# This workflow will do a clean install of node dependencies, build the source code and run tests across different versions of node # For more information see: https://help.github.com/actions/language-and-framework-guides/using-nodejs-with-github-actions # Note: This workflow requires some secrets setup, and set on this repo with the names: # 'FERDIUM_PUBLISH_TOKEN' (A GitHub Personal Access Token with appropriate permissions - for publishing the built artifacts) # 'APPLEID' (The username of your Apple developer account - for notarizing the mac artifacts) # 'APPLEID_PASSWORD' (An app-specific password - for notarizing the mac artifacts) # 'CSC_LINK' (The HTTPS link or local path to certificate - for code signing of mac artifacts) # 'CSC_KEY_PASSWORD' (The password to decrypt the certificate given in CSC_LINK - for code signing of mac artifacts) # 'WIN_CSC_LINK' (The HTTPS link or local path to certificate - for code signing of windows artifacts) # 'WIN_CSC_KEY_PASSWORD' (The password to decrypt the certificate given in CSC_LINK - for code signing of windows artifacts) name: Builds on: # Push to any tracked branches push: branches: [develop, release, nightly] # PRs only on develop branch pull_request: branches: [develop] # Manual trigger from the UI workflow_dispatch: inputs: message: description: 'Message for build' required: true schedule: - cron: '0 0 * * *' # every night at 12 am env: USE_HARD_LINKS: false # DEBUG: electron-builder jobs: check_updates: runs-on: ubuntu-22.04 name: 'Check latest commit: ${{ github.event.inputs.message }}' outputs: should_run: ${{ steps.should_run.outputs.should_run }} steps: - name: Checkout code along with submodules for the 'nightly' branch if the trigger event is 'scheduled' uses: actions/checkout@v4 if: ${{ github.event_name == 'schedule' || (github.event_name == 'workflow_dispatch' && contains(github.event.inputs.message, '[nightly branch]')) }} with: ref: nightly submodules: recursive fetch-depth: 0 # Note: Needed to be able to pull the 'develop' branch as well for merging - name: Install pnpm uses: pnpm/action-setup@v3 if: ${{ github.event_name == 'schedule' || (github.event_name == 'workflow_dispatch' && contains(github.event.inputs.message, '[nightly branch]')) }} - name: Use Node.js specified in the '.nvmrc' file uses: actions/setup-node@v4 if: ${{ github.event_name == 'schedule' || (github.event_name == 'workflow_dispatch' && contains(github.event.inputs.message, '[nightly branch]')) }} with: node-version-file: '.nvmrc' - name: Install node dependencies if: ${{ github.event_name == 'schedule' || (github.event_name == 'workflow_dispatch' && contains(github.event.inputs.message, '[nightly branch]')) }} uses: nick-fields/retry@v3 with: command: pnpm i timeout_minutes: 15 max_attempts: 3 retry_on: error - id: should_run name: Check whether there are any commits since this run was last triggered and push them and/or set the output if: ${{ github.event_name == 'schedule' || (github.event_name == 'workflow_dispatch' && contains(github.event.inputs.message, '[nightly branch]')) }} run: | git config user.name github-actions git config user.email github-actions@github.com # Defensive: update submodules in the develop branch git checkout develop git submodule update --init --recursive --remote --rebase --force git add . git commit -am "Update submodules [skip