2022-01-17 17:32:21 +00:00
|
|
|
name: Publish Release
|
|
|
|
|
|
|
|
on:
|
|
|
|
workflow_dispatch:
|
|
|
|
inputs:
|
|
|
|
environment:
|
|
|
|
type: environment
|
|
|
|
default: "Beta"
|
|
|
|
vendor_version:
|
|
|
|
type: string
|
|
|
|
description: "Vendor Version (semver) for the release -- what will be visible."
|
|
|
|
default: "0.0.1"
|
|
|
|
required: true
|
|
|
|
build:
|
|
|
|
type: string
|
|
|
|
description: "Build number (int, 3 max digits) for the release."
|
|
|
|
default: "0"
|
|
|
|
required: true
|
|
|
|
|
|
|
|
jobs:
|
|
|
|
create_release_tag:
|
|
|
|
name: "Create release tag"
|
|
|
|
environment: ${{ github.event.inputs.environment || 'Beta' }}
|
|
|
|
env:
|
|
|
|
PL_VENDOR_VERSION: ${{ github.event.inputs.vendor_version || '0.0.1' }}
|
|
|
|
PL_VENDOR_BASE_URL: "https://github.com/${{ github.repository }}"
|
|
|
|
|
|
|
|
runs-on: ubuntu-latest
|
|
|
|
outputs:
|
|
|
|
release_id: ${{ steps.create_release.outputs.id }}
|
|
|
|
steps:
|
|
|
|
- uses: actions/checkout@v2
|
|
|
|
- uses: actions/setup-node@v2
|
|
|
|
with:
|
|
|
|
node-version-file: ".nvmrc"
|
|
|
|
- name: Install dependencies
|
|
|
|
run: |
|
|
|
|
npm i -g npm@8.2.0
|
|
|
|
npm ci
|
|
|
|
- name: Build tauri-update.json
|
|
|
|
run: cd packages/tauri && node generate-tauri-update-file.js
|
|
|
|
- uses: softprops/action-gh-release@v1
|
|
|
|
id: create_release
|
|
|
|
name: Create release and add tauri-update.json
|
|
|
|
with:
|
|
|
|
tag_name: "v${{ env.PL_VENDOR_VERSION }}"
|
|
|
|
name: "v${{ env.PL_VENDOR_VERSION }}"
|
|
|
|
body: "v${{ env.PL_VENDOR_VERSION }}"
|
|
|
|
prerelease: true
|
|
|
|
draft: false
|
|
|
|
files: packages/tauri/tauri-update.json
|
|
|
|
fail_on_unmatched_files: true
|
|
|
|
|
|
|
|
release_web_extension:
|
|
|
|
name: "Release web extension"
|
|
|
|
environment: ${{ github.event.inputs.environment || 'Beta' }}
|
|
|
|
needs: create_release_tag
|
|
|
|
env:
|
|
|
|
RELEASE_BUILD: ${{ github.event.inputs.build || '0' }}
|
|
|
|
PL_VENDOR_VERSION: ${{ github.event.inputs.vendor_version || '0.0.1' }}
|
|
|
|
|
|
|
|
runs-on: ubuntu-latest
|
|
|
|
steps:
|
|
|
|
- uses: actions/checkout@v2
|
|
|
|
- uses: actions/setup-node@v2
|
|
|
|
with:
|
|
|
|
node-version-file: ".nvmrc"
|
|
|
|
- name: Install dependencies
|
|
|
|
run: |
|
|
|
|
npm i -g npm@8.2.0 web-ext@6.6.0
|
|
|
|
npm ci
|
|
|
|
- name: Build
|
|
|
|
env:
|
|
|
|
PL_SERVER_URL: ${{ secrets.PL_SERVER_URL }}
|
|
|
|
PL_BUILD_ENV: ${{ secrets.PL_BUILD_ENV }}
|
|
|
|
run: npm run web-extension:build
|
|
|
|
- name: Sign for Firefox
|
|
|
|
run: cd packages/extension/dist && web-ext sign --id="${{ secrets.PL_WEB_EXTENSION_FIREFOX_ID }}" --channel=unlisted --api-key=${{ secrets.PL_WEB_EXTENSION_FIREFOX_API_KEY }} --api-secret=${{ secrets.PL_WEB_EXTENSION_FIREFOX_API_SECRET }}
|
|
|
|
- name: Upload Signed Web Extension (Firefox)
|
|
|
|
uses: svenstaro/upload-release-action@2.2.1
|
|
|
|
with:
|
|
|
|
repo_token: ${{ secrets.GITHUB_TOKEN }}
|
|
|
|
tag: "v${{ env.PL_VENDOR_VERSION }}"
|
Checksums - Allow anyone to confirm source and delivered code (#467)
* Checksums - Allow anyone to confirm source and delivered code
For now this only has the initial step on making CSP stricter so we can use it to parse through used files.
Very much WIP for now, but now it should just be a matter of writing up concise docs on how to go through the process, after generating and publishing the checksums via CI as well.
Related to #331
* Lint!
* Add more instructions and CI to build checksums.
* Fix typo and lint
* Remove CSP package dependency, build it manually.
Update commands in docs, fix web extension release.
* Tweak docs and webpack. CI still isn't producing a matching checksum, though.
* Tweak docs for web checksums, add debugging in the checksum action, make it faster, temporarily.
* Fix web checksum, add checksums and instructions for everything else
Closes #467
* Fix tauri release + macos sha256sum
* Remove .app checksum, since it's a directory and checksum'ing the .tar.gz seems strange.
* Properly indent + fix sha256sum results (and windows line endings problem)
* Include PWA for release, add instructions to change filenames when checksum fails.
* Include _everything_ in the CSP now, and tweak the verification script and checksum build to also include everything, now.
Still requires changes in the way to verify a published web app, where I'll have to write a script to parse through the whole CSP now.
* Add TypeScript (Deno) script to parse through CSP and download matched files.
Also update docs.
* Tweak web checksum examples.
* Remove content hashes from font files.
* Try sorting files before adding to CSP, to enforce consistency.
