fix: detach keysale page from operator release

Add on PR workflow

Author: CryptITAustria

.github/workflows/deploy-web-connect.yml

@@ -0,0 +1,44 @@
+name: Deploy Web Connect
+
+on:
+  workflow_dispatch:
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+
+      - name: Setup Node.js
+        uses: actions/setup-node@v4
+        with:
+          node-version: 20
+
+      - name: Install pnpm
+        run: npm install -g pnpm
+
+      - name: Install dependencies
+        run: pnpm install
+
+      - name: Build monorepo
+        run: npx nx run @sentry/web-connect:build
+        env:
+          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+
+        # Popular action to deploy to GitHub Pages:
+        # Docs: https://github.com/peaceiris/actions-gh-pages#%EF%B8%8F-docusaurus
+      - name: Deploy to GitHub Pages
+        uses: peaceiris/actions-gh-pages@v4
+        with:
+          github_token: ${{ secrets.GITHUB_TOKEN }}
+          # Build output to publish to the `gh-pages` branch:
+          publish_dir: ./apps/web-connect/dist
+          # The following lines assign commit authorship to the official
+          # GH-Actions bot for deploys to `gh-pages` branch:
+          # https://github.com/actions/checkout/issues/13#issuecomment-724415212
+          # The GH actions bot is used by default if you didn't specify the two fields.
+          # You can swap them out with your own user credentials.
+          user_name: github-actions[bot]
+          user_email: 41898282+github-actions[bot]@users.noreply.github.com

.github/workflows/release.yml

@@ -14,31 +14,14 @@ jobs:
       - name: Checkout code
         uses: actions/checkout@v4
 
-      - uses: pnpm/action-setup@v4
-        name: Install pnpm
-        with:
-          version: 9
-          run_install: false
-
-      - name: Set up Node.js
-        uses: actions/setup-node@v4
-        with:
-          node-version: 20
-          cache: 'pnpm'
-
-      - name: Install dependencies
-        run: pnpm install
-
-      # Inline install of semantic-release packages
-      - name: Install semantic-release and plugins
-        run: |
-          pnpm add -D -w semantic-release @semantic-release/commit-analyzer @semantic-release/release-notes-generator @semantic-release/git @semantic-release/github @semantic-release/changelog 
-
       - name: Semantic Release
         uses: cycjimmy/semantic-release-action@v4
         id: get_version
         with:
           dry_run: true
+          extra_plugins: |
+            @semantic-release/[email protected]
+            @semantic-release/git
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
 
@@ -101,52 +84,66 @@ jobs:
           name: release-cli-${{ matrix.os }}
           path: apps/cli/release
 
-  checksum-and-release:
-    needs: release
-    runs-on: macos-latest
+  sign:
+    needs: build
+    runs-on: ubuntu-latest
 
     steps:
-      - name: Checkout code
-        uses: actions/checkout@v4
-
-      - uses: pnpm/action-setup@v4
-        name: Install pnpm
+      - name: Download artifacts
+        uses: actions/download-artifact@v4
         with:
-          version: 9
-          run_install: false
+          name: release-desktop-windows-latest
+          path: release-desktop-windows-latest
 
-      - name: Set up Node.js
-        uses: actions/setup-node@v4
+      - name: Create directory for signed builds
+        shell: bash
+        run: mkdir release-desktop-windows-latest/signed-builds
+
+      - name: Sign build Windows exe
+        uses: sslcom/actions-codesigner@develop
         with:
-          node-version: 20
-          cache: 'pnpm'
+          command: sign
+          username: ${{ secrets.SSL_USERNAME }}
+          password: ${{ secrets.SSL_PASSWORD }}
+          totp_secret: ${{ secrets.SSL_TOTP_SECRET }}
+          file_path: release-desktop-windows-latest/sentry-client-windows.exe
+          output_path: release-desktop-windows-latest/signed-builds
+      
+      - name: Upload signed artifacts
+        uses: actions/upload-artifact@v4
+        with:
+          name: release-signed-desktop-windows-latest
+          path: release-desktop-windows-latest
 
-      - name: Install dependencies
-        run: pnpm install
+  checksum-and-release:
+    needs: release
+    runs-on: macos-latest
 
-      # Inline install of semantic-release packages
-      - name: Install semantic-release and plugins
-        run: |
-          pnpm add -D -w semantic-release @semantic-release/commit-analyzer @semantic-release/release-notes-generator @semantic-release/git @semantic-release/github @semantic-release/changelog
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
 
