Skip to content

Commit

Permalink
make runners conventional (#8325)
Browse files Browse the repository at this point in the history 
* make runners conventional

* use 24 explicitly until latest alias is available for arm

* arm64 need snapcraft
  • Loading branch information
@jackkav
jackkav authored Jan 28, 2025
1 parent 275e303 commit 0c7c50c
Show file tree
Hide file tree
Showing 8 changed files with 43 additions and 52 deletions.
50 changes: 26 additions & 24 deletions .github/workflows/release-build.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -12,7 +12,7 @@ concurrency:
jobs:
# shared kong github action for security checking
generate-sbom-and-upload-assets:
runs-on: ubuntu-latest
runs-on: ubuntu-24.04
permissions:
packages: write
contents: write # publish sbom to GH releases/tag assets
Expand Down Expand Up @@ -41,15 +41,13 @@ jobs:
fail-fast: false
matrix:
include:
# macos-13 supports both intel and apple silicon on inso cli properly
# macos-latest is defaulting to apple silicon and breaks inso cli retrocompatibility
- os: macos-13
- os: macos-latest-large
csc_link_secret: DESIGNER_MAC_CSC_LINK
csc_key_password_secret: DESIGNER_MAC_CSC_KEY_PASSWORD
- os: windows-latest
csc_link_secret: ''
csc_key_password_secret: ''
- os: ubuntu-latest
- os: ubuntu-24.04
csc_link_secret: ''
csc_key_password_secret: ''
- os: ubuntu-24.04-arm
Expand All @@ -73,34 +71,38 @@ jobs:
run: |
echo "INSO_VERSION=$(jq .version ./packages/${{ env.INSO_PACKAGE_NAME }}/package.json -rj)" >> $GITHUB_ENV
- name: Install snapcraft (Linux arm64 only)
if: runner.os == 'Linux' && runner.arch == 'arm64'
shell: bash
run: sudo snap install snapcraft --classic

# If this step fails its possible apple has new license terms which need to be accepted by logging into https://developer.apple.com/account
- name: Package app (MacOS only)
if: matrix.os == 'macos-13'
- name: Package app (Linux only)
if: runner.os == 'Linux'
shell: bash
run: npm run app-package
env:
NODE_OPTIONS: '--max_old_space_size=6144'
APPLE_ID: ${{ matrix.os == 'macos-13' && secrets.DESIGNER_APPLE_ID || '' }}
APPLE_APP_SPECIFIC_PASSWORD: ${{ matrix.os == 'macos-13' && secrets.DESIGNER_APPLE_ID_PASSWORD || '' }}
CSC_LINK: ${{ matrix.csc_link_secret != '' && secrets[matrix.csc_link_secret] || '' }}
CSC_KEY_PASSWORD: ${{ matrix.csc_key_password_secret != '' && secrets[matrix.csc_key_password_secret] || '' }}

- name: Package app (Linux only)
if: runner.os == 'Linux'
# If this step fails its possible apple has new license terms which need to be accepted by logging into https://developer.apple.com/account
- name: Package app (MacOS only)
if: runner.os == 'macOS'
shell: bash
run: npm run app-package
env:
NODE_OPTIONS: '--max_old_space_size=6144'
APPLE_ID: ${{ runner.os == 'macOS' && secrets.DESIGNER_APPLE_ID || '' }}
APPLE_APP_SPECIFIC_PASSWORD: ${{ runner.os == 'macOS' && secrets.DESIGNER_APPLE_ID_PASSWORD || '' }}
CSC_LINK: ${{ matrix.csc_link_secret != '' && secrets[matrix.csc_link_secret] || '' }}
CSC_KEY_PASSWORD: ${{ matrix.csc_key_password_secret != '' && secrets[matrix.csc_key_password_secret] || '' }}

# creates unpacked electron-builder contents that can be signed afterwards
- name: Package unpacked app (Windows only)
if: matrix.os == 'windows-latest'
if: runner.os == 'Windows'
shell: bash
run: NODE_OPTIONS='--max_old_space_size=6144' npm run package:windows:unpacked -w insomnia

