Build release & sign only on merge / release / release PR (#991)

* Add env variable for release || schedule || Cut out v PR * Skip Windows, Apple, and Tauri Updater signing * Add tauri args to bypass updater on debug * Trying to address includeRelease and includeDebug issues * WIP * Clean up, fix bool eval * -c to --config * Remove src-tauri * inline config * Cleanup * Remove concurrency block * Test release * Escape backslash * Clean up * Add back concurrency and BUILD_RELEASE eval * Back to build:wasm (no speed impr noticed) * Adam's suggestions Co-authored-by: Adam Chalmers <adam.chalmers@kittycad.io> * New logic to prevent top-level artifact.zip changes --------- Co-authored-by: Adam Chalmers <adam.chalmers@kittycad.io>
2023-11-06 19:51:32 -05:00
parent 82586f002b
commit 4d520541be
3 changed files with 73 additions and 44 deletions
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@ -12,9 +12,13 @@ on:
  # Daily at 04:00 AM UTC
  # Will checkout the last commit from the default branch (main as of 2023-10-04)

+env:
+  BUILD_RELEASE: ${{ github.event_name == 'release' || github.event_name == 'schedule' || github.event_name == 'pull_request' && contains(github.event.pull_request.title, 'Cut release v') }}
+
 concurrency:
  group: ${{ github.workflow }}-${{ github.head_ref || github.run_id }}
  cancel-in-progress: true
+
 jobs:
  check-format:
    runs-on: 'ubuntu-latest'
@ -46,6 +50,20 @@ jobs:
      - run: yarn tsc


+  check-typos: 
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+      - name: Set up Python
+        uses: actions/setup-python@v4
+      - name: Install codespell
+        run: |
+            python -m pip install codespell
+      - name: Run codespell
+        run: codespell --config .codespellrc # Edit this file to tweak the typo list and other configuration.
+
+
  build-test-web:
    runs-on: ubuntu-latest
    steps:
@ -102,7 +120,7 @@ jobs:


  build-test-apps:
-    needs: [check-format, build-test-web, prepare-json-files, check-types]
+    needs: [prepare-json-files]
    runs-on: ${{ matrix.os }}
    strategy:
      matrix:
@ -119,7 +137,7 @@ jobs:
          cp artifact/package.json package.json
          cp artifact/src-tauri/tauri.conf.json src-tauri/tauri.conf.json

-      - name: install ubuntu system dependencies
+      - name: Install ubuntu system dependencies
        if: matrix.os == 'ubuntu-latest'
        run: >
          sudo apt-get update &&
@ -139,10 +157,10 @@ jobs:

      - run: yarn install

-      - name: Rust setup
+      - name: Setup Rust
        uses: dtolnay/rust-toolchain@stable

-      - name: Rust cache
+      - name: Setup Rust cache
        uses: swatinem/rust-cache@v2
        with:
          workspaces: './src-tauri -> target'
@ -151,10 +169,10 @@ jobs:
        with:
          workspaces: './src/wasm-lib'

-      - name: wasm prep
+      - name: Run build:wasm manually
        shell: bash
        env:
-          MODE: ${{ (github.event_name == 'release' || github.event_name == 'schedule') && '--release' || '--debug' }}
+          MODE: ${{ env.BUILD_RELEASE == 'true' && '--release' || '--debug' }}
        run: |
          mkdir src/wasm-lib/pkg; cd src/wasm-lib
          echo "building with ${{ env.MODE }}"
@ -165,13 +183,13 @@ jobs:
      - name: Fix format
        run: yarn fmt

-      - name: install apple silicon target mac
+      - name: Install Universal target (MacOS only)
        if: matrix.os == 'macos-latest'
        run: |
          rustup target add aarch64-apple-darwin

-      - name: Prepare Windows certificate and variables
-        if: matrix.os == 'windows-latest'
+      - name: Prepare certificate and variables (Windows only)
+        if: ${{ matrix.os == 'windows-latest' && env.BUILD_RELEASE == 'true' }}
        run: |
          echo "${{secrets.SM_CLIENT_CERT_FILE_B64 }}" | base64 --decode > /d/Certificate_pkcs12.p12
          cat /d/Certificate_pkcs12.p12
@ -185,8 +203,8 @@ jobs:
          echo "C:\Program Files\DigiCert\DigiCert One Signing Manager Tools" >> $GITHUB_PATH
        shell: bash

-      - name: Setup Windows certicate with SSM KSP
-        if: matrix.os == 'windows-latest'
+      - name: Setup certicate with SSM KSP (Windows only)
+        if: ${{ matrix.os == 'windows-latest' && env.BUILD_RELEASE == 'true' }}
        run: |
          curl -X GET  https://one.digicert.com/signingmanager/api-ui/v1/releases/smtools-windows-x64.msi/download -H "x-api-key:%SM_API_KEY%" -o smtools-windows-x64.msi
          msiexec /i smtools-windows-x64.msi /quiet /qn
@ -196,8 +214,17 @@ jobs:
          smksp_cert_sync.exe
        shell: cmd

