Skip to content

Commit

Permalink
Merge pull request #595 from mountaindude/587
Browse files Browse the repository at this point in the history 
Switch insider build binaries to use SEA
  • Loading branch information
@mountaindude
mountaindude authored Nov 6, 2024
2 parents ad40cea + 05c9952 commit 2d90162
Showing 1 changed file with 32 additions and 19 deletions.
51 changes: 32 additions & 19 deletions .github/workflows/insiders-build.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -14,13 +14,6 @@ jobs:
include:
- os: win-code-sign
build: |
echo ${env:DIST_FILE_NAME}
echo "${env:DIST_FILE_NAME}"
echo $env:DIST_FILE_NAME
echo "$env:DIST_FILE_NAME"
cd src
./node_modules/.bin/esbuild "${env:DIST_FILE_NAME}.js" --bundle --outfile=build.cjs --format=cjs --platform=node --target=node23
node --experimental-sea-config sea-config.json
Expand Down Expand Up @@ -76,29 +69,35 @@ jobs:
# Move the zip file to the root directory
Move-Item "${env:DIST_FILE_NAME}--win-x64--${{ github.sha }}.zip" "../${env:DIST_FILE_NAME}--win-x64--${{ github.sha }}.zip"
# -------------------
# Clean up
Remove-Item -Force build.cjs
artifact_insider: butler-sheet-icons--win-x64--${{ github.sha }}.zip

- os: mac-build1
build: |
cd src
./node_modules/.bin/esbuild ${DIST_FILE_NAME}.js --bundle --external:vm2 --external:axios --outfile=build.cjs --format=cjs --platform=node --target=node18.5.0
pkg --output "../${DIST_FILE_NAME}" -t node18-macos-x64 ./build.cjs --config package.json --options no-deprecation --compress GZip
./node_modules/.bin/esbuild ${DIST_FILE_NAME}.js --bundle --outfile=build.cjs --format=cjs --platform=node --target=node23
node --experimental-sea-config sea-config.json
cp $(command -v node) ${DIST_FILE_NAME}
npx postject ${DIST_FILE_NAME} NODE_SEA_BLOB sea-prep.blob --sentinel-fuse NODE_SEA_FUSE_fce680ab2cc467b6e072b8b5df1996b2 --macho-segment-name NODE_SEA
cd ..
chmod +x "${DIST_FILE_NAME}"
#cd ..
#chmod +x "${DIST_FILE_NAME}"
security delete-keychain build.keychain || true
pwd
ls -la
# Turn our base64-encoded certificate back to a regular .p12 file
# -------------------
# Turn our base64-encoded certificate back to a regular .p12 file
echo $MACOS_CERTIFICATE | base64 --decode > certificate.p12
# -------------------
# We need to create a new keychain, otherwise using the certificate will prompt
# with a UI dialog asking for the certificate password, which we can't
# use in a headless CI environment
security create-keychain -p "$MACOS_CI_KEYCHAIN_PWD" build.keychain
security list-keychains -d user -s build.keychain
security default-keychain -d user -s build.keychain
Expand All @@ -109,17 +108,16 @@ jobs:
codesign --force -s "$MACOS_CERTIFICATE_NAME" -v "./${DIST_FILE_NAME}" --deep --strict --options=runtime --timestamp --entitlements ./release-config/${DIST_FILE_NAME}.entitlements


# -------------------
# Notarize
# Store the notarization credentials so that we can prevent a UI password dialog from blocking the CI

echo "Create keychain profile"
xcrun notarytool store-credentials "notarytool-profile" --apple-id "$PROD_MACOS_NOTARIZATION_APPLE_ID" --team-id "$PROD_MACOS_NOTARIZATION_TEAM_ID" --password "$PROD_MACOS_NOTARIZATION_PWD"

# -------------------
# We can't notarize an app bundle directly, but we need to compress it as an archive.
# Therefore, we create a zip file containing our app bundle, so that we can send it to the
# notarization service


# Notarize insider binary
echo "Creating temp notarization archive for insider build"
ditto -c -k --keepParent "./${DIST_FILE_NAME}" "./${DIST_FILE_NAME}--macos-x64--${{ github.sha }}.zip"
Expand All @@ -131,16 +129,24 @@ jobs:
echo "Notarize insider app"
xcrun notarytool submit "./${DIST_FILE_NAME}--macos-x64--${{ github.sha }}.zip" --keychain-profile "notarytool-profile" --wait

# Move the zip file to the root directory
mv "./${DIST_FILE_NAME}--macos-x64--${{ github.sha }}.zip" "../${DIST_FILE_NAME}--macos-x64--${{ github.sha }}.zip"

# -------------------
# Clean up
# Delete build keychain
security delete-keychain build.keychain
rm build.cjs

artifact_insider: butler-sheet-icons--macos-x64--${{ github.sha }}.zip

- os: ubuntu-latest
build: |
cd src
./node_modules/.bin/esbuild ${DIST_FILE_NAME}.js --bundle --external:vm2 --external:axios --outfile=build.cjs --format=cjs --platform=node --target=node18.5.0
pkg --output "../${DIST_FILE_NAME}" -t node18-linux-x64 ./build.cjs --config package.json --options no-deprecation --compress GZip
./node_modules/.bin/esbuild ${DIST_FILE_NAME}.js --bundle --outfile=build.cjs --format=cjs --platform=node --target=node23
node --experimental-sea-config sea-config.json
cp $(command -v node) ${DIST_FILE_NAME}
npx postject ${DIST_FILE_NAME} NODE_SEA_BLOB sea-prep.blob --sentinel-fuse NODE_SEA_FUSE_fce680ab2cc467b6e072b8b5df1996b2
cd ..
chmod +x ${DIST_FILE_NAME}
Expand All @@ -154,6 +160,13 @@ jobs:
tar -czf "${DIST_FILE_NAME}--linux-x64--${{ github.sha }}.tgz" "${DIST_FILE_NAME}"
ls -la
# Move the zip file to the root directory
mv "${DIST_FILE_NAME}--linux-x64--${{ github.sha }}.tgz" "${DIST_FILE_NAME}--linux-x64--${{ github.sha }}.tgz"
# -------------------
# Clean up
rm build.cjs
artifact_insider: butler-sheet-icons--linux-x64--${{ github.sha }}.tgz
runs-on: ${{ matrix.os }}
steps:
Expand Down

0 comments on commit 2d90162

Please sign in to comment.