Release desktop v0.2.14 #42
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: release-desktop | |
| # Electron shell only — independent from release-switcher (core/CLI releases on v* tags). | |
| # Pushes that touch only core/, landing/, npm/, etc. do not trigger this workflow. | |
| on: | |
| push: | |
| branches: | |
| - main | |
| paths: | |
| - "electron/**" | |
| workflow_dispatch: | |
| inputs: | |
| version: | |
| description: "Desktop version without leading v (default: electron/package.json)" | |
| required: false | |
| type: string | |
| permissions: | |
| contents: read | |
| env: | |
| R2_PUBLIC_BASE_URL: https://downloads.clovapi.com | |
| jobs: | |
| prepare: | |
| runs-on: ubuntu-latest | |
| outputs: | |
| publish: ${{ steps.r2_gate.outputs.publish }} | |
| tag: ${{ steps.release_tag.outputs.tag }} | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v5 | |
| - name: Decide R2 publish | |
| id: r2_gate | |
| run: | | |
| if [ -n "${{ secrets.R2_ACCOUNT_ID }}" ] && [ -n "${{ secrets.R2_ACCESS_KEY_ID }}" ] && [ -n "${{ secrets.R2_SECRET_ACCESS_KEY }}" ] && [ -n "${{ secrets.R2_BUCKET }}" ]; then | |
| echo "publish=true" >> "$GITHUB_OUTPUT" | |
| else | |
| echo "publish=false" >> "$GITHUB_OUTPUT" | |
| fi | |
| - name: Resolve desktop release tag | |
| id: release_tag | |
| if: steps.r2_gate.outputs.publish == 'true' | |
| env: | |
| INPUT_VERSION: ${{ github.event.inputs.version }} | |
| run: | | |
| set -euo pipefail | |
| if [[ -n "${INPUT_VERSION:-}" ]]; then | |
| echo "tag=v${INPUT_VERSION#v}" >> "$GITHUB_OUTPUT" | |
| else | |
| version="$(node -p "require('./electron/package.json').version")" | |
| echo "tag=v${version}" >> "$GITHUB_OUTPUT" | |
| fi | |
| desktop-mac: | |
| runs-on: macos-latest | |
| needs: prepare | |
| if: needs.prepare.outputs.publish == 'true' | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v5 | |
| - name: Sync desktop version from input | |
| if: github.event.inputs.version != '' | |
| env: | |
| RELEASE_VERSION: ${{ github.event.inputs.version }} | |
| run: node scripts/sync-desktop-version.mjs | |
| - name: Setup Node | |
| uses: actions/setup-node@v5 | |
| with: | |
| node-version: "22" | |
| cache: npm | |
| cache-dependency-path: electron/package-lock.json | |
| - name: Setup Python | |
| uses: actions/setup-python@v5 | |
| with: | |
| python-version: "3.x" | |
| - name: Install icon build dependencies | |
| run: pip install pillow | |
| - name: Build macOS desktop | |
| working-directory: electron | |
| env: | |
| CSC_LINK: ${{ secrets.CSC_LINK }} | |
| CSC_KEY_PASSWORD: ${{ secrets.CSC_KEY_PASSWORD }} | |
| APPLE_API_KEY_CONTENT: ${{ secrets.APPLE_API_KEY_CONTENT }} | |
| APPLE_API_KEY_ID: ${{ secrets.APPLE_API_KEY_ID }} | |
| APPLE_API_ISSUER: ${{ secrets.APPLE_API_ISSUER }} | |
| APPLE_TEAM_ID: ${{ secrets.APPLE_TEAM_ID }} | |
| run: | | |
| set -euo pipefail | |
| required_secrets=( | |
| CSC_LINK | |
| CSC_KEY_PASSWORD | |
| APPLE_API_KEY_CONTENT | |
| APPLE_API_KEY_ID | |
| APPLE_API_ISSUER | |
| APPLE_TEAM_ID | |
| ) | |
| for secret_name in "${required_secrets[@]}"; do | |
| if [ -z "${!secret_name:-}" ]; then | |
| echo "::error::Missing required macOS signing secret: ${secret_name}" | |
| exit 1 | |
| fi | |
| done | |
| mkdir -p "$RUNNER_TEMP/appstoreconnect" | |
| export APPLE_API_KEY="$RUNNER_TEMP/appstoreconnect/AuthKey_${APPLE_API_KEY_ID}.p8" | |
