added releas artefacts upload to the ci pilepine (#19)

Co-authored-by: Petr Gadorek <[email protected]>
espressif · Dec 4, 2024 · f9daa81 · f9daa81
1 parent fe7b2f2
commit f9daa81
Show file tree

Hide file tree

Showing 2 changed files with 150 additions and 0 deletions.
diff --git a/.github/workflows/build_tauri.yaml b/.github/workflows/build_tauri.yaml
@@ -96,6 +96,17 @@ jobs:
             src-tauri/target/release/eim
           if-no-files-found: error
 
+      - name: Upload Release Asset
+        if: github.event_name == 'release' && github.event.action == 'created' && matrix.platform == 'ubuntu-22.04'
+        uses: actions/upload-release-asset@v1
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        with:
+          upload_url: ${{ github.event.release.upload_url }}
+          asset_path: src-tauri/target/release/eim
+          asset_name: eim-linux
+          asset_content_type: application/octet-stream
+
       - name: Upload app .deb
         uses: actions/upload-artifact@v4
         if: matrix.platform == 'ubuntu-22.04'
@@ -128,6 +139,50 @@ jobs:
         run: |
           chmod +x src-tauri/target/aarch64-apple-darwin/release/eim
 
+      - name: Codesign macOS eim executables
+        if: matrix.platform == 'macos-latest'
+        env:
+          MACOS_CERTIFICATE: ${{ secrets.MACOS_CERTIFICATE }}
+          MACOS_CERTIFICATE_PWD: ${{ secrets.MACOS_CERTIFICATE_PWD }}
+        run: |
+          echo $MACOS_CERTIFICATE | base64 --decode > certificate.p12
+          /usr/bin/security create-keychain -p espressif build.keychain
+          /usr/bin/security default-keychain -s build.keychain
+          /usr/bin/security unlock-keychain -p espressif build.keychain
+          /usr/bin/security import certificate.p12 -k build.keychain -P $MACOS_CERTIFICATE_PWD -T /usr/bin/codesign
+          /usr/bin/security set-key-partition-list -S apple-tool:,apple:,codesign: -s -k espressif build.keychain
+
+          /usr/bin/codesign --entitlements eim.entitlement --options runtime --force -s "ESPRESSIF SYSTEMS (SHANGHAI) CO., LTD. (QWXF6GB4AV)" src-tauri/target/aarch64-apple-darwin/release/eim -v
+          /usr/bin/codesign -v -vvv --deep src-tauri/target/aarch64-apple-darwin/release/eim
+
+      - name: Zip eim executable for notarization
+        if: matrix.platform == 'macos-latest'
+        run: |
+          cd src-tauri/target/aarch64-apple-darwin/release
+          zip -r eim.zip eim
+
+      - name: Notarization of macOS eim executables
+        if: matrix.platform == 'macos-latest'
+        env:
+          NOTARIZATION_USERNAME: ${{ secrets.NOTARIZATION_USERNAME }}
+          NOTARIZATION_PASSWORD: ${{ secrets.NOTARIZATION_PASSWORD }}
+          NOTARIZATION_TEAM_ID: ${{ secrets.NOTARIZATION_TEAM_ID }}
+        run: |
+          echo "Create notary keychain"
+          /usr/bin/security create-keychain -p espressif notary.keychain
+          /usr/bin/security default-keychain -s notary.keychain
+          /usr/bin/security unlock-keychain -p espressif notary.keychain
+
+          echo "Create keychain profile"
+          xcrun notarytool store-credentials "eim-notarytool-profile" --apple-id $NOTARIZATION_USERNAME --team-id $NOTARIZATION_TEAM_ID --password $NOTARIZATION_PASSWORD
+          xcrun notarytool submit src-tauri/target/aarch64-apple-darwin/release/eim.zip --keychain-profile "eim-notarytool-profile" --wait
+
+          echo "Unzipping the executable"
+          unzip -o src-tauri/target/aarch64-apple-darwin/release/eim.zip -d src-tauri/target/aarch64-apple-darwin/release
+
+          # echo "Attach staple for eim executable"
+          # xcrun stapler staple src-tauri/target/aarch64-apple-darwin/release/eim
+
       - name: Upload app MacOs binary
         uses: actions/upload-artifact@v4
         if: matrix.platform == 'macos-latest'
@@ -137,6 +192,17 @@ jobs:
             src-tauri/target/aarch64-apple-darwin/release/eim
           if-no-files-found: error
 
+      - name: Upload Release Asset
+        if: github.event_name == 'release' && github.event.action == 'created' && matrix.platform == 'macos-latest'
+        uses: actions/upload-release-asset@v1
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        with:
+          upload_url: ${{ github.event.release.upload_url }}
+          asset_path: src-tauri/target/aarch64-apple-darwin/release/eim
+          asset_name: eim-macos-aarm64
+          asset_content_type: application/octet-stream
+
       - name: Upload app MacOs
         uses: actions/upload-artifact@v4
         if: matrix.platform == 'macos-latest'
@@ -160,6 +226,50 @@ jobs:
         run: |
           chmod +x src-tauri/target/x86_64-apple-darwin/release/eim
 
