Skip to content
Build MacOS and Windows image

Build MacOS and Windows image #317

Sign in to view logs

Build MacOS and Windows image

Build MacOS and Windows image #317

Workflow file for this run

.github/workflows/image.yml at 36d20f1
name: Build MacOS and Windows image
on:
workflow_dispatch:
release:
types: [published]
jobs:
windows-install-purple:
runs-on: windows-latest
steps:
- name: Check out repository code
uses: actions/checkout@v3
- name: Enable Long File Path in Registry
shell: pwsh
run: |
Start-Process powershell -Verb runAs -ArgumentList 'New-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Control\FileSystem" -Name "LongPathsEnabled" -PropertyType "DWORD" -Value "1"'
- name: Download node.js version from nodejs.org
run: |
curl -o ./nodejs-win.zip --create-dirs https://nodejs.org/dist/v22.19.0/node-v22.19.0-win-x64.zip
mkdir nodejs-win && tar -xzf nodejs-win.zip -C nodejs-win --strip-components=1 && rm ./nodejs-win.zip
working-directory: ${{github.workspace}}
- name: Download Inno Setup
shell: pwsh
run: |
Invoke-WebRequest -Uri "https://jrsoftware.org/download.php/is.exe" -OutFile "${{github.workspace}}\is.exe"
$env:path = "$env:path" + ";${env:programfiles(x86)}\Inno Setup 6"
- name: Install Node Modules and Build for Windows
run: |
$env:Path = "${{github.workspace}}\nodejs-win;${{github.workspace}}\oobee-desktop\node_modules\.bin;$env:Path;";
npm install
npm run make-win
env:
CI: ""
working-directory: ${{github.workspace}}
- name: Move build to root
shell: pwsh
run: |
Move-Item "${{github.workspace}}\out\Oobee-win32-x64" -Destination "${{github.workspace}}\Oobee-win32-x64" -Force
- name: Download Oobee Backend
shell: pwsh
run: |
$PHbackendUrl = "https://github.com/GovTechSG/oobee/releases/download/${{ vars.BE_TAG }}/oobee-portable-windows.zip"
$BEdestinationPath = "${{github.workspace}}\PHLatest.zip"
$BEextractPath = "D:\a\Oobee Backend"
Invoke-WebRequest -Uri $PHbackendUrl -OutFile $BEdestinationPath
Expand-Archive -Path $BEdestinationPath -DestinationPath $BEextractPath -Force
Remove-Item -Path $BEdestinationPath
- name: Execute Inno Setup script to compile installer
shell: pwsh
run: ISCC /O"${{github.workspace}}" "${{github.workspace}}\a11y_for_windows.iss"
- name: Move compiled installer to Workspace
run: |
New-Item -Path setup -ItemType Directory
Move-Item -Path mysetup.exe -Destination setup\Oobee-setup.exe
working-directory: ${{github.workspace}}
- name: Zip Setup file (Windows)
shell: pwsh
run: Compress-Archive -Path ${{github.workspace}}/setup/* -DestinationPath oobee-desktop-windows.zip
working-directory: ${{github.workspace}}
- name: Compute SHA256 hash for Windows
shell: pwsh
run: |
$hash = (Get-FileHash -Algorithm SHA256 oobee-desktop-windows.zip).Hash
[System.IO.File]::WriteAllText("oobee-desktop-windows.zip.sha256.txt", $hash)
- name: Upload Oobee Windows setup artifact
uses: actions/upload-artifact@v4
with:
name: oobee-desktop-windows
path: |
oobee-desktop-windows.zip
oobee-desktop-windows.zip.sha256.txt
- name: Release Windows artifact
uses: softprops/action-gh-release@v1
if: startsWith(github.ref, 'refs/tags/')
with:
files: |
oobee-desktop-windows.zip
oobee-desktop-windows.zip.sha256.txt
mac-install-purple:
runs-on: macos-latest
env:
# Developer ID Application
CER_B64: ${{ secrets.ORG_DEVELOPER_ID_APPLICATION_CERT_CER }}
P12_B64: ${{ secrets.ORG_DEVELOPER_ID_APPLICATION_PRIVATEKEY_P12 }}
P12_PASSWORD: ${{ secrets.ORG_DEVELOPER_ID_APPLICATION_PRIVATEKEY_P12_PASSWORD }}
# Distribution (for installer/notarization)
DIST_CER_B64: ${{ secrets.ORG_DISTRIBUTION_CERT_CER }}
DIST_P12_B64: ${{ secrets.ORG_DISTRIBUTION_PRIVATEKEY_P12 }}
DIST_P12_PASS: ${{ secrets.ORG_DISTRIBUTION_PRIVATEKEY_P12_PASSWORD }}
environment: macos
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
steps:
- name: Install Rosetta 2 (if needed)
run: |
# This command is no-op on Intel, and installs on Apple Silicon
sudo softwareupdate --install-rosetta --agree-to-license
- name: Clean Workspace Folder
run: |
rm -rf ./* || true
rm -rf ./.??* || true
