mirror of
https://github.com/bitcoin-s/bitcoin-s.git
synced 2025-01-19 05:43:51 +01:00
404 lines
18 KiB
YAML
404 lines
18 KiB
YAML
name: Release
|
|
on:
|
|
push:
|
|
branches: [master, main, feature_electron_build]
|
|
tags: ["*"]
|
|
release:
|
|
types: [ published ]
|
|
|
|
jobs:
|
|
publish:
|
|
runs-on: ubuntu-latest
|
|
timeout-minutes: 60
|
|
steps:
|
|
- uses: actions/checkout@v3
|
|
with:
|
|
fetch-depth: 0
|
|
- uses: olafurpg/setup-scala@v13
|
|
with:
|
|
java-version: openjdk@1.17.0
|
|
- uses: olafurpg/setup-gpg@v3
|
|
- run: sbt -J-Xmx2g ci-release docs/publishWebsite
|
|
env:
|
|
PGP_PASSPHRASE: ${{ secrets.PGP_PASSPHRASE }}
|
|
PGP_SECRET: ${{ secrets.PGP_SECRET }}
|
|
SONATYPE_PASSWORD: ${{ secrets.SONATYPE_PASSWORD }}
|
|
SONATYPE_USERNAME: ${{ secrets.SONATYPE_USERNAME }}
|
|
GITHUB_DEPLOY_KEY: ${{ secrets.GITHUB_TOKEN }}
|
|
GIT_DEPLOY_KEY: ${{ secrets.GIT_DEPLOY_KEY }}
|
|
# Built bitcoin-s cli, appServer, oracleServer zips
|
|
server:
|
|
runs-on: ${{ matrix.os }}
|
|
strategy:
|
|
matrix:
|
|
os: [macos-latest, ubuntu-latest, windows-latest] #
|
|
# If os values you don't include the matrix os list above are set here, they will be included
|
|
# If you want multiple variables per os see https://github.community/t/create-matrix-with-multiple-os-and-env-for-each-one/16895
|
|
# Can run conditional steps below with https://github.community/t/what-is-the-correct-if-condition-syntax-for-checking-matrix-os-version/16221
|
|
# This is here to get friendly labels for output filenames
|
|
include:
|
|
- os: macos-latest
|
|
TARGET: mac
|
|
- os: ubuntu-latest
|
|
TARGET: linux
|
|
- os: windows-latest
|
|
# TODO : Do we want to use 'win' or 'windows'?
|
|
TARGET: windows
|
|
steps:
|
|
- uses: actions/checkout@v3
|
|
with:
|
|
fetch-depth: 0
|
|
- name: Setup Scala
|
|
uses: actions/setup-java@v3
|
|
with:
|
|
distribution: 'adopt'
|
|
java-version: '17'
|
|
cache: 'sbt'
|
|
- name: Get Previous tag
|
|
id: previoustag
|
|
uses: WyriHaximus/github-action-get-previous-tag@v1
|
|
with:
|
|
fallback: 1.0.0 # Optional fallback tag to use when no tag can be found
|
|
# Tested building specific projects that are being exported only, but global packageBin seems to be faster
|
|
- name: Build all zips
|
|
shell: bash # windows needs shell defined
|
|
run: sbt "universal:stage;universal:packageBin"
|
|
- name: View Artifacts
|
|
run: ls -l app/server/target/universal/stage
|
|
# - name: Build appServer
|
|
# shell: bash
|
|
# run: sbt "appServer / Universal / stage; appServer / Universal / packageBin"
|
