Temporarily revert to 1.17.4 on Electron #26
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Terms: | |
| # "build" - Compile web project using webpack. | |
| # "package" - Produce a distributive package for a specific platform as a workflow artifact. | |
| # "publish" - Send a package to corresponding store and GitHub release page. | |
| # "release" - build + package + publish | |
| # | |
| # Jobs in this workflow will skip the "publish" step when `PUBLISH_REPO` is not set. | |
| name: Package and publish | |
| on: | |
| workflow_dispatch: | |
| push: | |
| branches: | |
| - master | |
| concurrency: | |
| group: ${{ github.ref }} | |
| cancel-in-progress: true | |
| env: | |
| APP_NAME: MyTonWallet | |
| FIREFOX_EXT_ID: '{98fcdaee-2b58-4f71-8a3c-f0c66f24dede}' | |
| jobs: | |
| electron-release: | |
| name: Build, package and publish Electron | |
| runs-on: macos-latest | |
| timeout-minutes: 30 | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v3 | |
| - name: Use Node.js 18.x | |
| uses: actions/setup-node@v3 | |
| with: | |
| node-version: 18.x | |
| - name: Cache node modules | |
| id: npm-cache | |
| uses: actions/cache@v3 | |
| with: | |
| path: node_modules | |
| key: ${{ runner.os }}-build-${{ hashFiles('**/package-lock.json') }} | |
| restore-keys: | | |
| ${{ runner.os }}-build- | |
| - name: Install dependencies | |
| if: steps.npm-cache.outputs.cache-hit != 'true' | |
| run: npm ci | |
| - name: Import MacOS signing certificate | |
| env: | |
| APPLE_CERTIFICATE_BASE64: ${{ secrets.APPLE_CERTIFICATE_BASE64 }} | |
| APPLE_CERTIFICATE_PASSWORD: ${{ secrets.APPLE_CERTIFICATE_PASSWORD }} | |
| run: | | |
| KEY_CHAIN=build.keychain | |
| CERTIFICATE_P12=certificate.p12 | |
| echo "$APPLE_CERTIFICATE_BASE64" | base64 --decode > $CERTIFICATE_P12 | |
| security create-keychain -p actions $KEY_CHAIN | |
| security default-keychain -s $KEY_CHAIN | |
| security unlock-keychain -p actions $KEY_CHAIN | |
| security import $CERTIFICATE_P12 -k $KEY_CHAIN -P $APPLE_CERTIFICATE_PASSWORD -T /usr/bin/codesign | |
| security set-key-partition-list -S apple-tool:,apple:,codesign: -s -k actions $KEY_CHAIN | |
| security find-identity -v -p codesigning $KEY_CHAIN | |
| - name: Get branch name for current workflow run | |
| id: branch-name | |
| uses: tj-actions/branch-names@v7 | |
| - name: Build, package and publish | |
| env: | |
| TONHTTPAPI_MAINNET_URL: ${{ vars.TONHTTPAPI_MAINNET_URL }} | |
| TONAPIIO_MAINNET_URL: ${{ vars.TONAPIIO_MAINNET_URL }} | |
| TONHTTPAPI_TESTNET_URL: ${{ vars.TONHTTPAPI_TESTNET_URL }} | |
| TONAPIIO_TESTNET_URL: ${{ vars.TONAPIIO_TESTNET_URL }} | |
| PROXY_HOSTS: ${{ vars.PROXY_HOSTS }} | |
| STAKING_POOLS: ${{ vars.STAKING_POOLS }} | |
| ELECTRON_TONHTTPAPI_MAINNET_API_KEY: ${{ secrets.ELECTRON_TONHTTPAPI_MAINNET_API_KEY }} | |
| APPLE_ID: ${{ secrets.APPLE_ID }} | |
| APPLE_APP_SPECIFIC_PASSWORD: ${{ secrets.APPLE_APP_SPECIFIC_PASSWORD }} | |
| PUBLISH_REPO: ${{ vars.PUBLISH_REPO }} | |
