-
Notifications
You must be signed in to change notification settings - Fork 123
101 lines (101 loc) · 6.77 KB
/
draft_new_release.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
name: Draft New Release
on: workflow_dispatch
jobs:
build:
name: Draft New Release
runs-on: macos-13
env:
APPLE_DEVELOPER_ID_APPLICATION_CERTIFICATE: ${{ secrets.APPLE_DEVELOPER_ID_APPLICATION_CERTIFICATE }}
APPLE_DEVELOPER_ID_APPLICATION_CERTIFICATE_PASSWORD: ${{ secrets.APPLE_DEVELOPER_ID_APPLICATION_CERTIFICATE_PASSWORD }}
APPLE_DEVELOPER_ID_APPLICATION_SIGNING_IDENTITY: "Developer ID Application: Nindi Gill (7K3HVCLV7Z)"
APPLE_DEVELOPER_ID_INSTALLER_CERTIFICATE: ${{ secrets.APPLE_DEVELOPER_ID_INSTALLER_CERTIFICATE }}
APPLE_DEVELOPER_ID_INSTALLER_CERTIFICATE_PASSWORD: ${{ secrets.APPLE_DEVELOPER_ID_INSTALLER_CERTIFICATE_PASSWORD }}
APPLE_DEVELOPER_ID_INSTALLER_SIGNING_IDENTITY: "Developer ID Installer: Nindi Gill (7K3HVCLV7Z)"
APPLE_DEVELOPER_CERTIFICATE_AUTHORITY: ${{ secrets.APPLE_DEVELOPER_CERTIFICATE_AUTHORITY }}
APPLE_DEVELOPER_KEYCHAIN_PASSWORD: ${{ secrets.APPLE_DEVELOPER_KEYCHAIN_PASSWORD }}
APPLE_DEVELOPER_APPLE_ID: ${{ secrets.APPLE_DEVELOPER_APPLE_ID }}
APPLE_DEVELOPER_APPLE_ID_PASSWORD: ${{ secrets.APPLE_DEVELOPER_APPLE_ID_PASSWORD }}
APPLE_DEVELOPER_TEAM_ID: "7K3HVCLV7Z"
KEYCHAIN_FILE: "apple-developer.keychain-db"
steps:
- uses: actions/checkout@v3
- uses: swift-actions/setup-swift@v1
- name: Install Apple Developer ID Certificates
run: |
APPLE_DEVELOPER_ID_APPLICATION_CERTIFICATE_PATH="$RUNNER_TEMP/apple-developer-id-application-certificate.p12"
APPLE_DEVELOPER_ID_INSTALLER_CERTIFICATE_PATH="$RUNNER_TEMP/apple-developer-id-installer-certificate.p12"
APPLE_DEVELOPER_CERTIFICATE_AUTHORITY_PATH="$RUNNER_TEMP/apple-developer-certificate-authority.cer"
echo -n "$APPLE_DEVELOPER_ID_APPLICATION_CERTIFICATE" | base64 --decode -i - -o "$APPLE_DEVELOPER_ID_APPLICATION_CERTIFICATE_PATH"
echo -n "$APPLE_DEVELOPER_ID_INSTALLER_CERTIFICATE" | base64 --decode -i - -o "$APPLE_DEVELOPER_ID_INSTALLER_CERTIFICATE_PATH"
echo -n "$APPLE_DEVELOPER_CERTIFICATE_AUTHORITY" | base64 --decode -i - -o "$APPLE_DEVELOPER_CERTIFICATE_AUTHORITY_PATH"
security create-keychain -p "$APPLE_DEVELOPER_KEYCHAIN_PASSWORD" "$RUNNER_TEMP/$KEYCHAIN_FILE"
security set-keychain-settings -lut 21600 "$RUNNER_TEMP/$KEYCHAIN_FILE"
security unlock-keychain -p "$APPLE_DEVELOPER_KEYCHAIN_PASSWORD" "$RUNNER_TEMP/$KEYCHAIN_FILE"
security import "$APPLE_DEVELOPER_ID_APPLICATION_CERTIFICATE_PATH" -P "$APPLE_DEVELOPER_ID_APPLICATION_CERTIFICATE_PASSWORD" -A -t cert -f pkcs12 -k "$RUNNER_TEMP/$KEYCHAIN_FILE"
security import "$APPLE_DEVELOPER_ID_INSTALLER_CERTIFICATE_PATH" -P "$APPLE_DEVELOPER_ID_INSTALLER_CERTIFICATE_PASSWORD" -A -t cert -f pkcs12 -k "$RUNNER_TEMP/$KEYCHAIN_FILE"
security import "$APPLE_DEVELOPER_CERTIFICATE_AUTHORITY_PATH" -P "$APPLE_DEVELOPER_CERTIFICATE_PASSWORD" -A -t cert -f pkcs7 -k "$RUNNER_TEMP/$KEYCHAIN_FILE"
security list-keychain -d user -s "$RUNNER_TEMP/$KEYCHAIN_FILE"
- name: Select Xcode version
run: sudo xcode-select --switch "/Applications/Xcode_15.2.app"
- name: Archive Mist
