Remove a lot of pop().unwrap() #19205
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: build-apps | |
| on: | |
| pull_request: | |
| push: | |
| branches: | |
| - main | |
| tags: | |
| - 'v[0-9]+.[0-9]+.[0-9]+' | |
| env: | |
| IS_RELEASE: ${{ github.ref_type == 'tag' && startsWith(github.ref_name, 'v') }} | |
| IS_STAGING: ${{ github.event_name == 'push' && github.ref == 'refs/heads/main' }} | |
| concurrency: | |
| group: ${{ github.workflow }}-${{ github.ref }} | |
| cancel-in-progress: true | |
| jobs: | |
| prepare-files: | |
| runs-on: namespace-profile-ubuntu-8-cores | |
| outputs: | |
| version: ${{ steps.export_version.outputs.version }} | |
| notes: ${{ steps.export_notes.outputs.notes }} | |
| steps: | |
| - uses: actions/checkout@v5 | |
| - uses: actions/setup-node@v4 | |
| with: | |
| node-version-file: '.nvmrc' | |
| cache: 'npm' | |
| - run: npm install | |
| - id: filter | |
| name: Check for Rust changes | |
| uses: dorny/paths-filter@v3 | |
| with: | |
| filters: | | |
| rust: | |
| - 'rust/**' | |
| - name: Download Wasm Cache | |
| id: download-wasm | |
| if: ${{ github.event_name == 'pull_request' && steps.filter.outputs.rust == 'false' }} | |
| uses: dawidd6/action-download-artifact@v11 | |
| continue-on-error: true | |
| with: | |
| github_token: ${{secrets.GITHUB_TOKEN}} | |
| name: wasm-bundle | |
| workflow: build-and-store-wasm.yml | |
| branch: main | |
| path: rust/kcl-wasm-lib/pkg | |
| - name: Build WASM condition | |
| id: wasm | |
| run: | | |
| set -euox pipefail | |
| # Build wasm if this is a push to main or tag, there are Rust changes, or | |
| # downloading from the wasm cache failed. | |
| if [[ ${{github.event_name}} == 'push' || ${{steps.filter.outputs.rust}} == 'true' || ${{steps.download-wasm.outcome}} == 'failure' ]]; then | |
| echo "should-build-wasm=true" >> $GITHUB_OUTPUT | |
| else | |
| echo "should-build-wasm=false" >> $GITHUB_OUTPUT | |
| fi | |
| - name: Use correct Rust toolchain | |
| if: ${{ steps.wasm.outputs.should-build-wasm == 'true' }} | |
| shell: bash | |
| run: | | |
| [ -e rust-toolchain.toml ] || cp rust/rust-toolchain.toml ./ | |
| - name: Install rust | |
| if: ${{ steps.wasm.outputs.should-build-wasm == 'true' }} | |
| uses: actions-rust-lang/setup-rust-toolchain@v1 | |
| with: | |
| cache: false # Configured below. | |
| - uses: taiki-e/install-action@c5b1b6f479c32f356cc6f4ba672a47f63853b13b | |
| if: ${{ steps.wasm.outputs.should-build-wasm == 'true' }} | |
| with: | |
| tool: wasm-pack | |
| - name: Rust Cache | |
| if: ${{ steps.wasm.outputs.should-build-wasm == 'true' }} | |
| uses: Swatinem/rust-cache@v2 | |
| with: | |
| workspaces: rust | |
| - name: Run build:wasm | |
| if: ${{ steps.wasm.outputs.should-build-wasm == 'true' }} | |
| run: "npm run build:wasm" | |
| - name: Set staging version, product name, release notes, and icons | |
| if: ${{ env.IS_STAGING == 'true' }} | |
| env: | |
| WINDOWS_CERTIFICATE_THUMBPRINT: ${{ secrets.WINDOWS_CERTIFICATE_ZOO_THUMBPRINT }} | |
| run: | | |
| COMMIT=$(git rev-parse --short HEAD) | |
| DATE=$(date +'%-y.%-m.%-d') | |
| export VERSION=$DATE-main.$COMMIT | |
| npm run files:set-version | |
| npm run files:flip-to-staging | |
| npm run files:set-windows-codesign-config | |
| - name: Set release version and windows codesign config | |
| if: ${{ env.IS_RELEASE == 'true' }} | |
| env: | |
| WINDOWS_CERTIFICATE_THUMBPRINT: ${{ secrets.WINDOWS_CERTIFICATE_ZOO_THUMBPRINT }} | |
| run: | | |
