Skip to content

Update runner

Update runner #1702

Workflow file for this run

---
name: build
on:
push:
branches-ignore:
- 'translations_**'
tags:
- 'v*'
pull_request:
branches-ignore:
- 'translations_**'
jobs:
build:
runs-on: macos-12
env:
QS_DONT_SIGN: 1
steps:
- uses: actions/checkout@v3
with:
submodules: recursive
- name: Build debug version
working-directory: Quicksilver
run: |
./Tools/qsrelease Debug
mv /tmp/QS/build/Debug/Quicksilver{,-debug}.zip
- name: Upload debug version
uses: actions/upload-artifact@v3
with:
name: Quicksilver-debug
path: /tmp/QS/build/Debug/Quicksilver-debug.zip
- name: Build release version
working-directory: Quicksilver
run: |
./Tools/qsrelease
cp ./SharedSupport/ChangesBare.html /tmp
- name: Prepare DMG_INGREDIENTS artifact
working-directory: /tmp/QS/build/Release/
run: |
cp \
/tmp/qs_build_settings \
/tmp/Quicksilver.entitlements \
/tmp/ChangesBare.html \
./dmg/
tar -czvf ./dmg_ingredients.tar.gz ./dmg
- name: Upload components for sign action
uses: actions/upload-artifact@v3
with:
name: DMG_INGREDIENTS
path: /tmp/QS/build/Release/dmg_ingredients.tar.gz
sign:
needs: build
runs-on: macos-12
if: startsWith(github.ref, 'refs/tags/')
env:
MACOS_CERTIFICATE: ${{ secrets.MACOS_CERTIFICATE }}
MACOS_CERTIFICATE_PASSWORD: ${{ secrets.MACOS_CERTIFICATE_PASSWORD }}
KEYCHAIN_PASSWORD: ${{ secrets.KEYCHAIN_PASSWORD }}
SIGNING_IDENTITY: ${{ secrets.SIGNING_IDENTITY }}
NOTARIZING_ID: ${{ secrets.NOTARIZING_ID }}
NOTARIZING_PASS: ${{ secrets.NOTARIZING_PASS }}
KEYCHAIN_PROFILE: "Quicksilver Notarization"
steps:
- name: Download dmg folder artifact
uses: actions/download-artifact@v3
with:
name: DMG_INGREDIENTS
path: /tmp/QS/build/Release/
- name: Decompress DMG_INGREDIENTS
working-directory: /tmp/QS/build/Release/
run: |
tar -xzvf ./dmg_ingredients.tar.gz
mv \
./dmg/qs_build_settings \
./dmg/Quicksilver.entitlements \
./dmg/ChangesBare.html \
/tmp/
QS_INFO_VERSION=$(awk '/QS_INFO_VERSION/ { print $NF }' \
/tmp/qs_build_settings)
echo "QS_INFO_VERSION=${QS_INFO_VERSION}" >> "${GITHUB_ENV}"
- uses: actions/checkout@v3
with:
submodules: recursive
- name: Run Tools/qssign
working-directory: Quicksilver
run: |
# https://docs.github.com/en/actions/deployment/deploying-xcode-applications/installing-an-apple-certificate-on-macos-runners-for-xcode-development
KEYCHAIN_PATH=${RUNNER_TEMP}/app-signing.keychain-db
CERTIFICATE_PATH=${RUNNER_TEMP}/build_certificate.p12
echo -n "${MACOS_CERTIFICATE}" | base64 --decode \
--output "${CERTIFICATE_PATH}"
security create-keychain -p "${KEYCHAIN_PASSWORD}" "${KEYCHAIN_PATH}"
security default-keychain -s "${KEYCHAIN_PATH}"
security set-keychain-settings -lut 21600 "${KEYCHAIN_PATH}"
security unlock-keychain -p "${KEYCHAIN_PASSWORD}" "${KEYCHAIN_PATH}"
security import "${CERTIFICATE_PATH}" \
-P "${MACOS_CERTIFICATE_PASSWORD}" \
-A -t cert -f pkcs12 -k "${KEYCHAIN_PATH}"
xcrun notarytool store-credentials "${KEYCHAIN_PROFILE}" \
--apple-id "${NOTARIZING_ID}" \
--team-id "${SIGNING_IDENTITY}" \
--password "${NOTARIZING_PASS}"
./Tools/qssign
- name: Download debug artifact
uses: actions/download-artifact@v3
with:
name: Quicksilver-debug
path: /tmp
- name: Create checksum
run: |
cd /tmp/QS/build/Release/
shasum --algorithm 256 Quicksilver*.dmg > checksum.txt
cd /tmp
shasum --algorithm 256 Quicksilver-debug.zip >> /tmp/QS/build/Release/checksum.txt
- name: Upload Quicksilver.dmg
uses: actions/upload-artifact@v3
with:
name: "Quicksilver_${{ env.QS_INFO_VERSION }}.dmg"
path: /tmp/QS/build/Release/Quicksilver*.dmg
- name: Upload checksum
uses: actions/upload-artifact@v3
with:
name: checksums
path: /tmp/QS/build/Release/checksum.txt
- name: Release
uses: softprops/action-gh-release@v1
with:
files: |
/tmp/QS/build/Release/Quicksilver*.dmg
/tmp/QS/build/Release/checksum.txt
/tmp/Quicksilver-debug.zip
- name: Update ChangesBare.html
env:
SERVER: ${{ secrets.SERVER }}
PORT: ${{ secrets.PORT }}
SSH_KEY: ${{secrets.SSH_KEY}}
run: |
# Create ssh keyfile with locked down permissions and ensure its removal
# Unfortunately process substitution won't work because ssh closes
# all fd > 2
touch /tmp/key
chmod 0600 /tmp/key
trap 'rm -f /tmp/key' EXIT
echo "${SSH_KEY}" > /tmp/key
ssh -T "${SERVER}" -p "${PORT}" -i /tmp/key \
-o StrictHostKeyChecking=no \
"${GITHUB_REPOSITORY}" \
</tmp/ChangesBare.html
rm /tmp/key