Skip to content
build

Bump actionlint #187

Sign in to view logs

Bump actionlint

Bump actionlint #187

Workflow file for this run

.github/workflows/build.yml at ea19fcf
name: build
on:
push:
branches: [ main ]
tags: [ v* ]
paths-ignore:
- '**/*.md'
- '**/*.gitignore'
- '**/*.gitattributes'
pull_request:
branches: [ main, dotnet-vnext ]
workflow_dispatch:
env:
ARTIFACTS_PATH: ./artifacts
DOTNET_CLI_TELEMETRY_OPTOUT: true
DOTNET_GENERATE_ASPNET_CERTIFICATE: false
DOTNET_NOLOGO: true
MACOS_APP_NAME: HelloWorld.app
MACOS_APP_PATH: ./artifacts/HelloWorld.app
NUGET_XMLDOC_MODE: skip
jobs:
build:
name: build
runs-on: macos-latest
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Setup .NET SDK
uses: actions/setup-dotnet@v4
- name: Build and publish
shell: pwsh
run: ./build.ps1
- name: Publish artifacts
uses: actions/upload-artifact@v4
with:
name: app
path: ${{ env.ARTIFACTS_PATH }}
notarize:
if: github.event.repository.fork == false && github.triggering_actor != 'dependabot[bot]'
name: notarize
needs: build
runs-on: macos-latest
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Download artifacts
uses: actions/download-artifact@v4
with:
name: app
path: ${{ env.ARTIFACTS_PATH }}
- name: Generate macOS app
shell: pwsh
run: |
$Artifacts = "${env:ARTIFACTS_PATH}"
$AppPath = "${env:MACOS_APP_PATH}"
$ContentsPath = (Join-Path ${AppPath} "Contents")
$PublishPath = (Join-Path ${Artifacts} "publish")
New-Item -Path ${Artifacts} -Name ${env:MACOS_APP_NAME} -ItemType "Directory" | Out-Null
New-Item -Path ${AppPath} -Name "Contents" -ItemType "Directory" | Out-Null
New-Item -Path ${ContentsPath} -Name "Resources" -ItemType "Directory" | Out-Null
Copy-Item -Path ${PublishPath} -Destination (Join-Path ${ContentsPath} "MacOS") -Recurse | Out-Null
Copy-Item -Path ./src/HelloWorld/Info.plist -Destination ${ContentsPath} | Out-Null
- name: Configure Xcode
uses: martincostello/xcode-select@node20
with:
version: "15.3"
- name: Import Distribution Certificate
uses: martincostello/import-signing-certificate@node20
with:
certificate-data: ${{ secrets.DISTRIBUTION_CERTIFICATE_DATA }}
certificate-passphrase: ${{ secrets.DISTRIBUTION_CERTIFICATE_PASSPHRASE }}
keychain-name: ''
keychain-password: ${{ secrets.KEYCHAIN_PASSWORD }}
- name: Sign app
shell: bash
env:
APP_NAME: ${{ env.MACOS_APP_PATH }}
ENTITLEMENTS: ./src/HelloWorld/HelloWorld.entitlements
SIGNING_IDENTITY: ${{ secrets.SIGNING_IDENTITY }}
run: |
chmod +x "${APP_NAME}/Contents/MacOS/HelloWorld"
find "${APP_NAME}/Contents/MacOS/" | while read -r fname; do
if [[ -f "${fname}" ]]; then
echo "Signing ${fname}"
codesign --force --timestamp --options=runtime --entitlements "${ENTITLEMENTS}" --sign "${SIGNING_IDENTITY}" "${fname}" || true
fi
done
echo "Signing app file"
codesign --force --timestamp --options=runtime --entitlements "${ENTITLEMENTS}" --sign "${SIGNING_IDENTITY}" "${APP_NAME}"
- name: Notarize app
uses: martincostello/xcode-notarize@notarytool
with:
product-path: ${{ env.MACOS_APP_PATH }}
apple-id: ${{ secrets.NOTARIZATION_USERNAME }}
app-password: ${{ secrets.NOTARIZATION_PASSWORD }}
team-id: ${{ secrets.NOTARIZATION_TEAM_ID }}
- name: Staple app
uses: martincostello/xcode-staple@node20
with:
product-path: ${{ env.MACOS_APP_PATH }}
- name: Package signed app
run: ditto -V -c -k --keepParent "${MACOS_APP_PATH}" ./artifacts/HelloWorld-osx-x64.zip
- name: Publish signed app
uses: actions/upload-artifact@v4
with:
name: app-signed
path: ./artifacts/HelloWorld-osx-x64.zip
release:
if: startsWith(github.ref, 'refs/tags/v')
name: release
needs: notarize
runs-on: macos-latest
steps:
- name: Download signed app
uses: actions/download-artifact@v4
with:
name: app-signed
- name: Create GitHub release
uses: softprops/action-gh-release@v2
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
draft: true
files: '*.zip'