add ci config #2
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Build/release | |
| on: | |
| push: | |
| # branches: | |
| # - main | |
| # - develop | |
| tags: | |
| - 'v*' | |
| jobs: | |
| release: | |
| runs-on: macos-14 | |
| permissions: | |
| contents: write | |
| steps: | |
| - name: Check out Git repository | |
| uses: actions/checkout@v1 | |
| - name: Install Developer ID Certificate | |
| run: | | |
| CERTIFICATE_PATH=$RUNNER_TEMP/build_certificate.p12 | |
| KEYCHAIN_PATH=$RUNNER_TEMP/app-signing.keychain-db | |
| echo -n "$BUILD_CERTIFICATE_BASE64" | base64 --decode -o $CERTIFICATE_PATH | |
| security create-keychain -p "$KEYCHAIN_PASSWORD" $KEYCHAIN_PATH | |
| security set-keychain-settings -lut 21600 $KEYCHAIN_PATH | |
| security unlock-keychain -p "$KEYCHAIN_PASSWORD" $KEYCHAIN_PATH | |
| security import $CERTIFICATE_PATH -P "$P12_PASSWORD" -A -t cert -f pkcs12 -k $KEYCHAIN_PATH | |
| security list-keychain -d user -s $KEYCHAIN_PATH | |
| rm $RUNNER_TEMP/build_certificate.p12 | |
| env: | |
| BUILD_CERTIFICATE_BASE64: ${{ secrets.MAC_CERTS }} | |
| P12_PASSWORD: ${{ secrets.MAC_CERTS_PASSWORD }} | |
| KEYCHAIN_PASSWORD: ${{ secrets.KEYCHAIN_PASSWORD }} | |
| - name: Prepare for app notarization | |
| run: | | |
| mkdir -p ~/private_keys/ | |
| echo '${{ secrets.NOTARIZATION_API_KEY }}' > ~/private_keys/AuthKey_${{ secrets.NOTARIZATION_API_KEY_ID }}.p8 | |
| - name: configure exportOptions.plist | |
| run: | | |
| /usr/libexec/PlistBuddy -c "Set :teamID ${{ secrets.MAC_TEAM_ID }}" exportOptions.plist | |
| - name: build macOS App | |
| run: | | |
| export MARKETING_VERSION=${MARKETING_VERSION_V#v} | |
| defaults write com.apple.dt.Xcode IDESkipPackagePluginFingerprintValidatation -bool YES | |
| xcodebuild build -project Ukam.xcodeproj -scheme Ukam -configuration Release -derivedDataPath build/ | |
| xcodebuild archive -project Ukam.xcodeproj -scheme Ukam -archivePath build/Ukam.xcarchive | |
| xcodebuild -exportArchive -archivePath build/Ukam.xcarchive -exportPath build/ -exportOptionsPlist exportOptions.plist | |
| cd build/ | |
| zip -r Ukam.zip Ukam.app | |
| zip -r Ukam.xcarchive.zip Ukam.xcarchive | |
| mkdir dmgBase | |
| cp -r Ukam.app dmgBase/ | |
| hdiutil create -volname Ukam -srcfolder dmgBase -ov -format UDZO Ukam.dmg | |
| env: | |
| CURRENT_PROJECT_VERSION: ${{github.run_number}} | |
| MARKETING_VERSION_V: ${{github.ref_name}} | |
| - name: Notarize macOS App | |
| run: | | |
| xcrun notarytool submit "build/Ukam.zip" --key "$KEY_PATH" --key-id "$KEY_ID" --issuer "$ISSUER_ID" | |
| xcrun notarytool submit "build/Ukam.dmg" --key "$KEY_PATH" --key-id "$KEY_ID" --issuer "$ISSUER_ID" --wait | |
| xcrun stapler staple "build/Ukam.dmg" | |
| env: | |
| KEY_PATH: ~/private_keys/AuthKey_${{ secrets.NOTARIZATION_API_KEY_ID }}.p8 | |
| KEY_ID: ${{ secrets.NOTARIZATION_API_KEY_ID }} | |
| ISSUER_ID: ${{ secrets.NOTARIZATION_API_KEY_ISSUER }} | |
| - name: Attach CLI Packages | |
| if: ${{ startsWith(github.ref, 'refs/tags/v') && startsWith(matrix.os, 'macos') }} | |
| run: | | |
| gh release upload ${{ github.ref_name }} dist/hoshi-cli*.zip | |
| gh release upload ${{ github.ref_name }} dist/hoshi-cli*.dmg | |
| env: | |
| GH_TOKEN: ${{ github.token }} | |
| - name: Clean up keychain and provisioning profile | |
| if: ${{ always() }} | |
| run: | | |
| security delete-keychain $RUNNER_TEMP/app-signing.keychain-db | |
| rm -rf ~/private_keys/ | |
| - name: Store artifacts | |
| if: ${{ ! failure() }} | |
| uses: actions/upload-artifact@v3 | |
| with: | |
| name: build-artifacts | |
| path: | | |
| build/Ukam.xcarchive.zip | |
| build/Ukam.dmg | |
| build/Ukam.zip |