sentry/.github/workflows/test-release.yml at bfd6915a322dd8571efa2a798304fcd0f262485b · xai-foundation/sentry · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
name: Pull Request

on:
  pull_request:
    types: [review_requested]
    branches:
      - "*"

  pull_request_review:
    types: [submitted]
    branches:
        - '*'

jobs:
  # Matrix build jobs that depend on the dryrun job
  build:
    if: github.event_name == 'pull_request' || github.event.review.state == 'approved'
    strategy:
      matrix:
        os: [ubuntu-latest, macos-latest, windows-latest]
    runs-on: ${{ matrix.os }}
    env: # Pass the version as an environment variable to each matrix job
      VERSION: 1.0.0-pr-${{ github.event.pull_request.number }}

    steps:
      - name: Checkout code
        uses: actions/checkout@v4

      - uses: pnpm/action-setup@v4
        name: Install pnpm
        with:
          version: 9
          run_install: false

      - name: Set up Node.js
        uses: actions/setup-node@v4
        with:
          node-version: 20
          cache: 'pnpm'

      - name: Install dependencies
        run: pnpm install

      - name: Import mac certificate to keychain
        uses: apple-actions/import-codesign-certs@v3
        with:
          p12-file-base64: ${{ secrets.MAC_CERTIFICATE_P12_BASE64 }}
          p12-password: ${{ secrets.MAC_CERTIFICATE_PASSWORD }}
        if: matrix.os == 'macos-latest'

      # Use the version generated from dry-run in the build process
      - name: Set desktop app package version
        run: pnpm pkg set version=${{ env.VERSION }} --prefix apps/sentry-client-desktop

      - name: Set CLI version
        run: sed -i'' -e 's/VERSION_NUMBER/${{ env.VERSION }}/g' packages/core/src/utils/version.ts

      - name: Build monorepo
        run: npx nx run-many --target=build --all
        env:
          CSC_LINK: ${{ secrets.MAC_CERTIFICATE_P12_BASE64 }}
          CSC_KEY_PASSWORD: ${{ secrets.MAC_CERTIFICATE_PASSWORD }}
          APPLE_ID: ${{ secrets.APPLE_ID }}
          APPLE_APP_SPECIFIC_PASSWORD: ${{ secrets.APPLE_APP_SPECIFIC_PASSWORD }}
          APPLE_TEAM_ID: ${{ secrets.APPLE_TEAM_ID }}

      - name: Upload sentry-client-desktop artifacts
        uses: actions/upload-artifact@v4
        with:
          name: release-desktop-${{ matrix.os }}
          path: apps/sentry-client-desktop/release

      - name: Zip CLI artifacts
        run: |
          cd apps/cli/release
          zip sentry-node-cli-macos.zip sentry-node-cli-macos
          zip sentry-node-cli-linux.zip sentry-node-cli-linux
          zip sentry-node-cli-windows.zip sentry-node-cli-win.exe
        if: matrix.os == 'ubuntu-latest'

      - name: Upload CLI artifacts
        uses: actions/upload-artifact@v4
        with:
          name: release-cli-${{ matrix.os }}
          path: apps/cli/release

  sign:
    if: github.event_name == 'pull_request' || github.event.review.state == 'approved'
    needs: build
    runs-on: ubuntu-latest

    steps:
      - name: Download artifacts
        uses: actions/download-artifact@v4
        with:
          name: release-desktop-windows-latest
          path: release-desktop-windows-latest

      - name: Create directory for signed builds
        shell: bash
        run: |
          mkdir release-desktop-windows-latest/signed-builds
          cp release-desktop-windows-latest/sentry-client-windows.exe release-desktop-windows-latest/signed-builds/sentry-client-windows.exe
          cp release-desktop-windows-latest/sentry-client-windows.exe.blockmap release-desktop-windows-latest/signed-builds/sentry-client-windows.exe.blockmap
          cp release-desktop-windows-latest/latest.yml release-desktop-windows-latest/signed-builds/latest.yml

      # - name: Sign build Windows exe
      #   uses: sslcom/esigner-codesign@develop
      #   with:
      #     command: sign
      #     username: ${{ secrets.SSL_USERNAME }}
      #     password: ${{ secrets.SSL_PASSWORD }}
      #     totp_secret: ${{ secrets.SSL_TOTP_SECRET }}
      #     credential_id: ${{secrets.SSL_CREDENTIAL_ID}}
      #     file_path: release-desktop-windows-latest/sentry-client-windows.exe
      #     output_path: release-desktop-windows-latest/signed-builds

      - name: Upload signed artifacts
        uses: actions/upload-artifact@v4
        with:
          name: release-signed-desktop-windows-latest
          path: release-desktop-windows-latest

  checksum-and-release:
    if: github.event_name == 'pull_request' || github.event.review.state == 'approved'
    needs: sign
    runs-on: macos-latest

    steps:
      - name: Checkout code
        uses: actions/checkout@v4

      - name: Download artifacts
        uses: actions/download-artifact@v4

      - name: Generate checksum
        run: |
          CHECKSUM=$(shasum -a 512 release-signed-desktop-windows-latest/signed-builds/sentry-client-windows.exe | cut -f1 -d\ | xxd -r -p | base64)
          CHECKSUM=$(echo "$CHECKSUM" | tr -d '\r\n')
          echo "SHA512 Checksum: $CHECKSUM"
          cat release-signed-desktop-windows-latest/latest.yml
          sed -i '' -e "s#^sha512:.*#sha512: $CHECKSUM#" "release-signed-desktop-windows-latest/latest.yml"
          sed -i '' -e "s#^    sha512:.*#    sha512: $CHECKSUM#" "release-signed-desktop-windows-latest/latest.yml"