| export VERSION=${GITHUB_REF_NAME#v} | |
| npm run files:set-version | |
| npm run files:set-windows-codesign-config | |
| - uses: actions/upload-artifact@v4 | |
| with: | |
| name: prepared-files | |
| path: | | |
| package.json | |
| electron-builder.yml | |
| rust/kcl-wasm-lib/pkg/kcl_wasm_lib* | |
| release-notes.md | |
| assets/icon.ico | |
| assets/icon.png | |
| - id: export_version | |
| run: echo "version=`cat package.json | jq -r '.version'`" >> "$GITHUB_OUTPUT" | |
| - id: export_notes | |
| run: echo "notes=`cat release-notes.md`" >> "$GITHUB_OUTPUT" | |
| build-apps: | |
| needs: [prepare-files] | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| include: | |
| - os: namespace-profile-macos-6-cores | |
| platform: macos | |
| - os: namespace-profile-windows-4-cores | |
| platform: windows | |
| - os: ubuntu-22.04 | |
| platform: linux | |
| runs-on: ${{ matrix.os }} | |
| name: build-apps (${{ matrix.platform }}) | |
| env: | |
| VERSION_NO_V: ${{ needs.prepare-files.outputs.version }} | |
| steps: | |
| - uses: actions/checkout@v5 | |
| - uses: actions/download-artifact@v4 | |
| name: prepared-files | |
| - name: Copy prepared files | |
| run: | | |
| ls -R prepared-files | |
| cp prepared-files/package.json package.json | |
| cp prepared-files/electron-builder.yml electron-builder.yml | |
| cp prepared-files/rust/kcl-wasm-lib/pkg/kcl_wasm_lib_bg.wasm public | |
| mkdir rust/kcl-wasm-lib/pkg | |
| cp prepared-files/rust/kcl-wasm-lib/pkg/kcl_wasm_lib* rust/kcl-wasm-lib/pkg | |
| cp prepared-files/release-notes.md release-notes.md | |
| cp prepared-files/assets/icon.ico assets/icon.ico | |
| cp prepared-files/assets/icon.png assets/icon.png | |
| - name: Sync node version and setup cache | |
| uses: actions/setup-node@v4 | |
| with: | |
| node-version-file: '.nvmrc' | |
| cache: 'npm' # Set this to npm, npm or pnpm. | |
| - run: npm install | |
| - name: Prepare certificate and variables (Windows only) | |
| if: ${{ (env.IS_RELEASE == 'true' || env.IS_STAGING == 'true') && matrix.platform == 'windows' }} | |
| run: | | |
| echo "${{secrets.SM_SERVICE_CLIENT_CERT_FILE_B64 }}" | base64 --decode > /c/Certificate_pkcs12.p12 | |
| cat /c/Certificate_pkcs12.p12 | |
| echo "::set-output name=version::${GITHUB_REF#refs/tags/v}" | |
| echo "SM_HOST=${{ secrets.SM_HOST }}" >> "$GITHUB_ENV" | |
| echo "SM_API_KEY=${{ secrets.SM_SERVICE_API_KEY }}" >> "$GITHUB_ENV" | |
| echo "SM_CLIENT_CERT_FILE=C:\\Certificate_pkcs12.p12" >> "$GITHUB_ENV" | |
| echo "SM_CLIENT_CERT_PASSWORD=${{ secrets.SM_SERVICE_CLIENT_CERT_PASSWORD }}" >> "$GITHUB_ENV" | |
| echo "C:\Program Files (x86)\Windows Kits\10\App Certification Kit" >> $GITHUB_PATH | |
| echo "C:\Program Files (x86)\Microsoft SDKs\Windows\v10.0A\bin\NETFX 4.8 Tools" >> $GITHUB_PATH | |
| echo "C:\Program Files\DigiCert\DigiCert One Signing Manager Tools" >> $GITHUB_PATH | |
| shell: bash | |
| - name: Setup certicate with SSM KSP (Windows only) | |
| if: ${{ (env.IS_RELEASE == 'true' || env.IS_STAGING == 'true') && matrix.platform == 'windows' }} | |
| run: | | |
| curl -X GET https://one.digicert.com/signingmanager/api-ui/v1/releases/smtools-windows-x64.msi/download -H "x-api-key:%SM_API_KEY%" -o smtools-windows-x64.msi | |
| msiexec /i smtools-windows-x64.msi /quiet /qn | |
| smksp_registrar.exe list | |
| smctl.exe keypair ls | |
| C:\Windows\System32\certutil.exe -csp "DigiCert Signing Manager KSP" -key -user | |
| smksp_cert_sync.exe | |
