mirror of
https://github.com/DayuanJiang/next-ai-draw-io.git
synced 2026-01-11 02:28:30 +08:00
c4b1ec8d28
- Split workflow into mac/linux and windows jobs - Add dist:win:build script with --publish never - Integrate SignPath signing for Windows executables - Sign both NSIS installer and portable EXE files
94 lines
2.4 KiB
YAML
94 lines
2.4 KiB
YAML
name: Electron Release
|
|
|
|
on:
|
|
push:
|
|
tags:
|
|
- "v*"
|
|
workflow_dispatch:
|
|
inputs:
|
|
version:
|
|
description: "Version tag (e.g., v0.4.5)"
|
|
required: false
|
|
|
|
jobs:
|
|
# Mac and Linux: Build and publish directly (no signing needed)
|
|
build-mac-linux:
|
|
permissions:
|
|
contents: write
|
|
strategy:
|
|
fail-fast: false
|
|
matrix:
|
|
include:
|
|
- os: macos-latest
|
|
platform: mac
|
|
- os: ubuntu-latest
|
|
platform: linux
|
|
runs-on: ${{ matrix.os }}
|
|
steps:
|
|
- name: Checkout code
|
|
uses: actions/checkout@v6
|
|
|
|
- name: Setup Node.js
|
|
uses: actions/setup-node@v6
|
|
with:
|
|
node-version: 24
|
|
cache: "npm"
|
|
|
|
- name: Install dependencies
|
|
run: npm install
|
|
|
|
- name: Build and publish
|
|
run: npm run dist:${{ matrix.platform }}
|
|
env:
|
|
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
|
|
|
|
# Windows: Build, sign with SignPath, then publish
|
|
build-windows:
|
|
permissions:
|
|
contents: write
|
|
runs-on: windows-latest
|
|
steps:
|
|
- name: Checkout code
|
|
uses: actions/checkout@v6
|
|
|
|
- name: Setup Node.js
|
|
uses: actions/setup-node@v6
|
|
with:
|
|
node-version: 24
|
|
cache: "npm"
|
|
|
|
- name: Install dependencies
|
|
run: npm install
|
|
|
|
# Build WITHOUT publishing
|
|
- name: Build Windows app
|
|
run: npm run dist:win:build
|
|
env:
|
|
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
|
|
|
|
- name: Upload unsigned artifacts for signing
|
|
uses: actions/upload-artifact@v4
|
|
id: upload-unsigned
|
|
with:
|
|
name: windows-unsigned
|
|
path: release/*.exe
|
|
retention-days: 1
|
|
|
|
- name: Sign with SignPath
|
|
uses: signpath/github-action-submit-signing-request@v2
|
|
with:
|
|
api-token: ${{ secrets.SIGNPATH_API_TOKEN }}
|
|
organization-id: '880a211d-2cd3-4e7b-8d04-3d1f8eb39df5'
|
|
project-slug: 'next-ai-draw-io'
|
|
signing-policy-slug: 'test-signing'
|
|
github-artifact-id: ${{ steps.upload-unsigned.outputs.artifact-id }}
|
|
wait-for-completion: true
|
|
output-artifact-directory: release-signed
|
|
|
|
- name: Upload signed artifacts to release
|
|
uses: softprops/action-gh-release@v2
|
|
with:
|
|
files: release-signed/*.exe
|
|
env:
|
|
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
|