Set attr on all three #1649
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| --- | |
| name: build | |
| on: | |
| push: | |
| branches-ignore: | |
| - 'translations_**' | |
| tags: | |
| - 'v*' | |
| pull_request: | |
| branches-ignore: | |
| - 'translations_**' | |
| jobs: | |
| build: | |
| runs-on: macos-11 | |
| env: | |
| QS_BUILD_ONLY: 1 | |
| steps: | |
| - uses: actions/checkout@v3 | |
| with: | |
| submodules: recursive | |
| - name: Build debug version | |
| working-directory: Quicksilver | |
| run: | | |
| ./Tools/qsrelease Debug | |
| mv /tmp/QS/build/Debug/Quicksilver{,-debug}.zip | |
| - name: Upload debug version | |
| uses: actions/upload-artifact@v3 | |
| with: | |
| name: Quicksilver-debug | |
| path: /tmp/QS/build/Debug/Quicksilver-debug.zip | |
| - name: Build release version | |
| working-directory: Quicksilver | |
| run: | | |
| ./Tools/qsrelease | |
| cp ./SharedSupport/ChangesBare.html /tmp | |
| - name: Prepare DMG_INGREDIENTS artifact | |
| working-directory: /tmp/QS/build/Release/ | |
| run: | | |
| cp \ | |
| /tmp/qs_build_settings \ | |
| /tmp/Quicksilver.entitlements \ | |
| /tmp/ChangesBare.html \ | |
| ./dmg/ | |
| tar -czvf ./dmg_ingredients.tar.gz ./dmg | |
| - name: Upload components for sign action | |
| uses: actions/upload-artifact@v3 | |
| with: | |
| name: DMG_INGREDIENTS | |
| path: /tmp/QS/build/Release/dmg_ingredients.tar.gz | |
| sign: | |
| needs: build | |
| runs-on: macos-11 | |
| if: startsWith(github.ref, 'refs/tags/') | |
| env: | |
| MACOS_CERTIFICATE: ${{ secrets.MACOS_CERTIFICATE }} | |
| MACOS_CERTIFICATE_PASSWORD: ${{ secrets.MACOS_CERTIFICATE_PASSWORD }} | |
| KEYCHAIN_PASSWORD: ${{ secrets.KEYCHAIN_PASSWORD }} | |
| SIGNING_IDENTITY: ${{ secrets.SIGNING_IDENTITY }} | |
| NOTARIZING_ID: ${{ secrets.NOTARIZING_ID }} | |
| NOTARIZING_PASS: ${{ secrets.NOTARIZING_PASS }} | |
| KEYCHAIN_PROFILE: "Quicksilver Notarization" | |
| steps: | |
| - name: Download dmg folder artifact | |
| uses: actions/download-artifact@v3 | |
| with: | |
| name: DMG_INGREDIENTS | |
| path: /tmp/QS/build/Release/ | |
| - name: Decompress DMG_INGREDIENTS | |
| working-directory: /tmp/QS/build/Release/ | |
| run: | | |
| tar -xzvf ./dmg_ingredients.tar.gz | |
| mv \ | |
| ./dmg/qs_build_settings \ | |
| ./dmg/Quicksilver.entitlements \ | |
| ./dmg/ChangesBare.html \ | |
| /tmp/ | |
| QS_INFO_VERSION=$(awk '/QS_INFO_VERSION/ { print $NF }' \ | |
| /tmp/qs_build_settings) | |
| echo "QS_INFO_VERSION=${QS_INFO_VERSION}" >> "${GITHUB_ENV}" | |
| - uses: actions/checkout@v3 | |
| with: | |
| submodules: recursive | |
| - name: Run Tools/qssign | |
| working-directory: Quicksilver | |
| run: | | |
| # https://docs.github.com/en/actions/deployment/deploying-xcode-applications/installing-an-apple-certificate-on-macos-runners-for-xcode-development | |
| KEYCHAIN_PATH=${RUNNER_TEMP}/app-signing.keychain-db | |
| CERTIFICATE_PATH=${RUNNER_TEMP}/build_certificate.p12 | |
| echo -n "${MACOS_CERTIFICATE}" | base64 --decode \ | |
| --output "${CERTIFICATE_PATH}" | |
| security create-keychain -p "${KEYCHAIN_PASSWORD}" "${KEYCHAIN_PATH}" | |
| security default-keychain -s "${KEYCHAIN_PATH}" | |
| security set-keychain-settings -lut 21600 "${KEYCHAIN_PATH}" | |
| security unlock-keychain -p "${KEYCHAIN_PASSWORD}" "${KEYCHAIN_PATH}" | |
| security import "${CERTIFICATE_PATH}" \ | |
| -P "${MACOS_CERTIFICATE_PASSWORD}" \ | |
| -A -t cert -f pkcs12 -k "${KEYCHAIN_PATH}" | |
| xcrun notarytool store-credentials "${KEYCHAIN_PROFILE}" \ | |
| --apple-id "${NOTARIZING_ID}" \ | |
| --team-id "${SIGNING_IDENTITY}" \ | |
| --password "${NOTARIZING_PASS}" | |
| ./Tools/qssign | |
| - name: Download debug artifact | |
| uses: actions/download-artifact@v3 | |
| with: | |
| name: Quicksilver-debug | |
| path: /tmp | |
| - name: Create checksum | |
| run: | | |
| cd /tmp/QS/build/Release/ | |
| shasum --algorithm 256 Quicksilver*.dmg > checksum.txt | |
| cd /tmp | |
| shasum --algorithm 256 Quicksilver-debug.zip >> /tmp/QS/build/Release/checksum.txt | |
| - name: Upload Quicksilver.dmg | |
| uses: actions/upload-artifact@v3 | |
| with: | |
| name: "Quicksilver_${{ env.QS_INFO_VERSION }}.dmg" | |
| path: /tmp/QS/build/Release/Quicksilver*.dmg | |
| - name: Upload checksum | |
| uses: actions/upload-artifact@v3 | |
| with: | |
| name: checksums | |
| path: /tmp/QS/build/Release/checksum.txt | |
| - name: Release | |
| uses: softprops/action-gh-release@v1 | |
| with: | |
| files: | | |
| /tmp/QS/build/Release/Quicksilver*.dmg | |
| /tmp/QS/build/Release/checksum.txt | |
| /tmp/Quicksilver-debug.zip | |
| - name: Update ChangesBare.html | |
| env: | |
| SERVER: ${{ secrets.SERVER }} | |
| PORT: ${{ secrets.PORT }} | |
| SSH_KEY: ${{secrets.SSH_KEY}} | |
| run: | | |
| # Create ssh keyfile with locked down permissions and ensure its removal | |
| # Unfortunately process substitution won't work because ssh closes | |
| # all fd > 2 | |
| touch /tmp/key | |
| chmod 0600 /tmp/key | |
| trap 'rm -f /tmp/key' EXIT | |
| echo "${SSH_KEY}" > /tmp/key | |
| ssh -T "${SERVER}" -p "${PORT}" -i /tmp/key \ | |
| -o StrictHostKeyChecking=no \ | |
| "${GITHUB_REPOSITORY}" \ | |
| </tmp/ChangesBare.html | |
| rm /tmp/key |