EQMS-1548: TraceX desktop app #9666
Merged
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Signed-off-by: Alexey Zinoviev <alexey.zinoviev@xored.com>
Comment on lines
+814
to
+915
| if: ${{ startsWith(github.ref, 'refs/tags/v') || startsWith(github.ref, 'refs/tags/s') }} | ||
| needs: build | ||
| runs-on: macos-latest | ||
| timeout-minutes: 60 | ||
| steps: | ||
| - uses: actions/checkout@v4 | ||
| with: | ||
| fetch-depth: 0 | ||
| filter: tree:0 | ||
| submodules: recursive | ||
|
|
||
| - uses: actions/setup-node@v4 | ||
| with: | ||
| node-version-file: '.nvmrc' | ||
|
|
||
| - name: Cache node modules | ||
| uses: actions/cache@v4 | ||
| env: | ||
| cache-name: node | ||
| with: | ||
| path: | | ||
| common/temp | ||
| key: ${{ runner.os }}-${{ env.cache-name }}-${{ hashFiles('**/pnpm-lock.yaml') }} | ||
| restore-keys: | | ||
| ${{ runner.os }}-${{ env.cache-name }}-${{ hashFiles('**/pnpm-lock.yaml') }} | ||
| - name: Prepare .npmrc for GitHub Packages | ||
| run: | | ||
| echo "//npm.pkg.github.com/:_authToken=${{secrets.GITHUB_TOKEN}}" > ~/.npmrc | ||
| - name: Installing... | ||
| run: node common/scripts/install-run-rush.js install --purge | ||
| - name: Model version from git tags | ||
| run: node common/scripts/install-run-rush.js model-version | ||
| - name: Package | ||
| run: node common/scripts/install-run-rush.js package --to qms-desktop -v | ||
| - name: Package JSON | ||
| run: | | ||
| cd qms-desktop-package | ||
| cat ./package.json | ||
| - name: Install the Apple certificate and provisioning profile | ||
| env: | ||
| DEV_ID_P12_BASE64: ${{ secrets.DEV_ID_P12_BASE64 }} | ||
| DEV_ID_P12_PASSWORD: ${{ secrets.DEV_ID_P12_PASSWORD }} | ||
| KEYCHAIN_PASSWORD: ${{ secrets.KEYCHAIN_PASSWORD }} | ||
| run: | | ||
| # create variables | ||
| CERTIFICATE_PATH=$RUNNER_TEMP/build_certificate.p12 | ||
| KEYCHAIN_PATH=$RUNNER_TEMP/app-signing.keychain-db | ||
| # import certificate from secret | ||
| echo -n "$DEV_ID_P12_BASE64" | base64 --decode -o $CERTIFICATE_PATH | ||
| # create temporary keychain | ||
| security create-keychain -p "$KEYCHAIN_PASSWORD" $KEYCHAIN_PATH | ||
| security set-keychain-settings -lut 21600 $KEYCHAIN_PATH | ||
| security unlock-keychain -p "$KEYCHAIN_PASSWORD" $KEYCHAIN_PATH | ||
| # import certificate to keychain | ||
| security import $CERTIFICATE_PATH -P "$DEV_ID_P12_PASSWORD" -A -t cert -f pkcs12 -k $KEYCHAIN_PATH | ||
| security set-key-partition-list -S apple-tool:,apple: -k "$KEYCHAIN_PASSWORD" $KEYCHAIN_PATH | ||
| security list-keychain -d user -s $KEYCHAIN_PATH | ||
| - name: Build distribution's | ||
| env: | ||
| APPLE_ID: ${{ secrets.APPLE_ID }} | ||
| APPLE_ID_APP_PASS: ${{ secrets.APPLE_ID_APP_PASS }} | ||
| TEAM_ID: ${{ secrets.TEAM_ID }} | ||
| run: | | ||
| cd qms-desktop-package | ||
| node ../common/scripts/install-run-rushx.js dist --linux --x64 | ||
| node ../common/scripts/install-run-rushx.js dist --windows --x64 --arm64 | ||
| node ../common/scripts/install-run-rushx.js dist-signed --macos --x64 --arm64 | ||
| ./scripts/copy-publish-artifacts.sh ${{ env.PublishTempFolder}} | ||
| - name: Publish distribution assets and version | ||
| uses: ryand56/r2-upload-action@latest | ||
| with: | ||
| r2-account-id: ${{ secrets.R2_ACCOUNT_ID }} | ||
| r2-access-key-id: ${{ secrets.R2_ACCESS_KEY_ID }} | ||
| r2-secret-access-key: ${{ secrets.R2_SECRET_ACCESS_KEY }} | ||
| r2-bucket: desktop-distro | ||
| source-dir: qms-desktop-package/${{ env.PublishTempFolder}} | ||
| destination-dir: ./ | ||
| - name: Upload MacOS | ||
| uses: actions/upload-artifact@v4 | ||
| with: | ||
| name: TraceX-MacOS-x64 | ||
