-
Notifications
You must be signed in to change notification settings - Fork 4
105 lines (83 loc) · 3.2 KB
/
build.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
# Deployment Notes:
# For MacOS: To run executable after download requires removing the extended attributes via xattr -r -c <path to exe/app>
name: anonymizer-test-build-upload
on:
push:
branches: [ "master" ]
pull_request:
branches: [ "master" ]
permissions:
contents: read
jobs:
build:
runs-on: ${{ matrix.os }}
strategy:
matrix:
os: [windows-latest, macos-latest]
steps:
- name: Checkout repository
uses: actions/checkout@v3
- name: Set up Python
uses: actions/setup-python@v3
with:
python-version: "3.12.7"
- name: Install pipenv for virtual environment
run: |
pip install pipenv
- name: Install dependencies including development dependencies
run: |
pipenv install --dev
- name: Run Unit Tests within pipenv with pytest and generate coverage report
env:
AWS_USERNAME: ${{ secrets.AWS_USERNAME }}
AWS_PASSWORD: ${{ secrets.AWS_PASSWORD }}
run: |
pipenv run coverage run -m pytest tests --log-cli-level=WARN
pipenv run coverage report -i --omit="tests/*" --fail-under=60
- name: List site-packages
run: |
pipenv run python -c "from distutils.sysconfig import get_python_lib; print(get_python_lib())"
- name: Install create-dmg for macos
if: runner.os == 'macOS'
run: |
brew install create-dmg
- name: PyInstaller - Build for ${{ matrix.os }}
run: |
cd src
pipenv run python build.py
- name: Upload Windows EXE artifact only
id: upload-win-exe
if: runner.os == 'windows'
uses: actions/upload-artifact@v4
with:
name: anonymizer_exe_only-${{ matrix.os }}-${{ env.version }}
path: src/dist/Anonymizer_${{ env.version }}/Anonymizer_${{ env.version }}.exe
if-no-files-found: error
retention-days: 1
archive: false
- name: Sign Windows executable using SignPath
if: runner.os == 'windows'
uses: signpath/github-action-submit-signing-request@v1
with:
api-token: '${{ secrets.SIGNPATH_API_TOKEN }}'
organization-id: '4e519f49-439f-43aa-8fc1-e1f19225e705'
project-slug: 'anonymizer'
signing-policy-slug: 'release-signing'
github-artifact-id: '${{steps.upload-win-exe.outputs.artifact-id}}'
wait-for-completion: true
output-artifact-directory: 'src/dist/signed'
- name: Overwrite Unsigned Executable
if: runner.os == 'windows'
shell: pwsh # Use PowerShell Core if you want to explicitly use it
run: |
if (Test-Path "src\dist\Anonymizer_${{ env.version }}\Anonymizer_${{ env.version }}.exe") {
Remove-Item "src\dist\Anonymizer_${{ env.version }}\Anonymizer_${{ env.version }}.exe"
}
Move-Item -Path "src\dist\signed\Anonymizer_${{ env.version }}.exe" -Destination "src\dist\Anonymizer_${{ env.version }}\Anonymizer_${{ env.version }}.exe"
- name: Upload Artifact for ${{ matrix.os }}
uses: actions/upload-artifact@v4
with:
name: anonymizer-${{ matrix.os }}-${{ env.version }}
path: src/dist
if-no-files-found: error
retention-days: 14