Add a new avatar set: Monochrom #169
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: insider | |
on: | |
push: | |
tags: [ insider* ] | |
jobs: | |
insider: | |
runs-on: self-hosted | |
strategy: | |
matrix: | |
run-config: | |
- { scheme: 'Planet', destination: 'platform=macOS'} | |
steps: | |
- name: Checkout Repository | |
uses: actions/checkout@v3 | |
with: | |
lfs: true | |
- name: Checkout LFS objects | |
run: git lfs pull | |
- name: Set insider SUFeedURL | |
run: /usr/libexec/PlistBuddy -c "Set :SUFeedURL https://opensource.planetable.xyz/planet-insider/appcast.xml" Planet/Info.plist | |
- name: Set insider icon | |
run: /usr/bin/sed -i '' 's/AppIcon/AppIcon-Insider/g' Planet/Release.xcconfig | |
- name: Fix Package Dependencies | |
run: xcodebuild -resolvePackageDependencies -onlyUsePackageVersionsFromResolvedFile | |
- name: Show Build Version | |
run: xcodebuild -version | |
- name: Show Build Settings | |
run: xcodebuild -showBuildSettings | |
- name: Show Build SDK | |
run: xcodebuild -showsdks | |
- name: Show Available Destinations | |
env: | |
scheme: ${{ matrix.run-config['scheme'] }} | |
run: xcodebuild -scheme ${scheme} -showdestinations | |
- name: Set ENV | |
run: echo "RELEASE_VERSION=${GITHUB_REF#refs/*/}" >> $GITHUB_ENV | |
- name: Install the Apple certificate | |
env: | |
BUILD_CERTIFICATE_BASE64: ${{ secrets.BUILD_CERTIFICATE_BASE64 }} | |
P12_PASSWORD: ${{ secrets.P12_PASSWORD }} | |
KEYCHAIN_PASSWORD: ${{ secrets.KEYCHAIN_PASSWORD }} | |
run: | | |
# create variables | |
CERTIFICATE_PATH=$RUNNER_TEMP/build_certificate.p12 | |
KEYCHAIN_PATH=$RUNNER_TEMP/app-signing.keychain-db | |
# import certificate from secrets | |
echo -n "$BUILD_CERTIFICATE_BASE64" | base64 -d -o $CERTIFICATE_PATH | |
# create temporary keychain | |
security create-keychain -p "$KEYCHAIN_PASSWORD" $KEYCHAIN_PATH | |
security set-keychain-settings -lut 21600 $KEYCHAIN_PATH | |
security unlock-keychain -p "$KEYCHAIN_PASSWORD" $KEYCHAIN_PATH | |
# import certificate to keychain | |
security import $CERTIFICATE_PATH -P "$P12_PASSWORD" -A -t cert -f pkcs12 -k $KEYCHAIN_PATH | |
security list-keychain -d user -s $KEYCHAIN_PATH | |
- name: Build | |
env: | |
scheme: ${{ matrix.run-config['scheme'] }} | |
run: | | |
xcodebuild archive -scheme ${scheme} -archivePath archive/Planet.xcarchive -showBuildTimingSummary -allowProvisioningUpdates | |
- name: Prepare for Codesign | |
run: | | |
mkdir to-be-signed | |
ditto archive/Planet.xcarchive/Products/Applications/Planet.app to-be-signed/Planet.app | |
- name: Codesign with Developer ID | |
run: | | |
xcrun codesign --options runtime --deep --force --verbose --timestamp --sign "Developer ID Application: ${{ secrets.DEVELOPER_NAME }}" to-be-signed/Planet.app/Contents/Frameworks/Sparkle.framework/Versions/B/XPCServices/Installer.xpc | |
xcrun codesign --options runtime --deep --force --verbose --timestamp --sign "Developer ID Application: ${{ secrets.DEVELOPER_NAME }}" to-be-signed/Planet.app/Contents/Frameworks/Sparkle.framework/Versions/B/Autoupdate | |
xcrun codesign --options runtime --deep --force --verbose --timestamp --sign "Developer ID Application: ${{ secrets.DEVELOPER_NAME }}" to-be-signed/Planet.app/Contents/Frameworks/Sparkle.framework/Versions/B/Updater.app | |
xcrun codesign --options runtime --deep --force --verbose --timestamp --sign "Developer ID Application: ${{ secrets.DEVELOPER_NAME }}" to-be-signed/Planet.app/Contents/Frameworks/Sparkle.framework | |
- name: Prepare for Notarization | |
run: | | |
ditto -c -k --keepParent to-be-signed/Planet.app Planet.zip | |
- name: Submit for Notarization | |
run: | | |
xcrun notarytool submit Planet.zip --apple-id ${{ secrets.NOTARIZE_USERNAME }} --password ${{ secrets.NOTARIZE_PASSWORD }} --team-id ${{ secrets.TEAM_ID }} --wait --timeout 10m --verbose | |
- name: Staple | |
run: | | |
xcrun stapler staple -v to-be-signed/Planet.app | |
- name: Generate Planet.zip | |
run: | | |
ditto -c -k --keepParent to-be-signed/Planet.app Planet.zip | |
- name: Generate Planet.zip.dSYM.zip | |
run: | | |
ditto -c -k --keepParent archive/Planet.xcarchive/dSYMs/Planet.app.dSYM Planet.app.dSYM.zip | |
- name: Release App | |
uses: softprops/action-gh-release@v1 | |
with: | |
prerelease: true | |
files: | | |
Planet.zip | |
Planet.app.dSYM.zip | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
- name: Upload to DigitalOcean Spaces | |
uses: BetaHuhn/do-spaces-action@v2 | |
with: | |
access_key: ${{ secrets.DO_ACCESS_KEY }} | |
secret_key: ${{ secrets.DO_SECRET_KEY }} | |
space_name: ${{ secrets.DO_SPACE_NAME }} | |
space_region: ${{ secrets.DO_SPACE_REGION }} | |
source: Planet.zip | |
out_dir: planet-insider/${{ env.RELEASE_VERSION }} | |
- name: Prepare for Sparkle Appcast | |
env: | |
WORKPLACE: ${{ github.workspace }} | |
run: | | |
mkdir -p Release | |
cp Planet.zip Release/ | |
${{ secrets.SPARKLE_GENERATE_INSIDER }} $WORKPLACE/Release ${{ env.RELEASE_VERSION }} | |
- name: Upload Sparkle Appcast | |
uses: BetaHuhn/do-spaces-action@v2 | |
with: | |
access_key: ${{ secrets.DO_ACCESS_KEY }} | |
secret_key: ${{ secrets.DO_SECRET_KEY }} | |
space_name: ${{ secrets.DO_SPACE_NAME }} | |
space_region: ${{ secrets.DO_SPACE_REGION }} | |
source: Release/appcast.xml | |
out_dir: planet-insider | |
- name: Purge CDN Cache (appcast.xml file only) | |
run: | | |
curl -X DELETE -H "Content-Type: application/json" -H "Authorization: Bearer ${{ secrets.DO_PLATFORM_TOKEN }}" -d '{"files": ["planet-insider/appcast.xml"]}' "https://api.digitalocean.com/v2/cdn/endpoints/${{ secrets.DO_CDN_ENDPOINT_ID }}/cache" | |
- name: Cleanup Keychain | |
if: ${{ always() }} | |
run: | | |
security delete-keychain $RUNNER_TEMP/app-signing.keychain-db |