name: Build on: push: tags: [ '*' ] jobs: web: runs-on: ubuntu-latest steps: - name: Get current git tag id: get_tag uses: keeweb/get-git-tag@v3.0.2 with: tagRegex: "^v(\\d+\\.\\d+\\.\\d+)$" tagRegexGroup: 1 - name: Checkout uses: actions/checkout@v2 with: repository: keeweb/keeweb ref: ${{ github.repository == 'keeweb/keeweb' && github.sha || 'develop' }} - name: Install npm modules run: npm ci - name: Test run: npm test - name: Grunt run: grunt - name: Upload artifact uses: actions/upload-artifact@v1 with: name: KeeWeb-${{ steps.get_tag.outputs.tag }}.html path: dist linux: runs-on: ubuntu-latest needs: - web steps: - name: Get current git tag id: get_tag uses: keeweb/get-git-tag@v3.0.2 with: tagRegex: "^v(\\d+\\.\\d+\\.\\d+)$" tagRegexGroup: 1 - name: Checkout uses: actions/checkout@v2 with: repository: keeweb/keeweb ref: ${{ github.repository == 'keeweb/keeweb' && github.sha || 'develop' }} - name: Download artifact uses: actions/download-artifact@v1 with: name: KeeWeb-${{ steps.get_tag.outputs.tag }}.html path: dist - name: Write secrets env: PRIVATE_KEY: ${{ secrets.PRIVATE_KEY }} KEEWEB_SIGN: ${{ secrets.KEEWEB_SIGN }} run: | mkdir keys echo "$PRIVATE_KEY" > keys/private-key.pem echo "$KEEWEB_SIGN" > keys/keeweb-sign.json - name: Build in Docker uses: ./.github/actions/linux-build - name: Upload AppImage artifact uses: actions/upload-artifact@v1 with: name: KeeWeb-${{ steps.get_tag.outputs.tag }}.linux.AppImage path: dist/desktop/KeeWeb-${{ steps.get_tag.outputs.tag }}.linux.AppImage - name: Upload snap artifact uses: actions/upload-artifact@v1 with: name: KeeWeb-${{ steps.get_tag.outputs.tag }}.linux.snap path: dist/desktop/KeeWeb-${{ steps.get_tag.outputs.tag }}.linux.snap - name: Upload deb artifact uses: actions/upload-artifact@v1 with: name: KeeWeb-${{ steps.get_tag.outputs.tag }}.linux.x64.deb path: dist/desktop/KeeWeb-${{ steps.get_tag.outputs.tag }}.linux.x64.deb - name: Upload zip artifact uses: actions/upload-artifact@v1 with: name: KeeWeb-${{ steps.get_tag.outputs.tag }}.linux.x64.zip path: dist/desktop/KeeWeb-${{ steps.get_tag.outputs.tag }}.linux.x64.zip - name: Upload rpm artifact uses: actions/upload-artifact@v1 with: name: KeeWeb-${{ steps.get_tag.outputs.tag }}.linux.x86_64.rpm path: dist/desktop/KeeWeb-${{ steps.get_tag.outputs.tag }}.linux.x86_64.rpm - name: Upload update artifact uses: actions/upload-artifact@v1 with: name: UpdateDesktop.zip path: dist/desktop/UpdateDesktop.zip darwin: runs-on: macos-latest needs: - web steps: - name: Get current git tag id: get_tag uses: keeweb/get-git-tag@v3.0.2 with: tagRegex: "^v(\\d+\\.\\d+\\.\\d+)$" tagRegexGroup: 1 - name: Checkout uses: actions/checkout@v2 with: repository: keeweb/keeweb ref: ${{ github.repository == 'keeweb/keeweb' && github.sha || 'develop' }} - name: Download artifact uses: actions/download-artifact@v1 with: name: KeeWeb-${{ steps.get_tag.outputs.tag }}.html path: dist - name: Install npm modules run: npm ci - name: Install desktop npm modules working-directory: desktop run: npm ci - name: Install grunt run: sudo npm i -g grunt-cli - name: Write secrets env: CODESIGN: ${{ secrets.CODESIGN }} APPLE_DEPLOY_PASSWORD: ${{ secrets.APPLE_DEPLOY_PASSWORD }} APPLE_ID_USERNAME: ${{ secrets.APPLE_ID_USERNAME }} run: | mkdir keys echo "$CODESIGN" > keys/codesign.json xcrun altool --store-password-in-keychain-item "AC_PASSWORD" -u "$APPLE_ID_USERNAME" -p "$APPLE_DEPLOY_PASSWORD" - name: Import certificates uses: keeweb/import-codesign-certs@v1 with: p12-file-base64: ${{ secrets.APPLE_CERTIFICATE }} p12-password: ${{ secrets.APPLE_CERTIFICATE_PASSWORD }} - name: Grunt run: grunt desktop-darwin ${{ github.repository != 'keeweb/keeweb' && '--skip-sign' || '' }} - name: Upload x64 dmg artifact uses: actions/upload-artifact@v1 with: name: KeeWeb-${{ steps.get_tag.outputs.tag }}.mac.x64.dmg path: dist/desktop/KeeWeb-${{ steps.get_tag.outputs.tag }}.mac.x64.dmg - name: Upload arm64 dmg artifact uses: actions/upload-artifact@v1 with: name: KeeWeb-${{ steps.get_tag.outputs.tag }}.mac.arm64.dmg path: dist/desktop/KeeWeb-${{ steps.get_tag.outputs.tag }}.mac.arm64.dmg win32: runs-on: windows-latest needs: - web steps: - name: Get current git tag id: get_tag uses: keeweb/get-git-tag@v3.0.2 with: tagRegex: "^v(\\d+\\.