hicccc77/WeFlow
1
0
Fork 0
mirror of https://github.com/hicccc77/WeFlow.git synced 2026-05-13 15:10:05 +00:00
Code Issues Packages Projects Releases Wiki Activity

ci: harden release workflow

Browse Source
This commit is contained in:
Jason
2026-05-06 23:20:14 +08:00
parent ff15dc6e9f
commit 45a4247563
1 changed files with 62 additions and 30 deletions
Download Patch File Download Diff File Expand all files Collapse all files

38
.github/workflows/release.yml vendored
View File

@@ -28,7 +28,23 @@ jobs:
node-version: 24
cache: "npm"
- name: Install Dependencies
run: npm install
run: npm install --ignore-scripts
- name: Ensure mac key helpers are executable
shell: bash
run: |
set -euo pipefail
for file in \
resources/key/macos/universal/xkey_helper \
resources/key/macos/universal/image_scan_helper \
resources/key/macos/universal/xkey_helper_macos \
resources/key/macos/universal/libwx_key.dylib
do
if [ -f "$file" ]; then
chmod +x "$file"
ls -l "$file"
fi
done
- name: Sync version with tag
shell: bash
@@ -52,9 +68,9 @@ jobs:
set -euo pipefail
export ELECTRON_BUILDER_BINARIES_MIRROR="https://github.com/electron-userland/electron-builder-binaries/releases/download/"
echo "Using ELECTRON_BUILDER_BINARIES_MIRROR=$ELECTRON_BUILDER_BINARIES_MIRROR"
if ! npx electron-builder --mac dmg zip --arm64 --publish always '--config.publish.owner=${{ github.repository_owner }}' '--config.publish.repo=${{ github.event.repository.name }}'; then
if ! npx electron-builder --mac dmg zip --arm64 --publish always '--config.npmRebuild=false' '--config.publish.owner=${{ github.repository_owner }}' '--config.publish.repo=${{ github.event.repository.name }}'; then
echo "::warning::DMG packaging failed (hdiutil instability on runner). Retrying with ZIP only."
npx electron-builder --mac zip --arm64 --publish always '--config.publish.owner=${{ github.repository_owner }}' '--config.publish.repo=${{ github.event.repository.name }}'
npx electron-builder --mac zip --arm64 --publish always '--config.npmRebuild=false' '--config.publish.owner=${{ github.repository_owner }}' '--config.publish.repo=${{ github.event.repository.name }}'
fi
- name: Inject minimumVersion into latest yml
@@ -331,18 +347,34 @@ jobs:
needs: [release-linux]
if: startsWith(github.ref, 'refs/tags/v')
steps:
- name: Check AUR credentials
id: aur-credentials
shell: bash
env:
AUR_SSH_PRIVATE_KEY: ${{ secrets.AUR_SSH_PRIVATE_KEY }}
run: |
if [ -z "${AUR_SSH_PRIVATE_KEY}" ]; then
echo "::notice::AUR_SSH_PRIVATE_KEY is not configured; skipping AUR publish."
echo "enabled=false" >> "$GITHUB_OUTPUT"
else
echo "enabled=true" >> "$GITHUB_OUTPUT"
fi
- name: Checkout code
if: steps.aur-credentials.outputs.enabled == 'true'
uses: actions/checkout@v5
with:
fetch-depth: 0
- name: Update PKGBUILD version
if: steps.aur-credentials.outputs.enabled == 'true'
run: |
NEW_VER=$(echo "${{ github.ref_name }}" | sed 's/^v//')
sed -i "s/^pkgver=.*/pkgver=${NEW_VER}/" resources/installer/linux/PKGBUILD
sed -i "s/^pkgrel=.*/pkgrel=1/" resources/installer/linux/PKGBUILD
- name: Publish AUR package
if: steps.aur-credentials.outputs.enabled == 'true'
uses: KSXGitHub/github-actions-deploy-aur@master
with:
pkgname: weflow