-      - name: Build and sign the app for the current platform
+      - name: Build the app (debug)
        uses: tauri-apps/tauri-action@v0
+        if: ${{ env.BUILD_RELEASE == 'false' }}
+        with:
+          includeRelease: false
+          includeDebug: true
+          args: ${{ matrix.os == 'macos-latest' && '--target universal-apple-darwin' || '' }}
+
+      - name: Build the app (release) and sign
+        uses: tauri-apps/tauri-action@v0
+        if: ${{ env.BUILD_RELEASE == 'true' }}
        env:
          TAURI_PRIVATE_KEY: ${{ secrets.TAURI_PRIVATE_KEY }}
          TAURI_KEY_PASSWORD: ${{ secrets.TAURI_KEY_PASSWORD }}
@ -207,45 +234,35 @@ jobs:
          APPLE_ID: ${{ secrets.APPLE_ID }}
          APPLE_PASSWORD: ${{ secrets.APPLE_PASSWORD }}
          APPLE_TEAM_ID: ${{ secrets.APPLE_TEAM_ID }}
+          TAURI_CONF_ARGS: "--config ${{ matrix.os == 'windows-latest' && 'src-tauri\\tauri.release.conf.json' || 'src-tauri/tauri.release.conf.json' }}"
        with:
-          includeRelease: ${{ github.event_name == 'release' || github.event_name == 'schedule' }}
-          includeDebug: ${{ github.event_name != 'release' && github.event_name != 'schedule' }}
-          args: ${{ matrix.os == 'macos-latest' && '--target universal-apple-darwin' || '' }}
+          args: "${{ matrix.os == 'macos-latest' && '--target universal-apple-darwin' || '' }} ${{ env.TAURI_CONF_ARGS }}"

      - uses: actions/upload-artifact@v3
+        env:
+          PREFIX: ${{ matrix.os == 'macos-latest' && 'src-tauri/target/universal-apple-darwin' || 'src-tauri/target' }}
+          MODE: ${{ (github.event_name == 'release' || github.event_name == 'schedule') && 'release' || 'debug' }}
        with:
-          path: ${{ matrix.os == 'macos-latest' && 'src-tauri/target/universal-apple-darwin/release/bundle/*/*' || 'src-tauri/target/release/bundle/*/*' }}
+          path: "${{ env.PREFIX }}/${{ env.MODE }}/bundle/*/*"

-      - name: Install tauri-driver for e2e tests
+      - name: Install tauri-driver for e2e tests (linux only)
        if: matrix.os == 'ubuntu-latest'
        uses: actions-rs/cargo@v1
        with:
          command: install
          args: tauri-driver

-      - name: Run e2e tests
+      - name: Run e2e tests (linux only)
        if: matrix.os == 'ubuntu-latest'
        run: xvfb-run yarn test:e2e
        env:
-          MODE: ${{ (github.event_name == 'release' || github.event_name == 'schedule') && 'release' || 'debug' }}
+          MODE: ${{ env.BUILD_RELEASE == 'true' && 'release' || 'debug' }}

-  typos: 
-    runs-on: ubuntu-latest
-    steps:
-      - name: Checkout
-        uses: actions/checkout@v4
-      - name: Set up Python
-        uses: actions/setup-python@v4
-      - name: Install codespell
-        run: |
-            python -m pip install codespell
-      - name: Run codespell
-        run: codespell --config .codespellrc # Edit this file to tweak the typo list and other configuration.

  publish-apps-release:
    runs-on: ubuntu-latest
    if: ${{ github.event_name == 'release' || github.event_name == 'schedule' }}
-    needs: [build-test-web, prepare-json-files, build-test-apps]
+    needs: [check-format, check-types, check-typos, build-test-web, prepare-json-files, build-test-apps]
    env:
      VERSION_NO_V: ${{ needs.prepare-json-files.outputs.version }}
      VERSION: ${{ github.event_name == 'release' && format('v{0}', needs.prepare-json-files.outputs.version) || needs.prepare-json-files.outputs.version }}
--- a/src-tauri/tauri.conf.json
+++ b/src-tauri/tauri.conf.json
@ -72,23 +72,13 @@
      },
      "resources": [],
      "shortDescription": "",
-      "targets": "all",
-      "windows": {
-        "certificateThumbprint": "F4C9A52FF7BC26EE5E054946F6B11DEEA94C748D",
-        "digestAlgorithm": "sha256",
-        "timestampUrl": "http://timestamp.digicert.com"
-      }
+      "targets": "all"
    },
    "security": {
      "csp": null
    },
    "updater": {
-      "active": true,
-      "endpoints": [
-        "https://dl.kittycad.io/releases/modeling-app/last_update.json"
-      ],
-      "dialog": true,
-      "pubkey": "dW50cnVzdGVkIGNvbW1lbnQ6IG1pbmlzaWduIHB1YmxpYyBrZXk6IEUzNzA4MjBEQjFBRTY4NzYKUldSMmFLNnhEWUp3NCtsT21Jd05wQktOaGVkOVp6MUFma0hNTDRDSnI2RkJJTEZOWG1ncFhqcU8K"
+      "active": false
    },
    "windows": [
      {
--- a/src-tauri/tauri.release.conf.json
+++ b/src-tauri/tauri.release.conf.json
@ -0,0 +1,22 @@
+
+{
+  "$schema": "../node_modules/@tauri-apps/cli/schema.json",
+  "tauri": {
+    "updater": {
+      "active": true,
+      "endpoints": [
+        "https://dl.kittycad.io/releases/modeling-app/last_update.json"
+      ],
+      "dialog": true,
+      "pubkey": "dW50cnVzdGVkIGNvbW1lbnQ6IG1pbmlzaWduIHB1YmxpYyBrZXk6IEUzNzA4MjBEQjFBRTY4NzYKUldSMmFLNnhEWUp3NCtsT21Jd05wQktOaGVkOVp6MUFma0hNTDRDSnI2RkJJTEZOWG1ncFhqcU8K"
+    },
+    "bundle": {
+      "identifier": "io.kittycad.modeling-app",
+      "windows": {
+        "certificateThumbprint": "F4C9A52FF7BC26EE5E054946F6B11DEEA94C748D",
+        "digestAlgorithm": "sha256",
+        "timestampUrl": "http://timestamp.digicert.com"
+      }
+    }
+  }
+}