-
Notifications
You must be signed in to change notification settings - Fork 12
87 lines (78 loc) · 3.33 KB
/
deploy.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
name: Deploy
on:
workflow_dispatch:
workflow_call:
jobs:
deploy-codeedit-cli:
name: Deploying CodeEdit CLI
runs-on: [self-hosted, macOS]
steps:
- name: Checkout Repository
uses: actions/checkout@v3
- name: Install codesign certificate
env:
# DEV_CERT_B64: Base64-encoded developer certificate as .p12
# DEV_CERT_PWD: Developer certificate .p12 password
# KEYCHAIN_TIMEOUT: Lock keychain after timeout interval
# https://docs.github.com/en/actions/deployment/deploying-xcode-applications/installing-an-apple-certificate-on-macos-runners-for-xcode-development
DEV_CERT_B64: ${{ secrets.DEV_CERT_B64 }}
DEV_CERT_PWD: ${{ secrets.DEV_CERT_PWD }}
KEYCHAIN_TIMEOUT: 21600
run: |
DEV_CERT_P12="$RUNNER_TEMP/dev_cert.p12"
KEYCHAIN_DB="$RUNNER_TEMP/keychain.keychain-db"
KEYCHAIN_PWD=$(openssl rand -base64 24)
security create-keychain -p "$KEYCHAIN_PWD" "$KEYCHAIN_DB"
security set-keychain-settings -lut "$KEYCHAIN_TIMEOUT" "$KEYCHAIN_DB"
security unlock-keychain -p "$KEYCHAIN_PWD" "$KEYCHAIN_DB"
echo -n "$DEV_CERT_B64" | base64 --decode -o "$DEV_CERT_P12"
security import "$DEV_CERT_P12" -P "$DEV_CERT_PWD" -A -t cert -f pkcs12 -k "$KEYCHAIN_DB"
security list-keychain -d user -s "$KEYCHAIN_DB"
- name: Building
run: |
swift build -c release --arch arm64 --arch x86_64
- name: Sign
env:
CODESIGN_SIGN: ${{ secrets.CODESIGN_SIGN }}
run: |
security find-identity -p basic -v
codesign --sign "$CODESIGN_SIGN" --prefix app.codeedit.CodeEdit. --options=runtime --verbose --timestamp .build/apple/Products/Release/codeedit
- name: Zip
run: |
cd .build/apple/Products/Release
zip -r codeedit-cli.zip codeedit
cd ../../../../
- name: Notarize
env:
APPLE_ID: ${{ secrets.APPLE_ID }}
APPLE_ID_PWD: ${{ secrets.APPLE_ID_PWD }}
APPLE_TEAM_ID: ${{ secrets.APPLE_TEAM_ID }}
run: |
xcrun notarytool submit ".build/apple/Products/Release/codeedit-cli.zip" --apple-id "$APPLE_ID" --password "$APPLE_ID_PWD" --team-id "$APPLE_TEAM_ID" --verbose --wait --output-format plist > "NotarizationResponse.plist"
status=`/usr/libexec/PlistBuddy -c "Print :status" "NotarizationResponse.plist"`
if [[ $status != "Accepted" ]]; then
exit 999
fi
- name: Create Release
id: create_release
uses: actions/create-release@v1
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
tag_name: ${{ github.ref }}
release_name: ${{ github.ref }}
draft: false
prerelease: false
- name: Upload Release Asset
uses: actions/upload-release-asset@v1
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
upload_url: ${{ steps.create_release.outputs.upload_url }}
asset_path: .build/apple/Products/Release/codeedit-cli.zip
asset_name: codeedit-cli-universal-binary.zip
asset_content_type: application/zip
- name: Clean up keychain
if: ${{ always() }}
run: |
security delete-keychain "$RUNNER_TEMP/keychain.keychain-db"