.github/workflows/build-macos.yml

name: Build MacOS Artifacts

on:
  workflow_dispatch:
    inputs:
      tags:
        description: "Version tags"

env:
  VERSION: 0.9.0

jobs:
  build:
    strategy:
      matrix:
        go: [1.21.1]
    runs-on: "macos-12"
    steps:
      - name: Setup Node.js
        uses: actions/setup-node@v4
        with:
          node-version: 18

      - name: Install pnpm
        run: npm install -g pnpm

      - name: Setup Cache
        uses: actions/cache@v4
        with:
          path: |
            ~/.cache/go-build
            ~/go/pkg/mod
          key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }}
          restore-keys: |
            ${{ runner.os }}-go-

      - name: Checkout Kun
        uses: actions/checkout@v4
        with:
          repository: yaoapp/kun
          path: kun

      - name: Checkout Xun
        uses: actions/checkout@v4
        with:
          repository: yaoapp/xun
          path: xun

      - name: Checkout Gou
        uses: actions/checkout@v4
        with:
          repository: yaoapp/gou
          path: gou

      - name: Checkout V8Go
        uses: actions/checkout@v4
        with:
          repository: yaoapp/v8go
          lfs: true
          path: v8go

      - name: Checkout XGen v1.0
        #  ** XGEN will be renamed to DUI in the feature. and move to the new repository. **
        #  ** new repository: https://github.com/YaoApp/dui.git **
        uses: actions/checkout@v4
        with:
          repository: yaoapp/xgen
          path: xgen-v1.0

      - name: Checkout Yao-Init
        uses: actions/checkout@v4
        with:
          repository: yaoapp/yao-init
          path: yao-init

      - name: Move Kun, Xun, Gou, UI, V8Go
        run: |
          mv kun ../
          mv xun ../
          mv gou ../
          mv v8go ../
          mv xgen-v1.0 ../
          mv yao-init ../
          rm -f ../xgen-v1.0/packages/setup/vite.config.ts.*
          ls -l .
          ls -l ../
          ls -l ../xgen-v1.0/packages/setup/

      - name: Checkout Code
        uses: actions/checkout@v4

      - name: Setup Go ${{ matrix.go }}
        uses: actions/setup-go@v5
        with:
          go-version: ${{ matrix.go }}

      - name: Setup Go Tools
        run: |
          make tools

      - name: Get Version
        run: |
          echo VERSION=$(cat share/const.go  |grep 'const VERSION' | awk '{print $4}' | sed "s/\"//g")  >> $GITHUB_ENV

      - name: Make Artifacts MacOS
        run: |
          make artifacts-macos
          mv dist/release/yao-$VERSION-dev-darwin-arm64 dist/release/yao-$VERSION-unstable-darwin-arm64
          mv dist/release/yao-$VERSION-dev-darwin-amd64 dist/release/yao-$VERSION-unstable-darwin-amd64

      - name: Install Certificates
        env:
          KEYCHAIN_PASSWORD: ${{ secrets.KEYCHAIN_PASSWORD }}

        run: |
          mkdir -p certs
          echo "${{ secrets.APPLE_DEVELOPERIDG2CA }}" | base64 --decode > certs/DeveloperIDG2CA.cer
          echo "${{ secrets.APPLE_DISTRIBUTION }}" | base64 --decode > certs/distribution.cer
          echo "${{ secrets.APPLE_PRIVATE_KEY }}" | base64 --decode > certs/private_key.p12
          security verify-cert -c certs/DeveloperIDG2CA.cer
          security verify-cert -c certs/distribution.cer

      - name: Import Certificates
        run: |
          KEYCHAIN_PATH=$RUNNER_TEMP/app-signing.keychain-db

          # create temporary keychain
          security create-keychain -p "$KEYCHAIN_PASSWORD" $KEYCHAIN_PATH
          security set-keychain-settings -lut 21600 $KEYCHAIN_PATH
          security unlock-keychain -p "$KEYCHAIN_PASSWORD" $KEYCHAIN_PATH

          # import certificate to keychain
          security import ./certs/DeveloperIDG2CA.cer -k $KEYCHAIN_PATH -T /usr/bin/codesign
          security import ./certs/distribution.cer -k $KEYCHAIN_PATH -T /usr/bin/codesign

          # import private key to keychain
          security import ./certs/private_key.p12 -k $KEYCHAIN_PATH -P "${{ secrets.APPLE_PRIVATE_KEY_PASSWORD }}" -T /usr/bin/codesign

          security list-keychain -d user -s $KEYCHAIN_PATH

      - name: Sign Artifacts
        run: |
          codesign --deep --force --verify --verbose --sign "${{ secrets.APPLE_SIGN }}" dist/release/yao-$VERSION-unstable-darwin-arm64
          codesign --deep --force --verify --verbose --sign "${{ secrets.APPLE_SIGN }}" dist/release/yao-$VERSION-unstable-darwin-amd64

      - name: Archive production artifacts
        uses: actions/upload-artifact@v4
        with:
          name: yao-macos
          path: |
            dist/release/*