Merge pull request #353 from Chia-Network/enable-dependabot-builds

ci: update ci to standard build process enabling dependabot
Chia-Network · Nov 13, 2024 · a6050a3 · a6050a3
2 parents f6dca9d + a7c23a6
commit a6050a3
Show file tree

Hide file tree

Showing 3 changed files with 67 additions and 31 deletions.
diff --git a/.github/workflows/auto-release.yml b/.github/workflows/auto-release.yml
@@ -19,7 +19,7 @@ jobs:
         uses: Chia-Network/actions/clean-workspace@main
 
       - name: Checkout current branch
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
         with:
           # Need PACKAGE_ADMIN_PAT token so when the tag is created, the tag automation runs
           token: ${{ secrets.PACKAGE_ADMIN_PAT }}

diff --git a/.github/workflows/build-installers.yaml b/.github/workflows/build-installers.yaml
@@ -19,6 +19,9 @@ permissions:
   id-token: write
   contents: write
 
+env:
+  APP_NAME: core-registry-application
+
 jobs:
   build_mac:
     name: Build Mac Installer
@@ -27,10 +30,10 @@ jobs:
       - uses: Chia-Network/actions/clean-workspace@main
 
       - name: Checkout Code
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
 
       - name: Setup Node 20
-        uses: actions/setup-node@v3
+        uses: actions/setup-node@v4
         with:
           node-version: '20.10'
 
@@ -43,8 +46,20 @@ jobs:
       - name: npm install
         run: |
           npm install
+          
+      - name: Test for secrets access
+        id: check_secrets
+        shell: bash
+        run: |
+          unset HAS_SIGNING_SECRET
+
+          if [ -n "$SIGNING_SECRET" ]; then HAS_SIGNING_SECRET='true' ; fi
+          echo "HAS_SIGNING_SECRET=${HAS_SIGNING_SECRET}" >> "$GITHUB_OUTPUT"
+        env:
+          SIGNING_SECRET: "${{ secrets.SM_CLIENT_CERT_FILE_B64 }}"
 
       - name: Import Apple installer signing certificate
+        if: steps.check_secrets.outputs.HAS_SIGNING_SECRET
         uses: Apple-Actions/import-codesign-certs@v1
         with:
           p12-file-base64: ${{ secrets.APPLE_DEV_ID_APP }}
@@ -56,6 +71,7 @@ jobs:
         run: npm run electron:package:mac
 
       - name: Notarize
+        if: steps.check_secrets.outputs.HAS_SIGNING_SECRET
         run: |
           DMG_FILE=$(find ${{ github.workspace }}/dist/ -type f -name '*.dmg')
           xcrun notarytool submit \
@@ -68,18 +84,18 @@ jobs:
       - name: Upload Mac Installer
         uses: actions/upload-artifact@v3
         with:
-          name: tokenization-engine-ui-mac-installer
+          name: ${{ env.APP_NAME }}-mac-installer
           path: ${{ github.workspace }}/dist/*.dmg
 
   build_windows:
     name: Build Windows Installer
     runs-on: windows-2019
     steps:
       - name: Checkout Code
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
 
       - name: Setup Node 20.10
-        uses: actions/setup-node@v3
+        uses: actions/setup-node@v4
         with:
           node-version: '20.10'
 
@@ -97,6 +113,17 @@ jobs:
       - name: Build electron app
         run: npm run electron:package:win
 
+      - name: Test for secrets access
+        id: check_secrets
+        shell: bash
+        run: |
+          unset HAS_SIGNING_SECRET
+
+          if [ -n "$SIGNING_SECRET" ]; then HAS_SIGNING_SECRET='true' ; fi
+          echo "HAS_SIGNING_SECRET=${HAS_SIGNING_SECRET}" >> "$GITHUB_OUTPUT"
+        env:
+          SIGNING_SECRET: "${{ secrets.SM_CLIENT_CERT_FILE_B64 }}"
+
       # Windows Code Signing
       - name: Get installer name for signing
         shell: bash
@@ -106,6 +133,7 @@ jobs:
           echo "INSTALLER_FILE=$FILE" >> "$GITHUB_ENV"
 
       - name: Sign windows artifacts
+        if: steps.check_secrets.outputs.HAS_SIGNING_SECRET
         uses: chia-network/actions/digicert/windows-sign@main
         with:
           sm_api_key: ${{ secrets.SM_API_KEY }}
@@ -117,18 +145,18 @@ jobs:
       - name: Upload Windows Installer
         uses: actions/upload-artifact@v3
         with:
-          name: tokenization-engine-ui-windows-installer
+          name: ${{ env.APP_NAME }}-windows-installer
           path: "${{ github.workspace }}/${{ env.INSTALLER_FILE }}"
 
   build_linux:
     name: Build Linux Installer
     runs-on: ubuntu-latest
     steps:
       - name: Checkout Code
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
 
       - name: Setup Node 20.10
-        uses: actions/setup-node@v3
+        uses: actions/setup-node@v4
         with:
           node-version: '20.10'
 
@@ -152,18 +180,18 @@ jobs:
       - name: Upload Linux Installer
         uses: actions/upload-artifact@v3
         with:
-          name: tokenization-engine-ui-linux-installer
+          name: ${{ env.APP_NAME }}-linux-installer
           path: ${{ github.workspace }}/dist/*.deb
 
   build_web:
-    name: Build CADT UI Web App
+    name: Build Web App
     runs-on: ubuntu-latest
     steps:
       - name: Checkout Code
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
 
