-
Notifications
You must be signed in to change notification settings - Fork 3
112 lines (91 loc) · 4.1 KB
/
patch.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
name: CI - Patch latest Sequoia metallib's
on:
schedule:
- cron: "0 */3 * * *"
push:
branches:
- main
concurrency:
cancel-in-progress: true
group: ${{ github.workflow }}
jobs:
build:
name: CI - Patch latest Sequoia metallib's
runs-on: macos-latest
env:
# GitHub Releases API
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
# PKG Signing
ORG_MAC_DEVELOPER_ID_INSTALLER_IDENTITY: ${{ secrets.ORG_MAC_DEVELOPER_ID_INSTALLER_IDENTITY }}
# Notarization
ORG_MAC_NOTARIZATION_TEAM_ID: ${{ secrets.ORG_MAC_NOTARIZATION_TEAM_ID }}
ORG_MAC_NOTARIZATION_APPLE_ID: ${{ secrets.ORG_MAC_NOTARIZATION_APPLE_ID }}
ORG_MAC_NOTARIZATION_PASSWORD: ${{ secrets.ORG_MAC_NOTARIZATION_PASSWORD }}
steps:
- uses: actions/checkout@v4
- name: Set up Python 3.11
uses: actions/setup-python@v2
with:
python-version: 3.11
- name: Import Installer Signing Certificate
uses: dhinakg/import-codesign-certs@master
with:
p12-file-base64: ${{ secrets.ORG_MAC_DEVELOPER_ID_INSTALLER_CERT_P12_BASE64 }}
p12-password: ${{ secrets.ORG_MAC_DEVELOPER_ID_INSTALLER_CERT_P12_PASSWORD }}
- name: Install dependencies
run: python3 -m pip install -r requirements.txt
- name: Download latest Sequoia IPSW
run: echo "IPSW_FILE=$(python3 metallib.py --download --continuous-integration)" >> $GITHUB_OUTPUT
id: download
- name: Extract system volume
if: steps.download.outputs.IPSW_FILE != ''
run: echo "DMG_FILE=$(python3 metallib.py --extract ${{ steps.download.outputs.IPSW_FILE }})" >> $GITHUB_OUTPUT
id: extract
- name: Fetch metal libraries
if: steps.extract.outputs.DMG_FILE != ''
run: echo "BACKUP_FOLDER=$(python3 metallib.py --fetch ${{ steps.extract.outputs.DMG_FILE }})" >> $GITHUB_OUTPUT
id: fetch
- name: Patch metal libraries
if: steps.fetch.outputs.BACKUP_FOLDER != ''
run: python3 metallib.py --patch ${{ steps.fetch.outputs.BACKUP_FOLDER }}
- name: Build sys_patch_dict.py
if: steps.fetch.outputs.BACKUP_FOLDER != ''
run: python3 metallib.py --build-sys-patch ${{ steps.fetch.outputs.BACKUP_FOLDER }} --continuous-integration
- name: Build Package
if: steps.fetch.outputs.BACKUP_FOLDER != ''
run: python3 metallib.py --build-pkg ${{ steps.fetch.outputs.BACKUP_FOLDER }} --pkg-signing-identity "${{env.ORG_MAC_DEVELOPER_ID_INSTALLER_IDENTITY}}" --notarization-team-id "${{env.ORG_MAC_NOTARIZATION_TEAM_ID}}" --notarization-apple-id "${{env.ORG_MAC_NOTARIZATION_APPLE_ID}}" --notarization-password "${{env.ORG_MAC_NOTARIZATION_PASSWORD}}"
- name: Upload metal libraries to Artifacts
if: steps.fetch.outputs.BACKUP_FOLDER != ''
uses: actions/upload-artifact@v3
with:
name: MetallibSupportPkg.pkg
path: ./MetallibSupportPkg-*.pkg
- name: Upload sys_patch_dict.py to Artifacts
if: steps.fetch.outputs.BACKUP_FOLDER != ''
uses: actions/upload-artifact@v3
with:
name: sys_patch_dict.py
path: sys_patch_dict.py
- name: Upload manifest to Artifacts
if: steps.fetch.outputs.BACKUP_FOLDER != ''
uses: actions/upload-artifact@v3
with:
name: manifest.json
path: deploy/manifest.json
- name: Sync GitHub Pages
if: ${{ github.event_name == 'push' && github.ref == 'refs/heads/main' && steps.fetch.outputs.BACKUP_FOLDER != '' }}
uses: JamesIves/[email protected]
with:
ACCESS_TOKEN: ${{ secrets.ACCESS_TOKEN }}
BRANCH: gh-pages
FOLDER: deploy/
CLEAN: true
- name: Create GitHub release
if: ${{ github.event_name == 'push' && github.ref == 'refs/heads/main' && steps.fetch.outputs.BACKUP_FOLDER != '' }}
uses: softprops/action-gh-release@v1
with:
files: |
MetallibSupportPkg-*.pkg
sys_patch_dict.py
token: ${{ secrets.GITHUB_TOKEN }}
tag_name: ${{ steps.fetch.outputs.BACKUP_FOLDER }}