Skip to content
Snippets Groups Projects
Commit 4d0a46c9 authored by michael.minelli's avatar michael.minelli
Browse files

CI/CD => use include + add deb package build + matrix macOS signing

parent a0cf986c
No related branches found
No related tags found
1 merge request!2Adds a first version of the wiki documentation
Pipeline #26480 failed
Show whitespace changes
Inline Side-by-side
Showing
with 510 additions and 429 deletions
.gitlab-ci.yml
+ 1
429
View file @ 4d0a46c9
variables:
GIT_SUBMODULE_STRATEGY: recursive
GIT_SUBMODULE_FORCE_HTTPS: "true"
SECURE_FILES_DOWNLOAD_PATH: './'
PROJECT_NAME: DojoCLI
BIN_NAME: dojo
MACOS_PKG_EXTENSION: '.pkg'
MACOS_PKG_BIN_NAME: "${BIN_NAME}${MACOS_PKG_EXTENSION}"
WINDOWS_BIN_EXTENSION: '.exe'
WINDOWS_BIN_NAME: "${BIN_NAME}${WINDOWS_BIN_EXTENSION}"
ARTIFACTS_FOLDER: /artifacts
GITLAB_API_PROJECT_URL: ${CI_API_V4_URL}/projects/${CI_PROJECT_ID}
BIN_FOLDER_MACOS: $ARTIFACTS_FOLDER/macOS
BIN_FOLDER_LINUX: $ARTIFACTS_FOLDER/Linux
BIN_FOLDER_WINDOWS: $ARTIFACTS_FOLDER/Windows
BIN_FOLDER_MACOS_ARM64: $BIN_FOLDER_MACOS/arm64
BIN_FOLDER_MACOS_X64: $BIN_FOLDER_MACOS/x64
BIN_FILE_MACOS_ARM64: $BIN_FOLDER_MACOS_ARM64/$BIN_NAME
BIN_FILE_MACOS_X64: $BIN_FOLDER_MACOS_X64/$BIN_NAME
BIN_PKG_FILE_MACOS_ARM64: $BIN_FOLDER_MACOS_ARM64/$MACOS_PKG_BIN_NAME
BIN_PKG_FILE_MACOS_X64: $BIN_FOLDER_MACOS_X64/$MACOS_PKG_BIN_NAME
BIN_FILE_LINUX_ARM64: $BIN_FOLDER_LINUX/arm64/$BIN_NAME
BIN_FILE_LINUX_X64: $BIN_FOLDER_LINUX/x64/$BIN_NAME
BIN_FILE_WINDOWS_ARM64: $BIN_FOLDER_WINDOWS/arm64/$WINDOWS_BIN_NAME
BIN_FILE_WINDOWS_X64: $BIN_FOLDER_WINDOWS/x64/$WINDOWS_BIN_NAME
VERSION_FILE: $ARTIFACTS_FOLDER/VERSION
VERSION_DEV_SUFFIX: '-dev'
PROJECT_FOLDER: NodeApp
PACKAGE_REGISTRY_URL: "${GITLAB_API_PROJECT_URL}/packages/generic/${BIN_NAME}"
WIKI_FOLDER: Wiki
.get_version:
script:
- IS_DEV=$([[ $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH ]] && echo false || echo true)
- VERSION=$(jq -r .version $PROJECT_FOLDER/package.json)$([[ $IS_DEV == true ]] && echo $VERSION_DEV_SUFFIX || echo '')
.get_packages_url:
script:
# Binaries
- PACKAGE_URL_MACOS_ARM64_BIN="${PACKAGE_REGISTRY_URL}_macOS-arm64/${VERSION}/${BIN_NAME}"
- PACKAGE_URL_MACOS_X64_BIN="${PACKAGE_REGISTRY_URL}_macOS-x64/${VERSION}/${BIN_NAME}"
- PACKAGE_URL_LINUX_ARM64_BIN="${PACKAGE_REGISTRY_URL}_Linux-arm64/${VERSION}/${BIN_NAME}"
- PACKAGE_URL_LINUX_X64_BIN="${PACKAGE_REGISTRY_URL}_Linux-x64/${VERSION}/${BIN_NAME}"
- PACKAGE_URL_WINDOWS_ARM64_BIN="${PACKAGE_REGISTRY_URL}_Windows-arm64/${VERSION}/${WINDOWS_BIN_NAME}"
- PACKAGE_URL_WINDOWS_X64_BIN="${PACKAGE_REGISTRY_URL}_Windows-x64/${VERSION}/${WINDOWS_BIN_NAME}"
# Packages
- PACKAGE_URL_MACOS_ARM64_PKG="${PACKAGE_REGISTRY_URL}_macOS-pkg-arm64/${VERSION}/${MACOS_PKG_BIN_NAME}"
- PACKAGE_URL_MACOS_X64_PKG="${PACKAGE_REGISTRY_URL}_macOS-pkg-x64/${VERSION}/${MACOS_PKG_BIN_NAME}"
# Wiki
- WIKI_ARCHIVE_NAME="${PROJECT_NAME}_Wiki_${VERSION}.tar.xz"
- PACKAGE_URL_WIKI="${PACKAGE_REGISTRY_URL}_Wiki/${VERSION}/${WIKI_ARCHIVE_NAME}"
.build_cli:
script:
- cd "${PROJECT_FOLDER}"
# Install dependencies
- npm install
# Set version number shown in CLI
- sed -i -r "s/\{\{VERSION\}\}/${VERSION}/g" src/commander/CommanderApp.ts
# Decrypt env vars for production
- |
if [ $CI_COMMIT_REF_PROTECTED == "true" ]; then
echo "Decrypt production env vars"
sed -i -r "s/(DOTENV_KEY[ ]*:[ ]*[\'\"\`])[^'\"\`]*([\'\"\`])([ ]*\,)?//g" src/app.ts
sed -i -r "s/,[\ \n]*\}/\}/g" src/app.ts
npx dotenv-vault local decrypt "${DOTENV_PROD_KEY}" > .env
fi
# Build
- npm run build
# Build binaries
## macOS
- npx pkg . -t node18-macos-arm64 --output $BIN_FILE_MACOS_ARM64 --no-bytecode --compress Brotli --public-packages "*" --public
- npx pkg . -t node18-macos-x64 --output $BIN_FILE_MACOS_X64 --no-bytecode --compress Brotli --public-packages "*" --public
