Skip to content

use notary password directly from environment #46

use notary password directly from environment

use notary password directly from environment #46

Workflow file for this run

name: Release
on:
push:
tags:
- "v*.*.*"
jobs:
pre-release:
strategy:
matrix:
os: [ ubuntu-latest, macos-latest, windows-latest ]
runs-on: ${{ matrix.os }}
steps:
- name: Checkout
uses: actions/checkout@v3
- name: Setup keychain
if: runner.os == 'macOS'
env:
BUILD_CERTIFICATE_BASE64: ${{ secrets.MACOS_CERT }}
P12_PASSWORD: ${{ secrets.MACOS_CERT_PWD }}
KEYCHAIN_PASSWORD: ${{ secrets.KEYCHAIN_PASSWORD }}
NOTARY_PWD: ${{ secrets.NOTARY_PWD }}
run: |
# create variables
CERTIFICATE_PATH=$RUNNER_TEMP/build_certificate.p12
KEYCHAIN_PATH=$RUNNER_TEMP/app-signing.keychain-db
# import certificate and provisioning profile from secrets
echo -n "$BUILD_CERTIFICATE_BASE64" | base64 --decode --output $CERTIFICATE_PATH
# create temporary keychain
security create-keychain -p "$KEYCHAIN_PASSWORD" $KEYCHAIN_PATH
security set-keychain-settings -lut 21600 $KEYCHAIN_PATH
security unlock-keychain -p "$KEYCHAIN_PASSWORD" $KEYCHAIN_PATH
security default-keychain -s $KEYCHAIN_PATH
# import certificate to keychain
security import $CERTIFICATE_PATH -P "$P12_PASSWORD" -A -t cert -f pkcs12 -k $KEYCHAIN_PATH
security list-keychain -d user -s $KEYCHAIN_PATH
# save notarization password
# xcrun altool --store-password-in-keychain-item "NOTARY_PWD" --username "[email protected]" --password $NOTARY_PWD
- name: Setup Java
uses: actions/setup-java@v3
with:
distribution: temurin
java-version: 17
- name: Validate gradle wrapper
uses: gradle/wrapper-validation-action@v1
- name: Checkout Gradle Build Cache
uses: actions/cache@v3
with:
path: |
~/.gradle/caches
~/.gradle/wrapper
!~/.gradle/wrapper/dists/**/gradle*.zip
key: ${{ runner.os }}-gradle-${{ hashFiles('**/*.gradle*') }}
restore-keys: |
gradle-${{ runner.os }}-
- name: Make package
run: ./gradlew packageReleaseDistributionForCurrentOS
- name: Notarize package
if: runner.os == 'macOS'
run: ./gradlew notarizeReleaseDmg
- name: Archive artifacts
uses: actions/upload-artifact@v3
with:
name: distributable-${{ matrix.os }}
if-no-files-found: ignore
path: |
app/build/compose/notarization/**/*.dmg
app/build/**/*.msi
app/build/**/*.deb
- name: Release
uses: softprops/action-gh-release@v1
with:
prerelease: ${{ contains(github.event.inputs.version, '-rc') || contains(github.event.inputs.version, '-b') || contains(github.event.inputs.version, '-a') }}
files: |
app/build/compose/notarization/**/*.dmg
app/build/**/*.msi
app/build/**/*.deb
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}