ci]" --no-verify || true git push origin develop --no-verify git checkout - git rebase develop CHANGES_COUNT=$(git log @{u}.. | wc -l) MANUAL_REBUILD="${{ github.event_name == 'workflow_dispatch' }}" VERSION_BUMP="${{ contains(github.event.inputs.message, '[version bump]') }}" # If there were any changes only in the submodules, then... if [ $CHANGES_COUNT -gt 0 ]; then git checkout develop echo "Update browserslist db" npx browserslist@latest --update-db git add . echo "Run linter, reformatter, rebrander and tests" pnpm prepare-code pnpm test echo "Commit dependency-updates and linter changes" git commit -am "Update browserslist data updates and linter fixes [skip ci]" --no-verify || true echo "Push all changes" git push origin develop --no-verify git checkout nightly fi if [ $CHANGES_COUNT -gt 0 ] || [[ $MANUAL_REBUILD == "true" && $VERSION_BUMP == "true" ]]; then # Do the version bump in the 'develop' branch ONLY if # there were other changes coming from the 'develop' branch (or) # this is a manual trigger with the key-phrase git checkout develop pnpm version -m "%s [skip ci]" prerelease --preid=nightly git commit --all --amend --no-edit --no-verify git push origin develop --no-verify git checkout nightly fi echo "Merge with fast-forward from 'origin/develop'" git merge --ff-only origin/develop --no-verify echo "Number of changes: $CHANGES_COUNT" if [ $CHANGES_COUNT -eq 0 ] && [ $MANUAL_REBUILD != "true" ]; then echo "No changes found - terminating the build" echo "should_run=false" >> $GITHUB_OUTPUT else # changes > 0 (or) MANUAL_REBUILD=true echo "Pushing rebased commits" git push origin $(git rev-parse --abbrev-ref HEAD) --no-verify fi build_mac: name: 'macos ${{ github.event.inputs.message }}' needs: check_updates if: ${{ (needs.check_updates.outputs.should_run != 'false') && (github.event_name != 'workflow_dispatch' || (github.event_name == 'workflow_dispatch' && (contains(github.event.inputs.message, '[macOS]') || (!contains(github.event.inputs.message, '[macOS]') && !contains(github.event.inputs.message, '[Linux]') && !contains(github.event.inputs.message, '[Windows]'))))) }} runs-on: macos-12 steps: - name: Set env vars run: | echo "NPM_CACHE=$HOME/.npm" >> $GITHUB_ENV echo "ELECTRON_CACHE=$HOME/.cache/electron" >> $GITHUB_ENV echo "ELECTRON_BUILDER_CACHE=$HOME/.cache/electron-builder" >> $GITHUB_ENV echo "MANUAL_REBUILD_ON_NIGHTLY=${{ github.event_name == 'workflow_dispatch' && contains(github.event.inputs.message, '[nightly branch]') }}" >> $GITHUB_ENV - name: Checkout code along with submodules for the 'nightly' branch if the trigger event is 'scheduled' or this is a forced rebuild on the nightly branch uses: actions/checkout@v4 if: ${{ github.event_name == 'schedule' || env.MANUAL_REBUILD_ON_NIGHTLY == 'true' }} with: submodules: recursive fetch-depth: 0 # Note: Needed to be able to pull the 'develop' branch as well for merging ref: nightly - name: Checkout code along with submodules for any branch if the trigger event is NOT 'scheduled' and this is NOT a forced rebuild on the nightly branch uses: actions/checkout@v4 if: ${{ github.event_name != 'schedule' && env.MANUAL_REBUILD_ON_NIGHTLY != 'true' }} with: submodules: recursive fetch-depth: 0 # Note: Needed to be able to pull the 'develop' branch as well for merging - name: Extract Git branch name from the currently checked out