Skip to content

Bump actions/download-artifact from 2 to 4.1.7 in /.github/workflows #6

Bump actions/download-artifact from 2 to 4.1.7 in /.github/workflows

Bump actions/download-artifact from 2 to 4.1.7 in /.github/workflows #6

Workflow file for this run

name: build
on:
push:
pull_request:
jobs:
build:
runs-on: macos-11
env:
QS_BUILD_ONLY: 1
QS_SOURCE_ROOT: "/tmp/git/quicksilver"
steps:
- uses: actions/checkout@v2
with:
submodules: recursive
- name: Build plugin
run: |
set -Eeuf -o pipefail
log() {
echo "$*" > /dev/stderr
}
err() {
log "error: $*"
exit 1
}
json() {
# Usage: stdin is json content, $1 is python-formatted query
# Example: `xcodebuild -list -json | json '["project"]["configurations"][0]'`
python3 -c '
import json
import sys
stdin = sys.stdin.read()
content = json.loads(stdin)
json_keys = sys.argv[1]
output = eval(f"{content}{json_keys}")
# Strips quotes if there is a simple result
if isinstance(output, str):
print(output)
# Pretty-print arrays and dicts
else:
print(json.dumps(output, indent=4))
' "$1"
}
configuration=Release
mkdir -p "${QS_SOURCE_ROOT}"
git clone --recurse-submodules "https://github.com/quicksilver/Quicksilver.git" "${QS_SOURCE_ROOT}"
pushd "${QS_SOURCE_ROOT}"
latest_tag=$(git tag --list --sort=creatordate | tail -n 1)
git checkout "${latest_tag}"
pushd Quicksilver
while [[ ! -x "/tmp/QS/build/${configuration}/Quicksilver.app/Contents/MacOS/Quicksilver" ]]; do
xcodebuild \
-quiet \
-destination generic/platform=macos \
-configuration "${configuration}" \
-scheme 'Quicksilver Distribution' \
build || true
done
popd
popd
project=$(find . -maxdepth 1 -name '*.xcodeproj' -not -iname "*test.xcodeproj" -print -quit)
if [[ -z "${project}" ]]; then
scheme_list=$(xcodebuild -list -json || true)
else
scheme_list=$(xcodebuild -list -json -project "${project}")
fi
if [[ -z "${scheme_list}" ]]; then
err "unable to determine scheme list"
fi
scheme=$(json '["project"]["targets"][0]' <<< "${scheme_list}")
log "Using default scheme: ${scheme}"
# Absence of a project can still build, but will error if `-project` is specified
opts=(-configuration "${configuration}" -scheme "${scheme}")
if [[ -n "${project}" ]]; then
opts+=(-project "${project}")
fi
SETTINGS=$(xcodebuild "${opts[@]}" -showBuildSettings -json)
xcodebuild build -quiet "${opts[@]}"
PLUGIN_NAME=$(json '[0]["buildSettings"]["FULL_PRODUCT_NAME"]' <<< "${SETTINGS}")
echo "PLUGIN_NAME=${PLUGIN_NAME}" >> $GITHUB_ENV
log "Built ${PLUGIN_NAME} successfully"
- name: Archive plugin
working-directory: /tmp/QS/build/Release/Quicksilver.app/Contents/PlugIns/
run: |
tar -czvf "${{ env.PLUGIN_NAME }}.tar.gz" "${{ env.PLUGIN_NAME }}"
- name: Upload components for sign action
uses: actions/upload-artifact@v2
with:
name: UNSIGNED_PLUGIN
path: /tmp/QS/build/Release/Quicksilver.app/Contents/PlugIns/${{ env.PLUGIN_NAME }}.tar.gz
sign:
needs: build
runs-on: macos-11
env:
MACOS_CERTIFICATE: ${{ secrets.MACOS_CERTIFICATE }}
MACOS_CERTIFICATE_PASSWORD: ${{ secrets.MACOS_CERTIFICATE_PASSWORD }}
KEYCHAIN_PASSWORD: ${{ secrets.KEYCHAIN_PASSWORD }}
SIGNING_IDENTITY: ${{ secrets.SIGNING_IDENTITY }}
steps:
- name: Download targz artifact
uses: actions/[email protected]
with:
name: UNSIGNED_PLUGIN
path: /tmp/QS/build/Release/
- name: Unarchive artifact and set plugin name in env
run: |
cd /tmp/QS/build/Release
tar -xzvf *.tar.gz
rm -r *.tar.gz
# Set env.PLUGIN_NAME for use in other steps
PLUGIN_NAME=$(find . -name '*.qsplugin' -exec basename {} \; -quit)
echo "PLUGIN_NAME=${PLUGIN_NAME}" >> $GITHUB_ENV
- name: Sign plugin
working-directory: /tmp/QS/build/Release/
run: |
# https://docs.github.com/en/actions/deployment/deploying-xcode-applications/installing-an-apple-certificate-on-macos-runners-for-xcode-development
KEYCHAIN_PATH=${RUNNER_TEMP}/app-signing.keychain-db
CERTIFICATE_PATH=${RUNNER_TEMP}/build_certificate.p12
echo -n "${MACOS_CERTIFICATE}" | base64 --decode --output "${CERTIFICATE_PATH}"
security create-keychain -p "${KEYCHAIN_PASSWORD}" "${KEYCHAIN_PATH}"
security default-keychain -s "${KEYCHAIN_PATH}"
security set-keychain-settings -lut 21600 "${KEYCHAIN_PATH}"
security unlock-keychain -p "${KEYCHAIN_PASSWORD}" "${KEYCHAIN_PATH}"
security import "${CERTIFICATE_PATH}" -P "${MACOS_CERTIFICATE_PASSWORD}" -A -t cert -f pkcs12 -k "${KEYCHAIN_PATH}"
codesign --force -vvv --deep --sign "${SIGNING_IDENTITY}" *.qsplugin
- name: Archive signed plugin
working-directory: /tmp/QS/build/Release
run: |
tar -czvf "${{ env.PLUGIN_NAME }}.tar.gz" "${{ env.PLUGIN_NAME }}"
- name: Upload document
uses: actions/upload-artifact@v2
with:
name: ${{ env.PLUGIN_NAME }}
path: /tmp/QS/build/Release/${{ env.PLUGIN_NAME }}.tar.gz