fix(release): drop missing dmg background #9
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Release PC | |
| on: | |
| push: | |
| tags: | |
| - 'v*.*.*' | |
| workflow_dispatch: | |
| concurrency: | |
| group: release-pc-${{ github.ref }} | |
| cancel-in-progress: false | |
| env: | |
| NODE_VERSION: 20 | |
| PNPM_VERSION: 9.12.2 | |
| UPDATE_BASE_URL: https://download.moryflow.com | |
| GITHUB_REPO: dvlin-dev/moryflow | |
| jobs: | |
| metadata: | |
| name: Resolve Release Metadata | |
| runs-on: ubuntu-latest | |
| outputs: | |
| tag: ${{ steps.meta.outputs.tag }} | |
| version: ${{ steps.meta.outputs.version }} | |
| channel: ${{ steps.meta.outputs.channel }} | |
| prerelease: ${{ steps.meta.outputs.prerelease }} | |
| steps: | |
| - uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: 0 | |
| - name: Resolve metadata | |
| id: meta | |
| shell: bash | |
| run: | | |
| VERSION="$(node -p "JSON.parse(require('node:fs').readFileSync('apps/moryflow/pc/package.json', 'utf8')).version")" | |
| TAG="v${VERSION}" | |
| if ! [[ "${VERSION}" =~ ^[0-9]+\.[0-9]+\.[0-9]+(-beta\.[0-9]+)?$ ]]; then | |
| echo "Unsupported release version: ${VERSION}. Only stable x.y.z and beta x.y.z-beta.N are allowed." >&2 | |
| exit 1 | |
| fi | |
| if [[ "${VERSION}" == *"-beta."* ]]; then | |
| CHANNEL="beta" | |
| PRERELEASE="true" | |
| else | |
| CHANNEL="stable" | |
| PRERELEASE="false" | |
| fi | |
| if [[ "${GITHUB_EVENT_NAME}" == "push" && "${GITHUB_REF_NAME}" != "${TAG}" ]]; then | |
| echo "Tag ${GITHUB_REF_NAME} does not match apps/moryflow/pc/package.json version ${VERSION}." >&2 | |
| exit 1 | |
| fi | |
| if git rev-parse --verify --quiet "refs/tags/${TAG}" >/dev/null; then | |
| TAG_SHA="$(git rev-list -n 1 "${TAG}")" | |
| if [[ "${TAG_SHA}" != "${GITHUB_SHA}" ]]; then | |
| echo "Tag ${TAG} already points to ${TAG_SHA}, but workflow is running for ${GITHUB_SHA}." >&2 | |
| exit 1 | |
| fi | |
| fi | |
| echo "tag=${TAG}" >> "$GITHUB_OUTPUT" | |
| echo "version=${VERSION}" >> "$GITHUB_OUTPUT" | |
| echo "channel=${CHANNEL}" >> "$GITHUB_OUTPUT" | |
| echo "prerelease=${PRERELEASE}" >> "$GITHUB_OUTPUT" | |
| build-macos-arm64: | |
| name: Build macOS arm64 | |
| needs: metadata | |
| runs-on: macos-14 | |
| env: | |
| CSC_LINK: ${{ secrets.CSC_LINK }} | |
| CSC_KEY_PASSWORD: ${{ secrets.CSC_KEY_PASSWORD }} | |
| APPLE_API_KEY_CONTENT: ${{ secrets.APPLE_API_KEY }} | |
| APPLE_API_KEY_ID: ${{ secrets.APPLE_API_KEY_ID }} | |
| APPLE_API_ISSUER: ${{ secrets.APPLE_API_ISSUER }} | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - uses: pnpm/action-setup@v4 | |
| with: | |
| version: ${{ env.PNPM_VERSION }} | |
| - uses: actions/setup-node@v4 | |
| with: | |
| node-version: ${{ env.NODE_VERSION }} | |
| - name: Prepare Apple notarization key | |
| shell: bash | |
| run: | | |
| KEY_PATH="${RUNNER_TEMP}/AuthKey_${APPLE_API_KEY_ID}.p8" | |
| if [[ "${APPLE_API_KEY_CONTENT}" == *"BEGIN PRIVATE KEY"* ]]; then | |
| printf '%s\n' "${APPLE_API_KEY_CONTENT}" > "${KEY_PATH}" | |
| else | |
| printf '%s' "${APPLE_API_KEY_CONTENT}" | base64 --decode > "${KEY_PATH}" | |
| fi | |
| chmod 600 "${KEY_PATH}" | |
| echo "APPLE_API_KEY=${KEY_PATH}" >> "${GITHUB_ENV}" | |
| - run: pnpm install --frozen-lockfile --prefer-offline --config.node-linker=isolated | |
| - name: Build workspace dependencies | |
| run: pnpm --filter "@moryflow/pc..." --filter "!@moryflow/pc" --if-present build | |
| - name: Build renderer/main bundles | |
| run: pnpm --dir apps/moryflow/pc build | |
| - name: Build macOS arm64 installers | |
| run: pnpm --dir apps/moryflow/pc exec electron-builder --mac dmg zip --arm64 --publish never | |
| - uses: actions/upload-artifact@v4 | |
| with: | |
| name: darwin-arm64 | |
| path: apps/moryflow/pc/release/${{ needs.metadata.outputs.version }}/* | |
| if-no-files-found: error | |
| build-macos-x64: | |
| name: Build macOS x64 | |
| needs: metadata | |
| runs-on: macos-15-intel | |
| env: | |
| CSC_LINK: ${{ secrets.CSC_LINK }} | |
| CSC_KEY_PASSWORD: ${{ secrets.CSC_KEY_PASSWORD }} | |
| APPLE_API_KEY_CONTENT: ${{ secrets.APPLE_API_KEY }} | |
