SY-1375 Run CI on Windows and macOS #2040

Workflow file for this run

.github/workflows/deploy.console.yaml at 70bd333

	name: Deploy - Console

	on:
	push:
	branches:
	- main
	- rc
	pull_request:
	branches:
	- main
	- rc
	workflow_dispatch:

	permissions:
	contents: write

	env:
	TAURI_SIGNING_PRIVATE_KEY_PASSWORD: ${{ secrets.TAURI_KEY_PASSWORD }}
	TAURI_SIGNING_PRIVATE_KEY: ${{ secrets.TAURI_PRIVATE_KEY }}

	jobs:
	setup:
	name: Setup
	runs-on: ubuntu-latest
	outputs:
	PURE_VERSION: ${{ steps.version.outputs.PURE_VERSION }}
	VERSION: ${{ steps.version.outputs.VERSION }}
	changed: ${{ steps.filter.outputs.changed }}
	steps:
	- name: Checkout Repository
	uses: actions/checkout@v4
	with:
	fetch-depth: 0
	ssh-key: ${{ secrets.DEPLOY_KEY }}

	- name: Get Version
	id: version
	working-directory: console
	run: \|
	if [ "${GITHUB_REF}" == "refs/heads/main" ]; then
	echo "VERSION=$(node -p "require('./package.json').version")" >> $GITHUB_OUTPUT
	echo "PURE_VERSION=$(node -p "require('./package.json').version")" >> $GITHUB_OUTPUT
	else
	echo "VERSION=$(node -p "require('./package.json').version")-rc" >> $GITHUB_OUTPUT
	echo "PURE_VERSION=$(node -p "require('./package.json').version")" >> $GITHUB_OUTPUT
	fi

	- name: Diff Changes
	uses: dorny/paths-filter@v3
	id: filter
	with:
	base: ${{ github.ref }}
	filters: \|
	changed:
	- .github/workflows/deploy.console.yaml
	- alamos/ts/**
	- client/ts/**
	- configs/ts/**
	- configs/vite/**
	- console/**
	- drift/**
	- pluto/**
	- x/media/**
	- x/ts/**

	create-release:
	name: Create Release
	runs-on: ubuntu-latest
	if: github.event_name == 'push' && needs.setup.outputs.changed == 'true'
	needs: setup
	env:
	VERSION: ${{ needs.setup.outputs.VERSION }}
	outputs:
	release_id: ${{ steps.create-release.outputs.result }}
	steps:
	- name: Checkout Repository
	uses: actions/checkout@v4

	- name: Set up pnpm
	uses: pnpm/action-setup@v4

	- name: Set up Node.js
	uses: actions/setup-node@v4
	with:
	node-version-file: package.json
	cache: pnpm

	- name: Create Release
	id: create-release
	uses: actions/github-script@v7
	with:
	script: \|
	const { data: releases } = await github.rest.repos.listReleases({
	owner: context.repo.owner,
	repo: context.repo.repo
	})
	const release = releases.find(r => r.tag_name === `console-v${process.env.VERSION}`)
	if (release != null) return release.id
	const { data: { id } } = await github.rest.repos.createRelease({
	owner: context.repo.owner,
	repo: context.repo.repo,
	tag_name: `console-v${process.env.VERSION}`,
	name: `Synnax Console v${process.env.VERSION}`,
	draft: false,
	prerelease: false,
	})
	return id

	build:
	name: Build (${{ matrix.os }})
	needs: setup
	if: needs.setup.outputs.changed == 'true'
	env:
	SYNNAX_TS_ENV: prod
	GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
	APPLE_ID: ${{ secrets.APPLE_ID }}
	APPLE_ID_PASSWORD: ${{ secrets.APPLE_ID_PASSWORD }}
	APPLE_PASSWORD: ${{ secrets.APPLE_ID_PASSWORD }}
	APPLE_TEAM_ID: ${{ secrets.APPLE_TEAM_ID }}
	strategy:
	fail-fast: false
	matrix:
	os: [macos-latest, windows-latest]
	runs-on: ${{ matrix.os }}
	steps:
	- name: Import Apple Developer Certificate
	# Only notarize on MacOS and on push events, not on PRs. This prevents excessive
	# notarization requests and long CI times on PRs.
	if: matrix.os == 'macos-latest' && github.event_name == 'push'
	env:
	APPLE_CERTIFICATE: ${{ secrets.APPLE_CERTIFICATE }}
	APPLE_CERTIFICATE_PASSWORD: ${{ secrets.APPLE_CERTIFICATE_PASSWORD }}
	KEYCHAIN_PASSWORD: ${{ secrets.KEYCHAIN_PASSWORD }}
	run: \|
	echo $APPLE_CERTIFICATE \| base64 --decode > certificate.p12
	security create-keychain -p "$KEYCHAIN_PASSWORD" build.keychain
	security default-keychain -s build.keychain
	security unlock-keychain -p "$KEYCHAIN_PASSWORD" build.keychain
	security import certificate.p12 -k build.keychain -P "$APPLE_CERTIFICATE_PASSWORD" -T /usr/bin/codesign
	security set-key-partition-list -S apple-tool:,apple:,codesign: -s -k "$KEYCHAIN_PASSWORD" build.keychain
	security find-identity -v -p codesigning build.keychain

