-
-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
0 parents
commit 9fcb13a
Showing
265 changed files
with
71,179 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,234 @@ | ||
name: Arduino IDE | ||
|
||
on: | ||
push: | ||
branches: | ||
- main | ||
tags: | ||
- '[0-9]+.[0-9]+.[0-9]+*' | ||
workflow_dispatch: | ||
pull_request: | ||
branches: | ||
- main | ||
schedule: | ||
- cron: '0 3 * * *' # run every day at 3AM (https://docs.github.com/en/actions/reference/events-that-trigger-workflows#scheduled-events-schedule) | ||
|
||
env: | ||
JOB_TRANSFER_ARTIFACT: build-artifacts | ||
|
||
jobs: | ||
|
||
build: | ||
if: github.repository == 'arduino/arduino-ide' | ||
strategy: | ||
matrix: | ||
config: | ||
- os: windows-latest | ||
- os: ubuntu-latest | ||
- os: macos-latest | ||
runs-on: ${{ matrix.config.os }} | ||
timeout-minutes: 90 | ||
|
||
steps: | ||
- name: Checkout | ||
uses: actions/checkout@v2 | ||
|
||
- name: Install Node.js 12.x | ||
uses: actions/setup-node@v1 | ||
with: | ||
node-version: '12.14.1' | ||
registry-url: 'https://registry.npmjs.org' | ||
|
||
- name: Install Python 2.7 | ||
uses: actions/setup-python@v2 | ||
with: | ||
python-version: '2.7' | ||
|
||
- name: Package | ||
shell: bash | ||
env: | ||
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | ||
AC_USERNAME: ${{ secrets.AC_USERNAME }} | ||
AC_PASSWORD: ${{ secrets.AC_PASSWORD }} | ||
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} | ||
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | ||
IS_NIGHTLY: ${{ github.event_name == 'schedule' || (github.event_name == 'workflow_dispatch' && github.ref == 'refs/heads/main') }} | ||
IS_RELEASE: ${{ startsWith(github.ref, 'refs/tags/') }} | ||
IS_FORK: ${{ github.event.pull_request.head.repo.fork == true }} | ||
run: | | ||
# See: https://www.electron.build/code-signing | ||
if [ $IS_FORK = true ]; then | ||
echo "Skipping the app signing: building from a fork." | ||
else | ||
if [ "${{ runner.OS }}" = "macOS" ]; then | ||
export CSC_LINK="${{ runner.temp }}/signing_certificate.p12" | ||
# APPLE_SIGNING_CERTIFICATE_P12 secret was produced by following the procedure from: | ||
# https://www.kencochrane.com/2020/08/01/build-and-sign-golang-binaries-for-macos-with-github-actions/#exporting-the-developer-certificate | ||
echo "${{ secrets.APPLE_SIGNING_CERTIFICATE_P12 }}" | base64 --decode > "$CSC_LINK" | ||
export CSC_KEY_PASSWORD="${{ secrets.KEYCHAIN_PASSWORD }}" | ||
elif [ "${{ runner.OS }}" = "Windows" ]; then | ||
export CSC_LINK="${{ runner.temp }}/signing_certificate.pfx" | ||
echo "${{ secrets.WINDOWS_SIGNING_CERTIFICATE_PFX }}" | base64 --decode > "$CSC_LINK" | ||
export CSC_KEY_PASSWORD="${{ secrets.WINDOWS_SIGNING_CERTIFICATE_PASSWORD }}" | ||
fi | ||
fi | ||
yarn --cwd ./electron/packager/ | ||
yarn --cwd ./electron/packager/ package | ||
- name: Upload [GitHub Actions] | ||
uses: actions/upload-artifact@v2 | ||
with: | ||
name: ${{ env.JOB_TRANSFER_ARTIFACT }} | ||
path: electron/build/dist/build-artifacts/ | ||
|
||
artifacts: | ||
name: ${{ matrix.artifact.name }} artifact | ||
needs: build | ||
if: always() && needs.build.result != 'skipped' | ||
runs-on: ubuntu-latest | ||
|
||
strategy: | ||
matrix: | ||
artifact: | ||
- path: "*Linux_64bit.zip" | ||
name: Linux_X86-64 | ||
- path: "*macOS_64bit.dmg" | ||
name: macOS | ||
