From cb184db3a75b1ac1362e9e6afc91926b8623adc7 Mon Sep 17 00:00:00 2001 From: bombardier200 Date: Tue, 6 Dec 2022 19:25:09 -0500 Subject: [PATCH 1/3] Added Changes for deploy --- .github/workflows/deploy.yml | 88 ++++++++++++++++++++++++++---------- 1 file changed, 64 insertions(+), 24 deletions(-) diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml index 65fc26d..7145cfd 100644 --- a/.github/workflows/deploy.yml +++ b/.github/workflows/deploy.yml @@ -13,33 +13,73 @@ jobs: steps: - name: Checkout Repository uses: actions/checkout@v2 - + - name: Install codesign certificate + env: + # DEV_CERT_B64: Base64-encoded developer certificate as .p12 + # DEV_CERT_PWD: Developer certificate .p12 password + # PROVISION_PROFILE_B64: Base64-encoded provisioning profile as .provisionprofile + # KEYCHAIN_TIMEOUT: Lock keychain after timeout interval + # https://docs.github.com/en/actions/deployment/deploying-xcode-applications/installing-an-apple-certificate-on-macos-runners-for-xcode-development + DEV_CERT_B64: ${{ secrets.DEV_CERT_B64 }} + DEV_CERT_PWD: ${{ secrets.DEV_CERT_PWD }} + KEYCHAIN_TIMEOUT: 21600 + run: | + DEV_CERT_P12="$RUNNER_TEMP/dev_cert.p12" + KEYCHAIN_DB="$RUNNER_TEMP/keychain.keychain-db" + KEYCHAIN_PWD=$(openssl rand -base64 24) + security create-keychain -p "$KEYCHAIN_PWD" "$KEYCHAIN_DB" + security set-keychain-settings -lut "$KEYCHAIN_TIMEOUT" "$KEYCHAIN_DB" + security unlock-keychain -p "$KEYCHAIN_PWD" "$KEYCHAIN_DB" + echo -n "$DEV_CERT_B64" | base64 --decode --output "$DEV_CERT_P12" + security import "$DEV_CERT_P12" -P "$DEV_CERT_PWD" -A -t cert -f pkcs12 -k "$KEYCHAIN_DB" + security list-keychain -d user -s "$KEYCHAIN_DB" - name: Building run: | swift build -c release --arch arm64 --arch x86_64 - cd .build/apple/Products/Release/ - zip codeedit-cli.zip codeedit-cli - cd ../../../../ - # CODESIGN & NOTARIZE THE BINARY - - - name: Create Release - id: create_release - uses: actions/create-release@v1 + - name: Sign env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - with: - tag_name: ${{ github.ref }} - release_name: ${{ github.ref }} - draft: false - prerelease: false - - - name: Upload Release Asset - uses: actions/upload-release-asset@v1 + CODESIGN_SIGN: ${{ secrets.CODESIGN_SIGN }} + run: | + codesign --sign "$CODESIGN_SIGN" --prefix austincondiff.CodeEdit. --options=runtime --verbose --timestamp .build/apple/Products/Release/codeedit-cli + - name: Zip + run: zip -r .build/apple/Products/Release/codeedit-cli.zip .build/apple/Products/Release/codeedit-cli + - name: Notarize env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - with: - upload_url: ${{ steps.create_release.outputs.upload_url }} - asset_path: .build/apple/Products/Release/codeedit-cli.zip - asset_name: codeedit-cli-binary.zip - asset_content_type: application/zip + APPLE_ID: ${{ secrets.APPLE_ID }} + APPLE_ID_PWD: ${{ secrets.APPLE_ID_PWD }} + APPLE_TEAM_ID: ${{ secrets.APPLE_TEAM_ID }} + run: | + xcrun notarytool submit ".build/apple/Products/Release/codeedit-cli.zip" --apple-id "$APPLE_ID" --password "$APPLE_ID_PWD" --team-id "$APPLE_TEAM_ID" --verbose --wait --output-format plist > "NotarizationResponse.plist" + echo "**RESPONSE**" + cat NotarizationResponse.plist + id=`/usr/libexec/PlistBuddy -c "Print :id" "NotarizationResponse.plist"` + xcrun notarytool log --verbose --apple-id "$APPLE_ID" --password "$APPLE_ID_PWD" --team-id "$APPLE_TEAM_ID" "$id" + status=`/usr/libexec/PlistBuddy -c "Print :status" "NotarizationResponse.plist"` + if [[ $status != "Accepted" ]]; then + exit 999 + fi + #- name: Create Release + # id: create_release + #uses: actions/create-release@v1 + #env: + #GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + #with: + #tag_name: ${{ github.ref }} + #release_name: ${{ github.ref }} + #draft: false + #prerelease: false + + #- name: Upload Release Asset + # uses: actions/upload-release-asset@v1 + #env: + # GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + #with: + #upload_url: ${{ steps.create_release.outputs.upload_url }} + #asset_path: .build/apple/Products/Release/codeedit-cli.zip + #asset_name: codeedit-cli-binary.zip + #asset_content_type: application/zip + - name: Clean up keychain + if: ${{ always() }} + run: | + security delete-keychain "$RUNNER_TEMP/keychain.keychain-db" From 485185dcb5b6f634bc85b89f8e071ec3d529a024 Mon Sep 17 00:00:00 2001 From: Lukas Pistrol Date: Wed, 7 Dec 2022 01:48:53 +0100 Subject: [PATCH 2/3] Update deploy.yml --- .github/workflows/deploy.