2022-06-20 06:34:45 +00:00
|
|
|
file: packages/extension/dist/web-ext-artifacts/padloc-${{ env.PL_VENDOR_VERSION }}.${{ env.RELEASE_BUILD }}.xpi
|
2022-01-17 17:32:21 +00:00
|
|
|
asset_name: padloc-web-extension-${{ env.PL_VENDOR_VERSION }}.${{ env.RELEASE_BUILD }}.xpi
|
|
|
|
prerelease: true
|
|
|
|
- name: Pack for Chrome Extension
|
|
|
|
uses: cardinalby/webext-buildtools-pack-extension-dir-action@v1
|
|
|
|
with:
|
|
|
|
extensionDir: packages/extension/dist
|
|
|
|
zipFilePath: packages/extension/padloc.zip
|
|
|
|
zipIgnore: web-ext-artifacts/**|*.xpi
|
|
|
|
- name: Upload Unsigned Web Extension (Chrome)
|
|
|
|
uses: svenstaro/upload-release-action@2.2.1
|
|
|
|
with:
|
|
|
|
repo_token: ${{ secrets.GITHUB_TOKEN }}
|
|
|
|
tag: "v${{ env.PL_VENDOR_VERSION }}"
|
|
|
|
file: packages/extension/padloc.zip
|
|
|
|
asset_name: padloc-web-extension-${{ env.PL_VENDOR_VERSION }}.${{ env.RELEASE_BUILD }}-unsigned.zip
|
|
|
|
prerelease: true
|
|
|
|
- name: Sign for Chrome
|
|
|
|
uses: cardinalby/webext-buildtools-chrome-crx-action@v2
|
|
|
|
with:
|
|
|
|
zipFilePath: packages/extension/padloc.zip
|
|
|
|
crxFilePath: packages/extension/padloc-signed.crx
|
|
|
|
privateKey: ${{ secrets.PL_WEB_EXTENSION_CHROME_CRX_PRIVATE_KEY }}
|
|
|
|
- name: Upload Signed Web Extension (Chrome)
|
|
|
|
uses: svenstaro/upload-release-action@2.2.1
|
|
|
|
with:
|
|
|
|
repo_token: ${{ secrets.GITHUB_TOKEN }}
|
|
|
|
tag: "v${{ env.PL_VENDOR_VERSION }}"
|
|
|
|
file: packages/extension/padloc-signed.crx
|
|
|
|
asset_name: padloc-web-extension-${{ env.PL_VENDOR_VERSION }}.${{ env.RELEASE_BUILD }}.crx
|
|
|
|
prerelease: true
|
Checksums - Allow anyone to confirm source and delivered code (#467)
* Checksums - Allow anyone to confirm source and delivered code
For now this only has the initial step on making CSP stricter so we can use it to parse through used files.
Very much WIP for now, but now it should just be a matter of writing up concise docs on how to go through the process, after generating and publishing the checksums via CI as well.
Related to #331
* Lint!
* Add more instructions and CI to build checksums.
* Fix typo and lint
* Remove CSP package dependency, build it manually.
Update commands in docs, fix web extension release.
* Tweak docs and webpack. CI still isn't producing a matching checksum, though.
* Tweak docs for web checksums, add debugging in the checksum action, make it faster, temporarily.
* Fix web checksum, add checksums and instructions for everything else
Closes #467
* Fix tauri release + macos sha256sum
* Remove .app checksum, since it's a directory and checksum'ing the .tar.gz seems strange.
* Properly indent + fix sha256sum results (and windows line endings problem)
* Include PWA for release, add instructions to change filenames when checksum fails.
* Include _everything_ in the CSP now, and tweak the verification script and checksum build to also include everything, now.
Still requires changes in the way to verify a published web app, where I'll have to write a script to parse through the whole CSP now.
* Add TypeScript (Deno) script to parse through CSP and download matched files.
Also update docs.
* Tweak web checksum examples.
* Remove content hashes from font files.
* Try sorting files before adding to CSP, to enforce consistency.
2022-06-20 06:34:45 +00:00
|
|
|
- name: Generate checksum (xpi)
|
|
|
|
run: |
|
|
|
|
cd packages/extension/dist/web-ext-artifacts
|
|
|
|
sha256sum padloc*.xpi > sha256sum-xpi.txt
|
|
|
|
- name: Upload checksum (xpi)
|
|
|
|
uses: svenstaro/upload-release-action@2.2.1
|
|
|
|
with:
|
|
|
|
repo_token: ${{ secrets.GITHUB_TOKEN }}
|
|
|
|
tag: "v${{ env.PL_VENDOR_VERSION }}"
|
|
|
|
file: packages/extension/dist/web-ext-artifacts/sha256sum-xpi.txt
|
|
|
|
asset_name: sha256sum-xpi.txt
|
|
|
|
prerelease: true
|
|
|
|
- name: Generate checksum (crx)
|
|
|
|
run: |
|
|
|
|
cd packages/extension
|
|
|
|
sha256sum padloc-signed.crx > sha256sum-crx.txt
|
|
|
|
- name: Upload checksum (crx)
|
|
|
|
uses: svenstaro/upload-release-action@2.2.1
|
|
|
|
with:
|
|
|
|
repo_token: ${{ secrets.GITHUB_TOKEN }}
|
|
|
|
tag: "v${{ env.PL_VENDOR_VERSION }}"
|
|
|
|
file: packages/extension/sha256sum-crx.txt
|
|
|
|
asset_name: sha256sum-crx.txt
|
|
|
|
prerelease: true
|
2022-01-17 17:32:21 +00:00
|
|
|
|
|
|
|
release_tauri:
|
|
|
|
name: "Release Tauri apps"
|
|
|
|
environment: ${{ github.event.inputs.environment || 'Beta' }}
|
|
|
|
needs: create_release_tag
|
|
|
|
env:
|
|
|
|
RELEASE_ID: ${{ needs.create_release_tag.outputs.release_id }}
|
|
|
|
PL_VENDOR_VERSION: ${{ github.event.inputs.vendor_version || '0.0.1' }}
|
|
|
|
|
|
|
|
strategy:
|
|
|
|
fail-fast: false
|
|
|
|
matrix:
|
|
|
|
platform: [macos-latest, ubuntu-latest, windows-latest]
|
|
|
|
|
|
|
|
runs-on: ${{ matrix.platform }}
|
|
|
|
steps:
|
|
|
|
- uses: actions/checkout@v2
|
|
|
|
- uses: actions/setup-node@v2
|
|
|
|
with:
|
|
|
|
node-version-file: ".nvmrc"
|
|
|
|
- name: Install Rust stable
|
|
|
|
uses: actions-rs/toolchain@v1
|
|
|
|
with:
|
|
|
|
toolchain: stable
|
|
|
|
- name: Install tauri bundler
|
|
|
|
run: cargo install tauri-bundler --force
|
|
|
|
- name: Install webkit2gtk (ubuntu only)
|
|
|
|
if: matrix.platform == 'ubuntu-latest'
|
|
|
|
run: |
|
|
|
|
sudo apt-get update
|
|
|
|
sudo apt-get install -y webkit2gtk-4.0
|
Checksums - Allow anyone to confirm source and delivered code (#467)
* Checksums - Allow anyone to confirm source and delivered code
For now this only has the initial step on making CSP stricter so we can use it to parse through used files.
