-
Notifications
You must be signed in to change notification settings - Fork 0
112 lines (96 loc) · 3.72 KB
/
release.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
name: "Build & Release"
on:
push:
tags:
- 'v*.*.*'
permissions:
contents: write
packages: write
jobs:
build-windows:
name: Build and release Windows
runs-on: windows-latest
strategy:
matrix:
goos: [ windows ]
goarch: [ amd64, arm64 ]
steps:
- uses: actions/checkout@v4
- uses: ./
name: "Common Setup"
- name: Build
run: |
make build/${{ matrix.goos }}/${{ matrix.goarch }}
- name: Windows Signing
run: |
dotnet tool install --global AzureSignTool --version 5.0.0
azuresigntool sign -kvu ${{ secrets.AZURE_KEY_VAULT_URL }} -kvi ${{ secrets.AZURE_KEY_VAULT_CLIENT_ID }} -kvs ${{ secrets.AZURE_KEY_VAULT_CLIENT_SECRET }} -kvc ${{ secrets.AZURE_KEY_VAULT_CERTIFICATE_NAME }} -kvt ${{ secrets.AZURE_KEY_VAULT_TENANT_ID }} -tr http://timestamp.digicert.com -v out\ftb-debug-${{ matrix.goos }}-${{ matrix.goarch }}.exe
- name: Release artifacts
uses: softprops/action-gh-release@v2
with:
files: |
out/*
build-linux:
name: Build and release Linux
runs-on: ubuntu-latest
strategy:
matrix:
goos: [ linux ]
goarch: [ amd64, arm64 ]
steps:
- uses: actions/checkout@v4
- uses: ./
name: "Common Setup"
- name: Build
run: |
make build/${{ matrix.goos }}/${{ matrix.goarch }}
- name: Release artifacts
uses: softprops/action-gh-release@v2
with:
files: |
out/*
build-macos:
name: Build and release macOS
runs-on: macos-latest
strategy:
matrix:
goos: [ darwin ]
goarch: [ amd64, arm64 ]
steps:
- uses: actions/checkout@v4
- uses: ./
name: "Common Setup"
- name: Build
run: |
make build/${{ matrix.goos }}/${{ matrix.goarch }}
- name: Apple Certificate
env:
BUILD_CERTIFICATE_BASE64: ${{ secrets.CSC_LINK }}
P12_PASSWORD: ${{ secrets.CSC_KEY_PASSWORD }}
KEYCHAIN_PASSWORD: ${{ secrets.KEYCHAIN_PASSWORD }}
run: |
# create variables
CERTIFICATE_PATH=$RUNNER_TEMP/build_certificate.p12
KEYCHAIN_PATH=$RUNNER_TEMP/app-signing.keychain-db
# import certificate and provisioning profile from secrets
echo -n "$BUILD_CERTIFICATE_BASE64" | base64 --decode -o $CERTIFICATE_PATH
# create temporary keychain
security create-keychain -p "$KEYCHAIN_PASSWORD" $KEYCHAIN_PATH > /dev/null
security set-keychain-settings -lut 21600 $KEYCHAIN_PATH > /dev/null
security unlock-keychain -p "$KEYCHAIN_PASSWORD" $KEYCHAIN_PATH > /dev/null
# import certificate to keychain
security import $CERTIFICATE_PATH -P "$P12_PASSWORD" -A -t cert -f pkcs12 -k $KEYCHAIN_PATH > /dev/null
security set-key-partition-list -S apple-tool:,apple: -k "$KEYCHAIN_PASSWORD" $KEYCHAIN_PATH > /dev/null
security list-keychain -d user -s $KEYCHAIN_PATH > /dev/null
- name: Codesign & Notarize
run: |
codesign -s "5372643C69B1D499BDF6EA772082E9CE99E85029" -v ./out/ftb-debug-darwin-${{ matrix.goarch }} --options=runtime --timestamp
codesign -dv ./out/ftb-debug-darwin-${{ matrix.goarch }}
zip -r ftb-debug_signed.zip out/ftb-debug-darwin-${{ matrix.goarch }}
echo "${{secrets.APPLE_API_KEY}}" > apple_api_key.p8
xcrun notarytool submit "ftb-debug_signed.zip" --key "./apple_api_key.p8" --key-id ${{ secrets.APPLE_API_KEY_ID }} --issuer ${{ secrets.APPLE_API_ISSUER }} --wait
- name: Release artifacts
uses: softprops/action-gh-release@v2
with:
files: |
out/*