fix: persist auth state in electron storage (#182) #93

Workflow file for this run

.github/workflows/release.yml at 159a7a9

	name: Publish Release

	on:
	push:
	branches:
	- main
	workflow_dispatch:
	inputs:
	tag:
	description: "Version tag (e.g. v0.1.0). Leave empty to reuse package.json."
	required: false
	type: string

	permissions:
	contents: write

	jobs:
	determine-version:
	runs-on: ubuntu-latest
	outputs:
	should_publish: ${{ steps.detect.outputs.should_publish \|\| steps.manual.outputs.should_publish }}
	version: ${{ steps.detect.outputs.version \|\| steps.manual.outputs.version }}
	steps:
	- name: Checkout
	uses: actions/checkout@v5
	with:
	fetch-depth: 0

	- name: Manual version input
	if: github.event_name == 'workflow_dispatch'
	id: manual
	run: \|
	VERSION="${{ inputs.tag }}"
	if [ -z "$VERSION" ]; then
	VERSION=$(jq -r .version apps/array/package.json)
	fi
	VERSION="${VERSION#v}"
	if [ -z "$VERSION" ]; then
	echo "Failed to determine version for manual publish."
	exit 1
	fi
	echo "Using manual version $VERSION"
	echo "should_publish=true" >> "$GITHUB_OUTPUT"
	echo "version=$VERSION" >> "$GITHUB_OUTPUT"

	- name: Detect version change on main
	if: github.event_name != 'workflow_dispatch'
	id: detect
	run: \|
	if ! git rev-parse HEAD~1 >/dev/null 2>&1; then
	echo "Initial commit detected, skipping publish."
	echo "should_publish=false" >> "$GITHUB_OUTPUT"
	exit 0
	fi
	CURRENT_VERSION=$(jq -r .version apps/array/package.json)
	PREVIOUS_VERSION=$(git show HEAD~1:apps/array/package.json \| jq -r .version)
	if [ "$CURRENT_VERSION" = "$PREVIOUS_VERSION" ]; then
	echo "Version unchanged ($CURRENT_VERSION), skipping publish."
	echo "should_publish=false" >> "$GITHUB_OUTPUT"
	exit 0
	fi
	echo "Detected version bump from $PREVIOUS_VERSION to $CURRENT_VERSION"
	echo "should_publish=true" >> "$GITHUB_OUTPUT"
	echo "version=$CURRENT_VERSION" >> "$GITHUB_OUTPUT"

	publish:
	needs: determine-version
	if: needs.determine-version.outputs.should_publish == 'true'
	runs-on: macos-latest
	env:
	GH_TOKEN: ${{ secrets.POSTHOG_BOT_PAT }}
	GITHUB_TOKEN: ${{ secrets.POSTHOG_BOT_PAT }}
	NODE_ENV: production
	APP_VERSION: ${{ needs.determine-version.outputs.version }}
	APPLE_CODESIGN_IDENTITY: ${{ secrets.APPLE_CODESIGN_IDENTITY }}
	APPLE_ID: ${{ secrets.APPLE_ID }}
	APPLE_APP_SPECIFIC_PASSWORD: ${{ secrets.APPLE_APP_SPECIFIC_PASSWORD }}
	APPLE_TEAM_ID: ${{ secrets.APPLE_TEAM_ID }}
	APPLE_CODESIGN_CERT_BASE64: ${{ secrets.APPLE_CODESIGN_CERT_BASE64 }}
	APPLE_CODESIGN_CERT_PASSWORD: ${{ secrets.APPLE_CODESIGN_CERT_PASSWORD }}
	APPLE_CODESIGN_KEYCHAIN_PASSWORD: ${{ secrets.APPLE_CODESIGN_KEYCHAIN_PASSWORD }}
	steps:
	- name: Checkout
	uses: actions/checkout@v5
	with:
	fetch-depth: 0
	- name: Setup pnpm
	uses: pnpm/action-setup@v4
	- name: Setup Node.js
	uses: actions/setup-node@v4
	with:
	node-version: 22
	cache: "pnpm"
	- name: Install dependencies
	run: pnpm install --frozen-lockfile
	- name: Build agent package
	run: pnpm --filter @posthog/agent run build
	- name: Import code signing certificate
	if: env.APPLE_CODESIGN_IDENTITY != ''
	env:
	CERT_BASE64: ${{ env.APPLE_CODESIGN_CERT_BASE64 }}
	CERT_PASSWORD: ${{ env.APPLE_CODESIGN_CERT_PASSWORD }}
	KEYCHAIN_PASSWORD: ${{ env.APPLE_CODESIGN_KEYCHAIN_PASSWORD }}
	run: \|
	if [ -z "$CERT_BASE64" ] \|\| [ -z "$CERT_PASSWORD" ] \|\| [ -z "$KEYCHAIN_PASSWORD" ]; then
	echo "Missing code signing certificate secrets"
	exit 1
	fi
	KEYCHAIN="$RUNNER_TEMP/codesign.keychain-db"
	echo "$CERT_BASE64" \| base64 --decode > "$RUNNER_TEMP/certificate.p12"
	security create-keychain -p "$KEYCHAIN_PASSWORD" "$KEYCHAIN"
	security set-keychain-settings -lut 21600 "$KEYCHAIN"
	security unlock-keychain -p "$KEYCHAIN_PASSWORD" "$KEYCHAIN"
	security import "$RUNNER_TEMP/certificate.p12" -k "$KEYCHAIN" -P "$CERT_PASSWORD" -T /usr/bin/codesign -T /usr/bin/security
	security list-keychains -d user -s "$KEYCHAIN" $(security list-keychains -d user \| tr -d '"')
	security set-key-partition-list -S apple-tool:,apple:,codesign: -s -k "$KEYCHAIN_PASSWORD" "$KEYCHAIN"
	rm "$RUNNER_TEMP/certificate.p12"
	- name: Verify package version
	run: \|
	PACKAGE_VERSION=$(jq -r .version apps/array/package.json)
	if [ "$PACKAGE_VERSION" != "$APP_VERSION" ]; then
	echo "Package version $PACKAGE_VERSION does not match expected $APP_VERSION"
	exit 1
	fi
	- name: Create or reuse tag
	run: \|
	TAG="v$APP_VERSION"
	git fetch --tags
	if git rev-parse "refs/tags/$TAG" >/dev/null 2>&1; then
	echo "Tag $TAG already exists, reusing it."
	else
	git config user.name "posthog-bot"
	git config user.email "[email protected]"
	git tag -a "$TAG" -m "Release $TAG"
	git push https://x-access-token:${GH_TOKEN}@github.com/${{ github.repository }} "$TAG"
	fi
	- name: Build native modules
	run: pnpm --filter array run build-native
	- name: Publish with Electron Forge
	run: pnpm --filter array run publish

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

fix: persist auth state in electron storage (#182) #93

Workflow file

fix: persist auth state in electron storage (#182) #93

Uh oh!

Jobs

Run details

Workflow file for this run