Skip to content
Build SDT2

only run builds on tags (#3) #31

Sign in to view logs

only run builds on tags (#3)

only run builds on tags (#3) #31

Workflow file for this run

.github/workflows/build.yml at 4439fa0
name: Build SDT2
on:
push:
tags:
- '*'
jobs:
build:
strategy:
matrix:
os: [windows-latest, macos-latest, ubuntu-latest]
include:
- os: ubuntu-latest
arch: x64
runs-on: ${{ matrix.os }}
steps:
- uses: actions/checkout@v4
- uses: actions/setup-python@v5
with:
python-version: '3.11'
- name: Install virtualenv
run: pip install virtualenv
- uses: oven-sh/setup-bun@v2
- name: macOS - Install dependencies
if: runner.os == 'macOS'
run: brew install autoconf automake libtool
- name: Run init
run: bun run init
- name: macOS - Build
if: matrix.os == 'macos-latest'
run: |
source venv-pywebview/bin/activate
bun run build
- name: Linux - Build
if: matrix.os == 'ubuntu-latest'
run: |
source venv-pywebview/bin/activate
bun run build
- name: Windows - Build
if: matrix.os == 'windows-latest'
run: |
venv-pywebview\\Scripts\\activate
bun run build
- name: Windows - Sign artifact
if: matrix.os == 'windows-latest'
uses: azure/[email protected]
with:
azure-tenant-id: ${{ secrets.AZURE_TENANT_ID }}
azure-client-id: ${{ secrets.AZURE_CLIENT_ID }}
azure-client-secret: ${{ secrets.AZURE_CLIENT_SECRET }}
endpoint: ${{ secrets.AZURE_ENDPOINT }}
code-signing-account-name: ${{ secrets.AZURE_CODE_SIGNING_NAME }}
certificate-profile-name: ${{ secrets.AZURE_CERT_PROFILE_NAME }}
files-folder: build
files-folder-filter: exe
file-digest: SHA256
timestamp-rfc3161: http://timestamp.acs.microsoft.com
timestamp-digest: SHA256
- name: macOS - Sign artifact
if: matrix.os == 'macos-latest'
run: |
echo ${{ secrets.MACOS_CERTIFICATE }} | base64 --decode > certificate.p12
security create-keychain -p "${{ secrets.MACOS_CI_KEYCHAIN_PWD }}" build.keychain
security default-keychain -s build.keychain
security unlock-keychain -p "${{ secrets.MACOS_CI_KEYCHAIN_PWD }}" build.keychain
security import certificate.p12 -k build.keychain -P "${{ secrets.MACOS_CERTIFICATE_PWD }}" -T /usr/bin/codesign
security set-key-partition-list -S apple-tool:,apple:,codesign: -s -k "${{ secrets.MACOS_CI_KEYCHAIN_PWD }}" build.keychain
/usr/bin/codesign -f -o runtime --timestamp -s "${{ secrets.MACOS_CERTIFICATE_NAME }}" --deep ./build/SDT2.app
/usr/bin/codesign -vvv ./build/SDT2.app
- name: macOS - Notarize artifact
if: matrix.os == 'macos-latest'
run: |
ditto -c -k --keepParent "build/SDT2.app" "build/SDT2.app.zip"
xcrun notarytool store-credentials "notarytool-profile" --apple-id "${{ secrets.MACOS_NOTARIZATION_APPLE_ID }}" --team-id "${{ secrets.MACOS_NOTARIZATION_TEAM_ID }}" --password "${{ secrets.MACOS_NOTARIZATION_PWD }}" > /dev/null
xcrun notarytool submit "build/SDT2.app.zip" --keychain-profile "notarytool-profile" --wait
xcrun stapler staple "./build/SDT2.app"
- name: Ubuntu - Prepare artifact
if: matrix.os == 'ubuntu-latest' || (matrix.os == 'ubuntu-22.04' && matrix.arch == 'arm64')
run: chmod +x build/SDT2 && tar -czvf build/SDT2.tar.gz -C build SDT2
- uses: actions/upload-artifact@v4
with:
name: ${{ matrix.os }}-build-output
path: |
${{ matrix.os == 'windows-latest' && 'build/SDT2.exe' || '' }}
${{ matrix.os == 'macos-latest' && 'build/SDT2.app.zip' || '' }}
${{ (matrix.os == 'ubuntu-latest' || (matrix.os == 'ubuntu-22.04' && matrix.arch == 'arm64')) && 'build/SDT2.tar.gz' || '' }}