branch (not from the branch where this run was kicked off) run: echo "GIT_BRANCH_NAME=$(git rev-parse --abbrev-ref HEAD)" >> $GITHUB_ENV shell: bash - name: Cache electron modules uses: actions/cache@v4 env: cache-name: cache-electron-modules with: key: ${{ runner.os }}-${{ env.cache-name }}-${{ secrets.CACHE_VERSION }}-${{ hashFiles('./pnpm-lock.yaml') }} path: ${{ env.ELECTRON_CACHE }} - name: Cache electron-builder modules uses: actions/cache@v4 env: cache-name: cache-electron-builder-modules with: key: ${{ runner.os }}-${{ env.cache-name }}-${{ secrets.CACHE_VERSION }}-${{ hashFiles('./pnpm-lock.yaml') }} path: ${{ env.ELECTRON_BUILDER_CACHE }} - name: Install pnpm uses: pnpm/action-setup@v3 - name: Use Node.js specified in the '.nvmrc' file uses: actions/setup-node@v4 with: node-version-file: '.nvmrc' - name: Install node dependencies uses: nick-fields/retry@v3 with: command: pnpm i timeout_minutes: 15 max_attempts: 3 retry_on: error - name: Package recipes run: pnpm i && pnpm lint && pnpm reformat-files && pnpm package working-directory: ./recipes - name: Run linter and tests run: pnpm lint && pnpm test - name: Build Ferdium without publish for any branch not 'nightly' and not 'release' if: ${{ env.GIT_BRANCH_NAME != 'nightly' && env.GIT_BRANCH_NAME != 'release' }} env: CSC_IDENTITY_AUTO_DISCOVERY: false run: pnpm build --publish never shell: bash - name: "Build Ferdium with publish for '${{ env.GIT_BRANCH_NAME }}' branch" if: ${{ env.GIT_BRANCH_NAME == 'nightly' || env.GIT_BRANCH_NAME == 'release' }} env: GH_TOKEN: ${{ secrets.FERDIUM_PUBLISH_TOKEN }} CSC_IDENTITY_AUTO_DISCOVERY: true APPLEID: ${{ secrets.APPLEID }} APPLEID_PASSWORD: ${{ secrets.APPLEID_PASSWORD }} CSC_LINK: ${{ secrets.CSC_LINK }} CSC_KEY_PASSWORD: ${{ secrets.CSC_KEY_PASSWORD }} run: pnpm build --publish always shell: bash build_linux: name: 'ubuntu ${{ github.event.inputs.message }}' needs: check_updates if: ${{ (needs.check_updates.outputs.should_run != 'false') && (github.event_name != 'workflow_dispatch' || (github.event_name == 'workflow_dispatch' && (contains(github.event.inputs.message, '[Linux]') || (!contains(github.event.inputs.message, '[macOS]') && !contains(github.event.inputs.message, '[Linux]') && !contains(github.event.inputs.message, '[Windows]'))))) }} runs-on: ubuntu-22.04 steps: - name: Set env vars run: | echo "NPM_CACHE=$HOME/.npm" >> $GITHUB_ENV echo "ELECTRON_CACHE=$HOME/.cache/electron" >> $GITHUB_ENV echo "ELECTRON_BUILDER_CACHE=$HOME/.cache/electron-builder" >> $GITHUB_ENV echo "MANUAL_REBUILD_ON_NIGHTLY=${{ github.event_name == 'workflow_dispatch' && contains(github.event.inputs.message, '[nightly branch]') }}" >> $GITHUB_ENV - name: Checkout code along with submodules for the 'nightly' branch if the trigger event is 'scheduled' or this is a forced rebuild on the nightly branch uses: actions/checkout@v4 if: ${{ github.event_name == 'schedule' || env.MANUAL_REBUILD_ON_NIGHTLY == 'true' }} with: submodules: recursive fetch-depth: 0 # Note: Needed to be able to pull the 'develop' branch as well for merging ref: nightly - name: Checkout code along with submodules for any branch if the trigger event is NOT 'scheduled' and this is NOT a forced rebuild on the nightly branch uses: actions/checkout@v4 if: ${{ github.event_name != 'schedule' && env.MANUAL_REBUILD_ON_NIGHTLY != 'true' }} with: submodules: recursive fetch-depth: 0 # Note: Needed to be able to pull the 'develop' branch as well for merging - name: Extract Git branch name from the currently checked out branch (not from the branch where this run was kicked off) run: echo "GIT_BRANCH_NAME=$(git rev-parse --abbrev-ref HEAD)" >> $GITHUB_ENV shell: bash - name: Cache electron modules uses: actions/cache@v4 env: cache-name: cache-electron-modules with: key: ${{ runner.os }}-${{ env.cache-name }}-${{ secrets.CACHE_VERSION }}-${{ hashFiles('./pnpm-lock.yaml') }} path: ${{ env.ELECTRON_CACHE }} - name: Cache electron-builder modules uses: actions/cache@v4 env: cache-name: cache-electron-builder-modules with: key: ${{ runner.os }}-${{ env.cache-name }}-${{ secrets.CACHE_VERSION }}-${{ hashFiles('./pnpm-lock.yaml') }} path: ${{ env.ELECTRON_BUILDER_CACHE }} - name: Install pnpm uses: pnpm/action-setup@v3 - name: Use Node.js specified in the '.nvmrc' file uses: actions/setup-node@v4 with: node-version-file: '.nvmrc' - name: Install node dependencies uses: nick-fields/retry@v3 with: command: pnpm i timeout_minutes: 15 max_attempts: 3 retry_on: error - name: Figure out used package.json version run: | PACKAGE_VERSION="$(node -p 'require("./package.json").version')" echo "PACKAGE_VERSION=$PACKAGE_VERSION" >> $GITHUB_ENV if [[ "$GIT_BRANCH_NAME" == "nightly" ]]; then echo "SNAP_PUBLISH_REPO=nightlies" >> $GITHUB_ENV echo "SNAP_PUBLISH_CHANNEL=edge" >> $GITHUB_ENV elif [[ "$GIT_BRANCH_NAME" == "release" ]]; then echo "SNAP_PUBLISH_REPO=ferdium" >> $GITHUB_ENV if [[ "$PACKAGE_VERSION" =~ "beta" ]]; then echo "SNAP_PUBLISH_CHANNEL=beta" >> $GITHUB_ENV else echo "SNAP_PUBLISH_CHANNEL=stable" >> $GITHUB_ENV fi else echo "SNAP_PUBLISH_REPO=none" >> $GITHUB_ENV echo "SNAP_PUBLISH_CHANNEL=none" >> $GITHUB_ENV fi shell: bash - name: Package recipes run: pnpm i && pnpm lint && pnpm reformat-files && pnpm package working-directory: ./recipes - name: Run linter and tests run: pnpm lint && pnpm test - name: Build Ferdium without publish for any branch not 'nightly' and not 'release' if: ${{ env.GIT_BRANCH_NAME != 'nightly' && env.GIT_BRANCH_NAME != 'release' }} env: CSC_IDENTITY_AUTO_DISCOVERY: false run: pnpm build --publish never shell: bash - name: "Build Ferdium with publish for '${{ env.GIT_BRANCH_NAME }}' branch" if: ${{ env.GIT_BRANCH_NAME == 'nightly' || env.GIT_BRANCH_NAME == 'release' }} env: GH_TOKEN: ${{ secrets.FERDIUM_PUBLISH_TOKEN }} CSC_IDENTITY_AUTO_DISCOVERY: false SNAPCRAFT_STORE_CREDENTIALS: ${{ secrets.SNAPCRAFT_LOGIN }} # Note: Login no longer required https://forum.snapcraft.io/t/snapcraft-authentication-options/30473/21 run: | sudo snap install snapcraft --channel=7.x/stable --classic pnpm build --publish always -c.snap.publish.repo=$SNAP_PUBLISH_REPO -c.snap.publish.channels=$SNAP_PUBLISH_CHANNEL snapcraft logout shell: bash build_windows: name: 'windows ${{ github.event.inputs.message }}' needs: check_updates if: ${{ (needs.check_updates.outputs.should_run != 'false') && (github.event_name != 'workflow_dispatch' || (github.event_name == 'workflow_dispatch' && (contains(github.event.inputs.message, '[Windows]') || (!contains(github.event.inputs.message, '[macOS]') && !contains(github.event.inputs.message, '[Linux]') && !contains(github.event.inputs.message, '[Windows]'))))) }} runs-on: windows-2022 steps: - name: Set env vars run: | echo "HOME=$USERPROFILE" >> $GITHUB_ENV echo "NPM_CACHE=$USERPROFILE/.npm" >> $GITHUB_ENV echo "ELECTRON_CACHE=$USERPROFILE/.cache/electron" >> $GITHUB_ENV echo "ELECTRON_BUILDER_CACHE=$USERPROFILE/.cache/electron-builder" >> $GITHUB_ENV echo "MANUAL_REBUILD_ON_NIGHTLY=${{ github.event_name == 'workflow_dispatch' && contains(github.event.inputs.message, '[nightly branch]') }}" >> $GITHUB_ENV shell: bash - name: Checkout code along with submodules for the 'nightly' branch if the trigger event is 'scheduled' or this is a forced rebuild on the nightly branch uses: actions/checkout@v4 if: ${{ github.event_name == 'schedule' || env.MANUAL_REBUILD_ON_NIGHTLY == 'true' }} with: submodules: recursive fetch-depth: 0 # Note: Needed to be able to pull the 'develop' branch as well for merging ref: nightly - name: Checkout code along with submodules for any branch if the trigger event is NOT 'scheduled' and this is NOT a forced rebuild on the nightly branch uses: actions/checkout@v4 if: ${{ github.event_name != 'schedule' && env.MANUAL_REBUILD_ON_NIGHTLY != 'true' }} with: submodules: recursive fetch-depth: 0 # Note: Needed to be able to pull the 'develop' branch as well for merging - name: Extract Git branch name from the currently checked out branch (not from the branch where this run was kicked off) run: echo "GIT_BRANCH_NAME=$(git rev-parse --abbrev-ref HEAD)" >> $GITHUB_ENV shell: bash - name: Cache electron modules uses: actions/cache@v4 env: cache-name: cache-electron-modules with: key: ${{ runner.os }}-${{ env.cache-name }}-${{ secrets.CACHE_VERSION }}-${{ hashFiles('./pnpm-lock.yaml') }} path: ${{ env.ELECTRON_CACHE }} - name: Cache electron-builder modules uses: actions/cache@v4 env: cache-name: cache-electron-builder-modules with: key: ${{ runner.os }}-${{ env.cache-name }}-${{ secrets.CACHE_VERSION }}-${{ hashFiles('./pnpm-lock.yaml') }} path: ${{ env.ELECTRON_BUILDER_CACHE }} - name: Install pnpm uses: pnpm/action-setup@v3 - name: Use Node.js specified in the '.nvmrc' file uses: actions/setup-node@v4 with: node-version-file: '.nvmrc' #TODO - Remove this once https://github.com/electron-userland/electron-builder/issues/6933#issuecomment-1213438889 is resolved - name: Tweak pnpm.cjs run: | # Run the command to get the pnpm store path and store it in a variable PNPM_BASEDIR=$(dirname "$(echo "$PNPM_HOME" | sed -e 's/\\/\//g' -e 's/^\([A-Za-z]\):/\/\1/')") sed -i 's/\/usr\/bin\/env node/node/g' "$PNPM_BASEDIR/pnpm/bin/pnpm.cjs" shell: bash - name: Install node dependencies uses: nick-fields/retry@v3 with: command: pnpm i timeout_minutes: 15 max_attempts: 3 retry_on: error - name: Package recipes run: pnpm i && pnpm lint && pnpm reformat-files && pnpm package working-directory: ./recipes shell: bash - name: Run linter and tests run: pnpm lint && pnpm test shell: bash - name: Build Ferdium without publish for any branch not 'nightly' and not 'release' if: ${{ env.GIT_BRANCH_NAME != 'nightly' && env.GIT_BRANCH_NAME != 'release' }} env: CSC_IDENTITY_AUTO_DISCOVERY: false run: pnpm build --publish never shell: bash - name: "Build Ferdium with publish for '${{ env.GIT_BRANCH_NAME }}' branch" if: ${{ env.GIT_BRANCH_NAME == 'nightly' || env.GIT_BRANCH_NAME == 'release' }} env: GH_TOKEN: ${{ secrets.FERDIUM_PUBLISH_TOKEN }} CSC_IDENTITY_AUTO_DISCOVERY: false run: pnpm build --publish always shell: bash