- path: "*Windows_64bit.exe" | ||
name: Windows_X86-64_interactive_installer | ||
- path: "*Windows_64bit.msi" | ||
name: Windows_X86-64_MSI | ||
- path: "*Windows_64bit.zip" | ||
name: Windows_X86-64_zip | ||
|
||
steps: | ||
- name: Download job transfer artifact | ||
uses: actions/download-artifact@v2 | ||
with: | ||
name: ${{ env.JOB_TRANSFER_ARTIFACT }} | ||
path: ${{ env.JOB_TRANSFER_ARTIFACT }} | ||
|
||
- name: Upload tester build artifact | ||
uses: actions/upload-artifact@v2 | ||
with: | ||
name: ${{ matrix.artifact.name }} | ||
path: ${{ env.JOB_TRANSFER_ARTIFACT }}/${{ matrix.artifact.path }} | ||
|
||
changelog: | ||
needs: build | ||
runs-on: ubuntu-latest | ||
outputs: | ||
BODY: ${{ steps.changelog.outputs.BODY }} | ||
steps: | ||
- name: Checkout | ||
uses: actions/checkout@v2 | ||
with: | ||
fetch-depth: 0 # To fetch all history for all branches and tags. | ||
|
||
- name: Generate Changelog | ||
id: changelog | ||
env: | ||
IS_RELEASE: ${{ startsWith(github.ref, 'refs/tags/') }} | ||
run: | | ||
export LATEST_TAG=$(git describe --abbrev=0) | ||
export GIT_LOG=$(git log --pretty=" - %s [%h]" $LATEST_TAG..HEAD | sed 's/ *$//g') | ||
if [ "$IS_RELEASE" = true ]; then | ||
export BODY=$(echo -e "$GIT_LOG") | ||
else | ||
export LATEST_TAG_WITH_LINK=$(echo "[$LATEST_TAG](https://github.com/OS-Q/S04B/releases/tag/$LATEST_TAG)") | ||
if [ -z "$GIT_LOG" ]; then | ||
export BODY="There were no changes since version $LATEST_TAG_WITH_LINK." | ||
else | ||
export BODY=$(echo -e "Changes since version $LATEST_TAG_WITH_LINK:\n$GIT_LOG") | ||
fi | ||
fi | ||
echo -e "$BODY" | ||
OUTPUT_SAFE_BODY="${BODY//'%'/'%25'}" | ||
OUTPUT_SAFE_BODY="${OUTPUT_SAFE_BODY//$'\n'/'%0A'}" | ||
OUTPUT_SAFE_BODY="${OUTPUT_SAFE_BODY//$'\r'/'%0D'}" | ||
echo "::set-output name=BODY::$OUTPUT_SAFE_BODY" | ||
echo "$BODY" > CHANGELOG.txt | ||
- name: Upload Changelog [GitHub Actions] | ||
if: github.event_name == 'schedule' || (github.event_name == 'workflow_dispatch' && github.ref == 'refs/heads/main') | ||
uses: actions/upload-artifact@v2 | ||
with: | ||
name: ${{ env.JOB_TRANSFER_ARTIFACT }} | ||
path: CHANGELOG.txt | ||
|
||
publish: | ||
needs: changelog | ||
if: github.repository == 'arduino/arduino-ide' && (github.event_name == 'schedule' || (github.event_name == 'workflow_dispatch' && github.ref == 'refs/heads/main')) | ||
runs-on: ubuntu-latest | ||
steps: | ||
- name: Download [GitHub Actions] | ||
uses: actions/download-artifact@v2 | ||
with: | ||
name: ${{ env.JOB_TRANSFER_ARTIFACT }} | ||
path: ${{ env.JOB_TRANSFER_ARTIFACT }} | ||
|
||
- name: Publish Nightly [S3] | ||
uses: docker:https://plugins/s3 | ||
env: | ||
PLUGIN_SOURCE: "${{ env.JOB_TRANSFER_ARTIFACT }}/*" | ||
PLUGIN_STRIP_PREFIX: "${{ env.JOB_TRANSFER_ARTIFACT }}/" | ||
PLUGIN_TARGET: "/arduino-ide/nightly" | ||
PLUGIN_BUCKET: ${{ secrets.DOWNLOADS_BUCKET }} | ||
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} | ||
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | ||
|
||
release: | ||
needs: changelog | ||
if: github.repository == 'arduino/arduino-ide' && startsWith(github.ref, 'refs/tags/') | ||
runs-on: ubuntu-latest | ||
steps: | ||
- name: Download [GitHub Actions] | ||
uses: actions/download-artifact@v2 | ||
with: | ||
name: ${{ env.JOB_TRANSFER_ARTIFACT }} | ||
path: ${{ env.JOB_TRANSFER_ARTIFACT }} | ||
|