Very much WIP for now, but now it should just be a matter of writing up concise docs on how to go through the process, after generating and publishing the checksums via CI as well.
Related to #331
* Lint!
* Add more instructions and CI to build checksums.
* Fix typo and lint
* Remove CSP package dependency, build it manually.
Update commands in docs, fix web extension release.
* Tweak docs and webpack. CI still isn't producing a matching checksum, though.
* Tweak docs for web checksums, add debugging in the checksum action, make it faster, temporarily.
* Fix web checksum, add checksums and instructions for everything else
Closes #467
* Fix tauri release + macos sha256sum
* Remove .app checksum, since it's a directory and checksum'ing the .tar.gz seems strange.
* Properly indent + fix sha256sum results (and windows line endings problem)
* Include PWA for release, add instructions to change filenames when checksum fails.
* Include _everything_ in the CSP now, and tweak the verification script and checksum build to also include everything, now.
Still requires changes in the way to verify a published web app, where I'll have to write a script to parse through the whole CSP now.
* Add TypeScript (Deno) script to parse through CSP and download matched files.
Also update docs.
* Tweak web checksum examples.
* Remove content hashes from font files.
* Try sorting files before adding to CSP, to enforce consistency.
2022-06-20 06:34:45 +00:00
|
|
|
- name: Install coreutils
|
|
|
|
if: matrix.platform == 'macos-latest'
|
|
|
|
run: |
|
|
|
|
brew install coreutils
|
2022-01-17 17:32:21 +00:00
|
|
|
- name: Install dependencies
|
|
|
|
run: |
|
|
|
|
npm i -g npm@8.2.0
|
|
|
|
npm ci
|
Checksums - Allow anyone to confirm source and delivered code (#467)
* Checksums - Allow anyone to confirm source and delivered code
For now this only has the initial step on making CSP stricter so we can use it to parse through used files.
Very much WIP for now, but now it should just be a matter of writing up concise docs on how to go through the process, after generating and publishing the checksums via CI as well.
Related to #331
* Lint!
* Add more instructions and CI to build checksums.
* Fix typo and lint
* Remove CSP package dependency, build it manually.
Update commands in docs, fix web extension release.
* Tweak docs and webpack. CI still isn't producing a matching checksum, though.
* Tweak docs for web checksums, add debugging in the checksum action, make it faster, temporarily.
* Fix web checksum, add checksums and instructions for everything else
Closes #467
* Fix tauri release + macos sha256sum
* Remove .app checksum, since it's a directory and checksum'ing the .tar.gz seems strange.
* Properly indent + fix sha256sum results (and windows line endings problem)
* Include PWA for release, add instructions to change filenames when checksum fails.
* Include _everything_ in the CSP now, and tweak the verification script and checksum build to also include everything, now.
Still requires changes in the way to verify a published web app, where I'll have to write a script to parse through the whole CSP now.
* Add TypeScript (Deno) script to parse through CSP and download matched files.
Also update docs.
* Tweak web checksum examples.
* Remove content hashes from font files.
* Try sorting files before adding to CSP, to enforce consistency.
2022-06-20 06:34:45 +00:00
|
|
|
- uses: tauri-apps/tauri-action@v0.3.1
|
2022-01-17 17:32:21 +00:00
|
|
|
env:
|
|
|
|
PL_SERVER_URL: ${{ secrets.PL_SERVER_URL }}
|
|
|
|
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
|
|
|
|
TAURI_PRIVATE_KEY: ${{ secrets.TAURI_PRIVATE_KEY }}
|
|
|
|
TAURI_KEY_PASSWORD: ${{ secrets.TAURI_KEY_PASSWORD }}
|
|
|
|
ENABLE_CODE_SIGNING: true
|
|
|
|
APPLE_CERTIFICATE: ${{ secrets.PL_MACOS_SIGNING_CERT_BASE64 }}
|
|
|
|
APPLE_CERTIFICATE_PASSWORD: ${{ secrets.PL_MACOS_SIGNING_CERT_PASSWORD }}
|
|
|
|
APPLE_SIGNING_IDENTITY: ${{ secrets.PL_MACOS_SIGNING_IDENTITY }}
|
|
|
|
APPLE_ID: ${{ secrets.PL_MACOS_NOTARIZE_APPLE_ID }}
|
|
|
|
APPLE_PASSWORD: ${{ secrets.PL_MACOS_NOTARIZE_PASSWORD }}
|
|
|
|
with:
|
|
|
|
releaseId: ${{ env.RELEASE_ID }}
|
|
|
|
projectPath: packages/tauri
|
Checksums - Allow anyone to confirm source and delivered code (#467)
* Checksums - Allow anyone to confirm source and delivered code
For now this only has the initial step on making CSP stricter so we can use it to parse through used files.
Very much WIP for now, but now it should just be a matter of writing up concise docs on how to go through the process, after generating and publishing the checksums via CI as well.
Related to #331
* Lint!
* Add more instructions and CI to build checksums.
* Fix typo and lint
* Remove CSP package dependency, build it manually.
Update commands in docs, fix web extension release.
* Tweak docs and webpack. CI still isn't producing a matching checksum, though.
* Tweak docs for web checksums, add debugging in the checksum action, make it faster, temporarily.
* Fix web checksum, add checksums and instructions for everything else
Closes #467
* Fix tauri release + macos sha256sum
* Remove .app checksum, since it's a directory and checksum'ing the .tar.gz seems strange.
* Properly indent + fix sha256sum results (and windows line endings problem)
* Include PWA for release, add instructions to change filenames when checksum fails.
* Include _everything_ in the CSP now, and tweak the verification script and checksum build to also include everything, now.
