Skip to content

Can't verify/open on latest macOS #334

Can't verify/open on latest macOS

Can't verify/open on latest macOS #334

Workflow file for this run

name: "Create Release"
on:
issue_comment:
types: [created]
concurrency:
group: publish-release${{ github.ref }}
cancel-in-progress: true
env:
projname: SlimHUD
beta-channel-name: "beta"
jobs:
preparation:
name: Preparation job
if: ${{ github.event.issue.pull_request && contains(github.event.comment.body, '/release') && github.event.comment.user.login == github.repository_owner }}
runs-on: ubuntu-latest
steps:
- name: Check if beta
id: check-beta
run: |
if [[ "${{ contains(github.event.comment.body, 'beta') }}" == "true" ]]; then
echo "env=deploy-beta" >> $GITHUB_OUTPUT
echo "env=deploy-beta" >> env
else
echo "env=deploy-release" >> $GITHUB_OUTPUT
echo "env=deploy-release" >> env
fi
- uses: xt0rted/pull-request-comment-branch@v1 # check out branch of PR
id: comment-branch
- name: start deployment
uses: bobheadxi/[email protected]
id: deployment
with:
step: start
token: ${{ secrets.GITHUB_TOKEN }}
env: ${{ steps.check-beta.outputs.env }}
ref: ${{ steps.comment-branch.outputs.head_ref }}
- name: Save deployment id to file
run: echo ${{ steps.deployment.outputs.deployment_id }} > deployment_id
- name: Save deployment id
uses: actions/upload-artifact@master
with:
path: |
deployment_id
env
- name: Add reactions # adding reactions to the comment to show that the action is running
uses: peter-evans/create-or-update-comment@v2
with:
comment-id: ${{ github.event.comment.id }}
reactions: eyes
- uses: actions/github-script@v6 # check if the PR is ready to be merged
with:
result-encoding: string
script: |
const pr = await github.rest.pulls.get({
owner: context.repo.owner,
repo: context.repo.repo,
pull_number: context.issue.number,
});
if (pr.data.draft || !pr.data.mergeable) {
core.setFailed("PR is not ready to be merged");
}
- uses: actions/checkout@v3
if: success()
with:
ref: ${{ steps.comment-branch.outputs.head_ref }}
- name: Extract latest changes # generate release notes, version and title to use in the release
id: latest_changes
run: |
python3 ./Configuration/generate_latest_changes.py
- name: Check if version already released # prevent releasing the same version twice
run: |
if [[ $(xcrun agvtool what-version -terse) == $(cat new_version) ]]; then
echo "Version already released" >> $GITHUB_STEP_SUMMARY
exit 1
fi
- name: Check if release notes are empty # prevent releasing without release notes
run: |
if [[ $(cat latest_changes) == "" ]]; then
echo "Release notes are empty" >> $GITHUB_STEP_SUMMARY
exit 1
fi
- name: Save generated info
uses: actions/upload-artifact@master
with:
path: |
new_version
title
latest_changes
- name: Clean up generated files for sync
run: |
rm latest_changes
rm title
rm new_version
- name: Sync branch
uses: devmasx/merge-branch@master
if: ${{ !contains(github.event.comment.body, 'beta') }}
with:
type: now
from_branch: ${{ steps.comment-branch.outputs.base_ref }}
target_branch: ${{ steps.comment-branch.outputs.head_ref }}
github_token: ${{ github.token }}
message: "Sync branch"
archive:
name: Build and export app
runs-on: macos-12
needs: preparation
steps:
- uses: actions/download-artifact@master # download all previously generated artifacts
with:
path: artifacts
- name: Parse info generated in preparation job
id: info
run: |
echo "new_version=$(cat artifacts/artifact/new_version)" >> $GITHUB_OUTPUT
echo "title=$(cat artifacts/artifact/title)" >> $GITHUB_OUTPUT
- uses: xt0rted/pull-request-comment-branch@v1 # check out branch of PR
id: comment-branch
- uses: actions/checkout@v3
if: success()
with:
ref: ${{ steps.comment-branch.outputs.head_ref }}
- name: Override versions in project # set new version in project
run: |
