App Nap / Cores Utiliization (#63) #34
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Build and Release (macOS) | |
| on: | |
| push: | |
| tags: | |
| - '*' | |
| permissions: | |
| contents: write | |
| jobs: | |
| build-macos: | |
| runs-on: macos-latest | |
| strategy: | |
| matrix: | |
| arch: [ x86_64, aarch64 ] | |
| env: | |
| # Build constants | |
| TARGET: macos | |
| ARCH: ${{ matrix.arch }} | |
| VERSION: ${{ github.ref_name }} | |
| # Where dioxus-cli places the .app | |
| APP_DIR: /Users/runner/work/ore-app/ore-app/dist/OreApp.app | |
| # AWS publish constants | |
| AWS_REGION: us-east-1 | |
| S3_BUCKET_NAME: ore-app-xyz | |
| steps: | |
| # 1) Check out code | |
| - name: Check out code | |
| uses: actions/checkout@v3 | |
| # 2) Cache Cargo registry | |
| - name: Cache Cargo registry | |
| uses: actions/cache@v3 | |
| with: | |
| path: ~/.cargo/registry | |
| key: ${{ runner.os }}-cargo-registry-${{ hashFiles('**/Cargo.lock') }} | |
| restore-keys: | | |
| ${{ runner.os }}-cargo-registry- | |
| # 3) Cache target directory | |
| - name: Cache target directory | |
| uses: actions/cache@v3 | |
| with: | |
| path: target | |
| key: ${{ runner.os }}-cargo-target-${{ hashFiles('**/Cargo.lock') }} | |
| restore-keys: | | |
| ${{ runner.os }}-cargo-target- | |
| # 4) Install Rust (stable) | |
| - name: Install Rust | |
| uses: dtolnay/rust-toolchain@stable | |
| with: | |
| profile: minimal | |
| override: true | |
| # 5) Add Rust target based on matrix.arch | |
| - name: Add Rust target | |
| run: | | |
| rustup target add ${{ matrix.arch }}-apple-darwin | |
| # 6) Install CLI tools (dioxus, cargo-packager) | |
| - name: Install dioxus-cli and cargo-packager | |
| run: | | |
| cargo install [email protected] [email protected] | |
| # 7) Build & Package for whichever arch is active | |
| - name: Build and Package | |
| run: | | |
| CARGO_BUILD_TARGET=${{ matrix.arch }}-apple-darwin \ | |
| dx bundle --platform desktop --package-types macos --release | |
| # 8) Import Developer ID Certificate (Apple codesign) | |
| - name: Import Developer ID cert | |
| run: | | |
| echo "$DEVID_CERT_BASE64" | base64 --decode > developer_id.p12 | |
| security create-keychain -p "" build.keychain | |
| security default-keychain -s build.keychain | |
| security unlock-keychain -p "" build.keychain | |
| security import developer_id.p12 -k ~/Library/Keychains/build.keychain -P "$DEVID_CERT_PASSWORD" -T /usr/bin/codesign | |
| security set-key-partition-list -S apple-tool:,apple: -s -k "" ~/Library/Keychains/build.keychain | |
| env: | |
| DEVID_CERT_BASE64: ${{ secrets.DEVID_CERT_BASE64 }} | |
| DEVID_CERT_PASSWORD: ${{ secrets.DEVID_CERT_PASSWORD }} | |
| # 9) Code-sign the .app (Apple) | |
