Publish @notesnook/desktop #240
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Publish @notesnook/desktop | |
| on: | |
| workflow_dispatch: | |
| inputs: | |
| publish-apple: | |
| type: boolean | |
| required: true | |
| default: true | |
| description: "Publish on Mac App Store?" | |
| publish-snap: | |
| type: boolean | |
| required: true | |
| default: true | |
| description: "Publish on Snapcraft?" | |
| publish-github: | |
| type: boolean | |
| required: true | |
| default: true | |
| description: "Publish on GitHub releases?" | |
| build-windows: | |
| type: boolean | |
| required: true | |
| default: true | |
| description: "Build for Windows?" | |
| build-linux: | |
| type: boolean | |
| required: true | |
| default: true | |
| description: "Build for Linux?" | |
| build-mac: | |
| type: boolean | |
| required: true | |
| default: true | |
| description: "Build for macOS?" | |
| jobs: | |
| build: | |
| name: Build | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v3 | |
| - name: Setup Node | |
| uses: ./.github/actions/setup-node-with-cache | |
| - name: Install packages | |
| run: | | |
| npm ci --ignore-scripts --prefer-offline --no-audit | |
| npm run bootstrap -- --scope=web | |
| - name: Setup environment | |
| run: | | |
| echo "NX_CLOUD_ACCESS_TOKEN=${{ secrets.NX_CLOUD_ACCESS_TOKEN }}" >> $GITHUB_ENV | |
| - name: Generate desktop build | |
| run: npx nx build:desktop @notesnook/web | |
| - name: Archive build artifact | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: build | |
| path: apps/web/build/**/* | |
| - name: Collect app metadata | |
| id: app_metadata | |
| working-directory: ./apps/desktop | |
| run: | | |
| echo ::set-output name=app_version::$(cat package.json | jq -r .version) | |
| - name: Package desktop build | |
| run: | | |
| zip -r ./notesnook_build_v${{ steps.app_metadata.outputs.app_version }}.zip ./apps/web/build/ | |
| echo "Build folder archived to ./notesnook_build_v${{ steps.app_metadata.outputs.app_version }}.zip" | |
| - name: Upload desktop build | |
| uses: softprops/action-gh-release@v1 | |
| if: inputs.publish-github | |
| with: | |
| draft: true | |
| name: Notesnook Desktop v${{ steps.app_metadata.outputs.app_version }} | |
| tag_name: v${{ steps.app_metadata.outputs.app_version }} | |
| files: ./notesnook_build_v${{ steps.app_metadata.outputs.app_version }}.zip | |
| prerelease: ${{ endsWith(steps.app_metadata.outputs.app_version, '-beta') }} | |
| build-macos: | |
| name: Build for macOS | |
| needs: build | |
| if: inputs.build-mac | |
| runs-on: macos-14 | |
| steps: | |
| - name: Check out Git repository | |
| uses: actions/checkout@v3 | |
| - name: Setup Node | |
| uses: ./.github/actions/setup-node-with-cache | |
| - name: Install setuptools | |
| run: brew install python-setuptools | |
| - name: Setup notarization | |
| run: | | |
| mkdir -p ~/private_keys/ | |
| echo '${{ secrets.api_key }}' > ~/private_keys/AuthKey_${{ secrets.api_key_id }}.p8 | |
| - name: Collect app metadata | |
| id: app_metadata | |
| working-directory: ./apps/desktop | |
| run: | | |
| echo ::set-output name=apple_app_id::$(cat package.json | jq -r .appAppleId) | |
| echo ::set-output name=app_bundle_id::$(cat package.json | jq -r .build.appId) | |
| echo ::set-output name=app_version::$(cat package.json | jq -r .version) | |
| echo ::set-output name=bundle_version::$(cat package.json | jq -r .build.mac.bundleVersion) | |
| - name: Get App Store Version | |
| id: appstore | |
| uses: streetwriters/appstore-connect-app-version@develop | |
| if: inputs.publish-apple | |
| with: | |
| app-id: ${{ steps.app_metadata.outputs.apple_app_id }} | |
| key-id: ${{ secrets.api_key_id }} | |
| issuer-id: ${{ secrets.api_key_issuer_id }} | |
| private-key-raw: ${{ secrets.api_key }} | |
| platform: "MAC_OS" | |
| - name: Download build | |
| uses: actions/download-artifact@v4 | |
| with: | |
| name: build | |
| path: ./apps/web/build | |
| - name: Install packages | |
| run: | | |
| npm ci --ignore-scripts --prefer-offline --no-audit | |
| npm run bootstrap -- --scope=desktop | |
| - name: Install provisioning profile | |
| run: echo "${{ secrets.MAC_PROVISIONING_PROFILE }}" | base64 --decode > embedded.provisionprofile | |
| working-directory: ./apps/desktop | |
| - name: Build app for Mac App Store | |
| if: inputs.publish-apple && steps.appstore.outputs.app-version-latest != steps.app_metadata.outputs.app_version | |
| env: | |
| CSC_LINK: ${{ secrets.mac_certs }} | |
| CSC_KEY_PASSWORD: ${{ secrets.mac_certs_password }} | |
| run: | | |
| npx nx run release --project @notesnook/desktop -- --variant=mas | |
