name: CI on: pull_request: push: branches: - main release: types: [published] schedule: - cron: '0 4 * * *' # Daily at 04:00 AM UTC # Will checkout the last commit from the default branch (main as of 2023-10-04) env: BUILD_RELEASE: ${{ github.event_name == 'release' || github.event_name == 'schedule' || github.event_name == 'pull_request' && (contains(github.event.pull_request.title, 'Cut release v')) }} concurrency: group: ${{ github.workflow }}-${{ github.head_ref || github.run_id }} cancel-in-progress: true jobs: check-format: runs-on: 'ubuntu-latest' steps: - uses: actions/checkout@v4 - uses: actions/setup-node@v4 with: node-version-file: '.nvmrc' cache: 'yarn' - run: yarn install - run: yarn fmt-check check-types: runs-on: ubuntu-latest steps: - uses: actions/checkout@v4 - uses: actions/setup-node@v4 with: node-version-file: '.nvmrc' cache: 'yarn' - run: yarn install - uses: Swatinem/rust-cache@v2 with: workspaces: './src/wasm-lib' - run: yarn build:wasm - run: yarn xstate:typegen - run: yarn tsc check-typos: runs-on: ubuntu-latest steps: - name: Checkout uses: actions/checkout@v4 - name: Set up Python uses: actions/setup-python@v5 - name: Install codespell run: | python -m pip install codespell - name: Run codespell run: codespell --config .codespellrc # Edit this file to tweak the typo list and other configuration. build-test-web: runs-on: ubuntu-latest steps: - uses: actions/checkout@v4 - uses: actions/setup-node@v4 with: node-version-file: '.nvmrc' cache: 'yarn' - run: yarn install - uses: Swatinem/rust-cache@v2 with: workspaces: './src/wasm-lib' - run: yarn build:wasm - run: yarn simpleserver:ci - run: yarn test:nowatch prepare-json-files: runs-on: ubuntu-latest # seperate job on Ubuntu for easy string manipulations (compared to Windows) outputs: version: ${{ steps.export_version.outputs.version }} steps: - uses: actions/checkout@v4 - uses: actions/setup-node@v4 with: node-version-file: '.nvmrc' cache: 'yarn' - name: Set nightly version if: github.event_name == 'schedule' run: | VERSION=$(date +'%-y.%-m.%-d') yarn bump-jsons echo "$(jq --arg url 'https://dl.zoo.dev/releases/modeling-app/nightly/last_update.json' \ '.plugins.updater.endpoints[]=$url' src-tauri/tauri.release.conf.json --indent 2)" > src-tauri/tauri.release.conf.json echo "$(jq --arg id 'dev.zoo.modeling-app-nightly' \ '.identifier=$id' src-tauri/tauri.release.conf.json --indent 2)" > src-tauri/tauri.release.conf.json echo "$(jq --arg name 'Zoo Modeling App (Nightly)' \ '.productName=$name' src-tauri/tauri.release.conf.json --indent 2)" > src-tauri/tauri.release.conf.json - uses: actions/upload-artifact@v3 if: github.event_name == 'schedule' with: path: | package.json src-tauri/tauri.conf.json src-tauri/tauri.release.conf.json - id: export_version run: echo "version=`cat package.json | jq -r '.version'`" >> "$GITHUB_OUTPUT" build-test-apps: needs: [prepare-json-files] runs-on: ${{ matrix.os }} strategy: fail-fast: false matrix: os: [macos-14, ubuntu-latest, windows-latest] env: # Specific Apple Universal target for macos TAURI_ARGS_MACOS: ${{ matrix.os == 'macos-14' && '--target universal-apple-darwin' || '' }} # Only build executable on linux (no appimage or deb) TAURI_ARGS_UBUNTU: ${{ matrix.os == 'ubuntu-latest' && '--bundles' || '' }} steps: - uses: actions/checkout@v4 - uses: actions/download-artifact@v3 - name: Copy updated .json files if: github.event_name == 'schedule' run: | ls -l