RK-20408 - ci-refactoring

.circleci/config.yml

@@ -6,38 +6,39 @@ references:
         only: master
 
 jobs:
-  publish:
+  build:
     macos:
       xcode: "15.0.0"
+    resource_class: macos.x86.medium.gen2
     steps:
       - checkout
       - restore_cache:
           key: homebrew-cache-{{ arch }}-{{ .Environment.CACHE_VERSION }}-{{ checksum ".circleci/config.yml" }}
+
       - run:
-          name: Build and Publish
+          name: Install Wine
           command: |
             # wine is required to sign windows executables
             brew install --cask xquartz
             brew install --cask wine-stable
-            # install gcloud sdk
-            curl -fsSL https://dl.google.com/dl/cloudsdk/channels/rapid/google-cloud-sdk.zip --output /Users/distiller/google-cloud-sdk.zip
-            unzip /Users/distiller/google-cloud-sdk.zip
-            bash google-cloud-sdk/install.sh --rc-path=/Users/distiller/.bashrc --usage-reporting=false --path-update=true --bash-completion=true --install-python=true --quiet
-            source ~/.bashrc
-            # Save gcloud credentials service account and authenticate
-            echo $GOOGLE_SERVICE_ACCOUNT_KEY_BASE64 | base64 --decode > gcloud_service_account.json
-            export GOOGLE_APPLICATION_CREDENTIALS=gcloud_service_account.json
-            gcloud auth activate-service-account --key-file=$GOOGLE_APPLICATION_CREDENTIALS
-            ### temp-fix - REVERT ONCE POSSIBLE ###
-            # manually fetch updated IdenTrustCommercialRootCA (temp fix)
-            # see https://www.identrust.com/support/downloads
-            #IdenTrust Commercial Root CA 1
-            curl -L https://www.identrust.com/node/1330 -o IdenTrustCommercialRootCA.p7b
-            #convert to pem
-            openssl pkcs7 -in IdenTrustCommercialRootCA.p7b -inform DER -print_certs -out cert.pem            
-            ###
+      # - run:
+      #     name: Install gcloud sdk
+      #     command: |
+      #       # install gcloud sdk
+      #       curl -fsSL https://dl.google.com/dl/cloudsdk/channels/rapid/google-cloud-sdk.zip --output /Users/distiller/google-cloud-sdk.zip
+      #       unzip /Users/distiller/google-cloud-sdk.zip
+      #       bash google-cloud-sdk/install.sh --rc-path=/Users/distiller/.bashrc --usage-reporting=false --path-update=true --command-completion=true --install-python=true --quiet
+      #       source ~/.bashrc
+      #       # Save gcloud credentials service account and authenticate
+      #       echo $GOOGLE_SERVICE_ACCOUNT_KEY_BASE64 | base64 --decode > gcloud_service_account.json
+      #       export GOOGLE_APPLICATION_CREDENTIALS=gcloud_service_account.json
+      #       gcloud auth activate-service-account --key-file=$GOOGLE_APPLICATION_CREDENTIALS
+
+      - run:
+          name: Install Other shit
+          command: |
             # download custom jsign to sign PE
-            curl --cacert cert.pem -fsSL https://get.rookout.com/jsign-rookout.jar --output jsign.jar
+            curl -fsSL https://get.rookout.com/jsign-rookout.jar --output jsign.jar
             # install electron main window dependencies
             yarn
             # build typescript code
@@ -49,7 +50,10 @@ jobs:
             # save windows certificate locally (WIN_CERT) is base64 of our certificate
             echo $WIN_EV_CERT_BASE64_22 | base64 --decode > rookout.crt
             export WINDOWS_EV_CERTIFICATE_PATH=rookout.crt
-
+
+      - run:
+          name: APPLE_CERT
+          command: |
             # Make sure mac signing and certs are defined and trusted
             mkdir certificates
             echo $NEW_CSC_LINK | base64 --decode > certificates/mac_cert.p12
@@ -58,9 +62,29 @@ jobs:
             security import certificates/mac_cert.p12 -P $NEW_CSC_KEY_PASSWORD
             export CSC_LINK=certificates/mac_cert.p12
             export CSC_KEY_PASSWORD=$NEW_CSC_KEY_PASSWORD
-
+            echo ===========
+            security find-identity -p codesigning
+            echo ===========
+            security find-identity
+      - run:
+          name: Build
+          command: |            
             # package code for every distribution (mac, win, linux) and publish as github release
+            export CSC_FOR_PULL_REQUEST=true 
             yarn run build-packages-all-distributions
+
+
+  publish:
+    macos:
+      xcode: "15.0.0"
+    resource_class: macos.x86.medium.gen2
+    steps:
+      - checkout
+      - restore_cache:
+          key: homebrew-cache-{{ arch }}-{{ .Environment.CACHE_VERSION }}-{{ checksum ".circleci/config.yml" }}
+      - run:
+          name: Publish
+          command: |
             # publish in google storage bucket (additionally to electronbuild-publisher)
             bash upload_release_to_gs.sh
       - save_cache:
@@ -70,6 +94,7 @@ jobs:
   version_validation:
     macos:
       xcode: "15.0.0"
+    resource_class: macos.x86.medium.gen2
     steps:
       - checkout
       - run:
@@ -88,6 +113,7 @@ workflows:
   version: 2
   publish-pipeline:
     jobs:
+      - build
       - version_validation:
           requires:
           <<: *filter_master