	- name: Verify Apple Developer Certificate
	# Same as above - only notarize on MacOS and on push events, not on PRs
	if: matrix.os == 'macos-latest' && github.event_name == 'push'
	run: \|
	CERT_INFO=$(security find-identity -v -p codesigning build.keychain \| grep "Developer ID Application")
	echo "Cert info"
	CERT_ID=$(echo "$CERT_INFO" \| awk -F'"' '{print $2}')
	echo "CERT_ID=$CERT_ID" >> $GITHUB_ENV
	echo "Certificate imported."

	- name: Checkout Repository
	uses: actions/checkout@v4

	- name: Set up pnpm
	uses: pnpm/action-setup@v4

	- name: Set up Node.js
	uses: actions/setup-node@v4
	with:
	node-version-file: package.json
	cache: pnpm

	- name: Adjust Auto Updater URL for Release Candidate
	if: github.event_name == 'push' && github.ref == 'refs/heads/rc'
	working-directory: console/src-tauri
	run: \|
	jq '.plugins.updater.endpoints = ["https://raw.githubusercontent.com/synnaxlabs/synnax/rc/console/release-spec.json"]' tauri.conf.json > temp.json
	rm tauri.conf.json
	mv temp.json tauri.conf.json

	- name: Install Rust Stable
	uses: actions-rs/toolchain@v1
	with:
	toolchain: stable

	- name: Rust Cache
	uses: Swatinem/rust-cache@v2
	with:
	workspaces: console/src-tauri -> target
	key: ${{ runner.os }}

	- name: Turbo Cache
	uses: actions/cache@v3
	with:
	path: .turbo-cache
	key: ${{ runner.os }}-turbo-${{ github.sha }}
	restore-keys: \|
	${{ runner.os }}-turbo-

	- name: Install Dependencies
	run: pnpm install

	- name: Build Console Vite
	if: needs.setup.outputs.changed == 'true'
	run: pnpm build:console-vite

	# We need to build the console separately WITHOUT turbo repo because of strange
	# incompatibility issues with rust builds.

	- name: Build
	if: needs.setup.outputs.changed == 'true'
	env:
	NODE_OPTIONS: "--max_old_space_size=4096"
	APPLE_CERTIFICATE: ${{ secrets.APPLE_CERTIFICATE }}
	APPLE_CERTIFICATE_PASSWORD: ${{ secrets.APPLE_CERTIFICATE_PASSWORD }}
	KEYCHAIN_PASSWORD: ${{ secrets.KEYCHAIN_PASSWORD }}
	APPLE_SIGNING_IDENTITY: ${{ env.CERT_ID }}
	working-directory: console
	run: pnpm build

	- name: Upload MacOS Release Asset
	if: github.event_name == 'push' && matrix.os == 'macos-latest'
	run: \|
	gh release upload --clobber console-v${{ needs.setup.outputs.VERSION }} ./console/src-tauri/target/release/bundle/macos/Synnax.app.tar.gz
	gh release upload --clobber console-v${{ needs.setup.outputs.VERSION }} ./console/src-tauri/target/release/bundle/macos/Synnax.app.tar.gz.sig
	gh release upload --clobber console-v${{ needs.setup.outputs.VERSION }} ./console/src-tauri/target/release/bundle/dmg/Synnax_${{ needs.setup.outputs.PURE_VERSION }}_aarch64.dmg

