-
-
Notifications
You must be signed in to change notification settings - Fork 2
137 lines (123 loc) · 5.37 KB
/
publish.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
name: Build & Publish
on:
workflow_dispatch:
push:
tags:
- '*.*.*'
env:
DEVELOPER_DIR: /Applications/Xcode_16.0.app/Contents/Developer
jobs:
build:
name: Build and Publish Release
runs-on: macOS-15
steps:
- name: Checkout repository
uses: actions/checkout@v3
- name: Install Tooling
run: |
brew install create-dmg
- name: Install certificates
env:
DEV_SIGN_CERT: ${{ secrets.DEV_SIGN_CERT }}
DEV_SIGN_PW: ${{ secrets.DEV_SIGN_PW }}
MAC_SIGN_CERT: ${{ secrets.MAC_SIGN_CERT }}
MAC_SIGN_PW: ${{ secrets.MAC_SIGN_PW }}
KEYCHAIN_TIMEOUT: 21600
run: |
DEV_CERT_P12="$RUNNER_TEMP/dev_cert.p12"
MAC_CERT_P12="$RUNNER_TEMP/mac_cert.p12"
KEYCHAIN_DB="$RUNNER_TEMP/keychain.keychain-db"
KEYCHAIN_PW=$(openssl rand -base64 24)
security create-keychain -p "$KEYCHAIN_PW" "$KEYCHAIN_DB"
security set-keychain-settings -lut "$KEYCHAIN_TIMEOUT" "$KEYCHAIN_DB"
security unlock-keychain -p "$KEYCHAIN_PW" "$KEYCHAIN_DB"
echo -n "$DEV_SIGN_CERT" | base64 --decode -o "$DEV_CERT_P12"
security import "$DEV_CERT_P12" -P "$DEV_SIGN_PW" -A -t cert -f pkcs12 -k "$KEYCHAIN_DB"
echo -n "$MAC_SIGN_CERT" | base64 --decode -o "$MAC_CERT_P12"
security import "$MAC_CERT_P12" -P "$MAC_SIGN_PW" -A -t cert -f pkcs12 -k "$KEYCHAIN_DB"
security list-keychain -d user -s "$KEYCHAIN_DB"
- name: Build
env:
APPLE_TEAM_ID: ${{ secrets.APPLE_TEAM_ID }}
run: |
set -o pipefail && xcodebuild archive -project "TimeMachineStatus.xcodeproj" \
-scheme "TimeMachineStatus" \
-destination generic/platform=macOS \
-configuration "Release" \
-derivedDataPath "$RUNNER_TEMP/DerivedData" \
-archivePath "$RUNNER_TEMP/TimeMachineStatus.xcarchive" \
DEVELOPMENT_TEAM=$APPLE_TEAM_ID | xcpretty
- name: Sign
env:
CODE_SIGN_IDENTITY: ${{ secrets.CODE_SIGN_IDENTITY }}
run: |
codesign \
--sign "$CODE_SIGN_IDENTITY" \
-vvv --verbose --strict \
--options=runtime \
--prefix com.lukaspistrol.TimeMachineStatus \
--force --deep --timestamp \
"$RUNNER_TEMP/TimeMachineStatus.xcarchive/Products/Applications/TimeMachineStatus.app"
- name: Create DMG
env:
APPLE_TEAM_ID: ${{ secrets.APPLE_TEAM_ID }}
APPLE_ID: ${{ secrets.APPLE_ID }}
APPLE_ID_PASSWORD: ${{ secrets.APPLE_ID_PASSWORD }}
run: |
xcrun notarytool store-credentials TimeMachineStatus \
--apple-id "$APPLE_ID" \
--team-id "$APPLE_TEAM_ID" \
--password "$APPLE_ID_PASSWORD"
create-dmg \
--volname "TimeMachineStatus" \
--volicon "$RUNNER_TEMP/TimeMachineStatus.xcarchive/Products/Applications/TimeMachineStatus.app/Contents/Resources/AppIcon.icns" \
--window-pos 200 120 \
--window-size 800 400 \
--icon-size 100 \
--icon "TimeMachineStatus.app" 200 190 \
--hide-extension "TimeMachineStatus.app" \
--app-drop-link 600 185 \
--notarize "TimeMachineStatus" \
--skip-jenkins \
"$RUNNER_TEMP/TimeMachineStatus.dmg" \
"$RUNNER_TEMP/TimeMachineStatus.xcarchive/Products/Applications/TimeMachineStatus.app"
- name: Get Build Number
run: |
APP_BUILD=$(xcrun agvtool vers -terse)
echo "APP_BUILD=$APP_BUILD" >> $GITHUB_ENV
- name: Sparkle
env:
SPARKLE_KEY: ${{ secrets.SPARKLE_KEY }}
SPARKLE_DL_PREFIX: "https://github.com/lukepistrol/TimeMachineStatus/releases/download"
SPARKLE_LINK: "https://github.com/lukepistrol/TimeMachineStatus"
APP_VERSION: ${{ github.ref_name }}
APP_BUILD: ${{ env.APP_BUILD }}
run: |
SPARKLE_BIN="$RUNNER_TEMP/DerivedData/SourcePackages/artifacts/sparkle/Sparkle/bin"
SPARKLE_ARCHIVE="$RUNNER_TEMP/Sparkle_Archive"
echo -n "$SPARKLE_KEY" | tee "$RUNNER_TEMP/sparkle_key"
mkdir "$SPARKLE_ARCHIVE"
cp "$RUNNER_TEMP/TimeMachineStatus.dmg" "$SPARKLE_ARCHIVE"
SPARKLE_SIG=$("$SPARKLE_BIN/sign_update" --ed-key-file "$RUNNER_TEMP/sparkle_key" "$SPARKLE_ARCHIVE/TimeMachineStatus.dmg" | cut -d\" -f2)
"$SPARKLE_BIN/generate_appcast" \
--ed-key-file "$RUNNER_TEMP/sparkle_key" \
--download-url-prefix "${{ env.SPARKLE_DL_PREFIX }}/${{ env.APP_VERSION }}/" \
--link "$SPARKLE_LINK" \
--maximum-deltas 0 \
"$SPARKLE_ARCHIVE"
- name: Publish Release
uses: marvinpinto/action-automatic-releases@latest
env:
APP_VERSION: ${{ env.APP_VERSION }}
with:
title: "${{ env.APP_VERSION }}"
files: |
${{ RUNNER.TEMP }}/Sparkle_Archive/TimeMachineStatus.dmg
${{ RUNNER.TEMP }}/Sparkle_Archive/appcast.xml
prerelease: false
repo_token: "${{ secrets.GITHUB_TOKEN }}"
- name: Clean up keychain and provisioning profile
if: ${{ always() }}
run: |
security delete-keychain "$RUNNER_TEMP/keychain.keychain-db"
rm -rf "~/Library/MobileDevice/Provisioning Profiles"