Skip to content

Release

Release #3

Workflow file for this run

name: Release
on:
release:
types: [published]
jobs:
build:
name: Build app bundle and upload it to the release
runs-on: macos-latest
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Select latest stable Xcode version
uses: maxim-lobanov/setup-xcode@v1
with:
xcode-version: latest-stable
# https://docs.github.com/en/actions/deployment/deploying-xcode-applications/installing-an-apple-certificate-on-macos-runners-for-xcode-development#creating-secrets-for-your-certificate-and-provisioning-profile
# https://defn.io/2023/09/22/distributing-mac-apps-with-github-actions
- name: Install the Apple certificate and provisioning profile
env:
# exported from Xcode
# base64 -i ID_CERTIFICATE.p12 > ID_CERTIFICATE_BASE64
ID_CERTIFICATE_BASE64: ${{ secrets.ID_CERTIFICATE_BASE64 }}
# openssl rand -hex 32 > ID_CERTIFICATE_PASSWORD
ID_CERTIFICATE_PASSWORD: ${{ secrets.ID_CERTIFICATE_PASSWORD }}
# exported from Xcode
# base64 -i BUILD_CERTIFICATE.p12 > BUILD_CERTIFICATE_BASE64
BUILD_CERTIFICATE_BASE64: ${{ secrets.BUILD_CERTIFICATE_BASE64 }}
# openssl rand -hex 32 > BUILD_CERTIFICATE_PASSWORD
BUILD_CERTIFICATE_PASSWORD: ${{ secrets.BUILD_CERTIFICATE_PASSWORD }}
# openssl rand -hex 32 > KEYCHAIN_PASSWORD
KEYCHAIN_PASSWORD: ${{ secrets.KEYCHAIN_PASSWORD }}
run: |
# create variables
ID_CERTIFICATE_PATH=$RUNNER_TEMP/id_certificate.p12
BUILD_CERTIFICATE_PATH=$RUNNER_TEMP/build_certificate.p12
KEYCHAIN_PATH=$RUNNER_TEMP/app-signing.keychain-db
# import certificates from secrets
echo -n "$ID_CERTIFICATE_BASE64" | base64 --decode -o $ID_CERTIFICATE_PATH
echo -n "$BUILD_CERTIFICATE_BASE64" | base64 --decode -o $BUILD_CERTIFICATE_PATH
# create temporary keychain
security create-keychain -p "$KEYCHAIN_PASSWORD" $KEYCHAIN_PATH
security set-keychain-settings -lut 21600 $KEYCHAIN_PATH
security unlock-keychain -p "$KEYCHAIN_PASSWORD" $KEYCHAIN_PATH
# import certificate to keychain
security import $ID_CERTIFICATE_PATH -P "$ID_CERTIFICATE_PASSWORD" -A -t cert -f pkcs12 -k $KEYCHAIN_PATH
security import $BUILD_CERTIFICATE_PATH -P "$BUILD_CERTIFICATE_PASSWORD" -A -t cert -f pkcs12 -k $KEYCHAIN_PATH
security list-keychain -d user -s $KEYCHAIN_PATH
- name: Build app
run: |
mkdir -p dist
xcodebuild \
archive \
-project 'Nautik Helper.xcodeproj'/ \
-scheme 'Nautik Helper' \
-configuration Release \
-destination 'generic/platform=macOS' \
-archivePath 'dist/Nautik Helper.xcarchive'
-allowProvisioningUpdates
xcodebuild \
-exportArchive \
-archivePath 'dist/Nautik Helper.xcarchive' \
-exportOptionsPlist 'Nautik Helper/ExportOptions.plist' \
-exportPath dist/ \
-allowProvisioningUpdates
cd dist
zip -r helper-${{ github.ref }}.zip 'Nautik Helper.app'
cd ..
- name: Upload app bundle to release
uses: svenstaro/upload-release-action@v2
with:
file: dist/helper-${{ github.ref }}.zip
asset_name: helper-${{ github.ref }}.zip
tag: ${{ github.ref }}
overwrite: true