chore: automate releases with release-please #1400
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: ci | |
on: | |
workflow_dispatch: | |
push: | |
branches: | |
- main | |
tags: | |
- '*' | |
pull_request: | |
branches: | |
- main | |
env: | |
XDG_CACHE_HOME: ${{ github.workspace }}/.cache | |
ELECTRON_CACHE: ${{ github.workspace }}/.cache/electron | |
ELECTRON_BUILDER_CACHE: ${{ github.workspace }}/.cache/electron-builder | |
jobs: | |
webui: | |
runs-on: ubuntu-latest | |
steps: | |
- name: Check out Git repository | |
uses: actions/checkout@v3 | |
- name: Install Node.js | |
uses: actions/setup-node@v3 | |
with: | |
node-version: '18.17.1' | |
- name: Read ipfs-webui CID from package.json | |
id: read-webui-version | |
run: | | |
echo '::echo::on' | |
echo "cid=$(grep "build:webui:download" package.json | grep -Eio "bafy[a-z0-9]+")" >> $GITHUB_OUTPUT | |
echo '::echo::off' | |
shell: bash | |
- name: Cache webui | |
uses: actions/cache@v3 | |
id: webui-cache | |
with: | |
path: assets/webui | |
key: ${{ steps.read-webui-version.outputs.cid }} | |
- name: Cache bigger downloads | |
uses: actions/cache@v3 | |
id: cache | |
if: steps.webui-cache.outputs.cache-hit != 'true' | |
with: | |
path: ${{ github.workspace }}/.cache | |
key: ${{ runner.os }}-${{ hashFiles('package.json', 'package-lock.json', 'electron-builder.yml') }} | |
restore-keys: | | |
${{ runner.os }}-${{ hashFiles('package.json', 'package-lock.json', 'electron-builder.yml') }} | |
${{ runner.os }}- | |
- uses: ipfs/download-ipfs-distribution-action@v1 | |
if: steps.webui-cache.outputs.cache-hit != 'true' | |
with: | |
name: kubo | |
- uses: ipfs/start-ipfs-daemon-action@v1 | |
if: steps.webui-cache.outputs.cache-hit != 'true' | |
- name: Install dependencies and fetch ipfs-webui | |
if: steps.webui-cache.outputs.cache-hit != 'true' | |
run: | | |
npm ci --prefer-offline --no-audit --progress=false --cache ${{ github.workspace }}/.cache/npm | |
npm run clean | |
npm run force-webui-download | |
- name: Attach cached ipfs-webui to Github Action | |
uses: actions/upload-artifact@v3 | |
with: | |
name: ipfs-webui | |
path: assets/webui | |
if-no-files-found: error | |
test: | |
runs-on: ${{ matrix.os }} | |
needs: webui | |
strategy: | |
fail-fast: false | |
matrix: | |
os: [macos-latest, ubuntu-latest, windows-latest] | |
steps: | |
- name: Check out Git repository | |
uses: actions/checkout@v3 | |
- name: Install Node.js | |
uses: actions/setup-node@v3 | |
with: | |
node-version: '18.17.1' | |
- name: Read ipfs-webui CID from package.json | |
id: read-webui-version | |
run: echo "cid=$(grep "build:webui:download" package.json | grep -Eio "bafy[a-z0-9]+")" >> $GITHUB_OUTPUT | |
shell: bash | |
- name: Cache webui | |
uses: actions/cache@v3 | |
id: webui-cache | |
with: | |
path: assets/webui | |
key: ${{ steps.read-webui-version.outputs.cid }} | |
- name: Cache bigger downloads | |
uses: actions/cache@v3 | |
id: cache | |
with: | |
path: ${{ github.workspace }}/.cache | |
key: ${{ runner.os }}-${{ hashFiles('package.json', 'package-lock.json', 'electron-builder.yml') }} | |
restore-keys: | | |
${{ runner.os }}-${{ hashFiles('package.json', 'package-lock.json', 'electron-builder.yml') }} | |
${{ runner.os }}- | |
- uses: ipfs/download-ipfs-distribution-action@v1 | |
if: steps.webui-cache.outputs.cache-hit != 'true' | |
with: | |
name: kubo | |
- uses: ipfs/start-ipfs-daemon-action@v1 | |
if: steps.webui-cache.outputs.cache-hit != 'true' | |
- name: Install dependencies | |
run: npm ci --prefer-offline --no-audit --progress=false --cache ${{ github.workspace }}/.cache/npm | |
- name: Build | |
run: npm run build | |
- name: Stop any ipfs daemon before tests | |
run: ipfs shutdown || true | |
shell: bash | |
- name: Test | |
run: npm run test | |
