5b59e39a8a
* chore: bump actions and pin versions * build: switch to blacksmith * fix: use rust-toolchain stable * build: improve pnpm store caching * chore: remove emoji from workflows * fix: run prepare job on blacksmith * chore: kebab case id * build: add concurrency groups to limit duplicate jobs * build: switch around node setup and pnpm setup task * chore: bump to nodejs 24, fix pnpm caching * fix: enable corepack * fix: concurrency deadlock in frontend preview * fix: approve build scripts * fix: just don't cancel concurrent previews * build: remove pnpm setup action everywhere * build: cache apt packages * build: yet another attempt at fixing concurrency * build: lower runner type for frontend deploy * fix: eslint not existing * build: add sccache to turbo-ci * fix: correct nextest pkg * fix: turbo ignoring sccache * revert me: test labrinth tests * Revert "revert me: test labrinth tests" This reverts commit def5cc19183d5c0fe3b6f3c03635d73bb59bd312. * build: compile app before docker build * build: lower runner types * build: remove docker inline caching * build: try mold on labrinth * build: tweak labrinth prod build profile * fix: app windows builds and caching * fix: tombi format cargo.toml * fix: swap ping test to cubecraft to avoid CI flakiness * typos fix --------- Co-authored-by: aecsocket <aecsocket@tutanota.com>
210 lines
9.3 KiB
YAML
210 lines
9.3 KiB
YAML
name: Modrinth App build
|
|
on:
|
|
push:
|
|
branches:
|
|
- main
|
|
tags:
|
|
- 'v*'
|
|
paths:
|
|
- .github/workflows/theseus-build.yml
|
|
- 'apps/app/**'
|
|
- 'apps/app-frontend/**'
|
|
- 'packages/app-lib/**'
|
|
- 'packages/app-macros/**'
|
|
- 'packages/assets/**'
|
|
- 'packages/ui/**'
|
|
- 'packages/utils/**'
|
|
workflow_dispatch:
|
|
inputs:
|
|
sign-windows-binaries:
|
|
description: Sign Windows binaries
|
|
type: boolean
|
|
default: false
|
|
required: false
|
|
environment:
|
|
description: Environment
|
|
type: choice
|
|
options:
|
|
- prod
|
|
- staging
|
|
- prod-with-staging-archon
|
|
default: prod
|
|
required: false
|
|
|
|
concurrency:
|
|
group: ${{ github.workflow }}-${{ github.ref }}
|
|
cancel-in-progress: ${{ github.ref != 'refs/heads/main' && github.ref != 'refs/heads/prod' }}
|
|
|
|
jobs:
|
|
build:
|
|
name: Build
|
|
env:
|
|
VITE_STRIPE_PUBLISHABLE_KEY: pk_live_51JbFxJJygY5LJFfKLVVldb10HlLt24p421OWRsTOWc5sXYFOnFUXWieSc6HD3PHo25ktx8db1WcHr36XGFvZFVUz00V9ixrCs5
|
|
# SCCACHE_DIR: '/mnt/sccache'
|
|
# SCCACHE_CACHE_SIZE: '10G'
|
|
# SCCACHE_MULTILEVEL_CHAIN: 'disk,s3'
|
|
SCCACHE_S3_KEY_PREFIX: '${{ github.repository }}/'
|
|
SCCACHE_BUCKET: ${{ secrets.SCCACHE_BUCKET }}
|
|
SCCACHE_REGION: ${{ secrets.SCCACHE_REGION }}
|
|
SCCACHE_ENDPOINT: ${{ secrets.SCCACHE_ENDPOINT }}
|
|
AWS_ACCESS_KEY_ID: ${{ secrets.SCCACHE_S3_ACCESS_KEY_ID }}
|
|
AWS_SECRET_ACCESS_KEY: ${{ secrets.SCCACHE_S3_SECRET_ACCESS_KEY }}
|
|
RUSTC_WRAPPER: 'sccache'
|
|
strategy:
|
|
fail-fast: false
|
|
matrix:
|
|
platform:
|
|
[
|
|
blacksmith-6vcpu-macos-26,
|
|
blacksmith-8vcpu-windows-2025,
|
|
blacksmith-8vcpu-ubuntu-2404,
|
|
]
|
|
include:
|
|
- platform: blacksmith-6vcpu-macos-26
|
|
artifact-target-name: universal-apple-darwin
|
|
- platform: blacksmith-8vcpu-windows-2025
|
|
artifact-target-name: x86_64-pc-windows-msvc
|
|
- platform: blacksmith-8vcpu-ubuntu-2404
|
|
artifact-target-name: x86_64-unknown-linux-gnu
|
|
|
|
