attempt to manually notarize #130
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Build | |
| on: | |
| push: | |
| branches: [ master ] | |
| tags: | |
| - 'v*' | |
| pull_request: | |
| branches: [ master ] | |
| workflow_dispatch: | |
| jobs: | |
| build: | |
| runs-on: ${{ matrix.os }} | |
| strategy: | |
| matrix: | |
| os: [ubuntu-latest-large, windows-latest, macos-latest] | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| - name: Setup Node.js | |
| uses: actions/setup-node@v4 | |
| with: | |
| node-version: '18.x' | |
| cache: 'npm' | |
| - name: Install dependencies | |
| run: npm ci | |
| - name: Build React app | |
| env: | |
| CI: false | |
| run: npm run react-build | |
| # --------------------------------- | |
| # macOS Build (Sign only, no auto-notarize) | |
| # --------------------------------- | |
| - name: Print environment for debugging | |
| if: matrix.os == 'macos-latest' | |
| run: printenv | sort | |
| - name: Build & Sign Electron app (macOS) | |
| if: matrix.os == 'macos-latest' | |
| env: | |
| # Provide ONLY the .p12 certificate for code signing. | |
| CSC_LINK: ${{ secrets.MACOS_CERTIFICATE }} | |
| CSC_KEY_PASSWORD: ${{ secrets.MACOS_CERTIFICATE_PASSWORD }} | |
| # Remove or omit the Apple API key vars from electron-builder, | |
| # so it doesn't attempt notarization internally. | |
| DEBUG: electron-builder | |
| GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| run: | | |
| # Remove any "notarize" block from package.json or set "notarize": false | |
| # to ensure electron-builder won't attempt notarization automatically. | |
| npm run electron-build | |
| - name: Submit app for notarization | |
| if: matrix.os == 'macos-latest' | |
| run: | | |
| # We'll assume your DMG name matches something like: | |
| # dist/Drivechain-Launcher-<version>-x64.dmg | |
| # If you produce multiple DMGs (x64, arm64), pick the correct one or do both. | |
| DMG_FILE=$(ls dist/*-x64.dmg | head -n 1) | |
| if [ -z "$DMG_FILE" ]; then | |
| echo "No x64 DMG found to notarize!" | |
| exit 1 | |
| fi | |
| echo "Submitting $DMG_FILE for notarization..." | |
| xcrun notarytool submit "$DMG_FILE" \ | |
| --key ${{ secrets.GODOT_MACOS_NOTARIZATION_API_KEY }} \ | |
| --key-id ${{ secrets.GODOT_MACOS_NOTARIZATION_API_KEY_ID }} \ | |
| --issuer ${{ secrets.GODOT_MACOS_NOTARIZATION_API_UUID }} \ | |
| --output notarize_output.json --wait --timeout 20m | |
| # This command automatically does the upload and waits up to 20 minutes. | |
| # If you prefer a two-step process, omit "--wait" here and do a separate "wait" step. | |
| - name: Staple notarization | |
| if: matrix.os == 'macos-latest' | |
| run: | | |
| DMG_FILE=$(ls dist/*-x64.dmg | head -n 1) | |
| if [ -z "$DMG_FILE" ]; then | |
| echo "No x64 DMG found to staple!" | |
| exit 1 | |
| fi | |
| echo "Stapling $DMG_FILE..." | |
| xcrun stapler staple "$DMG_FILE" | |
| # --------------------------------- | |
| # Windows Build | |
| # --------------------------------- | |
| - name: Build Electron app (Windows) | |
| if: matrix.os == 'windows-latest' | |
| env: | |
| DEBUG: electron-builder | |
| GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| run: npm run electron-build | |
| # --------------------------------- | |
| # Linux Build | |
| # --------------------------------- | |
| - name: Build Electron app (Linux) | |
| if: matrix.os == 'ubuntu-latest-large' | |
| env: | |
| DEBUG: electron-builder | |
| GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| run: | | |
| npx electron-builder --version | |
| ls -la | |
| npx electron-builder --linux AppImage --x64 | |
| echo "Build output directory contents:" | |
| ls -la dist/ | |
| # --------------------------------- | |
| # Upload Artifacts | |
| # --------------------------------- | |
| - name: Check Linux build output | |
| if: matrix.os == 'ubuntu-latest-large' | |
