Skip to content

[fix]: deploy workflow - notarization #19

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
lukepistrol merged 5 commits into from
Dec 7, 2022
Merged

[fix]: deploy workflow - notarization #19

Changes from all commits
Commits
Show all changes
5 commits
Select commit Hold shift + click to select a range
cb184db
Added Changes for deploy
bombardier200 Dec 7, 2022
c6d52bd
Merge pull request #1 from bombardier200/bombardier200-deployAction
bombardier200 Dec 7, 2022
de834f1
Updating Deploy action (#18)
lukepistrol Dec 7, 2022
485185d
Update deploy.yml
lukepistrol Dec 7, 2022
74707d4
cleanup deploy workflow
lukepistrol Dec 7, 2022
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
54 changes: 48 additions & 6 deletions .github/workflows/deploy.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -14,14 +14,51 @@ jobs:
- name: Checkout Repository
uses: actions/checkout@v2

- name: Install codesign certificate
env:
# DEV_CERT_B64: Base64-encoded developer certificate as .p12
# DEV_CERT_PWD: Developer certificate .p12 password
# KEYCHAIN_TIMEOUT: Lock keychain after timeout interval
# https://docs.github.com/en/actions/deployment/deploying-xcode-applications/installing-an-apple-certificate-on-macos-runners-for-xcode-development
DEV_CERT_B64: ${{ secrets.DEV_CERT_B64 }}
DEV_CERT_PWD: ${{ secrets.DEV_CERT_PWD }}
KEYCHAIN_TIMEOUT: 21600
run: |
DEV_CERT_P12="$RUNNER_TEMP/dev_cert.p12"
KEYCHAIN_DB="$RUNNER_TEMP/keychain.keychain-db"
KEYCHAIN_PWD=$(openssl rand -base64 24)
security create-keychain -p "$KEYCHAIN_PWD" "$KEYCHAIN_DB"
security set-keychain-settings -lut "$KEYCHAIN_TIMEOUT" "$KEYCHAIN_DB"
security unlock-keychain -p "$KEYCHAIN_PWD" "$KEYCHAIN_DB"
echo -n "$DEV_CERT_B64" | base64 --decode --output "$DEV_CERT_P12"
security import "$DEV_CERT_P12" -P "$DEV_CERT_PWD" -A -t cert -f pkcs12 -k "$KEYCHAIN_DB"
security list-keychain -d user -s "$KEYCHAIN_DB"

- name: Building
run: |
swift build -c release --arch arm64 --arch x86_64
cd .build/apple/Products/Release/
zip codeedit-cli.zip codeedit-cli
cd ../../../../

# CODESIGN & NOTARIZE THE BINARY
- name: Sign
env:
CODESIGN_SIGN: ${{ secrets.CODESIGN_SIGN }}
run: |
security find-identity -p basic -v
codesign --sign "$CODESIGN_SIGN" --prefix austincondiff.CodeEdit. --options=runtime --verbose --timestamp .build/apple/Products/Release/codeedit-cli

- name: Zip
run: zip -r .build/apple/Products/Release/codeedit-cli.zip .build/apple/Products/Release/codeedit-cli

- name: Notarize
env:
APPLE_ID: ${{ secrets.APPLE_ID }}
APPLE_ID_PWD: ${{ secrets.APPLE_ID_PWD }}
APPLE_TEAM_ID: ${{ secrets.APPLE_TEAM_ID }}
run: |
xcrun notarytool submit ".build/apple/Products/Release/codeedit-cli.zip" --apple-id "$APPLE_ID" --password "$APPLE_ID_PWD" --team-id "$APPLE_TEAM_ID" --verbose --wait --output-format plist > "NotarizationResponse.plist"
status=`/usr/libexec/PlistBuddy -c "Print :status" "NotarizationResponse.plist"`
if [[ $status != "Accepted" ]]; then
exit 999
fi

- name: Create Release
id: create_release
Expand All @@ -33,13 +70,18 @@ jobs:
release_name: ${{ github.ref }}
draft: false
prerelease: false

- name: Upload Release Asset
uses: actions/upload-release-asset@v1
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
upload_url: ${{ steps.create_release.outputs.upload_url }}
asset_path: .build/apple/Products/Release/codeedit-cli.zip
asset_name: codeedit-cli-binary.zip
asset_name: codeedit-cli-universal-binary.zip
asset_content_type: application/zip

- name: Clean up keychain
if: ${{ always() }}
run: |
security delete-keychain "$RUNNER_TEMP/keychain.keychain-db"