From 8ef00ca8606bdb1a965d557a183b633f0d9b883a Mon Sep 17 00:00:00 2001
From: Adam Setch <adam.setch@outlook.com>
Date: Tue, 14 Jan 2025 10:52:31 -0500
Subject: [PATCH] build: prepare `v5.18.0` release (#1705)

* 5.18.0

* build: fix signing

Signed-off-by: Adam Setch <adam.setch@outlook.com>

* build: fix signing

Signed-off-by: Adam Setch <adam.setch@outlook.com>

* build: fix signing

Signed-off-by: Adam Setch <adam.setch@outlook.com>

* build: fix signing

Signed-off-by: Adam Setch <adam.setch@outlook.com>

* fix: macos code signing

Signed-off-by: Adam Setch <adam.setch@outlook.com>

* fix: macos code signing

Signed-off-by: Adam Setch <adam.setch@outlook.com>

* fix: macos code signing

Signed-off-by: Adam Setch <adam.setch@outlook.com>

* fix: macos code signing

Signed-off-by: Adam Setch <adam.setch@outlook.com>

* fix: macos code signing

Signed-off-by: Adam Setch <adam.setch@outlook.com>

* fix: macos code signing

Signed-off-by: Adam Setch <adam.setch@outlook.com>

---------

Signed-off-by: Adam Setch <adam.setch@outlook.com>
---
 .github/workflows/ci.yml      |  24 ++++----
 .github/workflows/publish.yml |  93 +++++++++++++++++++++++++++++
 .github/workflows/release.yml | 109 +++++++---------------------------
 package.json                  |   2 +-
 4 files changed, 125 insertions(+), 103 deletions(-)
 create mode 100644 .github/workflows/publish.yml

diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index e15fc460d..b62660f7b 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -5,13 +5,21 @@ on:
     branches:
       - main
   pull_request:
-    branches-ignore:
-      - release/v*.*.* # macOS code-signing only works on `push` events, not `pull_request` events
+    branches:
+      - main
 
 jobs:
+  prepare: # macOS code-signing only works on `push` events and not `pull_request` events
+    if: ${{ !startsWith(github.head_ref, 'release/v') }} 
+    name: Prepare CI
+    runs-on: ubuntu-latest
+    steps:
+      - run: echo Running CI for branch ${{ github.head_ref }}
+
   lint:
     name: Lint App
     uses: ./.github/workflows/lint.yml
+    needs: prepare
 
   tests:
     name: Tests
@@ -22,14 +30,4 @@ jobs:
     name: Build
     uses: ./.github/workflows/build.yml
     needs: tests
-    if: ${{ !startsWith(github.head_ref, 'release/v') }}
-
-  release:
-    name: Release
-    uses: ./.github/workflows/release.yml
-    needs: tests
-    if: ${{ startsWith(github.head_ref, 'release/v') }}
-    permissions: 
-      contents: write
-
-    
+    secrets: inherit
diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml
new file mode 100644
index 000000000..05888b273
--- /dev/null
+++ b/.github/workflows/publish.yml
@@ -0,0 +1,93 @@
+name: Publish
+
+on: 
+  workflow_call:
+  workflow_dispatch: # For manually running release process to verify code-signing of artifacts
+
+permissions:
+  contents: write
+
+jobs:
+  release-macos:
+    name: Publish macOS (electron-builder)
+    runs-on: macos-latest
+
+    steps:
+      - uses: actions/checkout@v4
+      - uses: pnpm/action-setup@v3
+      - uses: actions/setup-node@v4
+        with:
+          node-version-file: '.nvmrc'
+          cache: 'pnpm'
+      - run: pnpm install
+      - run: pnpm build
+        env:
+          OAUTH_CLIENT_ID: ${{ secrets.oauth_client_id }}
+          OAUTH_CLIENT_SECRET: ${{ secrets.oauth_client_secret }}
+      - run: pnpm prepare:remove-source-maps
+      - run: pnpm package:macos --publish onTagOrDraft
+        env:
+          APPLEID_USERNAME: ${{ secrets.appleid_username }}
+          APPLEID_PASSWORD: ${{ secrets.appleid_password }}
+          APPLEID_TEAM_ID: ${{ secrets.appleid_teamid }}
+          CSC_LINK: ${{ secrets.mac_certs }}
+          CSC_KEY_PASSWORD: ${{ secrets.mac_certs_password }}
+          GH_TOKEN: ${{ secrets.github_token }}
+          NOTARIZE: true
+      - uses: actions/upload-artifact@v4
+        with:
+          name: Gitify-release-mac
+          path: dist/
+          overwrite: true
+
+  release-windows:
+    name: Publish Windows (electron-builder)
+    runs-on: windows-latest
+
+    steps:
+      - uses: actions/checkout@v4
+      - uses: pnpm/action-setup@v3
+      - uses: actions/setup-node@v4
+        with:
+          node-version-file: '.nvmrc'
+          cache: 'pnpm'
+      - run: pnpm install
+      - run: pnpm build
+        env:
+          OAUTH_CLIENT_ID: ${{ secrets.oauth_client_id }}
+          OAUTH_CLIENT_SECRET: ${{ secrets.oauth_client_secret }}
+      - run: pnpm prepare:remove-source-maps
+      - run: pnpm package:win --publish onTagOrDraft
+        env:
+          GH_TOKEN: ${{ secrets.github_token }}
+      - uses: actions/upload-artifact@v4
+        with:
+          name: Gitify-release-win
+          path: dist/
+          overwrite: true
+
+  release-linux:
+    name: Publish Linux (electron-builder)
+    runs-on: ubuntu-latest
+
+    steps:
+      - uses: actions/checkout@v4
+      - uses: pnpm/action-setup@v3
+      - uses: actions/setup-node@v4
+        with:
+          node-version-file: '.nvmrc'
+          cache: 'pnpm'
+      - run: pnpm install
+      - run: pnpm build
+        env:
+          OAUTH_CLIENT_ID: ${{ secrets.oauth_client_id }}
+          OAUTH_CLIENT_SECRET: ${{ secrets.oauth_client_secret }}
+      - run: pnpm prepare:remove-source-maps
+      - run: pnpm package:linux --publish onTagOrDraft
+        env:
+          GH_TOKEN: ${{ secrets.github_token }}
+      - uses: actions/upload-artifact@v4
+        with:
+          name: Gitify-release-linux
+          path: dist/
+          overwrite: true
\ No newline at end of file
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index af8949499..95db3cb43 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -1,93 +1,24 @@
 name: Release
 