       - name: Setup Node 20.10
-        uses: actions/setup-node@v3
+        uses: actions/setup-node@v4
         with:
           node-version: '20.10'
 
@@ -177,13 +205,13 @@ jobs:
           npm run build
 
       - name: Create .tar.gz of the web build
-        run: tar -cvzf tokenization-engine-ui-web-build.tar.gz build
+        run: tar -cvzf ${{ env.APP_NAME }}-web-build.tar.gz build
 
       - name: Upload build artifact
         uses: actions/upload-artifact@v3
         with:
-          name: tokenization-engine-ui-web-build
-          path: tokenization-engine-ui-web-build.tar.gz
+          name: ${{ env.APP_NAME }}-web-build
+          path: ${{ env.APP_NAME }}-web-build.tar.gz
 
   release:
     runs-on: ubuntu-latest
@@ -197,33 +225,33 @@ jobs:
       - name: Download Windows artifacts
         uses: actions/download-artifact@v3
         with:
-          name: tokenization-engine-ui-windows-installer
-          path: tokenization-engine-ui-windows-installer
+          name: ${{ env.APP_NAME }}-windows-installer
+          path: ${{ env.APP_NAME }}-windows-installer
 
       - name: Download MacOS artifacts
         uses: actions/download-artifact@v3
         with:
-          name: tokenization-engine-ui-mac-installer
-          path: tokenization-engine-ui-mac-installer
+          name: ${{ env.APP_NAME }}-mac-installer
+          path: ${{ env.APP_NAME }}-mac-installer
 
       - name: Download Linux artifacts
         uses: actions/download-artifact@v3
         with:
-          name: tokenization-engine-ui-linux-installer
-          path: tokenization-engine-ui-linux-installer
+          name: ${{ env.APP_NAME }}-linux-installer
+          path: ${{ env.APP_NAME }}-linux-installer
 
       - name: Download Web artifact
         uses: actions/download-artifact@v3
         with:
-          name: tokenization-engine-ui-web-build
-          path: tokenization-engine-ui-web-build
+          name: ${{ env.APP_NAME }}-web-build
+          path: ${{ env.APP_NAME }}-web-build
 
       - name: Get Filenames
         run: |
-          DMG_FILE=$(find ${{ github.workspace }}/cadt-ui-mac-installer/ -type f -name '*.dmg')
-          DEB_FILE=$(find ${{ github.workspace }}/cadt-ui-linux-installer/ -type f -name '*.deb')
-          EXE_FILE=$(find ${{ github.workspace }}/cadt-ui-windows-installer/ -type f -name '*.exe')
-          WEB_FILE=$(find ${{ github.workspace }}/cadt-ui-web-build/ -type f -name '*.tar.gz')
+          DMG_FILE=$(find ${{ github.workspace }}/${{ env.APP_NAME }}-mac-installer/ -type f -name '*.dmg')
+          DEB_FILE=$(find ${{ github.workspace }}/${{ env.APP_NAME }}-linux-installer/ -type f -name '*.deb')
+          EXE_FILE=$(find ${{ github.workspace }}/${{ env.APP_NAME }}-windows-installer/ -type f -name '*.exe')
+          WEB_FILE=$(find ${{ github.workspace }}/${{ env.APP_NAME }}-web-build/ -type f -name '*.tar.gz')
 
           echo "DMG_FILE=$DMG_FILE" >>$GITHUB_ENV
           echo "DEB_FILE=$DEB_FILE" >>$GITHUB_ENV
@@ -239,15 +267,23 @@ jobs:
             ${{ env.EXE_FILE }}
             ${{ env.WEB_FILE }}
 
+      - name: Get repo name
+        id: repo-name
+        run: |
+          echo "REPO_NAME=$(echo "$GITHUB_REPOSITORY" | cut -d "/" -f 2)" >>$GITHUB_OUTPUT
+
       - name: Get tag name
         id: tag-name
         run: |
           echo "TAGNAME=$(echo $GITHUB_REF | cut -d / -f 3)" >>$GITHUB_OUTPUT
 
+      - name: Gets JWT Token from GitHub
+        uses: Chia-Network/actions/github/jwt@main
+
       - name: Trigger apt repo update
         uses: Chia-Network/actions/github/glue@main
         with:
-          json_data: '{"climate_tokenization_repo":"${{ steps.repo-name.outputs.REPO_NAME }}","application_name":"[\"climate-tokenization-engine-ui\"]","release_version":"${{ steps.tag-name.outputs.TAGNAME }}","add_debian_version":"false","arm64":"false"}'
+          json_data: '{"climate_tokenization_repo":"${{ steps.repo-name.outputs.REPO_NAME }}","application_name":"[\"${{ env.APP_NAME }}\"]","release_version":"${{ steps.tag-name.outputs.TAGNAME }}","add_debian_version":"true","arm64":"available"}'
           glue_url: ${{ secrets.GLUE_API_URL }}
           glue_project: "climate-tokenization"
           glue_path: "trigger"
diff --git a/.github/workflows/ensure-version-increment.yml b/.github/workflows/ensure-version-increment.yml
@@ -19,12 +19,12 @@ jobs:
       - uses: Chia-Network/actions/clean-workspace@main
 
       - name: Checkout current branch
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
         with:
           path: branch-repo
 
       - name: Checkout main
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
         with:
           ref: main
           path: main-repo