espanso/.github/workflows/release.yml
2022-09-23 22:38:49 +01:00

331 lines
14 KiB
YAML

# Huge thanks to Alacritty, as their configuration served as a starting point for this one!
# See: https://github.com/alacritty/alacritty
name: Release
on:
push:
branches:
- master
- dev
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
CARGO_TERM_COLOR: always
jobs:
extract-version:
name: extract-version
runs-on: ubuntu-latest
outputs:
espanso_version: ${{ steps.version.outputs.version }}
steps:
- uses: actions/checkout@v2
- name: "Extract version"
id: "version"
run: |
ESPANSO_VERSION=$(grep '^version' espanso/Cargo.toml | awk -F '"' '{ print $2 }')
echo version: $ESPANSO_VERSION
echo "::set-output name=version::v$ESPANSO_VERSION"
create-release:
name: create-release
needs: ["extract-version"]
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
- name: Create new release (only on master)
if: ${{ github.ref == 'refs/heads/master' }}
run: |
COMMIT_HASH=$(git rev-list --max-count=1 HEAD)
echo "Creating release: ${{ needs.extract-version.outputs.espanso_version }}"
echo "for hash: $COMMIT_HASH"
gh release create ${{ needs.extract-version.outputs.espanso_version }} \
-t ${{ needs.extract-version.outputs.espanso_version }} \
--notes "Automatically released by CI" \
--prerelease \
--target $COMMIT_HASH
windows:
needs: ["extract-version", "create-release"]
runs-on: windows-latest
defaults:
run:
shell: bash
steps:
- uses: actions/checkout@v2
- name: Print target version
run: |
echo Using version ${{ needs.extract-version.outputs.espanso_version }}
- name: Install rust-script and cargo-make
run: |
cargo install rust-script --version "0.7.0"
cargo install --force cargo-make --version 0.34.0
- name: Test
run: cargo make test-binary --profile release
- name: Build resources
run: cargo make build-windows-resources --profile release
- name: Sign resources
run: cargo make sign-windows-resources
env:
CODESIGN_PWD: ${{ secrets.WIN_CODESIGN_PWD }}
CODESIGN_CROSS_SIGNED_B64: ${{ secrets.WIN_CODESIGN_INTERMEDIATE_B64 }}
CODESIGN_CERTIFICATE_B64: ${{ secrets.WIN_CODESIGN_CERTIFICATE_B64 }}
- name: Build installer
run: cargo make build-windows-installer --profile release --skip-tasks build-windows-resources
- name: Sign installer
run: cargo make sign-windows-installer
env:
CODESIGN_PWD: ${{ secrets.WIN_CODESIGN_PWD }}
CODESIGN_CROSS_SIGNED_B64: ${{ secrets.WIN_CODESIGN_INTERMEDIATE_B64 }}
CODESIGN_CERTIFICATE_B64: ${{ secrets.WIN_CODESIGN_CERTIFICATE_B64 }}
- name: Build portable mode archive
run: cargo make build-windows-portable --profile release --skip-tasks build-windows-resources
- name: Create portable mode archive
shell: powershell
run: |
Rename-Item target/windows/portable espanso-portable
Compress-Archive target/windows/espanso-portable target/windows/Espanso-Win-Portable-x86_64.zip
- name: Calculate hashes
shell: powershell
run: |
Get-FileHash target/windows/Espanso-Win-Portable-x86_64.zip -Algorithm SHA256 | select-object -ExpandProperty Hash > target/windows/Espanso-Win-Portable-x86_64.zip.sha256.txt
