Merge pull request #42 from iits-consulting/Ninja243-osx-signing #29

Workflow file for this run

.github/workflows/release.yml at b7123d9

	name: Release
	on:
	push:
	tags:
	- "*"
	jobs:
	goreleaser:
	runs-on: macos-13
	steps:
	- name: Checkout
	uses: actions/checkout@v2
	with:
	fetch-depth: 0
	- name: Set env
	run: echo "RELEASE_VERSION=${GITHUB_REF#refs/*/}" >> $GITHUB_ENV

	- name: Setup Go
	uses: actions/setup-go@v3
	with:
	go-version: 1.19

	- name: Import Code-Signing Certificates
	uses: apple-actions/import-codesign-certs@v1
	with:
	p12-file-base64: ${{ secrets.MAC_CERT }}
	p12-password: ${{ secrets.MAC_CERT_PASS }}
	keychain: build
	keychain-password: ${{ secrets.MAC_CERT_PASS }}

	- name: Setup Keychain
	run: \|
	KEYCHAIN=build.keychain
	security default-keychain -s $KEYCHAIN
	security unlock-keychain -p $MAC_CERT_PASS $KEYCHAIN
	curl -o AppleWWDRCAG3.cer https://www.apple.com/certificateauthority/AppleWWDRCAG3.cer
	security import AppleWWDRCAG3.cer -k $KEYCHAIN -T /usr/bin/codesign
	curl -o AppleRootCA.cer https://www.apple.com/appleca/AppleIncRootCertificate.cer
	security import AppleRootCA.cer -k $KEYCHAIN -T /usr/bin/codesign
	curl -o AppleDevIntermediate.cer https://www.apple.com/certificateauthority/DeveloperIDG2CA.cer
	security import AppleDevIntermediate.cer -k $KEYCHAIN -T /usr/bin/codesign
	security find-identity -v $KEYCHAIN
	rm *.cer
	env:
	MAC_CERT_PASS: ${{ secrets.MAC_CERT_PASS }}

	- name: Run GoReleaser
	uses: goreleaser/goreleaser-action@v3
	with:
	version: latest
	args: release --rm-dist
	env:
	GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
	NOTARYTOOL_PASS: ${{ secrets.NOTARYTOOL_PASS }}

	- name: Read post build hook logs
	if: always()
	run: cat post_build_output.txt

	- name: Set up Docker Buildx
	uses: docker/setup-buildx-action@v2

	- name: Login to GitHub Container Registry
	uses: docker/login-action@v2
	with:
	registry: ghcr.io
	username: ${{ github.repository_owner }}
	password: ${{ secrets.GITHUB_TOKEN }}

	- name: Build and push Docker images
	uses: docker/build-push-action@v3
	with:
	push: true
	build-args: \|
	VERSION=${{ env.RELEASE_VERSION }}
	GITHUB_REPOSITORY=${{ github.repository }}
	tags: \|
	ghcr.io/iits-consulting/otc-auth:latest
	ghcr.io/iits-consulting/otc-auth:${{ env.RELEASE_VERSION }}
	aur-publish:
	runs-on: ubuntu-latest
	steps:
	- uses: actions/checkout@v2

	- name: Prepare PKGBUILD
	run: \|
	# We simply imply that ref is always a valid tag for now.
	sed -e "s/__VERSION__/${GITHUB_REF_NAME}/" <PKGBUILD.template >PKGBUILD
	- name: Publish AUR package
	uses: KSXGitHub/[email protected]
	with:
	pkgname: otc-auth
	pkgbuild: ./PKGBUILD
	commit_username: ${{ secrets.AUR_USERNAME }}
	commit_email: ${{ secrets.AUR_EMAIL }}
	ssh_private_key: ${{ secrets.AUR_SSH_PRIVATE_KEY }}
	commit_message: "Bump to ${{ github.github_ref_name }}"
	ssh_keyscan_types: rsa,dsa,ecdsa,ed25519

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Merge pull request #42 from iits-consulting/Ninja243-osx-signing #29

Workflow file

Merge pull request #42 from iits-consulting/Ninja243-osx-signing #29

Jobs

Run details

Workflow file for this run