| - name: Code-sign .app | |
| run: | | |
| codesign --deep --force --verify --verbose --options runtime \ | |
| --sign "Developer ID Application: $DEVID_NAME ($DEVID_TEAM_ID)" \ | |
| "${{ env.APP_DIR }}" | |
| env: | |
| DEVID_NAME: ${{ secrets.DEVID_NAME }} | |
| DEVID_TEAM_ID: ${{ secrets.DEVID_TEAM_ID }} | |
| # 10) Notarize the signed .app | |
| - name: Notarize app | |
| run: | | |
| brew install jq || true | |
| set -euxo pipefail | |
| ZIP_FILE="ORE_${{ env.VERSION }}.app.zip" | |
| /usr/bin/zip -r "$ZIP_FILE" "${{ env.APP_DIR }}" | |
| xcrun notarytool submit "$ZIP_FILE" \ | |
| --apple-id "$NOTARIZE_APPLE_ID" \ | |
| --team-id "$DEVID_TEAM_ID" \ | |
| --password "$NOTARIZE_APP_PASSWORD" \ | |
| --verbose \ | |
| --wait | |
| # Staple the app | |
| xcrun stapler staple "${{ env.APP_DIR }}" | |
| env: | |
| NOTARIZE_APPLE_ID: ${{ secrets.NOTARIZE_APPLE_ID }} | |
| NOTARIZE_APP_PASSWORD: ${{ secrets.NOTARIZE_APP_PASSWORD }} | |
| DEVID_TEAM_ID: ${{ secrets.DEVID_TEAM_ID }} | |
| # 11) Configure AWS credentials (for final uploads) | |
| - name: Configure AWS credentials | |
| uses: aws-actions/configure-aws-credentials@v3 | |
| with: | |
| aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
| aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
| aws-region: ${{ env.AWS_REGION }} | |
| # 12) Package .app into a tar.gz, sign it with cargo-packager, upload both tarball + signature | |
| - name: Package, Sign, and Upload .tar.gz | |
| env: | |
| CARGO_PACKAGER_SIGN_PRIVATE_KEY: ${{ secrets.CARGO_PACKAGER_SIGN_PRIVATE_KEY }} | |
| CARGO_PACKAGER_SIGN_PRIVATE_KEY_PASSWORD: ${{ secrets.CARGO_PACKAGER_SIGN_PRIVATE_KEY_PASSWORD }} | |
| run: | | |
| TAR_FILE="ORE_${{ env.VERSION }}.app.tar.gz" | |
| tar -czf "$TAR_FILE" -C "$(dirname "${{ env.APP_DIR }}")" "$(basename "${{ env.APP_DIR }}")" | |
| # Sign the tarball for your self-updater | |
| cargo packager signer sign "$TAR_FILE" | |
| if [ "${{ env.ARCH }}" = "x86_64" ]; then | |
| OUT_ARCH="x64" | |
| else | |
| OUT_ARCH="aarch64" | |
| fi | |
| # --- Upload to VERSIONED path --- | |
| aws s3 cp "$TAR_FILE" "s3://${{ env.S3_BUCKET_NAME }}/${{ env.TARGET }}/${{ env.ARCH }}/${{ env.VERSION }}/ore_${{ env.VERSION }}_${OUT_ARCH}.app.tar.gz" | |
| aws s3 cp "$TAR_FILE.sig" "s3://${{ env.S3_BUCKET_NAME }}/${{ env.TARGET }}/${{ env.ARCH }}/${{ env.VERSION }}/ore_${{ env.VERSION }}_${OUT_ARCH}.app.tar.gz.sig" | |
| # --- ALSO publish to "latest" path --- | |
| aws s3 cp "$TAR_FILE" "s3://${{ env.S3_BUCKET_NAME }}/${{ env.TARGET }}/${{ env.ARCH }}/latest/ore_latest_${OUT_ARCH}.app.tar.gz" | |
| aws s3 cp "$TAR_FILE.sig" "s3://${{ env.S3_BUCKET_NAME }}/${{ env.TARGET }}/${{ env.ARCH }}/latest/ore_latest_${OUT_ARCH}.app.tar.gz.sig" | |