| run: | | |
| echo "Checking build output..." | |
| if [ ! -d "dist" ]; then | |
| echo "Error: dist directory not found" | |
| exit 1 | |
| fi | |
| find dist -type f -name "*.AppImage" || echo "No AppImage files found in dist/" | |
| - name: Upload Linux artifacts | |
| if: matrix.os == 'ubuntu-latest-large' | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: linux-build | |
| path: dist/*.AppImage | |
| if-no-files-found: error | |
| - name: Upload Windows artifacts | |
| if: matrix.os == 'windows-latest' | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: windows-build | |
| path: dist/*.exe | |
| if-no-files-found: error | |
| - name: Upload macOS artifacts | |
| if: matrix.os == 'macos-latest' | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: macos-build | |
| path: dist/*.dmg | |
| if-no-files-found: error | |
| # ------------------------------------- | |
| # Separate upload-to-releases job | |
| # ------------------------------------- | |
| upload-to-releases: | |
| name: Upload to releases.drivechain.info | |
| runs-on: ubuntu-latest | |
| needs: [build] | |
| if: github.event_name == 'push' && github.repository_owner == 'LayerTwo-Labs' | |
| steps: | |
| - name: Download artifacts | |
| uses: actions/download-artifact@v4 | |
| with: | |
| pattern: "*-build" | |
| path: artifacts | |
| - name: List downloaded files | |
| run: | | |
| echo "Artifacts directory contents:" | |
| ls -la artifacts | |
| echo "Linux build directory contents:" | |
| ls -la artifacts/linux-build | |
| echo "Windows build directory contents:" | |
| ls -la artifacts/windows-build | |
| echo "macOS build directory contents:" | |
| ls -la artifacts/macos-build | |
| - name: Process artifacts | |
| run: | | |
| # Linux | |
| cd artifacts/linux-build | |
| mv *.AppImage ../../drivechain-launcher-latest-x86_64-linux.AppImage | |
| cd ../.. | |
| # Windows | |
| cd artifacts/windows-build | |
| EXE_FILE=$(ls Drivechain-Launcher-Setup-*.exe 2>/dev/null || echo "") | |
| if [ -z "$EXE_FILE" ]; then | |
| echo "Error: No Windows exe file found" | |
| exit 1 | |
| fi | |
| zip ../../drivechain-launcher-latest-windows.zip "$EXE_FILE" | |
| cd ../.. | |
| # macOS | |
| cd artifacts/macos-build | |
| ARM64_DMG=$(ls *-arm64.dmg 2>/dev/null || echo "") | |
| if [ -z "$ARM64_DMG" ]; then | |
| echo "Error: No arm64 DMG file found" | |
| exit 1 | |
| fi | |
| mv "$ARM64_DMG" ../../drivechain-launcher-latest-osx-arm64.dmg | |
| X64_DMG=$(ls *-x64.dmg 2>/dev/null || echo "") | |
| if [ -z "$X64_DMG" ]; then | |
| echo "Error: No x64 DMG file found" | |
| exit 1 | |
| fi | |
| mv "$X64_DMG" ../../drivechain-launcher-latest-osx-x64.dmg | |
| cd ../.. | |
| echo "Final files:" | |
| ls -la drivechain-launcher-* | |
| - name: Verify files exist | |
| run: | | |
| if [ ! -f "drivechain-launcher-latest-x86_64-linux.AppImage" ]; then | |
| echo "Error: Linux AppImage file not found" | |
| exit 1 | |
| fi | |
| if [ ! -f "drivechain-launcher-latest-windows.zip" ]; then | |
| echo "Error: Windows zip file not found" | |
| exit 1 | |
| fi | |
| if [ ! -f "drivechain-launcher-latest-osx-arm64.dmg" ]; then | |
| echo "Error: macOS arm64 DMG file not found" | |
| exit 1 | |
| fi | |
| if [ ! -f "drivechain-launcher-latest-osx-x64.dmg" ]; then | |
| echo "Error: macOS x64 DMG file not found" | |
| exit 1 | |
| fi | |
| - name: Upload to releases.drivechain.info | |
| uses: cross-the-world/ssh-scp-ssh-pipelines@latest | |
| with: | |
| host: 45.33.96.47 | |
| user: root | |
| pass: ${{ secrets.RELEASES_SERVER_PW }} | |
| port: 22 | |
| scp: | | |
| 'drivechain-launcher-latest-x86_64-linux.AppImage' => '/var/www/html/' | |
| 'drivechain-launcher-latest-windows.zip' => '/var/www/html/' | |
| 'drivechain-launcher-latest-osx-arm64.dmg' => '/var/www/html/' | |
| 'drivechain-launcher-latest-osx-x64.dmg' => '/var/www/html/' |