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml index 7145cfd..9a0131c 100644 --- a/.github/workflows/deploy.yml +++ b/.github/workflows/deploy.yml @@ -41,6 +41,7 @@ jobs: env: CODESIGN_SIGN: ${{ secrets.CODESIGN_SIGN }} run: | + security find-identity -p basic -v codesign --sign "$CODESIGN_SIGN" --prefix austincondiff.CodeEdit. --options=runtime --verbose --timestamp .build/apple/Products/Release/codeedit-cli - name: Zip run: zip -r .build/apple/Products/Release/codeedit-cli.zip .build/apple/Products/Release/codeedit-cli From 74707d48192ba904fd7328fbc199944c159f5499 Mon Sep 17 00:00:00 2001 From: Lukas Pistrol Date: Wed, 7 Dec 2022 03:45:51 +0100 Subject: [PATCH 3/3] cleanup deploy workflow --- .github/workflows/deploy.yml | 53 ++++++++++++++++++------------------ 1 file changed, 27 insertions(+), 26 deletions(-) diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml index 9a0131c..560885a 100644 --- a/.github/workflows/deploy.yml +++ b/.github/workflows/deploy.yml @@ -13,11 +13,11 @@ jobs: steps: - name: Checkout Repository uses: actions/checkout@v2 + - name: Install codesign certificate env: # DEV_CERT_B64: Base64-encoded developer certificate as .p12 # DEV_CERT_PWD: Developer certificate .p12 password - # PROVISION_PROFILE_B64: Base64-encoded provisioning profile as .provisionprofile # KEYCHAIN_TIMEOUT: Lock keychain after timeout interval # https://docs.github.com/en/actions/deployment/deploying-xcode-applications/installing-an-apple-certificate-on-macos-runners-for-xcode-development DEV_CERT_B64: ${{ secrets.DEV_CERT_B64 }} @@ -33,18 +33,21 @@ jobs: echo -n "$DEV_CERT_B64" | base64 --decode --output "$DEV_CERT_P12" security import "$DEV_CERT_P12" -P "$DEV_CERT_PWD" -A -t cert -f pkcs12 -k "$KEYCHAIN_DB" security list-keychain -d user -s "$KEYCHAIN_DB" + - name: Building run: | swift build -c release --arch arm64 --arch x86_64 - # CODESIGN & NOTARIZE THE BINARY + - name: Sign env: CODESIGN_SIGN: ${{ secrets.CODESIGN_SIGN }} run: | security find-identity -p basic -v codesign --sign "$CODESIGN_SIGN" --prefix austincondiff.CodeEdit. --options=runtime --verbose --timestamp .build/apple/Products/Release/codeedit-cli + - name: Zip run: zip -r .build/apple/Products/Release/codeedit-cli.zip .build/apple/Products/Release/codeedit-cli + - name: Notarize env: APPLE_ID: ${{ secrets.APPLE_ID }} @@ -52,34 +55,32 @@ jobs: APPLE_TEAM_ID: ${{ secrets.APPLE_TEAM_ID }} run: | xcrun notarytool submit ".build/apple/Products/Release/codeedit-cli.zip" --apple-id "$APPLE_ID" --password "$APPLE_ID_PWD" --team-id "$APPLE_TEAM_ID" --verbose --wait --output-format plist > "NotarizationResponse.plist" - echo "**RESPONSE**" - cat NotarizationResponse.plist - id=`/usr/libexec/PlistBuddy -c "Print :id" "NotarizationResponse.plist"` - xcrun notarytool log --verbose --apple-id "$APPLE_ID" --password "$APPLE_ID_PWD" --team-id "$APPLE_TEAM_ID" "$id" status=`/usr/libexec/PlistBuddy -c "Print :status" "NotarizationResponse.plist"` if [[ $status != "Accepted" ]]; then exit 999 fi - #- name: Create Release - # id: create_release - #uses: actions/create-release@v1 - #env: - #GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - #with: - #tag_name: ${{ github.ref }} - #release_name: ${{ github.ref }} - #draft: false - #prerelease: false - - #- name: Upload Release Asset - # uses: actions/upload-release-asset@v1 - #env: - # GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - #with: - #upload_url: ${{ steps.create_release.outputs.upload_url }} - #asset_path: .build/apple/Products/Release/codeedit-cli.zip - #asset_name: codeedit-cli-binary.zip - #asset_content_type: application/zip + + - name: Create Release + id: create_release + uses: actions/create-release@v1 + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + with: + tag_name: ${{ github.ref }} + release_name: ${{ github.ref }} + draft: false + prerelease: false + + - name: Upload Release Asset + uses: actions/upload-release-asset@v1 + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + with: + upload_url: ${{ steps.create_release.outputs.upload_url }} + asset_path: .build/apple/Products/Release/codeedit-cli.zip + asset_name: codeedit-cli-universal-binary.zip + asset_content_type: application/zip + - name: Clean up keychain if: ${{ always() }} run: |