-on: 
-  workflow_call:
-  workflow_dispatch: # For manually running release process to verify code-signing of artifacts
-
-permissions:
-  contents: write
+on:
+  push:
+    branches:
+      - release/v*.*.* # macOS code-signing only works on `push` events and not `pull_request` events
 
 jobs:
-  release-macos:
-    name: Publish macOS (electron-builder)
-    runs-on: macos-latest
-
-    steps:
-      - uses: actions/checkout@v4
-      - uses: pnpm/action-setup@v3
-      - uses: actions/setup-node@v4
-        with:
-          node-version-file: '.nvmrc'
-          cache: 'pnpm'
-      - run: pnpm install
-      - run: pnpm build
-        env:
-          OAUTH_CLIENT_ID: ${{ secrets.oauth_client_id }}
-          OAUTH_CLIENT_SECRET: ${{ secrets.oauth_client_secret }}
-      - run: pnpm prepare:remove-source-maps
-      - run: pnpm package:macos --publish onTagOrDraft
-        env:
-          APPLEID_USERNAME: ${{ secrets.appleid_username }}
-          APPLEID_PASSWORD: ${{ secrets.appleid_password }}
-          APPLEID_TEAM_ID: ${{ secrets.appleid_teamid }}
-          CSC_LINK: ${{ secrets.mac_certs }}
-          CSC_KEY_PASSWORD: ${{ secrets.mac_certs_password }}
-          GH_TOKEN: ${{ secrets.github_token }}
-          NOTARIZE: true
-      - uses: actions/upload-artifact@v4
-        with:
-          name: Gitify-release-mac
-          path: dist/
-          overwrite: true
-
-  release-windows:
-    name: Publish Windows (electron-builder)
-    runs-on: windows-latest
-
-    steps:
-      - uses: actions/checkout@v4
-      - uses: pnpm/action-setup@v3
-      - uses: actions/setup-node@v4
-        with:
-          node-version-file: '.nvmrc'
-          cache: 'pnpm'
-      - run: pnpm install
-      - run: pnpm build
-        env:
-          OAUTH_CLIENT_ID: ${{ secrets.oauth_client_id }}
-          OAUTH_CLIENT_SECRET: ${{ secrets.oauth_client_secret }}
-      - run: pnpm prepare:remove-source-maps
-      - run: pnpm package:win --publish onTagOrDraft
-        env:
-          GH_TOKEN: ${{ secrets.github_token }}
-      - uses: actions/upload-artifact@v4
-        with:
-          name: Gitify-release-win
-          path: dist/
-          overwrite: true
-
-  release-linux:
-    name: Publish Linux (electron-builder)
-    runs-on: ubuntu-latest
-
-    steps:
-      - uses: actions/checkout@v4
-      - uses: pnpm/action-setup@v3
-      - uses: actions/setup-node@v4
-        with:
-          node-version-file: '.nvmrc'
-          cache: 'pnpm'
-      - run: pnpm install
-      - run: pnpm build
-        env:
-          OAUTH_CLIENT_ID: ${{ secrets.oauth_client_id }}
-          OAUTH_CLIENT_SECRET: ${{ secrets.oauth_client_secret }}
-      - run: pnpm prepare:remove-source-maps
-      - run: pnpm package:linux --publish onTagOrDraft
-        env:
-          GH_TOKEN: ${{ secrets.github_token }}
-      - uses: actions/upload-artifact@v4
-        with:
-          name: Gitify-release-linux
-          path: dist/
-          overwrite: true
\ No newline at end of file
+  lint:
+    name: Lint App
+    uses: ./.github/workflows/lint.yml
+
+  tests:
+    name: Tests
+    uses: ./.github/workflows/test.yml
+    needs: lint
+
+  release:
+    name: Publish
+    uses: ./.github/workflows/publish.yml
+    needs: tests
+    secrets: inherit
+    permissions: 
+      contents: write 
diff --git a/package.json b/package.json
index 7d16ab55c..49fd027ca 100644
--- a/package.json
+++ b/package.json
@@ -1,6 +1,6 @@
 {
   "name": "gitify",
-  "version": "5.17.0",
+  "version": "5.18.0",
   "description": "GitHub notifications on your menu bar.",
   "main": "build/main.js",
   "scripts": {