| printf '%s' "$APPLE_API_KEY_CONTENT" > "$APPLE_API_KEY" | |
| chmod 600 "$APPLE_API_KEY" | |
| npm ci | |
| npm run build:mac | |
| - name: Install awscli | |
| run: pip install --upgrade awscli | |
| - name: Upload macOS desktop to R2 | |
| env: | |
| R2_ACCOUNT_ID: ${{ secrets.R2_ACCOUNT_ID }} | |
| R2_ACCESS_KEY_ID: ${{ secrets.R2_ACCESS_KEY_ID }} | |
| R2_SECRET_ACCESS_KEY: ${{ secrets.R2_SECRET_ACCESS_KEY }} | |
| R2_SESSION_TOKEN: ${{ secrets.R2_SESSION_TOKEN }} | |
| R2_BUCKET: ${{ secrets.R2_BUCKET }} | |
| R2_ARTIFACT_PREFIX: ${{ secrets.R2_ARTIFACT_PREFIX }} | |
| run: | | |
| set -euo pipefail | |
| chmod +x scripts/r2-publish.sh | |
| ./scripts/r2-publish.sh desktop \ | |
| --tag "${{ needs.prepare.outputs.tag }}" \ | |
| --file electron/dist/clovapi-desktop-darwin-universal.dmg \ | |
| --name clovapi-desktop-darwin-universal.dmg | |
| desktop-win: | |
| runs-on: windows-latest | |
| needs: prepare | |
| if: needs.prepare.outputs.publish == 'true' | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v5 | |
| - name: Sync desktop version from input | |
| if: github.event.inputs.version != '' | |
| shell: bash | |
| env: | |
| RELEASE_VERSION: ${{ github.event.inputs.version }} | |
| run: node scripts/sync-desktop-version.mjs | |
| - name: Setup Node | |
| uses: actions/setup-node@v5 | |
| with: | |
| node-version: "22" | |
| cache: npm | |
| cache-dependency-path: electron/package-lock.json | |
| - name: Build Windows desktop | |
| working-directory: electron | |
| shell: bash | |
| run: | | |
| npm ci | |
| npm run build:win | |
| - name: Setup Python | |
| uses: actions/setup-python@v5 | |
| with: | |
| python-version: "3.x" | |
| - name: Install awscli | |
| shell: bash | |
| run: pip install --upgrade awscli | |
| - name: Upload Windows desktop to R2 | |
| shell: bash | |
| env: | |
| R2_ACCOUNT_ID: ${{ secrets.R2_ACCOUNT_ID }} | |
| R2_ACCESS_KEY_ID: ${{ secrets.R2_ACCESS_KEY_ID }} | |
| R2_SECRET_ACCESS_KEY: ${{ secrets.R2_SECRET_ACCESS_KEY }} | |
| R2_SESSION_TOKEN: ${{ secrets.R2_SESSION_TOKEN }} | |
| R2_BUCKET: ${{ secrets.R2_BUCKET }} | |
| R2_ARTIFACT_PREFIX: ${{ secrets.R2_ARTIFACT_PREFIX }} | |
| run: | | |
| set -euo pipefail | |
| chmod +x scripts/r2-publish.sh | |
| ./scripts/r2-publish.sh desktop \ | |
| --tag "${{ needs.prepare.outputs.tag }}" \ | |
| --file electron/dist/clovapi-desktop-windows-x64.exe \ | |
| --name clovapi-desktop-windows-x64.exe | |
| desktop-latest: | |
| runs-on: ubuntu-latest | |
| needs: | |
| - prepare | |
| - desktop-mac | |
| - desktop-win | |
| if: needs.prepare.outputs.publish == 'true' | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v5 | |
| - name: Setup Python | |
| uses: actions/setup-python@v5 | |
| with: | |
| python-version: "3.x" | |
| - name: Install awscli | |
| run: pip install --upgrade awscli | |
| - name: Publish desktop latest marker | |
| env: | |
| R2_ACCOUNT_ID: ${{ secrets.R2_ACCOUNT_ID }} | |
| R2_ACCESS_KEY_ID: ${{ secrets.R2_ACCESS_KEY_ID }} | |
| R2_SECRET_ACCESS_KEY: ${{ secrets.R2_SECRET_ACCESS_KEY }} | |
| R2_SESSION_TOKEN: ${{ secrets.R2_SESSION_TOKEN }} | |
| R2_BUCKET: ${{ secrets.R2_BUCKET }} | |
| R2_ARTIFACT_PREFIX: ${{ secrets.R2_ARTIFACT_PREFIX }} | |
| run: | | |
| set -euo pipefail | |
| chmod +x scripts/r2-publish.sh | |
| ./scripts/r2-publish.sh desktop-latest \ | |
| --tag "${{ needs.prepare.outputs.tag }}" |