|
- name: Upload bitcoin-s-server
|
|
uses: actions/upload-artifact@v3
|
|
env:
|
|
pkg-version: ${{steps.previoustag.outputs.tag}}
|
|
with:
|
|
name: bitcoin-s-server-${{ matrix.TARGET }}
|
|
path: app/server/target/universal/stage
|
|
- name: (release) Upload bitcoin-s-server
|
|
if: startsWith(github.ref, 'refs/tags/')
|
|
uses: softprops/action-gh-release@v1
|
|
with:
|
|
name: bitcoin-s-server-${{ matrix.TARGET }}-${{steps.previoustag.outputs.tag}}
|
|
files: app/server/target/universal/*.zip
|
|
env:
|
|
pkg-version: ${{steps.previoustag.outputs.tag}}
|
|
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
|
|
# - name: Build oracleServer
|
|
# shell: bash
|
|
# run: sbt "oracleServer / Universal / stage; oracleServer / Universal / packageBin"
|
|
- name: Upload bitcoin-s-oracle-server
|
|
uses: actions/upload-artifact@v3
|
|
env:
|
|
pkg-version: ${{steps.previoustag.outputs.tag}}
|
|
with:
|
|
name: bitcoin-s-oracle-server-${{ matrix.TARGET }}
|
|
path: app/oracle-server/target/universal/stage
|
|
- name: (release) Upload bitcoin-s-oracle-server
|
|
if: startsWith(github.ref, 'refs/tags/')
|
|
uses: softprops/action-gh-release@v1
|
|
with:
|
|
name: bitcoin-s-oracle-server-${{ matrix.TARGET }}-${{steps.previoustag.outputs.tag}}
|
|
files: app/oracle-server/target/universal/*.zip
|
|
env:
|
|
pkg-version: ${{steps.previoustag.outputs.tag}}
|
|
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
|
|
# - name: Build cli
|
|
# shell: bash
|
|
# run: sbt "cli / Universal / stage; cli / Universal / packageBin"
|
|
- name: Upload bitcoin-s-cli
|
|
uses: actions/upload-artifact@v3
|
|
env:
|
|
pkg-version: ${{steps.previoustag.outputs.tag}}
|
|
with:
|
|
name: bitcoin-s-cli-${{ matrix.TARGET }}
|
|
path: app/cli/target/universal/stage/
|
|
- name: (release) Upload bitcoin-s-cli
|
|
if: startsWith(github.ref, 'refs/tags/')
|
|
uses: softprops/action-gh-release@v1
|
|
with:
|
|
name: bitcoin-s-cli-${{ matrix.TARGET }}-${{steps.previoustag.outputs.tag}}
|
|
files: app/cli/target/universal/*.zip
|
|
env:
|
|
pkg-version: ${{steps.previoustag.outputs.tag}}
|
|
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
|
|
# Native electron applications - Krystal Bull, Suredbits Wallet
|
|
electron:
|
|
needs: server
|
|
runs-on: ${{ matrix.os }}
|
|
strategy:
|
|
matrix:
|
|
os: [macos-latest, ubuntu-latest] # windows-latest
|
|
# If os values you don't include the matrix os list above are set here, they will be included
|
|
# This is here to get friendly labels for output filenames
|
|
include:
