Build

Update Mac build signing #75

Workflow file for this run

	name: Build

	on:
	push:
	branches: [ master ]
	tags:
	- 'v*'
	pull_request:
	branches: [ master ]
	workflow_dispatch:

	jobs:
	build:
	runs-on: ${{ matrix.os }}

	strategy:
	matrix:
	os: [ubuntu-latest-large, windows-latest, macos-latest]

	steps:
	- name: Checkout code
	uses: actions/checkout@v4

	- name: Setup Node.js
	uses: actions/setup-node@v4
	with:
	node-version: '18.x'
	cache: 'npm'

	- name: Install dependencies
	run: npm ci

	- name: Build React app
	env:
	CI: false
	run: npm run react-build

	- name: Import certificate to Keychain
	if: matrix.os == 'macos-latest'
	run: \|
	echo "${{ secrets.MACOS_CERTIFICATE }}" \| base64 --decode > certificate.p12
	KEYCHAIN_PASSWORD=$(uuidgen)
	security create-keychain -p "$KEYCHAIN_PASSWORD" build.keychain
	security default-keychain -s build.keychain
	security unlock-keychain -p "$KEYCHAIN_PASSWORD" build.keychain
	security import ./certificate.p12 -k ~/Library/Keychains/build.keychain -P ${{ secrets.MACOS_CERTIFICATE_PASSWORD }} -T /usr/bin/codesign
	security set-key-partition-list -S apple-tool:,apple: -s -k "$KEYCHAIN_PASSWORD" ~/Library/Keychains/build.keychain
	env:
	MACOS_CERTIFICATE_PASSWORD: ${{ secrets.MACOS_CERTIFICATE_PASSWORD }}

	- name: Setup notarization credentials and entitlements
	if: matrix.os == 'macos-latest'
	run: \|
	# Save API key to file
	echo "${{ secrets.GODOT_MACOS_NOTARIZATION_API_KEY }}" \| base64 --decode > ./notarization_api_key.p8

	# Verify API key file exists and has content
	if [ -s "./notarization_api_key.p8" ]; then
	echo "API key file created successfully"
	else
	echo "Error: API key file is empty or not created"
	exit 1
	fi

	# Create build directory and add entitlements file
	mkdir -p build
	cat > build/entitlements.mac.plist << 'EOL'
	<?xml version="1.0" encoding="UTF-8"?>
	<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
	<plist version="1.0">
	<dict>
	<key>com.apple.security.cs.allow-jit</key>
	<true/>
	<key>com.apple.security.cs.allow-unsigned-executable-memory</key>
	<true/>
	<key>com.apple.security.cs.allow-dyld-environment-variables</key>
	<true/>
	<key>com.apple.security.cs.disable-library-validation</key>
	<true/>
	<key>com.apple.security.inherit</key>
	<true/>
	<key>com.apple.security.automation.apple-events</key>
	<true/>
	</dict>
	</plist>
	EOL

	- name: Build Electron app (macOS)
	if: matrix.os == 'macos-latest'
	env:
	DEBUG: electron-builder
	GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
	APPLE_API_KEY_ID: ${{ secrets.GODOT_MACOS_NOTARIZATION_API_KEY_ID }}
	APPLE_API_KEY: ${{ secrets.GODOT_MACOS_NOTARIZATION_API_KEY }}
	APPLE_API_ISSUER: ${{ secrets.GODOT_MACOS_NOTARIZATION_API_UUID }}
	run: \|
	# Debug: Verify environment variables are set (without exposing values)
	if [ -n "$APPLE_API_KEY" ]; then echo "APPLE_API_KEY is set"; else echo "APPLE_API_KEY is NOT set"; fi
	if [ -n "$APPLE_API_KEY_ID" ]; then echo "APPLE_API_KEY_ID is set"; else echo "APPLE_API_KEY_ID is NOT set"; fi
	if [ -n "$APPLE_API_ISSUER" ]; then echo "APPLE_API_ISSUER is set"; else echo "APPLE_API_ISSUER is NOT set"; fi

	# Print electron-builder version for debugging
	npx electron-builder --version

	npm run electron-build

	- name: Build Electron app (Windows)
	if: matrix.os == 'windows-latest'
	env:
	DEBUG: electron-builder
	GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
	run: npm run electron-build

	- name: Build Electron app (Linux)
	if: matrix.os == 'ubuntu-latest-large'
	env:
	DEBUG: electron-builder
	GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
	run: \|
	# Show electron-builder version
	npx electron-builder --version

	# List contents before build
	ls -la

	# Run build with verbose logging
	npx electron-builder --linux AppImage --x64

	# Show build output directory
	echo "Build output directory contents:"
	ls -la dist/

	# Upload artifacts based on platform
	- name: Check Linux build output
	if: matrix.os == 'ubuntu-latest-large'
	run: \|
	echo "Checking build output..."
	if [ ! -d "dist" ]; then
	echo "Error: dist directory not found"
	exit 1
	fi
	find dist -type f -name "*.AppImage" \|\| echo "No AppImage files found in dist/"

