feat: derive PASSPHRASE for Core from the wallet #4415
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: ci | |
on: | |
pull_request: | |
push: | |
branches: | |
- main | |
tags: | |
- '*' | |
env: | |
ELECTRON_CACHE: ${{ github.workspace }}/.cache/electron | |
ELECTRON_BUILDER_CACHE: ${{ github.workspace }}/.cache/electron-builder | |
jobs: | |
build: | |
runs-on: ${{ matrix.os }} | |
strategy: | |
fail-fast: false | |
matrix: | |
os: [macos-latest, ubuntu-latest, windows-latest] | |
steps: | |
- name: Fix CRLF handling on Windows | |
if: matrix.os == 'windows-latest' | |
run: git config --global core.autocrlf false | |
- name: Check out Git repository | |
uses: actions/checkout@v4 | |
with: | |
fetch-depth: 0 | |
- name: Install Node.js | |
uses: actions/setup-node@v4 | |
with: | |
node-version: 'lts/*' | |
- name: Cache bigger downloads | |
uses: actions/cache@v4 | |
id: cache | |
with: | |
path: ${{ github.workspace }}/.cache | |
key: ${{ runner.os }}-${{ hashFiles('package.json', 'package-lock.json', 'electron-builder.yml') }} | |
restore-keys: | | |
${{ runner.os }}-${{ hashFiles('package.json', 'package-lock.json', 'electron-builder.yml') }} | |
${{ runner.os }}- | |
- name: Install dependencies | |
run: npm ci --prefer-offline --no-audit --progress=false | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
- name: Build | |
run: npm run build | |
- name: Install Sentry CLI | |
if: matrix.os == 'ubuntu-latest' | |
run: | | |
curl -sL https://sentry.io/get-cli/ | bash | |
sentry-cli --version | |
- name: Configure SENTRY env vars | |
run: | |
node ./build/configure-sentry.js >> $GITHUB_ENV | |
env: | |
SENTRY_AUTH_TOKEN: ${{ secrets.SENTRY_AUTH_TOKEN }} | |
- name: Create Sentry release | |
# Secrets are not passed to the runner when a workflow is triggered from a forked repository. | |
# See https://docs.github.com/en/actions/security-guides/encrypted-secrets#using-encrypted-secrets-in-a-workflow | |
# We skip this step in such case. | |
# | |
# We must use `env` instead of `secrets`, see https://stackoverflow.com/a/70249520/69868 | |
if: matrix.os == 'ubuntu-latest' && env.SENTRY_AUTH_TOKEN | |
env: | |
SENTRY_AUTH_TOKEN: ${{ secrets.SENTRY_AUTH_TOKEN }} | |
SENTRY_ORG: space-meridian | |
SENTRY_PROJECT: filecoin-station | |
run: | | |
sentry-cli releases new "${{ env.SENTRY_VERSION }}" | |
sentry-cli releases set-commits "${{ env.SENTRY_VERSION }}" --local --ignore-missing | |
sentry-cli releases files "${{ env.SENTRY_VERSION }}" upload-sourcemaps ./renderer/dist/assets | |
sentry-cli releases deploys "${{ env.SENTRY_VERSION }}" new -e "${{ env.SENTRY_ENV }}" | |
- name: Test backend | |
run: npm run test:backend | |
env: | |
TEST_SEED_PHRASE: ${{ secrets.TEST_SEED_PHRASE }} | |
- name: Test frontend | |
run: npm run test:ui | |
- name: Test end-to-end (Linux) | |
run: xvfb-run -a npm run test:e2e | |
if: ${{ matrix.os == 'ubuntu-latest' }} | |
- name: Test end-to-end (Windows / macOS) | |
run: npm run test:e2e | |
if: ${{ matrix.os != 'ubuntu-latest' }} | |
- name: Lint | |
run: npm run lint | |
package: | |
runs-on: ${{ matrix.os }} | |
needs: build # build packages only if regular build and tests passed | |
strategy: | |
fail-fast: false | |
matrix: | |
os: [macos-latest, ubuntu-latest, windows-latest] | |
steps: | |
- name: Check out Git repository | |
uses: actions/checkout@v4 | |
