Mailspring/packages/local-private/docs/ContinuousIntegration.md

# Building N1 with Continuous Integration

    script/grunt ci

N1 is designed to be built into a production app for Mac, Windows, and Linux.
Only Nylas core team members currently have access to produce a production
build.

Production builds are code-signed with a Nylas, Inc. certificate and include a
handful of other proprietary assets such as custom fonts and sounds.

We currently use [Travis](https://travis-ci.org/nylas/N1) to build on Mac &
Windows and AppVeyor to build on Windows.

A build can be run from a local machines by Jenkins or manually; however,
several environment variables must be setup.:

**ALL ENVIRONMENT VARIABLES ARE ENCRYPTED**

They exist in an encrypted file that only Travis can read in
`build/resources/certs/set_env.sh`

**IMPORTANT** Do NOT remove the `2>/dev/null 1>/dev/null` in the
`before_install` scripts. If any of commands fail we don't want to leak
sensitive data in the output.

That file must be decrypted and `source`d before the environment variables can
use.

If not building on Travis, the environment variables must be manually decrypted
via gpg and sourced

We use [Travis encryption](https://docs.travis-ci.com/user/encrypting-files/)
and AppVeyor encryption to store the certificates, keys, and passwords

To login to GitHub and clone the Nylas submodule with private assets you need
to clone recursively (or `git submodule init; git submodule update`) with a
valid SSH key or login username and password.

We have a CI GitHub account: https://github.com/nylas-deploy-scripts
The password for that account is stored in the environment variable:
- `GITHUB_CI_ACCOUNT_PASSWORD`

For signing builds on Mac only when the certificates are already in the
Keychain (not Travis):
- `XCODE_KEYCHAIN` - The name of the Mac keychain that contains the
  certificates and private key.
- `XCODE_KEYCHAIN_PASSWORD` - Th password to that keychain.
- `KEYCHAIN_ACCESS` - Alternatively, the `XCODE_KEYCHAIN` and
  `XCODE_KEYCHAIN_PASSWORD` in a single colon-separated string.

Alternatively, on Travis we decrypt the actual certificate files and create a
temporary keychain. To do this we need the password to the private key. That's
stored in:
- `APPLE_CODESIGN_KEY_PASSWORD`

For signing builds on Windows only:
- `CERTIFICATE_FILE` - The Windows certificate
- `CERTIFICATE_PASSWORD` - The password for the private key on the cert

To download Electron:
- `NYLAS_GITHUB_OAUTH_TOKEN` - The OAuth token to use for GitHub API requests. See
  https://github.com/atom/grunt-download-electron

To upload built artifacts to S3:
- `AWS_ACCESS_KEY_ID`
- `AWS_SECRET_ACCESS_KEY`

To notify when builds are done:
- `NYLAS_INTERNAL_HOOK_URL` - Nylas internal Slack token and url
[local-private] move old edgehill src/pro into packages/local-private Summary: This is a test Test Plan: Testing Reviewers: juan Differential Revision: https://phab.nylas.com/D3493 [local-private] add old edgehill src/pro into packages/local-private 2016-12-12 22:43:01 +08:00			`# Building N1 with Continuous Integration`

			`script/grunt ci`

			`N1 is designed to be built into a production app for Mac, Windows, and Linux.`
			`Only Nylas core team members currently have access to produce a production`
			`build.`

			`Production builds are code-signed with a Nylas, Inc. certificate and include a`
			`handful of other proprietary assets such as custom fonts and sounds.`

			`We currently use [Travis](https://travis-ci.org/nylas/N1) to build on Mac &`
			`Windows and AppVeyor to build on Windows.`

			`A build can be run from a local machines by Jenkins or manually; however,`
			`several environment variables must be setup.:`

			`ALL ENVIRONMENT VARIABLES ARE ENCRYPTED`

			`They exist in an encrypted file that only Travis can read in`
			`build/resources/certs/set_env.sh`

			IMPORTANT Do NOT remove the `2>/dev/null 1>/dev/null` in the
			`before_install` scripts. If any of commands fail we don't want to leak
			`sensitive data in the output.`

			That file must be decrypted and `source`d before the environment variables can
			`use.`

			`If not building on Travis, the environment variables must be manually decrypted`
			`via gpg and sourced`

			`We use [Travis encryption](https://docs.travis-ci.com/user/encrypting-files/)`
			`and AppVeyor encryption to store the certificates, keys, and passwords`

			`To login to GitHub and clone the Nylas submodule with private assets you need`
			to clone recursively (or `git submodule init; git submodule update`) with a
			`valid SSH key or login username and password.`

			`We have a CI GitHub account: https://github.com/nylas-deploy-scripts`
			`The password for that account is stored in the environment variable:`
			- `GITHUB_CI_ACCOUNT_PASSWORD`

			`For signing builds on Mac only when the certificates are already in the`
			`Keychain (not Travis):`
			- `XCODE_KEYCHAIN` - The name of the Mac keychain that contains the
			`certificates and private key.`
			- `XCODE_KEYCHAIN_PASSWORD` - Th password to that keychain.
			- `KEYCHAIN_ACCESS` - Alternatively, the `XCODE_KEYCHAIN` and
			`XCODE_KEYCHAIN_PASSWORD` in a single colon-separated string.

			`Alternatively, on Travis we decrypt the actual certificate files and create a`
			`temporary keychain. To do this we need the password to the private key. That's`
			`stored in:`
			- `APPLE_CODESIGN_KEY_PASSWORD`

			`For signing builds on Windows only:`
			- `CERTIFICATE_FILE` - The Windows certificate
			- `CERTIFICATE_PASSWORD` - The password for the private key on the cert

			`To download Electron:`
			- `NYLAS_GITHUB_OAUTH_TOKEN` - The OAuth token to use for GitHub API requests. See
			`https://github.com/atom/grunt-download-electron`

			`To upload built artifacts to S3:`
			- `AWS_ACCESS_KEY_ID`
			- `AWS_SECRET_ACCESS_KEY`

			`To notify when builds are done:`
			- `NYLAS_INTERNAL_HOOK_URL` - Nylas internal Slack token and url