\\d+\\.\\d+)$" tagRegexGroup: 1 - name: Checkout uses: actions/checkout@v2 with: repository: keeweb/keeweb ref: ${{ github.repository == 'keeweb/keeweb' && github.sha || 'develop' }} - name: Download artifact uses: actions/download-artifact@v1 with: name: KeeWeb-${{ steps.get_tag.outputs.tag }}.html path: dist - name: Install npm modules run: npm ci - name: Install desktop npm modules working-directory: desktop run: npm ci - name: Install grunt run: npm i -g grunt-cli - name: Write secrets env: CODESIGN: ${{ secrets.CODESIGN }} MS_CODESIGN_PRIVATE_KEY_CLIENT: ${{ secrets.MS_CODESIGN_PRIVATE_KEY_CLIENT }} MS_CODESIGN_PUBLIC_KEY_CLIENT: ${{ secrets.MS_CODESIGN_PUBLIC_KEY_CLIENT }} MS_CODESIGN_PUBLIC_KEY_SERVER: ${{ secrets.MS_CODESIGN_PUBLIC_KEY_SERVER }} run: | mkdir keys echo $Env:CODESIGN > keys/codesign.json mkdir keys/code-signing echo $Env:MS_CODESIGN_PRIVATE_KEY_CLIENT > keys/code-signing/private-key-client.pem echo $Env:MS_CODESIGN_PUBLIC_KEY_CLIENT > keys/code-signing/public-key-client.pem echo $Env:MS_CODESIGN_PUBLIC_KEY_SERVER > keys/code-signing/public-key-server.pem - name: Grunt run: grunt desktop-win32 ${{ github.repository != 'keeweb/keeweb' && '--skip-sign' || '' }} - name: Upload ia32 exe artifact uses: actions/upload-artifact@v1 with: name: KeeWeb-${{ steps.get_tag.outputs.tag }}.win.ia32.exe path: dist/desktop/KeeWeb-${{ steps.get_tag.outputs.tag }}.win.ia32.exe - name: Upload ia32 zip artifact uses: actions/upload-artifact@v1 with: name: KeeWeb-${{ steps.get_tag.outputs.tag }}.win.ia32.zip path: dist/desktop/KeeWeb-${{ steps.get_tag.outputs.tag }}.win.ia32.zip - name: Upload x64 exe artifact uses: actions/upload-artifact@v1 with: name: KeeWeb-${{ steps.get_tag.outputs.tag }}.win.x64.exe path: dist/desktop/KeeWeb-${{ steps.get_tag.outputs.tag }}.win.x64.exe - name: Upload x64 zip artifact uses: actions/upload-artifact@v1 with: name: KeeWeb-${{ steps.get_tag.outputs.tag }}.win.x64.zip path: dist/desktop/KeeWeb-${{ steps.get_tag.outputs.tag }}.win.x64.zip - name: Upload arm64 exe artifact uses: actions/upload-artifact@v1 with: name: KeeWeb-${{ steps.get_tag.outputs.tag }}.win.arm64.exe path: dist/desktop/KeeWeb-${{ steps.get_tag.outputs.tag }}.win.arm64.exe - name: Upload arm64 zip artifact uses: actions/upload-artifact@v1 with: name: KeeWeb-${{ steps.get_tag.outputs.tag }}.win.arm64.zip path: dist/desktop/KeeWeb-${{ steps.get_tag.outputs.tag }}.win.arm64.zip publish: runs-on: ubuntu-latest needs: - linux - darwin - win32 steps: - name: Get current git tag id: get_tag uses: keeweb/get-git-tag@v3.0.2 with: tagRegex: "^v(\\d+\\.\\d+\\.\\d+)$" tagRegexGroup: 1 - name: Setup GCloud uses: google-github-actions/github-actions/setup-gcloud@master with: version: '285.0.0' service_account_key: ${{ secrets.GCP_SA_KEY }} export_default_credentials: true - name: Checkout uses: actions/checkout@v2 with: repository: keeweb/keeweb path: keeweb ref: ${{ github.repository == 'keeweb/keeweb' && github.sha || 'develop' }} - name: Install npm modules working-directory: keeweb run: npm ci - name: Download html artifact uses: actions/download-artifact@v1 with: name: KeeWeb-${{ steps.get_tag.outputs.tag }}.html path: html - name: Download linux.AppImage artifact uses: actions/download-artifact@v1 with: name: KeeWeb-${{ steps.get_tag.outputs.tag }}.linux.AppImage path: assets - name: Download linux.snap artifact uses: actions/download-artifact@v1 with: name: KeeWeb-${{ steps.get_tag.outputs.tag }}.linux.snap path: assets - name: Download linux.deb artifact uses: actions/download-artifact@v1 with: name: KeeWeb-${{ steps.get_tag.outputs.tag }}.linux.x64.deb path: assets - name: Download linux.zip artifact uses: actions/download-artifact@v1 with: name: KeeWeb-${{ steps.get_tag.outputs.tag }}.linux.x64.zip path: assets - name: Download linux.rpm artifact uses: actions/download-artifact@v1 with: name: KeeWeb-${{ steps.get_tag.outputs.tag }}.linux.x86_64.rpm path: assets - name: Download darwin.x64.dmg artifact uses: actions/download-artifact@v1 with: name: KeeWeb-${{ steps.get_tag.outputs.tag }}.mac.x64.dmg path: assets - name: Download darwin.arm64.dmg artifact uses: actions/download-artifact@v1 with: name: KeeWeb-${{ steps.get_tag.outputs.tag }}.mac.arm64.dmg path: assets - name: Download win32.ia32.exe artifact uses: actions/download-artifact@v1 with: name: KeeWeb-${{ steps.get_tag.outputs.tag }}.win.ia32.exe path: assets - name: Download win32.ia32.zip artifact uses: actions/download-artifact@v1 with: name: KeeWeb-${{ steps.get_tag.outputs.tag }}.win.ia32.zip path: assets - name: Download win32.x64.exe artifact uses: actions/download-artifact@v1 with: name: KeeWeb-${{ steps.get_tag.outputs.tag }}.win.x64.exe path: assets - name: Download win32.x64.zip artifact uses: actions/download-artifact@v1 with: name: KeeWeb-${{ steps.get_tag.outputs.tag }}.win.x64.zip path: assets - name: Download win32.arm64.exe artifact uses: actions/download-artifact@v1 with: name: KeeWeb-${{ steps.get_tag.outputs.tag }}.win.arm64.exe path: assets - name: Download win32.arm64.zip artifact uses: actions/download-artifact@v1 with: name: KeeWeb-${{ steps.get_tag.outputs.tag }}.win.arm64.zip path: assets - name: Download update artifact uses: actions/download-artifact@v1 with: name: UpdateDesktop.zip path: assets - name: Zip html working-directory: html run: zip -vr ../assets/KeeWeb-${{ steps.get_tag.outputs.tag }}.html.zip . - name: Copy assets to dist run: mkdir -p keeweb/dist/desktop && cp assets/* keeweb/dist/desktop - name: Write secrets env: PRIVATE_KEY: ${{ secrets.PRIVATE_KEY }} KEEWEB_SIGN: ${{ secrets.KEEWEB_SIGN }} working-directory: keeweb run: | mkdir keys echo "$PRIVATE_KEY" > keys/private-key.pem echo "$KEEWEB_SIGN" > keys/keeweb-sign.json - name: Grunt working-directory: keeweb run: grunt finish-release - name: Copy signatures to assets run: cp keeweb/dist/desktop/Verify.sign.sha256 assets - name: Copy checksums to assets run: cp keeweb/dist/desktop/Verify.sha256 assets - name: Login to DockerHub Registry env: DOCKERHUB_ACCESS_TOKEN: ${{ secrets.DOCKERHUB_ACCESS_TOKEN }} DOCKERHUB_USERNAME: ${{ secrets.DOCKERHUB_USERNAME }} run: echo $DOCKERHUB_ACCESS_TOKEN | docker login -u $DOCKERHUB_USERNAME --password-stdin - name: Copy dist to the Docker context run: cp -r html keeweb/package/docker/dist - name: Build the Docker image working-directory: keeweb run: docker build -t antelle/keeweb:latest package/docker - name: Tag the Docker image run: docker tag antelle/keeweb:latest antelle/keeweb:${{ steps.get_tag.outputs.tag }} - name: Push the Docker image to the registry if: ${{ github.repository == 'keeweb/keeweb' }} run: docker push antelle/keeweb - name: Create a GitHub release id: create_release uses: actions/create-release@latest env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} with: tag_name: ${{ github.ref }} release_name: Desktop apps v${{ steps.get_tag.outputs.tag }} draft: true prerelease: false - name: Upload html asset uses: actions/upload-release-asset@v1 env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} with: upload_url: ${{ steps.create_release.outputs.upload_url }} asset_path: assets/KeeWeb-${{ steps.get_tag.outputs.tag }}.html.zip asset_name: KeeWeb-${{ steps.get_tag.outputs.tag }}.html.zip asset_content_type: application/octet-stream - name: Upload linux.AppImage asset uses: actions/upload-release-asset@v1 env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} with: upload_url: ${{ steps.create_release.outputs.upload_url }} asset_path: assets/KeeWeb-${{ steps.get_tag.outputs.tag }}.linux.AppImage asset_name: KeeWeb-${{ steps.get_tag.outputs.tag }}.linux.AppImage asset_content_type: application/octet-stream - name: Upload linux.snap asset uses: actions/upload-release-asset@v1 env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} with: upload_url: ${{ steps.create_release.outputs.upload_url }} asset_path: assets/KeeWeb-${{ steps.get_tag.outputs.tag }}.linux.snap asset_name: KeeWeb-${{ steps.get_tag.outputs.tag }}.linux.snap asset_content_type: application/octet-stream - name: Upload linux.deb asset uses: actions/upload-release-asset@v1 env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} with: upload_url: ${{ steps.create_release.outputs.upload_url }} asset_path: assets/KeeWeb-${{ steps.get_tag.outputs.tag }}.linux.x64.deb asset_name: KeeWeb-${{ steps.get_tag.outputs.tag }}.linux.x64.deb asset_content_type: application/octet-stream - name: Upload linux.zip asset uses: actions/upload-release-asset@v1 env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} with: upload_url: ${{ steps.create_release.outputs.upload_url }} asset_path: assets/KeeWeb-${{ steps.get_tag.outputs.tag }}.linux.x64.zip asset_name: KeeWeb-${{ steps.get_tag.outputs.tag }}.linux.x64.zip asset_content_type: application/octet-stream - name: Upload linux.rpm asset uses: actions/upload-release-asset@v1 env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} with: upload_url: ${{ steps.create_release.outputs.upload_url }} asset_path: assets/KeeWeb-${{ steps.get_tag.outputs.tag }}.linux.x86_64.rpm asset_name: KeeWeb-${{ steps.get_tag.outputs.tag }}.linux.x86_64.rpm asset_content_type: application/octet-stream - name: Upload darwin.x64.dmg asset uses: actions/upload-release-asset@v1 env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} with: upload_url: ${{ steps.create_release.outputs.upload_url }} asset_path: assets/KeeWeb-${{ steps.get_tag.outputs.tag }}.mac.x64.dmg asset_name: KeeWeb-${{ steps.get_tag.outputs.tag }}.mac.x64.dmg asset_content_type: application/octet-stream - name: Upload darwin.arm64.dmg asset uses: actions/upload-release-asset@v1 env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} with: upload_url: ${{ steps.create_release.outputs.upload_url }} asset_path: assets/KeeWeb-${{ steps.get_tag.outputs.tag }}.mac.arm64.dmg asset_name: KeeWeb-${{ steps.get_tag.outputs.tag }}.mac.arm64.dmg asset_content_type: application/octet-stream - name: Upload win32.ia32.exe asset uses: actions/upload-release-asset@v1 env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} with: upload_url: ${{ steps.create_release.outputs.upload_url }} asset_path: assets/KeeWeb-${{ steps.get_tag.outputs.tag }}.win.ia32.exe asset_name: KeeWeb-${{ steps.get_tag.outputs.tag }}.win.ia32.exe asset_content_type: application/octet-stream - name: Upload win32.ia32.zip asset uses: actions/upload-release-asset@v1 env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} with: upload_url: ${{ steps.create_release.outputs.upload_url }} asset_path: assets/KeeWeb-${{ steps.get_tag.outputs.tag }}.win.ia32.zip asset_name: KeeWeb-${{ steps.get_tag.outputs.tag }}.win.ia32.zip asset_content_type: application/octet-stream - name: Upload win32.x64.exe asset uses: actions/upload-release-asset@v1 env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} with: