Test #71

Workflow file for this run

	name: CI

	on:
	push:
	branches: [ci]

	permissions: {}

	env:
	API_DOMAIN: eternagame.org
	NODE_VERSION: 20.x
	BUILD_TYPE: prod

	jobs:
	build-eternajs:
	runs-on: ubuntu-latest

	steps:
	- uses: actions/checkout@v4
	with:
	submodules: true
	persist-credentials: false
	- name: Use Node.js ${{ env.NODE_VERSION }}
	uses: actions/setup-node@v4
	with:
	node-version: ${{ env.NODE_VERSION }}
	- name: Cache node modules
	uses: actions/cache@v4
	with:
	path: ~/.npm
	key: ${{ runner.os }}-node-${{ env.NODE_VERSION }}-${{ hashFiles('./eternajs/package-lock.json') }}
	- name: Create GitHub App token for built engine access
	uses: actions/create-github-app-token@v1
	id: engines-app-token
	with:
	app-id: ${{ secrets.BUILT_ENGINE_CLIENT_ID }}
	private-key: ${{ secrets.BUILT_ENGINE_APP_PRIVATE_KEY }}
	owner: eternagame
	repositories: eternajs-folding-engines
	- name: Set GitHub App token authentication for built engine access
	run: git config --global url.https://x-access-token:${{ steps.engines-app-token.outputs.token }}@github.com/eternagame/eternajs-folding-engines.insteadOf ssh://[email protected]/eternagame/eternajs-folding-engines
	working-directory: ./eternajs
	- name: Install dependencies
	run: npm ci
	working-directory: ./eternajs
	- name: Build
	run: npm run build:${{ env.BUILD_TYPE }}
	working-directory: ./eternajs
	env:
	APP_SERVER_URL: https://${{ env.API_DOMAIN }}
	MOBILE_APP: true
	DEBUG: false
	ENGINE_LOCATION: package
	# Due to licensed components, we don't want the intermediate build of EternaJS available for download
	- name: Encrypt build
	run: gpgtar --encrypt --output eternajs --symmetric --gpg-args "--passphrase ${{ secrets.ARTIFACT_ENCRYPTION_KEY }} --batch" *
	working-directory: ./eternajs/dist/prod
	- name: Upload build
	uses: actions/upload-artifact@v4
	with:
	name: eternajs
	path: ./eternajs/dist/prod/eternajs

	build-wrapper:
	runs-on: ubuntu-latest

	steps:
	- uses: actions/checkout@v4
	with:
	fetch-depth: 0
	submodules: true
	- name: Use Node.js ${{ env.NODE_VERSION }}
	uses: actions/setup-node@v4
	with:
	node-version: ${{ env.NODE_VERSION }}
	- name: Cache node modules
	uses: actions/cache@v4
	with:
	path: ~/.npm
	key: ${{ runner.os }}-node-${{ env.NODE_VERSION }}-${{ hashFiles('./package-lock.json') }}
	- name: Install dependencies
	run: npm ci --ignore-scripts
	- name: Build
	run: npm run build:${{ env.BUILD_TYPE }}
	env:
	PARALLEL_BUILD: true
	APP_SERVER_URL: https://${{ env.API_DOMAIN }}
	INJECT_COOKIE_DOMAIN: .${{ env.API_DOMAIN }}
	- name: Upload build
	uses: actions/upload-artifact@v4
	with:
	name: wrapper
	path: ./www

	build-app:
	needs: [build-eternajs, build-wrapper]

	strategy:
	fail-fast: false
	matrix:
	include:
	- target: ios
	packageType: app-store-connect
	- target: android

	runs-on: ${{ matrix.target == 'ios' && 'macos-latest' \|\| 'ubuntu-latest' }}

	steps:
	- uses: actions/checkout@v4
	- uses: actions/download-artifact@v4
	with:
	name: wrapper
	path: ./www
	- uses: actions/download-artifact@v4
	with:
	name: eternajs
	path: ./www
	- name: Decrypt eternajs artifact
	run: \|
	gpgtar --decrypt --gpg-args "--passphrase ${{ secrets.ARTIFACT_ENCRYPTION_KEY }} --batch" eternajs
	rm eternajs
	mv eternajs_1_ eternajs
	working-directory: ./www
	- name: Use Node.js ${{ env.NODE_VERSION }}
	uses: actions/setup-node@v4
	with:
	node-version: ${{ env.NODE_VERSION }}
	- name: Cache node modules
	uses: actions/cache@v4
	with:
	path: ~/.npm
	key: ${{ runner.os }}-node-${{ env.NODE_VERSION }}-${{ hashFiles('./eternajs/package-lock.json') }}
	- name: Install dependencies
	run: npm ci --ignore-scripts
	- name: Setup cordova platform
	run: npx cordova platform add ${{ matrix.target }}
	env:
	PARALLEL_BUILD: true

