need zip for notary #40
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Release | |
| on: | |
| push: | |
| branches: [ main, codesign_init ] | |
| tags: | |
| - 'v*.*.*' | |
| jobs: | |
| build: | |
| runs-on: macos-latest | |
| steps: | |
| - uses: actions/checkout@v3 | |
| - name: Set up Python 3.9 | |
| uses: actions/setup-python@v5 | |
| with: | |
| python-version: 3.9 | |
| - name: Install dependencies | |
| run: | | |
| pip install poetry -U | |
| poetry install | |
| ### Installing SSH keys to pull our dependencies down from GitHub | |
| - name: Install SSH key | |
| uses: shimataro/ssh-key-action@v2 | |
| with: | |
| key: '${{ secrets.SSH_PRIVATE_KEY }}' | |
| name: id_rsa | |
| known_hosts: 'github.com' | |
| if_key_exists: fail | |
| ### Setting up our fastlane certificates | |
| - name: Setup Certificates | |
| run: |- | |
| cd macos | |
| bundle install | |
| bundle exec fastlane setup | |
| env: | |
| MATCH_PASSWORD: ${{ secrets.MATCH_PASSWORD }} | |
| FASTLANE_PASSWORD: ${{ secrets.FASTLANE_PASSWORD }} | |
| - name: Build library | |
| run: poetry build | |
| - name: Build stand alone | |
| run: | | |
| poetry run pyinstaller -c --onefile src/pieces/app.py --hidden-import=pydantic_core --add-data="src/pieces/data/applications.db:." --name=pieces | |
| - name: Codesign Binary | |
| run: | | |
| codesign -s "Developer ID Application: Mesh Intelligent Technologies, Inc. (287L9TU9JL)" -i com.pieces.cli -o runtime --entitlements Release.entitlements --timestamp -f dist/pieces -v | |
| - name: What is in the dist folder | |
| run: | | |
| ls -la | |
| cd dist | |
| ls -la | |
| ### Packing and Notarizing the app bundle for intel macs | |
| - name: Pack & Notarize Intel | |
| run: |- | |
| ditto -c -k --sequesterRsrc --keepParent "dist/pieces" dist/pieces-cli.zip | |
| xcrun notarytool submit dist/pieces-cli.zip --password ${{ secrets.APPLE_APP_SPECIFIC_PASSWORD }} --apple-id "[email protected]" --team-id "287L9TU9JL" --wait | |
| xcrun stapler staple "dist/pieces" | |
| ditto -c -k --sequesterRsrc --keepParent "dist/pieces" dist/pieces-cli.zip | |
| - name: What is in the dist folder again | |
| run: | | |
| ls -la | |
| cd dist | |
| ls -la | |
| ### Uploading our builds to GitHub Artifacts | |
| - name: Upload Artifacts | |
| uses: actions/upload-artifact@v3 | |
| with: | |
| path: |- | |
| dist | |
| - name: Release | |
| uses: softprops/action-gh-release@v1 | |
| if: startsWith(github.ref, 'refs/tags/') | |
| with: | |
| files: dist/pieces* | |