Still requires changes in the way to verify a published web app, where I'll have to write a script to parse through the whole CSP now.
* Add TypeScript (Deno) script to parse through CSP and download matched files.
Also update docs.
* Tweak web checksum examples.
* Remove content hashes from font files.
* Try sorting files before adding to CSP, to enforce consistency.
2022-06-20 06:34:45 +00:00
|
|
|
- name: Generate checksum (AppImage)
|
|
|
|
if: matrix.platform == 'ubuntu-latest'
|
|
|
|
run: |
|
|
|
|
cd packages/tauri/src-tauri/target/release/bundle/appimage
|
|
|
|
sha256sum padloc*.AppImage > sha256sum-appimage.txt
|
|
|
|
- name: Upload checksum (AppImage)
|
|
|
|
if: matrix.platform == 'ubuntu-latest'
|
|
|
|
uses: svenstaro/upload-release-action@2.2.1
|
|
|
|
with:
|
|
|
|
repo_token: ${{ secrets.GITHUB_TOKEN }}
|
|
|
|
tag: "v${{ env.PL_VENDOR_VERSION }}"
|
|
|
|
file: packages/tauri/src-tauri/target/release/bundle/appimage/sha256sum-appimage.txt
|
|
|
|
asset_name: sha256sum-tauri-appimage.txt
|
|
|
|
prerelease: true
|
|
|
|
- name: Generate checksum (deb)
|
|
|
|
if: matrix.platform == 'ubuntu-latest'
|
|
|
|
run: |
|
|
|
|
cd packages/tauri/src-tauri/target/release/bundle/deb
|
|
|
|
sha256sum *.deb > sha256sum-deb.txt
|
|
|
|
- name: Upload checksum (deb)
|
|
|
|
if: matrix.platform == 'ubuntu-latest'
|
|
|
|
uses: svenstaro/upload-release-action@2.2.1
|
|
|
|
with:
|
|
|
|
repo_token: ${{ secrets.GITHUB_TOKEN }}
|
|
|
|
tag: "v${{ env.PL_VENDOR_VERSION }}"
|
|
|
|
file: packages/tauri/src-tauri/target/release/bundle/deb/sha256sum-deb.txt
|
|
|
|
asset_name: sha256sum-tauri-deb.txt
|
|
|
|
prerelease: true
|
|
|
|
- name: Generate checksum (dmg)
|
|
|
|
if: matrix.platform == 'macos-latest'
|
|
|
|
run: |
|
|
|
|
cd packages/tauri/src-tauri/target/release/bundle/dmg
|
|
|
|
sha256sum *.dmg > sha256sum-dmg.txt
|
|
|
|
- name: Upload checksum (dmg)
|
|
|
|
if: matrix.platform == 'macos-latest'
|
|
|
|
uses: svenstaro/upload-release-action@2.2.1
|
|
|
|
with:
|
|
|
|
repo_token: ${{ secrets.GITHUB_TOKEN }}
|
|
|
|
tag: "v${{ env.PL_VENDOR_VERSION }}"
|
|
|
|
file: packages/tauri/src-tauri/target/release/bundle/dmg/sha256sum-dmg.txt
|
|
|
|
asset_name: sha256sum-tauri-dmg.txt
|
|
|
|
prerelease: true
|
|
|
|
- name: Generate checksum (msi)
|
|
|
|
if: matrix.platform == 'windows-latest'
|
|
|
|
run: |
|
|
|
|
cd packages/tauri/src-tauri/target/release/bundle/msi
|
|
|
|
sha256sum *.msi > sha256sum-msi.txt
|
|
|
|
- name: Upload checksum (msi)
|
|
|
|
if: matrix.platform == 'windows-latest'
|
|
|
|
uses: svenstaro/upload-release-action@2.2.1
|
|
|
|
with:
|
|
|
|
repo_token: ${{ secrets.GITHUB_TOKEN }}
|
|
|
|
tag: "v${{ env.PL_VENDOR_VERSION }}"
|
|
|
|
file: packages/tauri/src-tauri/target/release/bundle/msi/sha256sum-msi.txt
|
|
|
|
asset_name: sha256sum-tauri-msi.txt
|
|
|
|
prerelease: true
|
2022-01-17 17:32:21 +00:00
|
|
|
|
|
|
|
release_electron:
|
|
|
|
name: "Release Electron apps"
|
|
|
|
environment: ${{ github.event.inputs.environment || 'Beta' }}
|
|
|
|
needs: create_release_tag
|
|
|
|
env:
|
|
|
|
RELEASE_ID: ${{ needs.create_release_tag.outputs.release_id }}
|
|
|
|
PL_VENDOR_VERSION: ${{ github.event.inputs.vendor_version || '0.0.1' }}
|
|
|
|
|
|
|
|
strategy:
|
|
|
|
fail-fast: false
|
|
|
|
matrix:
|
|
|
|
platform: [macos-latest, ubuntu-latest, windows-latest]
|
|
|
|
|
|
|
|
runs-on: ${{ matrix.platform }}
|
|
|
|
steps:
|
|
|
|
- uses: actions/checkout@v2
|
|
|
|
- uses: actions/setup-node@v2
|
|
|
|
with:
|
|
|
|
node-version-file: ".nvmrc"
|
Checksums - Allow anyone to confirm source and delivered code (#467)
* Checksums - Allow anyone to confirm source and delivered code
For now this only has the initial step on making CSP stricter so we can use it to parse through used files.
Very much WIP for now, but now it should just be a matter of writing up concise docs on how to go through the process, after generating and publishing the checksums via CI as well.
Related to #331
* Lint!
* Add more instructions and CI to build checksums.
* Fix typo and lint
* Remove CSP package dependency, build it manually.
Update commands in docs, fix web extension release.
* Tweak docs and webpack. CI still isn't producing a matching checksum, though.
* Tweak docs for web checksums, add debugging in the checksum action, make it faster, temporarily.
* Fix web checksum, add checksums and instructions for everything else
Closes #467
* Fix tauri release + macos sha256sum
* Remove .app checksum, since it's a directory and checksum'ing the .tar.gz seems strange.
* Properly indent + fix sha256sum results (and windows line endings problem)
* Include PWA for release, add instructions to change filenames when checksum fails.
* Include _everything_ in the CSP now, and tweak the verification script and checksum build to also include everything, now.
