Skip to content

Merge branch 'app-fixes' #12

Merge branch 'app-fixes'

Merge branch 'app-fixes' #12

Workflow file for this run

name: "Build & Release"
on:
push:
tags:
- 'v*.*.*'
permissions:
contents: write
packages: write
jobs:
build-windows:
name: Build and release Windows
runs-on: windows-latest
strategy:
matrix:
goos: [ windows ]
goarch: [ amd64, arm64 ]
steps:
- uses: actions/checkout@v4
- uses: ./
name: "Common Setup"
- name: Build
run: |
make build/${{ matrix.goos }}/${{ matrix.goarch }}
- name: Windows Signing
run: |
dotnet tool install --global AzureSignTool --version 5.0.0
azuresigntool sign -kvu ${{ secrets.AZURE_KEY_VAULT_URL }} -kvi ${{ secrets.AZURE_KEY_VAULT_CLIENT_ID }} -kvs ${{ secrets.AZURE_KEY_VAULT_CLIENT_SECRET }} -kvc ${{ secrets.AZURE_KEY_VAULT_CERTIFICATE_NAME }} -kvt ${{ secrets.AZURE_KEY_VAULT_TENANT_ID }} -tr http://timestamp.digicert.com -v out\ftb-debug-${{ matrix.goos }}-${{ matrix.goarch }}.exe
- name: Release artifacts
uses: softprops/action-gh-release@v2
with:
files: |
out/*
build-linux:
name: Build and release Linux
runs-on: ubuntu-latest
strategy:
matrix:
goos: [ linux ]
goarch: [ amd64, arm64 ]
steps:
- uses: actions/checkout@v4
- uses: ./
name: "Common Setup"
- name: Build
run: |
make build/${{ matrix.goos }}/${{ matrix.goarch }}
- name: Release artifacts
uses: softprops/action-gh-release@v2
with:
files: |
out/*
build-macos:
name: Build and release macOS
runs-on: macos-latest
strategy:
matrix:
goos: [ darwin ]
goarch: [ amd64, arm64 ]
steps:
- uses: actions/checkout@v4
- uses: ./
name: "Common Setup"
- name: Build
run: |
make build/${{ matrix.goos }}/${{ matrix.goarch }}
- name: Apple Certificate
env:
BUILD_CERTIFICATE_BASE64: ${{ secrets.CSC_LINK }}
P12_PASSWORD: ${{ secrets.CSC_KEY_PASSWORD }}
KEYCHAIN_PASSWORD: ${{ secrets.KEYCHAIN_PASSWORD }}
run: |
# create variables
CERTIFICATE_PATH=$RUNNER_TEMP/build_certificate.p12
KEYCHAIN_PATH=$RUNNER_TEMP/app-signing.keychain-db
# import certificate and provisioning profile from secrets
echo -n "$BUILD_CERTIFICATE_BASE64" | base64 --decode -o $CERTIFICATE_PATH
# create temporary keychain
security create-keychain -p "$KEYCHAIN_PASSWORD" $KEYCHAIN_PATH > /dev/null
security set-keychain-settings -lut 21600 $KEYCHAIN_PATH > /dev/null
security unlock-keychain -p "$KEYCHAIN_PASSWORD" $KEYCHAIN_PATH > /dev/null
# import certificate to keychain
security import $CERTIFICATE_PATH -P "$P12_PASSWORD" -A -t cert -f pkcs12 -k $KEYCHAIN_PATH > /dev/null
security set-key-partition-list -S apple-tool:,apple: -k "$KEYCHAIN_PASSWORD" $KEYCHAIN_PATH > /dev/null
security list-keychain -d user -s $KEYCHAIN_PATH > /dev/null
- name: Codesign & Notarize
run: |
codesign -s "5372643C69B1D499BDF6EA772082E9CE99E85029" -v ./out/ftb-debug-darwin-${{ matrix.goarch }} --options=runtime --timestamp
codesign -dv ./out/ftb-debug-darwin-${{ matrix.goarch }}
zip -r ftb-debug_signed.zip out/ftb-debug-darwin-${{ matrix.goarch }}
echo "${{secrets.APPLE_API_KEY}}" > apple_api_key.p8
xcrun notarytool submit "ftb-debug_signed.zip" --key "./apple_api_key.p8" --key-id ${{ secrets.APPLE_API_KEY_ID }} --issuer ${{ secrets.APPLE_API_ISSUER }} --wait
- name: Release artifacts
uses: softprops/action-gh-release@v2
with:
files: |
out/*