-
Notifications
You must be signed in to change notification settings - Fork 0
100 lines (79 loc) · 2.83 KB
/
main.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
name: CI pipeline
on: push
jobs:
adhoc:
runs-on: macos-14
steps:
- uses: actions/checkout@v4
- name: Build code
run: make adhoc
release:
runs-on: macos-14
environment: release-macos
steps:
- uses: actions/checkout@v4
- name: Install the Apple certificate and provisioning profile
env:
BUILD_CERTIFICATE_BASE64: ${{ secrets.BUILD_CERTIFICATE_BASE64 }}
P12_PASSWORD: ${{ secrets.P12_PASSWORD }}
BUILD_PROVISION_PROFILE_BASE64: ${{ secrets.BUILD_PROVISION_PROFILE_BASE64 }}
KEYCHAIN_PASSWORD: ${{ secrets.KEYCHAIN_PASSWORD }}
run: |
# create variables
CERTIFICATE_PATH=$RUNNER_TEMP/build_certificate.p12
PP_PATH=$RUNNER_TEMP/build_pp.mobileprovision
KEYCHAIN_PATH=$RUNNER_TEMP/app-signing.keychain-db
# import certificate profile from secrets
echo -n "$BUILD_CERTIFICATE_BASE64" | base64 --decode -o $CERTIFICATE_PATH
# create temporary keychain
security create-keychain -p "$KEYCHAIN_PASSWORD" $KEYCHAIN_PATH
security set-keychain-settings -lut 21600 $KEYCHAIN_PATH
security unlock-keychain -p "$KEYCHAIN_PASSWORD" $KEYCHAIN_PATH
# import certificate to keychain
security import $CERTIFICATE_PATH -P "$P12_PASSWORD" -A -t cert -f pkcs12 -k $KEYCHAIN_PATH
security list-keychain -d user -s $KEYCHAIN_PATH
- name: Build code
run: make release
- name: Build and notarize distribution
run: |
make dist
(cd build && echo "DIST=$(echo *.zip)" >>$GITHUB_ENV)
- uses: actions/upload-artifact@v4
with:
name: ${{env.DIST}}
path: build/${{env.DIST}}
- name: Clean up keychain
if: ${{ always() }}
run: |
security delete-keychain $RUNNER_TEMP/app-signing.keychain-db
publish_release:
permissions:
contents: write
runs-on: macos-14
if: (startsWith(github.ref, 'refs/tags/v') && !contains(github.ref, '-dev'))
needs: [release]
steps:
- name: Checkout code
uses: actions/checkout@v4
with:
submodules: recursive
- name: Prepare release message
run: |
cat CHANGES | awk '/^[0-9]+\./{ n++; next; } n < 2 { print }' >${{ runner.temp }}/release-msg
echo "release_name=$(echo ${{ github.ref_name }} | sed 's/^v//')" >> $GITHUB_ENV
- uses: actions/download-artifact@v4
with:
path: artifacts
- name: Display artifacts
run: ls -al artifacts/*/*
- name: Upload artifacts
uses: softprops/action-gh-release@v1
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
draft: false
prerelease: false
name: ${{ env.release_name }}
body_path: ${{ runner.temp }}/release-msg
files: |
artifacts/*/*.zip