|
|
- os: macos-latest
|
|
TARGET: mac
|
|
FORMAT: zip # dmg
|
|
- os: ubuntu-latest
|
|
TARGET: linux
|
|
FORMAT: deb
|
|
# - os: windows-latest
|
|
# TARGET: windows
|
|
# FORMAT: zip # ???
|
|
# Build output paths
|
|
env:
|
|
KB_OUT: "bitcoin-s-ts/oracle-electron-ts/out"
|
|
KB_MAKE: "bitcoin-s-ts/oracle-electron-ts/out/make"
|
|
W_OUT: "bitcoin-s-ts/wallet-electron-ts/out"
|
|
W_MAKE: "bitcoin-s-ts/wallet-electron-ts/out/make"
|
|
steps:
|
|
# macos keychain unlocking for signing identity access
|
|
- name: (macos) Import developer cert to keychain
|
|
if: startsWith(matrix.os,'macos')
|
|
uses: apple-actions/import-codesign-certs@v1
|
|
with:
|
|
create-keychain: true
|
|
p12-file-base64: ${{ secrets.CERTIFICATES_P12 }}
|
|
p12-password: ${{ secrets.CERTIFICATES_P12_PASSWORD }}
|
|
keychain-password: ${{ secrets.CERTIFICATES_P12_PASSWORD }}
|
|
- name: (macos) Unlock keychain, find-identity
|
|
if: startsWith(matrix.os,'macos')
|
|
env:
|
|
MACOS_CERTIFICATE_PWD: ${{ secrets.CERTIFICATES_P12_PASSWORD }}
|
|
KEYCHAIN: signing_temp.keychain
|
|
run: |
|
|
security unlock-keychain -p $MACOS_CERTIFICATE_PWD $KEYCHAIN
|
|
security set-key-partition-list -S apple-tool:,apple:,codesign: -s -k $MACOS_CERTIFICATE_PWD $KEYCHAIN
|
|
security find-identity -p codesigning -v
|
|
# Install Node, checkout repo, install dependencies and build repo
|
|
- name: Setup Node.js
|
|
uses: actions/setup-node@v3
|
|
with:
|
|
node-version: 16.x
|
|
- name: Checkout bitcoin-s-ts repo
|
|
uses: actions/checkout@v3
|
|
with:
|
|
repository: bitcoin-s/bitcoin-s-ts
|
|
# ref: electron-forge-config # TODO : Merge to master and remove
|
|
path: bitcoin-s-ts
|
|
- name: bitcoin-s-ts install and build
|
|
working-directory: bitcoin-s-ts
|
|
run: |
|
|
npm ci
|
|
npm run build
|
|
# Build Krystal Bull
|
|
- name: Download bitcoin-s-oracle-server
|
|
uses: actions/download-artifact@v3
|
|
with:
|
|
name: bitcoin-s-oracle-server-${{ matrix.TARGET }}
|
|
path: bitcoin-s-ts/oracle-electron-ts/bitcoin-s-oracle-server
|
|
- name: Build Krystal Bull
|
|
working-directory: bitcoin-s-ts/oracle-electron-ts
|
|
env:
|
|
DEBUG: electron-notarizer
|
|
# APP_SIGNING_ID: "Developer ID Application: Chris Stewart (9ZG3GPKHX8)"
|
|
# NOTORIZE_APPLE_ID: "stewart.chris1234@gmail.com"
|
|
# NOTORIZE_APPLE_PW: ${{ secrets.MAC_NOTARIZATION_PW }}
|
|
# NOTORIZE_APPLE_TEAM: 9ZG3GPKHX8
|
|
run: |
|
|
npm ci
|
|
npm run build
|
|
npm run make
|
|
# - name: (windows) Show windows artifacts
|
|
# if: startsWith(matrix.os,'windows')
|
|
# run: |
|
|
# ls -l $KB_OUT
|
|
# ls -l $KB_MAKE
|
|
# ls -l "$KB_MAKE/zip"
|
|
# ls -l "$KB_MAKE/zip/windows"
|
|
# ls -l "$KB_MAKE/zip/windows/x64"
|
|
# - name: (macos) Manually sign Krystal Bull
|
|
# if: startsWith(matrix.os,'macos')
|
|
# env:
|
|
# APP_SIGNING_ID: "Developer ID Application: Chris Stewart (9ZG3GPKHX8)"
|
|
# NOTORIZE_APPLE_ID: "stewart.chris1234@gmail.com"
|
|
