firestudio/.github/workflows/build.yml at master · Flowdesktech/firestudio · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
name: Build & Release

on:
  push:
    tags:
      - 'v*'

jobs:
  build-windows:
    runs-on: windows-latest
    environment: ${{ vars.ENABLE_CODE_SIGNING == 'true' && 'production' || '' }}
    steps:
      - name: Checkout
        uses: actions/checkout@v4

      - name: Setup pnpm
        uses: pnpm/action-setup@v4

      - name: Setup Node.js
        uses: actions/setup-node@v4
        with:
          node-version: '22'
          cache: 'pnpm'

      - name: Install dependencies
        run: pnpm install --frozen-lockfile

      - name: Create .env file
        run: |
          echo "GOOGLE_CLIENT_ID=${{ secrets.GOOGLE_CLIENT_ID }}" > .env
          echo "GOOGLE_CLIENT_SECRET=${{ secrets.GOOGLE_CLIENT_SECRET }}" >> .env

      - name: Build Windows (unsigned)
        if: vars.ENABLE_CODE_SIGNING != 'true'
        run: pnpm run build:win

      - name: Build Windows (signed)
        if: vars.ENABLE_CODE_SIGNING == 'true'
        run: pnpm run build:win
        env:
          CSC_LINK: ${{ secrets.WINDOWS_CERTIFICATE }}
          CSC_KEY_PASSWORD: ${{ secrets.WINDOWS_CERTIFICATE_PASSWORD }}

      # Upload full `release/` so GitHub has NSIS + latest.yml + blockmap for electron-updater
      - name: Upload Windows artifacts
        uses: actions/upload-artifact@v4
        with:
          name: windows-builds
          path: release
          retention-days: 5

  build-mac:
    runs-on: macos-latest
    environment: ${{ vars.ENABLE_CODE_SIGNING == 'true' && 'production' || '' }}
    steps:
      - name: Checkout
        uses: actions/checkout@v4

      - name: Setup pnpm
        uses: pnpm/action-setup@v4

      - name: Setup Node.js
        uses: actions/setup-node@v4
        with:
          node-version: '22'
          cache: 'pnpm'

      - name: Install dependencies
        run: pnpm install --frozen-lockfile

      - name: Create .env file
        run: |
          echo "GOOGLE_CLIENT_ID=${{ secrets.GOOGLE_CLIENT_ID }}" > .env
          echo "GOOGLE_CLIENT_SECRET=${{ secrets.GOOGLE_CLIENT_SECRET }}" >> .env

      - name: Build macOS (unsigned)
        if: vars.ENABLE_CODE_SIGNING != 'true'
        run: pnpm run build:mac

      - name: Build macOS (signed)
        if: vars.ENABLE_CODE_SIGNING == 'true'
        run: pnpm run build:mac
        env:
          CSC_LINK: ${{ secrets.APPLE_CERTIFICATE }}
          CSC_KEY_PASSWORD: ${{ secrets.APPLE_CERTIFICATE_PASSWORD }}
          APPLE_ID: ${{ secrets.APPLE_ID }}
          APPLE_APP_SPECIFIC_PASSWORD: ${{ secrets.APPLE_APP_SPECIFIC_PASSWORD }}
          APPLE_TEAM_ID: ${{ secrets.APPLE_TEAM_ID }}

      - name: Upload macOS artifacts
        uses: actions/upload-artifact@v4
        with:
          name: mac-builds
          path: release
          retention-days: 5

  build-linux:
    runs-on: ubuntu-latest
    steps:
      - name: Checkout
        uses: actions/checkout@v4

      - name: Setup pnpm
        uses: pnpm/action-setup@v4

      - name: Setup Node.js
        uses: actions/setup-node@v4
        with:
          node-version: '22'
          cache: 'pnpm'

      - name: Install dependencies
        run: pnpm install --frozen-lockfile

      - name: Create .env file
        run: |
          echo "GOOGLE_CLIENT_ID=${{ secrets.GOOGLE_CLIENT_ID }}" > .env
          echo "GOOGLE_CLIENT_SECRET=${{ secrets.GOOGLE_CLIENT_SECRET }}" >> .env

      - name: Build Linux
        run: pnpm run build:linux

      - name: Upload Linux artifacts
        uses: actions/upload-artifact@v4
        with:
          name: linux-builds
          path: release
          retention-days: 5

  create-release:
    needs: [build-windows, build-mac, build-linux]
    runs-on: ubuntu-latest
    permissions:
      contents: write
    steps:
      - name: Checkout
        uses: actions/checkout@v4

      - name: Download all artifacts
        uses: actions/download-artifact@v4
        with:
          path: artifacts

      - name: Display structure of downloaded files
        run: ls -R artifacts

      # Release title = packaged app / installer version (same as tag, e.g. v1.7.0).
      # `body` is prepended before GitHub's auto-generated notes when `generate_release_notes` is true.
      - name: Create Release
        uses: softprops/action-gh-release@v2
        with:
          name: Firestudio ${{ github.ref_name }}
          body: |
            ### Setup / app version

            **${{ github.ref_name }}** — matches the built installers and `package.json` at this tag.

            **Auto-update:** These assets include `latest.yml` (and related metadata) for **electron-updater**. The app checks GitHub Releases on startup and once per day; updates download and install only after you confirm. On **Windows**, use the **NSIS Setup** `.exe` for in-app updates (not the portable build).

          draft: false
          prerelease: false
          generate_release_notes: true
          files: |
            artifacts/windows-builds/*
            artifacts/mac-builds/*
            artifacts/linux-builds/*
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}