From 29ea3bf61960eecde6ad208209ee6770f60e234d Mon Sep 17 00:00:00 2001 From: Elias Wilken Date: Wed, 3 Jan 2024 11:51:04 +0100 Subject: [PATCH] add release workflow --- .github/workflows/release.yml | 81 +++++++++++++++++++++++++++++++++++ 1 file changed, 81 insertions(+) create mode 100644 .github/workflows/release.yml diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml new file mode 100644 index 0000000..0f577e0 --- /dev/null +++ b/.github/workflows/release.yml @@ -0,0 +1,81 @@ +name: Release + +on: + release: + types: [published] + +jobs: + build: + name: Build app bundle and upload it to the release + runs-on: macos-latest + + steps: + - name: Checkout + uses: actions/checkout@v4 + - name: Set Xcode Version + run: sudo xcode-select -s /Applications/Xcode_15.1.app + # https://docs.github.com/en/actions/deployment/deploying-xcode-applications/installing-an-apple-certificate-on-macos-runners-for-xcode-development#creating-secrets-for-your-certificate-and-provisioning-profile + # https://defn.io/2023/09/22/distributing-mac-apps-with-github-actions + - name: Install the Apple certificate and provisioning profile + env: + # exported from Xcode + # base64 -i ID_CERTIFICATE.p12 > ID_CERTIFICATE_BASE64 + ID_CERTIFICATE_BASE64: ${{ secrets.ID_CERTIFICATE_BASE64 }} + # openssl rand -hex 32 > ID_CERTIFICATE_PASSWORD + ID_CERTIFICATE_PASSWORD: ${{ secrets.ID_CERTIFICATE_PASSWORD }} + # exported from Xcode + # base64 -i BUILD_CERTIFICATE.p12 > BUILD_CERTIFICATE_BASE64 + BUILD_CERTIFICATE_BASE64: ${{ secrets.BUILD_CERTIFICATE_BASE64 }} + # openssl rand -hex 32 > BUILD_CERTIFICATE_PASSWORD + BUILD_CERTIFICATE_PASSWORD: ${{ secrets.BUILD_CERTIFICATE_PASSWORD }} + # openssl rand -hex 32 > KEYCHAIN_PASSWORD + KEYCHAIN_PASSWORD: ${{ secrets.KEYCHAIN_PASSWORD }} + run: | + # create variables + ID_CERTIFICATE_PATH=$RUNNER_TEMP/id_certificate.p12 + BUILD_CERTIFICATE_PATH=$RUNNER_TEMP/build_certificate.p12 + KEYCHAIN_PATH=$RUNNER_TEMP/app-signing.keychain-db + + # import certificates from secrets + echo -n "$ID_CERTIFICATE_BASE64" | base64 --decode -o $ID_CERTIFICATE_PATH + echo -n "$BUILD_CERTIFICATE_BASE64" | base64 --decode -o $BUILD_CERTIFICATE_PATH + + # create temporary keychain + security create-keychain -p "$KEYCHAIN_PASSWORD" $KEYCHAIN_PATH + security set-keychain-settings -lut 21600 $KEYCHAIN_PATH + security unlock-keychain -p "$KEYCHAIN_PASSWORD" $KEYCHAIN_PATH + + # import certificate to keychain + security import $ID_CERTIFICATE_PATH -P "$ID_CERTIFICATE_PASSWORD" -A -t cert -f pkcs12 -k $KEYCHAIN_PATH + security import $BUILD_CERTIFICATE_PATH -P "$BUILD_CERTIFICATE_PASSWORD" -A -t cert -f pkcs12 -k $KEYCHAIN_PATH + security list-keychain -d user -s $KEYCHAIN_PATH + - name: Build app + run: | + mkdir -p dist + + xcodebuild \ + archive \ + -project 'Nautik Helper.xcodeproj'/ \ + -scheme 'Nautik Helper' \ + -configuration Release \ + -destination 'generic/platform=macOS' \ + -archivePath 'dist/Nautik Helper.xcarchive' + -allowProvisioningUpdates + + xcodebuild \ + -exportArchive \ + -archivePath 'dist/Nautik Helper.xcarchive' \ + -exportOptionsPlist 'Nautik Helper/ExportOptions.plist' \ + -exportPath dist/ \ + -allowProvisioningUpdates + + cd dist + zip -r helper-${{ github.ref }}.zip 'Nautik Helper.app' + cd .. + - name: Upload app bundle to release + uses: svenstaro/upload-release-action@v2 + with: + file: dist/helper-${{ github.ref }}.zip + asset_name: helper-${{ github.ref }}.zip + tag: ${{ github.ref }} + overwrite: true