- name: Install Node.js | |
uses: actions/setup-node@v4 | |
with: | |
node-version: 'lts/*' | |
- name: Cache bigger downloads | |
uses: actions/cache@v4 | |
id: cache | |
with: | |
path: ${{ github.workspace }}/.cache | |
key: ${{ runner.os }}-${{ hashFiles('package.json', 'package-lock.json', 'electron-builder.yml') }} | |
restore-keys: | | |
${{ runner.os }}-${{ hashFiles('package.json', 'package-lock.json', 'electron-builder.yml') }} | |
${{ runner.os }}- | |
- name: Install dependencies | |
run: npm ci --prefer-offline --no-audit --progress=false | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
- name: Get tag | |
id: tag | |
if: startsWith(github.ref, 'refs/tags/v') | |
uses: dawidd6/action-get-tag@727a6f0a561be04e09013531e73a3983a65e3479 # v1 | |
continue-on-error: true # empty steps.tag.outputs.tag will inform the next step | |
- name: Build binaries with electron-builder (Linux) | |
if: ${{ matrix.os == 'ubuntu-latest' }} | |
run: | | |
sudo snap install snapcraft --classic | |
npm run build | |
npm exec -- electron-builder --publish onTag | |
env: | |
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
CI_BUILD_TAG: ${{ steps.tag.outputs.tag }} # used by --publish onTag | |
DEBUG: electron-builder | |
- name: Build binaries with electron-builder (Windows) | |
# Windows builds are always failing in PRs. We should fix them, but for | |
# now let's just skip them to remove noise. | |
if: ${{ matrix.os == 'windows-latest' && github.event_name != 'pull_request' }} | |
run: | | |
npm run build | |
npm exec -- electron-builder --publish onTag | |
env: | |
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
CI_BUILD_TAG: ${{steps.tag.outputs.tag}} # used by --publish onTag | |
DEBUG: electron-builder | |
WIN_CSC_LINK: ${{ secrets.windows_certs }} | |
WIN_CSC_KEY_PASSWORD: ${{ secrets.windows_certs_password }} | |
- name: Build binaries with electron-builder (macOS) | |
if: ${{ matrix.os == 'macos-latest' }} | |
run: | | |
npm run build | |
npm exec -- electron-builder --publish onTag | |
env: | |
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
CI_BUILD_TAG: ${{steps.tag.outputs.tag}} # used by --publish onTag | |
DEBUG: electron-builder | |
CSC_LINK: ${{ secrets.mac_certs }} | |
CSC_KEY_PASSWORD: ${{ secrets.mac_certs_password }} | |
APPLEID: ${{ secrets.apple_id }} | |
APPLEIDPASS: ${{ secrets.apple_id_pass }} | |
APPLETEAMID: ${{ secrets.apple_team_id }} | |
USE_HARD_LINKS: false | |
- name: Show dist/ | |
if: ${{ !(matrix.os == 'windows-latest' && github.event_name == 'pull_request') }} | |
run: du -sh dist/ && ls -l dist/ | |
# Persist produced binaries and effective config used for building them | |
# - this is not for releases, but for quick testing during the dev | |
# - action artifacts can be downloaded for 90 days, then are removed by github | |
# - binaries in PRs from forks won't be signed | |
- name: Attach produced packages to Github Action | |
if: ${{ !(matrix.os == 'windows-latest' && github.event_name == 'pull_request') }} | |
uses: actions/upload-artifact@v4 | |
with: | |
name: dist-${{ matrix.os }} | |
path: dist/*tation*.* | |
if-no-files-found: error | |
- name: Show Cache | |
if: ${{ !(matrix.os == 'windows-latest' && github.event_name == 'pull_request') }} | |
run: du -sh ${{ github.workspace }}/.cache/ && ls -l ${{ github.workspace }}/.cache/ |