Get-FileHash target/windows/installer/Espanso-Win-Installer-x86_64.exe -Algorithm SHA256 | select-object -ExpandProperty Hash > target/windows/installer/Espanso-Win-Installer-x86_64.exe.sha256.txt
- uses: actions/upload-artifact@v2
name: "Upload artifacts"
with:
name: Windows Artifacts
path: |
target/windows/installer/Espanso-Win-Installer-x86_64.exe
target/windows/Espanso-Win-Portable-x86_64.zip
target/windows/installer/Espanso-Win-Installer-x86_64.exe.sha256.txt
target/windows/Espanso-Win-Portable-x86_64.zip.sha256.txt
- name: Upload artifacts to Github Releases (if master)
if: ${{ github.ref == 'refs/heads/master' }}
run: |
gh release upload ${{ needs.extract-version.outputs.espanso_version }} target/windows/installer/Espanso-Win-Installer-x86_64.exe target/windows/Espanso-Win-Portable-x86_64.zip target/windows/installer/Espanso-Win-Installer-x86_64.exe.sha256.txt target/windows/Espanso-Win-Portable-x86_64.zip.sha256.txt
windows-publish-winget:
needs: [ windows ]
runs-on: windows-latest
steps:
- uses: vedantmgoyal2009/winget-releaser@latest
with:
identifier: Espanso.Espanso
token: ${{ secrets.WINGET_TOKEN }}
linux-x11:
needs: ["extract-version", "create-release"]
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
- name: Print target version
run: |
echo Using version ${{ needs.extract-version.outputs.espanso_version }}
- name: Build docker image
run: |
sudo docker build -t espanso-ubuntu . -f .github/scripts/ubuntu/Dockerfile
- name: Build AppImage
run: |
sudo docker run --rm -v "$(pwd):/shared" espanso-ubuntu espanso/.github/scripts/ubuntu/build_appimage.sh
- uses: actions/upload-artifact@v2
name: "Upload artifacts"
with:
name: Linux X11 Artifacts
path: |
Espanso-X11.AppImage
Espanso-X11.AppImage.sha256.txt
- name: Upload artifacts to Github Releases (if master)
if: ${{ github.ref == 'refs/heads/master' }}
run: |
gh release upload ${{ needs.extract-version.outputs.espanso_version }} Espanso-X11.AppImage Espanso-X11.AppImage.sha256.txt
linux-deb:
needs: ["extract-version", "create-release"]
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
- name: Print target version
run: |
echo Using version ${{ needs.extract-version.outputs.espanso_version }}
- name: Build docker image
run: |
sudo docker build -t espanso-ubuntu . -f .github/scripts/ubuntu/Dockerfile
- name: Build Deb packages
run: |
sudo docker run --rm -v "$(pwd):/shared" espanso-ubuntu espanso/.github/scripts/ubuntu/build_deb.sh
- uses: actions/upload-artifact@v2
name: "Upload artifacts"
with:
name: Ubuntu-Debian Artifacts
path: |
espanso-debian-x11-amd64.deb
espanso-debian-wayland-amd64.deb
- name: Upload artifacts to Github Releases (if master)
if: ${{ github.ref == 'refs/heads/master' }}
run: |
gh release upload ${{ needs.extract-version.outputs.espanso_version }} espanso-debian-x11-amd64.deb espanso-debian-wayland-amd64.deb espanso-debian-x11-amd64-sha256.txt espanso-debian-wayland-amd64-sha256.txt
macos-intel:
needs: ["extract-version", "create-release"]
runs-on: macos-11
steps:
- uses: actions/checkout@v2
- name: Print target version
run: |
echo Using version ${{ needs.extract-version.outputs.espanso_version }}