sed -i '' "s/_VERSION = $(xcrun agvtool what-version -terse)/_VERSION = ${{ steps.info.outputs.new_version }}/g" ${{ env.projname }}.xcodeproj/project.pbxproj;
- name: Install the Apple certificate and provisioning profile
# install the Apple certificate and provisioning profile
# following https://docs.github.com/en/actions/deployment/deploying-xcode-applications/installing-an-apple-certificate-on-macos-runners-for-xcode-development
env:
BUILD_CERTIFICATE_BASE64: ${{ secrets.BUILD_CERTIFICATE_BASE64 }}
P12_PASSWORD: ${{ secrets.P12_PASSWORD }}
BUILD_PROVISION_PROFILE_BASE64: ${{ secrets.BUILD_PROVISION_PROFILE_BASE64 }}
KEYCHAIN_PASSWORD: ${{ secrets.KEYCHAIN_PASSWORD }}
run: |
# create variables
CERTIFICATE_PATH=$RUNNER_TEMP/build_certificate.p12
PP_PATH=$RUNNER_TEMP/build_pp.mobileprovision
KEYCHAIN_PATH=$RUNNER_TEMP/app-signing.keychain-db
# import certificate and provisioning profile from secrets
echo -n "$BUILD_CERTIFICATE_BASE64" | base64 --decode --output $CERTIFICATE_PATH
echo -n "$BUILD_PROVISION_PROFILE_BASE64" | base64 --decode --output $PP_PATH
# create temporary keychain
security create-keychain -p "$KEYCHAIN_PASSWORD" $KEYCHAIN_PATH
security set-keychain-settings -lut 21600 $KEYCHAIN_PATH
security unlock-keychain -p "$KEYCHAIN_PASSWORD" $KEYCHAIN_PATH
# import certificate to keychain
security import $CERTIFICATE_PATH -P "$P12_PASSWORD" -A -t cert -f pkcs12 -k $KEYCHAIN_PATH
security list-keychain -d user -s $KEYCHAIN_PATH
# apply provisioning profile
mkdir -p ~/Library/MobileDevice/Provisioning\ Profiles
cp $PP_PATH ~/Library/MobileDevice/Provisioning\ Profiles
- name: Switch Xcode version # Force Xcode version (macOS runner has multiple Xcode versions installed)
run: |
sudo xcode-select -s "/Applications/Xcode_14.2.app"
/usr/bin/xcodebuild -version
- name: Build and archive # create archive
run: xcodebuild clean archive -project ${{ env.projname }}.xcodeproj -scheme ${{ env.projname }} -archivePath ${{ env.projname }}
- name: Export app # create .app
run: xcodebuild -exportArchive -archivePath "${{ env.projname }}.xcarchive" -exportPath Release -exportOptionsPlist "Configuration/export_options.plist"
- name: Zip app # zip .app
run: |
cd Release
ditto -c -k --sequesterRsrc --keepParent ${{ env.projname }}.app ${{ env.projname }}.zip
- name: Upload achived app
uses: actions/upload-artifact@master
with:
name: app
path: Release/${{ env.projname }}.zip
pre-release:
name: Create pre-release
runs-on: macos-12
needs: archive
if: ${{ contains(github.event.comment.body, 'beta') }}
steps:
- uses: xt0rted/pull-request-comment-branch@v1 # check out branch of PR
id: comment-branch
- uses: actions/checkout@v3
if: success()
with:
ref: ${{ steps.comment-branch.outputs.head_ref }}
- uses: actions/download-artifact@master # download all previously generated artifacts
with:
path: artifacts
- name: Parse info generated in preparation job
id: info
run: |
echo "new_version=$(cat artifacts/artifact/new_version)" >> $GITHUB_OUTPUT
echo "title=$(cat artifacts/artifact/title)" >> $GITHUB_OUTPUT
mv artifacts/artifact/new_version new_version
mv artifacts/artifact/title title
mv artifacts/artifact/latest_changes latest_changes
mkdir Release
mv artifacts/app/${{ env.projname }}.zip Release/
- name: Prepare Sparkle update creation # Import Sparkle private key, remove unnecessary files in Release folder
env:
PRIVATE_SPARKLE_KEY: ${{ secrets.PRIVATE_SPARKLE_KEY }}
run: |
echo -n "$PRIVATE_SPARKLE_KEY" > ./Configuration/sparkle_private_key
- name: Generate Sparkle notes # generate Sparkle release notes (convert Markdown to HTML)
run: |
pip3 install -r Configuration/requirements.txt
python3 ./Configuration/generate_html_for_sparkle_release.py
mv Release/latest_changes.html Release/${{ env.projname }}.html
- name: Update appcast # generate / update appcast.xml with edDSA key
run: |