| smctl windows certsync --keypair-alias=${{ secrets.WINDOWS_CERTIFICATE_ZOO_KEYPAIR_ALIAS }} | |
| # This last line `smctl windows certsync` was added after windows codesign failures started happening | |
| # with staging-v25.4.10. It looks like `smksp_cert_sync.exe` used to do the sync to the local cert store, | |
| # but stopped doing it overnight. This extra call that I randomly got from this azure-related doc page | |
| # https://docs.digicert.com/en/digicert-keylocker/code-signing/sign-with-third-party-signing-tools/windows-applications/sign-azure-apps-with-signtool-using-ksp-library.html#sync-certificates--windows-only--618365 | |
| # seems to be doing that extra sync that we need for scripts/sign-win.js to work. | |
| # TODO: we still need to make sign-win.js errors fail the workflow, see issue #6276 | |
| shell: cmd | |
| - name: Build the app (debug) | |
| if: ${{ env.IS_RELEASE == 'false' && env.IS_STAGING == 'false' }} | |
| # electron-builder doesn't have a concept of release vs debug, | |
| # this is just not doing any codesign or release yml generation, and points to dev infra | |
| run: npm run tronb:package:dev | |
| - name: Build the app (release) | |
| if: ${{ env.IS_RELEASE == 'true' || env.IS_STAGING == 'true' }} | |
| env: | |
| APPLE_ID: ${{ secrets.APPLE_ID }} | |
| APPLE_PASSWORD: ${{ secrets.APPLE_PASSWORD }} | |
| APPLE_APP_SPECIFIC_PASSWORD: ${{ secrets.APPLE_PASSWORD }} | |
| APPLE_TEAM_ID: ${{ secrets.APPLE_TEAM_ID }} | |
| CSC_LINK: ${{ secrets.APPLE_CERTIFICATE }} | |
| CSC_KEY_PASSWORD: ${{ secrets.APPLE_CERTIFICATE_PASSWORD }} | |
| CSC_KEYCHAIN: ${{ secrets.APPLE_SIGNING_IDENTITY }} | |
| # Windows codesign config is part of electron-builder.yml and handled in prepare-files | |
| run: npm run tronb:package:${{ env.IS_STAGING == 'true' && 'dev' || 'prod' }} | |
| - name: List artifacts in out/ | |
| run: ls -R out | |
| - uses: actions/upload-artifact@v4 | |
| with: | |
| name: out-arm64-${{ matrix.platform }} | |
| # first two will pick both Zoo Design Studio-$VERSION-arm64-win.exe and Zoo Design Studio-$VERSION-win.exe | |
| path: | | |
| out/*-${{ env.VERSION_NO_V }}-win.* | |
| out/*-${{ env.VERSION_NO_V }}-arm64-win.* | |
| out/*-arm64-mac.* | |
| out/*-arm64-linux.* | |
| - uses: actions/upload-artifact@v4 | |
| with: | |
| name: out-x64-${{ matrix.platform }} | |
| path: | | |
| out/*-x64-win.* | |
| out/*-x64-mac.* | |
| out/*-x86_64-linux.* | |
| - uses: actions/upload-artifact@v4 | |
| if: ${{ env.IS_RELEASE == 'true' || env.IS_STAGING == 'true' }} | |
| with: | |
| name: out-yml-${{ matrix.platform }} | |
| path: | | |
| out/latest*.yml | |
| # TODO: add the 'Build for Mac TestFlight' stage back | |
| upload-apps-release: | |
| runs-on: namespace-profile-ubuntu-2-cores | |
| permissions: | |
| contents: write | |
| # Equivalent to IS_RELEASE || IS_STAGING (but we can't access those env vars here) | |
| if: ${{ (github.ref_type == 'tag' && startsWith(github.ref_name, 'v')) || (github.event_name == 'push' && github.ref == 'refs/heads/main') }} | |
| env: | |
| VERSION_NO_V: ${{ needs.prepare-files.outputs.version }} | |
| VERSION: ${{ format('v{0}', needs.prepare-files.outputs.version) }} | |
| needs: [prepare-files, build-apps] | |
| steps: | |
| - uses: actions/checkout@v5 | |
| - uses: actions/download-artifact@v4 | |
| with: | |
| name: out-arm64-windows | |
| path: out | |
| - uses: actions/download-artifact@v4 | |
| with: | |
| name: out-x64-windows | |
| path: out | |
