Build MacOS Artifacts #414
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Build MacOS Artifacts | |
on: | |
workflow_dispatch: | |
inputs: | |
tags: | |
description: "Version tags" | |
env: | |
VERSION: 0.9.0 | |
jobs: | |
build: | |
strategy: | |
matrix: | |
go: [1.23.4] | |
runs-on: "macos-latest" | |
steps: | |
- name: Setup Node.js | |
uses: actions/setup-node@v4 | |
with: | |
node-version: 18 | |
- name: Install pnpm | |
run: npm install -g pnpm | |
- name: Setup Cache | |
uses: actions/cache@v4 | |
with: | |
path: | | |
~/.cache/go-build | |
~/go/pkg/mod | |
key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }} | |
restore-keys: | | |
${{ runner.os }}-go- | |
- name: Checkout Kun | |
uses: actions/checkout@v4 | |
with: | |
repository: yaoapp/kun | |
path: kun | |
- name: Checkout Xun | |
uses: actions/checkout@v4 | |
with: | |
repository: yaoapp/xun | |
path: xun | |
- name: Checkout Gou | |
uses: actions/checkout@v4 | |
with: | |
repository: yaoapp/gou | |
path: gou | |
- name: Checkout V8Go | |
uses: actions/checkout@v4 | |
with: | |
repository: yaoapp/v8go | |
path: v8go | |
- name: Unzip libv8 | |
run: | | |
files=$(find ./v8go -name "libv8*.zip") | |
for file in $files; do | |
dir=$(dirname "$file") # Get the directory where the ZIP file is located | |
echo "Extracting $file to directory $dir" | |
unzip -o -d $dir $file | |
rm -rf $dir/__MACOSX | |
done | |
- name: Checkout XGen v1.0 | |
# ** XGEN will be renamed to DUI in the feature. and move to the new repository. ** | |
# ** new repository: https://github.com/YaoApp/dui.git ** | |
uses: actions/checkout@v4 | |
with: | |
repository: yaoapp/xgen | |
path: xgen-v1.0 | |
- name: Checkout Yao-Init | |
uses: actions/checkout@v4 | |
with: | |
repository: yaoapp/yao-init | |
path: yao-init | |
- name: Move Kun, Xun, Gou, UI, V8Go | |
run: | | |
mv kun ../ | |
mv xun ../ | |
mv gou ../ | |
mv v8go ../ | |
mv xgen-v1.0 ../ | |
mv yao-init ../ | |
rm -f ../xgen-v1.0/packages/setup/vite.config.ts.* | |
ls -l . | |
ls -l ../ | |
ls -l ../xgen-v1.0/packages/setup/ | |
- name: Checkout Code | |
uses: actions/checkout@v4 | |
- name: Setup Go ${{ matrix.go }} | |
uses: actions/setup-go@v5 | |
with: | |
go-version: ${{ matrix.go }} | |
- name: Setup Go Tools | |
run: | | |
make tools | |
- name: Get Version | |
run: | | |
echo VERSION=$(cat share/const.go |grep 'const VERSION' | awk '{print $4}' | sed "s/\"//g") >> $GITHUB_ENV | |
- name: Make Artifacts MacOS | |
run: | | |
make artifacts-macos | |
mv dist/release/yao-$VERSION-dev-darwin-arm64 dist/release/yao-$VERSION-unstable-darwin-arm64 | |
mv dist/release/yao-$VERSION-dev-darwin-amd64 dist/release/yao-$VERSION-unstable-darwin-amd64 | |
- name: Install Certificates | |
env: | |
KEYCHAIN_PASSWORD: ${{ secrets.KEYCHAIN_PASSWORD }} | |
run: | | |
mkdir -p certs | |
echo "${{ secrets.APPLE_DEVELOPERIDG2CA }}" | base64 --decode > certs/DeveloperIDG2CA.cer | |
echo "${{ secrets.APPLE_DISTRIBUTION }}" | base64 --decode > certs/distribution.cer | |
echo "${{ secrets.APPLE_PRIVATE_KEY }}" | base64 --decode > certs/private_key.p12 | |
security verify-cert -c certs/DeveloperIDG2CA.cer | |
security verify-cert -c certs/distribution.cer | |
- name: Import Certificates | |
run: | | |
KEYCHAIN_PATH=$RUNNER_TEMP/app-signing.keychain-db | |
# create temporary keychain | |
security create-keychain -p "$KEYCHAIN_PASSWORD" $KEYCHAIN_PATH | |
security set-keychain-settings -lut 21600 $KEYCHAIN_PATH | |
security unlock-keychain -p "$KEYCHAIN_PASSWORD" $KEYCHAIN_PATH | |
# import certificate to keychain | |
security import ./certs/DeveloperIDG2CA.cer -k $KEYCHAIN_PATH -T /usr/bin/codesign | |
security import ./certs/distribution.cer -k $KEYCHAIN_PATH -T /usr/bin/codesign | |
# import private key to keychain | |
security import ./certs/private_key.p12 -k $KEYCHAIN_PATH -P "${{ secrets.APPLE_PRIVATE_KEY_PASSWORD }}" -T /usr/bin/codesign | |
security list-keychain -d user -s $KEYCHAIN_PATH | |
- name: Sign Artifacts | |
run: | | |
codesign --deep --force --verbose --timestamp --sign "Developer ID Application: ${{ secrets.APPLE_SIGN }}" dist/release/yao-$VERSION-unstable-darwin-arm64 | |
codesign --deep --force --verbose --timestamp --options runtime --sign "Developer ID Application: ${{ secrets.APPLE_SIGN }}" dist/release/yao-$VERSION-unstable-darwin-amd64 | |
- name: Verify Signature | |
run: | | |
codesign --verify --deep --strict --verbose=2 dist/release/yao-$VERSION-unstable-darwin-arm64 | |
codesign --verify --deep --strict --verbose=2 dist/release/yao-$VERSION-unstable-darwin-amd64 | |
- name: Send to Apple Notary Service | |
run: | | |
zip -r dist/release/yao-$VERSION-unstable-darwin-arm64.zip dist/release/yao-$VERSION-unstable-darwin-arm64 | |
zip -r dist/release/yao-$VERSION-unstable-darwin-amd64.zip dist/release/yao-$VERSION-unstable-darwin-amd64 | |
xcrun notarytool submit dist/release/yao-$VERSION-unstable-darwin-arm64.zip --apple-id "${{ secrets.APPLE_ID }}" --team-id "${{ secrets.APPLE_TEAME_ID }}" --password "${{ secrets.APPLE_APP_SPEC_PASS }}" --output-format json | |
xcrun notarytool submit dist/release/yao-$VERSION-unstable-darwin-amd64.zip --apple-id "${{ secrets.APPLE_ID }}" --team-id "${{ secrets.APPLE_TEAME_ID }}" --password "${{ secrets.APPLE_APP_SPEC_PASS }}" --output-format json | |
rm -f dist/release/yao-$VERSION-unstable-darwin-arm64.zip | |
rm -f dist/release/yao-$VERSION-unstable-darwin-amd64.zip | |
- name: Archive production artifacts | |
uses: actions/upload-artifact@v4 | |
with: | |
name: yao-macos | |
path: | | |
dist/release/* |