artifact cp artifact/package.json package.json cp artifact/src-tauri/tauri.conf.json src-tauri/tauri.conf.json cp artifact/src-tauri/tauri.release.conf.json src-tauri/tauri.release.conf.json - name: Update WebView2 on Windows if: matrix.os == 'windows-latest' # Workaround needed to build the tauri windows app with matching edge version. # From https://github.com/actions/runner-images/issues/9538 run: | Invoke-WebRequest -Uri 'https://go.microsoft.com/fwlink/p/?LinkId=2124703' -OutFile 'setup.exe' Start-Process -FilePath setup.exe -Verb RunAs -Wait - name: Install ubuntu system dependencies if: matrix.os == 'ubuntu-latest' run: | sudo apt-get update sudo apt-get install -y \ libgtk-3-dev \ libayatana-appindicator3-dev \ webkit2gtk-driver \ libsoup-3.0-dev \ libjavascriptcoregtk-4.1-dev \ libwebkit2gtk-4.1-dev \ at-spi2-core \ xvfb - name: Sync node version and setup cache uses: actions/setup-node@v4 with: node-version-file: '.nvmrc' cache: 'yarn' # Set this to npm, yarn or pnpm. - run: yarn install - name: Setup Rust uses: dtolnay/rust-toolchain@stable # TODO: re-enable for Windows builds, see https://github.com/tauri-apps/tauri/issues/9045 - name: Setup Rust cache if: matrix.os != 'windows-latest' uses: swatinem/rust-cache@v2 with: workspaces: './src-tauri -> target' - uses: Swatinem/rust-cache@v2 with: workspaces: './src/wasm-lib' - name: Run build:wasm manually shell: bash env: MODE: ${{ env.BUILD_RELEASE == 'true' && '--release' || '--debug' }} run: | mkdir src/wasm-lib/pkg; cd src/wasm-lib echo "building with ${{ env.MODE }}" npx wasm-pack build --target web --out-dir pkg ${{ env.MODE }} cd ../../ cp src/wasm-lib/pkg/wasm_lib_bg.wasm public - name: Run vite build (build:both) run: yarn vite build --mode ${{ env.BUILD_RELEASE == 'true' && 'production' || 'development' }} - name: Fix format run: yarn fmt - name: Install x86 target for Universal builds (MacOS only) if: matrix.os == 'macos-14' run: | rustup target add x86_64-apple-darwin - name: Prepare certificate and variables (Windows only) if: ${{ matrix.os == 'windows-latest' && env.BUILD_RELEASE == 'true' }} run: | echo "${{secrets.SM_CLIENT_CERT_FILE_B64 }}" | base64 --decode > /d/Certificate_pkcs12.p12 cat /d/Certificate_pkcs12.p12 echo "::set-output name=version::${GITHUB_REF#refs/tags/v}" echo "SM_HOST=${{ secrets.SM_HOST }}" >> "$GITHUB_ENV" echo "SM_API_KEY=${{ secrets.SM_API_KEY }}" >> "$GITHUB_ENV" echo "SM_CLIENT_CERT_FILE=D:\\Certificate_pkcs12.p12" >> "$GITHUB_ENV" echo "SM_CLIENT_CERT_PASSWORD=${{ secrets.SM_CLIENT_CERT_PASSWORD }}" >> "$GITHUB_ENV" echo "C:\Program Files (x86)\Windows Kits\10\App Certification Kit" >> $GITHUB_PATH echo "C:\Program Files (x86)\Microsoft SDKs\Windows\v10.0A\bin\NETFX 4.8 Tools" >> $GITHUB_PATH echo "C:\Program Files\DigiCert\DigiCert One Signing Manager Tools" >> $GITHUB_PATH shell: bash - name: Setup certicate with SSM KSP (Windows only) if: ${{ matrix.os == 'windows-latest' && env.BUILD_RELEASE == 'true' }} run: | curl -X GET https://one.digicert.com/signingmanager/api-ui/v1/releases/smtools-windows-x64.msi/download -H "x-api-key:%SM_API_KEY%" -o smtools-windows-x64.msi msiexec /i smtools-windows-x64.msi /quiet /qn smksp_registrar.exe list smctl.exe keypair ls C:\Windows\System32\certutil.exe -csp "DigiCert Signing Manager KSP" -key -user smksp_cert_sync.exe shell: cmd - name: Build the app (debug) uses: tauri-apps/tauri-action@v0 if: ${{ env.BUILD_RELEASE == 