ci: Pull CODESIGN_IDENTITY from secrets #52

Workflow file for this run

.github/workflows/release.yml at 90124ea

	name: Build and sign binaries

	on:
	push:
	tags:
	- 'v*'

	jobs:
	build_linux_amd64:
	runs-on: ubuntu-latest
	steps:
	- name: Checkout
	uses: actions/checkout@v4

	- name: Add Crystal repos
	run: curl -sSL https://crystal-lang.org/install.sh \| sudo bash

	- name: Install crystal and tool dependencies
	run: \|
	sudo apt install -y crystal ninja-build
	sudo apt purge meson
	sudo pip3 install meson

	- name: Install dependencies
	run: shards install

	- name: Install musl compiler
	run: \|
	curl -O https://more.musl.cc/x86_64-linux-musl/x86_64-linux-musl-cross.tgz
	tar xzf x86_64-linux-musl-cross.tgz -C /opt
	echo "/opt/x86_64-linux-musl-cross/bin" >> $GITHUB_PATH

	- run: x86_64-linux-musl-gcc --version

	- name: Build release bundle
	run: \|
	make release RELEASE=1 STATIC=1 TARGET_CABI=musl
	env:
	CC_FOR_BUILD: /usr/bin/clang
	CXX_FOR_BUILD: /usr/bin/clang++
	LD_FOR_BUILD: lld

	- name: Upload release bundle artifact
	uses: actions/upload-artifact@v4
	with:
	name: mstrap_linux_amd64
	path: dist

	build_linux_aarch64:
	runs-on: ubuntu-latest
	steps:
	- name: Checkout
	uses: actions/checkout@v4

	- name: Add Crystal repos
	run: curl -sSL https://crystal-lang.org/install.sh \| sudo bash

	- name: Install crystal and tool dependencies
	run: \|
	sudo apt install -y crystal ninja-build
	sudo apt purge meson
	sudo pip3 install meson

	- name: Install dependencies
	run: shards install

	- name: Install musl cross-compiler
	run: \|
	curl -O https://more.musl.cc/x86_64-linux-musl/aarch64-linux-musl-cross.tgz
	tar xzf aarch64-linux-musl-cross.tgz -C /opt
	echo "/opt/aarch64-linux-musl-cross/bin" >> $GITHUB_PATH

	- run: aarch64-linux-musl-gcc --version

	- name: Build release bundle
	run: \|
	make release RELEASE=1 STATIC=1 TARGET_ARCH=aarch64 TARGET_CABI=musl

	- name: Upload release bundle artifact
	uses: actions/upload-artifact@v4
	with:
	name: mstrap_linux_aarch64
	path: dist

	build_macos_amd64:
	runs-on: macos-14
	steps:
	- name: Checkout
	uses: actions/checkout@v4

	- name: Install crystal and tool dependencies
	run: \|
	brew install crystal meson openssl@3

	- name: Install dependencies
	run: shards install

	- name: Import Developer ID Application cert for signing and notorizing
	uses: Apple-Actions/import-codesign-certs@63fff01cd422d4b7b855d40ca1e9d34d2de9427d # v3
	with:
	p12-file-base64: ${{ secrets.APPLE_DEVELOPER_CERTIFICATE_P12_BASE64 }}
	p12-password: ${{ secrets.APPLE_DEVELOPER_CERTIFICATE_PASSWORD }}

	- name: Add notarytool credentials
	env:
	AC_USERNAME: ${{ secrets.AC_USERNAME }}
	AC_PASSWORD: ${{ secrets.AC_PASSWORD }}
	AC_TEAM_ID: ${{ secrets.AC_TEAM_ID }}
	run: \|
	xcrun notarytool store-credentials \
	--apple-id "$AC_USERNAME" \
	--team-id "$AC_TEAM_ID" \
	--password "$AC_PASSWORD" \
	mstrap

	- name: Build signed & notorized release bundle
	run: make release RELEASE=1 STATIC=1 TARGET_ARCH=x86_64 CODESIGN_IDENTITY="${{ secrets.CODESIGN_IDENTITY }}"