runs-on: ${{ matrix.platform }}
|
|
|
|
steps:
|
|
- name: Check out code
|
|
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
|
|
with:
|
|
fetch-depth: 0
|
|
|
|
- name: Setup Rust toolchain
|
|
uses: actions-rust-lang/setup-rust-toolchain@2b1f5e9b395427c92ee4e3331786ca3c37afe2d7 # v1.16.0
|
|
with:
|
|
rustflags: ''
|
|
target: ${{ contains(matrix.platform, 'macos') && 'x86_64-apple-darwin' || '' }}
|
|
|
|
- name: Setup sccache
|
|
uses: mozilla-actions/sccache-action@9e7fa8a12102821edf02ca5dbea1acd0f89a2696 # v0.0.10
|
|
|
|
- name: Enable Corepack
|
|
run: corepack enable
|
|
|
|
- name: Setup Node
|
|
uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6.4.0
|
|
with:
|
|
node-version-file: .nvmrc
|
|
cache: 'pnpm'
|
|
|
|
- name: Generate tauri-dev.conf.json
|
|
shell: bash
|
|
run: |
|
|
GIT_HASH=$(git rev-parse --short HEAD)
|
|
cat > apps/app/tauri-dev.conf.json <<EOF
|
|
{
|
|
"productName": "Modrinth App (dev-${GIT_HASH})",
|
|
"mainBinaryName": "Modrinth App (dev-${GIT_HASH})",
|
|
"identifier": "ModrinthApp-dev-${GIT_HASH}",
|
|
"bundle": {
|
|
"fileAssociations": []
|
|
}
|
|
}
|
|
EOF
|
|
|
|
- name: Install Linux build dependencies
|
|
if: contains(matrix.platform, 'ubuntu')
|
|
uses: awalsh128/cache-apt-pkgs-action@acb598e5ddbc6f68a970c5da0688d2f3a9f04d05 # v1.6.0
|
|
with:
|
|
packages: libwebkit2gtk-4.1-dev libayatana-appindicator3-dev librsvg2-dev
|
|
version: v1 # cache key
|
|
|
|
- name: Setup Dasel
|
|
uses: jaxxstorm/action-install-gh-release@25e24d2d23ae098373794ef1d6faecb48ee52da8 # v3.0.0
|
|
with:
|
|
repo: TomWright/dasel
|
|
tag: v2.8.1
|
|
extension-matching: disable
|
|
rename-to: ${{ contains(matrix.platform, 'windows') && 'dasel.exe' || 'dasel' }}
|
|
chmod: 0755
|
|
|
|
- name: Set application version and environment
|
|
shell: bash
|
|
run: |
|
|
APP_VERSION="$(git describe --tags --always | sed -E 's/-([0-9]+)-(g[0-9a-fA-F]+)$/-canary+\1.\2/')"
|
|
BUILD_ENVIRONMENT="${{ inputs.environment || 'prod' }}"
|
|
echo "Setting application version to $APP_VERSION"
|
|
echo "Using environment $BUILD_ENVIRONMENT"
|
|
dasel put -f apps/app/Cargo.toml -t string -v "${APP_VERSION#v}" 'package.version'
|
|
dasel put -f packages/app-lib/Cargo.toml -t string -v "${APP_VERSION#v}" 'package.version'
|
|
dasel put -f apps/app-frontend/package.json -t string -v "${APP_VERSION#v}" 'version'
|
|
|
|
cp "packages/app-lib/.env.${BUILD_ENVIRONMENT}" packages/app-lib/.env
|
|
|
|
- name: Setup Turbo cache
|
|
uses: rharkor/caching-for-turbo@56219402aacc0d06b650d898c222996dbc1191ec # v2.3.14
|
|
|
|
- name: Install dependencies
|
|
run: pnpm install
|
|
|
|
- name: Set up Windows code signing
|
|
if: contains(matrix.platform, 'windows')
|
|
shell: bash
|
|
run: |
|
|
if [ '${{ startsWith(github.ref, 'refs/tags/v') || inputs.sign-windows-binaries }}' = 'true' ]; then
|
|
choco install jsign --ignore-dependencies # GitHub runners come with a global Java installation already
|
|
else
|
|
dasel delete -f apps/app/tauri-release.conf.json 'bundle.windows.signCommand'
|
|
fi
|
|
|
|
- name: Build macOS app
|
|
run: ${{ (github.ref == 'refs/heads/main' || startsWith(github.ref, 'refs/tags/v')) && 'pnpm --filter=@modrinth/app run tauri build --target universal-apple-darwin --config tauri-release.conf.json' || 'pnpm --filter=@modrinth/app run tauri build --target universal-apple-darwin --config tauri-dev.conf.json' }}
