux-gnu
88runs-on: ${{ matrix.spec.runner }}
89needs: before-make
90env:
91APPLE_ID: ${{ secrets.APPLE_ID }}
92APPLE_PASSWORD: ${{ secrets.APPLE_PASSWORD }}
93APPLE_TEAM_ID: ${{ secrets.APPLE_TEAM_ID }}
94SKIP_GENERATE_ASSETS: 1
95SENTRY_ORG: ${{ secrets.SENTRY_ORG }}
96SENTRY_PROJECT: 'affine'
97SENTRY_AUTH_TOKEN: ${{ secrets.SENTRY_AUTH_TOKEN }}
98SENTRY_DSN: ${{ secrets.SENTRY_DSN }}
99MIXPANEL_TOKEN: ${{ secrets.MIXPANEL_TOKEN }}
100steps:
101- uses: actions/checkout@v4
102- name: Setup Version
103id: version
104uses: ./.github/actions/setup-version
105- name: Setup Node.js
106timeout-minutes: 10
107uses: ./.github/actions/setup-node
108with:
109extra-flags: workspaces focus @affine/electron @affine/monorepo
110hard-link-nm: false
111nmHoistingLimits: workspaces
112enableScripts: false
113- name: Build AFFiNE native
114uses: ./.github/actions/build-rust
115with:
116target: ${{ matrix.spec.target }}
117package: '@affine/native'
118nx_token: ${{ secrets.NX_CLOUD_ACCESS_TOKEN }}
119- uses: actions/download-artifact@v4
120with:
121name: web
122path: packages/frontend/apps/electron/resources/web-static
123
124- name: Build Desktop Layers
125run: yarn workspace @affine/electron build
126
127- name: Signing By Apple Developer ID
128if: ${{ matrix.spec.platform == 'darwin' }}
129uses: apple-actions/import-codesign-certs@v3
130with:
131p12-file-base64: ${{ secrets.CERTIFICATES_P12 }}
132p12-password: ${{ secrets.CERTIFICATES_P12_PASSWORD }}
133
134- name: Install additional dependencies on Linux
135if: ${{ matrix.spec.platform == 'linux' }}
136run: |
137sudo add-apt-repository universe
138sudo apt install -y libfuse2 elfutils flatpak flatpak-builder
139flatpak remote-add --user --if-not-exists flathub https://flathub.org/repo/flathub.flatpakrepo
140flatpak update
141# some flatpak deps need git protocol.file.allow
142git config --global protocol.file.allow always
143
144- name: make
145run: yarn workspace @affine/electron make --platform=${{ matrix.spec.platform }} --arch=${{ matrix.spec.arch }}
146env:
147SKIP_WEB_BUILD: 1
148HOIST_NODE_MODULES: 1
149DEBUG: '*'
150
151- name: signing DMG
152if: ${{ matrix.spec.platform == 'darwin' }}
153run: |
154codesign --force --sign "Developer ID Application: TOEVERYTHING PTE. LTD." packages/frontend/apps/electron/out/${{ env.BUILD_TYPE }}/make/AFFiNE.dmg
155
156- name: Save artifacts (mac)
157if: ${{ matrix.spec.platform == 'darwin' }}
158run: |
159mkdir -p builds
160mv packages/frontend/apps/electron/out/*/make/*.dmg ./builds/affine-${{ needs.before-make.outputs.RELEASE_VERSION }}-${{ env.BUILD_TYPE }}-macos-${{ matrix.spec.arch }}.dmg
161mv packages/frontend/apps/electron/out/*/make/zip/darwin/${{ matrix.spec.arch }}/*.zip ./builds/affine-${{ needs.before-make.outputs.RELEASE_VERSION }}-${{ env.BUILD_TYPE }}-macos-${{ matrix.spec.arch }}.zip
162- name: Save artifacts (linux)
163if: ${{ matrix.spec.platform == 'linux' }}
164run: |
165mkdir -p builds
166mv packages/frontend/apps/electron/out/*/make/zip/linux/x64/*.zip ./builds/affine-${{ needs.before-make.outputs.RELEASE_VERSION }}-${{ env.BUILD_TYPE }}-linux-x64.zip
167mv packages/frontend/apps/electron/out/*/make/*.AppImage ./builds/affine-${{ needs.before-make.outputs.RELEASE_VERSION }}-${{ env.BUILD_TYPE }}-linux-x64.appimage
168mv packages/frontend/apps/electron/out/*/make/deb/x64/*.deb ./builds/affine-${{ needs.before-make.outputs.RELEASE_VERSION }}-${{ env.BUILD_TYPE }}-linux-x64.deb