| GH_TOKEN: ${{ secrets.GH_TOKEN }} | |
| BASE_URL: ${{ vars.BASE_URL }} | |
| IS_PREVIEW: ${{ steps.branch-name.outputs.current_branch != 'master' }} | |
| run: | | |
| if [ -z "$PUBLISH_REPO" ]; then | |
| npm run electron:package:staging | |
| else | |
| npm run electron:release:production | |
| fi | |
| - name: Upload macOS x64 artifact | |
| uses: actions/upload-artifact@v3 | |
| with: | |
| name: ${{ env.APP_NAME }}-x64.dmg | |
| path: dist-electron/${{ env.APP_NAME }}-x64.dmg | |
| - name: Upload macOS arm64 artifact | |
| uses: actions/upload-artifact@v3 | |
| with: | |
| name: ${{ env.APP_NAME }}-arm64.dmg | |
| path: dist-electron/${{ env.APP_NAME }}-arm64.dmg | |
| - name: Upload Linux artifact | |
| uses: actions/upload-artifact@v3 | |
| with: | |
| name: ${{ env.APP_NAME }}-x86_64.AppImage | |
| path: dist-electron/${{ env.APP_NAME }}-x86_64.AppImage | |
| - name: Upload Windows artifact | |
| uses: actions/upload-artifact@v3 | |
| with: | |
| name: ${{ env.APP_NAME }}-x64.exe | |
| path: dist-electron/${{ env.APP_NAME }}-x64.exe | |
| electron-sign-for-windows: | |
| name: Sign and re-publish Windows package | |
| needs: electron-release | |
| runs-on: windows-latest | |
| timeout-minutes: 10 | |
| if: vars.PUBLISH_REPO != '' | |
| env: | |
| GH_TOKEN: ${{ secrets.GH_TOKEN }} | |
| PUBLISH_REPO: ${{ vars.PUBLISH_REPO }} | |
| steps: | |
| - name: Setup certificate | |
| shell: bash | |
| run: echo "${{ secrets.SM_CLIENT_CERT_FILE_B64 }}" | base64 --decode > /d/Certificate_pkcs12.p12 | |
| - name: Set environment variables | |
| id: variables | |
| shell: bash | |
| run: | | |
| echo "version=${GITHUB_REF#refs/tags/v}" >> $GITHUB_OUTPUT | |
| echo "FILE_NAME=${{ env.APP_NAME }}-x64.exe" >> "$GITHUB_ENV" | |
| echo "SM_HOST=${{ secrets.SM_HOST }}" >> "$GITHUB_ENV" | |
| echo "SM_API_KEY=${{ secrets.SM_API_KEY }}" >> "$GITHUB_ENV" | |
| echo "SM_CLIENT_CERT_FILE=D:\\Certificate_pkcs12.p12" >> "$GITHUB_ENV" | |
| echo "SM_CLIENT_CERT_PASSWORD=${{ secrets.SM_CLIENT_CERT_PASSWORD }}" >> "$GITHUB_ENV" | |
| echo "C:\Program Files (x86)\Windows Kits\10\App Certification Kit" >> $GITHUB_PATH | |
| echo "C:\Program Files (x86)\Microsoft SDKs\Windows\v10.0A\bin\NETFX 4.8 Tools" >> $GITHUB_PATH | |
| echo "C:\Program Files\DigiCert\DigiCert One Signing Manager Tools" >> $GITHUB_PATH | |
| - name: Setup SSM KSP | |
| env: | |
| SM_API_KEY: ${{ secrets.SM_API_KEY }} | |
| shell: cmd | |
| run: | | |
| curl.exe -X GET https://one.digicert.com/signingmanager/api-ui/v1/releases/smtools-windows-x64.msi/download -H "x-api-key:%SM_API_KEY%" -o smtools.msi | |
| msiexec /i smtools.msi /quiet /qn | |
| smksp_registrar.exe list | |
| smctl.exe keypair ls | |
| C:\Windows\System32\certutil.exe -csp "DigiCert Signing Manager KSP" -key -user | |
| smksp_cert_sync.exe | |
| - name: Download Windows package | |
| id: download-artifact | |
| uses: actions/download-artifact@v3 | |
| with: | |
| name: ${{ env.FILE_NAME }} | |
| - name: Sign package | |
| env: | |