|
|
if: contains(matrix.platform, 'macos')
|
|
env:
|
|
ENABLE_CODE_SIGNING: ${{ secrets.APPLE_CERTIFICATE }}
|
|
APPLE_CERTIFICATE: ${{ secrets.APPLE_CERTIFICATE }}
|
|
APPLE_CERTIFICATE_PASSWORD: ${{ secrets.APPLE_CERTIFICATE_PASSWORD }}
|
|
APPLE_SIGNING_IDENTITY: ${{ secrets.APPLE_SIGNING_IDENTITY }}
|
|
APPLE_ID: ${{ secrets.APPLE_ID }}
|
|
APPLE_TEAM_ID: ${{ secrets.APPLE_TEAM_ID }}
|
|
APPLE_PASSWORD: ${{ secrets.APPLE_PASSWORD }}
|
|
TAURI_SIGNING_PRIVATE_KEY: ${{ secrets.TAURI_PRIVATE_KEY }}
|
|
TAURI_SIGNING_PRIVATE_KEY_PASSWORD: ${{ secrets.TAURI_KEY_PASSWORD }}
|
|
|
|
- name: Build Linux app
|
|
run: ${{ (github.ref == 'refs/heads/main' || startsWith(github.ref, 'refs/tags/v')) && 'pnpm --filter=@modrinth/app run tauri build --config tauri-release.conf.json' || 'pnpm --filter=@modrinth/app run tauri build --config tauri-dev.conf.json' }}
|
|
if: contains(matrix.platform, 'ubuntu')
|
|
env:
|
|
TAURI_SIGNING_PRIVATE_KEY: ${{ secrets.TAURI_PRIVATE_KEY }}
|
|
TAURI_SIGNING_PRIVATE_KEY_PASSWORD: ${{ secrets.TAURI_KEY_PASSWORD }}
|
|
|
|
- name: Build Windows app
|
|
run: |
|
|
[System.Convert]::FromBase64String("$env:DIGICERT_ONE_SIGNER_CLIENT_CERTIFICATE_BASE64") | Set-Content -Path signer-client-cert.p12 -AsByteStream
|
|
$env:DIGICERT_ONE_SIGNER_CREDENTIALS = "$env:DIGICERT_ONE_SIGNER_API_KEY|$PWD\signer-client-cert.p12|$env:DIGICERT_ONE_SIGNER_CLIENT_CERTIFICATE_PASSWORD"
|
|
$env:JAVA_HOME = "$env:JAVA_HOME_17_X64"
|
|
${{ (github.ref == 'refs/heads/main' || startsWith(github.ref, 'refs/tags/v')) && 'pnpm --filter=@modrinth/app run tauri build --config tauri-release.conf.json --verbose --bundles "nsis,updater"' || 'pnpm --filter=@modrinth/app run tauri build --config tauri-dev.conf.json --verbose --bundles "nsis,updater"' }}
|
|
Remove-Item -Path signer-client-cert.p12 -ErrorAction SilentlyContinue
|
|
if: contains(matrix.platform, 'windows')
|
|
env:
|
|
TAURI_SIGNING_PRIVATE_KEY: ${{ secrets.TAURI_PRIVATE_KEY }}
|
|
TAURI_SIGNING_PRIVATE_KEY_PASSWORD: ${{ secrets.TAURI_KEY_PASSWORD }}
|
|
DIGICERT_ONE_SIGNER_API_KEY: ${{ secrets.DIGICERT_ONE_SIGNER_API_KEY }}
|
|
DIGICERT_ONE_SIGNER_CLIENT_CERTIFICATE_BASE64: ${{ secrets.DIGICERT_ONE_SIGNER_CLIENT_CERTIFICATE_BASE64 }}
|
|
DIGICERT_ONE_SIGNER_CLIENT_CERTIFICATE_PASSWORD: ${{ secrets.DIGICERT_ONE_SIGNER_CLIENT_CERTIFICATE_PASSWORD }}
|
|
|
|
- name: Upload app bundles
|
|
uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1
|
|
with:
|
|
name: App bundle (${{ matrix.artifact-target-name }})
|
|
path: |
|
|
target/release/bundle/appimage/Modrinth App_*.AppImage*
|
|
target/release/bundle/deb/Modrinth App_*.deb*
|
|
target/release/bundle/rpm/Modrinth App-*.rpm*
|
|
target/release/bundle/appimage/Modrinth App (dev-*)_*.AppImage*
|
|
target/release/bundle/deb/Modrinth App (dev-*)_*.deb*
|
|
target/release/bundle/rpm/Modrinth App (dev-*)-*.rpm*
|
|
target/universal-apple-darwin/release/bundle/macos/Modrinth App.app.tar.gz*
|
|
target/universal-apple-darwin/release/bundle/macos/Modrinth App (dev-*)*.app.tar.gz
|
|
target/universal-apple-darwin/release/bundle/dmg/Modrinth App (dev-*)*.dmg
|
|
target/universal-apple-darwin/release/bundle/dmg/Modrinth App_*.dmg*
|
|
target/release/bundle/nsis/Modrinth App_*-setup.exe*
|
|
target/release/bundle/nsis/Modrinth App (dev-*)_*-setup.exe*
|
|
target/release/bundle/nsis/Modrinth App_*-setup.nsis.zip*
|