169mv packages/frontend/apps/electron/out/*/make/flatpak/*/*.flatpak ./builds/affine-${{ needs.before-make.outputs.RELEASE_VERSION }}-${{ env.BUILD_TYPE }}-linux-x64.flatpak
170
171- uses: actions/attest-build-provenance@v1
172if: ${{ matrix.spec.platform == 'darwin' }}
173with:
174subject-path: |
175./builds/affine-${{ needs.before-make.outputs.RELEASE_VERSION }}-${{ env.BUILD_TYPE }}-macos-${{ matrix.spec.arch }}.zip
176./builds/affine-${{ needs.before-make.outputs.RELEASE_VERSION }}-${{ env.BUILD_TYPE }}-macos-${{ matrix.spec.arch }}.dmg
177
178- uses: actions/attest-build-provenance@v1
179if: ${{ matrix.spec.platform == 'linux' }}
180with:
181subject-path: |
182./builds/affine-${{ needs.before-make.outputs.RELEASE_VERSION }}-${{ env.BUILD_TYPE }}-linux-x64.zip
183./builds/affine-${{ needs.before-make.outputs.RELEASE_VERSION }}-${{ env.BUILD_TYPE }}-linux-x64.appimage
184./builds/affine-${{ needs.before-make.outputs.RELEASE_VERSION }}-${{ env.BUILD_TYPE }}-linux-x64.deb
185- name: Upload Artifact
186uses: actions/upload-artifact@v4
187with:
188name: affine-${{ matrix.spec.platform }}-${{ matrix.spec.arch }}-builds
189path: builds
190
191package-distribution-windows:
192strategy:
193matrix:
194spec:
195- runner: windows-latest
196platform: win32
197arch: x64
198target: x86_64-pc-windows-msvc
199runs-on: ${{ matrix.spec.runner }}
200needs: before-make
201outputs:
202FILES_TO_BE_SIGNED: ${{ steps.get_files_to_be_signed.outputs.FILES_TO_BE_SIGNED }}
203env:
204SKIP_GENERATE_ASSETS: 1
205SENTRY_ORG: ${{ secrets.SENTRY_ORG }}
206SENTRY_PROJECT: 'affine'
207SENTRY_AUTH_TOKEN: ${{ secrets.SENTRY_AUTH_TOKEN }}
208SENTRY_DSN: ${{ secrets.SENTRY_DSN }}
209MIXPANEL_TOKEN: ${{ secrets.MIXPANEL_TOKEN }}
210steps:
211- uses: actions/checkout@v4
212- name: Setup Version
213id: version
214uses: ./.github/actions/setup-version
215- name: Setup Node.js
216timeout-minutes: 10
217uses: ./.github/actions/setup-node
218with:
219extra-flags: workspaces focus @affine/electron @affine/monorepo
220hard-link-nm: false
221nmHoistingLimits: workspaces
222- name: Build AFFiNE native
223uses: ./.github/actions/build-rust
224with:
225target: ${{ matrix.spec.target }}
226package: '@affine/native'
227nx_token: ${{ secrets.NX_CLOUD_ACCESS_TOKEN }}
228- uses: actions/download-artifact@v4
229with:
230name: web
231path: packages/frontend/apps/electron/resources/web-static
232
233- name: Build Desktop Layers
234run: yarn workspace @affine/electron build
235
236- name: package
237run: yarn workspace @affine/electron package --platform=${{ matrix.spec.platform }} --arch=${{ matrix.spec.arch }}
238env:
239SKIP_WEB_BUILD: 1
240HOIST_NODE_MODULES: 1
241
242- name: get all files to be signed
243id: get_files_to_be_signed
244run: |
245Set-Variable -Name FILES_TO_BE_SIGNED -Value ((Get-ChildItem -Path packages/frontend/apps/electron/out -Recurse -File | Where-Object { $_.Extension -in @(".exe", ".node", ".dll", ".msi") } | ForEach-Object { '"' + $_.FullName.Replace((Get-Location).Path + '\packages\frontend\apps\electron\out\', '') + '"' }) -join ' ')
246"FILES_TO_BE_SIGNED=$FILES_TO_BE_SIGNED" >> $env:GITHUB_OUTPUT
247echo $FILES_TO_BE_SIGNED
248
249- name: Zip artifacts for faster upload
250run: Compress-Archive -CompressionLevel Fastest -Path packages/frontend/apps/electron/out/* -DestinationPath archive.zip
251