       - name: Download artifacts
         uses: actions/download-artifact@v4
 
       - name: Generate checksum
         run: |
-          CHECKSUM=$(shasum -a 512 release-desktop-windows-latest/sentry-client-windows.exe | cut -f1 -d\ | xxd -r -p | base64)
+          CHECKSUM=$(shasum -a 512 release-signed-desktop-windows-latest/signed-builds/sentry-client-windows.exe | cut -f1 -d\ | xxd -r -p | base64)
           CHECKSUM=$(echo "$CHECKSUM" | tr -d '\r\n')
           echo "SHA512 Checksum: $CHECKSUM"
-          cat release-desktop-windows-latest/latest.yml
-          sed -i '' -e "s#^sha512:.*#sha512: $CHECKSUM#" "release-desktop-windows-latest/latest.yml"
-          sed -i '' -e "s#^    sha512:.*#    sha512: $CHECKSUM#" "release-desktop-windows-latest/latest.yml"
+          cat release-signed-desktop-windows-latest/latest.yml
+          sed -i '' -e "s#^sha512:.*#sha512: $CHECKSUM#" "release-signed-desktop-windows-latest/latest.yml"
+          sed -i '' -e "s#^    sha512:.*#    sha512: $CHECKSUM#" "release-signed-desktop-windows-latest/latest.yml"
 
       # Run semantic-release after the build is completed to publish the release
       - name: Semantic Release
         uses: cycjimmy/semantic-release-action@v4
         id: semantic
         with:
           dry_run: false
+          extra_plugins: |
+            @semantic-release/[email protected]
+            @semantic-release/git
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
 
@@ -156,4 +153,4 @@ jobs:
           echo "New release version: ${{ steps.semantic.outputs.new_release_version }}"
           echo "Major: ${{ steps.semantic.outputs.new_release_major_version }}"
           echo "Minor: ${{ steps.semantic.outputs.new_release_minor_version }}"
-          echo "Patch: ${{ steps.semantic.outputs.new_release_patch_version }}"
+          echo "Patch: ${{ steps.semantic.outputs.new_release_patch_version }}"

.github/workflows/test-release.yml

@@ -0,0 +1,138 @@
+name: Pull Request
+
+on:
+  pull_request:
+    branches:
+      - '**'
+
+jobs:
+  # Run semantic-release dry run before the matrix
+  dryrun:
+    runs-on: ubuntu-latest
+    outputs:
+      version: ${{ steps.get_version.outputs.new_release_version }} # Pass version to the next jobs
+
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+
+      - name: Semantic Release
+        uses: cycjimmy/semantic-release-action@v4
+        id: get_version
+        with:
+          dry_run: true
+          extra_plugins: |
+            @semantic-release/[email protected]
+            @semantic-release/git
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+
+  # Matrix build jobs that depend on the dryrun job
+  release:
+    needs: dryrun
+    strategy:
+      matrix:
+        os: [ubuntu-latest, macos-latest, windows-latest]
+    runs-on: ${{ matrix.os }}
+    env: # Pass the version as an environment variable to each matrix job
+      VERSION: ${{ needs.dryrun.outputs.version }}
+
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+
+      - uses: pnpm/action-setup@v4
+        name: Install pnpm
+        with:
+          version: 9
+          run_install: false
+
+      - name: Set up Node.js
+        uses: actions/setup-node@v4
+        with:
+          node-version: 20
+          cache: 'pnpm'
+
+      - name: Install dependencies
+        run: pnpm install
+
+      # Use the version generated from dry-run in the build process
+      - name: Set desktop app package version
+        run: pnpm pkg set version=${{ env.VERSION }} --prefix apps/sentry-client-desktop
+
+      - name: Set CLI version
+        run: sed -i'' -e 's/VERSION_NUMBER/${{ env.VERSION }}/g' packages/core/src/utils/version.ts
+
+      - name: Build monorepo
+        run: npx nx run-many --target=build --all
+
+      - name: Upload sentry-client-desktop artifacts
+        uses: actions/upload-artifact@v4
+        with:
+          name: release-desktop-${{ matrix.os }}
+          path: apps/sentry-client-desktop/release
+
+      - name: Zip CLI artifacts
+        run: |
+          cd apps/cli/release
+          zip sentry-node-cli-macos.zip sentry-node-cli-macos
+          zip sentry-node-cli-linux.zip sentry-node-cli-linux
+          zip sentry-node-cli-windows.zip sentry-node-cli-win.exe
+        if: matrix.os == 'ubuntu-latest'
+
+      - name: Upload CLI artifacts
+        uses: actions/upload-artifact@v4
+        with:
+          name: release-cli-${{ matrix.os }}
+          path: apps/cli/release
+
+  sign:
+    needs: build
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Download artifacts
+        uses: actions/download-artifact@v4
+        with:
+          name: release-desktop-windows-latest
+          path: release-desktop-windows-latest
+
+      - name: Create directory for signed builds
+        shell: bash
+        run: mkdir release-desktop-windows-latest/signed-builds
+
+      - name: Sign build Windows exe
+        uses: sslcom/actions-codesigner@develop
+        with:
+          command: sign
+          username: ${{ secrets.SSL_USERNAME }}
+          password: ${{ secrets.SSL_PASSWORD }}
+          totp_secret: ${{ secrets.SSL_TOTP_SECRET }}
+          file_path: release-desktop-windows-latest/sentry-client-windows.exe
+          output_path: release-desktop-windows-latest/signed-builds
+      
+      - name: Upload signed artifacts
+        uses: actions/upload-artifact@v4
+        with:
+          name: release-signed-desktop-windows-latest
+          path: release-desktop-windows-latest
+
+  checksum-and-release:
+    needs: release
+    runs-on: macos-latest
+
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+
+      - name: Download artifacts
+        uses: actions/download-artifact@v4
+
+      - name: Generate checksum
+        run: |
+          CHECKSUM=$(shasum -a 512 release-signed-desktop-windows-latest/signed-builds/sentry-client-windows.exe | cut -f1 -d\ | xxd -r -p | base64)
+          CHECKSUM=$(echo "$CHECKSUM" | tr -d '\r\n')
+          echo "SHA512 Checksum: $CHECKSUM"
+          cat release-signed-desktop-windows-latest/latest.yml
+          sed -i '' -e "s#^sha512:.*#sha512: $CHECKSUM#" "release-signed-desktop-windows-latest/latest.yml"
+          sed -i '' -e "s#^    sha512:.*#    sha512: $CHECKSUM#" "release-signed-desktop-windows-latest/latest.yml"

