forked from cryptotavares/metamask-desktop
-
Notifications
You must be signed in to change notification settings - Fork 0
133 lines (127 loc) · 4.4 KB
/
package-app-prod.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
# .github/workflows/publish-app.yml
name: "Package and Publish Desktop App"
on:
workflow_dispatch:
inputs:
bypass_is_release:
type: boolean
required: false
description: Bypass is release job
default: false
push:
paths:
- packages/app/**
branches: [app-stable]
concurrency: production
jobs:
check-app-workflows:
name: Lints workflow
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- name: Download actionlint
id: download-actionlint
run: bash <(curl https://raw.githubusercontent.com/rhysd/actionlint/7fdc9630cc360ea1a469eed64ac6d78caeda1234/scripts/download-actionlint.bash) 1.6.22
shell: bash
- name: Check workflow files
run: ${{ steps.download-actionlint.outputs.executable }} -color .github/workflows/package-app-prod.yml
shell: bash
is-release:
name: Determine whether this is a release merge commit
runs-on: ubuntu-latest
outputs:
IS_RELEASE: ${{ steps.is-release.outputs.IS_RELEASE }}
steps:
- id: is-release
if: ${{ !github.event.inputs.bypass_is_release }}
uses: MetaMask/action-is-release@v1
with:
commit-starts-with: 'Release App [version]'
publish-app-release-draft:
runs-on: ubuntu-latest
needs: is-release
if: ${{ needs.is-release.outputs.IS_RELEASE == 'true' || github.event.inputs.bypass_is_release }}
permissions:
contents: write
steps:
- uses: actions/checkout@v3
with:
ref: ${{ github.sha }}
- name: Create Tag and Github Release
id: tag-and-release
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
shell: bash
run: |
PACKAGE_JSON="./packages/app/package.json"
RELEASE_VERSION="$(jq --raw-output .version $PACKAGE_JSON)"
echo "v@$RELEASE_VERSION"
gh release create "v$RELEASE_VERSION" -t "MetaMask Desktop v$RELEASE_VERSION" -F packages/app/CHANGELOG.md -d --target app-stable
package-prod:
needs: publish-app-release-draft
environment: production
runs-on: ${{ matrix.os }}
strategy:
matrix:
os: [ubuntu-latest, windows-latest, macos-latest]
permissions:
contents: write
steps:
- name: Checkout Git Repository
uses: actions/checkout@v3
with:
submodules: true
- name: Setup Node.js
uses: actions/setup-node@v3
with:
node-version-file: '.nvmrc'
- name: Install deps
shell: bash
run: yarn install --immutable
- name: Run common build
shell: bash
run: yarn common build
- name: Run extension install deps
shell: bash
run: yarn extension
- name: Setup desktop ui build
shell: bash
run: yarn setup:ui:build
- name: Build desktop ui
shell: bash
run: yarn app build:ui:lavamoat:ci
env:
SENTRY_DSN: ${{ secrets.SENTRY_DSN }}
- name: Build desktop app
shell: bash
run: yarn app build:app:prod
env:
INFURA_PROJECT_ID: ${{ secrets.INFURA_PROJECT_ID }}
METAMASK_ENVIRONMENT: 'production'
SEGMENT_WRITE_KEY: ${{ secrets.SEGMENT_WRITE_KEY }}
SENTRY_DSN: ${{ secrets.SENTRY_DSN }}
DESKTOP_ENABLE_UPDATES: ${{ vars.DESKTOP_ENABLE_UPDATES }}
DESKTOP_POPUP: ${{ vars.DESKTOP_POPUP }}
DISABLE_EXTENSION_POPUP: ${{ vars.DISABLE_EXTENSION_POPUP }}
- name: Package app for ${{ matrix.os }}
shell: bash
run: |
if [ "$RUNNER_OS" == "Linux" ]; then
yarn app package:linux:ci -p always
elif [ "$RUNNER_OS" == "Windows" ]; then
yarn app package:win:ci -p always
elif [ "$RUNNER_OS" == "macOS" ]; then
yarn app package:mac:ci -p always
else
echo "$RUNNER_OS not supported"
exit 1
fi
env:
WIN_CSC_LINK: ${{ secrets.MMD_WIN_CERT_BASE64 }}
WIN_CSC_KEY_PASSWORD: ${{ secrets.MMD_WIN_CERT_PASSWORD }}
CSC_LINK: ${{ secrets.MMD_MAC_CSC_BASE64 }}
CSC_KEY_PASSWORD: ${{ secrets.MMD_MAC_CSC_KEY_PASSWORD }}
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
APPLE_ID: ${{ secrets.APPLE_ID }}
APPLE_ID_PASSWORD: ${{ secrets.APPLE_ID_PASSWORD }}
APPLE_TEAM_ID: ${{ secrets.APPLE_TEAM_ID }}