Tools/Notes
1
0
Fork 0
mirror of https://github.com/TriliumNext/Notes.git synced 2025-07-27 18:12:29 +08:00
Code Issues Packages Projects Releases Wiki Activity

fix(monorepo/electron): artifact searching

Browse Source
This commit is contained in:
Elian Doran 2025-04-19 10:35:07 +03:00
parent ba04fd31f3
commit 8a8c8e17f1
No known key found for this signature in database
2 changed files with 132 additions and 132 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

262
.github/actions/build-electron/action.yml vendored
View File

@ -18,152 +18,152 @@ inputs:
runs: runs:
using: composite using: composite
steps: steps:
# Certificate setup # Certificate setup
- name: Import Apple certificates - name: Import Apple certificates
if: inputs.os == 'macos' if: inputs.os == 'macos'
uses: apple-actions/import-codesign-certs@v5 uses: apple-actions/import-codesign-certs@v5
with: with:
p12-file-base64: ${{ env.APPLE_APP_CERTIFICATE_BASE64 }} p12-file-base64: ${{ env.APPLE_APP_CERTIFICATE_BASE64 }}
p12-password: ${{ env.APPLE_APP_CERTIFICATE_PASSWORD }} p12-password: ${{ env.APPLE_APP_CERTIFICATE_PASSWORD }}
keychain: build-app-${{ github.run_id }} keychain: build-app-${{ github.run_id }}
keychain-password: ${{ github.run_id }} keychain-password: ${{ github.run_id }}
- name: Install Installer certificate - name: Install Installer certificate
if: inputs.os == 'macos' if: inputs.os == 'macos'
uses: apple-actions/import-codesign-certs@v5 uses: apple-actions/import-codesign-certs@v5
with: with:
p12-file-base64: ${{ env.APPLE_INSTALLER_CERTIFICATE_BASE64 }} p12-file-base64: ${{ env.APPLE_INSTALLER_CERTIFICATE_BASE64 }}
p12-password: ${{ env.APPLE_INSTALLER_CERTIFICATE_PASSWORD }} p12-password: ${{ env.APPLE_INSTALLER_CERTIFICATE_PASSWORD }}
keychain: build-installer-${{ github.run_id }} keychain: build-installer-${{ github.run_id }}
keychain-password: ${{ github.run_id }} keychain-password: ${{ github.run_id }}
- name: Verify certificates - name: Verify certificates
if: inputs.os == 'macos' if: inputs.os == 'macos'
shell: ${{ inputs.shell }} shell: ${{ inputs.shell }}
run: | run: |
echo "Available signing identities in app keychain:" echo "Available signing identities in app keychain:"
security find-identity -v -p codesigning build-app-${{ github.run_id }}.keychain security find-identity -v -p codesigning build-app-${{ github.run_id }}.keychain
echo "Available signing identities in installer keychain:" echo "Available signing identities in installer keychain:"
security find-identity -v -p codesigning build-installer-${{ github.run_id }}.keychain security find-identity -v -p codesigning build-installer-${{ github.run_id }}.keychain
# Make the keychains searchable # Make the keychains searchable
security list-keychains -d user -s build-app-${{ github.run_id }}.keychain build-installer-${{ github.run_id }}.keychain $(security list-keychains -d user | tr -d '"') security list-keychains -d user -s build-app-${{ github.run_id }}.keychain build-installer-${{ github.run_id }}.keychain $(security list-keychains -d user | tr -d '"')
security default-keychain -s build-app-${{ github.run_id }}.keychain security default-keychain -s build-app-${{ github.run_id }}.keychain
security unlock-keychain -p ${{ github.run_id }} build-app-${{ github.run_id }}.keychain security unlock-keychain -p ${{ github.run_id }} build-app-${{ github.run_id }}.keychain
security unlock-keychain -p ${{ github.run_id }} build-installer-${{ github.run_id }}.keychain security unlock-keychain -p ${{ github.run_id }} build-installer-${{ github.run_id }}.keychain
security set-keychain-settings -t 3600 -l build-app-${{ github.run_id }}.keychain security set-keychain-settings -t 3600 -l build-app-${{ github.run_id }}.keychain
security set-keychain-settings -t 3600 -l build-installer-${{ github.run_id }}.keychain security set-keychain-settings -t 3600 -l build-installer-${{ github.run_id }}.keychain
- name: Set up Python and other macOS dependencies - name: Set up Python and other macOS dependencies
if: ${{ inputs.os == 'macos' }} if: ${{ inputs.os == 'macos' }}
shell: ${{ inputs.shell }} shell: ${{ inputs.shell }}
run: | run: |
brew install python-setuptools brew install python-setuptools