| KEYPAIR_ALIAS: ${{ secrets.KEYPAIR_ALIAS }} | |
| FILE_PATH: ${{ steps.download-artifact.outputs.download-path }} | |
| shell: cmd | |
| run: smctl.exe sign --keypair-alias=%KEYPAIR_ALIAS% --input "%FILE_PATH%\%FILE_NAME%" | |
| - uses: actions/upload-artifact@v3 | |
| with: | |
| name: ${{ env.FILE_NAME }} | |
| path: ${{ env.FILE_NAME }} | |
| - name: Get latest release ID | |
| id: release-id | |
| shell: bash | |
| run: | | |
| RELEASE_ID=$(curl -s -H "Authorization: Bearer $GH_TOKEN" "https://api.github.com/repos/$PUBLISH_REPO/releases?per_page=1" | jq -r '.[0].id') | |
| echo "release_id=$RELEASE_ID" >> $GITHUB_OUTPUT | |
| - name: Delete existing asset | |
| env: | |
| RELEASE_ID: ${{ steps.release-id.outputs.release_id }} | |
| shell: bash | |
| run: | | |
| PUBLISH_FILE_NAME=${FILE_NAME// /-} # Consistency with electron-builder | |
| ASSET_ID=$(curl -s -H "Authorization: Bearer $GH_TOKEN" "https://api.github.com/repos/$PUBLISH_REPO/releases/$RELEASE_ID/assets" | jq -r --arg PUBLISH_FILE_NAME "$PUBLISH_FILE_NAME" '.[] | select(.name == $PUBLISH_FILE_NAME) | .id') | |
| curl -X DELETE -H "Authorization: Bearer $GH_TOKEN" "https://api.github.com/repos/$PUBLISH_REPO/releases/assets/$ASSET_ID" | |
| - name: Push new asset | |
| env: | |
| FILE_PATH: ${{ steps.download-artifact.outputs.download-path }} | |
| RELEASE_ID: ${{ steps.release-id.outputs.release_id }} | |
| shell: bash | |
| run: | | |
| PUBLISH_FILE_NAME=${FILE_NAME// /-} # Consistency with electron-builder | |
| curl -X POST -H "Authorization: Bearer $GH_TOKEN" \ | |
| -H "Content-Type: application/octet-stream" \ | |
| --data-binary "@$FILE_PATH\\$FILE_NAME" \ | |
| "https://uploads.github.com/repos/$PUBLISH_REPO/releases/$RELEASE_ID/assets?name=$PUBLISH_FILE_NAME" | |
| - name: Publish release | |
| env: | |
| RELEASE_ID: ${{ steps.release-id.outputs.release_id }} | |
| shell: bash | |
| run: | | |
| curl -X PATCH -H "Authorization: Bearer $GH_TOKEN" "https://api.github.com/repos/$PUBLISH_REPO/releases/$RELEASE_ID" -d '{"draft": false}' | |
| extensions-package: | |
| name: Build and package extensions | |
| runs-on: ubuntu-latest | |
| timeout-minutes: 10 | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v3 | |
| - name: Use Node.js 18.x | |
| uses: actions/setup-node@v3 | |
| with: | |
| node-version: 18.x | |
| - name: Cache node modules | |
| id: npm-cache | |
| uses: actions/cache@v3 | |
| with: | |
| path: node_modules | |
| key: ${{ runner.os }}-build-${{ hashFiles('**/package-lock.json') }} | |
| restore-keys: | | |
| ${{ runner.os }}-build- | |
| - name: Install dependencies | |
| if: steps.npm-cache.outputs.cache-hit != 'true' | |
| run: npm ci | |
| - name: Build and package | |
| env: | |
| TONHTTPAPI_MAINNET_URL: ${{ vars.TONHTTPAPI_MAINNET_URL }} | |
| TONAPIIO_MAINNET_URL: ${{ vars.TONAPIIO_MAINNET_URL }} | |
| TONHTTPAPI_TESTNET_URL: ${{ vars.TONHTTPAPI_TESTNET_URL }} | |
| TONAPIIO_TESTNET_URL: ${{ vars.TONAPIIO_TESTNET_URL }} | |