## Linux
- npx pkg . -t node18-linuxstatic-arm64 --output $BIN_FILE_LINUX_ARM64 --no-bytecode --compress Brotli --public-packages "*" --public
- npx pkg . -t node18-linuxstatic-x64 --output $BIN_FILE_LINUX_X64 --no-bytecode --compress Brotli --public-packages "*" --public
## Windows
- npx pkg . -t node18-win-arm64 --output $BIN_FILE_WINDOWS_ARM64 --no-bytecode --compress Brotli --public-packages "*" --public
- npx pkg . -t node18-win-x64 --output $BIN_FILE_WINDOWS_X64 --no-bytecode --compress Brotli --public-packages "*" --public
.sign_macos:
script:
# Sign excecutable
- codesign --force --options=runtime --entitlements ../../../Resources/macApp/Signing/entitlements.plist --sign $SIGN_DEV_ID_APP --keychain $SIGN_LOGIN_KEYCHAIN_PATH --timestamp ${BIN_NAME}
# Package and notarize the app
- xcrun notarytool store-credentials --apple-id $SIGN_APPLE_ID --team-id $SIGN_TEAM_ID --password $SIGN_APP_PASSWORD --keychain $SIGN_LOGIN_KEYCHAIN_PATH $SIGN_KEYCHAIN_PROFILE
- ditto ${BIN_NAME} ${BIN_NAME}_pkg/usr/local/bin/
- productbuild --identifier $SIGN_IDENTIFIER --version $VERSION --sign $SIGN_DEV_ID_INST --keychain $SIGN_LOGIN_KEYCHAIN_PATH --timestamp --root ${BIN_NAME}_pkg / ${MACOS_PKG_BIN_NAME}
- xcrun notarytool submit ${BIN_NAME}.pkg --keychain $SIGN_LOGIN_KEYCHAIN_PATH --keychain-profile $SIGN_KEYCHAIN_PROFILE --wait
- xcrun stapler staple ${BIN_NAME}.pkg
# Clean folder
- rm -Rf ${BIN_NAME}_pkg
.clean_release:
script:
# Delete release if it already exists
- 'curl --request DELETE --header "JOB-TOKEN: $CI_JOB_TOKEN" "${GITLAB_API_PROJECT_URL}/releases/${VERSION}"'
# Delete tag if it already exists (use private-token because job-token don't have permission to delete tags)
- 'curl --request DELETE --header "PRIVATE-TOKEN: $GITLAB_PROJECT_ACCESS_TOKEN" "${GITLAB_API_PROJECT_URL}/repository/tags/${VERSION}"'
.clean_packages:
script:
# Get all packages of the project
- 'curl --header "JOB-TOKEN: $CI_JOB_TOKEN" "${GITLAB_API_PROJECT_URL}/packages" > gitlabPackages.json'
# Filter and select packages to delete (based on version)
- packagesToDelete=`jq -r '.[] | select(.version=="'${VERSION}'") | ._links.delete_api_path' gitlabPackages.json`
# Delete packages by calling Gitlab API
- >
for deletePath in $packagesToDelete; do
echo "Deleting package at path : ${deletePath}"
curl --request DELETE --header "JOB-TOKEN: $CI_JOB_TOKEN" "${deletePath}"
done
stages:
- test
- build
- sign
- clean
- upload
- release
test:build:
stage: test
tags:
- build
image: node:latest
script:
- apt update
- apt install -y jq
- !reference [.get_version, script]
# Build
- !reference [.build_cli, script]
rules:
- if: '$CI_COMMIT_REF_PROTECTED != "true"'
build:version:
stage: build
tags:
- build
image: node:latest
script:
- apt update
- apt install -y jq
- !reference [.get_version, script]
- mkdir -p $ARTIFACTS_FOLDER
- echo $VERSION > $VERSION_FILE
# Build
- !reference [.build_cli, script]
artifacts:
untracked: true
paths:
- $ARTIFACTS_FOLDER/*
expire_in: 1 hour
rules:
- if: '$CI_COMMIT_REF_PROTECTED == "true"'
sign:macos:
stage: sign
tags:
- macos_signing
dependencies:
- build:version
script:
- VERSION=$(cat $VERSION_FILE)
- security unlock-keychain -p $SIGN_KEYCHAIN_PASSWORD $SIGN_LOGIN_KEYCHAIN_PATH
# Sign Apple Silicon binary
- cd $BIN_FOLDER_MACOS_ARM64
- !reference [.sign_macos, script]
# Sign Intel binary
- cd $BIN_FOLDER_MACOS_X64
- !reference [.sign_macos, script]
artifacts:
paths:
- $ARTIFACTS_FOLDER/*
expire_in: 1 hour
rules:
- if: '$CI_COMMIT_REF_PROTECTED == "true"'
clean:release:
stage: clean
tags:
- gitlab_clean
image: registry.gitlab.com/gitlab-ci-utils/curl-jq:latest
script:
- !reference [.get_version, script]
- !reference [.clean_release, script]
