Skip to content

Revert "Add PR trigger for CI" #104

Revert "Add PR trigger for CI"

Revert "Add PR trigger for CI" #104

Workflow file for this run

name: CI
on:
push:
branches: [master]
permissions: {}
env:
API_DOMAIN: eternagame.org
NODE_VERSION: 20.x
BUILD_TYPE: prod
jobs:
build-eternajs:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
with:
submodules: true
persist-credentials: false
- name: Use Node.js ${{ env.NODE_VERSION }}
uses: actions/setup-node@v4
with:
node-version: ${{ env.NODE_VERSION }}
- name: Cache node modules
uses: actions/cache@v4
with:
path: ~/.npm
key: ${{ runner.os }}-node-${{ env.NODE_VERSION }}-${{ hashFiles('./eternajs/package-lock.json') }}
- name: Create GitHub App token for built engine access
uses: actions/create-github-app-token@v1
id: engines-app-token
with:
app-id: ${{ secrets.BUILT_ENGINE_APP_CLIENT_ID }}
private-key: ${{ secrets.BUILT_ENGINE_APP_PRIVATE_KEY }}
owner: eternagame
repositories: eternajs-folding-engines
- name: Set GitHub App token authentication for built engine access
run: git config --global url.https://x-access-token:${{ steps.engines-app-token.outputs.token }}@github.com/eternagame/eternajs-folding-engines.insteadOf ssh://[email protected]/eternagame/eternajs-folding-engines
working-directory: ./eternajs
- name: Install dependencies
run: npm ci
working-directory: ./eternajs
- name: Build
run: npm run build:${{ env.BUILD_TYPE }}
working-directory: ./eternajs
env:
APP_SERVER_URL: https://${{ env.API_DOMAIN }}
MOBILE_APP: true
DEBUG: false
ENGINE_LOCATION: package
# Due to licensed components, we don't want the intermediate build of EternaJS available for download
- name: Encrypt build
run: gpgtar --encrypt --output eternajs --symmetric --gpg-args "--passphrase ${{ secrets.ARTIFACT_ENCRYPTION_KEY }} --batch" *
working-directory: ./eternajs/dist/prod
- name: Upload build
uses: actions/upload-artifact@v4
with:
name: eternajs
path: ./eternajs/dist/prod/eternajs
build-wrapper:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
with:
fetch-depth: 0
submodules: true
- name: Use Node.js ${{ env.NODE_VERSION }}
uses: actions/setup-node@v4
with:
node-version: ${{ env.NODE_VERSION }}
- name: Cache node modules
uses: actions/cache@v4
with:
path: ~/.npm
key: ${{ runner.os }}-node-${{ env.NODE_VERSION }}-${{ hashFiles('./package-lock.json') }}
- name: Install dependencies
run: npm ci
- name: Build
run: npm run build:${{ env.BUILD_TYPE }}
env:
PARALLEL_BUILD: true
APP_SERVER_URL: https://${{ env.API_DOMAIN }}
INJECT_COOKIE_DOMAIN: .${{ env.API_DOMAIN }}
- name: Upload build
uses: actions/upload-artifact@v4
with:
name: wrapper
path: ./www
build-app:
needs: [build-eternajs, build-wrapper]
strategy:
fail-fast: false
matrix:
include:
- target: ios
packageType: app-store-connect
- target: android
runs-on: ${{ matrix.target == 'ios' && 'macos-latest' || 'ubuntu-latest' }}
steps:
- uses: actions/checkout@v4
- uses: actions/download-artifact@v4
with:
name: wrapper
path: ./www
- uses: actions/download-artifact@v4
with:
name: eternajs
path: ./www
- name: Decrypt eternajs artifact
run: |
gpgtar --decrypt --gpg-args "--passphrase ${{ secrets.ARTIFACT_ENCRYPTION_KEY }} --batch" eternajs
rm eternajs
mv eternajs_1_ eternajs
working-directory: ./www
- name: Use Node.js ${{ env.NODE_VERSION }}
uses: actions/setup-node@v4
with:
node-version: ${{ env.NODE_VERSION }}
- name: Cache node modules
uses: actions/cache@v4
with:
path: ~/.npm
key: ${{ runner.os }}-node-${{ env.NODE_VERSION }}-${{ hashFiles('./eternajs/package-lock.json') }}
