.github/workflows/release.yml

name: Generate and Release bundled CLI

on:
    push:
        tags:
            - 'v*.*.*'

jobs:
    build:
        strategy:
            matrix:
                settings:
                    - host: macos-12
                      target: macos-x64
                    - host: macos-14
                      target: macos-arm64
                    - host: windows-2022
                      target: win-x64
                      extension: .exe
                    - host: ubuntu-latest
                      target: linux-x64
        runs-on: ${{ matrix.settings.host }}
        name: dev build - ${{ matrix.settings.target }} - node@18
        steps:
            - uses: actions/checkout@v3
            - name: Use Node.js
              uses: actions/setup-node@v3
              with:
                  node-version: 18.x

            - run: yarn
            - run: yarn run build
            # remove dev dependencies before packaging
            - run: yarn workspaces focus --all --production
            # package final binaries
            - run: |
                  yarn dlx @yao-pkg/pkg . -t node18-${{ matrix.settings.target }} -o bundle/dcli-${{ matrix.settings.target }}${{ matrix.settings.extension }} -C GZip "--public" "--public-packages" "tslib,thirty-two" "--no-bytecode"

            - name: Archive binary artifact
              uses: actions/upload-artifact@v3
              with:
                  name: dcli-${{ matrix.settings.target }}
                  path: bundle/dcli-${{ matrix.settings.target }}${{ matrix.settings.extension }}
                  retention-days: 1

    sign:
        runs-on: ubuntu-latest
        needs: build
        steps:
            - uses: actions/checkout@v3

            - name: Download all artifacts
              uses: actions/download-artifact@v3
              with:
                  path: artifacts

            - name: List artifacts
              run: ls -R artifacts
              shell: bash

            - name: Sign Artifact with CodeSignTool
              uses: sslcom/esigner-codesign@develop
              with:
                  command: sign
                  username: ${{ secrets.ES_USERNAME }}
                  password: ${{ secrets.ES_PASSWORD }}
                  # Credential ID for signing certificate.
                  credential_id: ${{ secrets.CREDENTIAL_ID }}
                  # OAuth TOTP Secret (https://www.ssl.com/how-to/automate-esigner-ev-code-signing)
                  totp_secret: ${{ secrets.ES_TOTP_SECRET }}
                  # Path of code object to be signed
                  file_path: artifacts/dcli-win-x64/dcli-win-x64.exe
                  # Directory where signed code object(s) will be written.
                  output_path: signed
                  malware_block: false
                  environment_name: PROD

            - run: mv signed/dcli-win-x64.exe signed/dcli-win-x64-signed.exe

            - name: Archive binary artifact
              uses: actions/upload-artifact@v3
              with:
                  name: dcli-win-x64-signed
                  path: signed/dcli-win-x64-signed.exe
                  retention-days: 1

    release:
        runs-on: ubuntu-latest
        needs:
            - build
            - sign
        steps:
            - uses: actions/checkout@v3

            - name: Download all artifacts
              uses: actions/download-artifact@v3
              with:
                  path: artifacts

            - name: List artifacts
              run: ls -R artifacts
              shell: bash

            - name: Release
              uses: softprops/action-gh-release@v0.1.14
              with:
                  files: |
                      artifacts/dcli-linux-x64/dcli-linux-x64
                      artifacts/dcli-macos-x64/dcli-macos-x64
                      artifacts/dcli-macos-arm64/dcli-macos-arm64
                      artifacts/dcli-win-x64/dcli-win-x64.exe
                      artifacts/dcli-win-x64-signed/dcli-win-x64-signed.exe