+      - name: Codesign macOS eim executables
+        if: matrix.platform == 'macos-12'
+        env:
+          MACOS_CERTIFICATE: ${{ secrets.MACOS_CERTIFICATE }}
+          MACOS_CERTIFICATE_PWD: ${{ secrets.MACOS_CERTIFICATE_PWD }}
+        run: |
+          echo $MACOS_CERTIFICATE | base64 --decode > certificate.p12
+          /usr/bin/security create-keychain -p espressif build.keychain
+          /usr/bin/security default-keychain -s build.keychain
+          /usr/bin/security unlock-keychain -p espressif build.keychain
+          /usr/bin/security import certificate.p12 -k build.keychain -P $MACOS_CERTIFICATE_PWD -T /usr/bin/codesign
+          /usr/bin/security set-key-partition-list -S apple-tool:,apple:,codesign: -s -k espressif build.keychain
+
+          /usr/bin/codesign --entitlements eim.entitlement --options runtime --force -s "ESPRESSIF SYSTEMS (SHANGHAI) CO., LTD. (QWXF6GB4AV)" src-tauri/target/x86_64-apple-darwin/release/eim -v
+          /usr/bin/codesign -v -vvv --deep src-tauri/target/x86_64-apple-darwin/release/eim
+
+      - name: Zip eim executable for notarization
+        if: matrix.platform == 'macos-12'
+        run: |
+          cd src-tauri/target/x86_64-apple-darwin/release
+          zip -r eim.zip eim
+
+      - name: Notarization of macOS eim executables
+        if: matrix.platform == 'macos-12'
+        env:
+          NOTARIZATION_USERNAME: ${{ secrets.NOTARIZATION_USERNAME }}
+          NOTARIZATION_PASSWORD: ${{ secrets.NOTARIZATION_PASSWORD }}
+          NOTARIZATION_TEAM_ID: ${{ secrets.NOTARIZATION_TEAM_ID }}
+        run: |
+          echo "Create notary keychain"
+          /usr/bin/security create-keychain -p espressif notary.keychain
+          /usr/bin/security default-keychain -s notary.keychain
+          /usr/bin/security unlock-keychain -p espressif notary.keychain
+
+          echo "Create keychain profile"
+          xcrun notarytool store-credentials "eim-notarytool-profile" --apple-id $NOTARIZATION_USERNAME --team-id $NOTARIZATION_TEAM_ID --password $NOTARIZATION_PASSWORD
+          xcrun notarytool submit src-tauri/target/x86_64-apple-darwin/release/eim.zip --keychain-profile "eim-notarytool-profile" --wait
+
+          echo "Unzipping the executable"
+          unzip -o src-tauri/target/x86_64-apple-darwin/release/eim.zip -d src-tauri/target/x86_64-apple-darwin/release
+
+          # echo "Attach staple for eim executable"
+          # xcrun stapler staple src-tauri/target/x86_64-apple-darwin/release/eim
+
       - name: Upload MacOs intel app binary
         uses: actions/upload-artifact@v4
         if: matrix.platform == 'macos-13'
@@ -169,6 +279,17 @@ jobs:
             src-tauri/target/x86_64-apple-darwin/release/eim
           if-no-files-found: error
 
+      - name: Upload Release Asset
+        if: github.event_name == 'release' && github.event.action == 'created' && matrix.platform == 'macos-12'
+        uses: actions/upload-release-asset@v1
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        with:
+          upload_url: ${{ github.event.release.upload_url }}
+          asset_path: src-tauri/target/x86_64-apple-darwin/release/eim
+          asset_name: eim-macos-intel
+          asset_content_type: application/octet-stream
+
       - name: Upload app MacOs
         uses: actions/upload-artifact@v4
         if: matrix.platform == 'macos-13'
@@ -196,6 +317,17 @@ jobs:
             src-tauri/target/release/eim.exe
           if-no-files-found: error
 
+      - name: Upload Release Asset
+        if: github.event_name == 'release' && github.event.action == 'created' && matrix.platform == 'windows-latest'
+        uses: actions/upload-release-asset@v1
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        with:
+          upload_url: ${{ github.event.release.upload_url }}
+          asset_path: src-tauri/target/release/eim.exe
+          asset_name: eim.exe
+          asset_content_type: application/octet-stream
+
       - name: Upload app Windows
         uses: actions/upload-artifact@v4
         if: matrix.platform == 'windows-latest'

diff --git a/eim.entitlement b/eim.entitlement
@@ -0,0 +1,18 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
+<plist version="1.0">
+<dict>
+    <key>com.apple.security.cs.allow-jit</key>
+    <true/>
+    <key>com.apple.security.cs.allow-unsigned-executable-memory</key>
+    <true/>
+    <key>com.apple.security.cs.disable-executable-page-protection</key>
+    <true/>
+    <key>com.apple.security.cs.allow-dyld-environment-variables</key>
+    <true/>
+    <key>com.apple.security.cs.disable-library-validation</key>
+    <true/>
+    <key>com.apple.security.cs.debugger</key>
+    <true/>
+</dict>
+</plist>