Still requires changes in the way to verify a published web app, where I'll have to write a script to parse through the whole CSP now.
* Add TypeScript (Deno) script to parse through CSP and download matched files.
Also update docs.
* Tweak web checksum examples.
* Remove content hashes from font files.
* Try sorting files before adding to CSP, to enforce consistency.
2022-06-20 06:34:45 +00:00
|
|
|
- name: Install coreutils
|
|
|
|
if: matrix.platform == 'macos-latest'
|
|
|
|
run: |
|
|
|
|
brew install coreutils
|
2022-01-17 17:32:21 +00:00
|
|
|
- name: Install dependencies
|
|
|
|
run: |
|
|
|
|
npm i -g npm@8.2.0
|
|
|
|
npm ci
|
|
|
|
- name: Build
|
|
|
|
run: |
|
|
|
|
npm run electron:build
|
|
|
|
env:
|
|
|
|
PL_PWA_URL: ${{ secrets.PL_PWA_URL }}
|
|
|
|
CSC_LINK: ${{ secrets.PL_MACOS_SIGNING_CERT_BASE64 }}
|
|
|
|
CSC_KEY_PASSWORD: ${{ secrets.PL_MACOS_SIGNING_CERT_PASSWORD }}
|
|
|
|
PL_MACOS_NOTARIZE_APPLE_ID: ${{ secrets.PL_MACOS_NOTARIZE_APPLE_ID }}
|
|
|
|
PL_MACOS_NOTARIZE_PASSWORD: ${{ secrets.PL_MACOS_NOTARIZE_PASSWORD }}
|
|
|
|
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
|
|
|
|
EP_PRE_RELEASE: true
|
Checksums - Allow anyone to confirm source and delivered code (#467)
* Checksums - Allow anyone to confirm source and delivered code
For now this only has the initial step on making CSP stricter so we can use it to parse through used files.
Very much WIP for now, but now it should just be a matter of writing up concise docs on how to go through the process, after generating and publishing the checksums via CI as well.
Related to #331
* Lint!
* Add more instructions and CI to build checksums.
* Fix typo and lint
* Remove CSP package dependency, build it manually.
Update commands in docs, fix web extension release.
* Tweak docs and webpack. CI still isn't producing a matching checksum, though.
* Tweak docs for web checksums, add debugging in the checksum action, make it faster, temporarily.
* Fix web checksum, add checksums and instructions for everything else
Closes #467
* Fix tauri release + macos sha256sum
* Remove .app checksum, since it's a directory and checksum'ing the .tar.gz seems strange.
* Properly indent + fix sha256sum results (and windows line endings problem)
* Include PWA for release, add instructions to change filenames when checksum fails.
* Include _everything_ in the CSP now, and tweak the verification script and checksum build to also include everything, now.
Still requires changes in the way to verify a published web app, where I'll have to write a script to parse through the whole CSP now.
* Add TypeScript (Deno) script to parse through CSP and download matched files.
Also update docs.
* Tweak web checksum examples.
* Remove content hashes from font files.
* Try sorting files before adding to CSP, to enforce consistency.
2022-06-20 06:34:45 +00:00
|
|
|
- name: Generate checksum (AppImage)
|
|
|
|
if: matrix.platform == 'ubuntu-latest'
|
|
|
|
run: |
|
|
|
|
cd packages/electron/dist
|
|
|
|
sha256sum *.AppImage > sha256sum-appimage.txt
|
|
|
|
- name: Upload checksum (AppImage)
|
|
|
|
if: matrix.platform == 'ubuntu-latest'
|
|
|
|
uses: svenstaro/upload-release-action@2.2.1
|
|
|
|
with:
|
|
|
|
repo_token: ${{ secrets.GITHUB_TOKEN }}
|
|
|
|
tag: "v${{ env.PL_VENDOR_VERSION }}"
|
|
|
|
file: packages/electron/dist/sha256sum-appimage.txt
|
|
|
|
asset_name: sha256sum-electron-appimage.txt
|
|
|
|
prerelease: true
|
|
|
|
- name: Generate checksum (dmg)
|
|
|
|
if: matrix.platform == 'macos-latest'
|
|
|
|
run: |
|
|
|
|
cd packages/electron/dist
|
|
|
|
sha256sum *.dmg > sha256sum-dmg.txt
|
|
|
|
- name: Upload checksum (dmg)
|
|
|
|
if: matrix.platform == 'macos-latest'
|
|
|
|
uses: svenstaro/upload-release-action@2.2.1
|
|
|
|
with:
|
|
|
|
repo_token: ${{ secrets.GITHUB_TOKEN }}
|
|
|
|
tag: "v${{ env.PL_VENDOR_VERSION }}"
|
|
|
|
file: packages/electron/dist/sha256sum-dmg.txt
|
|
|
|
asset_name: sha256sum-electron-dmg.txt
|
|
|
|
prerelease: true
|
|
|
|
- name: Generate checksum (exe)
|
|
|
|
if: matrix.platform == 'windows-latest'
|
|
|
|
run: |
|
|
|
|
cd packages/electron/dist
|
|
|
|
sha256sum *.exe > sha256sum-exe.txt
|
|
|
|
- name: Upload checksum (exe)
|
|
|
|
if: matrix.platform == 'windows-latest'
|
|
|
|
uses: svenstaro/upload-release-action@2.2.1
|
|
|
|
with:
|
|
|
|
repo_token: ${{ secrets.GITHUB_TOKEN }}
|
|
|
|
tag: "v${{ env.PL_VENDOR_VERSION }}"
|
|
|
|
file: packages/electron/dist/sha256sum-exe.txt
|
|
|
|
asset_name: sha256sum-electron-exe.txt
|
|
|
|
prerelease: true
|
2022-01-17 17:32:21 +00:00
|
|
|
|
|
|
|
release_cordova:
|
|
|
|
name: "Release Cordova apps"
|
|
|
|
environment: ${{ github.event.inputs.environment || 'Beta' }}
|
|
|
|
needs: create_release_tag
|
|
|
|
env:
|
|
|
|
RELEASE_BUILD: ${{ github.event.inputs.build || '0' }}
|
|
|
|
RELEASE_ID: ${{ needs.create_release_tag.outputs.release_id }}
|
|
|
|
PL_VENDOR_VERSION: ${{ github.event.inputs.vendor_version || '0.0.1' }}
|
|
|
|
PL_SERVER_URL: ${{ secrets.PL_SERVER_URL }}
|
|
|
|
|
|
|
|
strategy:
|
|
|
|
fail-fast: false
|
|
|
|
matrix:
|
|
|
|
platform: [macos-latest, ubuntu-latest]
|
|
|
|
|
|
|
|
runs-on: ${{ matrix.platform }}
|
|
|
|
steps:
|
|
|
|
- uses: actions/checkout@v2
|
|
|
|
- uses: actions/setup-java@v1
|
|
|
|
if: matrix.platform == 'ubuntu-latest'
|
|
|
|
with:
|
|
|
|
java-version: 1.8
|
|
|
|
- uses: sdkman/sdkman-action@master
|
|
|
|
if: matrix.platform == 'ubuntu-latest'
|
|
|
|
with:
|
|
|
|
candidate: gradle
|
|
|
|
version: 7.2
|
|
|
|
- uses: android-actions/setup-android@v2
|
|
|
|
if: matrix.platform == 'ubuntu-latest'
|
|
|
|
- uses: actions/setup-node@v2
|
|
|
|
with:
|
|
|
|
node-version-file: ".nvmrc"
|
Checksums - Allow anyone to confirm source and delivered code (#467)
* Checksums - Allow anyone to confirm source and delivered code
For now this only has the initial step on making CSP stricter so we can use it to parse through used files.