./Configuration/generate_appcast \
--ed-key-file Configuration/sparkle_private_key \
--link https://github.com/${{ github.repository_owner }}/${{ github.event.repository.name }}/releases \
--download-url-prefix https://github.com/${{ github.repository_owner }}/${{ github.event.repository.name }}/releases/download/v${{ steps.info.outputs.new_version }}-beta/ \
--channel ${{ env.beta-channel-name }} \
-o docs/Support/appcast.xml \
Release/
- name: Save generated appcast
uses: actions/upload-artifact@master
with:
name: appcast
path: docs/Support/appcast.xml
- name: Create GitHub beta release # Upload .zip to GitHub release
uses: softprops/action-gh-release@v1
with:
name: v${{ steps.info.outputs.new_version }}b - ${{ steps.info.outputs.title }}
tag_name: v${{ steps.info.outputs.new_version }}-beta
fail_on_unmatched_files: true
body_path: latest_changes
files: Release/${{ env.projname }}.zip
prerelease: true
draft: false
- name: Create summary # create summary for PR
run: |
echo "Beta Release v${{ steps.info.outputs.new_version }} created" > $GITHUB_STEP_SUMMARY
- uses: actions/checkout@v3 # checkout on the branch used by GH Pages
if: success()
with:
ref: master
- name: Remove old appcast # remove old appcast
run: rm -rf docs/Support/appcast.xml
- name: Retrieve previously generated appcast
uses: actions/download-artifact@master
with:
name: appcast
path: docs/Support
- name: Saving appcast # commits only appcast to main
uses: stefanzweifel/git-auto-commit-action@v4
id: commit-appcast
with:
file_pattern: docs/Support/appcast.xml
commit_message: "Update appcast with beta release for v${{ steps.info.outputs.new_version }}"
release:
name: "Create Release"
runs-on: macos-12
needs: archive
if: ${{ !contains(github.event.comment.body, 'beta') }}
steps:
- uses: xt0rted/pull-request-comment-branch@v1 # check out branch of PR
id: comment-branch
- uses: actions/checkout@v3
if: success()
with:
ref: ${{ steps.comment-branch.outputs.head_ref }}
- uses: actions/download-artifact@master # download all previously generated artifacts
with:
path: artifacts
- name: Parse info generated in preparation job
id: info
run: |
echo "new_version=$(cat artifacts/artifact/new_version)" >> $GITHUB_OUTPUT
echo "title=$(cat artifacts/artifact/title)" >> $GITHUB_OUTPUT
mv artifacts/artifact/new_version new_version
mv artifacts/artifact/title title
mv artifacts/artifact/latest_changes latest_changes
mkdir Release
mv artifacts/app/${{ env.projname }}.zip Release/
- name: Override versions in project # set new version in project
run: |
sed -i '' "s/_VERSION = $(xcrun agvtool what-version -terse)/_VERSION = ${{ steps.info.outputs.new_version }}/g" ${{ env.projname }}.xcodeproj/project.pbxproj;
- name: Prepare Sparkle update creation # Import Sparkle private key, remove unnecessary files in Release folder
env:
PRIVATE_SPARKLE_KEY: ${{ secrets.PRIVATE_SPARKLE_KEY }}
run: |
echo -n "$PRIVATE_SPARKLE_KEY" > ./Configuration/sparkle_private_key
rm -rf Release/*.app
rm -rf Release/*.log
rm -rf Release/*.plist
- name: Preparate Sparkle # generate Sparkle release notes (convert Markdown to HTML), remove beta item if present
run: |
pip3 install -r Configuration/requirements.txt
python3 ./Configuration/generate_html_for_sparkle_release.py
mv Release/latest_changes.html Release/${{ env.projname }}.html
python3 ./Configuration/remove_last_item_appcast.py
- name: Update appcast # generate / update appcast.xml with edDSA key
run: |
./Configuration/generate_appcast \
--ed-key-file Configuration/sparkle_private_key \
--link https://github.com/${{ github.repository_owner }}/${{ github.event.repository.name }}/releases \
--download-url-prefix https://github.com/${{ github.repository_owner }}/${{ github.event.repository.name }}/releases/download/v${{ steps.info.outputs.new_version }}/ \
