CodeAlpha.MVT.PoC/.github/workflows/release.yml at main · codealphadev/CodeAlpha.MVT.PoC · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
name: Release
on:
  push:
    branches:
      - main

permissions:
  id-token: write # Make GitHub populate environment variables for OIDC with GCP
  contents: write # Get access to  repository

jobs:
  update_version:
    runs-on: ubuntu-latest
    steps:
      - name: 'Checkout'
        uses: actions/checkout@v3
        with:
          fetch-depth: 0

      - name: Generate new version
        id: new_version
        uses: anothrNick/github-tag-action@1.36.0 # !!!! Newer versions buggy
        env:
          WITH_V: false
          DRY_RUN: true
          RELEASE_BRANCHES: 'main,cod-*'
          DEFAULT_BUMP: patch

      - name: Show the next version
        run: |
          echo ${{ steps.new_version.outputs.new_tag }}

      - name: Install python dependencies
        run: pip3 install -r scripts/requirements.txt

      - name: Update repo version
        env:
          VERSION: ${{ steps.new_version.outputs.new_tag }}
        run: python3 ./scripts/update_repo_version.py

      - name: Echo git status
        run: git --no-pager diff

      - name: Update package-lock.json
        run: npm i --package-lock-only --ignore-scripts

      - name: Update Cargo.lock
        run: cd src-tauri && cargo generate-lockfile && cd ..

      - name: Echo git status
        run: git --no-pager diff

      - uses: stefanzweifel/git-auto-commit-action@v4
        with:
          commit_message: Update version to v${{ steps.new_version.outputs.new_tag }}
          tagging_message: v${{ steps.new_version.outputs.new_tag }}
    outputs:
      version: v${{ steps.new_version.outputs.new_tag }}

  build_and_publish:
    needs: [update_version]
    runs-on: self-hosted
    timeout-minutes: 60
    steps:
      - name: 'Checkout source code'
        uses: actions/checkout@v3
        with:
          fetch-depth: 0

      - run: git pull origin

      - name: Authenticate to Google Cloud
        id: auth
        uses: google-github-actions/auth@v0.8.1
        with:
          workload_identity_provider: projects/767491075312/locations/global/workloadIdentityPools/codealpha-pool-2/providers/codealpha-gh-provider
          service_account: release-creation@client-backend-x.iam.gserviceaccount.com

      - name: Fetch Tauri private key secrets
        id: 'fetch-tauri-private-key-secrets'
        uses: 'google-github-actions/get-secretmanager-secrets@v0.5.0'
        with:
          secrets: |-
            private-key:767491075312/tauri_private_key
            private-key-pw:767491075312/tauri_key_pw

      - name: Set up Node
        uses: actions/setup-node@v3
        with:
          node-version: 18

      - name: Install Rust stable
        uses: actions-rs/toolchain@v1
        with:
          toolchain: stable

      - name: Install dependencies
        run: |
          npm ci --loglevel verbose
          rustup target add aarch64-apple-darwin
          rustup target add x86_64-apple-darwin

      - name: Build and Sign Tauri App
        env:
          ENABLE_CODE_SIGNING: ${{ secrets.APPLE_CERTIFICATE }}
          APPLE_CERTIFICATE: ${{ secrets.APPLE_CERTIFICATE }}
          APPLE_CERTIFICATE_PASSWORD: ${{ secrets.APPLE_CERTIFICATE_PASSWORD }}
          APPLE_SIGNING_IDENTITY: ${{ secrets.APPLE_SIGNING_IDENTITY }}
          APPLE_ID: ${{ secrets.APPLE_ID }}
          APPLE_PASSWORD: ${{ secrets.APPLE_PASSWORD }}
          TAURI_PRIVATE_KEY: ${{ steps.fetch-tauri-private-key-secrets.outputs.private-key }}
          TAURI_KEY_PASSWORD: ${{ steps.fetch-tauri-private-key-secrets.outputs.private-key-pw }}
        run: npm run build

      - name: Upload dmg
        uses: 'google-github-actions/upload-cloud-storage@v0.10.2'
        with:
          path: './src-tauri/target/universal-apple-darwin/release/bundle/dmg'
          destination: 'pretzl-releases/${{needs.update_version.outputs.version}}'
          glob: '*.dmg'

      - name: Upload app and updater package
        uses: 'google-github-actions/upload-cloud-storage@v0.10.2'
        with:
          path: './src-tauri/target/universal-apple-darwin/release/bundle/macos'
          destination: 'pretzl-releases/${{needs.update_version.outputs.version}}'

      - name: Create manifest
        env:
          VERSION: ${{needs.update_version.outputs.version}}
        run: python3 ./scripts/update_release_manifest.py

      - name: Upload manifest
        uses: 'google-github-actions/upload-cloud-storage@v0.10.2'
        with:
          path: './manifest.json'
          destination: 'pretzl-releases'
          parent: false
          headers: |-
            cache-control: no-cache