| - uses: actions/download-artifact@v4 | |
| with: | |
| name: out-yml-windows | |
| path: out | |
| - uses: actions/download-artifact@v4 | |
| with: | |
| name: out-arm64-macos | |
| path: out | |
| - uses: actions/download-artifact@v4 | |
| with: | |
| name: out-x64-macos | |
| path: out | |
| - uses: actions/download-artifact@v4 | |
| with: | |
| name: out-yml-macos | |
| path: out | |
| - uses: actions/download-artifact@v4 | |
| with: | |
| name: out-arm64-linux | |
| path: out | |
| - uses: actions/download-artifact@v4 | |
| with: | |
| name: out-x64-linux | |
| path: out | |
| - uses: actions/download-artifact@v4 | |
| with: | |
| name: out-yml-linux | |
| path: out | |
| - name: Generate the download static endpoint | |
| env: | |
| NOTES: ${{ needs.prepare-files.outputs.notes }} | |
| PUB_DATE: ${{ github.event.repository.updated_at }} | |
| WEBSITE_DIR: ${{ env.IS_STAGING == 'true' && 'dl.zoo.dev/releases/design-studio/staging' || 'dl.zoo.dev/releases/design-studio' }} | |
| URL_CODED_NAME: ${{ env.IS_STAGING == 'true' && 'Zoo%20Design%20Studio%20%28Staging%29' || 'Zoo%20Design%20Studio' }} | |
| run: | | |
| RELEASE_DIR=https://${WEBSITE_DIR} | |
| jq --null-input \ | |
| --arg version "${VERSION}" \ | |
| --arg pub_date "${PUB_DATE}" \ | |
| --arg notes "${NOTES}" \ | |
| --arg mac_arm64_url "$RELEASE_DIR/${{ env.URL_CODED_NAME }}-${VERSION_NO_V}-arm64-mac.dmg" \ | |
| --arg mac_x64_url "$RELEASE_DIR/${{ env.URL_CODED_NAME }}-${VERSION_NO_V}-x64-mac.dmg" \ | |
| --arg windows_arm64_url "$RELEASE_DIR/${{ env.URL_CODED_NAME }}-${VERSION_NO_V}-arm64-win.exe" \ | |
| --arg windows_x64_url "$RELEASE_DIR/${{ env.URL_CODED_NAME }}-${VERSION_NO_V}-x64-win.exe" \ | |
| --arg linux_arm64_url "$RELEASE_DIR/${{ env.URL_CODED_NAME }}-${VERSION_NO_V}-arm64-linux.AppImage" \ | |
| --arg linux_x64_url "$RELEASE_DIR/${{ env.URL_CODED_NAME }}-${VERSION_NO_V}-x86_64-linux.AppImage" \ | |
| '{ | |
| "version": $version, | |
| "pub_date": $pub_date, | |
| "notes": $notes, | |
| "platforms": { | |
| "dmg-arm64": { | |
| "url": $mac_arm64_url | |
| }, | |
| "dmg-x64": { | |
| "url": $mac_x64_url | |
| }, | |
| "exe-arm64": { | |
| "url": $windows_arm64_url | |
| }, | |
| "exe-x64": { | |
| "url": $windows_x64_url | |
| }, | |
| "appimage-arm64": { | |
| "url": $linux_arm64_url | |
| }, | |
| "appimage-x64": { | |
| "url": $linux_x64_url | |
| } | |
| } | |
| }' > out/last_download.json | |
| cat out/last_download.json | |
| - uses: actions/upload-artifact@v4 | |
| with: | |
| name: out-download-json | |
| path: out/last_download.json | |
| - name: List artifacts | |
| run: "ls -R out" | |
| - name: Authenticate to Google Cloud | |
| if: ${{ env.IS_STAGING == 'true' }} | |
| uses: 'google-github-actions/[email protected]' | |
| with: | |
| credentials_json: '${{ secrets.GOOGLE_CLOUD_DL_SA }}' | |
| - name: Set up Google Cloud SDK | |
| if: ${{ env.IS_STAGING == 'true' }} | |
| uses: google-github-actions/[email protected] | |
| with: | |
| project_id: ${{ env.GOOGLE_CLOUD_PROJECT_ID }} | |
| - name: Upload staging files to public bucket | |
| if: ${{ env.IS_STAGING == 'true' }} | |
| uses: google-github-actions/[email protected] | |
| with: | |
| path: out | |
| glob: '*' | |
| parent: false | |
| destination: 'dl.kittycad.io/releases/design-studio/staging' | |
| - name: Invalidate bucket cache on latest*.yml and last_download.json files | |
| if: ${{ env.IS_STAGING == 'true' }} | |
| run: npm run files:invalidate-bucket:staging |