docs: fix code covenant badge (#53) #44
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: .NET Release Workflow | |
| on: | |
| push: | |
| tags: | |
| - "*" | |
| permissions: | |
| id-token: write | |
| contents: write | |
| attestations: write | |
| jobs: | |
| release: | |
| name: Build & Release | |
| runs-on: macos-latest | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Setup .NET | |
| uses: actions/setup-dotnet@v4 | |
| with: | |
| dotnet-version: 8.0.x | |
| - name: Restore dependencies | |
| run: dotnet restore | |
| - name: Build & Publish Windows | |
| run: | | |
| dotnet publish src/Ellosoft.AwsCredentialsManager/Ellosoft.AwsCredentialsManager.csproj -c Release -p:Version=${{ github.ref_name }} \ | |
| -r win-x64 -o output-win | |
| - name: Build & Publish MacOS x64 | |
| run: | | |
| dotnet publish src/Ellosoft.AwsCredentialsManager/Ellosoft.AwsCredentialsManager.csproj -c Release -p:Version=${{ github.ref_name }} \ | |
| -r osx-x64 -o output-osx | |
| - name: Build & Publish MacOS ARM | |
| run: | | |
| dotnet publish src/Ellosoft.AwsCredentialsManager/Ellosoft.AwsCredentialsManager.csproj -c Release -p:Version=${{ github.ref_name }} \ | |
| -r osx-arm64 -o output-osxarm | |
| # Start - Temporary steps to enable the migration of zip to binary | |
| - name: Zip Windows Output | |
| run: | | |
| cd output-win | |
| zip aws-cred-mgr-win-x64.zip aws-cred-mgr.exe | |
| # End - Temporary steps to enable the migration of zip to binary | |
| - name: Rename Executables | |
| run: | | |
| mv output-win/aws-cred-mgr.exe output-win/aws-cred-mgr-win-x64.exe | |
| mv output-osx/aws-cred-mgr output-osx/aws-cred-mgr-osx-x64 | |
| mv output-osxarm/aws-cred-mgr output-osxarm/aws-cred-mgr-osx-arm64 | |
| - name: Import Apple Certificate and Key | |
| env: | |
| BUILD_CERTIFICATE_BASE64: ${{ secrets.BUILD_CERTIFICATE_BASE64 }} | |
| P12_PASSWORD: ${{ secrets.P12_PASSWORD }} | |
| KEYCHAIN_PASSWORD: ${{ secrets.KEYCHAIN_PASSWORD }} | |
| run: | | |
| # create variables | |
| CERTIFICATE_PATH=$RUNNER_TEMP/certificate.p12 | |
| KEYCHAIN_PATH=$RUNNER_TEMP/app-signing.keychain-db | |
| # import certificate and provisioning profile from secrets | |
| echo -n "$BUILD_CERTIFICATE_BASE64" | base64 --decode -o $CERTIFICATE_PATH | |
| # create temporary keychain | |
| security create-keychain -p "$KEYCHAIN_PASSWORD" $KEYCHAIN_PATH | |
| security set-keychain-settings -lut 21600 $KEYCHAIN_PATH | |
| security unlock-keychain -p "$KEYCHAIN_PASSWORD" $KEYCHAIN_PATH | |
| # import certificate to keychain | |
| security import $CERTIFICATE_PATH -P "$P12_PASSWORD" -A -t cert -f pkcs12 -k $KEYCHAIN_PATH | |
| security set-key-partition-list -S apple-tool:,apple: -k "$KEYCHAIN_PASSWORD" $KEYCHAIN_PATH | |
| security list-keychain -d user -s $KEYCHAIN_PATH | |
| - name: Sign MacOS Binaries | |
| env: | |
| APPLE_TEAM_ID: ${{ secrets.APPLE_TEAM_ID }} | |
| run: | | |
| codesign --force -v --timestamp --options runtime --no-strict --prefix com.ellosoft. --sign "Developer ID Application: Ellosoft Limited ($APPLE_TEAM_ID)" --entitlements ./Ellosoft.AwsCredentialsManager.entitlements ./output-osxarm/aws-cred-mgr-osx-arm64 | |
| codesign --force -v --timestamp --options runtime --no-strict --prefix com.ellosoft. --sign "Developer ID Application: Ellosoft Limited ($APPLE_TEAM_ID)" --entitlements ./Ellosoft.AwsCredentialsManager.entitlements ./output-osx/aws-cred-mgr-osx-x64 | |
| - name: Notarize MacOS ARM Binaries | |
| env: | |
| APPLE_DEV_ID: ${{ secrets.APPLE_DEV_ID }} | |
| APPLE_DEV_PASSWORD: ${{ secrets.APPLE_DEV_PASSWORD }} | |
| APPLE_TEAM_ID: ${{ secrets.APPLE_TEAM_ID }} | |
| run: | | |
| cd output-osxarm | |
| zip aws-cred-mgr-osx-arm64.zip aws-cred-mgr-osx-arm64 | |
| xcrun notarytool submit aws-cred-mgr-osx-arm64.zip --apple-id $APPLE_DEV_ID --password $APPLE_DEV_PASSWORD --team-id $APPLE_TEAM_ID --wait | |
| - name: Notarize MacOS x64 Binaries | |
| env: | |
| APPLE_DEV_ID: ${{ secrets.APPLE_DEV_ID }} | |
| APPLE_DEV_PASSWORD: ${{ secrets.APPLE_DEV_PASSWORD }} | |
| APPLE_TEAM_ID: ${{ secrets.APPLE_TEAM_ID }} | |
| run: | | |
| cd output-osx | |
| zip aws-cred-mgr-osx-x64.zip aws-cred-mgr-osx-x64 | |
| xcrun notarytool submit aws-cred-mgr-osx-x64.zip --apple-id $APPLE_DEV_ID --password $APPLE_DEV_PASSWORD --team-id $APPLE_TEAM_ID --wait | |
| - name: Generate artifact attestation | |
| uses: actions/attest-build-provenance@v1 | |
| with: | |
| subject-path: | | |
| output-win/aws-cred-mgr-win-x64.exe | |
| output-osx/aws-cred-mgr-osx-x64 | |
| output-osxarm/aws-cred-mgr-osx-arm64 | |
| - name: Create Release | |
| uses: softprops/action-gh-release@v2 | |
| with: | |
| generate_release_notes: true | |
| prerelease: ${{ contains(github.ref_name, 'beta') }} | |
| files: | | |
| output-win/aws-cred-mgr-win-x64.zip | |
| output-win/aws-cred-mgr-win-x64.exe | |
| output-osxarm/aws-cred-mgr-osx-arm64 | |
| output-osx/aws-cred-mgr-osx-x64 |