| path: ./qms-desktop-package/deploy/TraceX-macos-*-x64.dmg | ||
| - name: Upload MacOS arm64 | ||
| uses: actions/upload-artifact@v4 | ||
| with: | ||
| name: TraceX-MacOS-arm64 | ||
| path: ./qms-desktop-package/deploy/TraceX-macos-*-arm64.dmg | ||
| - name: Upload Windows | ||
| uses: actions/upload-artifact@v4 | ||
| with: | ||
| name: TraceX-Windows | ||
| path: ./qms-desktop-package/deploy/TraceX-windows-*.zip | ||
| - name: Upload Linux | ||
| uses: actions/upload-artifact@v4 | ||
| with: | ||
| name: TraceX-Linux | ||
| path: ./qms-desktop-package/deploy/TraceX-linux-*.zip |
Check warning
Code scanning / CodeQL
Workflow does not contain permissions Medium
Show autofix suggestion
Hide autofix suggestion
Copilot Autofix
AI 5 months ago
To fix the problem, add a permissions block to the workflow file, either at the root level (to apply to all jobs) or to individual jobs if different jobs require different permissions. The minimal starting point is contents: read, which allows jobs to read repository contents but not write to them. This is sufficient for most jobs that only need to check out code or read files. If any job requires additional permissions (e.g., to create issues or pull requests), those can be added as needed. In this case, since the jobs shown do not appear to require write access to repository contents, adding permissions: contents: read at the root level (after the name: and before concurrency:) is the best fix.
Suggested changeset
1
.github/workflows/main.yml
| @@ -1,6 +1,8 @@ | ||
| # This is a basic workflow to help you get started with Actions | ||
|
|
||
| name: CI | ||
| permissions: | ||
| contents: read | ||
|
|
||
| concurrency: | ||
| group: ${{ github.workflow }}-${{ github.ref }} |
Copilot is powered by AI and may make mistakes. Always verify output.
Contributor
There was a problem hiding this comment.
Pull Request Overview
This PR adds a new TraceX desktop application package to the monorepo, creating a branded variant of the existing Huly desktop application. The implementation follows the same structure as the original desktop package but with TraceX-specific configuration and branding.
- Adds a new
qms-desktop-packagewith TraceX branding and configuration - Implements desktop update channel routing to support multiple desktop variants
- Integrates the new package into the build system and CI pipeline
Reviewed Changes
Copilot reviewed 16 out of 20 changed files in this pull request and generated 3 comments.
Show a summary per file
| File | Description |
|---|---|
| rush.json | Registers the new qms-desktop package in the monorepo |
| qms-desktop-package/* | Complete desktop package setup with TraceX branding, build scripts, and configuration |
| desktop/src/main/start.ts | Adds update channel routing logic to support multiple desktop variants |
| desktop/src/main/config.ts | New configuration reader for packed config files |
| desktop/src/ui/index.ts | Code style improvements and import organization |
| dev/docker-compose*.yaml | Updates development environment to support TraceX update channel |
| .github/workflows/main.yml | Adds CI pipeline for building and distributing TraceX desktop app |
Files not reviewed (1)
- common/config/rush/pnpm-lock.yaml: Language not supported
Signed-off-by: Alexey Zinoviev <alexey.zinoviev@xored.com>
aonnikov
previously approved these changes
Aug 12, 2025
Signed-off-by: Alexey Zinoviev <alexey.zinoviev@xored.com>
aonnikov
approved these changes
Aug 12, 2025
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Related to: https://front.hc.engineering/workbench/platform/tracker/EQMS-1548