Lots of CI refactoring, hopefully fixing codecov #381
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Development Builds | |
on: | |
push: | |
branches: | |
- master | |
jobs: | |
config: | |
runs-on: "ubuntu-latest" | |
permissions: | |
contents: none | |
outputs: | |
has-secrets: ${{ steps.check.outputs.has-secrets }} | |
steps: | |
- name: "Check for secrets" | |
id: check | |
shell: bash | |
run: | | |
if [ -n "${{ (secrets.REPO_GPG_PASSPHRASE != '' && secrets.NIGHTLY_KEYCHAIN_PASSPHRASE != '') || '' }}" ]; then | |
echo "has-secrets=1" >> "$GITHUB_OUTPUT" | |
fi | |
build: | |
needs: config | |
if: needs.config.outputs.has-secrets | |
name: Build and Sign | |
runs-on: macos-14 | |
permissions: | |
contents: read | |
env: | |
IS_CI: 1 | |
IS_NIGHTLY: 1 | |
steps: | |
- uses: maxim-lobanov/setup-xcode@v1 | |
with: | |
xcode-version: 15.3 | |
- name: Checkout Hammerspoon Code | |
uses: actions/checkout@v4 | |
with: | |
fetch-depth: 0 | |
- name: Checkout Hammerspoon Secrets | |
uses: actions/checkout@v4 | |
with: | |
repository: Hammerspoon/ci-secrets | |
path: ./ci-secrets | |
- name: Prepare build environment | |
run: ./scripts/github-ci-pre.sh | |
- name: Decrypt Secrets | |
env: | |
REPO_GPG_PASSPHRASE: ${{ secrets.REPO_GPG_PASSPHRASE }} | |
run: ./ci-secrets/crypto.sh decrypt | |
- name: Prepare keychain | |
env: | |
KEYCHAIN_PASSPHRASE: ${{ secrets.NIGHTLY_KEYCHAIN_PASSPHRASE }} | |
run: ./scripts/build.sh keychain-prep -s Release -c Release -p ./ci-secrets/Cleartext/Hammerspoon-Nightly-Certificates.p12 -o ./ci-secrets/Cleartext/token-notarization | |
- name: Prepare secure tokens | |
run: /bin/cp ./ci-secrets/Cleartext/token* ../ | |
- name: Remove Secrets checkout | |
run: /bin/rm -rf ./ci-secrets | |
- name: Get version number | |
id: version | |
run: | | |
echo "NIGHTLY_VERSION=$(git describe)" >> $GITHUB_OUTPUT | |
echo "RELEASE_VERSION=$(git describe --abbrev=0)" >> $GITHUB_OUTPUT | |
- name: Build | |
run: ./scripts/build.sh build -s Release -c Release | |
- name: Generate API docs | |
run: ./scripts/build.sh docs | |
- name: Notarize | |
run: ./scripts/build.sh notarize | |
- name: Delete notarization/signing credentials | |
if: ${{ always() }} | |
run: ./scripts/build.sh keychain-post | |
- name: Validate signing/notarization | |
run: ./scripts/build.sh validate -d | |
- name: Archive build | |
run: ./scripts/build.sh archive | |
- name: Upload build log on failure | |
if: failure() | |
uses: actions/upload-artifact@v4 | |
with: | |
name: nightly-build.log | |
path: build/Release-build.log | |
- name: Generate Release Notes | |
id: release_notes_generator | |
uses: mikepenz/release-changelog-builder-action@main | |
with: | |
configuration: ".github/workflows/release_notes_config.json" | |
toTag: "HEAD" | |
env: | |
GITHUB_TOKEN: "${{ secrets.GITHUB_TOKEN }}" | |
- name: Capture Release Notes | |
id: capture_release_notes | |
run: | | |
echo "${{ steps.release_notes_generator.outputs.changelog }}" >release_notes.txt | |
- name: Upload Release Notes | |
id: upload_release_notes | |
uses: actions/upload-artifact@v4 | |
with: | |
name: Release_Notes-${{ steps.version.outputs.NIGHTLY_VERSION }}.txt | |
path: release_notes.txt | |
- name: Prepare artifacts | |
run: mv ../archive ./ ; find ./archive | |
- name: Upload artifacts App bundle | |
uses: actions/upload-artifact@v4 | |
with: | |
name: Hammerspoon.app-${{ steps.version.outputs.NIGHTLY_VERSION }}.zip | |
path: archive/${{ steps.version.outputs.NIGHTLY_VERSION }}/Hammerspoon.app-${{ steps.version.outputs.NIGHTLY_VERSION }}.zip | |
- name: Upload artifacts Debug symbols | |
uses: actions/upload-artifact@v4 | |
with: | |
name: dSYM-${{ steps.version.outputs.NIGHTLY_VERSION }}.zip | |
path: archive/${{ steps.version.outputs.NIGHTLY_VERSION }}/Hammerspoon-dSYM-${{ steps.version.outputs.NIGHTLY_VERSION }}.zip | |
- name: Upload artifacts HTML docs | |
uses: actions/upload-artifact@v4 | |
with: | |
name: docs-${{ steps.version.outputs.NIGHTLY_VERSION }}.zip | |
path: archive/${{ steps.version.outputs.NIGHTLY_VERSION }}/docs/${{ steps.version.outputs.NIGHTLY_VERSION }}-docs.zip | |
- name: Upload artifacts docs json | |
uses: actions/upload-artifact@v4 | |
with: | |
name: docs-${{ steps.version.outputs.NIGHTLY_VERSION }}.json | |
path: archive/${{ steps.version.outputs.NIGHTLY_VERSION }}/docs/docs.json | |
- name: Upload artifacts Build log | |
uses: actions/upload-artifact@v4 | |
with: | |
name: Release-build.log | |
path: archive/${{ steps.version.outputs.NIGHTLY_VERSION }}/Release-build.log | |
- name: Send notification | |
if: env.CI_WEBHOOK_URL != '' && env.CI_WEBHOOK_SECRET != '' | |
env: | |
CI_WEBHOOK_URL: ${{ secrets.CI_WEBHOOK_URL }} | |
CI_WEBHOOK_SECRET: ${{ secrets.CI_WEBHOOK_SECRET }} | |
run: | | |
/usr/bin/curl -H "X-CI-WebHook: true" -H "Content-Type: application/json" -d '{"secret": "$CI_WEBHOOK_SECRET", "repository": "hammerspoon", "workflow": "Dev Build", "message": "New development build: ${{ steps.version.outputs.NIGHTLY_VERSION }}"}' $CI_WEBHOOK_URL |