- name: Test end-to-end | |
uses: coactions/setup-xvfb@b6b4fcfb9f5a895edadc3bc76318fae0ac17c8b3 # v1.0.1 | |
with: | |
working-directory: ${{ github.workspace }} | |
run: npm run test:e2e | |
- name: Lint | |
run: npm run lint | |
build: | |
runs-on: ${{ matrix.os }} | |
needs: test # build packages only if tests passed | |
strategy: | |
fail-fast: false | |
matrix: | |
os: [macos-latest, ubuntu-latest, windows-latest] | |
steps: | |
- name: Check out Git repository | |
uses: actions/checkout@v3 | |
- name: Install Node.js | |
uses: actions/setup-node@v3 | |
with: | |
node-version: '18.17.1' | |
- name: Read ipfs-webui CID from package.json | |
id: read-webui-version | |
run: echo "cid=$(grep "build:webui:download" package.json | grep -Eio "bafy[a-z0-9]+")" >> $GITHUB_OUTPUT | |
shell: bash | |
- name: Cache webui | |
uses: actions/cache@v3 | |
id: webui-cache | |
with: | |
path: assets/webui | |
key: ${{ steps.read-webui-version.outputs.cid }} | |
- name: Cache bigger downloads | |
uses: actions/cache@v3 | |
id: cache | |
with: | |
path: ${{ github.workspace }}/.cache | |
key: ${{ runner.os }}-${{ hashFiles('package.json', 'package-lock.json', 'electron-builder.yml') }} | |
restore-keys: | | |
${{ runner.os }}-${{ hashFiles('package.json', 'package-lock.json', 'electron-builder.yml') }} | |
${{ runner.os }}- | |
- uses: ipfs/download-ipfs-distribution-action@v1 | |
if: steps.webui-cache.outputs.cache-hit != 'true' | |
with: | |
name: kubo | |
- uses: ipfs/start-ipfs-daemon-action@v1 | |
if: steps.webui-cache.outputs.cache-hit != 'true' | |
- name: Install dependencies | |
run: npm ci --prefer-offline --no-audit --progress=false --cache ${{ github.workspace }}/.cache/npm | |
- name: Build | |
run: npm run build | |
- name: Get tag | |
id: tag | |
run: | | |
if [[ "$GITHUB_REF" == "refs/tags/"* ]]; then | |
echo "tag=${GITHUB_REF/refs\/tags\//}" >> $GITHUB_OUTPUT | |
fi | |
shell: bash | |
continue-on-error: true # empty steps.tag.outputs.tag will inform the next step | |
- name: Build binaries with electron-builder | |
uses: paneron/action-electron-builder@14b133702d1b2e9749912051c43ed62b4afe56c8 # v1.8.1 | |
with: | |
package_manager: npm | |
skip_package_manager_install: true | |
args: --publish onTag # attach signed binaries to a release draft only when building a tag | |
release: false # keep github release as draft for manual inspection | |
max_attempts: 2 | |
# GH token for attaching atrifacts to release draft on tag build | |
github_token: ${{ secrets.github_token }} | |
# Windows signing | |
windows_certs: ${{ secrets.windows_certs }} | |
windows_certs_password: ${{ secrets.windows_certs_password }} | |
# Apple signing | |
mac_certs: ${{ secrets.mac_certs }} | |
mac_certs_password: ${{ secrets.mac_certs_password }} | |
env: | |
CI_BUILD_TAG: ${{steps.tag.outputs.tag}} # used by --publish onTag | |
# Force signing on PR IFF secrets are around | |
PUBLISH_FOR_PULL_REQUEST: ${{ secrets.PUBLISH_FOR_PULL_REQUEST }} | |
CSC_FOR_PULL_REQUEST: ${{ secrets.CSC_FOR_PULL_REQUEST }} | |
# Apple notarization | |
APPLEID: ${{ secrets.apple_id }} | |
APPLEIDPASS: ${{ secrets.apple_id_pass }} | |
- name: Show dist/ | |
run: du -sh dist/ && ls -l dist/ | |
# Persist produced binaries and effective config used for building them | |
# - this is not for releases, but for quick testing during the dev | |
# - action artifacts can be downloaded for 90 days, then are removed by github | |
# - binaries in PRs from forks won't be signed | |
- name: Attach produced packages to Github Action | |
uses: actions/upload-artifact@v3 | |
with: | |
name: dist-${{ matrix.os }} | |
path: dist/*esktop*.* | |
if-no-files-found: error | |
- name: Show Cache | |
run: du -sh ${{ github.workspace }}/.cache/ && ls -l ${{ github.workspace }}/.cache/ |