	- uses: actions/setup-java@v4
	if: ${{ matrix.target == 'android' }}
	with:
	distribution: 'temurin'
	java-version: '17'
	cache: 'gradle'
	- name: Build Android
	if: ${{ matrix.target == 'android' }}
	run: npx cordova build ${{ matrix.target }} --${{ env.BUILD_TYPE == 'prod' && 'release' \|\| 'debug' }} --device
	env:
	PARALLEL_BUILD: true

	- name: Set up signing key
	if: ${{ matrix.target == 'ios' }}
	env:
	P12_PASSWORD: ${{ secrets.P12_PASSWORD }}
	run: \|
	KEYCHAIN_PATH=$RUNNER_TEMP/app-signing.keychain-db
	CERTIFICATE_PATH=$RUNNER_TEMP/build_certificate.p12

	brew unlink openssl@3
	brew link --overwrite openssl@3

	npm ci
	node src/index.js retrieve DEVELOPMENT ${{ secrets.APP_SIGNING_PRIVATE_KEY_BASE64 }} ${{ secrets.APP_STORE_CONNECT_API_KEY_BASE64 }} ${{ secrets.APP_STORE_CONNECT_API_KEY_ID }} ${{ secrets.APP_STORE_CONNECT_API_KEY_ISSUER_ID }} $CERTIFICATE_PATH $P12_PASSWORD
	# create temporary keychain
	security create-keychain -p "$KEYCHAIN_PASSWORD" $KEYCHAIN_PATH
	security set-keychain-settings -lut 21600 $KEYCHAIN_PATH
	security unlock-keychain -p "$KEYCHAIN_PASSWORD" $KEYCHAIN_PATH

	# import certificate to keychain
	security import $CERTIFICATE_PATH -P "$P12_PASSWORD" -A -t cert -f pkcs12 -k $KEYCHAIN_PATH
	security set-key-partition-list -S apple-tool:,apple: -k "$KEYCHAIN_PASSWORD" $KEYCHAIN_PATH
	security list-keychain -d user -s $KEYCHAIN_PATH
	working-directory: ./.github/workflows/setup-apple-signing
	- name: Set up App Store Connect API key
	if: ${{ matrix.target == 'ios' }}
	env:
	APP_STORE_CONNECT_API_KEY_BASE64: ${{ secrets.APP_STORE_CONNECT_API_KEY_BASE64 }}
	run: echo $APP_STORE_CONNECT_API_KEY_BASE64 \| base64 --decode > "$RUNNER_TEMP/app_store_connect.p8"
	- name: Build iOS
	if: ${{ matrix.target == 'ios' }}
	run: \|
	npx cordova build ${{ matrix.target }} --${{ env.BUILD_TYPE == 'prod' && 'release' \|\| 'debug' }} --device \
	--automaticProvisioning --authenticationKeyPath="$RUNNER_TEMP/app_store_connect.p8" \
	--authenticationKeyID=${{ secrets.APP_STORE_CONNECT_API_KEY_ID }} --authenticationKeyIssuerID="${{ secrets.APP_STORE_CONNECT_API_KEY_ISSUER_ID }}" \
	--developmentTeam="${{ secrets.APP_STORE_CONNECT_TEAM_ID }}" --codeSignIdentity="Apple Development" \
	--packageType="${{ matrix.packageType }}"
	env:
	PARALLEL_BUILD: true

	- name: List output
	if: ${{ matrix.target == 'ios' }}
	run: ls platforms/ios/build/Release-iphoneos
	# Due to licensed components, we're avoiding distribution this way. If we decide we do want to
	# do that in the future, eg to be able to directly download builds for testing without uploading
	# to app stores, we'd need to make sure we add a license file with the downloads
	#- name: Encrypt build
	# run: gpg --output release-${{ matrix.target }} --symmetric --passphrase ${{ secrets.ARTIFACT_ENCRYPTION_KEY }} --batch ${{ matrix.target == 'android' && 'platforms/android/app/build/outputs/bundle/release/app-release.aab' \|\| 'platforms/ios/build/Release-iphoneos' }}
	#- name: Upload build
	# uses: actions/upload-artifact@v4
	# with:
	# name: release-${{ matrix.target }}
	# path: ./release-${{ matrix.target }}

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Test #71

Workflow file

Test #71

Jobs

Run details

Workflow file for this run