brew install create-dmg brew install create-dmg
- name: Install dependencies for RPM and Flatpak package building - name: Install dependencies for RPM and Flatpak package building
if: ${{ inputs.os == 'linux' }} if: ${{ inputs.os == 'linux' }}
shell: ${{ inputs.shell }} shell: ${{ inputs.shell }}
run: | run: |
sudo apt-get update && sudo apt-get install rpm flatpak-builder elfutils sudo apt-get update && sudo apt-get install rpm flatpak-builder elfutils
flatpak remote-add --user --if-not-exists flathub https://flathub.org/repo/flathub.flatpakrepo flatpak remote-add --user --if-not-exists flathub https://flathub.org/repo/flathub.flatpakrepo
FLATPAK_ARCH=$(if [[ ${{ inputs.arch }} = 'arm64' ]]; then echo 'aarch64'; else echo 'x86_64'; fi) FLATPAK_ARCH=$(if [[ ${{ inputs.arch }} = 'arm64' ]]; then echo 'aarch64'; else echo 'x86_64'; fi)
FLATPAK_VERSION='24.08' FLATPAK_VERSION='24.08'
flatpak install --user --no-deps --arch $FLATPAK_ARCH --assumeyes runtime/org.freedesktop.Platform/$FLATPAK_ARCH/$FLATPAK_VERSION runtime/org.freedesktop.Sdk/$FLATPAK_ARCH/$FLATPAK_VERSION org.electronjs.Electron2.BaseApp/$FLATPAK_ARCH/$FLATPAK_VERSION flatpak install --user --no-deps --arch $FLATPAK_ARCH --assumeyes runtime/org.freedesktop.Platform/$FLATPAK_ARCH/$FLATPAK_VERSION runtime/org.freedesktop.Sdk/$FLATPAK_ARCH/$FLATPAK_VERSION org.electronjs.Electron2.BaseApp/$FLATPAK_ARCH/$FLATPAK_VERSION
# Build setup # Build setup
- name: Install dependencies - name: Install dependencies
shell: ${{ inputs.shell }} shell: ${{ inputs.shell }}
run: npm ci run: npm ci
- name: Update build info - name: Update build info
shell: ${{ inputs.shell }} shell: ${{ inputs.shell }}
run: npm run chore:update-build-info run: npm run chore:update-build-info
# Critical debugging configuration # Critical debugging configuration
- name: Run electron-forge build with enhanced logging - name: Run electron-forge build with enhanced logging
shell: ${{ inputs.shell }} shell: ${{ inputs.shell }}
env: env:
# Pass through required environment variables for signing and notarization # Pass through required environment variables for signing and notarization
APPLE_TEAM_ID: ${{ env.APPLE_TEAM_ID }} APPLE_TEAM_ID: ${{ env.APPLE_TEAM_ID }}
APPLE_ID: ${{ env.APPLE_ID }} APPLE_ID: ${{ env.APPLE_ID }}
APPLE_ID_PASSWORD: ${{ env.APPLE_ID_PASSWORD }} APPLE_ID_PASSWORD: ${{ env.APPLE_ID_PASSWORD }}
WINDOWS_SIGN_EXECUTABLE: ${{ env.WINDOWS_SIGN_EXECUTABLE }} WINDOWS_SIGN_EXECUTABLE: ${{ env.WINDOWS_SIGN_EXECUTABLE }}
TRILIUM_ARTIFACT_NAME_HINT: TriliumNextNotes-${{ github.ref_name }}-${{ inputs.os }}-${{ inputs.arch }} TRILIUM_ARTIFACT_NAME_HINT: TriliumNextNotes-${{ github.ref_name }}-${{ inputs.os }}-${{ inputs.arch }}
run: npm run electron-forge:make -- --arch=${{ inputs.arch }} --platform=${{ inputs.forge_platform }} run: npm run electron-forge:make -- --arch=${{ inputs.arch }} --platform=${{ inputs.forge_platform }}
# Add DMG signing step # Add DMG signing step
- name: Sign DMG - name: Sign DMG
if: inputs.os == 'macos' if: inputs.os == 'macos'
shell: ${{ inputs.shell }} shell: ${{ inputs.shell }}
run: | run: |
echo "Signing DMG file..." echo "Signing DMG file..."
dmg_file=$(find ./dist -name "*.dmg" -print -quit) dmg_file=$(find ./apps/desktop/dist -name "*.dmg" -print -quit)
if [ -n "$dmg_file" ]; then if [ -n "$dmg_file" ]; then
echo "Found DMG: $dmg_file" echo "Found DMG: $dmg_file"
# Get the first valid signing identity from the keychain # Get the first valid signing identity from the keychain
SIGNING_IDENTITY=$(security find-identity -v -p codesigning build-app-${{ github.run_id }}.keychain | grep "Developer ID Application" | head -1 | sed -E 's/.*"([^"]+)".*/\1/') SIGNING_IDENTITY=$(security find-identity -v -p codesigning build-app-${{ github.run_id }}.keychain | grep "Developer ID Application" | head -1 | sed -E 's/.*"([^"]+)".*/\1/')
if [ -z "$SIGNING_IDENTITY" ]; then if [ -z "$SIGNING_IDENTITY" ]; then
echo "Error: No valid Developer ID Application certificate found in keychain" echo "Error: No valid Developer ID Application certificate found in keychain"
exit 1 exit 1
fi
echo "Using signing identity: $SIGNING_IDENTITY"
# Sign the DMG
codesign --force --sign "$SIGNING_IDENTITY" --options runtime --timestamp "$dmg_file"
