Update appsign #85
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: CI | |
| on: | |
| push: | |
| pull_request: | |
| workflow_dispatch: | |
| release: | |
| types: [published] | |
| env: | |
| PROJECT_TYPE: TOOL | |
| jobs: | |
| build: | |
| name: Build | |
| runs-on: macos-latest | |
| env: | |
| JOB_TYPE: BUILD | |
| steps: | |
| - uses: actions/checkout@v3 | |
| - name: Install Dependencies | |
| run: brew install create-dmg | |
| env: | |
| HOMEBREW_NO_INSTALL_CLEANUP: 1 | |
| HOMEBREW_NO_AUTO_UPDATE: 1 | |
| - name: CI Bootstrap | |
| run: | | |
| src=$(/usr/bin/curl -Lfs https://raw.githubusercontent.com/acidanthera/ocbuild/master/ci-bootstrap.sh) && eval "$src" || exit 1 | |
| /usr/bin/curl -OL "https://github.com/acidanthera/ocbuild/raw/62c8088f73ebcaa07aec31bd450866f41fcf1c8f/codesign/appsign.sh" || exit 1 | |
| chmod a+x appsign.sh || exit 1 | |
| - name: Compile with codesign (DEBUG) | |
| if: github.repository_owner == 'acidanthera' && github.event_name != 'pull_request' | |
| env: | |
| MAC_CERTIFICATE_PASSWORD: ${{ secrets.MAC_CERTIFICATE_PASSWORD }} | |
| MAC_ACCOUNT_NAME: ${{ secrets.MAC_ACCOUNT_NAME }} | |
| MAC_ACCOUNT_PASSWORD: ${{ secrets.MAC_ACCOUNT_PASSWORD }} | |
| run: DEPLOY_SCRIPT="$(pwd)/appsign.sh" xcodebuild -jobs 1 -configuration Debug | |
| - name: Compile with codesign (RELEASE) | |
| if: github.repository_owner == 'acidanthera' && github.event_name != 'pull_request' | |
| env: | |
| MAC_CERTIFICATE_PASSWORD: ${{ secrets.MAC_CERTIFICATE_PASSWORD }} | |
| MAC_ACCOUNT_NAME: ${{ secrets.MAC_ACCOUNT_NAME }} | |
| MAC_ACCOUNT_PASSWORD: ${{ secrets.MAC_ACCOUNT_PASSWORD }} | |
| run: DEPLOY_SCRIPT="$(pwd)/appsign.sh" xcodebuild -jobs 1 -configuration Release | |
| - name: Compile (DEBUG) | |
| if: github.repository_owner != 'acidanthera' || github.event_name == 'pull_request' | |
| run: xcodebuild -jobs 1 -configuration Debug | |
| - name: Compile (RELEASE) | |
| if: github.repository_owner != 'acidanthera' || github.event_name == 'pull_request' | |
| run: xcodebuild -jobs 1 -configuration Release | |
| - name: Upload to Artifacts | |
| if: github.repository_owner == 'acidanthera' && github.event_name != 'pull_request' | |
| uses: actions/upload-artifact@v3 | |
| with: | |
| name: Artifacts | |
| path: build/*/*.dmg | |
| - name: Upload to Release | |
| if: github.event_name == 'release' && github.repository_owner == 'acidanthera' | |
| uses: svenstaro/upload-release-action@e74ff71f7d8a4c4745b560a485cc5fdb9b5b999d | |
| with: | |
| repo_token: ${{ secrets.GITHUB_TOKEN }} | |
| file: build/*/*.dmg | |
| tag: ${{ github.ref }} | |
| file_glob: true | |
| - name: Get Sparkle 1.26 | |
| if: github.event_name == 'release' && github.repository_owner == 'acidanthera' | |
| run: | | |
| curl -L -s "https://github.com/sparkle-project/Sparkle/releases/download/1.26.0/Sparkle-1.26.0.tar.xz" -o Sparkle.tar.xz || exit 1 | |
| tar -xf Sparkle.tar.xz || exit 1 | |
| - name: Get Information & Sign | |
| if: github.event_name == 'release' && github.repository_owner == 'acidanthera' | |
| run: | | |
| TAG_VER=${GITHUB_REF/refs\/tags\//} | |
| DATE=$(date -R) | |
| ./bin/sign_update -s ${{ secrets.SIGNATURE_FOR_SIGNING }} build/Release/MaciASL-${TAG_VER}-RELEASE.dmg || exit 1 | |
| ./bin/generate_appcast -o appcast.xml -s ${{ secrets.SIGNATURE_FOR_SIGNING }} --download-url-prefix https://github.com/acidanthera/MaciASL/releases/download/${TAG_VER}/ build/Release || exit 1 | |
| - name: Commit Appcast | |
| if: github.event_name == 'release' && github.repository_owner == 'acidanthera' | |
| run: | | |
| # The 41898282 identifier comes from the GitHub Actions API: https://api.github.com/users/github-actions%5Bbot%5D. | |
| git config --local user.email "41898282+github-actions[bot]@users.noreply.github.com" | |
| git config --local user.name "GitHub Action" | |
| git checkout --orphan appcast | |
| git add appcast.xml | |
| git commit appcast.xml -m "Update Appcast" | |
| git push --set-upstream origin appcast --force | |
| analyze-clang: | |
| name: Analyze Clang | |
| runs-on: macos-latest | |
| env: | |
| JOB_TYPE: ANALYZE | |
| steps: | |
| - uses: actions/checkout@v3 | |
| - name: CI Bootstrap | |
| run: | | |
| src=$(/usr/bin/curl -Lfs https://raw.githubusercontent.com/acidanthera/ocbuild/master/ci-bootstrap.sh) && eval "$src" || exit 1 | |
| - run: xcodebuild analyze -quiet -scheme MaciASL -configuration Debug CLANG_ANALYZER_OUTPUT=plist-html CLANG_ANALYZER_OUTPUT_DIR="$(pwd)/clang-analyze" && [ "$(find clang-analyze -name "*.html")" = "" ] | |
| - run: xcodebuild clean -quiet -scheme MaciASL | |
| - run: xcodebuild analyze -quiet -scheme MaciASL -configuration Release CLANG_ANALYZER_OUTPUT=plist-html CLANG_ANALYZER_OUTPUT_DIR="$(pwd)/clang-analyze" && [ "$(find clang-analyze -name "*.html")" = "" ] | |
| analyze-coverity: | |
| name: Analyze Coverity | |
| runs-on: macos-latest | |
| env: | |
| JOB_TYPE: COVERITY | |
| if: github.repository_owner == 'acidanthera' && github.event_name != 'pull_request' | |
| steps: | |
| - uses: actions/checkout@v3 | |
| - name: CI Bootstrap | |
| run: | | |
| src=$(/usr/bin/curl -Lfs https://raw.githubusercontent.com/acidanthera/ocbuild/master/ci-bootstrap.sh) && eval "$src" || exit 1 | |
| - name: Run Coverity | |
| run: | | |
| src=$(/usr/bin/curl -Lfs https://raw.githubusercontent.com/acidanthera/ocbuild/master/coverity/covstrap.sh) && eval "$src" || exit 1 | |
| env: | |
| COVERITY_SCAN_TOKEN: ${{ secrets.COVERITY_SCAN_TOKEN }} | |
| COVERITY_SCAN_EMAIL: ${{ secrets.COVERITY_SCAN_EMAIL }} | |
| COVERITY_BUILD_COMMAND: xcodebuild -configuration Release |