Skip to content

Create License.md

Create License.md #46

Workflow file for this run

on:
push:
branches: [main]
name: MacOS
jobs:
build-macos:
name: "Build MacOS"
runs-on: macos-latest
timeout-minutes: 30
env:
GITHUB_TOKEN: ${{ secrets.GIT_TOKEN }}
MACOS_APP_RELEASE_PATH: build/macos/Build/Products/Release
steps:
- uses: actions/[email protected]
- name: create .env file
run: |
touch .env
echo SUBAPASE_URL=${{ secrets.SUBAPASE_URL }} >> .env
echo SUBAPASE_ANON_KEY=${{ secrets.SUBAPASE_ANON_KEY }} >> .env
echo SENTRY_DNS=${{ secrets.SENTRY_DNS }} >> .env
cat .env
- name: read yaml
id: read_action_js
uses: pietrobolcato/[email protected]
with:
config: ${{ github.workspace }}/pubspec.yaml
- name: Create Version Number
id: versions
run: |
echo "::set-output name=version::${{ steps.read_action_js.outputs['version'] }}"
- name: Setup Flutter SDK
uses: subosito/[email protected]
with:
channel: "stable"
- name: Install create-dmg
run: brew install create-dmg
- name: Enable desktop
run: flutter config --enable-macos-desktop
- name: Flutter get packages
run: flutter pub get
- name: Install the Apple certificate and provisioning profile
env:
BUILD_CERTIFICATE_BASE64: ${{ secrets.PROD_MACOS_CERTIFICATE }}
P12_PASSWORD: ${{ secrets.PROD_MACOS_CERTIFICATE_PWD }}
BUILD_PROVISION_PROFILE_BASE64: ${{ secrets.PROD_MACOS_PEOVISION_PROFILE }}
KEYCHAIN_PASSWORD: ${{ secrets.PROD_MACOS_CI_KEYCHAIN_PWD }}
run: |
# create variables
CERTIFICATE_PATH=$RUNNER_TEMP/build_certificate.p12
PP_PATH=$RUNNER_TEMP/build_pp.provisionprofile
KEYCHAIN_PATH=$RUNNER_TEMP/app-signing.keychain-db
# import certificate and provisioning profile from secrets
echo -n "$BUILD_CERTIFICATE_BASE64" | base64 --decode -o $CERTIFICATE_PATH
echo -n "$BUILD_PROVISION_PROFILE_BASE64" | base64 --decode -o $PP_PATH
# create temporary keychain
security create-keychain -p "$KEYCHAIN_PASSWORD" $KEYCHAIN_PATH
security set-keychain-settings -lut 21600 $KEYCHAIN_PATH
security unlock-keychain -p "$KEYCHAIN_PASSWORD" $KEYCHAIN_PATH
# import certificate to keychain
security import $CERTIFICATE_PATH -P "$P12_PASSWORD" -A -t cert -f pkcs12 -k $KEYCHAIN_PATH
security list-keychain -d user -s $KEYCHAIN_PATH
# apply provisioning profile
mkdir -p ~/Library/MobileDevice/Provisioning\ Profiles
cp $PP_PATH ~/Library/MobileDevice/Provisioning\ Profiles
- name: Build MacOS
run: flutter build macos --release
- name: Codesign app bundle
# Extract the secrets we defined earlier as environment variables
env:
MACOS_CERTIFICATE: ${{ secrets.PROD_MACOS_CERTIFICATE }}
MACOS_CERTIFICATE_PWD: ${{ secrets.PROD_MACOS_CERTIFICATE_PWD }}
MACOS_CERTIFICATE_NAME: ${{ secrets.PROD_MACOS_CERTIFICATE_NAME }}
MACOS_CI_KEYCHAIN_PWD: ${{ secrets.PROD_MACOS_CI_KEYCHAIN_PWD }}
run: |
# Turn our base64-encoded certificate back to a regular .p12 file
echo $MACOS_CERTIFICATE | base64 --decode > certificate.p12
# We need to create a new keychain, otherwise using the certificate will prompt
# with a UI dialog asking for the certificate password, which we can't
# use in a headless CI environment
security create-keychain -p "$MACOS_CI_KEYCHAIN_PWD" build.keychain
security default-keychain -s build.keychain
security unlock-keychain -p "$MACOS_CI_KEYCHAIN_PWD" build.keychain
security import certificate.p12 -k build.keychain -P "$MACOS_CERTIFICATE_PWD" -T /usr/bin/codesign
security set-key-partition-list -S apple-tool:,apple:,codesign: -s -k "$MACOS_CI_KEYCHAIN_PWD" build.keychain
# We finally codesign our app bundle, specifying the Hardened runtime option
/usr/bin/codesign --force -s "$MACOS_CERTIFICATE_NAME" --options runtime build/macos/Build/Products/Release/FlutterPP.app -v
- name: "Notarize app bundle"
# Extract the secrets we defined earlier as environment variables
env:
PROD_MACOS_NOTARIZATION_APPLE_ID: ${{ secrets.PROD_MACOS_NOTARIZATION_APPLE_ID }}
PROD_MACOS_NOTARIZATION_TEAM_ID: ${{ secrets.PROD_MACOS_NOTARIZATION_TEAM_ID }}
PROD_MACOS_NOTARIZATION_PWD: ${{ secrets.PROD_MACOS_NOTARIZATION_PWD }}
run: |
# Store the notarization credentials so that we can prevent a UI password dialog
# from blocking the CI
echo "Create keychain profile"
xcrun notarytool store-credentials "notarytool-profile" --apple-id "$PROD_MACOS_NOTARIZATION_APPLE_ID" --team-id "$PROD_MACOS_NOTARIZATION_TEAM_ID" --password "$PROD_MACOS_NOTARIZATION_PWD"
# We can't notarize an app bundle directly, but we need to compress it as an archive.
# Therefore, we create a zip file containing our app bundle, so that we can send it to the
# notarization service
echo "Creating temp notarization archive"
ditto -c -k --keepParent "build/macos/Build/Products/Release/FlutterPP.app" "notarization.zip"
# Here we send the notarization request to the Apple's Notarization service, waiting for the result.
# This typically takes a few seconds inside a CI environment, but it might take more depending on the App
# characteristics. Visit the Notarization docs for more information and strategies on how to optimize it if
# you're curious
echo "Notarize app"
xcrun notarytool submit "notarization.zip" --keychain-profile "notarytool-profile" --wait
# Finally, we need to "attach the staple" to our executable, which will allow our app to be
# validated by macOS even when an internet connection is not available.
echo "Attach staple"
xcrun stapler staple "build/macos/Build/Products/Release/FlutterPP.app"
- name: Create dmg
run: |
./scripts/create_mac_dmg.sh
- name: Upload Release Asset
id: upload-release-asset
uses: svenstaro/[email protected]
with:
repo_token: ${{ secrets.GITHUB_TOKEN }}
file: build/macos/Build/Products/Release/FlutterPP.dmg
asset_name: FlutterPP-macos-${{ steps.versions.outputs.version }}.dmg
tag: ${{ steps.versions.outputs.version }}
release_name: Release ${{ steps.versions.outputs.version }}
overwrite: true