- name: Install dependencies
run: npm ci
- name: Setup cordova platform
run: npx cordova platform add ${{ matrix.target }}
env:
PARALLEL_BUILD: true
- uses: actions/setup-java@v4
if: ${{ matrix.target == 'android' }}
with:
distribution: 'temurin'
java-version: '17'
cache: 'gradle'
- name: Set up Android keystore
if: ${{ matrix.target == 'android' }}
env:
ANDROID_KEYSTORE_BASE64: ${{ secrets.GOOGLE_PLAY_KEYSTORE_BASE64 }}
run: echo $ANDROID_KEYSTORE_BASE64 | base64 --decode > "$RUNNER_TEMP/keystore.jks"
- name: Build Android
if: ${{ matrix.target == 'android' }}
run: |
npx cordova build ${{ matrix.target }} --${{ env.BUILD_TYPE == 'prod' && 'release' || 'debug' }} --device \
-- --keystore="$RUNNER_TEMP/keystore.jks" --storePassword=${{ secrets.GOOGLE_PLAY_KEYSTORE_PASSWORD }} --alias=upload --password=${{ secrets.GOOGLE_PLAY_UPLOAD_KEY_PASSWORD }}
env:
PARALLEL_BUILD: true
- name: Set up apple signing key
if: ${{ matrix.target == 'ios' }}
env:
P12_PASSWORD: ${{ secrets.P12_PASSWORD }}
run: |
KEYCHAIN_PATH=$RUNNER_TEMP/app-signing.keychain-db
CERTIFICATE_PATH=$RUNNER_TEMP/build_certificate.p12
brew unlink openssl@3
brew link --overwrite openssl@3
npm ci
node src/index.js retrieve DEVELOPMENT ${{ secrets.APPLE_APP_SIGNING_PRIVATE_KEY_BASE64 }} ${{ secrets.APP_STORE_CONNECT_API_KEY_BASE64 }} ${{ secrets.APP_STORE_CONNECT_API_KEY_ID }} ${{ secrets.APP_STORE_CONNECT_API_KEY_ISSUER_ID }} $CERTIFICATE_PATH $P12_PASSWORD
# create temporary keychain
security create-keychain -p "$KEYCHAIN_PASSWORD" $KEYCHAIN_PATH
security set-keychain-settings -lut 21600 $KEYCHAIN_PATH
security unlock-keychain -p "$KEYCHAIN_PASSWORD" $KEYCHAIN_PATH
# import certificate to keychain
security import $CERTIFICATE_PATH -P "$P12_PASSWORD" -A -t cert -f pkcs12 -k $KEYCHAIN_PATH
security set-key-partition-list -S apple-tool:,apple: -k "$KEYCHAIN_PASSWORD" $KEYCHAIN_PATH
security list-keychain -d user -s $KEYCHAIN_PATH > /dev/null
working-directory: ./.github/workflows/setup-apple-signing
- name: Set up App Store Connect API key
if: ${{ matrix.target == 'ios' }}
env:
APP_STORE_CONNECT_API_KEY_BASE64: ${{ secrets.APP_STORE_CONNECT_API_KEY_BASE64 }}
run: echo $APP_STORE_CONNECT_API_KEY_BASE64 | base64 --decode > "$RUNNER_TEMP/app_store_connect.p8"
- name: Build iOS
if: ${{ matrix.target == 'ios' }}
run: |
npx cordova build ${{ matrix.target }} --${{ env.BUILD_TYPE == 'prod' && 'release' || 'debug' }} --device \
--automaticProvisioning --authenticationKeyPath="$RUNNER_TEMP/app_store_connect.p8" \
--authenticationKeyID=${{ secrets.APP_STORE_CONNECT_API_KEY_ID }} --authenticationKeyIssuerID="${{ secrets.APP_STORE_CONNECT_API_KEY_ISSUER_ID }}" \
--developmentTeam="${{ secrets.APP_STORE_CONNECT_TEAM_ID }}" --codeSignIdentity="Apple Development" \
--packageType="${{ matrix.packageType }}"
env:
PARALLEL_BUILD: true
# Due to licensed components, we're avoiding distribution this way. If we decide we do want to
# do that in the future, eg to be able to directly download builds for testing without uploading
# to app stores, we'd need to make sure we add a license file with the downloads
- name: Encrypt build
run: gpg --output release-${{ matrix.target }} --symmetric --passphrase ${{ secrets.ARTIFACT_ENCRYPTION_KEY }} --batch ${{ matrix.target == 'android' && 'platforms/android/app/build/outputs/bundle/release/app-release.aab' || 'platforms/ios/build/Release-iphoneos/Eterna.ipa' }}
- name: Upload build
uses: actions/upload-artifact@v4
with:
name: release-${{ matrix.target }}
path: ./release-${{ matrix.target }}