Try with import-codesign-certs action #52
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Desktop MacOS Release | |
on: | |
push: | |
tags: | |
- '*-desktop' | |
jobs: | |
deploy: | |
runs-on: macos-latest | |
timeout-minutes: 40 | |
permissions: | |
contents: write | |
steps: | |
- uses: actions/checkout@v4 | |
with: | |
fetch-depth: 0 | |
- name: set up JDK | |
uses: actions/setup-java@v4 | |
with: | |
distribution: 'zulu' | |
java-version: 18 | |
- uses: gradle/[email protected] | |
with: | |
gradle-home-cache-cleanup: true | |
- name: Setup Gradle Properties | |
shell: bash | |
run: | | |
echo "org.gradle.jvmargs=-Xms10g -Xmx10g -XX:MaxMetaspaceSize=1g -XX:+HeapDumpOnOutOfMemoryError -XX:+UseParallelGC" >> ~/.gradle/gradle.properties | |
echo "kotlin.daemon.jvmargs=-Xms4g -Xmx4g -XX:+UseParallelGC" >> ~/.gradle/gradle.properties | |
echo "org.gradle.daemon=false" >> ~/.gradle/gradle.properties | |
echo "org.gradle.workers.max=2" >> ~/.gradle/gradle.properties | |
echo "org.gradle.vfs.watch=false" >> ~/.gradle/gradle.properties | |
- name: Cache KMP tooling | |
uses: actions/cache@v4 | |
with: | |
path: | | |
~/.konan | |
key: ${{ runner.os }}-v1-${{ hashFiles('*.gradle.kts') }} | |
# - name: Import signing certificate into keychain | |
# run: | | |
# KEYCHAIN_FILE=default.keychain | |
# security create-keychain -p $KEYCHAIN_PASSWORD_MACOS $KEYCHAIN_FILE | |
# security default-keychain -s $KEYCHAIN_FILE | |
# security unlock-keychain -p $KEYCHAIN_PASSWORD_MACOS $KEYCHAIN_FILE | |
# security import <(echo $SIGNING_CERTIFICATE_P12_DATA | base64 --decode) \ | |
# -f pkcs12 \ | |
# -k $KEYCHAIN_FILE \ | |
# -P $SIGNING_CERTIFICATE_PASSWORD \ | |
# -T /usr/bin/codesign | |
# security set-key-partition-list -S apple-tool:,apple: -s -k $KEYCHAIN_PASSWORD_MACOS $KEYCHAIN_FILE | |
# env: | |
# SIGNING_CERTIFICATE_P12_DATA: ${{ secrets.SIGNING_CERTIFICATE_P12_DATA_MACOS }} | |
# SIGNING_CERTIFICATE_PASSWORD: ${{ secrets.SIGNING_CERTIFICATE_PASSWORD_MACOS }} | |
# KEYCHAIN_PASSWORD_MACOS: ${{ secrets.KEYCHAIN_PASSWORD_MACOS }} | |
- name: Import signing certificate | |
uses: apple-actions/import-codesign-certs@v2 | |
with: | |
p12-file-base64: ${{ secrets.SIGNING_CERTIFICATE_P12_DATA_MACOS }} | |
p12-password: ${{ secrets.SIGNING_CERTIFICATE_PASSWORD_MACOS }} | |
- name: Run Checks | |
run: ./gradlew detekt desktopTest jvmTest | |
- name: Upload reports | |
if: failure() | |
uses: actions/upload-artifact@v4 | |
with: | |
name: build-reports | |
path: | | |
**/build/reports/* | |
- name: Update Licenses file | |
run: ./gradlew desktopApp:exportLibraryDefinitions -PaboutLibraries.exportPath=src/main/resources/ | |
- name: Create path variables | |
id: path_variables | |
run: | | |
tag=$(git describe --tags --abbrev=0 --match "*-desktop") | |
version=$(echo "$tag" | sed 's/-desktop$//') | |
name="FeedFlow-${version}.dmg" | |
path="desktopApp/build/release/main-release/dmg/${name}" | |
echo "TAG=$tag" >> $GITHUB_OUTPUT | |
echo "VERSION=$version" >> $GITHUB_OUTPUT | |
echo "RELEASE_PATH=$path" >> $GITHUB_OUTPUT | |
- name: Create Properties file | |
run: | | |
echo "is_release=true" >> desktopApp/src/jvmMain/resources/props.properties | |
echo "sentry_dns=$SENTRY_DNS" >> desktopApp/src/jvmMain/resources/props.properties | |
echo "version=$VERSION" >> desktopApp/src/jvmMain/resources/props.properties | |
env: | |
SENTRY_DNS: ${{ secrets.SENTRY_DNS }} | |
VERSION: ${{ steps.path_variables.outputs.VERSION }} | |
- name: Run Proguard | |
run: ./gradlew :desktopApp:proguardReleaseJars | |
- name: Create DMG | |
run: ./gradlew packageReleaseDmg --info | |
- name: Upload reports | |
if: failure() | |
uses: actions/upload-artifact@v4 | |
with: | |
name: reports | |
path: | | |
**/build/compose/logs/* | |
- name: Notarization | |
run: | | |
xcrun notarytool submit $RELEASE_PATH --apple-id $APPLE_ID_NOTARIZATION --password $NOTARIZATION_PWD --team-id $APPSTORE_TEAM_ID --wait | |
xcrun stapler staple $RELEASE_PATH | |
env: | |
APPLE_ID_NOTARIZATION: ${{ secrets.APPLE_ID_NOTARIZATION }} | |
APPSTORE_TEAM_ID: ${{ secrets.APPSTORE_TEAM_ID }} | |
NOTARIZATION_PWD: ${{ secrets.NOTARIZATION_PWD }} | |
RELEASE_PATH: ${{ steps.path_variables.outputs.RELEASE_PATH }} | |
- name: Upload binaries to release | |
uses: svenstaro/upload-release-action@v2 | |
with: | |
repo_token: ${{ secrets.GITHUB_TOKEN }} | |
file: ${{ steps.path_variables.outputs.RELEASE_PATH }} | |
tag: ${{ steps.path_variables.outputs.TAG }} | |
overwrite: true | |
body: "Release ${{ steps.path_variables.outputs.VERSION }}" | |
- name: Update website | |
run: | | |
file_path="website/data/hero.yml" | |
new_link="https://github.com/prof18/feed-flow/releases/download/$VERSION-desktop/FeedFlow-$VERSION.dmg" | |
awk -v new_link="$new_link" '/^button3Link:/ {print "button3Link: " new_link; next} 1' "$file_path" > tmpfile && mv tmpfile "$file_path" | |
env: | |
VERSION: ${{ steps.path_variables.outputs.VERSION }} | |
- name: Setup Hugo | |
uses: peaceiris/actions-hugo@v2 | |
with: | |
hugo-version: '0.101.0' | |
extended: true | |
- name: Build | |
run: | | |
cd website | |
HUGO_ENV=production hugo --gc --minify | |
- name: Deploy | |
uses: peaceiris/actions-gh-pages@v3 | |
with: | |
github_token: ${{ secrets.GITHUB_TOKEN }} | |
publish_dir: website/public |