	- name: Upload Linux artifacts
	if: matrix.os == 'ubuntu-latest-large'
	uses: actions/upload-artifact@v4
	with:
	name: linux-build
	path: \|
	dist/*.AppImage
	if-no-files-found: error

	- name: Upload Windows artifacts
	if: matrix.os == 'windows-latest'
	uses: actions/upload-artifact@v4
	with:
	name: windows-build
	path: \|
	dist/*.exe
	if-no-files-found: error

	- name: Upload macOS artifacts
	if: matrix.os == 'macos-latest'
	uses: actions/upload-artifact@v4
	with:
	name: macos-build
	path: \|
	dist/*.dmg
	if-no-files-found: error

	upload-to-releases:
	name: Upload to releases.drivechain.info
	runs-on: ubuntu-latest
	needs: [build]
	if: github.event_name == 'push' && github.repository_owner == 'LayerTwo-Labs'
	steps:
	- name: Download artifacts
	uses: actions/download-artifact@v4
	with:
	pattern: "*-build"
	path: artifacts

	- name: List downloaded files
	run: \|
	echo "Artifacts directory contents:"
	ls -la artifacts
	echo "Linux build directory contents:"
	ls -la artifacts/linux-build
	echo "Windows build directory contents:"
	ls -la artifacts/windows-build
	echo "macOS build directory contents:"
	ls -la artifacts/macos-build

	- name: Process artifacts
	run: \|
	# Process Linux artifact
	cd artifacts/linux-build
	mv *.AppImage ../../drivechain-launcher-latest-x86_64-linux.AppImage
	cd ../..

	# Process Windows artifact
	cd artifacts/windows-build
	echo "Windows build directory contents before processing:"
	ls -la

	# Find the exact exe file
	EXE_FILE=$(ls Drivechain-Launcher-Setup-*.exe 2>/dev/null \|\| echo "")
	if [ -z "$EXE_FILE" ]; then
	echo "Error: No Windows exe file found"
	exit 1
	fi
	echo "Found Windows exe file: $EXE_FILE"

	# Create zip file containing the exe
	zip ../../drivechain-launcher-latest-windows.zip "$EXE_FILE"
	cd ../..

	# Process macOS artifacts
	cd artifacts/macos-build
	echo "macOS build directory contents before processing:"
	ls -la

	# Process arm64 DMG
	ARM64_DMG=$(ls *-arm64.dmg 2>/dev/null \|\| echo "")
	if [ -z "$ARM64_DMG" ]; then
	echo "Error: No arm64 DMG file found"
	exit 1
	fi
	mv "$ARM64_DMG" ../../drivechain-launcher-latest-osx-arm64.dmg

	# Process x64 DMG
	X64_DMG=$(ls *-x64.dmg 2>/dev/null \|\| echo "")
	if [ -z "$X64_DMG" ]; then
	echo "Error: No x64 DMG file found"
	exit 1
	fi
	mv "$X64_DMG" ../../drivechain-launcher-latest-osx-x64.dmg
	cd ../..

	echo "Final files:"
	ls -la drivechain-launcher-*

	- name: Verify files exist
	run: \|
	if [ ! -f "drivechain-launcher-latest-x86_64-linux.AppImage" ]; then
	echo "Error: Linux AppImage file not found"
	exit 1
	fi
	if [ ! -f "drivechain-launcher-latest-windows.zip" ]; then
	echo "Error: Windows zip file not found"
	exit 1
	fi
	if [ ! -f "drivechain-launcher-latest-osx-arm64.dmg" ]; then
	echo "Error: macOS arm64 DMG file not found"
	exit 1
	fi
	if [ ! -f "drivechain-launcher-latest-osx-x64.dmg" ]; then
	echo "Error: macOS x64 DMG file not found"
	exit 1
	fi

	- name: Upload to releases.drivechain.info
	uses: cross-the-world/ssh-scp-ssh-pipelines@latest
	with:
	host: 45.33.96.47
	user: root
	pass: ${{ secrets.RELEASES_SERVER_PW }}
	port: 22
	scp: \|
	'drivechain-launcher-latest-x86_64-linux.AppImage' => '/var/www/html/'
	'drivechain-launcher-latest-windows.zip' => '/var/www/html/'
	'drivechain-launcher-latest-osx-arm64.dmg' => '/var/www/html/'
	'drivechain-launcher-latest-osx-x64.dmg' => '/var/www/html/'

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Update Mac build signing #75

Workflow file

Update Mac build signing #75

Jobs

Run details

Workflow file for this run