| PROXY_HOSTS: ${{ vars.PROXY_HOSTS }} | |
| STAKING_POOLS: ${{ vars.STAKING_POOLS }} | |
| PUBLISH_REPO: ${{ vars.PUBLISH_REPO }} | |
| run: | | |
| if [ -z "$PUBLISH_REPO" ]; then | |
| npm run extension-chrome:package:staging | |
| npm run extension-firefox:package:staging | |
| else | |
| npm run extension-chrome:package:production | |
| npm run extension-firefox:package:production | |
| fi | |
| - name: Upload Chrome extension artifact | |
| uses: actions/upload-artifact@v3 | |
| with: | |
| name: ${{ env.APP_NAME }}-chrome.zip | |
| path: ${{ env.APP_NAME }}-chrome.zip | |
| - name: Upload Firefox extension artifact | |
| uses: actions/upload-artifact@v3 | |
| with: | |
| name: ${{ env.APP_NAME }}-firefox.zip | |
| path: ${{ env.APP_NAME }}-firefox.zip | |
| chrome-publish: | |
| name: Publish Chrome extension | |
| needs: extensions-package | |
| runs-on: ubuntu-latest | |
| timeout-minutes: 5 | |
| if: vars.PUBLISH_REPO != '' | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v3 | |
| - name: Use Node.js 18.x | |
| uses: actions/setup-node@v3 | |
| with: | |
| node-version: 18.x | |
| - name: Set environment variables | |
| id: variables | |
| shell: bash | |
| run: | | |
| echo "CHROME_FILE_NAME=${{ env.APP_NAME }}-chrome.zip" >> "$GITHUB_ENV" | |
| echo "FIREFOX_FILE_NAME=${{ env.APP_NAME }}-firefox.zip" >> "$GITHUB_ENV" | |
| - name: Download Chrome extension artifact | |
| uses: actions/download-artifact@v3 | |
| with: | |
| name: ${{ env.CHROME_FILE_NAME }} | |
| - name: Publish to Chrome store | |
| env: | |
| EXTENSION_ID: ${{ vars.CHROME_EXTENSION_ID }} | |
| CLIENT_ID: ${{ secrets.GOOGLE_CLIENT_ID }} | |
| CLIENT_SECRET: ${{ secrets.GOOGLE_CLIENT_SECRET }} | |
| REFRESH_TOKEN: ${{ secrets.GOOGLE_REFRESH_TOKEN }} | |
| run: npx --yes chrome-webstore-upload-cli@2 upload --auto-publish --source ${{ env.CHROME_FILE_NAME }} | |
| firefox-publish: | |
| name: Publish Firefox extension | |
| needs: extensions-package | |
| runs-on: ubuntu-latest | |
| timeout-minutes: 5 | |
| if: vars.PUBLISH_REPO != '' | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v3 | |
| - name: Use Node.js 18.x | |
| uses: actions/setup-node@v3 | |
| with: | |
| node-version: 18.x | |
| - name: Set environment variables | |
| id: variables | |
| shell: bash | |
| run: | | |
| echo "FIREFOX_FILE_NAME=${{ env.APP_NAME }}-firefox.zip" >> "$GITHUB_ENV" | |
| - name: Download Firefox extension artifact | |
| uses: actions/download-artifact@v3 | |
| with: | |
| name: ${{ env.FIREFOX_FILE_NAME }} | |
| - name: Publish to Firefox addons | |
| env: | |
| WEB_EXT_API_KEY: ${{ secrets.FIREFOX_API_KEY }} | |
| WEB_EXT_API_SECRET: ${{ secrets.FIREFOX_API_SECRET }} | |
| # App env | |
| PROXY_HOSTS: ${{ vars.PROXY_HOSTS }} | |
| STAKING_POOLS: ${{ vars.STAKING_POOLS }} | |
| run: | | |
| npm i jsonwebtoken@9 web-ext-submit@7 | |
| UNZIP_DIR=/tmp/${{ env.APP_NAME }}-firefox | |
| mkdir $UNZIP_DIR | |
| unzip ${{ env.FIREFOX_FILE_NAME }} -d $UNZIP_DIR | |