252- name: Save packaged artifacts for signing
253uses: actions/upload-artifact@v4
254with:
255name: packaged-${{ matrix.spec.platform }}-${{ matrix.spec.arch }}
256path: |
257archive.zip
258!**/*.map
259
260sign-packaged-artifacts-windows:
261needs: package-distribution-windows
262uses: ./.github/workflows/windows-signer.yml
263with:
264files: ${{ needs.package-distribution-windows.outputs.FILES_TO_BE_SIGNED }}
265artifact-name: packaged-win32-x64
266
267make-windows-installer:
268needs: sign-packaged-artifacts-windows
269strategy:
270matrix:
271spec:
272- runner: windows-latest
273platform: win32
274arch: x64
275target: x86_64-pc-windows-msvc
276runs-on: ${{ matrix.spec.runner }}
277outputs:
278FILES_TO_BE_SIGNED: ${{ steps.get_files_to_be_signed.outputs.FILES_TO_BE_SIGNED }}
279steps:
280- uses: actions/checkout@v4
281- name: Setup Version
282id: version
283uses: ./.github/actions/setup-version
284- name: Setup Node.js
285timeout-minutes: 10
286uses: ./.github/actions/setup-node
287with:
288extra-flags: workspaces focus @affine/electron @affine/monorepo
289hard-link-nm: false
290nmHoistingLimits: workspaces
291- name: Download and overwrite packaged artifacts
292uses: actions/download-artifact@v4
293with:
294name: signed-packaged-${{ matrix.spec.platform }}-${{ matrix.spec.arch }}
295path: .
296- name: unzip file
297run: Expand-Archive -Path signed.zip -DestinationPath packages/frontend/apps/electron/out
298
299- name: Make squirrel.windows installer
300run: yarn workspace @affine/electron make-squirrel --platform=${{ matrix.spec.platform }} --arch=${{ matrix.spec.arch }}
301
302- name: Make nsis.windows installer
303run: yarn workspace @affine/electron make-nsis --platform=${{ matrix.spec.platform }} --arch=${{ matrix.spec.arch }}
304
305- name: Zip artifacts for faster upload
306run: Compress-Archive -CompressionLevel Fastest -Path packages/frontend/apps/electron/out/${{ env.BUILD_TYPE }}/make/* -DestinationPath archive.zip
307
308- name: get all files to be signed
309id: get_files_to_be_signed
310run: |
311Set-Variable -Name FILES_TO_BE_SIGNED -Value ((Get-ChildItem -Path packages/frontend/apps/electron/out/${{ env.BUILD_TYPE }}/make -Recurse -File | Where-Object { $_.Extension -in @(".exe", ".node", ".dll", ".msi") } | ForEach-Object { '"' + $_.FullName.Replace((Get-Location).Path + '\packages\frontend\apps\electron\out\${{ env.BUILD_TYPE }}\make\', '') + '"' }) -join ' ')
312"FILES_TO_BE_SIGNED=$FILES_TO_BE_SIGNED" >> $env:GITHUB_OUTPUT
313echo $FILES_TO_BE_SIGNED
314
315- name: Save installer for signing
316uses: actions/upload-artifact@v4
317with:
318name: installer-${{ matrix.spec.platform }}-${{ matrix.spec.arch }}
319path: archive.zip
320
321sign-installer-artifacts-windows:
322needs: make-windows-installer
323uses: ./.github/workflows/windows-signer.yml
324with:
325files: ${{ needs.make-windows-installer.outputs.FILES_TO_BE_SIGNED }}
326artifact-name: installer-win32-x64
327
328finalize-installer-windows:
329needs: [sign-installer-artifacts-windows, before-make]
330strategy:
331matrix:
332spec:
333- runner: windows-latest
334platform: win32
335arch: x64
336target: x86_64-pc-windows-msvc
337runs-on: ${{ matrix.spec.runner }}
338steps:
339- name: Download and overwrite installer artifacts
340uses: actions/download-artifact@v4
341with:
342name: signed-installer-${{ matrix.spec.platform }}-${{ matrix.spec.arch }}
343path: .
