Build, Sign & Notarise macOS builds (#486)

2023-01-31 13:22:30 +00:00
parent 7f3bbc2156
commit e5117f9736
8 changed files with 390 additions and 9 deletions
--- a/.github/workflows/build_and_deploy.yaml
+++ b/.github/workflows/build_and_deploy.yaml
@@ -0,0 +1,77 @@
+name: Build and Deploy
+on:
+  # Nightly build
+  schedule:
+    - cron: '0 9 * * *'
+  # Manual nightly & release
+  workflow_dispatch:
+    inputs:
+      mode:
+        description: What type of build to trigger. Release builds should be ran from the `master` branch.
+        required: true
+        default: nightly
+        type: choice
+        options:
+          - nightly
+          - release
+      macos:
+        description: Whether to build macOS
+        required: true
+        type: boolean
+        default: true
+      deploy:
+        description: Whether to deploy artifacts
+        required: true
+        type: boolean
+        default: true
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+env:
+  # XXX: UPDATE THIS BEFORE WHEN GOING LIVE
+  R2_BUCKET: 'packages-element-io-test'
+jobs:
+  prepare:
+    uses: ./.github/workflows/build_prepare.yaml
+    with:
+      config: element.io/${{ inputs.mode || 'nightly' }}
+      version: ${{ inputs.mode == 'release' && '' || 'develop' }}
+      calculate-nightly-versions: ${{ inputs.mode != 'release' }}
+    secrets:
+      CF_R2_ACCESS_KEY_ID: ${{ secrets.CF_R2_ACCESS_KEY_ID }}
+      CF_R2_TOKEN: ${{ secrets.CF_R2_TOKEN }}
+      CF_R2_S3_API: ${{ secrets.CF_R2_S3_API }}
+
+  macos:
+    if: github.event_name != 'workflow_dispatch' || inputs.macos
+    needs: prepare
+    name: macOS
+    uses: ./.github/workflows/build_macos.yaml
+    secrets: inherit
+    with:
+      sign: true
+      deploy-mode: true
+      base-url: https://packages.element.io/${{ inputs.mode == 'release' && 'desktop' || 'nightly' }}
+      version: ${{ needs.prepare.outputs.macos-version }}
+
+  deploy:
+    needs:
+      - macos
+    runs-on: ubuntu-latest
+    name: Deploy
+    if: always() && (github.event != 'workflow_dispatch' || inputs.deploy)
+    environment: packages.element.io
+    steps:
+      - name: Download artifacts
+        uses: actions/download-artifact@v3
+        with:
+          name: packages.element.io
+          path: packages.element.io
+
+      - name: Deploy artifacts
+        run: aws s3 cp --recursive packages.element.io/ s3://$R2_BUCKET/$DEPLOYMENT_DIR --endpoint-url $R2_URL --region auto
+        env:
+          AWS_ACCESS_KEY_ID: ${{ secrets.CF_R2_ACCESS_KEY_ID }}
+          AWS_SECRET_ACCESS_KEY: ${{ secrets.CF_R2_TOKEN }}
+          R2_URL: ${{ secrets.CF_R2_S3_API }}
+          DEPLOYMENT_DIR: ${{ inputs.mode == 'release' && 'desktop' || 'nightly' }}