Very much WIP for now, but now it should just be a matter of writing up concise docs on how to go through the process, after generating and publishing the checksums via CI as well.
Related to #331
* Lint!
* Add more instructions and CI to build checksums.
* Fix typo and lint
* Remove CSP package dependency, build it manually.
Update commands in docs, fix web extension release.
* Tweak docs and webpack. CI still isn't producing a matching checksum, though.
* Tweak docs for web checksums, add debugging in the checksum action, make it faster, temporarily.
* Fix web checksum, add checksums and instructions for everything else
Closes #467
* Fix tauri release + macos sha256sum
* Remove .app checksum, since it's a directory and checksum'ing the .tar.gz seems strange.
* Properly indent + fix sha256sum results (and windows line endings problem)
* Include PWA for release, add instructions to change filenames when checksum fails.
* Include _everything_ in the CSP now, and tweak the verification script and checksum build to also include everything, now.
Still requires changes in the way to verify a published web app, where I'll have to write a script to parse through the whole CSP now.
* Add TypeScript (Deno) script to parse through CSP and download matched files.
Also update docs.
* Tweak web checksum examples.
* Remove content hashes from font files.
* Try sorting files before adding to CSP, to enforce consistency.
2022-06-20 06:34:45 +00:00
|
|
|
- name: Install coreutils
|
|
|
|
if: matrix.platform == 'macos-latest'
|
|
|
|
run: |
|
|
|
|
brew install coreutils
|
2022-01-17 17:32:21 +00:00
|
|
|
- name: Install dependencies
|
|
|
|
run: |
|
|
|
|
npm i -g npm@8.2.0
|
|
|
|
npm ci
|
|
|
|
- name: Create android-upload-key.keystore
|
|
|
|
if: matrix.platform == 'ubuntu-latest'
|
|
|
|
run: |
|
|
|
|
cd packages/cordova
|
|
|
|
echo '${{ secrets.PL_ANDROID_UPLOAD_KEY_BASE64}}' > android-upload-key.keystore.txt
|
|
|
|
base64 -d android-upload-key.keystore.txt > android-upload-key.keystore
|
|
|
|
rm -f android-upload-key.keystore.txt
|
|
|
|
- name: Build Android
|
|
|
|
if: matrix.platform == 'ubuntu-latest'
|
|
|
|
run: |
|
|
|
|
cd packages/cordova
|
|
|
|
npm run prepare-build
|
|
|
|
./node_modules/.bin/cordova build android --release -- --packageType=apk --keystore=./android-upload-key.keystore --storePassword='${{ secrets.PL_ANDROID_STORE_PASSWORD }}' --alias=${{ secrets.PL_ANDROID_KEYSTORE_ALIAS }} --password='${{ secrets.PL_ANDROID_STORE_PASSWORD }}'
|
|
|
|
- name: Install the Apple certificate and provisioning profile
|
|
|
|
if: matrix.platform == 'macos-latest'
|
|
|
|
env:
|
|
|
|
PL_IOS_DISTRIBUTION_CERT_BASE64: ${{ secrets.PL_IOS_DISTRIBUTION_CERT_BASE64 }}
|
|
|
|
PL_IOS_DEVELOPMENT_CERT_BASE64: ${{ secrets.PL_IOS_DEVELOPMENT_CERT_BASE64 }}
|
|
|
|
PL_IOS_DISTRIBUTION_CERT_PASSWORD: ${{ secrets.PL_IOS_DISTRIBUTION_CERT_PASSWORD }}
|
|
|
|
PL_IOS_PROVISION_PROFILE_BASE64: ${{ secrets.PL_IOS_PROVISION_PROFILE_BASE64 }}
|
|
|
|
PL_IOS_DEV_PROVISION_PROFILE_BASE64: ${{ secrets.PL_IOS_DEV_PROVISION_PROFILE_BASE64 }}
|
|
|
|
PL_IOS_KEYCHAIN_PASSWORD: "new-password-does-not-matter"
|
|
|
|
run: |
|
|
|
|
# create variables
|
|
|
|
DIST_CERT_PATH=$RUNNER_TEMP/distribution_certificate.p12
|
|
|
|
DEV_CERT_PATH=$RUNNER_TEMP/development_certificate.p12
|
|
|
|
DIST_PP_PATH=$RUNNER_TEMP/dist_pp.mobileprovision
|
|
|
|
DEV_PP_PATH=$RUNNER_TEMP/dev_pp.mobileprovision
|
|
|
|
KEYCHAIN_PATH=$RUNNER_TEMP/app-signing.keychain-db
|
|
|
|
|
|
|
|
# import certificate and provisioning profile from secrets
|
|
|
|
echo -n "$PL_IOS_DISTRIBUTION_CERT_BASE64" | base64 --decode --output $DIST_CERT_PATH
|
|
|
|
echo -n "$PL_IOS_DEVELOPMENT_CERT_BASE64" | base64 --decode --output $DEV_CERT_PATH
|
|
|
|
echo -n "$PL_IOS_PROVISION_PROFILE_BASE64" | base64 --decode --output $DIST_PP_PATH
|
|
|
|
echo -n "$PL_IOS_DEV_PROVISION_PROFILE_BASE64" | base64 --decode --output $DEV_PP_PATH
|
|
|
|
|
|
|
|
# create temporary keychain
|