'false' }} with: includeRelease: false includeDebug: true args: "${{ env.TAURI_ARGS_MACOS }} ${{ env.TAURI_ARGS_UBUNTU }}" - name: Build for Mac TestFlight (nightly) if: ${{ github.event_name == 'schedule' && matrix.os == 'macos-14' }} shell: bash run: | unset APPLE_SIGNING_IDENTITY unset APPLE_CERTIFICATE sign_app="3rd Party Mac Developer Application: KittyCAD Inc (${APPLE_TEAM_ID})" sign_install="3rd Party Mac Developer Installer: KittyCAD Inc (${APPLE_TEAM_ID})" profile="src-tauri/entitlements/Mac_App_Distribution.provisionprofile" mkdir -p src-tauri/entitlements echo -n "${APPLE_STORE_PROVISIONING_PROFILE}" | base64 --decode -o "${profile}" echo -n "${APPLE_STORE_DISTRIBUTION_CERT}" | base64 --decode -o "dist.cer" echo -n "${APPLE_STORE_INSTALLER_CERT}" | base64 --decode -o "installer.cer" KEYCHAIN_PATH=$RUNNER_TEMP/app-signing.keychain-db KEYCHAIN_PASSWORD="password" # create temporary keychain security create-keychain -p "$KEYCHAIN_PASSWORD" $KEYCHAIN_PATH security set-keychain-settings -lut 21600 $KEYCHAIN_PATH security unlock-keychain -p "$KEYCHAIN_PASSWORD" $KEYCHAIN_PATH # import certificate to keychain security import "dist.cer" -P "$APPLE_STORE_P12_PASSWORD" -k $KEYCHAIN_PATH -f pkcs12 -t cert -A security import "installer.cer" -P "$APPLE_STORE_P12_PASSWORD" -k $KEYCHAIN_PATH -f pkcs12 -t cert -A security set-key-partition-list -S apple-tool:,apple: -k "$KEYCHAIN_PASSWORD" $KEYCHAIN_PATH security list-keychain -d user -s $KEYCHAIN_PATH target="universal-apple-darwin" # Turn off the default target # We don't want to install the updater for the apple store build sed -i.bu "s/default =/# default =/" src-tauri/Cargo.toml rm src-tauri/Cargo.toml.bu git diff src-tauri/Cargo.toml yarn tauri build --target "${target}" --verbose --config src-tauri/tauri.app-store.conf.json app_path="src-tauri/target/${target}/release/bundle/macos/Zoo Modeling App.app" build_name="src-tauri/target/${target}/release/bundle/macos/Zoo Modeling App.pkg" cp_dir="src-tauri/target/${target}/release/bundle/macos/Zoo Modeling App.app/Contents/embedded.provisionprofile" entitlements="src-tauri/entitlements/app-store.entitlements" cp "${profile}" "${cp_dir}" codesign --deep --force -s "${sign_app}" --entitlements "${entitlements}" "${app_path}" productbuild --component "${app_path}" /Applications/ --sign "${sign_install}" "${build_name}" # Undo the changes to the Cargo.toml git checkout src-tauri/Cargo.toml env: APPLE_TEAM_ID: ${{ secrets.APPLE_TEAM_ID }} APPLE_STORE_PROVISIONING_PROFILE: ${{ secrets.APPLE_STORE_PROVISIONING_PROFILE }} APPLE_STORE_DISTRIBUTION_CERT: ${{ secrets.APPLE_STORE_DISTRIBUTION_CERT }} APPLE_STORE_INSTALLER_CERT: ${{ secrets.APPLE_STORE_INSTALLER_CERT }} APPLE_STORE_P12_PASSWORD: ${{ secrets.APPLE_STORE_P12_PASSWORD }} - name: 'Upload to Mac TestFlight (nightly)' uses: apple-actions/upload-testflight-build@v1 if: ${{ github.event_name == 'schedule' && matrix.os == 'macos-14' }} with: app-path: 'src-tauri/target/universal-apple-darwin/release/bundle/macos/Zoo Modeling App.pkg' issuer-id: ${{ secrets.APPLE_STORE_ISSUER_ID }} api-key-id: ${{ secrets.APPLE_STORE_API_KEY_ID }} api-private-key: ${{ secrets.APPLE_STORE_API_PRIVATE_KEY }} app-type: osx - name: Clean up after Mac TestFlight (nightly) if: ${{ github.event_name == 'schedule' && matrix.os == 'macos-14' }} shell: bash run: | git status # remove our target builds because we want to make sure the later build # includes the