	- name: Upload Windows Release Asset
	if: github.event_name == 'push' && matrix.os == 'windows-latest'
	run: \|
	gh release upload --clobber console-v${{ needs.setup.outputs.VERSION }} ./console/src-tauri/target/release/bundle/msi/Synnax_${{ needs.setup.outputs.PURE_VERSION }}_x64_en-US.msi
	gh release upload --clobber console-v${{ needs.setup.outputs.VERSION }} ./console/src-tauri/target/release/bundle/msi/Synnax_${{ needs.setup.outputs.PURE_VERSION }}_x64_en-US.msi.sig
	gh release upload --clobber console-v${{ needs.setup.outputs.VERSION }} ./console/src-tauri/target/release/bundle/nsis/Synnax_${{ needs.setup.outputs.PURE_VERSION }}_x64-setup.exe
	gh release upload --clobber console-v${{ needs.setup.outputs.VERSION }} ./console/src-tauri/target/release/bundle/nsis/Synnax_${{ needs.setup.outputs.PURE_VERSION }}_x64-setup.exe.sig

	publish:
	name: Publish
	runs-on: ubuntu-latest
	if: needs.setup.outputs.changed == 'true' && needs.create-release.outputs.release_id != ''
	needs: [setup, create-release, build]
	env:
	VERSION: ${{ needs.setup.outputs.VERSION }}
	PURE_VERSION: ${{ needs.setup.outputs.PURE_VERSION }}
	RELEASE_ID: ${{ needs.create-release.outputs.release_id }}
	steps:
	- name: Checkout Repository
	uses: actions/checkout@v4
	with:
	ref: ${{ github.event.pull_request.head.ref }}

	- name: Publish
	uses: actions/github-script@v7
	with:
	script: \|
	github.rest.repos.updateRelease({
	owner: context.repo.owner,
	repo: context.repo.repo,
	release_id: process.env.RELEASE_ID,
	draft: false,
	prerelease: false,
	})

	- name: Set up pnpm
	uses: pnpm/action-setup@v4

	- name: Set up Node.js
	uses: actions/setup-node@v4
	with:
	node-version-file: package.json
	cache: pnpm

	- name: Add Auto Update JSON File
	uses: actions/github-script@v7
	env:
	release_id: ${{ needs.create-release.outputs.release_id }}
	with:
	script: \|
	const fs = await import("fs");

	const pureVersion = process.env.PURE_VERSION;
	const version = process.env.VERSION;
	const {
	repo: { repo, owner },
	} = context;

	const baseURL = `https://github.com/${owner}/${repo}/releases/download/console-v${version}/`;

	const darwinURL = baseURL + "Synnax.app.tar.gz";
	const darwinSig = await github.request(`GET ${darwinURL}.sig`);
	const windowsURL = baseURL + `Synnax_${pureVersion}_x64_en-US.msi`;
	const windowsSig = await github.request(`GET ${windowsURL}.sig`);
	const pub_date = new Date().toISOString().replace(/\.\d{3}Z$/, "Z");
	const ecd = new TextDecoder();

	const data = {
	version: `v${pureVersion}`,
	notes: "Synnax Update",
	pub_date,
	platforms: {
	"darwin-x86_64": {
	signature: ecd.decode(darwinSig.data),
	url: darwinURL,
	},
	"linux-x86_64": {
	signature: "not_supported_and_tauri_requires_an_entry",
	url: darwinURL,
	},
	"windows-x86_64": {
	signature: ecd.decode(windowsSig.data),
	url: windowsURL,
	},
	},
	};

	fs.writeFileSync("console/release-spec.json", JSON.stringify(data, null, 2));

	- name: Commit & Push Auto Update JSON File on RC
	if: github.ref == 'refs/heads/rc'
	uses: EndBug/add-and-commit@v9
	with:
	add: "*"
	default_author: github_actor
	message: Auto Update JSON File
	pull: --commit --no-edit
	push: origin rc --force

	- name: Commit & Push Auto Update JSON File on Main
	if: github.ref == 'refs/heads/main'
	uses: EndBug/add-and-commit@v9
	with:
	add: "*"
	default_author: github_actor
	message: Auto Update JSON File
	pull: --commit --no-edit
	push: origin main --force

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

SY-1375 Run CI on Windows and macOS #2040

Workflow file

SY-1375 Run CI on Windows and macOS #2040

Jobs

Run details

Workflow file for this run