- name: Move .dll and .exe files to /tosign (PowerShell)
if: matrix.os == 'windows-latest'
if: runner.os == 'Windows'
shell: pwsh
run: |
New-Item -Path "packages/insomnia/dist/win-unpacked/tosign" -ItemType Directory -Force
Expand All @@ -110,7 +112,7 @@ jobs:
# signs unpacked electron-builder contents, in this case only the .exe
- name: Code-sign unpacked .exe (Windows only)
if: matrix.os == 'windows-latest'
if: runner.os == 'Windows'
uses: sslcom/esigner-codesign@develop
with:
command: batch_sign
Expand All @@ -123,7 +125,7 @@ jobs:
override: true

- name: Move .dll and .exe files back to win-unpacked and delete /tosign
if: matrix.os == 'windows-latest'
if: runner.os == 'Windows'
shell: pwsh
run: |
Get-ChildItem -Path "packages/insomnia/dist/win-unpacked/signed" -Filter *.dll | Move-Item -Destination "packages/insomnia/dist/win-unpacked"
Expand All @@ -133,7 +135,7 @@ jobs:
# re-packages the now code-signed electron-builder contents into a squirrel installer
- name: Package dist app (Windows only)
if: matrix.os == 'windows-latest'
if: runner.os == 'Windows'
shell: bash
run: |
docker pull ghcr.io/sslcom/codesigner-win:latest
Expand All @@ -155,7 +157,7 @@ jobs:
VERSION: ${{ env.INSO_VERSION }}

- name: Code-sign & create Inso CLI installer (macOS only)
if: matrix.os == 'macos-13'
if: runner.os == 'macOS'
run: ./src/scripts/macos-pkg.sh
shell: bash
working-directory: ./packages/${{ env.INSO_PACKAGE_NAME }}
Expand All @@ -168,7 +170,7 @@ jobs:
VERSION: ${{ env.INSO_VERSION }}

- name: Notarize Inso CLI installer (macOS only)
if: matrix.os == 'macos-13'
if: runner.os == 'macOS'
uses: lando/notarize-action@v2
with:
product-path: ./packages/${{ env.INSO_PACKAGE_NAME }}/artifacts/inso-${{ matrix.os }}-${{ env.INSO_VERSION }}.pkg
Expand All @@ -179,13 +181,13 @@ jobs:
verbose: true

- name: Staple Inso CLI installer (macOS only)
if: matrix.os == 'macos-13'
if: runner.os == 'macOS'
uses: BoundfoxStudios/action-xcode-staple@v1
with:
product-path: ./packages/${{ env.INSO_PACKAGE_NAME }}/artifacts/inso-${{ matrix.os }}-${{ env.INSO_VERSION }}.pkg

- name: Notarize Inso CLI binary (macOS only)
if: matrix.os == 'macos-13'
if: runner.os == 'macOS'
uses: lando/notarize-action@v2
with:
product-path: ./packages/${{ env.INSO_PACKAGE_NAME }}/binaries/inso
Expand Down Expand Up @@ -246,7 +248,7 @@ jobs:
update-pull-request:
timeout-minutes: ${{ fromJSON(vars.GHA_DEFAULT_TIMEOUT) }}
needs: build-and-upload-release-artifacts
runs-on: ubuntu-latest
runs-on: ubuntu-24.04
steps:
- name: Get release version
id: release_version
Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/release-publish.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -20,7 +20,7 @@ env:
jobs:
publish:
timeout-minutes: 15
runs-on: ubuntu-latest
runs-on: ubuntu-24.04
outputs:
NOTARY_REPOSITORY: ${{ env.NOTARY_REPOSITORY }}
INSO_BINARY_ARTIFACTS_SUBJECTS_AS_FILE: ${{ steps.cli_binary_hashes.outputs.handle }}
Expand Down
27 changes: 8 additions & 19 deletions .github/workflows/release-recurring.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -26,14 +26,14 @@ jobs:
fail-fast: false
matrix:
include:
- os: "macos-latest"
build-targets: "zip"
- os: "windows-latest"
build-targets: "portable"
- os: "ubuntu-22.04"
build-targets: "tar.gz"
- os: "ubuntu-24.04-arm"
build-targets: "tar.gz"
- os: macos-latest-large
build-targets: zip
- os: windows-latest
build-targets: portable
- os: ubuntu-24.04
build-targets: tar.gz
- os: ubuntu-24.04-arm
build-targets: tar.gz
steps:
- name: Checkout branch
uses: actions/checkout@v4
Expand All @@ -56,17 +56,6 @@ jobs:
shell: bash
run: NODE_OPTIONS='--max_old_space_size=6144' BUILD_TARGETS='${{ matrix.build-targets }}' npm run app-package