- name: Install rust-script and cargo-make
run: |
cargo install rust-script --version "0.7.0"
cargo install --force cargo-make --version 0.34.0
- name: Test
run: cargo make test-binary --profile release
env:
MACOSX_DEPLOYMENT_TARGET: "10.13"
- name: Build
run: cargo make create-bundle --profile release
env:
MACOSX_DEPLOYMENT_TARGET: "10.13"
- name: Codesign executable
env:
MACOS_CERTIFICATE: ${{ secrets.PROD_MACOS_CERTIFICATE }}
MACOS_CERTIFICATE_PWD: ${{ secrets.PROD_MACOS_CERTIFICATE_PWD }}
MACOS_CERTIFICATE_NAME: ${{ secrets.PROD_MACOS_CERTIFICATE_NAME }}
MACOS_CI_KEYCHAIN_PWD: ${{ secrets.PROD_MACOS_CI_KEYCHAIN_PWD }}
run: |
echo $MACOS_CERTIFICATE | base64 --decode > certificate.p12
security create-keychain -p "$MACOS_CI_KEYCHAIN_PWD" buildespanso.keychain
security default-keychain -s buildespanso.keychain
security unlock-keychain -p "$MACOS_CI_KEYCHAIN_PWD" buildespanso.keychain
security import certificate.p12 -k buildespanso.keychain -P "$MACOS_CERTIFICATE_PWD" -T /usr/bin/codesign
security set-key-partition-list -S apple-tool:,apple:,codesign: -s -k "$MACOS_CI_KEYCHAIN_PWD" buildespanso.keychain
/usr/bin/codesign --force -s "$MACOS_CERTIFICATE_NAME" --options runtime target/mac/Espanso.app -v
- name: "Notarize executable"
env:
PROD_MACOS_NOTARIZATION_APPLE_ID: ${{ secrets.PROD_MACOS_NOTARIZATION_APPLE_ID }}
PROD_MACOS_NOTARIZATION_TEAM_ID: ${{ secrets.PROD_MACOS_NOTARIZATION_TEAM_ID }}
PROD_MACOS_NOTARIZATION_PWD: ${{ secrets.PROD_MACOS_NOTARIZATION_PWD }}
run: |
echo "Create keychain profile"
xcrun notarytool store-credentials "espanso-notarytool-profile" --apple-id "$PROD_MACOS_NOTARIZATION_APPLE_ID" --team-id "$PROD_MACOS_NOTARIZATION_TEAM_ID" --password "$PROD_MACOS_NOTARIZATION_PWD"
echo "Creating temp notarization archive"
ditto -c -k --keepParent "target/mac/Espanso.app" "notarization.zip"
echo "Notarize app"
xcrun notarytool submit "notarization.zip" --keychain-profile "espanso-notarytool-profile" --wait
echo "Attach staple"
xcrun stapler staple "target/mac/Espanso.app"
- name: Create ZIP archive
run: |
ditto -c -k --sequesterRsrc --keepParent target/mac/Espanso.app Espanso-Mac-Intel.zip
- name: Calculate hashes
run: |
shasum -a 256 Espanso-Mac-Intel.zip > Espanso-Mac-Intel.zip.sha256.txt
- uses: actions/upload-artifact@v2
name: "Upload artifacts"
with:
name: Mac Intel Artifacts
path: |
Espanso-Mac-Intel.zip
Espanso-Mac-Intel.zip.sha256.txt
- name: Upload artifacts to Github Releases (if master)
if: ${{ github.ref == 'refs/heads/master' }}
run: |
gh release upload ${{ needs.extract-version.outputs.espanso_version }} Espanso-Mac-Intel.zip Espanso-Mac-Intel.zip.sha256.txt
macos-m1:
needs: ["extract-version", "create-release"]
runs-on: macos-11
steps:
- uses: actions/checkout@v2
- name: Print target version
run: |
echo Using version ${{ needs.extract-version.outputs.espanso_version }}
- name: Install rust target
run: rustup update && rustup target add aarch64-apple-darwin
- name: Install rust-script and cargo-make
run: |
cargo install rust-script --version "0.7.0"