-o docs/Support/appcast.xml \
Release/
- name: Saving changes # commits changes to branch (version bump, appcast.xml)
uses: stefanzweifel/git-auto-commit-action@v4
with:
file_pattern: |
docs/Support/appcast.xml
${{ env.projname }}.xcodeproj/project.pbxproj
commit_message: "Update version to v${{ steps.info.outputs.new_version }}"
- name: Create GitHub release # Upload .zip to GitHub release
uses: softprops/action-gh-release@v1
with:
name: v${{ steps.info.outputs.new_version }} - ${{ steps.info.outputs.title }}
tag_name: v${{ steps.info.outputs.new_version }}
fail_on_unmatched_files: true
body_path: latest_changes
files: Release/${{ env.projname }}.zip
prerelease: false
draft: false
- name: Create summary # create summary for PR
run: |
echo "Release v${{ steps.info.outputs.new_version }} created." > $GITHUB_STEP_SUMMARY
upgrade-brew:
name: Upgrade Homebrew formula
runs-on: macos-12
needs: [release]
steps:
- uses: actions/download-artifact@master # download all previously generated artifacts
with:
path: artifacts
- name: Parse info generated in preparation job
id: info
run: |
echo "new_version=$(cat artifacts/artifact/new_version)" >> $GITHUB_OUTPUT
- name: Update brew formula # update brew formula
env:
HOMEBREW_GITHUB_API_TOKEN: ${{ secrets.BREW_TOKEN }}
run: |
brew bump-cask-pr --version ${{ steps.info.outputs.new_version }} --no-browse --debug --verbose slimhud
ending:
name: Ending job
if: ${{ always() && github.event.issue.pull_request && contains(github.event.comment.body, '/release') && github.event.comment.user.login == github.repository_owner }}
runs-on: ubuntu-latest
needs: [pre-release, release]
steps:
- uses: actions/download-artifact@master # download all previously generated artifacts
with:
path: artifacts
- name: Parse info generated in preparation job
id: info
run: |
echo "new_version=$(cat artifacts/artifact/new_version)" >> $GITHUB_OUTPUT
echo "deployment_id=$(cat artifacts/artifact/deployment_id)" >> $GITHUB_OUTPUT
echo "env=$(cat artifacts/artifact/env)" >> $GITHUB_OUTPUT
- uses: xt0rted/pull-request-comment-branch@v1 # check out branch of PR
id: comment-branch
- uses: actions/checkout@v3 # checkout again, because the previous checkout is detached
if: ${{ contains(join(needs.*.result, ','), 'success') && !contains(github.event.comment.body, 'beta') }}
with:
ref: ${{ steps.comment-branch.outputs.head_ref }}
- name: Merge PR # merge PR
uses: devmasx/merge-branch@master
if: ${{ contains(join(needs.*.result, ','), 'success') && !contains(github.event.comment.body, 'beta') }}
with:
type: now
from_branch: ${{ steps.comment-branch.outputs.head_ref }}
target_branch: ${{ steps.comment-branch.outputs.base_ref }}
github_token: ${{ github.token }}
message: "Release version v${{ steps.info.outputs.new_version }}"
- name: Add success reactions # Adding reactions to comment depending on result
if: ${{ contains(join(needs.*.result, ','), 'success') }}
uses: peter-evans/create-or-update-comment@v2
with:
comment-id: ${{ github.event.comment.id }}
reactions: rocket
- name: Update deployment status (success)
uses: bobheadxi/deployments@v1
if: ${{ contains(join(needs.*.result, ','), 'success') }}
with:
step: finish
token: ${{ secrets.GITHUB_TOKEN }}
status: success
env: ${{ steps.info.outputs.env }}
deployment_id: ${{ steps.info.outputs.deployment_id }}
- name: Add negative reaction
if: ${{ contains(join(needs.*.result, ','), 'failure') }}
uses: peter-evans/create-or-update-comment@v2
with:
comment-id: ${{ github.event.comment.id }}
reactions: confused
- name: Update deployment status (failure)
uses: bobheadxi/deployments@v1
if: ${{ contains(join(needs.*.result, ','), 'failure') }}
with:
step: finish
token: ${{ secrets.GITHUB_TOKEN }}
status: failure
env: ${{ steps.deployment.outputs.env }}
deployment_id: ${{ steps.info.outputs.deployment_id }}