name: build-publish-apps on: pull_request: push: branches: - main release: types: [published] schedule: - cron: '0 4 * * *' # Daily at 04:00 AM UTC # Will checkout the last commit from the default branch (main as of 2023-10-04) env: CUT_RELEASE_PR: ${{ github.event_name == 'pull_request' && (contains(github.event.pull_request.title, 'Cut release v')) }} BUILD_RELEASE: ${{ github.event_name == 'release' || github.event_name == 'schedule' || github.event_name == 'pull_request' && (contains(github.event.pull_request.title, 'Cut release v')) }} concurrency: group: ${{ github.workflow }}-${{ github.head_ref || github.run_id }} cancel-in-progress: true jobs: prepare-files: runs-on: ubuntu-22.04 # seperate job on Ubuntu for easy string manipulations (compared to Windows) outputs: version: ${{ steps.export_version.outputs.version }} steps: - uses: actions/checkout@v4 - uses: actions/setup-node@v4 with: node-version-file: '.nvmrc' cache: 'yarn' - run: yarn install - name: Setup Rust uses: dtolnay/rust-toolchain@stable - uses: Swatinem/rust-cache@v2 with: workspaces: './src/wasm-lib' # TODO: see if we can fetch from main instead if no diff at src/wasm-lib - name: Run build:wasm run: "yarn build:wasm" - name: Set nightly version if: github.event_name == 'schedule' run: | VERSION=$(date +'%-y.%-m.%-d') yarn bump-jsons - uses: actions/upload-artifact@v3 with: name: prepared-files path: | package.json src/wasm-lib/pkg/wasm_lib* - id: export_version run: echo "version=`cat package.json | jq -r '.version'`" >> "$GITHUB_OUTPUT" - name: Prepare electron-builder.yml file for nightly if: ${{ github.event_name == 'schedule' }} run: | yq -i '.publish[0].url = "https://dl.zoo.dev/releases/modeling-app/nightly"' electron-builder.yml - uses: actions/upload-artifact@v3 if: ${{ github.event_name == 'schedule' }} with: name: prepared-files-nightly path: | electron-builder.yml - name: Prepare electron-builder.yml file for updater test if: ${{ env.CUT_RELEASE_PR == 'true' }} run: | yq -i '.publish[0].url = "https://dl.zoo.dev/releases/modeling-app/updater-test"' electron-builder.yml - uses: actions/upload-artifact@v3 if: ${{ env.CUT_RELEASE_PR == 'true' }} with: name: prepared-files-updater-test path: | electron-builder.yml build-apps: needs: [prepare-files] strategy: fail-fast: false matrix: os: [macos-14, windows-2022, ubuntu-22.04] runs-on: ${{ matrix.os }} env: APPLE_ID: ${{ secrets.APPLE_ID }} APPLE_PASSWORD: ${{ secrets.APPLE_PASSWORD }} APPLE_APP_SPECIFIC_PASSWORD: ${{ secrets.APPLE_PASSWORD }} APPLE_TEAM_ID: ${{ secrets.APPLE_TEAM_ID }} CSC_LINK: ${{ secrets.APPLE_CERTIFICATE }} CSC_KEY_PASSWORD: ${{ secrets.APPLE_CERTIFICATE_PASSWORD }} CSC_KEYCHAIN: ${{ secrets.APPLE_SIGNING_IDENTITY }} CSC_FOR_PULL_REQUEST: true VERSION: ${{ github.event_name == 'schedule' && needs.prepare-files.outputs.version || format('v{0}', needs.prepare-files.outputs.version) }} VERSION_NO_V: ${{ needs.prepare-files.outputs.version }} WINDOWS_CERTIFICATE_THUMBPRINT: F4C9A52FF7BC26EE5E054946F6B11DEEA94C748D steps: - uses: actions/checkout@v4 - uses: actions/download-artifact@v3 name: prepared-files - name: Copy prepared files run: | ls -R prepared-files cp prepared-files/package.json package.json cp prepared-files/src/wasm-lib/pkg/wasm_lib_bg.wasm public mkdir src/wasm-lib/pkg cp prepared-files/src/wasm-lib/pkg/wasm_lib* src/wasm-lib/pkg - uses: actions/download-artifact@v3 if: ${{ github.event_name == 'schedule' }} name: prepared-files-nightly - name: Copy updated electron-builder.yml file for nightly build if: ${{ github.event_name == 'schedule' }} run: | ls -R prepared-files-nightly cp prepared-files-nightly/electron-builder.yml electron-builder.yml - name: Sync node version and setup cache uses: actions/setup-node@v4 