mattermostest/.github/workflows/nightly-main.yml

name: nightly-main

on:
  workflow_call:
    inputs:
      tag:
        description: "Reference tag of the nightly build"
        required: true
        type: string
  workflow_dispatch:
    inputs:
      tag:
        description: "Reference tag of the nightly build"
        required: true
        type: string

defaults:
  run:
    shell: bash

env:
  TERM: xterm
  MM_WIN_INSTALLERS: 1
  REFERENCE: ${{ inputs.tag }}

jobs:
  build-linux:
    runs-on: ubuntu-22.04
    steps:
      - name: ci/checkout-repo
        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
        with:
          ref: ${{ env.REFERENCE }}
      - name: ci/setup-node
        uses: actions/setup-node@1d0ff469b7ec7b3cb9d8673fde0c81c44821de2a # v4.2.0
        with:
          node-version-file: "package.json"
          cache: "npm"
          cache-dependency-path: package-lock.json
      - name: ci/install-dependencies
        env:
          PLAYWRIGHT_SKIP_BROWSER_DOWNLOAD: 1
        run: |
          wget -qO - https://download.opensuse.org/repositories/Emulators:/Wine:/Debian/xUbuntu_22.04/Release.key | sudo apt-key add -
          wget -qO /usr/local/bin/yq https://github.com/mikefarah/yq/releases/download/v4.20.1/yq_linux_amd64 && chmod a+x /usr/local/bin/yq
          sudo apt-get update || true && sudo apt-get install -y ca-certificates libxtst-dev libpng++-dev gcc-aarch64-linux-gnu g++-aarch64-linux-gnu jq icnsutils graphicsmagick tzdata
          npm ci
      - name: ci/build
        run: |
          mkdir -p ./build/linux
          npm run package:linux
          bash -x ./scripts/patch_updater_yml.sh
          bash -x ./scripts/cp_artifacts.sh release ./build/linux
      - name: ci/upload-build
        uses: actions/upload-artifact@4cec3d8aa04e39d1a68397de0c4cd6fb9dce8ec1 # v4.6.1
        with:
          name: build-nightly-main-${{ runner.os }}
          path: ./build
          compression-level: 0
          retention-days: 5 ## No need to keep them since they are uploaded on S3

  build-msi-installer:
    runs-on: windows-2022
    steps:
      - name: nightly/checkout-repo
        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
        with:
          ref: ${{ env.REFERENCE }}
      - name: nightly/setup-node
        uses: actions/setup-node@1d0ff469b7ec7b3cb9d8673fde0c81c44821de2a # v4.2.0
        with:
          node-version-file: "package.json"
          cache: "npm"
          cache-dependency-path: package-lock.json
      - name: nightly/install-deps
        shell: powershell
        run: |
          choco install yq --version 4.15.1 -y
          npm i -g node-gyp
          node-gyp install
          node-gyp install --devdir="C:\Users\runneradmin\.electron-gyp" --target=$(jq -r .devDependencies.electron package.json) --dist-url="https://electronjs.org/headers"
          node-gyp install --devdir="C:\Users\runneradmin\.electron-gyp" --target=$(jq -r .devDependencies.electron package.json) --dist-url="https://electronjs.org/headers" --arch arm64
          npm ci --openssl_fips=''
      - name: nightly/test
        uses: ./.github/actions/test
      - name: nightly/build
        shell: powershell
        env:
          MM_WIN_INSTALLERS: 1
          PFX_KEY: ${{ secrets.MM_DESKTOP_MSI_INSTALLER_PFX_KEY }}
          CSC_KEY_PASSWORD: ${{ secrets.MM_DESKTOP_MSI_INSTALLER_CSC_KEY_PASSWORD }}
          PFX: ${{ secrets.MM_DESKTOP_MSI_INSTALLER_PFX }}
          CSC_LINK: ${{ secrets.MM_DESKTOP_MSI_INSTALLER_CSC_LINK }}
        run: npm run package:windows-installers
      - name: nightly/package
        run: |
          mkdir -p ./build/win-release
          bash -x ./scripts/patch_updater_yml.sh
          bash -x ./scripts/cp_artifacts.sh release ./build/win-release
      - name: nightly/upload-build
        uses: actions/upload-artifact@4cec3d8aa04e39d1a68397de0c4cd6fb9dce8ec1 # v4.6.1
        with:
          name: build-nightly-main-${{ runner.os }}
          path: ./build
          compression-level: 0
          retention-days: 5 ## No need to keep them since they are uploaded on S3