rules:
- if: '$CI_COMMIT_REF_PROTECTED == "true"'
clean:packages:
stage: clean
tags:
- gitlab_clean
image: registry.gitlab.com/gitlab-ci-utils/curl-jq:latest
script:
- !reference [.get_version, script]
- !reference [.clean_packages, script]
rules:
- if: '$CI_COMMIT_REF_PROTECTED == "true"'
clean:dev:release:
stage: clean
tags:
- gitlab_clean
image: registry.gitlab.com/gitlab-ci-utils/curl-jq:latest
script:
- !reference [.get_version, script]
- VERSION="${VERSION}${VERSION_DEV_SUFFIX}"
- !reference [.clean_release, script]
rules:
- if: '$CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH'
clean:dev:packages:
stage: clean
tags:
- gitlab_clean
image: registry.gitlab.com/gitlab-ci-utils/curl-jq:latest
script:
- !reference [.get_version, script]
- VERSION="${VERSION}${VERSION_DEV_SUFFIX}"
- !reference [.clean_packages, script]
rules:
- if: '$CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH'
upload:packages:
stage: upload
tags:
- gitlab_package
dependencies:
- sign:macos
image: registry.gitlab.com/gitlab-ci-utils/curl-jq:latest
script:
- !reference [.get_version, script]
- !reference [.get_packages_url, script]
# macOS
- 'curl --header "JOB-TOKEN: $CI_JOB_TOKEN" --upload-file ${BIN_FILE_MACOS_ARM64} "${PACKAGE_URL_MACOS_ARM64_BIN}";'
- 'curl --header "JOB-TOKEN: $CI_JOB_TOKEN" --upload-file ${BIN_FILE_MACOS_X64} "${PACKAGE_URL_MACOS_X64_BIN}";'
- 'curl --header "JOB-TOKEN: $CI_JOB_TOKEN" --upload-file ${BIN_PKG_FILE_MACOS_ARM64} "${PACKAGE_URL_MACOS_ARM64_PKG}";'
- 'curl --header "JOB-TOKEN: $CI_JOB_TOKEN" --upload-file ${BIN_PKG_FILE_MACOS_X64} "${PACKAGE_URL_MACOS_X64_PKG}";'
# Linux
- 'curl --header "JOB-TOKEN: $CI_JOB_TOKEN" --upload-file ${BIN_FILE_LINUX_ARM64} "${PACKAGE_URL_LINUX_ARM64_BIN}";'
- 'curl --header "JOB-TOKEN: $CI_JOB_TOKEN" --upload-file ${BIN_FILE_LINUX_X64} "${PACKAGE_URL_LINUX_X64_BIN}";'
# Windows
- 'curl --header "JOB-TOKEN: $CI_JOB_TOKEN" --upload-file ${BIN_FILE_WINDOWS_ARM64} "${PACKAGE_URL_WINDOWS_ARM64_BIN}";'
- 'curl --header "JOB-TOKEN: $CI_JOB_TOKEN" --upload-file ${BIN_FILE_WINDOWS_X64} "${PACKAGE_URL_WINDOWS_X64_BIN}";'
rules:
- if: '$CI_COMMIT_REF_PROTECTED == "true"'
upload:packages:wiki:
stage: upload
tags:
- gitlab_package
image: registry.gitlab.com/gitlab-ci-utils/curl-jq:latest
script:
# Install dependencies
- apk update
- apk add xz
- !reference [.get_version, script]
- !reference [.get_packages_url, script]
# Create archive
- WIKI_ARCHIVE_PATH="${ARTIFACTS_FOLDER}/${WIKI_ARCHIVE_NAME}"
- tar -v -c -C "${CI_PROJECT_DIR}/${WIKI_FOLDER}" -J -f "${WIKI_ARCHIVE_PATH}" . # Ubuntu: tar --verbose --create --cd wiki-test-2 --xz --file file.tar.bz2
# Send package
- 'curl --header "JOB-TOKEN: $CI_JOB_TOKEN" --upload-file ${WIKI_ARCHIVE_PATH} "${PACKAGE_URL_WIKI}";'
rules:
- if: '$CI_COMMIT_REF_PROTECTED == "true"'
release:wiki:
stage: release
tags:
- release
image: alpine:latest
script:
- !reference [.get_version, script]
- apk update
- apk add git
# Define URL for the wiki in terms of project-agnostic predefined variables
- WIKI_URL="${CI_SERVER_PROTOCOL}://project_${CI_PROJECT_ID}_bot:${GITLAB_PROJECT_ACCESS_TOKEN}@${CI_SERVER_HOST}:${CI_SERVER_PORT}/${CI_PROJECT_PATH}.wiki.git"
# Clone this project's wiki under /tmp
- rm -rf "/tmp/${CI_PROJECT_NAME}.wiki"
- cd /tmp
- git clone "${WIKI_URL}"
# Enter the cloned repo
- cd "${CI_PROJECT_NAME}.wiki"
# Update the file
- mv .git/ ../
- rm -rf ./*
- mv ../.git/ ./
- cp "${CI_PROJECT_DIR}/.gitignore" .
- cp -R "${CI_PROJECT_DIR}/${WIKI_FOLDER}/." .
# Set committer info
- git config user.name "$GITLAB_USER_NAME"
- git config user.email "$GITLAB_USER_EMAIL"
# Commit the gitignore file
- git add ".gitignore"
- git commit -m "Add gitignore file" || true
# Commit the file
- git add .