344- name: unzip file
345run: Expand-Archive -Path signed.zip -DestinationPath packages/frontend/apps/electron/out/${{ env.BUILD_TYPE }}/make
346
347- name: Save artifacts
348run: |
349mkdir -p builds
350mv packages/frontend/apps/electron/out/*/make/zip/win32/x64/AFFiNE*-win32-x64-*.zip ./builds/affine-${{ needs.before-make.outputs.RELEASE_VERSION }}-${{ env.BUILD_TYPE }}-windows-x64.zip
351mv packages/frontend/apps/electron/out/*/make/squirrel.windows/x64/*.exe ./builds/affine-${{ needs.before-make.outputs.RELEASE_VERSION }}-${{ env.BUILD_TYPE }}-windows-x64.exe
352mv packages/frontend/apps/electron/out/*/make/nsis.windows/x64/*.exe ./builds/affine-${{ needs.before-make.outputs.RELEASE_VERSION }}-${{ env.BUILD_TYPE }}-windows-x64.nsis.exe
353
354- uses: actions/attest-build-provenance@v1
355with:
356subject-path: |
357./builds/affine-${{ needs.before-make.outputs.RELEASE_VERSION }}-${{ env.BUILD_TYPE }}-windows-x64.zip
358./builds/affine-${{ needs.before-make.outputs.RELEASE_VERSION }}-${{ env.BUILD_TYPE }}-windows-x64.exe
359./builds/affine-${{ needs.before-make.outputs.RELEASE_VERSION }}-${{ env.BUILD_TYPE }}-windows-x64.nsis.exe
360
361- name: Upload Artifact
362uses: actions/upload-artifact@v4
363with:
364name: affine-${{ matrix.spec.platform }}-${{ matrix.spec.arch }}-builds
365path: builds
366
367release:
368needs: [before-make, make-distribution, finalize-installer-windows]
369runs-on: ubuntu-latest
370
371steps:
372- uses: actions/checkout@v4
373- uses: actions/download-artifact@v4
374with:
375name: web
376path: web-static
377- name: Zip web-static
378run: zip -r web-static.zip web-static
379- name: Download Artifacts (macos-x64)
380uses: actions/download-artifact@v4
381with:
382name: affine-darwin-x64-builds
383path: ./
384- name: Download Artifacts (macos-arm64)
385uses: actions/download-artifact@v4
386with:
387name: affine-darwin-arm64-builds
388path: ./
389- name: Download Artifacts (windows-x64)
390uses: actions/download-artifact@v4
391with:
392name: affine-win32-x64-builds
393path: ./
394- name: Download Artifacts (linux-x64)
395uses: actions/download-artifact@v4
396with:
397name: affine-linux-x64-builds
398path: ./
399- uses: actions/setup-node@v4
400with:
401node-version: 20
402- name: Generate Release yml
403run: |
404node ./packages/frontend/apps/electron/scripts/generate-yml.js
405env:
406RELEASE_VERSION: ${{ needs.before-make.outputs.RELEASE_VERSION }}
407- name: Create Release Draft
408if: ${{ github.ref_type == 'tag' }}
409uses: softprops/action-gh-release@v2
410with:
411name: ${{ needs.before-make.outputs.RELEASE_VERSION }}
412body: ''
413draft: ${{ github.event.inputs.is-draft }}
414prerelease: ${{ github.event.inputs.is-pre-release }}
415files: |
416./VERSION
417./*.zip
418./*.dmg
419./*.exe
420./*.appimage
421./*.deb
422./*.flatpak
423./*.apk
424./*.yml
425- name: Create Nightly Release Draft
426if: ${{ github.ref_type == 'branch' }}
427uses: softprops/action-gh-release@v2
428env:
429GITHUB_TOKEN: ${{ secrets.RELEASE_TOKEN }}
430with:
431# Temporarily, treat release from branch as nightly release, artifact saved to AFFiNE-Releases.
432# Need to improve internal build and nightly release logic.
433repository: 'toeverything/AFFiNE-Releases'
434name: ${{ needs.before-make.outputs.RELEASE_VERSION }}
435tag_name: ${{ needs.before-make.outputs.RELEASE_VERSION }}
436body: ''
437draft: false
438prerelease: true
439files: |
440./VERSION
441./*.zip
442./*.dmg
443./*.exe
444./*.appimage
445./*.deb
446./*.apk
447./*.flatpak
448./*.yml
449