  mac-app-store-preflight:
    runs-on: macos-15
    env:
      MAS_PROFILE: ${{ secrets.MM_DESKTOP_MAC_APP_STORE_MAS_PROFILE }}
      MACOS_API_KEY_ID: ${{ secrets.MM_DESKTOP_MAC_APP_STORE_MACOS_API_KEY_ID }}
      MACOS_API_KEY: ${{ secrets.MM_DESKTOP_MAC_APP_STORE_MACOS_API_KEY }}
      MACOS_API_ISSUER_ID: ${{ secrets.MM_DESKTOP_MAC_APP_STORE_MACOS_API_ISSUER_ID }}
      CSC_FOR_PULL_REQUEST: true
      CSC_KEY_PASSWORD: ${{ secrets.MM_DESKTOP_MAC_APP_STORE_CSC_KEY_PASSWORD}}
      CSC_LINK: ${{ secrets.MM_DESKTOP_MAC_APP_STORE_CSC_LINK }}
    steps:
      - name: nightly/checkout-repo
        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
        with:
          ref: ${{ env.REFERENCE }}
      - name: nightly/setup-node
        uses: actions/setup-node@1d0ff469b7ec7b3cb9d8673fde0c81c44821de2a # v4.2.0
        with:
          node-version-file: "package.json"
          cache: "npm"
          cache-dependency-path: package-lock.json
      - name: nightly/install-dependencies
        run: |
          brew install yq
          sudo xcode-select -s /Applications/Xcode_16.2.app/Contents/Developer
          npm ci
      - name: nightly/copy-provisioning-profile
        run: echo $MAS_PROFILE | base64 -D > ./mas.provisionprofile
      - name: nightly/patch-version-number-for-MAS
        run: ./scripts/patch_mas_version.sh
      - name: nightly/test
        uses: ./.github/actions/test
      - name: nightly/package
        run: npm run package:mas
      - name: nightly/publish
        run: fastlane publish_test path:"$(find . -name \*.pkg -print -quit)"

  build-mac-installer:
    runs-on: macos-15
    needs:
      - mac-app-store-preflight
    steps:
      - name: nightly/checkout-repo
        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
        with:
          ref: ${{ env.REFERENCE }}
      - name: nightly/setup-node
        uses: actions/setup-node@1d0ff469b7ec7b3cb9d8673fde0c81c44821de2a # v4.2.0
        with:
          node-version-file: "package.json"
          cache: "npm"
          cache-dependency-path: package-lock.json
      - name: nightly/install-dependencies
        run: |
          brew install yq rename
          sudo xcode-select -s /Applications/Xcode_16.2.app/Contents/Developer
          npm ci
      - name: nightly/test
        uses: ./.github/actions/test
      - name: nightly/build
        env:
          APPLE_API_KEY_ID: ${{ secrets.MM_DESKTOP_MAC_APP_STORE_MACOS_API_KEY_ID }}
          APPLE_API_KEY_RAW: ${{ secrets.MM_DESKTOP_MAC_APP_STORE_MACOS_API_KEY }}
          APPLE_API_KEY: "./key.p8"
          APPLE_API_ISSUER: ${{ secrets.MM_DESKTOP_MAC_APP_STORE_MACOS_API_ISSUER_ID }}
          CSC_FOR_PULL_REQUEST: true
          CSC_KEY_PASSWORD: ${{ secrets.MM_DESKTOP_MAC_INSTALLER_CSC_KEY_PASSWORD }}
          CSC_LINK: ${{ secrets.MM_DESKTOP_MAC_INSTALLER_CSC_LINK }}
          MAC_PROFILE: ${{ secrets.MM_DESKTOP_MAC_INSTALLER_DMG_PROFILE }}
        run: |
          echo $MAC_PROFILE | base64 -D > ./mac.provisionprofile
          zsh -c 'echo -n $APPLE_API_KEY_RAW > ./key.p8'
          mkdir -p ./build/macos-release
          npm run package:mac-with-universal
          bash -x ./scripts/patch_updater_yml.sh
          bash -x ./scripts/cp_artifacts.sh release ./build/macos-release
      - name: nightly/rename-arm64-to-m1
        run: rename 's/arm64/m1/' ./build/macos-release/$(jq -r .version package.json)/*
      - name: nightly/upload-build
        uses: actions/upload-artifact@4cec3d8aa04e39d1a68397de0c4cd6fb9dce8ec1 # v4.6.1
        with:
          name: build-nightly-main-${{ runner.os }}
          path: ./build
          compression-level: 0
          retention-days: 5 ## No need to keep them since they are uploaded on S3