||
- name: Get Tag | ||
id: tag_name | ||
run: | | ||
echo ::set-output name=TAG_NAME::${GITHUB_REF#refs/tags/} | ||
- name: Publish Release [GitHub] | ||
uses: svenstaro/[email protected] | ||
with: | ||
repo_token: ${{ secrets.GITHUB_TOKEN }} | ||
release_name: ${{ steps.tag_name.outputs.TAG_NAME }} | ||
file: ${{ env.JOB_TRANSFER_ARTIFACT }}/* | ||
tag: ${{ github.ref }} | ||
file_glob: true | ||
body: ${{ needs.changelog.outputs.BODY }} | ||
|
||
- name: Publish Release [S3] | ||
uses: docker:https://plugins/s3 | ||
env: | ||
PLUGIN_SOURCE: "${{ env.JOB_TRANSFER_ARTIFACT }}/*" | ||
PLUGIN_STRIP_PREFIX: "${{ env.JOB_TRANSFER_ARTIFACT }}/" | ||
PLUGIN_TARGET: "/arduino-ide" | ||
PLUGIN_BUCKET: ${{ secrets.DOWNLOADS_BUCKET }} | ||
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} | ||
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | ||
|
||
clean: | ||
# This job must run after all jobs that use the transfer artifact. | ||
needs: | ||
- build | ||
- publish | ||
- release | ||
- artifacts | ||
if: always() && needs.build.result != 'skipped' | ||
runs-on: ubuntu-latest | ||
|
||
steps: | ||
- name: Remove unneeded job transfer artifact | ||
uses: geekyeggo/delete-artifact@v1 | ||
with: | ||
name: ${{ env.JOB_TRANSFER_ARTIFACT }} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,127 @@ | ||
name: Check for issues with signing certificates | ||
|
||
on: | ||
schedule: | ||
# run every 10 hours | ||
- cron: "0 */10 * * *" | ||
# workflow_dispatch event allows the workflow to be triggered manually. | ||
# This could be used to run an immediate check after updating certificate secrets. | ||
# See: https://docs.github.com/en/actions/reference/events-that-trigger-workflows#workflow_dispatch | ||
workflow_dispatch: | ||
|
||
env: | ||
# Begin notifications when there are less than this many days remaining before expiration | ||
EXPIRATION_WARNING_PERIOD: 30 | ||
|
||
jobs: | ||
check-certificates: | ||
# Only run when the workflow will have access to the certificate secrets. | ||
if: > | ||
(github.event_name != 'pull_request' && github.repository == 'arduino/arduino-ide') || | ||
(github.event_name == 'pull_request' && github.event.pull_request.head.repo.full_name == 'arduino/arduino-ide') | ||
runs-on: ubuntu-latest | ||
|
||
strategy: | ||
fail-fast: false | ||
|
||
matrix: | ||
certificate: | ||
- identifier: macOS signing certificate # Text used to identify the certificate in notifications | ||
certificate-secret: APPLE_SIGNING_CERTIFICATE_P12 # The name of the secret that contains the certificate | ||
password-secret: KEYCHAIN_PASSWORD # The name of the secret that contains the certificate password | ||
- identifier: Windows signing certificate | ||
certificate-secret: WINDOWS_SIGNING_CERTIFICATE_PFX | ||
password-secret: WINDOWS_SIGNING_CERTIFICATE_PASSWORD | ||
|
||
steps: | ||
- name: Set certificate path environment variable | ||
run: | | ||
# See: https://docs.github.com/en/free-pro-team@latest/actions/reference/workflow-commands-for-github-actions#setting-an-environment-variable | ||
echo "CERTIFICATE_PATH=${{ runner.temp }}/certificate.p12" >> "$GITHUB_ENV" | ||
- name: Decode certificate | ||
env: | ||
CERTIFICATE: ${{ secrets[matrix.certificate.certificate-secret] }} | ||
run: | | ||
echo "${{ env.CERTIFICATE }}" | base64 --decode > "${{ env.CERTIFICATE_PATH }}" | ||