# - name: Set publish metadata # Checksum for provenance must be calculated before moving artifacts temporarily
# id: metadata
# run: |
# INSO_VERSION=$(jq .version packages/insomnia-inso/package.json -rj)
# echo "INSO_VERSION=${INSO_VERSION}" >> $GITHUB_ENV
# ./.github/scripts/generate-binary-digest.sh
# env:
# ARTIFACT_PATH: "packages"
# CLI_ARTIFACT_SHAFILE: ${{runner.temp}}/cli.sha256
# ELECTRON_ARTIFACT_SHAFILE: ${{runner.temp}}/electron.sha256

# See https://github.com/electron/electron/issues/42510#issuecomment-2171583086
- if: ${{ runner.os == 'Linux' }}
name: Lift unprivileged user namespace restrictions
Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/release-start.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -19,7 +19,7 @@ on:
jobs:
setup-release-branch:
timeout-minutes: 5
runs-on: ubuntu-latest
runs-on: ubuntu-24.04
steps:
- name: Checkout branch
uses: actions/checkout@v4
Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/sast.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -13,7 +13,7 @@ jobs:
semgrep:
timeout-minutes: 5
name: Semgrep SAST
runs-on: ubuntu-latest
runs-on: ubuntu-24.04
permissions:
# required for all workflows
security-events: write
Expand Down
4 changes: 2 additions & 2 deletions .github/workflows/test-cli.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -18,7 +18,7 @@ concurrency:
jobs:
Test:
timeout-minutes: 10
runs-on: ubuntu-latest
runs-on: ubuntu-24.04
steps:
- name: Checkout branch
uses: actions/checkout@v4
Expand Down Expand Up @@ -53,7 +53,7 @@ jobs:
shell: bash
run: |
INSO_VERSION="$(jq .version packages/insomnia-inso/package.json -rj)-run.${{ github.run_number }}"
PKG_NAME="inso-ubuntu-latest-$INSO_VERSION"
PKG_NAME="inso-ubuntu-24.04-$INSO_VERSION"
echo "pkg-name=$PKG_NAME" >> $GITHUB_OUTPUT
echo "inso-version=$INSO_VERSION" >> $GITHUB_OUTPUT
Expand Down
6 changes: 3 additions & 3 deletions .github/workflows/test.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -18,16 +18,16 @@ concurrency:
jobs:
Test:
timeout-minutes: 20
runs-on: ubuntu-22.04
runs-on: ubuntu-24.04
steps:
- name: Checkout branch
uses: actions/checkout@v4

- name: Setup Node
uses: actions/setup-node@v4
with:
node-version-file: ".nvmrc"
cache: 'npm'
node-version-file: .nvmrc
cache: npm
cache-dependency-path: package-lock.json

- name: Install packages
Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/update-changelog.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,7 @@ on:

jobs:
update:
runs-on: ubuntu-latest
runs-on: ubuntu-24.04

permissions:
# Give the default GITHUB_TOKEN write permission to commit and push the
Expand Down

0 comments on commit 0c7c50c

Please sign in to comment.