.github/workflows/build.yml

name: Arduino IDE

on:
  push:
    branches:
      - master
    tags:
      - '[0-9]+.[0-9]+.[0-9]+*'
  workflow_dispatch:
  pull_request:
    branches:
      - master
  schedule:
    - cron: '0 3 * * *' # run every day at 3AM (https://docs.github.com/en/actions/reference/events-that-trigger-workflows#scheduled-events-schedule)

jobs:

  build:
    strategy:
      matrix:
        config:
          - os: windows-latest
          - os: ubuntu-latest
          - os: macos-latest
    runs-on: ${{ matrix.config.os }}
    timeout-minutes: 90

    steps:
      - name: Checkout
        uses: actions/checkout@v2

      - name: Install Node.js 12.x
        uses: actions/setup-node@v1
        with:
          node-version: '12.14.1'
          registry-url: 'https://registry.npmjs.org'

      - name: Install Python 2.7
        uses: actions/setup-python@v2
        with:
          python-version: '2.7'

      - name: Package
        shell: bash
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
          AC_USERNAME: ${{ secrets.AC_USERNAME }}
          AC_PASSWORD: ${{ secrets.AC_PASSWORD }}
          AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
          AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
          IS_NIGHTLY: ${{ github.event_name == 'schedule' || (github.event_name == 'workflow_dispatch' && github.ref == 'refs/heads/master') }}
          IS_RELEASE: ${{ startsWith(github.ref, 'refs/tags/') }}
        run: |
            # See: https://www.electron.build/code-signing
            if [ "${{ runner.OS }}" = "macOS" ]; then
              export CSC_LINK="${{ runner.temp }}/signing_certificate.p12"
              # APPLE_SIGNING_CERTIFICATE_P12 secret was produced by following the procedure from:
              # https://www.kencochrane.com/2020/08/01/build-and-sign-golang-binaries-for-macos-with-github-actions/#exporting-the-developer-certificate
              echo "${{ secrets.APPLE_SIGNING_CERTIFICATE_P12 }}" | base64 --decode > "$CSC_LINK"

              export CSC_KEY_PASSWORD="${{ secrets.KEYCHAIN_PASSWORD }}"

            elif [ "${{ runner.OS }}" = "Windows" ]; then
              export CSC_LINK="${{ runner.temp }}/signing_certificate.pfx"
              echo "${{ secrets.WINDOWS_SIGNING_CERTIFICATE_PFX }}" | base64 --decode > "$CSC_LINK"

              export CSC_KEY_PASSWORD="${{ secrets.WINDOWS_SIGNING_CERTIFICATE_PASSWORD }}"
            fi

            yarn --cwd ./electron/packager/
            yarn --cwd ./electron/packager/ package

      - name: Upload [GitHub Actions]
        uses: actions/upload-artifact@v2
        with:
          name: build-artifacts
          path: electron/build/dist/build-artifacts/

  changelog:
    needs: build
    runs-on: ubuntu-latest
    outputs:
      BODY: ${{ steps.changelog.outputs.BODY }}
    steps:
      - name: Checkout
        uses: actions/checkout@v2
        with:
          fetch-depth: 0 # To fetch all history for all branches and tags.

      - name: Generate Changelog
        id: changelog
        env:
          IS_RELEASE: ${{ startsWith(github.ref, 'refs/tags/') }}
        run: |
            export LATEST_TAG=$(git describe --abbrev=0)
            export GIT_LOG=$(git log --pretty=" - %s [%h]" $LATEST_TAG..HEAD | sed 's/ *$//g')
            if [ "$IS_RELEASE" = true ]; then
              export BODY=$(echo -e "$GIT_LOG")
            else 
              export LATEST_TAG_WITH_LINK=$(echo "[$LATEST_TAG](https://github.com/arduino/arduino-ide/releases/tag/$LATEST_TAG)")
              if [ -z "$GIT_LOG" ]; then
                  export BODY="There were no changes since version $LATEST_TAG_WITH_LINK."
              else
                  export BODY=$(echo -e "Changes since version $LATEST_TAG_WITH_LINK:\n$GIT_LOG")
              fi
            fi
            echo -e "$BODY"
            OUTPUT_SAFE_BODY="${BODY//'%'/'%25'}"
            OUTPUT_SAFE_BODY="${OUTPUT_SAFE_BODY//$'\n'/'%0A'}"
            OUTPUT_SAFE_BODY="${OUTPUT_SAFE_BODY//$'\r'/'%0D'}"
            echo "::set-output name=BODY::$OUTPUT_SAFE_BODY"
            echo "$BODY" > CHANGELOG.txt

      - name: Upload Changelog [GitHub Actions]
        if: github.event_name == 'schedule' || (github.event_name == 'workflow_dispatch' && github.ref == 'refs/heads/master')
        uses: actions/upload-artifact@v2
        with:
          name: build-artifacts
          path: CHANGELOG.txt

  publish:
    needs: changelog
    if: github.event_name == 'schedule' || (github.event_name == 'workflow_dispatch' && github.ref == 'refs/heads/master')
    runs-on: ubuntu-latest
    steps:
      - name: Download [GitHub Actions]
        uses: actions/download-artifact@v2
        with:
          name: build-artifacts
          path: build-artifacts

      - name: Publish Nightly [S3]
        uses: docker://plugins/s3
        env:
          PLUGIN_SOURCE: "build-artifacts/*"
          PLUGIN_STRIP_PREFIX: "build-artifacts/"
          PLUGIN_TARGET: "/arduino-ide/nightly"
          PLUGIN_BUCKET: ${{ secrets.DOWNLOADS_BUCKET }}
          AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
          AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}

  release:
    needs: changelog
    if: startsWith(github.ref, 'refs/tags/')
    runs-on: ubuntu-latest
    steps:
      - name: Download [GitHub Actions]
        uses: actions/download-artifact@v2
        with:
          name: build-artifacts
          path: build-artifacts

      - name: Get Tag
        id: tag_name
        run: |
          echo ::set-output name=TAG_NAME::${GITHUB_REF#refs/tags/}

      - name: Publish Release [GitHub]
        uses: svenstaro/upload-release-action@2.2.0
        with:
          repo_token: ${{ secrets.GITHUB_TOKEN }}
          release_name: ${{ steps.tag_name.outputs.TAG_NAME }}
          file: build-artifacts/*
          tag: ${{ github.ref }}
          file_glob: true
          body: ${{ needs.changelog.outputs.BODY }}

      - name: Publish Release [S3]
        uses: docker://plugins/s3
        env:
          PLUGIN_SOURCE: "build-artifacts/*"
          PLUGIN_STRIP_PREFIX: "build-artifacts/"
          PLUGIN_TARGET: "/arduino-ide"
          PLUGIN_BUCKET: ${{ secrets.DOWNLOADS_BUCKET }}
          AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
          AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}