backend.ai-webui/.github/workflows/package.yml at 1f7ab53cd619802b43b3c80b230a7fbef759df0f · lablup/backend.ai-webui · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
# Build and release workflow for Backend.AI Desktop and WebUI bundle.
#
# Architecture: 3 parallel jobs after a shared web build step.
#
#   build_web (ubuntu) ──┬──> build_mac (macos)    → DMG x64/arm64 + local proxy
#                        ├──> build_desktop (ubuntu) → Win/Linux ZIP x64/arm64 + local proxy
#                        └──> upload web bundle
#
# Key optimizations over the previous single-job approach:
#   1. Parallel jobs: macOS + win/linux builds run concurrently (~10 min saved)
#   2. No double React build: publicPath patching replaces full rebuild (~5 min saved)
#   3. Parallel local proxy compilation within each job (~3 min saved)
#   4. Optimized ZIP compression level (-6 vs -9, marginal size diff, ~1 min saved)

name: Build and Release Packages
on:
  release:
    types: [published]
  workflow_dispatch:
    inputs:
      dry_run:
        description: 'Skip release asset upload (for testing the build pipeline)'
        type: boolean
        default: true

env:
  NODE_OPTIONS: --max-old-space-size=4096

jobs:
  # ──────────────────────────────────────────────────────────────────────
  # Job 1: Build web assets and create the web bundle (ubuntu, ~8 min)
  # ──────────────────────────────────────────────────────────────────────
  build_web:
    permissions:
      contents: write
    runs-on: ubuntu-latest
    steps:
      - name: Check out Git repository
        uses: actions/checkout@v4

      - uses: pnpm/action-setup@v4
        name: Install pnpm
        with:
          version: latest
          run_install: false

      - name: Install Node.js
        uses: actions/setup-node@v4
        with:
          node-version-file: '.nvmrc'
          cache: 'pnpm'

      - name: Install Dependencies
        run: pnpm install --no-frozen-lockfile

      - name: Build web assets
        run: make dep_web

      - name: Create web bundle
        run: make bundle

      - name: Upload release bundle
        if: inputs.dry_run != true
        run: node upload-release.js app
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

      # Share build artifacts with downstream desktop jobs
      - name: Upload build artifacts
        uses: actions/upload-artifact@v4
        with:
          name: web-build
          path: |
            build/web/
            src/wsproxy/dist/
          retention-days: 1
          compression-level: 3

  # ──────────────────────────────────────────────────────────────────────
  # Job 2: Build macOS desktop apps — requires macOS for code signing,
  #         notarization, and DMG creation (~10 min)
  # ──────────────────────────────────────────────────────────────────────
  build_mac:
    needs: build_web
    permissions:
      contents: write
    runs-on: macos-latest
    # Use the protected `app-packaging` environment for real releases (which
    # gates access to signing secrets). Dry runs use a separate unprotected
    # name because GitHub Actions rejects an empty environment value.
    environment: ${{ inputs.dry_run != true && 'app-packaging' || 'app-packaging-dryrun' }}
    steps:
      - name: Check out Git repository
        uses: actions/checkout@v4

      - uses: pnpm/action-setup@v4
        name: Install pnpm
        with:
          version: latest
          run_install: false

      - name: Install Node.js
        uses: actions/setup-node@v4
        with:
          node-version-file: '.nvmrc'
          cache: 'pnpm'

      - name: Install Dependencies
        run: pnpm install --no-frozen-lockfile

      - name: Download web build artifacts
        uses: actions/download-artifact@v4
        with:
          name: web-build

      - name: Prepare Electron app
        run: make dep_electron

      - name: Compile local proxies (parallel)
        run: |
          make compile_localproxy os=macos arch=x64 local_proxy_postfix= &
          make compile_localproxy os=macos arch=arm64 local_proxy_postfix= &
          wait

      - name: Package macOS Desktop Apps (signed)
        if: inputs.dry_run != true
        run: |
          make mac_x64
          make mac_arm64
        env:
          BAI_APP_SIGN: 1
          BAI_APP_SIGN_APPLE_TEAM_ID: ${{ secrets.BAI_APP_SIGN_APPLE_TEAM_ID }}
          BAI_APP_SIGN_APPLE_ID: ${{ secrets.BAI_APP_SIGN_APPLE_ID }}
          BAI_APP_SIGN_APPLE_ID_PASSWORD: ${{ secrets.BAI_APP_SIGN_APPLE_ID_PASSWORD }}
          BAI_APP_SIGN_IDENTITY: ${{ secrets.BAI_APP_SIGN_IDENTITY }}
          BAI_APP_SIGN_KEYCHAIN_B64: ${{ secrets.BAI_APP_SIGN_KEYCHAIN_B64 }}
          BAI_APP_SIGN_KEYCHAIN_PASSWORD: ${{ secrets.BAI_APP_SIGN_KEYCHAIN_PASSWORD }}

      - name: Package macOS Desktop Apps (unsigned, dry run)
        if: inputs.dry_run == true
        run: |
          make mac_x64
          make mac_arm64

      - name: Upload macOS release assets
        if: inputs.dry_run != true
        run: node upload-release.js app
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

  # ──────────────────────────────────────────────────────────────────────
  # Job 3: Build Windows + Linux desktop apps (ubuntu, ~8 min)
  #         No code signing needed — can run on cheaper/faster ubuntu runners.
  # ──────────────────────────────────────────────────────────────────────
  build_desktop:
    needs: build_web
    permissions:
      contents: write
    runs-on: ubuntu-latest
    steps:
      - name: Check out Git repository
        uses: actions/checkout@v4

      - uses: pnpm/action-setup@v4
        name: Install pnpm
        with:
          version: latest
          run_install: false

      - name: Install Node.js
        uses: actions/setup-node@v4
        with:
          node-version-file: '.nvmrc'
          cache: 'pnpm'

      - name: Install Dependencies
        run: pnpm install --no-frozen-lockfile

      - name: Download web build artifacts
        uses: actions/download-artifact@v4
        with:
          name: web-build

      - name: Prepare Electron app
        run: make dep_electron

      - name: Compile local proxies (parallel)
        run: |
          make compile_localproxy os=win arch=x64 local_proxy_postfix=.exe &
          make compile_localproxy os=win arch=arm64 local_proxy_postfix=.exe &
          make compile_localproxy os=linux arch=x64 local_proxy_postfix= &
          make compile_localproxy os=linux arch=arm64 local_proxy_postfix= &
          wait

      - name: Package Windows & Linux Desktop Apps
        run: |
          make win_x64
          make win_arm64
          make linux_x64
          make linux_arm64

      - name: Upload release assets
        if: inputs.dry_run != true
        run: node upload-release.js app
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}