create_pkg.yml

name: create_pkg

on:
  workflow_dispatch:
    inputs:
      release:
        description: 'Release after build'
        required: true
        default: 'no'
  
jobs:
  build:
    runs-on: macos-latest

    steps:
    - name: Checkout repository
      uses: actions/checkout@v4

    - name: Create Distribution directory
      run: mkdir -p dist/bin

    - name: Copy Local Distribution 
      run: |
        mkdir -p dist/bin
        cp -R ./bin/. ./dist/bin

    - name: Verify Copied Files
      run: |
        echo "Checking copied files..."
        ls -l ./dist/bin

    - name: Prepare Directories
      run: |
        PARENT=$( cd "$(dirname "${BASH_SOURCE[0]}")" ; pwd -P )
        mkdir -p "$PARENT/dist/bin"
        mkdir -p "$PARENT/dist/pkg-build"

    - name: Copy Local Resources
      run: |
        PARENT=$( cd "$(dirname "${BASH_SOURCE[0]}")" ; pwd -P )
        cp -R ./bin/airlift "$PARENT/dist/bin"
        cp -R ./bin/entitlements.plist "$PARENT/dist/bin"
      
    - name: Create Airlift PKG for macOS
      run: |
        PARENT=$( cd "$(dirname "${BASH_SOURCE[0]}")" ; pwd -P )
        BINARY_PATH="$PARENT/dist/bin/airlift"
        PKG_IDENTIFIER="co.theacharya.Airlift"
        INSTALL_LOCATION="/Applications/Airlift"
        PACKAGE_NAME="Airlift-unsigned"
        OUTPUT_DIR="$PARENT/dist/pkg-build"
        VERSION="1.0.5"
        
        echo "Creating Temp Dir"
        TMP_DIR="$OUTPUT_DIR/tmp_pkgbuild"
        mkdir -p "$TMP_DIR"

        cp "$BINARY_PATH" "$TMP_DIR/$(basename "$BINARY_PATH")"

        echo "Running Creating PKG"
        pkgbuild --root "$TMP_DIR" --identifier "$PKG_IDENTIFIER" --version "$VERSION" --install-location "$INSTALL_LOCATION" "$OUTPUT_DIR/$PACKAGE_NAME.pkg"

        rm -rf "$TMP_DIR"
        
    - name: Verify Files
      run: |
        PARENT=$( cd "$(dirname "${BASH_SOURCE[0]}")" ; pwd -P )
        echo "Checking copied files..."
        ls -l "$PARENT/dist/pkg-build"
      
    - name: Productsign Airlift
      env: 
        APPLE_INSTALL_CERT_DATA: ${{ secrets.APPLE_INSTALL_CERT_DATA }}
        APPLE_INSTALL_CERT_PASSWORD: ${{ secrets.APPLE_INSTALL_CERT_PASSWORD }}
        KEYCHAIN_PASSWORD_IN: ${{ secrets.KEYCHAIN_PASSWORD_IN }}
        APPLE_TEAM_ID_INSTALL: ${{ secrets.APPLE_TEAM_ID_INSTALL }}
      run: |
        PARENT=$( cd "$(dirname "${BASH_SOURCE[0]}")" ; pwd -P )
        PKG="$PARENT/dist/pkg-build/Airlift-unsigned.pkg"
        SPKG="$PARENT/dist/pkg-build/Airlift.pkg"
        SIGNING_IDENTITY="$APPLE_TEAM_ID_INSTALL"
      
        echo $APPLE_INSTALL_CERT_DATA | base64 --decode > certificate.p12
        security create-keychain -p $KEYCHAIN_PASSWORD_IN build-i.keychain
        security default-keychain -s build-i.keychain
        security unlock-keychain -p $KEYCHAIN_PASSWORD_IN build-i.keychain
        security import certificate.p12 -k build-i.keychain -P $APPLE_INSTALL_CERT_PASSWORD -T /usr/bin/productsign
        security set-key-partition-list -S apple-tool:,apple:,productsign: -s -k $KEYCHAIN_PASSWORD_IN build-i.keychain
        
        /usr/bin/productsign --sign "$SIGNING_IDENTITY" "$PKG" "$SPKG"
      
    - name: Notarize Airlift PKG
      env:
        APPLE_DEV_ID: ${{ secrets.APPLE_DEV_ID }}
        APPLE_DEV_ID_PASSWORD: ${{ secrets.APPLE_DEV_ID_PASSWORD }}
        APPLE_TEAM_ID: ${{ secrets.APPLE_TEAM_ID }}
      run: |
        PARENT=$( cd "$(dirname "${BASH_SOURCE[0]}")" ; pwd -P )
        SPKG="$PARENT/dist/pkg-build/Airlift.pkg"
        
        echo "SPKG=$SPKG" >> $GITHUB_ENV
        echo "Create Keychain Profile"
        xcrun notarytool store-credentials "notarytool-profile" --apple-id $APPLE_DEV_ID --password $APPLE_DEV_ID_PASSWORD --team-id $APPLE_TEAM_ID
        
        echo "Notarize Airlift PKG"
        xcrun notarytool submit "$SPKG" --keychain-profile "notarytool-profile" --progress --wait
        
        echo "Attach staple"
        xcrun stapler staple "$SPKG"
    
    - name: Load release binaries for macos
      uses: actions/upload-artifact@v3
      with:
        name: Airlift
        path: ${{ env.SPKG }}