Skip to content

Modify FUNDING.json for Drips verification #140

Modify FUNDING.json for Drips verification

Modify FUNDING.json for Drips verification #140

Workflow file for this run

name: insider
on:
push:
tags: [ insider* ]
jobs:
insider:
runs-on: self-hosted
strategy:
matrix:
run-config:
- { scheme: 'Planet', destination: 'platform=macOS'}
steps:
- name: Checkout Repository
uses: actions/checkout@v3
with:
lfs: true
- name: Checkout LFS objects
run: git lfs pull
- name: Set insider SUFeedURL
run: /usr/libexec/PlistBuddy -c "Set :SUFeedURL https://opensource.planetable.xyz/planet-insider/appcast.xml" Planet/Info.plist
- name: Set insider icon
run: /usr/bin/sed -i '' 's/AppIcon/AppIcon-Insider/g' Planet/Release.xcconfig
- name: Fix Package Dependencies
run: xcodebuild -resolvePackageDependencies -onlyUsePackageVersionsFromResolvedFile
- name: Show Build Version
run: xcodebuild -version
- name: Show Build Settings
run: xcodebuild -showBuildSettings
- name: Show Build SDK
run: xcodebuild -showsdks
- name: Show Available Destinations
env:
scheme: ${{ matrix.run-config['scheme'] }}
run: xcodebuild -scheme ${scheme} -showdestinations
- name: Set ENV
run: echo "RELEASE_VERSION=${GITHUB_REF#refs/*/}" >> $GITHUB_ENV
- name: Install the Apple certificate
env:
BUILD_CERTIFICATE_BASE64: ${{ secrets.BUILD_CERTIFICATE_BASE64 }}
P12_PASSWORD: ${{ secrets.P12_PASSWORD }}
KEYCHAIN_PASSWORD: ${{ secrets.KEYCHAIN_PASSWORD }}
run: |
# create variables
CERTIFICATE_PATH=$RUNNER_TEMP/build_certificate.p12
KEYCHAIN_PATH=$RUNNER_TEMP/app-signing.keychain-db
# import certificate from secrets
echo -n "$BUILD_CERTIFICATE_BASE64" | base64 -d -o $CERTIFICATE_PATH
# create temporary keychain
security create-keychain -p "$KEYCHAIN_PASSWORD" $KEYCHAIN_PATH
security set-keychain-settings -lut 21600 $KEYCHAIN_PATH
security unlock-keychain -p "$KEYCHAIN_PASSWORD" $KEYCHAIN_PATH
# import certificate to keychain
security import $CERTIFICATE_PATH -P "$P12_PASSWORD" -A -t cert -f pkcs12 -k $KEYCHAIN_PATH
security list-keychain -d user -s $KEYCHAIN_PATH
- name: Build
env:
scheme: ${{ matrix.run-config['scheme'] }}
run: |
xcodebuild archive -scheme ${scheme} -archivePath archive/Planet.xcarchive -showBuildTimingSummary -allowProvisioningUpdates
- name: Prepare for Codesign
run: |
mkdir to-be-signed
ditto archive/Planet.xcarchive/Products/Applications/Planet.app to-be-signed/Planet.app
- name: Codesign with Developer ID
run: |
xcrun codesign --options runtime --deep --force --verbose --timestamp --sign "Developer ID Application: ${{ secrets.DEVELOPER_NAME }}" to-be-signed/Planet.app/Contents/Frameworks/Sparkle.framework/Versions/B/XPCServices/Installer.xpc
xcrun codesign --options runtime --deep --force --verbose --timestamp --sign "Developer ID Application: ${{ secrets.DEVELOPER_NAME }}" to-be-signed/Planet.app/Contents/Frameworks/Sparkle.framework/Versions/B/Autoupdate
xcrun codesign --options runtime --deep --force --verbose --timestamp --sign "Developer ID Application: ${{ secrets.DEVELOPER_NAME }}" to-be-signed/Planet.app/Contents/Frameworks/Sparkle.framework/Versions/B/Updater.app
xcrun codesign --options runtime --deep --force --verbose --timestamp --sign "Developer ID Application: ${{ secrets.DEVELOPER_NAME }}" to-be-signed/Planet.app/Contents/Frameworks/Sparkle.framework
- name: Prepare for Notarization
run: |
ditto -c -k --keepParent to-be-signed/Planet.app Planet.zip
- name: Submit for Notarization
run: |
xcrun notarytool submit Planet.zip --apple-id ${{ secrets.NOTARIZE_USERNAME }} --password ${{ secrets.NOTARIZE_PASSWORD }} --team-id ${{ secrets.TEAM_ID }} --wait --timeout 10m --verbose
- name: Staple
run: |
xcrun stapler staple -v to-be-signed/Planet.app
- name: Generate Planet.zip
run: |
ditto -c -k --keepParent to-be-signed/Planet.app Planet.zip
- name: Generate Planet.zip.dSYM.zip
run: |
ditto -c -k --keepParent archive/Planet.xcarchive/dSYMs/Planet.app.dSYM Planet.app.dSYM.zip
- name: Release App
uses: softprops/action-gh-release@v1
with:
prerelease: true
files: |
Planet.zip
Planet.app.dSYM.zip
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- name: Upload to DigitalOcean Spaces
uses: BetaHuhn/do-spaces-action@v2
with:
access_key: ${{ secrets.DO_ACCESS_KEY }}
secret_key: ${{ secrets.DO_SECRET_KEY }}
space_name: ${{ secrets.DO_SPACE_NAME }}
space_region: ${{ secrets.DO_SPACE_REGION }}
source: Planet.zip
out_dir: planet-insider/${{ env.RELEASE_VERSION }}
- name: Prepare for Sparkle Appcast
env:
WORKPLACE: ${{ github.workspace }}
run: |
mkdir -p Release
cp Planet.zip Release/
${{ secrets.SPARKLE_GENERATE_INSIDER }} $WORKPLACE/Release ${{ env.RELEASE_VERSION }}
- name: Upload Sparkle Appcast
uses: BetaHuhn/do-spaces-action@v2
with:
access_key: ${{ secrets.DO_ACCESS_KEY }}
secret_key: ${{ secrets.DO_SECRET_KEY }}
space_name: ${{ secrets.DO_SPACE_NAME }}
space_region: ${{ secrets.DO_SPACE_REGION }}
source: Release/appcast.xml
out_dir: planet-insider
- name: Purge CDN Cache (appcast.xml file only)
run: |
curl -X DELETE -H "Content-Type: application/json" -H "Authorization: Bearer ${{ secrets.DO_PLATFORM_TOKEN }}" -d '{"files": ["planet-insider/appcast.xml"]}' "https://api.digitalocean.com/v2/cdn/endpoints/${{ secrets.DO_CDN_ENDPOINT_ID }}/cache"
- name: Cleanup Keychain
if: ${{ always() }}
run: |
security delete-keychain $RUNNER_TEMP/app-signing.keychain-db