with: node-version-file: '.nvmrc' cache: 'yarn' # Set this to npm, yarn or pnpm. - run: yarn install - run: yarn tronb:vite - name: Prepare certificate and variables (Windows only) if: ${{ env.BUILD_RELEASE == 'true' && matrix.os == 'windows-2022' }} run: | echo "${{secrets.SM_CLIENT_CERT_FILE_B64 }}" | base64 --decode > /d/Certificate_pkcs12.p12 cat /d/Certificate_pkcs12.p12 echo "::set-output name=version::${GITHUB_REF#refs/tags/v}" echo "SM_HOST=${{ secrets.SM_HOST }}" >> "$GITHUB_ENV" echo "SM_API_KEY=${{ secrets.SM_API_KEY }}" >> "$GITHUB_ENV" echo "SM_CLIENT_CERT_FILE=D:\\Certificate_pkcs12.p12" >> "$GITHUB_ENV" echo "SM_CLIENT_CERT_PASSWORD=${{ secrets.SM_CLIENT_CERT_PASSWORD }}" >> "$GITHUB_ENV" echo "C:\Program Files (x86)\Windows Kits\10\App Certification Kit" >> $GITHUB_PATH echo "C:\Program Files (x86)\Microsoft SDKs\Windows\v10.0A\bin\NETFX 4.8 Tools" >> $GITHUB_PATH echo "C:\Program Files\DigiCert\DigiCert One Signing Manager Tools" >> $GITHUB_PATH shell: bash - name: Setup certicate with SSM KSP (Windows only) if: ${{ env.BUILD_RELEASE == 'true' && matrix.os == 'windows-2022' }} run: | curl -X GET https://one.digicert.com/signingmanager/api-ui/v1/releases/smtools-windows-x64.msi/download -H "x-api-key:%SM_API_KEY%" -o smtools-windows-x64.msi msiexec /i smtools-windows-x64.msi /quiet /qn smksp_registrar.exe list smctl.exe keypair ls C:\Windows\System32\certutil.exe -csp "DigiCert Signing Manager KSP" -key -user smksp_cert_sync.exe shell: cmd - name: Build the app run: yarn electron-builder --config ${{ env.BUILD_RELEASE && '--publish always' || '' }} - name: List artifacts in out/ run: ls -R out - uses: actions/upload-artifact@v3 with: name: out-arm64-${{ matrix.os }} path: | out/Zoo*arm64*.* out/latest*.yml - uses: actions/upload-artifact@v3 with: name: out-x64-${{ matrix.os }} path: | out/Zoo*x*64*.* # TODO: add the 'Build for Mac TestFlight (nightly)' stage back - uses: actions/download-artifact@v3 if: ${{ env.CUT_RELEASE_PR == 'true' }} name: prepared-files-updater-test - name: Copy updated electron-builder.yml file for updater test if: ${{ env.CUT_RELEASE_PR == 'true' }} run: | ls -R prepared-files-updater-test cp prepared-files-updater-test/electron-builder.yml electron-builder.yml - name: Build the app (updater-test) if: ${{ env.CUT_RELEASE_PR == 'true' }} run: yarn electron-builder --config ${{ env.BUILD_RELEASE && '--publish always' || '' }} - uses: actions/upload-artifact@v3 if: ${{ env.CUT_RELEASE_PR == 'true' }} with: name: updater-test-arm64-${{ matrix.os }} path: | out/Zoo*arm64*.* - uses: actions/upload-artifact@v3 if: ${{ env.CUT_RELEASE_PR == 'true' }} with: name: updater-test-x64-${{ matrix.os }} path: | out/Zoo*x64*.* publish-apps-release: runs-on: ubuntu-22.04 permissions: contents: write if: ${{ github.event_name == 'release' || github.event_name == 'schedule' }} needs: [prepare-files, build-apps] env: VERSION_NO_V: ${{ needs.prepare-files.outputs.version }} VERSION: ${{ github.event_name == 'schedule' && needs.prepare-files.outputs.version || format('v{0}', needs.prepare-files.outputs.version) }} PUB_DATE: ${{ github.event_name == 'release' && github.event.release.created_at || github.event.repository.updated_at }} NOTES: ${{ github.event_name == 'release' && github.event.release.body || format('Non-release build, commit {0}', github.sha) }} BUCKET_DIR: ${{ github.event_name == 'schedule' && 'dl.kittycad.io/releases/modeling-app/nightly' || 'dl.kittycad.io/releases/modeling-app' }} WEBSITE_DIR: ${{ github.event_name == 'schedule' && 'dl.zoo.dev/releases/modeling-app/nightly' || 'dl.zoo.dev/releases/modeling-app' }} URL_CODED_NAME: ${{ github.event_name == 'schedule' && 'Zoo%20Modeling%20App%20%28Nightly%29' || 'Zoo%20Modeling%20App' }} steps: - uses: actions/checkout@v4 - uses: actions/download-artifact@v3 with: name: out-arm64-windows-2022 path: out - uses: actions/download-artifact@v3 with: name: out-x64-windows-2022 path: out - uses: actions/download-artifact@v3 with: name: out-arm64-macos-14 path: out - uses: actions/download-artifact@v3 with: name: out-x64-macos-14 path: out - uses: actions/download-artifact@v3 with: name: out-arm64-ubuntu-22.04 path: out - uses: actions/download-artifact@v3 with: name: out-x64-ubuntu-22.04 path: out - name: Generate the download static endpoint run: | RELEASE_DIR=https://${WEBSITE_DIR} jq --null-input \ --arg version "${VERSION}" \ --arg pub_date "${PUB_DATE}" \ --arg notes "${NOTES}" \ --arg mac_arm64_url "$RELEASE_DIR/${{ env.URL_CODED_NAME }}-${VERSION_NO_V}-arm64-mac.dmg" \ --arg mac_x64_url "$RELEASE_DIR/${{ env.URL_CODED_NAME }}-${VERSION_NO_V}-x64-mac.dmg" \ --arg windows_arm64_url "$RELEASE_DIR/${{ env.URL_CODED_NAME }}-${VERSION_NO_V}-arm64-win.exe" \ --arg windows_x64_url "$RELEASE_DIR/${{ env.URL_CODED_NAME }}-${VERSION_NO_V}-x64-win.exe" \ --arg linux_arm64_url "$RELEASE_DIR/${{ env.URL_CODED_NAME }}-${VERSION_NO_V}-arm64-linux.AppImage" \ --arg linux_x64_url "$RELEASE_DIR/${{ env.URL_CODED_NAME }}-${VERSION_NO_V}-x86_64-linux.AppImage" \ '{ "version": $version, "pub_date": $pub_date, "notes": $notes, "platforms": { "dmg-arm64": { "url": $mac_arm64_url }, "dmg-x64": { "url": $mac_x64_url }, "exe-arm64": { "url": $windows_arm64_url }, "exe-x64": { "url": $windows_x64_url }, "appimage-arm64": { "url": $linux_arm64_url }, "appimage-x64": { "url": $linux_x64_url } } }' > last_download.json cat last_download.json - name: List artifacts run: "ls -R out" - name: Authenticate to Google Cloud uses: 'google-github-actions/auth@v2.1.5' with: credentials_json: '${{ secrets.GOOGLE_CLOUD_DL_SA }}' - name: Set up Google Cloud SDK uses: google-github-actions/setup-gcloud@v2.1.0 with: project_id: ${{ env.GOOGLE_CLOUD_PROJECT_ID }} - name: Upload release files to public bucket uses: google-github-actions/upload-cloud-storage@v2.2.0 with: path: out glob: 'Zoo*' parent: false destination: ${{ env.BUCKET_DIR }} - name: Upload update endpoint to public bucket uses: google-github-actions/upload-cloud-storage@v2.2.0 with: path: out glob: 'latest*' parent: false destination: ${{ env.BUCKET_DIR }} - name: Upload download endpoint to public bucket uses: google-github-actions/upload-cloud-storage@v2.2.0 with: path: last_download.json destination: ${{ env.BUCKET_DIR }} - name: Upload release files to Github if: ${{ github.event_name == 'release' }} uses: softprops/action-gh-release@v2 with: files: 'out/Zoo*' - name: Invalidate bucket cache on latest*.yml and last_download.json files run: | gcloud compute url-maps invalidate-cdn-cache dl-url-map --path="/releases/modeling-app/last_download.json" --async gcloud compute url-maps invalidate-cdn-cache dl-url-map --path="/releases/modeling-app/latest-linux-arm64.yml" --async gcloud compute url-maps invalidate-cdn-cache dl-url-map --path="/releases/modeling-app/latest-mac.yml" --async gcloud compute url-maps invalidate-cdn-cache dl-url-map --path="/releases/modeling-app/latest.yml" --async announce_release: needs: [publish-apps-release] runs-on: ubuntu-22.04 if: github.event_name == 'release' steps: - name: Check out code uses: actions/checkout@v4 - name: Set up Python uses: actions/setup-python@v5 with: python-version: '3.x' - name: Install dependencies run: | python -m pip install --upgrade pip pip install requests - name: Announce Release env: DISCORD_WEBHOOK_URL: ${{ secrets.DISCORD_WEBHOOK_URL }} RELEASE_VERSION: ${{ github.event.release.tag_name }} RELEASE_BODY: ${{ github.event.release.body}} run: python public/announce_release.py