# NOTORIZE_APPLE_PW: ${{ secrets.MAC_NOTARIZATION_PW }}
|
|
# TEAM_ID: "9ZG3GPKHX8"
|
|
# PLIST: "bitcoin-s-ts/oracle-electron-ts/entitlements.plist"
|
|
# KRYSTALBULL_PATH: "${{env.KB_OUT}}/Krystal Bull-darwin-x64/Krystal Bull.app"
|
|
# BUNDLE_ID: "org.bitcoins.krystalbull"
|
|
# ZIP_NAME: "KrystalBull-mac.zip"
|
|
# run: |
|
|
# echo "=== Signing app ==="
|
|
# : # See about signing subsystems - https://gist.github.com/jorangreef/27e708c67b7e6746a98a
|
|
# codesign -s "$APP_SIGNING_ID" --entitlements "$PLIST" --timestamp --options runtime -vvvv --deep "$KRYSTALBULL_PATH"
|
|
# echo "=== Verifying app signature ==="
|
|
# codesign -vvv --deep --strict "$KRYSTALBULL_PATH"
|
|
# codesign -dvv "$KRYSTALBULL_PATH"
|
|
# codesign -d --entitlements :- "$KRYSTALBULL_PATH"
|
|
# echo "=== zip app ==="
|
|
# zip -qr $ZIP_NAME "$KRYSTALBULL_PATH"
|
|
# mv $ZIP_NAME $KB_MAKE
|
|
# mv ${{env.KB_MAKE}}/zip/darwin/x64/*.zip $ZIP_NAME
|
|
# echo "=== Notarizing app ==="
|
|
# : # Store xcrun creditials
|
|
# xcrun notarytool store-credentials "AC_PASSWORD" --apple-id $NOTORIZE_APPLE_ID --password $NOTORIZE_APPLE_PW --team-id $TEAM_ID
|
|
# REQUEST_UUID=$(xcrun altool --notarize-app --primary-bundle-id $BUNDLE_ID -u $NOTORIZE_APPLE_ID -p "$NOTORIZE_APPLE_PW" --team-id $TEAM_ID --file "$ZIP_NAME" | grep RequestUUID | awk '{print $3}')
|
|
# echo "Waiting for notarization from Apple for $REQUEST_UUID"
|
|
# sleep 5
|
|
# xcrun altool --notarization-info "$REQUEST_UUID" -u $NOTORIZE_APPLE_ID -p "$NOTORIZE_APPLE_PW" --team-id $TEAM_ID
|
|
# echo "Start while loop"
|
|
# while xcrun altool --notarization-info "$REQUEST_UUID" -u $NOTORIZE_APPLE_ID -p "$NOTORIZE_APPLE_PW" --team-id $TEAM_ID | grep "Status: in progress" > /dev/null; do
|
|
# echo "Verification in progress..."
|
|
# sleep 30
|
|
# done
|
|
# echo "End while loop"
|
|
# echo "=== notarytool history ==="
|
|
# xcrun notarytool history --keychain-profile "AC_PASSWORD"
|
|
# echo "=== notarytool info ==="
|
|
# xcrun notarytool info $REQUEST_UUID --keychain-profile "AC_PASSWORD"
|
|
# : # TODO : Staple notarization to app/zip?
|
|
# xcrun stapler staple "$KRYSTALBULL_PATH"
|
|
# echo "Done stapling"
|
|
# - name: (macos) Validate application signing and notarization
|
|
# if: startsWith(matrix.os,'macos')
|
|
# env:
|
|
# KRYSTALBULL_PATH: "${{env.KB_OUT}}/Krystal Bull-darwin-x64/Krystal Bull.app"
|
|
# # TODO : Need to account for version in path changing
|
|
# # DMG_PATH: "${{env.KB_MAKE}}/Krystal Bull-0.0.1-x64.dmg"
|
|
# run: |
|
|
# echo "Directory contents"
|
|
# echo "$KRYSTALBULL_PATH"
|
|
# ls -l $KB_OUT
|
|
# ls -l $KB_MAKE
|
|
# ls -l "$KB_MAKE/zip"
|
|
# ls -l "$KB_MAKE/zip/darwin"
|
|
# ls -l "$KB_MAKE/zip/darwin/x64"
|
|
# ls -l "$KB_OUT/Krystal Bull-darwin-x64"
|
|
# echo "=== Verify app signature ==="
|
|
# codesign -vvv --deep --strict "$KRYSTALBULL_PATH"
|
|
# codesign -dvv "$KRYSTALBULL_PATH"
|
|
# codesign -d --entitlements :- "$KRYSTALBULL_PATH"
|
