Skip to content

Merge branch 'feat/app-update' into main: #3

Merge branch 'feat/app-update' into main:

Merge branch 'feat/app-update' into main: #3

Workflow file for this run

name: Build & Publish
on:
workflow_dispatch:
push:
tags:
- '*.*.*'
env:
DEVELOPER_DIR: /Applications/Xcode_15.0.app/Contents/Developer
jobs:
build:
name: Build and Publish Release
runs-on: macOS-13
steps:
- name: Checkout repository
uses: actions/checkout@v3
- name: Install Tooling
run: |
brew install create-dmg
- name: Install certificates
env:
DEV_SIGN_CERT: ${{ secrets.DEV_SIGN_CERT }}
DEV_SIGN_PW: ${{ secrets.DEV_SIGN_PW }}
MAC_SIGN_CERT: ${{ secrets.MAC_SIGN_CERT }}
MAC_SIGN_PW: ${{ secrets.MAC_SIGN_PW }}
KEYCHAIN_TIMEOUT: 21600
run: |
DEV_CERT_P12="$RUNNER_TEMP/dev_cert.p12"
MAC_CERT_P12="$RUNNER_TEMP/mac_cert.p12"
KEYCHAIN_DB="$RUNNER_TEMP/keychain.keychain-db"
KEYCHAIN_PW=$(openssl rand -base64 24)
security create-keychain -p "$KEYCHAIN_PW" "$KEYCHAIN_DB"
security set-keychain-settings -lut "$KEYCHAIN_TIMEOUT" "$KEYCHAIN_DB"
security unlock-keychain -p "$KEYCHAIN_PW" "$KEYCHAIN_DB"
echo -n "$DEV_SIGN_CERT" | base64 --decode -o "$DEV_CERT_P12"
security import "$DEV_CERT_P12" -P "$DEV_SIGN_PW" -A -t cert -f pkcs12 -k "$KEYCHAIN_DB"
echo -n "$MAC_SIGN_CERT" | base64 --decode -o "$MAC_CERT_P12"
security import "$MAC_CERT_P12" -P "$MAC_SIGN_PW" -A -t cert -f pkcs12 -k "$KEYCHAIN_DB"
security list-keychain -d user -s "$KEYCHAIN_DB"
- name: Build
env:
APPLE_TEAM_ID: ${{ secrets.APPLE_TEAM_ID }}
run: |
set -o pipefail && xcodebuild archive -project "TimeMachineStatus.xcodeproj" \
-scheme "TimeMachineStatus" \
-configuration "Release" \
-derivedDataPath "$RUNNER_TEMP/DerivedData" \
-archivePath "$RUNNER_TEMP/TimeMachineStatus.xcarchive" \
DEVELOPMENT_TEAM=$APPLE_TEAM_ID
- name: Sign
env:
CODE_SIGN_IDENTITY: ${{ secrets.CODE_SIGN_IDENTITY }}
run: |
codesign \
--sign "$CODE_SIGN_IDENTITY" \
-vvv --verbose --strict \
--options=runtime \
--prefix com.lukaspistrol.TimeMachineStatus \
--force --deep --timestamp \
"$RUNNER_TEMP/TimeMachineStatus.xcarchive/Products/Applications/TimeMachineStatus.app"
- name: Create DMG
env:
APPLE_TEAM_ID: ${{ secrets.APPLE_TEAM_ID }}
APPLE_ID: ${{ secrets.APPLE_ID }}
APPLE_ID_PASSWORD: ${{ secrets.APPLE_ID_PASSWORD }}
run: |
xcrun notarytool store-credentials TimeMachineStatus \
--apple-id "$APPLE_ID" \
--team-id "$APPLE_TEAM_ID" \
--password "$APPLE_ID_PASSWORD"
create-dmg \
--volname "TimeMachineStatus" \
--volicon "$RUNNER_TEMP/TimeMachineStatus.xcarchive/Products/Applications/TimeMachineStatus.app/Contents/Resources/AppIcon.icns" \
--window-pos 200 120 \
--window-size 800 400 \
--icon-size 100 \
--icon "TimeMachineStatus.app" 200 190 \
--hide-extension "TimeMachineStatus.app" \
--app-drop-link 600 185 \
--notarize "TimeMachineStatus" \
--skip-jenkins \
"$RUNNER_TEMP/TimeMachineStatus.dmg" \
"$RUNNER_TEMP/TimeMachineStatus.xcarchive/Products/Applications/TimeMachineStatus.app"
- name: Get Build Number
run: |
APP_BUILD=$(xcrun agvtool vers -terse)
echo "APP_BUILD=$APP_BUILD" >> $GITHUB_ENV
- name: Sparkle
env:
SPARKLE_KEY: ${{ secrets.SPARKLE_KEY }}
SPARKLE_DL_PREFIX: "https://github.com/lukepistrol/TimeMachineStatus/releases/download"
SPARKLE_LINK: "https://github.com/lukepistrol/TimeMachineStatus"
APP_VERSION: ${{ github.ref_name }}
APP_BUILD: ${{ env.APP_BUILD }}
run: |
SPARKLE_BIN="$RUNNER_TEMP/DerivedData/SourcePackages/artifacts/sparkle/Sparkle/bin"
SPARKLE_ARCHIVE="$RUNNER_TEMP/Sparkle_Archive"
echo -n "$SPARKLE_KEY" | tee "$RUNNER_TEMP/sparkle_key"
mkdir "$SPARKLE_ARCHIVE"
cp "$RUNNER_TEMP/TimeMachineStatus.dmg" "$SPARKLE_ARCHIVE"
SPARKLE_SIG=$("$SPARKLE_BIN/sign_update" --ed-key-file "$RUNNER_TEMP/sparkle_key" "$SPARKLE_ARCHIVE/TimeMachineStatus.dmg" | cut -d\" -f2)
"$SPARKLE_BIN/generate_appcast" \
--ed-key-file "$RUNNER_TEMP/sparkle_key" \
--download-url-prefix "${{ env.SPARKLE_DL_PREFIX }}/${{ env.APP_VERSION }}/" \
--link "$SPARKLE_LINK" \
--maximum-deltas 0 \
"$SPARKLE_ARCHIVE"
- name: Publish Release
uses: marvinpinto/action-automatic-releases@latest
env:
APP_VERSION: ${{ env.APP_VERSION }}
with:
title: "${{ env.APP_VERSION }}"
files: |
${{ RUNNER.TEMP }}/Sparkle_Archive/TimeMachineStatus.dmg
${{ RUNNER.TEMP }}/Sparkle_Archive/appcast.xml
prerelease: false
repo_token: "${{ secrets.GITHUB_TOKEN }}"
- name: Clean up keychain and provisioning profile
if: ${{ always() }}
run: |
security delete-keychain "$RUNNER_TEMP/keychain.keychain-db"
rm -rf "~/Library/MobileDevice/Provisioning Profiles"