cargo install --force cargo-make --version 0.34.0
- name: Build
run: cargo make create-bundle --profile release --env BUILD_ARCH=aarch64-apple-darwin
- name: Codesign executable
env:
MACOS_CERTIFICATE: ${{ secrets.PROD_MACOS_CERTIFICATE }}
MACOS_CERTIFICATE_PWD: ${{ secrets.PROD_MACOS_CERTIFICATE_PWD }}
MACOS_CERTIFICATE_NAME: ${{ secrets.PROD_MACOS_CERTIFICATE_NAME }}
MACOS_CI_KEYCHAIN_PWD: ${{ secrets.PROD_MACOS_CI_KEYCHAIN_PWD }}
run: |
echo $MACOS_CERTIFICATE | base64 --decode > certificate.p12
security create-keychain -p "$MACOS_CI_KEYCHAIN_PWD" buildespanso.keychain
security default-keychain -s buildespanso.keychain
security unlock-keychain -p "$MACOS_CI_KEYCHAIN_PWD" buildespanso.keychain
security import certificate.p12 -k buildespanso.keychain -P "$MACOS_CERTIFICATE_PWD" -T /usr/bin/codesign
security set-key-partition-list -S apple-tool:,apple:,codesign: -s -k "$MACOS_CI_KEYCHAIN_PWD" buildespanso.keychain
/usr/bin/codesign --force -s "$MACOS_CERTIFICATE_NAME" --options runtime target/mac/Espanso.app -v
- name: "Notarize executable"
env:
PROD_MACOS_NOTARIZATION_APPLE_ID: ${{ secrets.PROD_MACOS_NOTARIZATION_APPLE_ID }}
PROD_MACOS_NOTARIZATION_TEAM_ID: ${{ secrets.PROD_MACOS_NOTARIZATION_TEAM_ID }}
PROD_MACOS_NOTARIZATION_PWD: ${{ secrets.PROD_MACOS_NOTARIZATION_PWD }}
run: |
echo "Create keychain profile"
xcrun notarytool store-credentials "espanso-notarytool-profile" --apple-id "$PROD_MACOS_NOTARIZATION_APPLE_ID" --team-id "$PROD_MACOS_NOTARIZATION_TEAM_ID" --password "$PROD_MACOS_NOTARIZATION_PWD"
echo "Creating temp notarization archive"
ditto -c -k --keepParent "target/mac/Espanso.app" "notarization.zip"
echo "Notarize app"
xcrun notarytool submit "notarization.zip" --keychain-profile "espanso-notarytool-profile" --wait
echo "Attach staple"
xcrun stapler staple "target/mac/Espanso.app"
- name: Create ZIP archive
run: |
ditto -c -k --sequesterRsrc --keepParent target/mac/Espanso.app Espanso-Mac-M1.zip
- name: Calculate hashes
run: |
shasum -a 256 Espanso-Mac-M1.zip > Espanso-Mac-M1.zip.sha256.txt
- uses: actions/upload-artifact@v2
name: "Upload artifacts"
with:
name: Mac M1 Artifacts
path: |
Espanso-Mac-M1.zip
Espanso-Mac-M1.zip.sha256.txt
- name: Upload artifacts to Github Releases (if master)
if: ${{ github.ref == 'refs/heads/master' }}
run: |
gh release upload ${{ needs.extract-version.outputs.espanso_version }} Espanso-Mac-M1.zip Espanso-Mac-M1.zip.sha256.txt
macos-publish-homebrew:
needs: ["extract-version", "create-release", "macos-m1", "macos-intel"]
runs-on: macos-11
steps:
- uses: actions/checkout@v2
- name: Print target version
run: |
echo Using version ${{ needs.extract-version.outputs.espanso_version }}
- name: "Setup SSH deploy key"
uses: webfactory/ssh-agent@fc49353b67b2b7c1e0e6a600572d01a69f2672dd
with:
ssh-private-key: ${{ secrets.HOMEBREW_CASK_SSH_PRIVATE_KEY }}
- name: Create and Publish Homebrew Cask
if: ${{ github.ref == 'refs/heads/master' }}
run: |
VERSION="${{ needs.extract-version.outputs.espanso_version }}" ./scripts/publish_homebrew_version.sh
echo "Cask formula has been published here: "