- git commit -m "${VERSION}" || true
# Push the change back to the master branch of the wiki
- git push origin "HEAD:main"
rules:
- if: '$CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH'
release:gitlab:
stage: release
tags:
- release
image: registry.gitlab.com/gitlab-ci-utils/curl-jq:latest
script:
- !reference [.get_version, script]
- !reference [.get_packages_url, script]
# Extract description from CHANGELOG.md
- CHANGELOG_LINE_START=`awk '/##\ [0-9]+\.[0-9]+\.[0-9]+/{print NR; exit;}' CHANGELOG.md`
- CHANGELOG_LINE_END=`awk '/##\ [0-9]+\.[0-9]+\.[0-9]+/{ count++; if(count>1) {print NR; exit;}}' CHANGELOG.md`
- DESCRIPTION=`awk 'NR > '$CHANGELOG_LINE_START' && NR < '$CHANGELOG_LINE_END'' CHANGELOG.md`
# Create Release (can't be done by release_step of gitlab image because it don't have access to env var defined in script_step)
- >
RELEASE_DATA=$(jq --null-input --arg version "$VERSION" --arg description "# Changelog (version $VERSION) $DESCRIPTION" --arg tag_name "$VERSION" --arg ref "$CI_COMMIT_SHORT_SHA" '{
"name": $version,
"description": $description,
"tag_name": $tag_name,
"ref": $ref,
"assets": {
"links": [
{
"name": "Windows (ARM64) binary",
"url": "'${PACKAGE_URL_WINDOWS_ARM64_BIN}'",
},{
"name": "Windows (x64) binary",
"url": "'${PACKAGE_URL_WINDOWS_X64_BIN}'",
},{
"name": "Linux (ARM64) binary",
"url": "'${PACKAGE_URL_LINUX_ARM64_BIN}'",
},{
"name": "Linux (x64) binary",
"url": "'${PACKAGE_URL_LINUX_X64_BIN}'",
},{
"name": "macOS (Intel) binary",
"url": "'${PACKAGE_URL_MACOS_X64_BIN}'",
},{
"name": "macOS (Apple Silicon) binary",
"url": "'${PACKAGE_URL_MACOS_ARM64_BIN}'",
},{
"name": "macOS (Intel) package",
"url": "'${PACKAGE_URL_MACOS_X64_PKG}'",
},{
"name": "macOS (Apple Silicon) package",
"url": "'${PACKAGE_URL_MACOS_ARM64_PKG}'",
},{
"name": "Wiki",
"url": "'${PACKAGE_URL_WIKI}'",
}
]
}
}')
- >
curl --data "${RELEASE_DATA}" \
--header "Content-Type: application/json" \
--header "JOB-TOKEN: $CI_JOB_TOKEN" \
--request POST "${GITLAB_API_PROJECT_URL}/releases"
rules:
- if: '$CI_COMMIT_REF_PROTECTED == "true"'
\ No newline at end of file
include: "NodeApp/.gitlab-ci/**/*.yml"
\ No newline at end of file
NodeApp/.gitlab-ci/00_vars.yml 0 → 100644
+ 54
0
View file @ 4d0a46c9
variables:
GIT_SUBMODULE_STRATEGY: recursive
GIT_SUBMODULE_FORCE_HTTPS: "true"
SECURE_FILES_DOWNLOAD_PATH: './'
PROJECT_NAME: DojoCLI
PROJECT_FOLDER: NodeApp
RESOURCES_FOLDER: "${CI_PROJECT_DIR}/Resources"
BIN_NAME: dojo
PKG_EXTENSION_DEBIAN: '.deb'
PKG_EXTENSION_MACOS: '.pkg'
PKG_BIN_NAME_DEBIAN: "${BIN_NAME}${PKG_EXTENSION_DEBIAN}"
PKG_BIN_NAME_MACOS: "${BIN_NAME}${PKG_EXTENSION_MACOS}"
BIN_EXTENSION_WINDOWS: '.exe'
BIN_NAME_WINDOWS: "${BIN_NAME}${BIN_EXTENSION_WINDOWS}"
ARTIFACTS_FOLDER: /artifacts
GITLAB_API_PROJECT_URL: ${CI_API_V4_URL}/projects/${CI_PROJECT_ID}
BIN_FOLDER_MACOS: $ARTIFACTS_FOLDER/macOS
BIN_FOLDER_LINUX: $ARTIFACTS_FOLDER/Linux
BIN_FOLDER_WINDOWS: $ARTIFACTS_FOLDER/Windows
BIN_FOLDER_LINUX_ARM64: $BIN_FOLDER_LINUX/arm64
BIN_FOLDER_LINUX_X64: $BIN_FOLDER_LINUX/x64
BIN_FOLDER_MACOS_ARM64: $BIN_FOLDER_MACOS/arm64
BIN_FOLDER_MACOS_X64: $BIN_FOLDER_MACOS/x64
BIN_FOLDER_WINDOWS_ARM64: $BIN_FOLDER_WINDOWS/arm64
BIN_FOLDER_WINDOWS_X64: $BIN_FOLDER_WINDOWS/x64
BIN_FILE_MACOS_ARM64: $BIN_FOLDER_MACOS_ARM64/$BIN_NAME
BIN_FILE_MACOS_X64: $BIN_FOLDER_MACOS_X64/$BIN_NAME
BIN_FILE_LINUX_ARM64: $BIN_FOLDER_LINUX_ARM64/$BIN_NAME
BIN_FILE_LINUX_X64: BIN_FOLDER_LINUX_X64/$BIN_NAME
BIN_FILE_WINDOWS_ARM64: $BIN_FOLDER_WINDOWS_ARM64/$WINDOWS_BIN_NAME
BIN_FILE_WINDOWS_X64: $BIN_FOLDER_WINDOWS_X64/$WINDOWS_BIN_NAME
BIN_PKG_FILE_DEBIAN_ARM64: $BIN_FOLDER_LINUX_ARM64/$DEBIAN_PKG_BIN_NAME
BIN_PKG_FILE_DEBIAN_X64: BIN_FOLDER_LINUX_X64/$DEBIAN_PKG_BIN_NAME
BIN_PKG_FILE_MACOS_ARM64: $BIN_FOLDER_MACOS_ARM64/$MACOS_PKG_BIN_NAME
BIN_PKG_FILE_MACOS_X64: $BIN_FOLDER_MACOS_X64/$MACOS_PKG_BIN_NAME