  upload-to-s3:
    runs-on: ubuntu-22.04
    outputs:
      links: ${{ steps.generate-linklist.outputs.linklist }}
    needs:
      - build-mac-installer
      - build-msi-installer
      - build-linux
    steps:
      - name: nightly/checkout-repo
        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
        with:
          ref: ${{ env.REFERENCE }}
      - name: nightly/setup-aws-credentials
        uses: aws-actions/configure-aws-credentials@ececac1a45f3b08a01d2dd070d28d111c5fe6722 # v4.1.0
        with:
          aws-region: us-east-1
          aws-access-key-id: ${{ secrets.MM_DESKTOP_RELEASE_AWS_ACCESS_KEY_ID }}
          aws-secret-access-key: ${{ secrets.MM_DESKTOP_RELEASE_AWS_SECRET_ACCESS_KEY }}
      - name: nightly/download-builds
        uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8
        with:
          path: build
          pattern: build-nightly-main-*
          merge-multiple: true
      - name: nightly/setup-files-for-aws
        run: |
          mkdir -p ./aws-s3-dist
          cp -r --backup=numbered ./build/{macos-release,win-release,linux}/* ./aws-s3-dist
      - name: nightly/upload-to-s3
        run: aws s3 cp ./aws-s3-dist/ s3://releases.mattermost.com/desktop/ --acl public-read --cache-control "no-cache" --recursive
      - name: nightly/generate-linklist
        id: generate-linklist
        run: |
          mkdir -p ./links
          echo "### Nightly builds:" > ./links/linklist.txt
          echo "Links for $(date +"%b-%d-%Y")" >> ./links/linklist.txt
          echo "##### :tux: Linux" >> ./links/linklist.txt
          for i in `ls ./build/linux/$(jq -r .version package.json)/` ; do echo "- [$i](https://s3.amazonaws.com/releases.mattermost.com/desktop/$(jq -r .version package.json)/$i)" ; done >> ./links/linklist.txt
          echo "##### :apple_logo: macOS" >> ./links/linklist.txt
          for i in `ls ./build/macos-release/$(jq -r .version package.json)/` ; do echo "- [$i](https://s3.amazonaws.com/releases.mattermost.com/desktop/$(jq -r .version package.json)/$i)" ; done >> ./links/linklist.txt
          echo "##### :windows: Windows" >> ./links/linklist.txt
          for i in `ls ./build/win-release/$(jq -r .version package.json)/` ; do echo "- [$i](https://s3.amazonaws.com/releases.mattermost.com/desktop/$(jq -r .version package.json)/$i)" ; done >> ./links/linklist.txt
          cat ./links/linklist.txt
          LINKLIST=$(<./links/linklist.txt)
          ## https://docs.github.com/en/actions/using-workflows/workflow-commands-for-github-actions#multiline-strings
          echo 'linklist<<EOF' >> $GITHUB_OUTPUT
          echo "$LINKLIST" >> $GITHUB_OUTPUT
          echo 'EOF' >> $GITHUB_OUTPUT

  share-links-to-channel:
    runs-on: ubuntu-22.04
    needs:
      - upload-to-s3
    steps:
      - name: nightly/share-links-to-channel
        run: |
          jq --null-input \
          --arg icon_url "https://upload.wikimedia.org/wikipedia/commons/1/17/Luna_symbol.png" \
          --arg username "NightBuilder" \
          --arg text "${{ needs.upload-to-s3.outputs.links }}" \
          '{"username":$username,"icon_url": $icon_url, "text": $text }' > /tmp/webhook-data.json
          curl -i -X POST -H "Content-Type: application/json" -d @/tmp/webhook-data.json ${{ secrets.MM_DESKTOP_NIGHTLY_WEBHOOK_URL }}