- name: Verify certificate | ||
env: | ||
CERTIFICATE_PASSWORD: ${{ secrets[matrix.certificate.password-secret] }} | ||
run: | | ||
( | ||
openssl pkcs12 \ | ||
-in "${{ env.CERTIFICATE_PATH }}" \ | ||
-noout -passin env:CERTIFICATE_PASSWORD | ||
) || ( | ||
echo "::error::Verification of ${{ matrix.certificate.identifier }} failed!!!" | ||
exit 1 | ||
) | ||
# See: https://github.com/rtCamp/action-slack-notify | ||
- name: Slack notification of certificate verification failure | ||
if: failure() | ||
uses: rtCamp/[email protected] | ||
env: | ||
SLACK_WEBHOOK: ${{ secrets.TEAM_TOOLING_CHANNEL_SLACK_WEBHOOK }} | ||
SLACK_MESSAGE: | | ||
:warning::warning::warning::warning: | ||
WARNING: ${{ github.repository }} ${{ matrix.certificate.identifier }} verification failed!!! | ||
:warning::warning::warning::warning: | ||
SLACK_COLOR: danger | ||
MSG_MINIMAL: true | ||
|
||
- name: Get days remaining before certificate expiration date | ||
env: | ||
CERTIFICATE_PASSWORD: ${{ secrets[matrix.certificate.password-secret] }} | ||
id: get-days-before-expiration | ||
run: | | ||
EXPIRATION_DATE="$( | ||
( | ||
openssl pkcs12 \ | ||
-in "${{ env.CERTIFICATE_PATH }}" \ | ||
-clcerts \ | ||
-nodes \ | ||
-passin env:CERTIFICATE_PASSWORD | ||
) | ( | ||
openssl x509 \ | ||
-noout \ | ||
-enddate | ||
) | ( | ||
grep \ | ||
--max-count=1 \ | ||
--only-matching \ | ||
--perl-regexp \ | ||
'notAfter=(\K.*)' | ||
) | ||
)" | ||
DAYS_BEFORE_EXPIRATION="$((($(date --utc --date="$EXPIRATION_DATE" +%s) - $(date --utc +%s)) / 60 / 60 / 24))" | ||
# Display the expiration information in the log | ||
echo "Certificate expiration date: $EXPIRATION_DATE" | ||
echo "Days remaining before expiration: $DAYS_BEFORE_EXPIRATION" | ||
echo "::set-output name=days::$DAYS_BEFORE_EXPIRATION" | ||
- name: Check if expiration notification period has been reached | ||
id: check-expiration | ||
run: | | ||
if [[ ${{ steps.get-days-before-expiration.outputs.days }} -lt ${{ env.EXPIRATION_WARNING_PERIOD }} ]]; then | ||
echo "::error::${{ matrix.certificate.identifier }} will expire in ${{ steps.get-days-before-expiration.outputs.days }} days!!!" | ||
exit 1 | ||
fi | ||
- name: Slack notification of pending certificate expiration | ||
# Don't send spurious expiration notification if verification fails | ||
if: failure() && steps.check-expiration.outcome == 'failure' | ||
uses: rtCamp/[email protected] | ||
env: | ||
SLACK_WEBHOOK: ${{ secrets.TEAM_TOOLING_CHANNEL_SLACK_WEBHOOK }} | ||
SLACK_MESSAGE: | | ||
:warning::warning::warning::warning: | ||
WARNING: ${{ github.repository }} ${{ matrix.certificate.identifier }} will expire in ${{ steps.get-days-before-expiration.outputs.days }} days!!! | ||
:warning::warning::warning::warning: | ||
SLACK_COLOR: danger | ||
MSG_MINIMAL: true |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,18 @@ | ||
node_modules/ | ||
# .node_modules is a hack for the electron builder. | ||
.node_modules/ | ||
lib/ | ||
downloads/ | ||
build/ | ||
Examples/ | ||
!electron/build/ | ||
src-gen/ | ||
*webpack.config.js | ||
.DS_Store | ||
# switching from `electron` to `browser` in dev mode. | ||
.browser_modules | ||
yarn*.log | ||
# For the VS Code extensions used by Theia. | ||
plugins | ||
# the config files for the CLI | ||
arduino-ide-extension/data/cli/config |
Oops, something went wrong.