Skip to content

Build MacOS Artifacts #414

Build MacOS Artifacts

Build MacOS Artifacts #414

Workflow file for this run

name: Build MacOS Artifacts
on:
workflow_dispatch:
inputs:
tags:
description: "Version tags"
env:
VERSION: 0.9.0
jobs:
build:
strategy:
matrix:
go: [1.23.4]
runs-on: "macos-latest"
steps:
- name: Setup Node.js
uses: actions/setup-node@v4
with:
node-version: 18
- name: Install pnpm
run: npm install -g pnpm
- name: Setup Cache
uses: actions/cache@v4
with:
path: |
~/.cache/go-build
~/go/pkg/mod
key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }}
restore-keys: |
${{ runner.os }}-go-
- name: Checkout Kun
uses: actions/checkout@v4
with:
repository: yaoapp/kun
path: kun
- name: Checkout Xun
uses: actions/checkout@v4
with:
repository: yaoapp/xun
path: xun
- name: Checkout Gou
uses: actions/checkout@v4
with:
repository: yaoapp/gou
path: gou
- name: Checkout V8Go
uses: actions/checkout@v4
with:
repository: yaoapp/v8go
path: v8go
- name: Unzip libv8
run: |
files=$(find ./v8go -name "libv8*.zip")
for file in $files; do
dir=$(dirname "$file") # Get the directory where the ZIP file is located
echo "Extracting $file to directory $dir"
unzip -o -d $dir $file
rm -rf $dir/__MACOSX
done
- name: Checkout XGen v1.0
# ** XGEN will be renamed to DUI in the feature. and move to the new repository. **
# ** new repository: https://github.com/YaoApp/dui.git **
uses: actions/checkout@v4
with:
repository: yaoapp/xgen
path: xgen-v1.0
- name: Checkout Yao-Init
uses: actions/checkout@v4
with:
repository: yaoapp/yao-init
path: yao-init
- name: Move Kun, Xun, Gou, UI, V8Go
run: |
mv kun ../
mv xun ../
mv gou ../
mv v8go ../
mv xgen-v1.0 ../
mv yao-init ../
rm -f ../xgen-v1.0/packages/setup/vite.config.ts.*
ls -l .
ls -l ../
ls -l ../xgen-v1.0/packages/setup/
- name: Checkout Code
uses: actions/checkout@v4
- name: Setup Go ${{ matrix.go }}
uses: actions/setup-go@v5
with:
go-version: ${{ matrix.go }}
- name: Setup Go Tools
run: |
make tools
- name: Get Version
run: |
echo VERSION=$(cat share/const.go |grep 'const VERSION' | awk '{print $4}' | sed "s/\"//g") >> $GITHUB_ENV
- name: Make Artifacts MacOS
run: |
make artifacts-macos
mv dist/release/yao-$VERSION-dev-darwin-arm64 dist/release/yao-$VERSION-unstable-darwin-arm64
mv dist/release/yao-$VERSION-dev-darwin-amd64 dist/release/yao-$VERSION-unstable-darwin-amd64
- name: Install Certificates
env:
KEYCHAIN_PASSWORD: ${{ secrets.KEYCHAIN_PASSWORD }}
run: |
mkdir -p certs
echo "${{ secrets.APPLE_DEVELOPERIDG2CA }}" | base64 --decode > certs/DeveloperIDG2CA.cer
echo "${{ secrets.APPLE_DISTRIBUTION }}" | base64 --decode > certs/distribution.cer
echo "${{ secrets.APPLE_PRIVATE_KEY }}" | base64 --decode > certs/private_key.p12
security verify-cert -c certs/DeveloperIDG2CA.cer
security verify-cert -c certs/distribution.cer
- name: Import Certificates
run: |
KEYCHAIN_PATH=$RUNNER_TEMP/app-signing.keychain-db
# create temporary keychain
security create-keychain -p "$KEYCHAIN_PASSWORD" $KEYCHAIN_PATH
security set-keychain-settings -lut 21600 $KEYCHAIN_PATH
security unlock-keychain -p "$KEYCHAIN_PASSWORD" $KEYCHAIN_PATH
# import certificate to keychain
security import ./certs/DeveloperIDG2CA.cer -k $KEYCHAIN_PATH -T /usr/bin/codesign
security import ./certs/distribution.cer -k $KEYCHAIN_PATH -T /usr/bin/codesign
# import private key to keychain
security import ./certs/private_key.p12 -k $KEYCHAIN_PATH -P "${{ secrets.APPLE_PRIVATE_KEY_PASSWORD }}" -T /usr/bin/codesign
security list-keychain -d user -s $KEYCHAIN_PATH
- name: Sign Artifacts
run: |
codesign --deep --force --verbose --timestamp --sign "Developer ID Application: ${{ secrets.APPLE_SIGN }}" dist/release/yao-$VERSION-unstable-darwin-arm64
codesign --deep --force --verbose --timestamp --options runtime --sign "Developer ID Application: ${{ secrets.APPLE_SIGN }}" dist/release/yao-$VERSION-unstable-darwin-amd64
- name: Verify Signature
run: |
codesign --verify --deep --strict --verbose=2 dist/release/yao-$VERSION-unstable-darwin-arm64
codesign --verify --deep --strict --verbose=2 dist/release/yao-$VERSION-unstable-darwin-amd64
- name: Send to Apple Notary Service
run: |
zip -r dist/release/yao-$VERSION-unstable-darwin-arm64.zip dist/release/yao-$VERSION-unstable-darwin-arm64
zip -r dist/release/yao-$VERSION-unstable-darwin-amd64.zip dist/release/yao-$VERSION-unstable-darwin-amd64
xcrun notarytool submit dist/release/yao-$VERSION-unstable-darwin-arm64.zip --apple-id "${{ secrets.APPLE_ID }}" --team-id "${{ secrets.APPLE_TEAME_ID }}" --password "${{ secrets.APPLE_APP_SPEC_PASS }}" --output-format json
xcrun notarytool submit dist/release/yao-$VERSION-unstable-darwin-amd64.zip --apple-id "${{ secrets.APPLE_ID }}" --team-id "${{ secrets.APPLE_TEAME_ID }}" --password "${{ secrets.APPLE_APP_SPEC_PASS }}" --output-format json
rm -f dist/release/yao-$VERSION-unstable-darwin-arm64.zip
rm -f dist/release/yao-$VERSION-unstable-darwin-amd64.zip
- name: Archive production artifacts
uses: actions/upload-artifact@v4
with:
name: yao-macos
path: |
dist/release/*