Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Create, sign and notarize and release a universal macOS binary #91

Merged
merged 6 commits into from
Oct 1, 2024
Merged

Create, sign and notarize and release a universal macOS binary #91

Changes from all commits
Commits
Show all changes
6 commits
Select commit Hold shift + click to select a range
7d3ce24
Create, sign and notarize a universal macOS binary, combining the arm…
timrogers Oct 1, 2024
33ffb74
Use the darwin-universal binary for Homebrew
timrogers Oct 1, 2024
d22e3de
Add sanitize ref step
timrogers Oct 1, 2024
1100904
Inline lipo call
timrogers Oct 1, 2024
a19cf94
Remove unnecessary condition
timrogers Oct 1, 2024
2f2ab14
Fix formatting
timrogers Oct 1, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
59 changes: 57 additions & 2 deletions .github/workflows/build_and_release.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -102,6 +102,55 @@ jobs:
notarize: true
app_store_connect_api_key_json_file: app_store_connect_api_key.json
if: matrix.job.os == 'macos-latest'
create_and_sign_macos_universal_binary:
name: Create and sign macOS universal binary (macOS only)
runs-on: macos-latest
needs: build
steps:
- name: Sanitise Git ref for use in filenames
id: sanitise_ref
run: echo "::set-output name=value::$(echo "${{ github.ref_name }}" | tr '/' '_')"
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The use of ::set-output is deprecated. Use echo "value=<value>" >> $GITHUB_ENV instead. This applies to all instances where ::set-output is used.

- name: Download macOS amd64 binary
uses: actions/download-artifact@v4
with:
name: litra_${{ steps.sanitise_ref.outputs.value }}_darwin-amd64
- name: Download macOS arm64 binary
uses: actions/download-artifact@v4
with:
name: litra_${{ steps.sanitise_ref.outputs.value }}_darwin-arm64
- name: Create universal macOS binary
run: lipo -create -output litra_${{ steps.sanitise_ref.outputs.value }}_darwin-universal litra_${{ steps.sanitise_ref.outputs.value }}_darwin-amd64 litra_${{ steps.sanitise_ref.outputs.value }}_darwin-arm64
- name: Write Apple signing key to a file (macOS only)
env:
APPLE_SIGNING_KEY_P12: ${{ secrets.APPLE_SIGNING_KEY_P12 }}
run: echo "$APPLE_SIGNING_KEY_P12" | base64 -d -o key.p12
- name: Write App Store Connect API key to a file (macOS only)
env:
APP_STORE_CONNECT_API_KEY: ${{ secrets.APP_STORE_CONNECT_API_KEY }}
run: echo "$APP_STORE_CONNECT_API_KEY" > app_store_connect_api_key.json
- name: Sign macOS binary (macOS only)
uses: indygreg/apple-code-sign-action@v1
with:
input_path: litra_${{ steps.sanitise_ref.outputs.value }}_darwin-universal
p12_file: key.p12
p12_password: ${{ secrets.APPLE_SIGNING_KEY_PASSWORD }}
sign: true
sign_args: "--code-signature-flags=runtime"
- name: Upload binary as artifact
uses: actions/upload-artifact@v4
with:
path: litra_${{ steps.sanitise_ref.outputs.value }}_darwin-universal
name: litra_${{ steps.sanitise_ref.outputs.value }}_darwin-universal
- name: Archive macOS binary for notarisation (macOS only)
run: zip litra_${{ steps.sanitise_ref.outputs.value }}_darwin-universal.zip litra_${{ steps.sanitise_ref.outputs.value }}_darwin-universal
- name: Notarise signed macOS binary (macOS only)
uses: indygreg/apple-code-sign-action@v1
with:
input_path: litra_${{ steps.sanitise_ref.outputs.value }}_darwin-universal.zip
sign: false
notarize: true
app_store_connect_api_key_json_file: app_store_connect_api_key.json

cargo_publish_dry_run:
name: Publish with Cargo in dry-run mode
runs-on: ubuntu-latest
Expand Down Expand Up @@ -133,7 +182,9 @@ jobs:
create_github_release:
name: Create release with binary assets
runs-on: ubuntu-latest
needs: build
needs:
- build
- create_and_sign_macos_universal_binary
if: startsWith(github.event.ref, 'refs/tags/v')
steps:
- name: Sanitise Git ref for use in filenames
Expand All @@ -148,6 +199,9 @@ jobs:
- uses: actions/download-artifact@v4
with:
name: litra_${{ steps.sanitise_ref.outputs.value }}_darwin-arm64
- uses: actions/download-artifact@v4
with:
name: litra_${{ steps.sanitise_ref.outputs.value }}_darwin-universal
- uses: actions/download-artifact@v4
with:
name: litra_${{ steps.sanitise_ref.outputs.value }}_windows-amd64.exe
Expand All @@ -159,6 +213,7 @@ jobs:
litra_${{ steps.sanitise_ref.outputs.value }}_darwin-amd64
litra_${{ steps.sanitise_ref.outputs.value }}_darwin-arm64
litra_${{ steps.sanitise_ref.outputs.value }}_linux-amd64
litra_${{ steps.sanitise_ref.outputs.value }}_darwin-universal
publish_on_homebrew:
name: Publish release on Homebrew
runs-on: ubuntu-latest
Expand All @@ -171,7 +226,7 @@ jobs:
- uses: mislav/bump-homebrew-formula-action@v3
with:
formula-name: litra
download-url: https://github.com/timrogers/litra-rs/releases/download/${{ steps.get_version.outputs.VERSION }}/litra_${{ steps.get_version.outputs.VERSION }}_darwin-amd64
download-url: https://github.com/timrogers/litra-rs/releases/download/${{ steps.get_version.outputs.VERSION }}/litra_${{ steps.get_version.outputs.VERSION }}_darwin-universal
homebrew-tap: timrogers/homebrew-tap
push-to: timrogers/homebrew-tap
create-pullrequest: true
Expand Down
Loading