run: xcodebuild -scheme Mist clean archive -configuration release -archivePath Mist -quiet
- name: Export Mist
run: xcodebuild -exportArchive -archivePath Mist.xcarchive -exportPath Export -exportOptionsPlist ExportOptions.plist
- name: Notarize Mist
run: |
ditto -c -k --keepParent "Export/Mist.app" "Export/Mist.zip"
xcrun notarytool submit "Export/Mist.zip" --apple-id "$APPLE_DEVELOPER_APPLE_ID" --password "$APPLE_DEVELOPER_APPLE_ID_PASSWORD" --team-id "$APPLE_DEVELOPER_TEAM_ID" --wait
xcrun stapler staple "Export/Mist.app"
- name: Determine Exported App Version
run: echo "APP_VERSION=$(defaults read "$GITHUB_WORKSPACE/Export/Mist.app/Contents/Info.plist" CFBundleShortVersionString)" >> "$GITHUB_ENV"
- name: Create Disk Image
run: |
DISK_IMAGE_IDENTIFIER="com.ninxsoft.dmg.mist"
DISK_IMAGE_TEMP="$RUNNER_TEMP/$DISK_IMAGE_IDENTIFIER"
DISK_IMAGE_FILENAME="Mist.${{ env.APP_VERSION }}.dmg"
echo "DISK_IMAGE_FILENAME=$DISK_IMAGE_FILENAME" >> "$GITHUB_ENV"
mkdir -p "$DISK_IMAGE_TEMP"
ditto "Export/Mist.app" "$DISK_IMAGE_TEMP/Mist.app"
hdiutil create -fs "HFS+" -srcFolder "$DISK_IMAGE_TEMP" -volname "Mist" "$DISK_IMAGE_FILENAME"
- name: Notarize Disk Image
run: |
xcrun notarytool submit "${{ env.DISK_IMAGE_FILENAME }}" --apple-id "$APPLE_DEVELOPER_APPLE_ID" --password "$APPLE_DEVELOPER_APPLE_ID_PASSWORD" --team-id "$APPLE_DEVELOPER_TEAM_ID" --wait
xcrun stapler staple "${{ env.DISK_IMAGE_FILENAME }}"
- name: Create Package
run: |
PACKAGE_IDENTIFIER="com.ninxsoft.pkg.mist"
PACKAGE_TEMP="$RUNNER_TEMP/$PACKAGE_IDENTIFIER"
PACKAGE_FILENAME="Mist.${{ env.APP_VERSION }}.pkg"
echo "PACKAGE_FILENAME=$PACKAGE_FILENAME" >> "$GITHUB_ENV"
mkdir -p "$PACKAGE_TEMP/Applications"
mkdir -p "$PACKAGE_TEMP/Library/LaunchDaemons"
mkdir -p "$PACKAGE_TEMP/Library/PrivilegedHelperTools"
ditto "Export/Mist.app" "$PACKAGE_TEMP/Applications/Mist.app"
cp "com.ninxsoft.mist.helper.plist" "$PACKAGE_TEMP/Library/LaunchDaemons/com.ninxsoft.mist.helper.plist"
cp "Export/Mist.app/Contents/Library/LaunchServices/com.ninxsoft.mist.helper" "$PACKAGE_TEMP/Library/PrivilegedHelperTools/com.ninxsoft.mist.helper"
chmod 644 "$PACKAGE_TEMP/Library/LaunchDaemons/com.ninxsoft.mist.helper.plist"
chmod 544 "$PACKAGE_TEMP/Library/PrivilegedHelperTools/com.ninxsoft.mist.helper"
rm "Scripts/uninstall.sh"
pkgbuild --root "$PACKAGE_TEMP" \
--identifier "$PACKAGE_IDENTIFIER" \
--version "${{ env.APP_VERSION }}" \
--min-os-version "12.0" \
--scripts "Scripts" \
--sign "$APPLE_DEVELOPER_ID_INSTALLER_SIGNING_IDENTITY" \
"$PACKAGE_FILENAME"
- name: Notarize Package
run: |
xcrun notarytool submit "${{ env.PACKAGE_FILENAME }}" --apple-id "$APPLE_DEVELOPER_APPLE_ID" --password "$APPLE_DEVELOPER_APPLE_ID_PASSWORD" --team-id "$APPLE_DEVELOPER_TEAM_ID" --wait
xcrun stapler staple "${{ env.PACKAGE_FILENAME }}"
- name: Draft New Release
uses: softprops/action-gh-release@v1
with:
name: ${{ env.APP_VERSION }}
tag_name: v${{ env.APP_VERSION }}
draft: true
files: |
${{ env.DISK_IMAGE_FILENAME }}
${{ env.PACKAGE_FILENAME }}
- name: Remove Apple Developer Keychain
if: ${{ always() }}
run: security delete-keychain $RUNNER_TEMP/apple-developer.keychain-db