|
# : # Seeing error like "bitcoin-s-ts/oracle-electron-ts/out/make/Krystal Bull-0.0.1-x64.dmg: code object is not signed at all"
|
|
# : # So the electron build is not doing any code signing on the dmg
|
|
# : # echo "=== Verify dmg signature ==="
|
|
# : # codesign -vvv --deep --strict "$DMG_PATH"
|
|
# : # Not happening yet, need entitlements set
|
|
# : # echo "=== Verify app notarization ==="
|
|
# : # spctl -vvv --assess --type exec "$KRYSTALBULL_PATH"
|
|
# Platform specific values here for folder depth
|
|
- name: (macos) Move .zip into /make
|
|
if: startsWith(matrix.os,'macos')
|
|
run: mv ${{env.KB_MAKE}}/zip/darwin/x64/*.zip $KB_MAKE
|
|
- name: (linux) Move .deb into /make
|
|
if: startsWith(matrix.os,'ubuntu')
|
|
run: mv ${{env.KB_MAKE}}/deb/x64/*.deb $KB_MAKE
|
|
# Capture signed Mac app
|
|
# - name: (macos) Upload krystalbull-mac-zip
|
|
# if: startsWith(matrix.os,'macos')
|
|
# uses: actions/upload-artifact@v3
|
|
# env:
|
|
# pkg-version: ${{steps.previoustag.outputs.tag}}
|
|
# with:
|
|
# name: krystalbull-${{ matrix.TARGET }}-zip
|
|
# path: ${{env.KB_MAKE}}/zip/darwin/x64/*.zip
|
|
- name: Upload krystalbull-${{ matrix.TARGET }}-${{ matrix.FORMAT }}
|
|
uses: actions/upload-artifact@v3
|
|
env:
|
|
pkg-version: ${{steps.previoustag.outputs.tag}}
|
|
with:
|
|
name: krystalbull-${{ matrix.TARGET }}-${{ matrix.FORMAT }}
|
|
path: ${{env.KB_MAKE}}/*.${{ matrix.FORMAT }}
|
|
- name: (release) Upload krystallbull-${{ matrix.TARGET }}-${{ matrix.FORMAT }}
|
|
if: startsWith(github.ref, 'refs/tags/')
|
|
uses: softprops/action-gh-release@v1
|
|
with:
|
|
name: krystalbull-${{ matrix.TARGET }}-${{ matrix.FORMAT }}-${{steps.previoustag.outputs.tag}}
|
|
files: ${{env.KB_MAKE}}/*.${{ matrix.FORMAT }}
|
|
env:
|
|
pkg-version: ${{steps.previoustag.outputs.tag}}
|
|
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
|
|
# Build Suredbits Wallet
|
|
- name: Download bitcoin-s-server
|
|
uses: actions/download-artifact@v3
|
|
with:
|
|
name: bitcoin-s-server-${{ matrix.TARGET }}
|
|
path: bitcoin-s-ts/wallet-electron-ts/bitcoin-s-server
|
|
- name: Build Suredbits Wallet
|
|
working-directory: bitcoin-s-ts/wallet-electron-ts
|
|
env:
|
|
DEBUG: electron-notarizer
|
|
# APP_SIGNING_ID: "Developer ID Application: Chris Stewart (9ZG3GPKHX8)"
|
|
# NOTORIZE_APPLE_ID: "stewart.chris1234@gmail.com"
|
|
# NOTORIZE_APPLE_PW: ${{ secrets.MAC_NOTARIZATION_PW }}
|
|
# NOTORIZE_APPLE_TEAM: 9ZG3GPKHX8
|
|
run: |
|
|
npm ci
|
|
npm run build
|
|
npm run make
|
|
# - name: (macos) Manually sign Suredbits Wallet
|
|
# if: startsWith(matrix.os,'macos')
|
|
# working-directory: ${{env.W_MAKE}}
|
|
# env:
|
|
# APP_SIGNING_ID: "Developer ID Application: Chris Stewart (9ZG3GPKHX8)"
|
|
# NOTORIZE_APPLE_ID: "stewart.chris1234@gmail.com"
|
|
# NOTORIZE_APPLE_PW: ${{ secrets.MAC_NOTARIZATION_PW }}
|
|
# TEAM_ID: "9ZG3GPKHX8"
|
|
# PLIST: "bitcoin-s-ts/wallet-electron-ts/entitlements.plist"
|