# Notarize the DMG
xcrun notarytool submit "$dmg_file" --apple-id "$APPLE_ID" --password "$APPLE_ID_PASSWORD" --team-id "$APPLE_TEAM_ID" --wait
# Staple the notarization ticket
xcrun stapler staple "$dmg_file"
else
echo "No DMG found to sign"
fi fi
echo "Using signing identity: $SIGNING_IDENTITY"
# Sign the DMG
codesign --force --sign "$SIGNING_IDENTITY" --options runtime --timestamp "$dmg_file"
# Notarize the DMG
xcrun notarytool submit "$dmg_file" --apple-id "$APPLE_ID" --password "$APPLE_ID_PASSWORD" --team-id "$APPLE_TEAM_ID" --wait
# Staple the notarization ticket
xcrun stapler staple "$dmg_file"
else
echo "No DMG found to sign"
fi
- name: Verify code signing - name: Verify code signing
if: inputs.os == 'macos' if: inputs.os == 'macos'
shell: ${{ inputs.shell }} shell: ${{ inputs.shell }}
run: | run: |
echo "Verifying code signing for all artifacts..." echo "Verifying code signing for all artifacts..."
# First check the .app bundle # First check the .app bundle
echo "Looking for .app bundle..." echo "Looking for .app bundle..."
app_bundle=$(find ./dist -name "*.app" -print -quit) app_bundle=$(find ./apps/desktop/dist -name "*.app" -print -quit)
if [ -n "$app_bundle" ]; then if [ -n "$app_bundle" ]; then
echo "Found app bundle: $app_bundle" echo "Found app bundle: $app_bundle"
echo "Verifying app bundle signing..." echo "Verifying app bundle signing..."
codesign --verify --deep --strict --verbose=2 "$app_bundle" codesign --verify --deep --strict --verbose=2 "$app_bundle"
echo "Displaying app bundle signing info..." echo "Displaying app bundle signing info..."
codesign --display --verbose=2 "$app_bundle" codesign --display --verbose=2 "$app_bundle"
echo "Checking entitlements..." echo "Checking entitlements..."
codesign --display --entitlements :- "$app_bundle" codesign --display --entitlements :- "$app_bundle"
echo "Checking notarization status..." echo "Checking notarization status..."
xcrun stapler validate "$app_bundle" || echo "Warning: App bundle not notarized yet" xcrun stapler validate "$app_bundle" || echo "Warning: App bundle not notarized yet"
else else
echo "No .app bundle found to verify" echo "No .app bundle found to verify"
fi fi
# Then check DMG if it exists # Then check DMG if it exists
echo "Looking for DMG..." echo "Looking for DMG..."
dmg_file=$(find ./dist -name "*.dmg" -print -quit) dmg_file=$(find ./apps/desktop/dist -name "*.dmg" -print -quit)
if [ -n "$dmg_file" ]; then if [ -n "$dmg_file" ]; then
echo "Found DMG: $dmg_file" echo "Found DMG: $dmg_file"
echo "Verifying DMG signing..." echo "Verifying DMG signing..."
codesign --verify --deep --strict --verbose=2 "$dmg_file" codesign --verify --deep --strict --verbose=2 "$dmg_file"
echo "Displaying DMG signing info..." echo "Displaying DMG signing info..."
codesign --display --verbose=2 "$dmg_file" codesign --display --verbose=2 "$dmg_file"
echo "Checking DMG notarization..." echo "Checking DMG notarization..."
xcrun stapler validate "$dmg_file" || echo "Warning: DMG not notarized yet" xcrun stapler validate "$dmg_file" || echo "Warning: DMG not notarized yet"
else else
echo "No DMG found to verify" echo "No DMG found to verify"
fi fi
# Finally check ZIP if it exists # Finally check ZIP if it exists
echo "Looking for ZIP..." echo "Looking for ZIP..."
zip_file=$(find ./dist -name "*.zip" -print -quit) zip_file=$(find ./apps/desktop/dist -name "*.zip" -print -quit)
if [ -n "$zip_file" ]; then if [ -n "$zip_file" ]; then
echo "Found ZIP: $zip_file" echo "Found ZIP: $zip_file"
echo "Note: ZIP files are not code signed, but their contents should be" echo "Note: ZIP files are not code signed, but their contents should be"
fi fi

2
.github/actions/build-server/action.yml vendored
View File

@ -27,6 +27,6 @@ runs:
shell: bash shell: bash
run: | run: |
mkdir -p upload mkdir -p upload
file=$(find apps/server/dist -name '*.tar.xz' -print -quit) file=$(find ./apps/server/dist -name '*.tar.xz' -print -quit)
name=${{ github.ref_name }} name=${{ github.ref_name }}
cp "$file" "upload/TriliumNextNotes-Server-${name//\//-}-${{ inputs.os }}-${{ inputs.arch }}.tar.xz" cp "$file" "upload/TriliumNextNotes-Server-${name//\//-}-${{ inputs.os }}-${{ inputs.arch }}.tar.xz"