|
|
|
security create-keychain -p "$PL_IOS_KEYCHAIN_PASSWORD" $KEYCHAIN_PATH
|
|
|
|
security set-keychain-settings -lut 21600 $KEYCHAIN_PATH
|
|
|
|
security unlock-keychain -p "$PL_IOS_KEYCHAIN_PASSWORD" $KEYCHAIN_PATH
|
|
|
|
|
|
|
|
# import certificate to keychain
|
|
|
|
security import $DIST_CERT_PATH -P "$PL_IOS_DISTRIBUTION_CERT_PASSWORD" -A -t cert -f pkcs12 -k $KEYCHAIN_PATH
|
|
|
|
security import $DEV_CERT_PATH -P "$PL_IOS_DISTRIBUTION_CERT_PASSWORD" -A -t cert -f pkcs12 -k $KEYCHAIN_PATH
|
|
|
|
security list-keychain -d user -s $KEYCHAIN_PATH
|
|
|
|
security set-key-partition-list -S apple-tool:,apple: -s -k "$PL_IOS_KEYCHAIN_PASSWORD" $KEYCHAIN_PATH
|
|
|
|
|
|
|
|
# apply provisioning profile
|
|
|
|
mkdir -p ~/Library/MobileDevice/Provisioning\ Profiles
|
|
|
|
cp $DIST_PP_PATH ~/Library/MobileDevice/Provisioning\ Profiles
|
|
|
|
cp $DEV_PP_PATH ~/Library/MobileDevice/Provisioning\ Profiles
|
|
|
|
- name: Setup Xcode
|
|
|
|
uses: maxim-lobanov/setup-xcode@v1
|
|
|
|
if: matrix.platform == 'macos-latest'
|
|
|
|
with:
|
|
|
|
xcode-version: "13.2.1"
|
|
|
|
- name: Build iOS
|
|
|
|
if: matrix.platform == 'macos-latest'
|
|
|
|
run: |
|
|
|
|
cd packages/cordova
|
|
|
|
npm run prepare-build
|
|
|
|
npm run patch-ios
|
|
|
|
./node_modules/.bin/cordova build ios --release --device --packageType=app-store --codeSignIdentity="${{ secrets.PL_IOS_CODE_SIGN_IDENTITY }}" --developmentTeam="${{ secrets.PL_IOS_DEVELOPMENT_TEAM }}"
|
|
|
|
- name: Upload Signed APK
|
|
|
|
if: matrix.platform == 'ubuntu-latest'
|
|
|
|
uses: svenstaro/upload-release-action@2.2.1
|
|
|
|
with:
|
|
|
|
repo_token: ${{ secrets.GITHUB_TOKEN }}
|
|
|
|
tag: "v${{ env.PL_VENDOR_VERSION }}"
|
|
|
|
file: packages/cordova/platforms/android/app/build/outputs/apk/release/app-release.apk
|
|
|
|
asset_name: padloc-${{ env.PL_VENDOR_VERSION }}.apk
|
|
|
|
prerelease: true
|
|
|
|
- name: Upload Signed IPA
|
|
|
|
if: matrix.platform == 'macos-latest'
|
|
|
|
uses: svenstaro/upload-release-action@2.2.1
|
|
|
|
with:
|
|
|
|
repo_token: ${{ secrets.GITHUB_TOKEN }}
|
|
|
|
tag: "v${{ env.PL_VENDOR_VERSION }}"
|
|
|
|
file: packages/cordova/platforms/ios/build/device/Padloc.ipa
|
|
|
|
asset_name: padloc-${{ env.PL_VENDOR_VERSION }}.ipa
|
|
|
|
prerelease: true
|
Checksums - Allow anyone to confirm source and delivered code (#467)
* Checksums - Allow anyone to confirm source and delivered code
For now this only has the initial step on making CSP stricter so we can use it to parse through used files.
Very much WIP for now, but now it should just be a matter of writing up concise docs on how to go through the process, after generating and publishing the checksums via CI as well.
Related to #331
* Lint!
* Add more instructions and CI to build checksums.
* Fix typo and lint
* Remove CSP package dependency, build it manually.
Update commands in docs, fix web extension release.
* Tweak docs and webpack. CI still isn't producing a matching checksum, though.
* Tweak docs for web checksums, add debugging in the checksum action, make it faster, temporarily.
* Fix web checksum, add checksums and instructions for everything else
Closes #467
* Fix tauri release + macos sha256sum
* Remove .app checksum, since it's a directory and checksum'ing the .tar.gz seems strange.
* Properly indent + fix sha256sum results (and windows line endings problem)
* Include PWA for release, add instructions to change filenames when checksum fails.
* Include _everything_ in the CSP now, and tweak the verification script and checksum build to also include everything, now.
Still requires changes in the way to verify a published web app, where I'll have to write a script to parse through the whole CSP now.
* Add TypeScript (Deno) script to parse through CSP and download matched files.
Also update docs.
* Tweak web checksum examples.
* Remove content hashes from font files.
* Try sorting files before adding to CSP, to enforce consistency.
