diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml new file mode 100644 index 0000000..9a899ba --- /dev/null +++ b/.github/workflows/release.yml @@ -0,0 +1,74 @@ +on: + release: + types: [published] + +jobs: + build: + runs-on: macos-latest + steps: + - name: Checkout repository + uses: actions/checkout@v4 + # https://docs.github.com/en/actions/deployment/deploying-xcode-applications/installing-an-apple-certificate-on-macos-runners-for-xcode-development#creating-secrets-for-your-certificate-and-provisioning-profile + # https://defn.io/2023/09/22/distributing-mac-apps-with-github-actions + - name: Install the Apple certificate and provisioning profile + env: + # exported from Xcode + # base64 -i ID_CERTIFICATE.p12 > ID_CERTIFICATE_BASE64 + ID_CERTIFICATE_BASE64: ${{ secrets.ID_CERTIFICATE_BASE64 }} + # openssl rand -hex 32 > ID_CERTIFICATE_PASSWORD + ID_CERTIFICATE_PASSWORD: ${{ secrets.ID_CERTIFICATE_PASSWORD }} + # exported from Xcode + # base64 -i BUILD_CERTIFICATE.p12 > BUILD_CERTIFICATE_BASE64 + BUILD_CERTIFICATE_BASE64: ${{ secrets.BUILD_CERTIFICATE_BASE64 }} + # openssl rand -hex 32 > BUILD_CERTIFICATE_PASSWORD + BUILD_CERTIFICATE_PASSWORD: ${{ secrets.BUILD_CERTIFICATE_PASSWORD }} + # openssl rand -hex 32 > KEYCHAIN_PASSWORD + KEYCHAIN_PASSWORD: ${{ secrets.KEYCHAIN_PASSWORD }} + run: | + # create variables + ID_CERTIFICATE_PATH=$RUNNER_TEMP/id_certificate.p12 + BUILD_CERTIFICATE_PATH=$RUNNER_TEMP/build_certificate.p12 + KEYCHAIN_PATH=$RUNNER_TEMP/app-signing.keychain-db + + # import certificates from secrets + echo -n "$ID_CERTIFICATE_BASE64" | base64 --decode -o $ID_CERTIFICATE_PATH + echo -n "$BUILD_CERTIFICATE_BASE64" | base64 --decode -o $BUILD_CERTIFICATE_PATH + + # create temporary keychain + security create-keychain -p "$KEYCHAIN_PASSWORD" $KEYCHAIN_PATH + security set-keychain-settings -lut 21600 $KEYCHAIN_PATH + security unlock-keychain -p "$KEYCHAIN_PASSWORD" $KEYCHAIN_PATH + + # import certificate to keychain + security import $ID_CERTIFICATE_PATH -P "$ID_CERTIFICATE_PASSWORD" -A -t cert -f pkcs12 -k $KEYCHAIN_PATH + security import $BUILD_CERTIFICATE_PATH -P "$BUILD_CERTIFICATE_PASSWORD" -A -t cert -f pkcs12 -k $KEYCHAIN_PATH + security list-keychain -d user -s $KEYCHAIN_PATH + - name: Build app + run: | + mkdir -p dist + + xcodebuild \ + archive \ + -project 'Nautik Helper.xcodeproj'/ \ + -scheme 'Nautik Helper' \ + -configuration Release \ + -destination 'generic/platform=macOS' \ + -archivePath 'dist/Nautik Helper.xcarchive' + + xcodebuild \ + -exportArchive \ + -archivePath 'dist/Nautik Helper.xcarchive' \ + -exportOptionsPlist 'Nautik Helper/ExportOptions.plist' \ + -exportPath dist/ \ + -allowProvisioningUpdates + + cd dist + zip -r helper-${{ github.ref }}.zip 'Nautik Helper.app' + cd .. + - name: Upload app bundle to release + uses: svenstaro/upload-release-action@v2 + with: + file: dist/helper-${{ github.ref }}.zip + asset_name: helper-${{ github.ref }}.zip + tag: ${{ github.ref }} + overwrite: true