- name: Check out repository code
uses: actions/checkout@v3
with:
path: ${{github.workspace}}
- name: Download node.js version from nodejs.org
run: |
curl -o ./nodejs-mac-arm64.tar.gz --create-dirs https://nodejs.org/dist/v22.19.0/node-v22.19.0-darwin-arm64.tar.gz
mkdir nodejs-mac-arm64 && tar -xzf nodejs-mac-arm64.tar.gz -C nodejs-mac-arm64 --strip-components=1 && rm ./nodejs-mac-arm64.tar.gz
curl -o ./nodejs-mac-x64.tar.gz --create-dirs https://nodejs.org/dist/v22.19.0/node-v22.19.0-darwin-x64.tar.gz
mkdir nodejs-mac-x64 && tar -xzf nodejs-mac-x64.tar.gz -C nodejs-mac-x64 --strip-components=1 && rm ./nodejs-mac-x64.tar.gz
working-directory: ${{github.workspace}}
- name: Set environment variables for Node
run: |
if [[ $(uname -m) == 'arm64' ]]; then
export PATH_TO_NODE="${{github.workspace}}/nodejs-mac-arm64/bin"
else
export PATH_TO_NODE="${{github.workspace}}/nodejs-mac-x64/bin"
fi
export PATH="$PATH_TO_NODE:$PATH"
export PATH="$PWD/oobee-desktop/node_modules/.bin:$PATH"
env:
CI: ""
working-directory: ${{github.workspace}}
- name: Decode & import certs into temporary keychain
run: |
# --- prepare tmp dir ---
mkdir -p /tmp/signing
# --- decode into /tmp ---
echo "$CER_B64" | openssl base64 -d -A > /tmp/signing/developer_id_application.cer
echo "$P12_B64" | openssl base64 -d -A > /tmp/signing/developer_id_application.p12
echo "$DIST_CER_B64" | openssl base64 -d -A > /tmp/signing/distribution_installer.cer
echo "$DIST_P12_B64" | openssl base64 -d -A > /tmp/signing/distribution_installer.p12
# --- create & unlock keychain ---
security create-keychain -p "" build.keychain
security set-keychain-settings -lut 7200 build.keychain
security list-keychains -s build.keychain
security default-keychain -s build.keychain
security unlock-keychain -p "" build.keychain
# --- import Developer ID Application cert + key ---
security import /tmp/signing/developer_id_application.cer \
-k build.keychain -T /usr/bin/codesign
security import /tmp/signing/developer_id_application.p12 \
-k build.keychain -P "$P12_PASSWORD" -T /usr/bin/codesign
# --- import Distribution (Installer) cert + key ---
security import /tmp/signing/distribution_installer.cer \
-k build.keychain -T /usr/bin/codesign
security import /tmp/signing/distribution_installer.p12 \
-k build.keychain -P "$DIST_P12_PASS" -T /usr/bin/codesign
# 1) Unlock it again (just to be safe)
security unlock-keychain -p "" build.keychain
# 2) Allow codesign (and productbuild/pkgbuild) to use the keys without prompting
security set-key-partition-list \
-S apple-tool:,apple: \
-s -k "" build.keychain
# --- clean up all temp files ---
rm -rf /tmp/signing
# - name: Locate signing identity
# id: find_identity
# run: |
# # grabs the Developer ID Application name; you can also grep the Installer if needed
# ID=$(security find-identity -v -p codesigning build.keychain \
# | grep "Developer ID Application:" \
# | sed -E 's/^[[:space:]]*[0-9]+\) ([^"]+).*$/\1/')
# echo "id=$ID" >> $GITHUB_OUTPUT
- name: Install Node Modules and Build for Mac0S
run: |
npm install
npm run make-mac
env:
CI: ""
BE_TAG: "${{ vars.BE_TAG }}"
APPLE_ID: ${{ secrets.APPLE_ID }}
APPLE_PASSWORD: ${{ secrets.APPLE_PASSWORD }}
APPLE_TEAM_ID: ${{ secrets.APPLE_TEAM_ID }}
working-directory: ${{github.workspace}}
- name: Cleanup keychain
if: always()
run: security delete-keychain build.keychain
- name: Move and rename universal binary zip (Mac)
run: |
mv *.zip "${{github.workspace}}/oobee-desktop-macos.zip"
working-directory: ${{github.workspace}}/out/make/zip/darwin/universal
- name: Compute SHA256 hash for Mac
run: |
hash=$(shasum -a 256 oobee-desktop-macos.zip | awk '{ print $1 }')
printf "%s" "$hash" > oobee-desktop-macos.zip.sha256.txt
- name: Upload Mac artifact
uses: actions/upload-artifact@v4
with:
name: oobee-desktop-macos
path: |
oobee-desktop-macos.zip
oobee-desktop-macos.zip.sha256.txt
- name: Release Mac artifact
uses: softprops/action-gh-release@v1
if: startsWith(github.ref, 'refs/tags/')
with:
files: |
oobee-desktop-macos.zip
oobee-desktop-macos.zip.sha256.txt