2022-06-20 06:34:45 +00:00
|
|
|
- name: Generate checksum (apk)
|
|
|
|
if: matrix.platform == 'ubuntu-latest'
|
|
|
|
run: |
|
|
|
|
cd packages/cordova/platforms/android/app/build/outputs/apk/release
|
|
|
|
sha256sum app-release.apk > sha256sum-apk.txt
|
|
|
|
- name: Upload checksum (apk)
|
|
|
|
if: matrix.platform == 'ubuntu-latest'
|
|
|
|
uses: svenstaro/upload-release-action@2.2.1
|
|
|
|
with:
|
|
|
|
repo_token: ${{ secrets.GITHUB_TOKEN }}
|
|
|
|
tag: "v${{ env.PL_VENDOR_VERSION }}"
|
|
|
|
file: packages/cordova/platforms/android/app/build/outputs/apk/release/sha256sum-apk.txt
|
|
|
|
asset_name: sha256sum-apk.txt
|
|
|
|
prerelease: true
|
|
|
|
- name: Generate checksum (ipa)
|
|
|
|
if: matrix.platform == 'macos-latest'
|
|
|
|
run: |
|
|
|
|
cd packages/cordova/platforms/ios/build/device
|
|
|
|
sha256sum Padloc.ipa > sha256sum-ipa.txt
|
|
|
|
- name: Upload checksum (ipa)
|
|
|
|
if: matrix.platform == 'macos-latest'
|
|
|
|
uses: svenstaro/upload-release-action@2.2.1
|
|
|
|
with:
|
|
|
|
repo_token: ${{ secrets.GITHUB_TOKEN }}
|
|
|
|
tag: "v${{ env.PL_VENDOR_VERSION }}"
|
|
|
|
file: packages/cordova/platforms/ios/build/device/sha256sum-ipa.txt
|
|
|
|
asset_name: sha256sum-ipa.txt
|
|
|
|
prerelease: true
|
2022-01-17 17:32:21 +00:00
|
|
|
- name: Delete android-upload-key.keystore
|
|
|
|
if: matrix.platform == 'ubuntu-latest' && always()
|
|
|
|
run: rm -f ./packages/cordova/android-upload-key.keystore
|
|
|
|
- name: Clean up keychain and provisioning profile
|
|
|
|
if: matrix.platform == 'macos-latest' && always()
|
|
|
|
run: |
|
|
|
|
security delete-keychain $RUNNER_TEMP/app-signing.keychain-db
|
|
|
|
rm -f ~/Library/MobileDevice/Provisioning\ Profiles/build_pp.mobileprovision
|
Checksums - Allow anyone to confirm source and delivered code (#467)
* Checksums - Allow anyone to confirm source and delivered code
For now this only has the initial step on making CSP stricter so we can use it to parse through used files.
Very much WIP for now, but now it should just be a matter of writing up concise docs on how to go through the process, after generating and publishing the checksums via CI as well.
Related to #331
* Lint!
* Add more instructions and CI to build checksums.
* Fix typo and lint
* Remove CSP package dependency, build it manually.
Update commands in docs, fix web extension release.
* Tweak docs and webpack. CI still isn't producing a matching checksum, though.
* Tweak docs for web checksums, add debugging in the checksum action, make it faster, temporarily.
* Fix web checksum, add checksums and instructions for everything else
Closes #467
* Fix tauri release + macos sha256sum
* Remove .app checksum, since it's a directory and checksum'ing the .tar.gz seems strange.
* Properly indent + fix sha256sum results (and windows line endings problem)
* Include PWA for release, add instructions to change filenames when checksum fails.
* Include _everything_ in the CSP now, and tweak the verification script and checksum build to also include everything, now.
Still requires changes in the way to verify a published web app, where I'll have to write a script to parse through the whole CSP now.
* Add TypeScript (Deno) script to parse through CSP and download matched files.
Also update docs.
* Tweak web checksum examples.
* Remove content hashes from font files.
* Try sorting files before adding to CSP, to enforce consistency.
2022-06-20 06:34:45 +00:00
|
|
|
|
|
|
|
release_web_checksums:
|
|
|
|
name: "Release web checksums"
|
|
|
|
environment: ${{ github.event.inputs.environment || 'Beta' }}
|
|
|
|
needs: create_release_tag
|
|
|
|
env:
|
|
|
|
RELEASE_ID: ${{ needs.create_release_tag.outputs.release_id }}
|
|
|
|
PL_VENDOR_VERSION: ${{ github.event.inputs.vendor_version || '0.0.1' }}
|
|
|
|
|
|
|
|
runs-on: ubuntu-latest
|
|
|
|
steps:
|
|
|
|
- uses: actions/checkout@v2
|
|
|
|
- uses: actions/setup-node@v2
|
|
|
|
with:
|
|
|
|
node-version-file: ".nvmrc"
|
|
|
|
- name: Install dependencies
|
|
|
|
run: |
|
|
|
|
npm i -g npm@8.2.0
|
|
|
|
npm ci
|
|
|
|
- name: Build
|
|
|
|
run: |
|
|
|
|
npm run pwa:build
|
|
|
|
env:
|
|
|
|
PL_PWA_URL: ${{ secrets.PL_PWA_URL }}
|
|
|
|
PL_SERVER_URL: ${{ secrets.PL_SERVER_URL }}
|
|
|
|
- name: Generate pwa.tar.gz
|
|
|
|
run: |
|
|
|
|
cd packages/pwa/dist
|
|
|
|
tar -czf ../pwa.tar.gz *
|
|
|
|
- name: Upload pwa.tar.gz
|
|
|
|
uses: svenstaro/upload-release-action@2.2.1
|
|
|
|
with:
|
|
|
|
repo_token: ${{ secrets.GITHUB_TOKEN }}
|
|
|
|
tag: "v${{ env.PL_VENDOR_VERSION }}"
|
|
|
|
file: packages/pwa/pwa.tar.gz
|
|
|
|
asset_name: padloc-pwa-${{ env.PL_VENDOR_VERSION }}.${{ env.RELEASE_BUILD }}.tar.gz
|
|
|
|
prerelease: true
|
|
|
|
- name: Generate checksums
|
|
|
|
run: |
|
|
|
|
cd packages/pwa/dist
|
|
|
|
find . -type f ! -name "sha256sums-web.txt" -exec sha256sum {} > sha256sums-web.txt \;
|
|
|
|
- name: Upload checksums
|
|
|
|
uses: svenstaro/upload-release-action@2.2.1
|
|
|
|
with:
|
|
|
|
repo_token: ${{ secrets.GITHUB_TOKEN }}
|
|
|
|
tag: "v${{ env.PL_VENDOR_VERSION }}"
|
|
|
|
file: packages/pwa/dist/sha256sums-web.txt
|
|
|
|
asset_name: sha256sums-web.txt
|
|
|
|
prerelease: true
|
|
|
|
- name: Upload CSP parser
|
|
|
|
uses: svenstaro/upload-release-action@2.2.1
|
|
|
|
with:
|
|
|
|
repo_token: ${{ secrets.GITHUB_TOKEN }}
|
|
|
|
tag: "v${{ env.PL_VENDOR_VERSION }}"
|
|
|
|
file: docs/checksums/web/parse-csp.ts
|
|
|
|
asset_name: parse-csp.ts
|
|
|
|
prerelease: true
|