VERSION_FILE: $ARTIFACTS_FOLDER/VERSION
VERSION_DEV_SUFFIX: '-dev'
PACKAGE_REGISTRY_URL: "${GITLAB_API_PROJECT_URL}/packages/generic/${BIN_NAME}"
WIKI_FOLDER: Wiki
\ No newline at end of file
NodeApp/.gitlab-ci/01_functions.yml 0 → 100644
+ 106
0
View file @ 4d0a46c9
.get_version:
script:
- IS_DEV=$([[ $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH ]] && echo false || echo true)
- VERSION=$(jq -r .version $PROJECT_FOLDER/package.json)$([[ $IS_DEV == true ]] && echo $VERSION_DEV_SUFFIX || echo '')
.get_last_stable_version:
script:
# Get all releases of the project
- 'curl --header "JOB-TOKEN: $CI_JOB_TOKEN" "${GITLAB_API_PROJECT_URL}/releases" > releases.json'
# Filter and select last package that don't contains "-dev" in its name
- LAST_STABLE_VERSION=`jq -r '[.[] | .name | select (contains("$VERSION_DEV_SUFFIX") | not)][0]' releases.json`
.get_packages_url:
script:
# Binaries
- PACKAGE_URL_MACOS_ARM64_BIN="${PACKAGE_REGISTRY_URL}_macOS-arm64/${VERSION}/${BIN_NAME}"
- PACKAGE_URL_MACOS_X64_BIN="${PACKAGE_REGISTRY_URL}_macOS-x64/${VERSION}/${BIN_NAME}"
- PACKAGE_URL_LINUX_ARM64_BIN="${PACKAGE_REGISTRY_URL}_Linux-arm64/${VERSION}/${BIN_NAME}"
- PACKAGE_URL_LINUX_X64_BIN="${PACKAGE_REGISTRY_URL}_Linux-x64/${VERSION}/${BIN_NAME}"
- PACKAGE_URL_WINDOWS_ARM64_BIN="${PACKAGE_REGISTRY_URL}_Windows-arm64/${VERSION}/${BIN_NAME_WINDOWS}"
- PACKAGE_URL_WINDOWS_X64_BIN="${PACKAGE_REGISTRY_URL}_Windows-x64/${VERSION}/${BIN_NAME_WINDOWS}"
# Packages
- PACKAGE_URL_MACOS_ARM64_PKG="${PACKAGE_REGISTRY_URL}_macOS-pkg-arm64/${VERSION}/${PKG_BIN_NAME_MACOS}"
- PACKAGE_URL_MACOS_X64_PKG="${PACKAGE_REGISTRY_URL}_macOS-pkg-x64/${VERSION}/${PKG_BIN_NAME_MACOS}"
# Wiki
- WIKI_ARCHIVE_NAME="${PROJECT_NAME}_Wiki_${VERSION}.tar.xz"
- PACKAGE_URL_WIKI="${PACKAGE_REGISTRY_URL}_Wiki/${VERSION}/${WIKI_ARCHIVE_NAME}"
.build_cli:
script:
- cd "${PROJECT_FOLDER}"
# Install dependencies
- npm install
# Set version number shown in CLI
- sed -i -r "s/\{\{VERSION\}\}/${VERSION}/g" src/commander/CommanderApp.ts
# Decrypt env vars for production
- |
if [ $CI_COMMIT_REF_PROTECTED == "true" ]; then
echo "Decrypt production env vars"
sed -i -r "s/(DOTENV_KEY[ ]*:[ ]*[\'\"\`])[^'\"\`]*([\'\"\`])([ ]*\,)?//g" src/app.ts
sed -i -r "s/,[\ \n]*\}/\}/g" src/app.ts
npx dotenv-vault local decrypt "${DOTENV_PROD_KEY}" > .env
fi
# Build
- npm run build
# Build binaries
## macOS
- npx pkg . -t node18-macos-arm64 --output $BIN_FILE_MACOS_ARM64 --no-bytecode --compress Brotli --public-packages "*" --public
- npx pkg . -t node18-macos-x64 --output $BIN_FILE_MACOS_X64 --no-bytecode --compress Brotli --public-packages "*" --public
## Linux
- npx pkg . -t node18-linuxstatic-arm64 --output $BIN_FILE_LINUX_ARM64 --no-bytecode --compress Brotli --public-packages "*" --public
- npx pkg . -t node18-linuxstatic-x64 --output $BIN_FILE_LINUX_X64 --no-bytecode --compress Brotli --public-packages "*" --public
## Windows
- npx pkg . -t node18-win-arm64 --output $BIN_FILE_WINDOWS_ARM64 --no-bytecode --compress Brotli --public-packages "*" --public
- npx pkg . -t node18-win-x64 --output $BIN_FILE_WINDOWS_X64 --no-bytecode --compress Brotli --public-packages "*" --public
# Add execution rights to binaries
## macOS
- chmod +x $BIN_FILE_MACOS_ARM64
- chmod +x $BIN_FILE_MACOS_X64
## Linux
- chmod +x $BIN_FILE_LINUX_ARM64
- chmod +x $BIN_FILE_LINUX_X64
## Windows
- chmod +x $BIN_FILE_WINDOWS_ARM64
- chmod +x $BIN_FILE_WINDOWS_X64
.clean_release:
script:
# Delete release if it already exists
- 'curl --request DELETE --header "JOB-TOKEN: $CI_JOB_TOKEN" "${GITLAB_API_PROJECT_URL}/releases/${VERSION}"'
# Delete tag if it already exists (use private-token because job-token don't have permission to delete tags)
- 'curl --request DELETE --header "PRIVATE-TOKEN: $GITLAB_PROJECT_ACCESS_TOKEN" "${GITLAB_API_PROJECT_URL}/repository/tags/${VERSION}"'