| # 13) Create a DMG with Applications alias (Drag-and-Drop) | |
| - name: Create DMG | |
| run: | | |
| DMG_FILE="ORE_${{ env.VERSION }}.dmg" | |
| DMG_DIR="$(mktemp -d -t dmgbuild)" | |
| echo "Staging in $DMG_DIR" | |
| cp -R "${{ env.APP_DIR }}" "$DMG_DIR/" | |
| ln -s /Applications "$DMG_DIR/Applications" | |
| hdiutil create -volname "Install ORE" \ | |
| -srcfolder "$DMG_DIR" \ | |
| -ov -format UDZO \ | |
| "$DMG_FILE" | |
| rm -rf "$DMG_DIR" | |
| echo "DMG created: $DMG_FILE" | |
| # 14) Code-sign DMG (optional but recommended) | |
| - name: Sign DMG | |
| run: | | |
| DMG_FILE="ORE_${{ env.VERSION }}.dmg" | |
| codesign --force --sign "Developer ID Application: $DEVID_NAME ($DEVID_TEAM_ID)" --verbose \ | |
| "$DMG_FILE" | |
| env: | |
| DEVID_NAME: ${{ secrets.DEVID_NAME }} | |
| DEVID_TEAM_ID: ${{ secrets.DEVID_TEAM_ID }} | |
| # 15) Notarize DMG | |
| - name: Notarize DMG | |
| run: | | |
| DMG_FILE="ORE_${{ env.VERSION }}.dmg" | |
| xcrun notarytool submit "$DMG_FILE" \ | |
| --apple-id "$NOTARIZE_APPLE_ID" \ | |
| --team-id "$DEVID_TEAM_ID" \ | |
| --password "$NOTARIZE_APP_PASSWORD" \ | |
| --verbose \ | |
| --wait | |
| # Staple the DMG | |
| xcrun stapler staple "$DMG_FILE" | |
| env: | |
| NOTARIZE_APPLE_ID: ${{ secrets.NOTARIZE_APPLE_ID }} | |
| NOTARIZE_APP_PASSWORD: ${{ secrets.NOTARIZE_APP_PASSWORD }} | |
| DEVID_TEAM_ID: ${{ secrets.DEVID_TEAM_ID }} | |
| # 16) Upload DMG to S3 | |
| - name: Upload DMG | |
| run: | | |
| DMG_FILE="ORE_${{ env.VERSION }}.dmg" | |
| if [ "${{ env.ARCH }}" = "x86_64" ]; then | |
| OUT_ARCH="x64" | |
| else | |
| OUT_ARCH="aarch64" | |
| fi | |
| # --- Upload to VERSIONED path --- | |
| aws s3 cp "$DMG_FILE" "s3://${{ env.S3_BUCKET_NAME }}/${{ env.TARGET }}/${{ env.ARCH }}/${{ env.VERSION }}/ore_${{ env.VERSION }}_${OUT_ARCH}.dmg" | |
| # --- ALSO publish to "latest" path --- | |
| aws s3 cp "$DMG_FILE" "s3://${{ env.S3_BUCKET_NAME }}/${{ env.TARGET }}/${{ env.ARCH }}/latest/ore_latest_${OUT_ARCH}.dmg" | |
| echo "DMG uploaded to S3." | |
| env: | |
| DEVID_TEAM_ID: ${{ secrets.DEVID_TEAM_ID }} | |
| # 17) Print links for both .tar.gz (auto-updates) and .dmg (new users) | |
| - name: Print Download Links | |
| run: | | |
| if [ "${{ env.ARCH }}" = "x86_64" ]; then | |
| OUT_ARCH="x64" | |
| else | |
| OUT_ARCH="aarch64" | |
| fi | |
| echo "Download macOS DMG for $OUT_ARCH at:" | |
| echo "https://${{ env.S3_BUCKET_NAME }}.s3.amazonaws.com/${{ env.TARGET }}/${{ env.ARCH }}/${{ env.VERSION }}/ore_${{ env.VERSION }}_${OUT_ARCH}.dmg" | |
| echo "Download macOS tarball for $OUT_ARCH (self-update) at:" | |
| echo "https://${{ env.S3_BUCKET_NAME }}.s3.amazonaws.com/${{ env.TARGET }}/${{ env.ARCH }}/${{ env.VERSION }}/ore_${{ env.VERSION }}_${OUT_ARCH}.app.tar.gz" |