Skip to content
Desktop Release

chore(release): v0.6.3 #101

Sign in to view logs

chore(release): v0.6.3

chore(release): v0.6.3 #101

Workflow file for this run

.github/workflows/desktop-release.yml at 9ea91b1
name: Desktop Release
on:
push:
tags:
- 'v*'
workflow_dispatch:
inputs:
version:
description: 'Version to release (e.g., 0.1.0)'
required: true
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
jobs:
build:
strategy:
fail-fast: false
matrix:
include:
- os: macos-latest
platform: mac
arch: arm64
- os: macos-latest
platform: mac
arch: x64
- os: windows-latest
platform: win
arch: x64
- os: ubuntu-latest
platform: linux
arch: x64
- os: ubuntu-latest
platform: linux
arch: arm64
runs-on: ${{ matrix.os }}
name: Build ${{ matrix.platform }}-${{ matrix.arch }}
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Setup pnpm
uses: pnpm/action-setup@v4
- name: Setup Node.js
uses: actions/setup-node@v4
with:
node-version: 24
cache: 'pnpm'
- name: Install dependencies
run: pnpm install --frozen-lockfile
- name: Build shared packages
run: pnpm --filter @pairux/shared-types build
# macOS code signing
- name: Import macOS certificates
if: matrix.platform == 'mac'
env:
APPLE_CERTIFICATE: ${{ secrets.APPLE_CERTIFICATE }}
APPLE_CERTIFICATE_PASSWORD: ${{ secrets.APPLE_CERTIFICATE_PASSWORD }}
KEYCHAIN_PASSWORD: ${{ secrets.KEYCHAIN_PASSWORD }}
run: |
if [ -n "$APPLE_CERTIFICATE" ]; then
echo $APPLE_CERTIFICATE | base64 --decode > certificate.p12
security create-keychain -p "$KEYCHAIN_PASSWORD" build.keychain
security default-keychain -s build.keychain
security unlock-keychain -p "$KEYCHAIN_PASSWORD" build.keychain
security import certificate.p12 -k build.keychain -P "$APPLE_CERTIFICATE_PASSWORD" -T /usr/bin/codesign
security set-key-partition-list -S apple-tool:,apple:,codesign: -s -k "$KEYCHAIN_PASSWORD" build.keychain
rm certificate.p12
fi
# Windows code signing
- name: Setup Windows signing
if: matrix.platform == 'win'
env:
WINDOWS_CERTIFICATE: ${{ secrets.WINDOWS_CERTIFICATE }}
run: |
if ($env:WINDOWS_CERTIFICATE) {
[IO.File]::WriteAllBytes("certificate.pfx", [Convert]::FromBase64String($env:WINDOWS_CERTIFICATE))
}
shell: pwsh
# Linux dependencies for electron-builder
- name: Install Linux dependencies
if: matrix.platform == 'linux'
run: |
sudo apt-get update
sudo apt-get install -y libarchive-tools rpm
- name: Write .env file
run: printenv ENV_FILE > apps/desktop/.env
env:
ENV_FILE: ${{ secrets.ENV_FILE }}
- name: Build desktop app
run: pnpm --filter @pairux/desktop build
env:
# TURN server configuration
TURN_SERVER_URL: ${{ secrets.TURN_SERVER_URL }}
TURN_SERVER_USERNAME: ${{ secrets.TURN_SERVER_USERNAME }}
TURN_SERVER_CREDENTIAL: ${{ secrets.TURN_SERVER_CREDENTIAL }}
TURNS_SERVER_URL: ${{ secrets.TURNS_SERVER_URL }}
- name: Package desktop app
working-directory: apps/desktop
run: npx electron-builder --${{ matrix.platform }} --${{ matrix.arch }} --publish never
env:
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
# macOS notarization (afterSign hook)
APPLE_ID: ${{ secrets.APPLE_ID }}
APPLE_APP_SPECIFIC_PASSWORD: ${{ secrets.APPLE_APP_SPECIFIC_PASSWORD }}
APPLE_TEAM_ID: ${{ secrets.APPLE_TEAM_ID }}
# Windows signing
WINDOWS_CERTIFICATE_PASSWORD: ${{ secrets.WINDOWS_CERTIFICATE_PASSWORD }}
- name: Extract ffmpeg binary
shell: bash
run: |
FFMPEG_PATH=$(node -e "try { console.log(require('@ffmpeg-installer/ffmpeg').path) } catch(e) { process.exit(1) }")
if [ -n "$FFMPEG_PATH" ] && [ -f "$FFMPEG_PATH" ]; then
EXT=""
if [ "${{ matrix.platform }}" = "win" ]; then EXT=".exe"; fi
cp "$FFMPEG_PATH" "apps/desktop/out/ffmpeg-${{ matrix.platform }}-${{ matrix.arch }}${EXT}"
gzip "apps/desktop/out/ffmpeg-${{ matrix.platform }}-${{ matrix.arch }}${EXT}"
echo "Extracted ffmpeg to ffmpeg-${{ matrix.platform }}-${{ matrix.arch }}${EXT}.gz"
else
echo "WARNING: ffmpeg binary not found for this platform"
fi
- name: Upload artifacts
uses: actions/upload-artifact@v4
with:
name: desktop-${{ matrix.platform }}-${{ matrix.arch }}
path: |
apps/desktop/out/*.dmg
apps/desktop/out/*.zip
apps/desktop/out/*.exe
apps/desktop/out/*.AppImage
apps/desktop/out/*.deb
apps/desktop/out/*.rpm
apps/desktop/out/*.gz
retention-days: 7
release:
needs: build
runs-on: ubuntu-latest
permissions:
contents: write
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Get version
id: version
run: |
if [ -n "${{ github.event.inputs.version }}" ]; then
VERSION="${{ github.event.inputs.version }}"
else
VERSION="${{ github.ref_name }}"
fi
# Strip 'v' prefix if present
VERSION="${VERSION#v}"
echo "version=$VERSION" >> $GITHUB_OUTPUT
echo "tag=v$VERSION" >> $GITHUB_OUTPUT
# Only mark as prerelease if version has prerelease suffix (alpha, beta, rc)
if [[ "$VERSION" == *"-alpha"* ]] || [[ "$VERSION" == *"-beta"* ]] || [[ "$VERSION" == *"-rc"* ]]; then
echo "prerelease=true" >> $GITHUB_OUTPUT
else
echo "prerelease=false" >> $GITHUB_OUTPUT
fi
- name: Download all artifacts
uses: actions/download-artifact@v4
with:
path: dist
pattern: desktop-*
merge-multiple: true
- name: List artifacts
run: ls -la dist/
- name: Generate checksums
run: |
cd dist
sha256sum * > SHA256SUMS.txt
cat SHA256SUMS.txt
- name: Create Release
uses: softprops/action-gh-release@v2
with:
tag_name: ${{ steps.version.outputs.tag }}
name: PairUX ${{ steps.version.outputs.version }}
draft: false
prerelease: ${{ steps.version.outputs.prerelease }}
generate_release_notes: true
files: |
dist/*
env:
# Use PKG_SUBMIT_TOKEN (PAT) to trigger submit-packages workflow
# GITHUB_TOKEN doesn't trigger other workflows
GITHUB_TOKEN: ${{ secrets.PKG_SUBMIT_TOKEN || secrets.GITHUB_TOKEN }}