.clean_packages:
script:
# Get all packages of the project
- 'curl --header "JOB-TOKEN: $CI_JOB_TOKEN" "${GITLAB_API_PROJECT_URL}/packages" > gitlabPackages.json'
# Filter and select packages to delete (based on version)
- packagesToDelete=`jq -r '.[] | select(.version=="'${VERSION}'") | ._links.delete_api_path' gitlabPackages.json`
# Delete packages by calling Gitlab API
- >
for deletePath in $packagesToDelete; do
echo "Deleting package at path : ${deletePath}"
curl --request DELETE --header "JOB-TOKEN: $CI_JOB_TOKEN" "${deletePath}"
done
\ No newline at end of file
NodeApp/.gitlab-ci/02_template.yml 0 → 100644
+ 88
0
View file @ 4d0a46c9
.pkg_and_sign:debian:
stage: pkg_and_sign
image: ubuntu:latest
tags:
- pkg
dependencies:
- build:version
script:
- !reference [ .get_version, script ]
- !reference [ .get_last_stable_version, script ]
- cd $BIN_FOLDER_DEBIAN_PKG_AND_SIGN
- PKG_BUILD_FOLDER_NAME="${BIN_NAME}_${VERSION}_${ARCH}"
# Install dependencies
- apt update
- apt install -y dpkg
# Pkg tree creation
- mkdir -p "${PKG_BUILD_FOLDER_NAME}/usr/local/bin/"
## Copy binary
- cp -R ${BIN_NAME} "${PKG_BUILD_FOLDER_NAME}/usr/local/bin/"
## Copy debian folder with package definition files
- cp -R "${RESOURCES_FOLDER}/Debian/pkg/debian" "${PKG_BUILD_FOLDER_NAME}"
# Modify files
- cd "${PKG_BUILD_FOLDER_NAME}/debian"
## control file
- sed -i -r "s/{{VERSION}}/${VERSION}/g" control
- sed -i -r "s/{{ARCH}}/${ARCH}/g" control
- sed -i -r "s/{{BIN_NAME}}/${BIN_NAME}/g" control
## changelog file
- STABILITY=$([[ $IS_DEV == true ]] && echo 'unstable' || echo 'stable')
- PRIORITY=$([[ ${VERSION%.*} == ${LAST_STABLE_VERSION%.*} ]] && echo 'medium' || echo 'high')
- sed -i -r "s/{{VERSION}}/${VERSION}/g" changelog
- sed -i -r "s/{{BIN_NAME}}/${BIN_NAME}/g" changelog
- sed -i -r "s/{{DATE}}/$(date -R)/g" changelog
- sed -i -r "s/{{URL}}/${CI_PROJECT_URL}/g" changelog
- sed -i -r "s/{{STABILITY}}/${STABILITY}/g" changelog
- sed -i -r "s/{{PRIORITY}}/${PRIORITY}/g" changelog
## copyright file
- sed -i -r "s/{{BIN_NAME}}/${BIN_NAME}/g" copyright
## return to bin folder
- cd $BIN_FOLDER_DEBIAN_PKG_AND_SIGN
# Build package
- dpkg-deb --build --root-owner-group -Z xz -z 9 ${PKG_BUILD_FOLDER_NAME} ${PKG_BIN_NAME_DEBIAN}
# Clean folder
- rm -Rf ${PKG_BUILD_FOLDER_NAME}
artifacts:
paths:
- $ARTIFACTS_FOLDER/*
expire_in: 10 mins
rules:
- if: '$CI_COMMIT_REF_PROTECTED == "true"'
.pkg_and_sign:macos:
stage: pkg_and_sign
tags:
- macos_signing
dependencies:
- build:version
script:
- VERSION=$(cat $VERSION_FILE)
- security unlock-keychain -p $SIGN_KEYCHAIN_PASSWORD $SIGN_LOGIN_KEYCHAIN_PATH
- cd $BIN_FOLDER_MACOS_PKG_AND_SIGN
# Sign excecutable
- codesign --force --options=runtime --entitlements ../../../Resources/macOS/Signing/entitlements.plist --sign $SIGN_DEV_ID_APP --keychain $SIGN_LOGIN_KEYCHAIN_PATH --timestamp ${BIN_NAME}
# Package and notarize the app
- xcrun notarytool store-credentials --apple-id $SIGN_APPLE_ID --team-id $SIGN_TEAM_ID --password $SIGN_APP_PASSWORD --keychain $SIGN_LOGIN_KEYCHAIN_PATH $SIGN_KEYCHAIN_PROFILE
- ditto ${BIN_NAME} ${BIN_NAME}_pkg/usr/local/bin/
- productbuild --identifier $SIGN_IDENTIFIER --version $VERSION --sign $SIGN_DEV_ID_INST --keychain $SIGN_LOGIN_KEYCHAIN_PATH --timestamp --root ${BIN_NAME}_pkg / ${PKG_BIN_NAME_MACOS}
- xcrun notarytool submit ${BIN_NAME}.pkg --keychain $SIGN_LOGIN_KEYCHAIN_PATH --keychain-profile $SIGN_KEYCHAIN_PROFILE --wait
- xcrun stapler staple ${BIN_NAME}.pkg
# Clean folder
- rm -Rf ${BIN_NAME}_pkg
artifacts:
paths:
- $ARTIFACTS_FOLDER/*
expire_in: 10 mins
rules:
- if: '$CI_COMMIT_REF_PROTECTED == "true"'
\ No newline at end of file
NodeApp/.gitlab-ci/03_stages.yml 0 → 100644
+ 7
0
View file @ 4d0a46c9
stages:
- test
- build
- pkg_and_sign
- clean
- upload
- release
\ No newline at end of file