| APPLE_API_KEY_ID: ${{ secrets.APPLE_API_KEY_ID }} | |
| APPLE_API_ISSUER: ${{ secrets.APPLE_API_ISSUER }} | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - uses: pnpm/action-setup@v4 | |
| with: | |
| version: ${{ env.PNPM_VERSION }} | |
| - uses: actions/setup-node@v4 | |
| with: | |
| node-version: ${{ env.NODE_VERSION }} | |
| - name: Prepare Apple notarization key | |
| shell: bash | |
| run: | | |
| KEY_PATH="${RUNNER_TEMP}/AuthKey_${APPLE_API_KEY_ID}.p8" | |
| if [[ "${APPLE_API_KEY_CONTENT}" == *"BEGIN PRIVATE KEY"* ]]; then | |
| printf '%s\n' "${APPLE_API_KEY_CONTENT}" > "${KEY_PATH}" | |
| else | |
| printf '%s' "${APPLE_API_KEY_CONTENT}" | base64 --decode > "${KEY_PATH}" | |
| fi | |
| chmod 600 "${KEY_PATH}" | |
| echo "APPLE_API_KEY=${KEY_PATH}" >> "${GITHUB_ENV}" | |
| - run: pnpm install --frozen-lockfile --prefer-offline --config.node-linker=isolated | |
| - name: Build workspace dependencies | |
| run: pnpm --filter "@moryflow/pc..." --filter "!@moryflow/pc" --if-present build | |
| - name: Build renderer/main bundles | |
| run: pnpm --dir apps/moryflow/pc build | |
| - name: Build macOS x64 installers | |
| run: pnpm --dir apps/moryflow/pc exec electron-builder --mac dmg zip --x64 --publish never | |
| - uses: actions/upload-artifact@v4 | |
| with: | |
| name: darwin-x64 | |
| path: apps/moryflow/pc/release/${{ needs.metadata.outputs.version }}/* | |
| if-no-files-found: error | |
| publish: | |
| name: Publish Release | |
| needs: | |
| - metadata | |
| - build-macos-arm64 | |
| - build-macos-x64 | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: write | |
| env: | |
| AWS_ACCESS_KEY_ID: ${{ secrets.R2_ACCESS_KEY_ID }} | |
| AWS_SECRET_ACCESS_KEY: ${{ secrets.R2_SECRET_ACCESS_KEY }} | |
| AWS_REGION: auto | |
| R2_ACCOUNT_ID: ${{ secrets.R2_ACCOUNT_ID }} | |
| R2_BUCKET: ${{ secrets.R2_BUCKET }} | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - uses: pnpm/action-setup@v4 | |
| with: | |
| version: ${{ env.PNPM_VERSION }} | |
| - uses: actions/setup-node@v4 | |
| with: | |
| node-version: ${{ env.NODE_VERSION }} | |
| - run: pnpm install --frozen-lockfile --prefer-offline | |
| - uses: actions/download-artifact@v4 | |
| with: | |
| path: .artifacts | |
| - name: Prepare release artifacts | |
| run: | | |
| pnpm --dir apps/moryflow/pc exec tsx scripts/prepare-release-artifacts.ts \ | |
| --version "${{ needs.metadata.outputs.version }}" \ | |
| --channel "${{ needs.metadata.outputs.channel }}" \ | |
| --base-url "${{ env.UPDATE_BASE_URL }}" \ | |
| --input-dir ".artifacts" \ | |
| --output-dir ".release-prepared" \ | |
| --github-repo "${{ env.GITHUB_REPO }}" \ | |
| --targets "darwin-arm64,darwin-x64" | |
| - name: Smoke check generated feeds | |
| run: | | |
| pnpm --dir apps/moryflow/pc exec tsx scripts/smoke-check-update-feed.ts \ | |
| --version "${{ needs.metadata.outputs.version }}" \ | |
| --channel "${{ needs.metadata.outputs.channel }}" \ | |
| --base-url "${{ env.UPDATE_BASE_URL }}" \ | |
| --input-dir ".release-prepared" \ | |
| --targets "darwin-arm64,darwin-x64" | |
| - name: Publish GitHub release | |
| uses: softprops/action-gh-release@v2 | |
| with: | |
| tag_name: ${{ needs.metadata.outputs.tag }} | |
| target_commitish: ${{ github.sha }} | |
| prerelease: ${{ needs.metadata.outputs.prerelease == 'true' }} | |
| generate_release_notes: true | |
| files: | | |
| .release-prepared/github-release-assets/* | |
| - name: Upload versioned assets to R2 | |
| shell: bash | |
| run: | | |
| aws s3 sync ".release-prepared/releases" "s3://${R2_BUCKET}/releases" \ | |
| --endpoint-url "https://${R2_ACCOUNT_ID}.r2.cloudflarestorage.com" \ | |
| --cache-control "public, max-age=31536000, immutable" | |
| - name: Upload channel feeds to R2 | |
| shell: bash | |
| run: | | |
| aws s3 sync ".release-prepared/channels/${{ needs.metadata.outputs.channel }}" "s3://${R2_BUCKET}/channels/${{ needs.metadata.outputs.channel }}" \ | |
| --delete \ | |
| --endpoint-url "https://${R2_ACCOUNT_ID}.r2.cloudflarestorage.com" \ | |
| --cache-control "no-store, max-age=0" |