updater, and that anything we changed with the target # does not persist rm -rf src-tauri/target # Lets get rid of the info.plist for the normal mac builds since its # being sketchy. rm src-tauri/Info.plist # We do this after the apple store because the apple store build is # specific and we want to overwrite it with the this new build after and # not upload the apple store build to the public bucket - name: Build the app (release) and sign uses: tauri-apps/tauri-action@v0 if: ${{ env.BUILD_RELEASE == 'true' }} env: TAURI_SIGNING_PRIVATE_KEY: ${{ secrets.TAURI_SIGNING_PRIVATE_KEY }} TAURI_SIGNING_PRIVATE_KEY_PASSWORD: ${{ secrets.TAURI_SIGNING_PRIVATE_KEY_PASSWORD }} APPLE_CERTIFICATE: ${{ secrets.APPLE_CERTIFICATE }} APPLE_CERTIFICATE_PASSWORD: ${{ secrets.APPLE_CERTIFICATE_PASSWORD }} APPLE_SIGNING_IDENTITY: ${{ secrets.APPLE_SIGNING_IDENTITY }} APPLE_ID: ${{ secrets.APPLE_ID }} APPLE_PASSWORD: ${{ secrets.APPLE_PASSWORD }} APPLE_TEAM_ID: ${{ secrets.APPLE_TEAM_ID }} TAURI_CONF_ARGS: "--config ${{ matrix.os == 'windows-latest' && 'src-tauri\\tauri.release.conf.json' || 'src-tauri/tauri.release.conf.json' }}" with: args: "${{ env.TAURI_CONF_ARGS }} ${{ env.TAURI_ARGS_MACOS }} ${{ env.TAURI_ARGS_UBUNTU }}" - uses: actions/upload-artifact@v3 if: matrix.os != 'ubuntu-latest' env: PREFIX: ${{ matrix.os == 'macos-14' && 'src-tauri/target/universal-apple-darwin' || 'src-tauri/target' }} MODE: ${{ env.BUILD_RELEASE == 'true' && 'release' || 'debug' }} with: path: "${{ env.PREFIX }}/${{ env.MODE }}/bundle/*/*" - name: Run e2e tests (linux only) if: ${{ matrix.os == 'ubuntu-latest' && github.event_name != 'release' && github.event_name != 'schedule' }} run: | cargo install tauri-driver --force source .env.${{ env.BUILD_RELEASE == 'true' && 'production' || 'development' }} export VITE_KC_API_BASE_URL xvfb-run yarn test:e2e:tauri env: E2E_APPLICATION: "./src-tauri/target/${{ env.BUILD_RELEASE == 'true' && 'release' || 'debug' }}/zoo-modeling-app" KITTYCAD_API_TOKEN: ${{ env.BUILD_RELEASE == 'true' && secrets.KITTYCAD_API_TOKEN || secrets.KITTYCAD_API_TOKEN_DEV }} - name: Run e2e tests (windows only) if: ${{ matrix.os == 'windows-latest' && github.event_name != 'release' && github.event_name != 'schedule' }} run: | cargo install tauri-driver --force yarn wdio run wdio.conf.ts env: E2E_APPLICATION: ".\\src-tauri\\target\\${{ env.BUILD_RELEASE == 'true' && 'release' || 'debug' }}\\Zoo Modeling App.exe" KITTYCAD_API_TOKEN: ${{ env.BUILD_RELEASE == 'true' && secrets.KITTYCAD_API_TOKEN || secrets.KITTYCAD_API_TOKEN_DEV }} VITE_KC_API_BASE_URL: ${{ env.BUILD_RELEASE == 'true' && 'https://api.zoo.dev' || 'https://api.dev.zoo.dev' }} E2E_TAURI_ENABLED: true TS_NODE_COMPILER_OPTIONS: '{"module": "commonjs"}' publish-apps-release: runs-on: ubuntu-latest if: ${{ github.event_name == 'release' || github.event_name == 'schedule' }} needs: [check-format, check-types, check-typos, build-test-web, prepare-json-files, build-test-apps] env: VERSION_NO_V: ${{ needs.prepare-json-files.outputs.version }} VERSION: ${{ github.event_name == 'release' && format('v{0}', needs.prepare-json-files.outputs.version) || needs.prepare-json-files.outputs.version }} PUB_DATE: ${{ github.event_name == 'release' && github.event.release.created_at || github.event.repository.updated_at }} NOTES: ${{ github.event_name == 'release' && github.event.release.body || format('Nightly build, commit {0}', github.sha) }} BUCKET_DIR: ${{ github.event_name == 'release' && 'dl.kittycad.io/releases/modeling-app' || 'dl.kittycad.io/releases/modeling-app/nightly' }} WEBSITE_DIR: ${{ github.event_name == 'release' && 'dl.zoo.dev/releases/modeling-app' || 'dl.zoo.dev/releases/modeling-app/nightly' }} URL_CODED_NAME: ${{ github.event_name == 'schedule' && 'Zoo%20Modeling%20App%20%28Nightly%29' || 'Zoo%20Modeling%20App' }} steps: - uses: actions/download-artifact@v3 - name: Generate the update static endpoint run: | ls -l artifact/*/*oo* DARWIN_SIG=`cat artifact/macos/*.app.tar.gz.sig` WINDOWS_SIG=`cat artifact/msi/*.msi.zip.sig` RELEASE_DIR=https://${WEBSITE_DIR}/${VERSION} jq --null-input \ --arg version "${VERSION}" \ --arg pub_date "${PUB_DATE}" \ --arg notes "${NOTES}" \ --arg darwin_sig "$DARWIN_SIG" \ --arg darwin_url "$RELEASE_DIR/macos/${{ env.URL_CODED_NAME }}.app.tar.gz" \ --arg windows_sig "$WINDOWS_SIG" \ --arg windows_url "$RELEASE_DIR/msi/${{ env.URL_CODED_NAME }}_${VERSION_NO_V}_x64_en-US.msi.zip" \ '{ "version": $version, "pub_date": $pub_date, "notes": $notes, "platforms": { "darwin-x86_64": { "signature": $darwin_sig, "url": $darwin_url }, "darwin-aarch64": { "signature": $darwin_sig, "url": $darwin_url }, "windows-x86_64": { "signature": $windows_sig, "url": $windows_url } } }' > last_update.json cat last_update.json - name: Generate the download static endpoint run: | RELEASE_DIR=https://${WEBSITE_DIR}/${VERSION} jq --null-input \ --arg version "${VERSION}" \ --arg pub_date "${PUB_DATE}" \ --arg notes "${NOTES}" \ --arg darwin_url "$RELEASE_DIR/dmg/${{ env.URL_CODED_NAME }}_${VERSION_NO_V}_universal.dmg" \ --arg windows_url "$RELEASE_DIR/msi/${{ env.URL_CODED_NAME }}_${VERSION_NO_V}_x64_en-US.msi" \ '{ "version": $version, "pub_date": $pub_date, "notes": $notes, "platforms": { "dmg-universal": { "url": $darwin_url }, "msi-x86_64": { "url": $windows_url } } }' > last_download.json cat last_download.json - name: Authenticate to Google Cloud uses: 'google-github-actions/auth@v2.1.3' with: credentials_json: '${{ secrets.GOOGLE_CLOUD_DL_SA }}' - name: Set up Google Cloud SDK uses: google-github-actions/setup-gcloud@v2.1.0 with: project_id: kittycadapi - name: Upload release files to public bucket uses: google-github-actions/upload-cloud-storage@v2.1.0 with: path: artifact glob: '*/Zoo*' parent: false destination: ${{ env.BUCKET_DIR }}/${{ env.VERSION }} - name: Upload update endpoint to public bucket uses: google-github-actions/upload-cloud-storage@v2.1.0 with: path: last_update.json destination: ${{ env.BUCKET_DIR }} - name: Upload download endpoint to public bucket uses: google-github-actions/upload-cloud-storage@v2.1.0 with: path: last_download.json destination: ${{ env.BUCKET_DIR }} - name: Upload release files to Github if: ${{ github.event_name == 'release' }} uses: softprops/action-gh-release@v2 with: files: 'artifact/*/Zoo*' announce_release: needs: [publish-apps-release] runs-on: ubuntu-latest if: github.event_name == 'release' steps: - name: Check out code uses: actions/checkout@v4 - name: Set up Python uses: actions/setup-python@v5 with: python-version: '3.x' - name: Install dependencies run: | python -m pip install --upgrade pip pip install requests - name: Announce Release env: DISCORD_WEBHOOK_URL: ${{ secrets.DISCORD_WEBHOOK_URL }} RELEASE_VERSION: ${{ github.event.release.tag_name }} RELEASE_BODY: ${{ github.event.release.body}} run: python public/announce_release.py