|
# WALLET_PATH: "${{env.W_OUT}}/Suredbits Wallet-darwin-x64/Suredbits Wallet.app"
|
|
# BUNDLE_ID: "org.bitcoins.suredbitswallet"
|
|
# ZIP_NAME: "SuredbitsWallet-mac.zip"
|
|
# run: |
|
|
# echo "=== Signing app ==="
|
|
# codesign -s "$APP_SIGNING_ID" --entitlements "$PLIST" --timestamp --options runtime -vvvv --deep "$WALLET_PATH"
|
|
# echo "=== Verifying app signature ==="
|
|
# codesign -vvv --deep --strict "$WALLET_PATH"
|
|
# codesign -dvv "$WALLET_PATH"
|
|
# codesign -d --entitlements :- "$WALLET_PATH"
|
|
# echo "=== zip app ==="
|
|
# zip -qr $ZIP_NAME "$WALLET_PATH"
|
|
# mv $ZIP_NAME $W_MAKE
|
|
# - name: (macos) Validate application signing and notarization
|
|
# if: startsWith(matrix.os,'macos')
|
|
# env:
|
|
# WALLET_PATH: "${{env.W_OUT}}/Suredbits Wallet-darwin-x64/Suredbits Wallet.app"
|
|
# # TODO : Need to account for version in path changing
|
|
# # DMG_PATH: "${{env.W_MAKE}}/Suredbits Wallet-0.0.1-x64.dmg"
|
|
# run: |
|
|
# echo "Directory contents"
|
|
# ls -l "bitcoin-s-ts/wallet-electron-ts"
|
|
# ls -l $W_OUT
|
|
# ls -l $W_MAKE
|
|
# ls -l "$W_OUT/Suredbits Wallet-darwin-x64"
|
|
# echo "=== Verify app signature ==="
|
|
# codesign -vvv --deep --strict "$WALLET_PATH"
|
|
# codesign -dvv "$WALLET_PATH"
|
|
# codesign -d --entitlements :- "$WALLET_PATH"
|
|
# : # echo "=== Verify dmg signature ==="
|
|
# : # codesign -vvv --deep --strict "$DMG_PATH"
|
|
# : # echo "=== Verify app notarization ==="
|
|
# : # spctl -vvv --assess --type exec "$WALLET_PATH"
|
|
# Platform specific values here for folder depth
|
|
- name: (macos) Move .zip into /make
|
|
if: startsWith(matrix.os,'macos')
|
|
run: mv ${{env.W_MAKE}}/zip/darwin/x64/*.zip $W_MAKE
|
|
- name: (linux) Move .deb into /make
|
|
if: startsWith(matrix.os,'ubuntu')
|
|
run: mv ${{env.W_MAKE}}/deb/x64/*.deb $W_MAKE
|
|
# Capture signed Mac app
|
|
# - name: (macos) Upload suredbits-wallet-mac-zip
|
|
# if: startsWith(matrix.os,'macos')
|
|
# uses: actions/upload-artifact@v3
|
|
# env:
|
|
# pkg-version: ${{steps.previoustag.outputs.tag}}
|
|
# with:
|
|
# name: suredbits-wallet-${{ matrix.TARGET }}-zip
|
|
# path: ${{env.W_MAKE}}/zip/darwin/x64/*.zip
|
|
- name: Upload suredbits-wallet-${{ matrix.TARGET }}-${{ matrix.FORMAT }}
|
|
uses: actions/upload-artifact@v3
|
|
env:
|
|
pkg-version: ${{steps.previoustag.outputs.tag}}
|
|
with:
|
|
name: suredbits-wallet-${{ matrix.TARGET }}-${{ matrix.FORMAT }}
|
|
path: ${{env.W_MAKE}}/*.${{ matrix.FORMAT }}
|
|
- name: (release) Upload suredbits-wallet-${{ matrix.TARGET }}-${{ matrix.FORMAT }}
|
|
if: startsWith(github.ref, 'refs/tags/')
|
|
uses: softprops/action-gh-release@v1
|
|
with:
|
|
name: suredbits-wallet-${{ matrix.TARGET }}-${{ matrix.FORMAT }}-${{steps.previoustag.outputs.tag}}
|
|
files: ${{env.W_MAKE}}/*.${{ matrix.FORMAT }}
|
|
env:
|
|
pkg-version: ${{steps.previoustag.outputs.tag}}
|
|
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
|