fix: packages/tools/package.json to reduce vulnerabilities #62
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Build macOS M1 | |
on: [push, pull_request] | |
jobs: | |
pre_job: | |
if: github.repository == 'XilinJia/xilinota' | |
runs-on: ubuntu-latest | |
outputs: | |
should_skip: ${{ steps.skip_check.outputs.should_skip }} | |
steps: | |
- id: skip_check | |
uses: fkirc/skip-duplicate-actions@v5 | |
with: | |
concurrent_skipping: 'same_content_newer' | |
Main: | |
needs: pre_job | |
# We always process desktop release tags, because they also publish the release | |
if: github.repository == 'XilinJia/xilinota' && (needs.pre_job.outputs.should_skip != 'true' || startsWith(github.ref, 'refs/tags/v')) | |
runs-on: macos-latest | |
steps: | |
- uses: actions/checkout@v4 | |
- uses: olegtarasov/[email protected] | |
- uses: actions/setup-node@v4 | |
with: | |
# We need to pin the version to 18.15, because 18.16+ fails with this error: | |
# https://github.com/facebook/react-native/issues/36440 | |
node-version: '21.4.0' | |
cache: 'yarn' | |
- name: Install Yarn | |
run: | | |
# https://yarnpkg.com/getting-started/install | |
corepack enable | |
- name: Build macOS M1 app | |
env: | |
# APPLE_ASC_PROVIDER: ${{ secrets.APPLE_ASC_PROVIDER }} | |
# APPLE_ID: ${{ secrets.APPLE_ID }} | |
# APPLE_ID_PASSWORD: ${{ secrets.APPLE_ID_PASSWORD }} | |
# APPLE_APP_SPECIFIC_PASSWORD: ${{ secrets.APPLE_APP_SPECIFIC_PASSWORD }} | |
# CSC_KEY_PASSWORD: ${{ secrets.APPLE_CSC_KEY_PASSWORD }} | |
# CSC_LINK: ${{ secrets.APPLE_CSC_LINK }} | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
GH_REPO: ${{ github.repository }} | |
IS_CONTINUOUS_INTEGRATION: 1 | |
BUILD_SEQUENCIAL: 1 | |
run: | | |
export npm_config_arch=arm64 | |
export npm_config_target_arch=arm64 | |
yarn install | |
cd packages/app-desktop | |
npm pkg set 'build.mac.artifactName'='${productName}-${version}-${arch}.${ext}' | |
npm pkg set 'build.mac.target.target'='dmg' | |
npm pkg set 'build.mac.target.arch[0]'='arm64' | |
if [[ $GIT_TAG_NAME = v* ]]; then | |
echo "Building and publishing desktop application..." | |
# https://github.com/actions/runner/issues/2958#issuecomment-1793782647 | |
sudo -H pip install setuptools | |
PYTHON_PATH=$(which python) USE_HARD_LINKS=false yarn run dist --mac --arm64 | |
yarn renameReleaseAssets --repo="$GH_REPO" --tag="$GIT_TAG_NAME" --token="$GITHUB_TOKEN" | |
else | |
echo "Building but *not* publishing desktop application..." | |
# https://github.com/actions/runner/issues/2958#issuecomment-1793782647 | |
sudo -H pip install setuptools | |
# We also want to disable signing the app in this case, because | |
# it doesn't work and we don't need it. | |
# https://www.electron.build/code-signing#how-to-disable-code-signing-during-the-build-process-on-macos | |
export CSC_IDENTITY_AUTO_DISCOVERY=false | |
npm pkg set 'build.mac.identity'=null --json | |
PYTHON_PATH=$(which python) USE_HARD_LINKS=false yarn run dist --mac --arm64 --publish=never | |
fi |