electron.yml

name: Build Electron App

on:
    workflow_dispatch:
    workflow_call:

jobs:
    build_and_deploy_electron_app_job:
        strategy:
            matrix:
                os: [{ name: 'windows', image: 'windows-latest' }, { name: 'macos', image: 'macos-latest' }]
        runs-on: ${{ matrix.os.image }}
        steps:
            - name: Github checkout
              uses: actions/checkout@v4

            - name: Set up Python
              uses: actions/setup-python@v4
              with:
                  python-version: '3.x'

            - name: Install dependencies
              run: python -m pip install --upgrade pip setuptools

            - name: Use Node.js
              uses: actions/setup-node@v3
              with:
                  node-version: 18
                  cache: 'npm'

            - name: Install dependencies
              run: npm install

            - name: Download certificate file for Mac
              run: |
                  if [ "$RUNNER_OS" == "macOS" ]; then
                      echo $APPLE_DEVELOPER_ID_FILE | base64 --decode >> developer-id.p12
                  fi
              shell: bash
              env:
                  APPLE_DEVELOPER_ID_FILE: ${{secrets.BCCM_APPLE_DEVELOPER_ID_FILE}}

            - name: Build for production
              run: npm run build:electron

            - name: Building the Electron app for Windows
              run: |
                  if [ "$RUNNER_OS" == "Windows" ]; then
                      npm run publish
                  fi
              shell: bash
              env:
                  AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
                  AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
                  GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

            - name: Code signing for Windows
              run: |
                  if [ "$RUNNER_OS" == "Windows" ]; then
                      set DOTNET_SKIP_FIRST_TIME_EXPERIENCE=true
                      dotnet tool install --global AzureSignTool --version 5.0.0
                      AzureSignTool.exe sign -du "https://explorers.biblekids.io" ^
                        -kvu "https://bccm-code-sign2.vault.azure.net" ^
                        --azure-key-vault-client-id $WINDOWS_CLIENT_ID ^
                        --azure-key-vault-client-secret $WINDOWS_CLIENT_PASSWORD ^
                        -kvc "BCC MEDIA STI" ^
                        -tr http://timestamp.digicert.com ^
                        -v ^
                        $(System.DefaultWorkingDirectory)\dist-app\*.exe
                  fi
              shell: bash
              env:
                  WINDOWS_CLIENT_ID: ${{secrets.BCCM_WINDOWS_CLIENT_ID}}
                  WINDOWS_CLIENT_PASSWORD: ${{secrets.BCCM_WINDOWS_CLIENT_PASSWORD}}

            - name: Building the Electron app for Mac
              run: |
                  if [ "$RUNNER_OS" == "macOS" ]; then
                      npm run publish
                  fi
              shell: bash
              env:
                  AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
                  AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
                  GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
                  CSC_LINK: developer-id.p12
                  CSC_KEY_PASSWORD: ${{secrets.BCCM_APPLE_DEVELOPER_ID_PASSWORD}}
                  APPLE_APP_SPECIFIC_PASSWORD: ${{secrets.BCCM_APPLE_APP_SPECIFIC_PASSWORD}}
                  APPLE_ID: ${{secrets.BCCM_APPLE_ID_USERNAME}}
                  APPLE_ID_PASSWORD: ${{secrets.BCCM_APPLE_APP_SPECIFIC_PASSWORD}}
                  APPLE_TEAM_ID: KJ6LCYQ3A8

            - name: Archive production artifacts
              uses: actions/upload-artifact@v3
              with:
                  name: app
                  path: |
                      dist-app/Bible-Explorers*