upload_url: ${{ steps.create_release.outputs.upload_url }} asset_path: assets/KeeWeb-${{ steps.get_tag.outputs.tag }}.win.x64.exe asset_name: KeeWeb-${{ steps.get_tag.outputs.tag }}.win.x64.exe asset_content_type: application/octet-stream - name: Upload win32.x64.zip asset uses: actions/upload-release-asset@v1 env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} with: upload_url: ${{ steps.create_release.outputs.upload_url }} asset_path: assets/KeeWeb-${{ steps.get_tag.outputs.tag }}.win.x64.zip asset_name: KeeWeb-${{ steps.get_tag.outputs.tag }}.win.x64.zip asset_content_type: application/octet-stream - name: Upload win32.arm64.exe asset uses: actions/upload-release-asset@v1 env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} with: upload_url: ${{ steps.create_release.outputs.upload_url }} asset_path: assets/KeeWeb-${{ steps.get_tag.outputs.tag }}.win.arm64.exe asset_name: KeeWeb-${{ steps.get_tag.outputs.tag }}.win.arm64.exe asset_content_type: application/octet-stream - name: Upload win32.arm64.zip asset uses: actions/upload-release-asset@v1 env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} with: upload_url: ${{ steps.create_release.outputs.upload_url }} asset_path: assets/KeeWeb-${{ steps.get_tag.outputs.tag }}.win.arm64.zip asset_name: KeeWeb-${{ steps.get_tag.outputs.tag }}.win.arm64.zip asset_content_type: application/octet-stream - name: Upload update asset uses: actions/upload-release-asset@v1 env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} with: upload_url: ${{ steps.create_release.outputs.upload_url }} asset_path: assets/UpdateDesktop.zip asset_name: UpdateDesktop.zip asset_content_type: application/octet-stream - name: Upload verify.sign asset uses: actions/upload-release-asset@v1 env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} with: upload_url: ${{ steps.create_release.outputs.upload_url }} asset_path: assets/Verify.sign.sha256 asset_name: Verify.sign.sha256 asset_content_type: application/octet-stream - name: Upload verify.sha asset uses: actions/upload-release-asset@v1 env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} with: upload_url: ${{ steps.create_release.outputs.upload_url }} asset_path: assets/Verify.sha256 asset_name: Verify.sha256 asset_content_type: application/octet-stream - name: Publish the GitHub release uses: ./keeweb/.github/actions/publish-release env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} with: version: ${{ steps.get_tag.outputs.tag }} release_id: ${{ steps.create_release.outputs.id }} - name: Checkout gh-pages uses: actions/checkout@v2 with: ref: gh-pages path: gh-pages fetch-depth: 0 - name: Commit dist to gh-pages working-directory: gh-pages run: | git rm -r '*' cp -r ../html/* . mkdir -p .github/workflows echo $GITHUB_SHA > build.txt date >> build.txt git add . git config --local user.email "action@github.com" git config --local user.name "GitHub Action" git commit -am v${{ steps.get_tag.outputs.tag }} - name: Push gh-pages uses: keeweb/github-push-action@master with: github_token: ${{ secrets.GITHUB_TOKEN }} branch: gh-pages directory: gh-pages - name: Restore git mtime working-directory: gh-pages run: python3 ../keeweb/.github/actions/scripts/git-restore-mtime.py - name: Sync the website if: ${{ github.repository == 'keeweb/keeweb' }} run: gsutil -m rsync -r -d -x "^\." gh-pages gs://app.keeweb.info/ - name: Purge CloudFlare cache if: ${{ github.repository == 'keeweb/keeweb' }} env: CLOUDFLARE_API_TOKEN: ${{ secrets.CLOUDFLARE_API_TOKEN }} run: | curl -sS -X POST "https://api.cloudflare.com/client/v4/zones/dbda8e7e454d23edb08d4bc3b3f6f872/purge_cache" \ -H "Authorization: Bearer $CLOUDFLARE_API_TOKEN" \ -H "Content-Type: application/json" \ --data '{"purge_everything":true}'