NodeApp/.gitlab-ci/04_stageTest.yml 0 → 100644
+ 14
0
View file @ 4d0a46c9
test:build:
stage: test
tags:
- build
image: node:latest
script:
- apt update
- apt install -y jq
- !reference [ .get_version, script ]
# Build
- !reference [ .build_cli, script ]
rules:
- if: '$CI_COMMIT_REF_PROTECTED != "true"'
NodeApp/.gitlab-ci/05_stageBuild.yml 0 → 100644
+ 21
0
View file @ 4d0a46c9
build:version:
stage: build
tags:
- build
image: node:latest
script:
- apt update
- apt install -y jq
- !reference [ .get_version, script ]
- mkdir -p $ARTIFACTS_FOLDER
- echo $VERSION > $VERSION_FILE
# Build
- !reference [ .build_cli, script ]
artifacts:
untracked: true
paths:
- $ARTIFACTS_FOLDER/*
expire_in: 10 mins
rules:
- if: '$CI_COMMIT_REF_PROTECTED == "true"'
NodeApp/.gitlab-ci/06_stagePkgAndSign.yml 0 → 100644
+ 14
0
View file @ 4d0a46c9
pkg_and_sign:debian:
parallel:
matrix:
- ARCH: [ "arm64", "amd64" ]
before_script:
- BIN_FOLDER_DEBIAN_PKG_AND_SIGN=$([[ $ARCH == "arm64" ]] && echo ${BIN_FILE_LINUX_ARM64} || echo ${BIN_FILE_LINUX_X64})
extends: .pkg_and_sign:macos
pkg_and_sign:macos:
parallel:
matrix:
- BIN_FOLDER_MACOS_PKG_AND_SIGN: [ "$BIN_FOLDER_MACOS_ARM64", "$BIN_FOLDER_MACOS_X64" ]
extends: .pkg_and_sign:macos
\ No newline at end of file
NodeApp/.gitlab-ci/07_stageClean.yml 0 → 100644
+ 48
0
View file @ 4d0a46c9
clean:release:
stage: clean
tags:
- gitlab_clean
image: registry.gitlab.com/gitlab-ci-utils/curl-jq:latest
script:
- !reference [ .get_version, script ]
- !reference [ .clean_release, script ]
rules:
- if: '$CI_COMMIT_REF_PROTECTED == "true"'
clean:packages:
stage: clean
tags:
- gitlab_clean
image: registry.gitlab.com/gitlab-ci-utils/curl-jq:latest
script:
- !reference [ .get_version, script ]
- !reference [ .clean_packages, script ]
rules:
- if: '$CI_COMMIT_REF_PROTECTED == "true"'
clean:dev:release:
stage: clean
tags:
- gitlab_clean
image: registry.gitlab.com/gitlab-ci-utils/curl-jq:latest
script:
- !reference [ .get_version, script ]
- VERSION="${VERSION}${VERSION_DEV_SUFFIX}"
- !reference [ .clean_release, script ]
rules:
- if: '$CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH'
clean:dev:packages:
stage: clean
tags:
- gitlab_clean
image: registry.gitlab.com/gitlab-ci-utils/curl-jq:latest
script:
- !reference [ .get_version, script ]
- VERSION="${VERSION}${VERSION_DEV_SUFFIX}"
- !reference [ .clean_packages, script ]
rules:
- if: '$CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH'
\ No newline at end of file
NodeApp/.gitlab-ci/08_stageUpload.yml 0 → 100644
+ 49
0
View file @ 4d0a46c9
upload:packages:
stage: upload
tags:
- gitlab_package
dependencies:
- pkg_and_sign:macos
image: registry.gitlab.com/gitlab-ci-utils/curl-jq:latest
script:
- !reference [ .get_version, script ]
- !reference [ .get_packages_url, script ]
# macOS
- 'curl --header "JOB-TOKEN: $CI_JOB_TOKEN" --upload-file ${BIN_FILE_MACOS_ARM64} "${PACKAGE_URL_MACOS_ARM64_BIN}";'
- 'curl --header "JOB-TOKEN: $CI_JOB_TOKEN" --upload-file ${BIN_FILE_MACOS_X64} "${PACKAGE_URL_MACOS_X64_BIN}";'
- 'curl --header "JOB-TOKEN: $CI_JOB_TOKEN" --upload-file ${BIN_PKG_FILE_MACOS_ARM64} "${PACKAGE_URL_MACOS_ARM64_PKG}";'
- 'curl --header "JOB-TOKEN: $CI_JOB_TOKEN" --upload-file ${BIN_PKG_FILE_MACOS_X64} "${PACKAGE_URL_MACOS_X64_PKG}";'
# Linux
- 'curl --header "JOB-TOKEN: $CI_JOB_TOKEN" --upload-file ${BIN_FILE_LINUX_ARM64} "${PACKAGE_URL_LINUX_ARM64_BIN}";'
- 'curl --header "JOB-TOKEN: $CI_JOB_TOKEN" --upload-file ${BIN_FILE_LINUX_X64} "${PACKAGE_URL_LINUX_X64_BIN}";'
# Windows
- 'curl --header "JOB-TOKEN: $CI_JOB_TOKEN" --upload-file ${BIN_FILE_WINDOWS_ARM64} "${PACKAGE_URL_WINDOWS_ARM64_BIN}";'
- 'curl --header "JOB-TOKEN: $CI_JOB_TOKEN" --upload-file ${BIN_FILE_WINDOWS_X64} "${PACKAGE_URL_WINDOWS_X64_BIN}";'
rules:
- if: '$CI_COMMIT_REF_PROTECTED == "true"'
upload:packages:wiki:
stage: upload
tags:
- gitlab_package
image: registry.gitlab.com/gitlab-ci-utils/curl-jq:latest
script:
# Install dependencies
- apk update
- apk add xz
- !reference [ .get_version, script ]
- !reference [ .get_packages_url, script ]
# Create archive
- WIKI_ARCHIVE_PATH="${ARTIFACTS_FOLDER}/${WIKI_ARCHIVE_NAME}"
- tar -v -c -C "${CI_PROJECT_DIR}/${WIKI_FOLDER}" -J -f "${WIKI_ARCHIVE_PATH}" . # Ubuntu: tar --verbose --create --cd wiki-test-2 --xz --file file.tar.bz2
# Send package
- 'curl --header "JOB-TOKEN: $CI_JOB_TOKEN" --upload-file ${WIKI_ARCHIVE_PATH} "${PACKAGE_URL_WIKI}";'
rules:
- if: '$CI_COMMIT_REF_PROTECTED == "true"'
\ No newline at end of file
NodeApp/.gitlab-ci/09_stageRelease.yml 0 → 100644
+ 108
0
View file @ 4d0a46c9
release:wiki:
stage: release
tags:
- release
image: alpine:latest
script:
- !reference [ .get_version, script ]
- apk update
- apk add git
# Define URL for the wiki in terms of project-agnostic predefined variables
- WIKI_URL="${CI_SERVER_PROTOCOL}://project_${CI_PROJECT_ID}_bot:${GITLAB_PROJECT_ACCESS_TOKEN}@${CI_SERVER_HOST}:${CI_SERVER_PORT}/${CI_PROJECT_PATH}.wiki.git"
# Clone this project's wiki under /tmp
- rm -rf "/tmp/${CI_PROJECT_NAME}.wiki"
- cd /tmp
- git clone "${WIKI_URL}"
# Enter the cloned repo
- cd "${CI_PROJECT_NAME}.wiki"
# Update the file
- mv .git/ ../
- rm -rf ./*
- mv ../.git/ ./
- cp "${CI_PROJECT_DIR}/.gitignore" .
- cp -R "${CI_PROJECT_DIR}/${WIKI_FOLDER}/." .
# Set committer info
- git config user.name "$GITLAB_USER_NAME"
- git config user.email "$GITLAB_USER_EMAIL"
# Commit the gitignore file
- git add ".gitignore"
- git commit -m "Add gitignore file" || true
# Commit the file
- git add .
- git commit -m "${VERSION}" || true
# Push the change back to the master branch of the wiki
- git push origin "HEAD:main"
rules:
- if: '$CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH'
release:gitlab:
stage: release
tags:
- release
image: registry.gitlab.com/gitlab-ci-utils/curl-jq:latest
script:
- !reference [ .get_version, script ]
- !reference [ .get_packages_url, script ]
# Extract description from CHANGELOG.md
- CHANGELOG_LINE_START=`awk '/##\ [0-9]+\.[0-9]+\.[0-9]+/{print NR; exit;}' CHANGELOG.md`
- CHANGELOG_LINE_END=`awk '/##\ [0-9]+\.[0-9]+\.[0-9]+/{ count++; if(count>1) {print NR; exit;}}' CHANGELOG.md`
- DESCRIPTION=`awk 'NR > '$CHANGELOG_LINE_START' && NR < '$CHANGELOG_LINE_END'' CHANGELOG.md`
# Create Release (can't be done by release_step of gitlab image because it don't have access to env var defined in script_step)
- >
RELEASE_DATA=$(jq --null-input --arg version "$VERSION" --arg description "# Changelog (version $VERSION) $DESCRIPTION" --arg tag_name "$VERSION" --arg ref "$CI_COMMIT_SHORT_SHA" '{
"name": $version,
"description": $description,
"tag_name": $tag_name,
"ref": $ref,
"assets": {
"links": [
{
"name": "Windows (ARM64) binary",
"url": "'${PACKAGE_URL_WINDOWS_ARM64_BIN}'",
},{
"name": "Windows (x64) binary",
"url": "'${PACKAGE_URL_WINDOWS_X64_BIN}'",
},{
"name": "Linux (ARM64) binary",
"url": "'${PACKAGE_URL_LINUX_ARM64_BIN}'",
},{
"name": "Linux (x64) binary",
"url": "'${PACKAGE_URL_LINUX_X64_BIN}'",
},{
"name": "macOS (Intel) binary",
"url": "'${PACKAGE_URL_MACOS_X64_BIN}'",
},{
"name": "macOS (Apple Silicon) binary",
"url": "'${PACKAGE_URL_MACOS_ARM64_BIN}'",
},{
"name": "macOS (Intel) package",
"url": "'${PACKAGE_URL_MACOS_X64_PKG}'",
},{
"name": "macOS (Apple Silicon) package",
"url": "'${PACKAGE_URL_MACOS_ARM64_PKG}'",
},{
"name": "Wiki",
"url": "'${PACKAGE_URL_WIKI}'",
}
]
}
}')
- >
curl --data "${RELEASE_DATA}" \
--header "Content-Type: application/json" \
--header "JOB-TOKEN: $CI_JOB_TOKEN" \
--request POST "${GITLAB_API_PROJECT_URL}/releases"
rules:
- if: '$CI_COMMIT_REF_PROTECTED == "true"'
\ No newline at end of file
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment