Skip to content

SUB - Build on macOS #25

SUB - Build on macOS

SUB - Build on macOS #25

Workflow file for this run

name: SUB - Build on macOS
on:
workflow_dispatch:
inputs:
env:
description: "An Environment"
required: true
type: choice
options:
- development
- production
version:
description: "A Version"
required: true
type: string
workflow_call:
inputs:
env:
description: "An Environment"
required: true
type: string
version:
description: "A Version"
required: true
type: string
env:
app_name: ${{ inputs.env == 'production' && 'MoonshineSDKInstaller' || 'MoonshineSDKInstallerDevelopment' }}
jobs:
build:
runs-on: "macos-13"
steps:
- uses: actions/checkout@v4
- uses: actions/setup-java@v3
with:
distribution: 'temurin'
java-version: '11'
- uses: krdlab/setup-haxe@v1.5.1
with:
haxe-version: 4.3.4
- uses: joshtynjala/setup-apache-flex-action@v2.2.0
with:
flex-version: "4.16.1"
air-version: "51.1.3.1"
accept-air-license: true
air-license-base64: ${{ secrets.AIR_LICENSE_BASE64 }}
# Prepare signing
- name: Check for Keychain
id: check_keychain
shell: bash
run: |
if security list-keychains | grep -q "build.keychain"; then
echo "keychain_exists=true" >> $GITHUB_OUTPUT
else
echo "keychain_exists=false" >> $GITHUB_OUTPUT
fi
- name: Create keychain
if: steps.check_keychain.outputs.keychain_exists == 'false'
shell: bash
run: |
security create-keychain -p "${{ secrets.MAC_KEYCHAIN_PASS }}" build.keychain
echo "Keychain created"
security set-keychain-settings -lut 21600 build.keychain
echo "Keychain settings set"
security default-keychain -s build.keychain
echo "Keychain made default"
security unlock-keychain -p "${{ secrets.MAC_KEYCHAIN_PASS }}" build.keychain
echo "Keychain unlocked"
- name: Import certificates
shell: bash
run: |
echo "${{ secrets.MAC_APPLICATION_CERTKEY }}" | base64 --decode > application_certkey.p12
echo "${{ secrets.MAC_INSTALLER_CERTKEY }}" | base64 --decode > installer_certkey.p12
security import ./application_certkey.p12 \
-k build.keychain \
-f pkcs12 \
-P "${{ secrets.MAC_CERTKEY_PASS }}" \
-T /usr/bin/codesign \
-T /usr/bin/productsign \
-T /usr/bin/productbuild
security import ./installer_certkey.p12 \
-k build.keychain \
-f pkcs12 \
-P "${{ secrets.MAC_CERTKEY_PASS }}" \
-T /usr/bin/codesign \
-T /usr/bin/productsign
- name: Allow codesign and productsign to use keychain
shell: bash
run: |
security set-key-partition-list \
-S apple-tool:,apple:,codesign:,productsign: \
-s \
-k "${{ secrets.MAC_KEYCHAIN_PASS }}" \
build.keychain
- name: Unlock keychain
shell: bash
run: |
security unlock-keychain -p "${{ secrets.MAC_KEYCHAIN_PASS }}" build.keychain
- name: Create notarization profile
shell: bash
run: |
xcrun notarytool \
store-credentials "notarytool-profile" \
--apple-id ${{ secrets.MAC_NOTARIZATION_APPLE_ID }} \
--team-id ${{ secrets.MAC_NOTARIZATION_TEAM_ID }} \
--password ${{ secrets.MAC_NOTARIZATION_PASS }}
- name: Build with Ant
run: >
ant
-buildfile MoonshineSDKInstaller/build/build.xml
build pack-and-sign
-Dapp.version=${{ inputs.version }}
-Dbuild.is.development=${{ inputs.env != 'production' }}
-Dbuild.number=${{ github.run_number }}
-Dkeychain.name=build.keychain
-Dnotarytool.profile="notarytool-profile"
- name: Upload Artifact
uses: actions/upload-artifact@v4
with:
name: msdki-macos-setup
path: MoonshineSDKInstaller/build/bin/deploy/${{ env.app_name }}-${{ inputs.version }}.pkg
if-no-files-found: error