	- name: Smoke test the codesigned release
	run: bin/mstrap --help

	- name: Upload release bundle artifact
	uses: actions/upload-artifact@v4
	with:
	name: mstrap_macos_amd64
	path: dist

	build_macos_arm64:
	runs-on: macos-14
	steps:
	- name: Checkout
	uses: actions/checkout@v4

	- name: Install crystal and tool dependencies
	run: \|
	brew install crystal meson openssl@3

	- name: Install dependencies
	run: shards install

	- name: Import Developer ID Application cert for signing and notorizing
	uses: Apple-Actions/import-codesign-certs@63fff01cd422d4b7b855d40ca1e9d34d2de9427d # v3
	with:
	p12-file-base64: ${{ secrets.APPLE_DEVELOPER_CERTIFICATE_P12_BASE64 }}
	p12-password: ${{ secrets.APPLE_DEVELOPER_CERTIFICATE_PASSWORD }}

	- name: Add notarytool credentials
	env:
	AC_USERNAME: ${{ secrets.AC_USERNAME }}
	AC_PASSWORD: ${{ secrets.AC_PASSWORD }}
	AC_TEAM_ID: ${{ secrets.AC_TEAM_ID }}
	run: \|
	xcrun notarytool store-credentials \
	--apple-id "$AC_USERNAME" \
	--team-id "$AC_TEAM_ID" \
	--password "$AC_PASSWORD" \
	mstrap

	- name: Build signed & notorized release bundle
	run: make release RELEASE=1 STATIC=1 TARGET_ARCH=arm64 CODESIGN_IDENTITY="${{ secrets.CODESIGN_IDENTITY }}"

	- name: Smoke test the codesigned release
	run: bin/mstrap --help

	- name: Upload release bundle artifact
	uses: actions/upload-artifact@v4
	with:
	name: mstrap_macos_arm64
	path: dist

	release:
	needs: [build_linux_amd64, build_linux_aarch64, build_macos_amd64, build_macos_arm64]
	runs-on: ubuntu-latest
	if: ${{ !startsWith(github.ref, 'refs/tags/v0.0.0') && !contains(github.ref, 'dev') }}

	steps:
	- name: Determine version
	id: version
	run: echo "version=${GITHUB_REF:11}" >> $GITHUB_ENV

	- name: Download mstrap_linux_amd64 artifacts
	id: download_linux_amd64
	uses: actions/download-artifact@v4
	with:
	name: mstrap_linux_amd64
	path: dist-linux-amd64

	- name: Download mstrap_linux_aarch64 artifacts
	id: download_linux_aarch64
	uses: actions/download-artifact@v4
	with:
	name: mstrap_linux_aarch64
	path: dist-linux-aarch64

	- name: Download mstrap_macos_amd64 artifacts
	id: download_macos_amd64
	uses: actions/download-artifact@v4
	with:
	name: mstrap_macos_amd64
	path: dist-macos-amd64

	- name: Download mstrap_macos_arm64 artifacts
	id: download_macos_arm64
	uses: actions/download-artifact@v4
	with:
	name: mstrap_macos_arm64
	path: dist-macos-arm64

	- name: Create release
	id: create_release
	uses: softprops/action-gh-release@v2
	with:
	token: ${{ secrets.GITHUB_TOKEN }}
	draft: false
	prerelease: ${{ contains(github.ref, 'alpha') \|\| contains(github.ref, 'beta') \|\| contains(github.ref, 'pre') \|\| contains(github.ref, 'rc') }}
	files: \|
	dist-linux-aarch64/*.zip
	dist-linux-amd64/*.zip
	dist-macos-amd64/*.zip
	dist-macos-arm64/*.zip

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

ci: Pull CODESIGN_IDENTITY from secrets #52

Workflow file

ci: Pull CODESIGN_IDENTITY from secrets #52

Jobs

Run details

Workflow file for this run