| npx web-ext-submit --source-dir=$UNZIP_DIR | |
| echo "APP_NAME=\"${APP_NAME}\" | |
| PROXY_HOSTS=\"${PROXY_HOSTS}\" | |
| STAKING_POOLS=\"${STAKING_POOLS}\"" >.env | |
| bash deploy/firefox_pack_sources.sh | |
| node deploy/firefoxPatchVersion.js | |
| edge-publish: | |
| name: Publish Edge extension | |
| needs: extensions-package | |
| runs-on: ubuntu-latest | |
| if: vars.PUBLISH_REPO != '' | |
| timeout-minutes: 5 | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v3 | |
| - name: Use Node.js 18.x | |
| uses: actions/setup-node@v3 | |
| with: | |
| node-version: 18.x | |
| - name: Set environment variables | |
| id: variables | |
| shell: bash | |
| run: | | |
| echo "CHROME_FILE_NAME=${{ env.APP_NAME }}-chrome.zip" >> "$GITHUB_ENV" | |
| - name: Download Chrome extension artifact | |
| uses: actions/download-artifact@v3 | |
| with: | |
| name: ${{ env.CHROME_FILE_NAME }} | |
| - name: Publish to Edge store | |
| env: | |
| EDGE_PRODUCT_ID: ${{ secrets.EDGE_PRODUCT_ID }} | |
| EDGE_CLIENT_ID: ${{ secrets.EDGE_CLIENT_ID }} | |
| EDGE_CLIENT_SECRET: ${{ secrets.EDGE_CLIENT_SECRET }} | |
| EDGE_ACCESS_TOKEN_URL: ${{ secrets.EDGE_ACCESS_TOKEN_URL }} | |
| run: | | |
| npm i @plasmohq/[email protected] | |
| export EDGE_FILE_PATH="./$CHROME_FILE_NAME" | |
| node deploy/edgePublish.js | |
| calculate-hash: | |
| name: Calculate sha256 hashes | |
| env: | |
| HASH_FILENAME: checksum.sha256 | |
| needs: | |
| - electron-sign-for-windows | |
| - extensions-package | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Download artifacts | |
| uses: actions/download-artifact@v3 | |
| - name: Calculate sha256 hashes | |
| run: | | |
| mkdir release | |
| mv */*.dmg */*.exe */*.AppImage release/ | |
| sha256sum release/* >${{ env.HASH_FILENAME }} | |
| - name: Upload hash artifact | |
| uses: actions/upload-artifact@v3 | |
| with: | |
| name: ${{ env.HASH_FILENAME }} | |
| path: ${{ env.HASH_FILENAME }} | |
| mobile-release: | |
| name: Build, package and publish mobile apps | |
| runs-on: macos-latest | |
| timeout-minutes: 30 | |
| if: github.event_name != 'workflow_dispatch' | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v3 | |
| - name: Use Node.js 18.x | |
| uses: actions/setup-node@v3 | |
| with: | |
| node-version: 18.x | |
| - name: Cache node modules | |
| id: npm-cache | |
| uses: actions/cache@v3 | |
| with: | |
| path: node_modules | |
| key: ${{ runner.os }}-build-${{ hashFiles('**/package-lock.json') }} | |
| restore-keys: | | |
| ${{ runner.os }}-build- | |
| - name: Install dependencies | |
| if: steps.npm-cache.outputs.cache-hit != 'true' | |
| run: npm ci | |
| - name: Build and sync mobile projects | |
| env: | |
| TONHTTPAPI_MAINNET_URL: ${{ vars.TONHTTPAPI_MAINNET_URL }} | |
| TONAPIIO_MAINNET_URL: ${{ vars.TONAPIIO_MAINNET_URL }} | |
| TONHTTPAPI_TESTNET_URL: ${{ vars.TONHTTPAPI_TESTNET_URL }} | |
| TONAPIIO_TESTNET_URL: ${{ vars.TONAPIIO_TESTNET_URL }} | |
| PROXY_HOSTS: ${{ vars.PROXY_HOSTS }} | |
