k6-studio/.github/workflows/release.yml at 0d040dfbb08c3be280d58362220f10a51e0d3442 · grafana/k6-studio · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
name: 'Manual Release'

on:
  workflow_dispatch:

permissions: {}

jobs:
  publish-studio:
    permissions:
      contents: write
      id-token: write
    strategy:
      fail-fast: false
      matrix:
        platform: [macos-latest, macos-13, windows-latest, ubuntu-latest]

    runs-on: ${{ matrix.platform }}
    steps:
      - id: get-secrets
        uses: grafana/shared-workflows/actions/get-vault-secrets@get-vault-secrets-v1.2.0
        with:
          repo_secrets: |
            APPLE_CERTIFICATE_P12=apple-certificates:APPLE_CERTIFICATE_P12
            CERTIFICATE_PASSWORD=apple-certificates:APPLE_CERTIFICATE_P12_PASSWORD
            APPLE_API_KEY_ID=apple-certificates:APPLE_API_KEY_ID
            APPLE_API_ISSUER=apple-certificates:APPLE_API_ISSUER
            APPLE_API_KEY=apple-certificates:APPLE_API_KEY
            WINDOWS_CERTIFICATE=windows-certificates:WINDOWS_CERTIFICATE
            WINDOWS_CERTIFICATE_PASSWORD=windows-certificates:WINDOWS_CERTIFICATE_PASSWORD
            SENTRY_DSN=sentry:SENTRY_DSN
            SENTRY_AUTH_TOKEN=sentry:SENTRY_AUTH_TOKEN
      - uses: actions/checkout@v4
        with:
          persist-credentials: false

      - name: setup node
        uses: actions/setup-node@v4
        with:
          node-version: 22

      # try earlier python version for appdmg
      # https://github.com/electron/forge/issues/3371#issuecomment-2105195302
      - name: Install Python 3.11.4
        uses: actions/setup-python@v4
        with:
          python-version: '3.11.4'

      - name: install dependencies
        run: npm ci

      - name: setup macos keychain
        if: startsWith(matrix.platform, 'macos-')
        run: |
          echo "$APPLE_API_KEY" > ./apple_api_key.p8
          echo $APPLE_CERTIFICATE_P12 | base64 --decode > certificate.p12
          security create-keychain -p "$CERTIFICATE_PASSWORD" build.keychain
          security default-keychain -s build.keychain
          security unlock-keychain -p "$CERTIFICATE_PASSWORD" build.keychain
          security import certificate.p12 -k build.keychain -P "$CERTIFICATE_PASSWORD" -T /usr/bin/codesign
          security set-key-partition-list -S apple-tool:,apple:,codesign: -s -k "$CERTIFICATE_PASSWORD" build.keychain

      - name: setup windows certificate
        if: startsWith(matrix.platform, 'windows-')
        run: |
          $bytes = [Convert]::FromBase64String("$env:WINDOWS_CERTIFICATE")
          [IO.File]::WriteAllBytes("certificate.pfx", $bytes)

      - name: publish macOS arm64
        if: startsWith(matrix.platform, 'macos-latest')
        env:
          NODE_OPTIONS: '--max_old_space_size=8192'
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
          # apple notarization
          APPLE_API_KEY: ./apple_api_key.p8
          # sentry integration
          # sentry vite plugin integration during build
          SENTRY_ORG: ${{ vars.SENTRY_ORG }}
          SENTRY_PROJECT: ${{ vars.SENTRY_PROJECT }}
        run: |
          npm run publish

      - name: publish macOS x86_64
        if: startsWith(matrix.platform, 'macos-13')
        env:
          NODE_OPTIONS: '--max_old_space_size=8192'
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
          # apple notarization
          APPLE_API_KEY: ./apple_api_key.p8
          # sentry integration
          # sentry vite plugin integration during build
          SENTRY_ORG: ${{ vars.SENTRY_ORG }}
          SENTRY_PROJECT: ${{ vars.SENTRY_PROJECT }}
        run: |
          npm run publish -- --arch=x64

      - name: publish Windows
        if: startsWith(matrix.platform, 'windows-')
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
          # windows cert
          WINDOWS_CERTIFICATE_PATH: ./certificate.pfx
          # sentry integration
          # sentry vite plugin integration during build
          SENTRY_ORG: ${{ vars.SENTRY_ORG }}
          SENTRY_PROJECT: ${{ vars.SENTRY_PROJECT }}
        run: npm run publish

      - name: publish Linux
        if: startsWith(matrix.platform, 'ubuntu-')
        env:
          NODE_OPTIONS: '--max_old_space_size=8192'
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
          # sentry integration
          # sentry vite plugin integration during build
          SENTRY_ORG: ${{ vars.SENTRY_ORG }}
          SENTRY_PROJECT: ${{ vars.SENTRY_PROJECT }}
        run: |
          sudo apt install -y rpm

          # There is a bug on Ubuntu 22.04 (ubuntu-latest) regarding stripping a binary for a different architecture.
          # https://github.com/electron/forge/issues/3102
          # https://github.com/electron/forge/issues/3701
          echo "%__strip /bin/true" >> ~/.rpmmacros

          npm run publish
          npm run publish -- --arch=arm64

      - name: cleanup macos certificates
        if: startsWith(matrix.platform, 'macos-')
        run: |
          rm apple_api_key.p8
          rm certificate.p12

      - name: cleanup windows certificates
        if: startsWith(matrix.platform, 'windows-')
        run: |
          del certificate.pfx