release.config.js

@@ -0,0 +1,61 @@
+module.exports = {
+    branches: [
+        "master",
+        { name: "develop", prerelease: true }
+    ],
+    tagFormat: "${version}",
+    plugins: [
+        [
+            '@semantic-release/commit-analyzer',
+            {
+                preset: 'angular',
+            },
+        ],
+        [
+            "@semantic-release/release-notes-generator",
+            {
+                preset: 'angular',
+                writerOpts: {
+                    finalizeContext (context) {
+                        const scopesToInclude = ['cli', 'desktop', 'operator'];
+
+                        for (const commitGroup of context.commitGroups) {
+                            const filteredCommits = []
+
+                            for (const commit of commitGroup.commits) {
+                                if (commit.scope && commit.scope.split(',').some(scope => scopesToInclude.includes(scope))) {
+                                    filteredCommits.push(commit)
+                                }
+                            }
+
+                            commitGroup.commits = filteredCommits
+                        }
+
+                        return context
+                    },
+                },
+            },
+        ],
+        "@semantic-release/changelog",
+        [
+            '@semantic-release/github',
+            {
+                assets: [
+                    { path: "CHANGELOG.md", label: "Changelog" },
+                    { path: "release-desktop-macos-latest/latest-mac.yml", label: "macOS Latest YML" },
+                    { path: "release-desktop-macos-latest/sentry-client-macos.dmg.blockmap", label: "macOS Blockmap" },
+                    { path: "release-desktop-macos-latest/sentry-client-macos.dmg", label: "macOS DMG" },
+                    { path: "release-desktop-ubuntu-latest/latest-linux.yml", label: "Linux Latest YML" },
+                    { path: "release-desktop-ubuntu-latest/sentry-client-linux.AppImage", label: "Linux AppImage" },
+                    { path: "release-signed-desktop-windows-latest/latest.yml", label: "Windows Latest YML" },
+                    { path: "release-signed-desktop-windows-latest/sentry-client-windows.exe.blockmap", label: "Windows Blockmap" },
+                    { path: "release-signed-desktop-windows-latest/signed-builds/sentry-client-windows.exe", label: "Windows EXE" },
+                    { path: "release-cli-ubuntu-latest/sentry-node-cli-macos.zip", label: "CLI macOS ZIP" },
+                    { path: "release-cli-ubuntu-latest/sentry-node-cli-linux.zip", label: "CLI Linux ZIP" },
+                    { path: "release-cli-ubuntu-latest/sentry-node-cli-windows.zip", label: "CLI Windows ZIP" },
+                ],
+            },
+        ],
+        "@semantic-release/git",
+    ],
+};