| STAKING_POOLS: ${{ vars.STAKING_POOLS }} | |
| PUBLISH_REPO: ${{ vars.PUBLISH_REPO }} | |
| run: | | |
| if [ -z "$PUBLISH_REPO" ]; then | |
| npm run mobile:build:staging | |
| else | |
| npm run mobile:build:production | |
| fi | |
| - name: Use Ruby and install dependencies | |
| uses: ruby/setup-ruby@v1 | |
| with: | |
| ruby-version: 3.2 | |
| bundler-cache: true | |
| working-directory: mobile | |
| - name: Install the Apple certificate and provisioning profile | |
| env: | |
| IOS_CERTIFICATE_BASE64: ${{ secrets.IOS_CERTIFICATE_BASE64 }} | |
| IOS_CERTIFICATE_PASSWORD: ${{ secrets.IOS_CERTIFICATE_PASSWORD }} | |
| IOS_PROVISION_PROFILE_BASE64: ${{ secrets.IOS_PROVISION_PROFILE_BASE64 }} | |
| IOS_KEYCHAIN_PASSWORD: ${{ secrets.IOS_KEYCHAIN_PASSWORD }} | |
| run: | | |
| # create variables | |
| CERTIFICATE_PATH=$RUNNER_TEMP/build_certificate.p12 | |
| PP_PATH=$RUNNER_TEMP/build_pp.mobileprovision | |
| KEYCHAIN_PATH=$RUNNER_TEMP/app-signing.keychain-db | |
| # import certificate and provisioning profile from secrets | |
| echo -n "$IOS_CERTIFICATE_BASE64" | base64 --decode -o $CERTIFICATE_PATH | |
| echo -n "$IOS_PROVISION_PROFILE_BASE64" | base64 --decode -o $PP_PATH | |
| # create temporary keychain | |
| security create-keychain -p "$IOS_KEYCHAIN_PASSWORD" $KEYCHAIN_PATH | |
| security set-keychain-settings -lut 21600 $KEYCHAIN_PATH | |
| security unlock-keychain -p "$IOS_KEYCHAIN_PASSWORD" $KEYCHAIN_PATH | |
| # import certificate to keychain | |
| security import $CERTIFICATE_PATH -P "$IOS_CERTIFICATE_PASSWORD" -A -t cert -f pkcs12 -k $KEYCHAIN_PATH | |
| security list-keychain -d user -s $KEYCHAIN_PATH | |
| # apply provisioning profile | |
| mkdir -p ~/Library/MobileDevice/Provisioning\ Profiles | |
| cp $PP_PATH ~/Library/MobileDevice/Provisioning\ Profiles | |
| - name: "iOS: Package and publish" | |
| env: | |
| IOS_AUTH_KEY_BASE64: ${{ secrets.IOS_AUTH_KEY_BASE64 }} | |
| run: | | |
| cd mobile/ios/App | |
| echo -n "$IOS_AUTH_KEY_BASE64" | base64 --decode -o ./AuthKey.p8 | |
| if [ "$GITHUB_REF_NAME" == "mobile-release" ]; then | |
| bundle exec fastlane release | |
| else | |
| bundle exec fastlane beta | |
| fi | |
| - name: Set up JDK 17 | |
| uses: actions/setup-java@v3 | |
| with: | |
| java-version: '17' | |
| distribution: 'temurin' | |
| cache: gradle | |
| - name: Setup Android SDK | |
| uses: android-actions/setup-android@v3 | |
| - name: "Android: Package and publish" | |
| env: | |
| ANDROID_API_KEY_BASE64: ${{ secrets.ANDROID_API_KEY_BASE64 }} | |
| ANDROID_KEYSTORE_BASE64: ${{ secrets.ANDROID_KEYSTORE_BASE64 }} | |
| ANDROID_KEYSTORE_PASSWORD: ${{ secrets.ANDROID_KEYSTORE_PASSWORD }} | |
| run: | | |
| cd mobile/android | |
| echo -n "$ANDROID_API_KEY_BASE64" | base64 --decode -o ./api-key.json | |
| echo -n "$ANDROID_KEYSTORE_BASE64" | base64 --decode -o ./android.keystore | |
| if [ "$GITHUB_REF_NAME" == "mobile-release" ]; then | |
| bundle exec fastlane release | |
| else | |
| bundle exec fastlane beta | |
| fi |