name: Release Build on: push: branches: - 'release/**' concurrency: group: ${{ github.workflow }}-${{ github.ref }} cancel-in-progress: true jobs: check: runs-on: ubuntu-latest permissions: packages: write contents: write # publish sbom to GH releases/tag assets steps: - name: Checkout repository uses: actions/checkout@v3 # Perform SCA / SBOM analysis for the entiire monorepo code repository # Produces SBOM and CVE report # Helps understand vulnerabilities / license compliance across third party dependencies # Automatically uploads to workflow assets # (TODO): Prouce workspace/package specific SBOM. Current limitation: https://github.com/anchore/syft/issues/2574 - id: sca-project uses: Kong/public-shared-actions/security-actions/sca@62643b74f79f6a697b9add1a2f9c069bf9ca1250 # v2.3.0 with: dir: . upload-sbom-release-assets: false build-and-upload-release-artifacts: timeout-minutes: 30 runs-on: ${{ matrix.os }} env: INSO_PACKAGE_NAME: insomnia-inso INSO_DOCKER_TAR: inso-docker-image.tar strategy: fail-fast: false matrix: include: # macos-13 supports both intel and apple sillicon on inso cli properly # macos-latest is defaulting to apple sillicon and breaks inso cli retrocompatibility - os: macos-13 csc_link_secret: DESIGNER_MAC_CSC_LINK csc_key_password_secret: DESIGNER_MAC_CSC_KEY_PASSWORD - os: windows-latest csc_link_secret: DESIGNER_WINDOWS_CSC_LINK csc_key_password_secret: DESIGNER_WINDOWS_CSC_KEY_PASSWORD - os: ubuntu-latest csc_link_secret: '' csc_key_password_secret: '' steps: - name: Checkout branch uses: actions/checkout@v4 - name: Setup Node uses: actions/setup-node@v4 with: node-version-file: '.nvmrc' cache: 'npm' cache-dependency-path: package-lock.json - name: Install packages run: npm ci - name: Package app (MacOS only) if: matrix.os == 'macos-13' shell: bash run: npm run app-package env: NODE_OPTIONS: '--max_old_space_size=6144' APPLE_ID: ${{ matrix.os == 'macos-13' && secrets.DESIGNER_APPLE_ID || '' }} APPLE_APP_SPECIFIC_PASSWORD: ${{ matrix.os == 'macos-13' && secrets.DESIGNER_APPLE_ID_PASSWORD || '' }} CSC_LINK: ${{ matrix.csc_link_secret != '' && secrets[matrix.csc_link_secret] || '' }} CSC_KEY_PASSWORD: ${{ matrix.csc_key_password_secret != '' && secrets[matrix.csc_key_password_secret] || '' }} - name: Package app (Windows and Linux) if: matrix.os != 'macos-13' shell: bash run: npm run app-package env: NODE_OPTIONS: '--max_old_space_size=6144' - name: Setup Inso CLI version env var run: echo "INSO_VERSION=$(jq .version ./packages/${{ env.INSO_PACKAGE_NAME }}/package.json -rj)" >> $GITHUB_ENV - name: Package inso run: | echo "Replacing electron binary with node binary" node_modules/.bin/node-pre-gyp install --update-binary --directory node_modules/@getinsomnia/node-libcurl npm run inso-package env: VERSION: ${{ env.INSO_VERSION }} - name: Code-sign & create Inso CLI installer (macOS only) if: matrix.os == 'macos-13' run: ./src/scripts/macos-pkg.sh shell: bash working-directory: ./packages/${{ env.INSO_PACKAGE_NAME }} continue-on-error: false env: MACOS_CERTIFICATE: ${{ secrets.DESIGNER_MAC_CSC_LINK }} MACOS_CERTIFICATE_PWD: ${{ secrets.DESIGNER_MAC_CSC_KEY_PASSWORD }} PKG_NAME: inso-${{ matrix.os }}-${{ env.INSO_VERSION }} BUNDLE_ID: com.insomnia.inso VERSION: ${{ env.INSO_VERSION }} - name: Notarize Inso CLI installer (macOS only) if: matrix.os == 'macos-13' uses: lando/notarize-action@v2 with: product-path: ./packages/${{ env.INSO_PACKAGE_NAME }}/artifacts/inso-${{ matrix.os }}-${{ env.INSO_VERSION }}.pkg primary-bundle-id: com.insomnia.inso appstore-connect-username: ${{ secrets.DESIGNER_APPLE_ID }} appstore-connect-password: ${{ secrets.DESIGNER_APPLE_ID_PASSWORD }} appstore-connect-team-id: FX44YY62GV - name: Staple Inso CLI installer (macOS only) if: matrix.os == 'macos-13' uses: BoundfoxStudios/action-xcode-staple@v1 with: product-path: ./packages/${{ env.INSO_PACKAGE_NAME }}/artifacts/inso-${{ matrix.os }}-${{ env.INSO_VERSION }}.pkg - name: Notarize Inso CLI binary (macOS only) if: matrix.os == 'macos-13' uses: lando/notarize-action@v2 with: product-path: ./packages/${{ env.INSO_PACKAGE_NAME }}/binaries/inso primary-bundle-id: com.insomnia.inso-binary appstore-connect-username: ${{ secrets.DESIGNER_APPLE_ID }} appstore-connect-password: ${{ secrets.DESIGNER_APPLE_ID_PASSWORD }} appstore-connect-team-id: FX44YY62GV - name: Create inso artifacts run: npm run inso-package:artifacts - name: Create inso Docker Image artifacts if: matrix.os == 'ubuntu-latest' run: | DOCKER_BUILDKIT=1 docker build --tag ${{ env.INSO_PACKAGE_NAME }}:temp ./packages/${{ env.INSO_PACKAGE_NAME }} docker save ${{ env.INSO_PACKAGE_NAME }}:temp -o ./packages/${{ env.INSO_PACKAGE_NAME }}/artifacts/${{ env.INSO_DOCKER_TAR }} # Produce Docker SBOM for Inso Image # Automatically uploads to workflow assets - name: Scan inso docker artifacts id: sbom_action if: matrix.os == 'ubuntu-latest' uses: Kong/public-shared-actions/security-actions/scan-docker-image@62643b74f79f6a697b9add1a2f9c069bf9ca1250 # v2.3.0 with: asset_prefix: image-inso-${{ runner.os }} image: ./packages/${{ env.INSO_PACKAGE_NAME }}/artifacts/${{ env.INSO_DOCKER_TAR }} upload-sbom-release-assets: false # No release is publushed yet. Uploads as workflow assets env: SYFT_SOURCE_NAME: ${{ env.INSO_DOCKER_TAR }} - name: Upload artifacts uses: actions/upload-artifact@v4 with: if-no-files-found: ignore name: ${{ matrix.os }}-artifacts path: | packages/insomnia/dist/*.exe packages/insomnia/dist/squirrel-windows/* packages/insomnia/dist/*.zip packages/insomnia/dist/*.dmg packages/insomnia/dist/*.snap packages/insomnia/dist/*.rpm packages/insomnia/dist/*.deb packages/insomnia/dist/*.AppImage packages/insomnia/dist/*.tar.gz packages/insomnia-inso/artifacts/* - name: Upload source assets for Sentry uses: actions/upload-artifact@v4 with: name: ${{ matrix.os }}-sentry path: | packages/insomnia/build/*.js packages/insomnia/build/*.map !packages/insomnia/build/yarn-standalone.js update-pull-request: timeout-minutes: ${{ fromJSON(vars.GHA_DEFAULT_TIMEOUT) }} needs: build-and-upload-release-artifacts runs-on: ubuntu-latest steps: - name: Get release version id: release_version shell: bash run: | echo "version=${BRANCH/release\//}" >> $GITHUB_OUTPUT env: BRANCH: ${{ github.ref_name }} - name: update-pull-request uses: kt3k/update-pr-description@v2.0.0 with: pr_body: | **WARNING: Do not merge this PR. This is an automated release PR. It should be released using the "Publish" workflow.** Download release artifacts [here](https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}) ## Steps for Publish: You can update the changelog.md in this branch, run git log to get the latest changes: ```bash git log --no-merges --oneline --pretty=format:'* %s by @%an' --since="" --until="release/${{ steps.release_version.outputs.version }}" ``` When ready to publish, trigger [Publish](https://github.com/${{ github.repository }}/actions/workflows/release-publish.yml) workflow with these variables: - Release version (`version`): `${{ steps.release_version.outputs.version }}` Alternatively, you can trigger the workflow from [Github CLI](https://cli.github.com/): ```bash gh workflow run release-publish.yml -f version=${{ steps.release_version.outputs.version }} --repo ${{ github.repository }} ``` Release notes will be generated automatically based on the commit messages during publish. Remove any unwanted notes manually afterwards.
Conflicts? Merge branch step failed on the publish workflow? Try this... Run locally: ```bash # Make sure git remote is Kong/insomnia... git checkout develop git merge --no-ff release/ # Solve merge conflicts ... # If there's package-lock conflicts, run `npm install` and commit the package-lock changes git push ```
destination_branch: develop github_token: ${{ secrets.GITHUB_TOKEN }}