| yarn electron-builder --mac mas --universal -p never | |
| working-directory: ./apps/desktop | |
| - name: Build zip and dmg | |
| env: | |
| GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| CSC_LINK: ${{ secrets.mac_certs }} | |
| CSC_KEY_PASSWORD: ${{ secrets.mac_certs_password }} | |
| APPLE_API_KEY: ~/private_keys/AuthKey_${{ secrets.api_key_id }}.p8 | |
| APPLE_API_KEY_ID: ${{ secrets.api_key_id }} | |
| APPLE_API_ISSUER: ${{ secrets.api_key_issuer_id }} | |
| run: | | |
| npx nx run release --project @notesnook/desktop | |
| if [ ${{ inputs.publish-github }} == true ]; then | |
| yarn electron-builder --mac zip dmg --arm64 --x64 -p always | |
| else | |
| yarn electron-builder --mac zip dmg --arm64 --x64 -p never | |
| fi | |
| working-directory: ./apps/desktop | |
| - name: Deploy to Testflight | |
| if: inputs.publish-apple && steps.appstore.outputs.app-version-latest != steps.app_metadata.outputs.app_version | |
| env: | |
| API_KEY_ID: ${{ secrets.api_key_id }} | |
| API_KEY_ISSUER_ID: ${{ secrets.api_key_issuer_id }} | |
| run: | | |
| package=$(find ./output/mas-universal/notesnook*.pkg) | |
| echo "Uploading ${package} using altool..." | |
| xcrun altool --upload-package $package -t osx --apiKey $API_KEY_ID --apiIssuer $API_KEY_ISSUER_ID --apple-id ${{ steps.app_metadata.outputs.apple_app_id }} --bundle-id ${{ steps.app_metadata.outputs.app_bundle_id }} --bundle-short-version-string ${{ steps.app_metadata.outputs.app_version }} --bundle-version ${{ steps.app_metadata.outputs.bundle_version }} | |
| working-directory: ./apps/desktop | |
| build-linux: | |
| name: Build for Linux | |
| needs: build | |
| if: inputs.build-linux | |
| runs-on: ubuntu-22.04 | |
| steps: | |
| - name: Check out Git repository | |
| uses: actions/checkout@v3 | |
| - name: Setup Node | |
| uses: ./.github/actions/setup-node-with-cache | |
| - name: Setup Snapcraft Auth | |
| if: inputs.publish-snap | |
| run: echo "SNAPCRAFT_STORE_CREDENTIALS=${{ secrets.snapcraft_token }}" >> $GITHUB_ENV | |
| - name: Install Snapcraft | |
| uses: samuelmeuli/action-snapcraft@v1 | |
| if: inputs.publish-snap | |
| - name: Download build | |
| uses: actions/download-artifact@v4 | |
| with: | |
| name: build | |
| path: ./apps/web/build | |
| - name: Install packages | |
| run: | | |
| npm ci --ignore-scripts --prefer-offline --no-audit | |
| npm run bootstrap -- --scope=desktop | |
| - name: Build Electron wrapper | |
| run: npx nx run release --project @notesnook/desktop | |
| working-directory: ./apps/desktop | |
| - name: Build snap | |
| if: inputs.publish-snap | |
| run: | | |
| yarn electron-builder --linux snap:x64 -p never | |
| working-directory: ./apps/desktop | |
| - name: Build AppImage | |
| env: | |
| GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| run: | | |
| if [ ${{ inputs.publish-github }} == true ]; then | |
| yarn electron-builder --linux AppImage:x64 AppImage:arm64 -p always | |
| else | |
| yarn electron-builder --linux AppImage:x64 AppImage:arm64 -p never | |
| fi | |
| working-directory: ./apps/desktop | |
| - name: Publish on Snapcraft | |
| if: inputs.publish-snap | |
| run: | | |
| snapcraft upload --release=stable ./output/notesnook_linux_amd64.snap | |
| working-directory: ./apps/desktop | |
| build-windows: | |
| name: Build for Windows | |
| needs: build | |
| if: inputs.build-windows | |
| runs-on: windows-latest | |
| steps: | |
| - name: Check out Git repository | |
| uses: actions/checkout@v3 | |
| - name: Setup .NET Core SDK | |
| uses: actions/setup-dotnet@v2 | |
| with: | |
| dotnet-version: 6.0.x | |
| - name: Install TrustedSigning | |
| run: Install-Module -Name TrustedSigning -RequiredVersion 0.3.15 -Force -Repository PSGallery | |
| shell: pwsh | |
| - name: Setup Node | |
| uses: ./.github/actions/setup-node-with-cache | |
| - name: Download build | |
| uses: actions/download-artifact@v4 | |
| with: | |
| name: build | |
| path: ./apps/web/build | |
| - name: Install packages | |
| run: | | |
| npm ci --ignore-scripts --prefer-offline --no-audit | |
| npm run bootstrap -- --scope=desktop | |
| - name: Build | |
| run: npx nx run release --project @notesnook/desktop | |
| - name: Publish | |
| env: | |
| GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| AZURE_TENANT_ID: ${{ secrets.AZURE_TENANT_ID }} | |
| AZURE_CLIENT_ID: ${{ secrets.AZURE_CLIENT_ID }} | |
| AZURE_CLIENT_SECRET: ${{ secrets.AZURE_CLIENT_SECRET }} | |
| run: | | |
| if ($${{ inputs.publish-github }} -eq $true) { | |
| yarn electron-builder --win --publish always | |
| } else { | |
| yarn electron-builder --win --publish never | |
| } | |
| working-directory: ./apps/desktop |