Merge remote-tracking branch 'origin/main' into codesign_init #47
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Release | |
on: | |
push: | |
branches: [ main, codesign_init ] | |
tags: | |
- 'v*.*.*' | |
jobs: | |
build: | |
runs-on: macos-latest | |
steps: | |
- uses: actions/checkout@v3 | |
- name: Set up Python 3.9 | |
uses: actions/setup-python@v5 | |
with: | |
python-version: 3.9 | |
- name: Install dependencies | |
run: | | |
pip install poetry -U | |
poetry install | |
### Installing SSH keys to pull our dependencies down from GitHub | |
- name: Install SSH key | |
uses: shimataro/ssh-key-action@v2 | |
with: | |
key: '${{ secrets.SSH_PRIVATE_KEY }}' | |
name: id_rsa | |
known_hosts: 'github.com' | |
if_key_exists: fail | |
### Setting up our fastlane certificates | |
- name: Setup Certificates | |
run: |- | |
cd macos | |
bundle install | |
bundle exec fastlane setup | |
env: | |
MATCH_PASSWORD: ${{ secrets.MATCH_PASSWORD }} | |
FASTLANE_PASSWORD: ${{ secrets.FASTLANE_PASSWORD }} | |
- name: Build library | |
run: poetry build | |
- name: Build stand alone | |
run: | | |
poetry run pyinstaller -c --onefile src/pieces/app.py --hidden-import=pydantic_core --add-data="src/pieces/data/applications.db:." --name=pieces | |
### Code signing the binary file | |
- name: Codesign Binary | |
run: | | |
codesign -s "Developer ID Application: Mesh Intelligent Technologies, Inc. (287L9TU9JL)" -i com.pieces.cli -o runtime --entitlements Release.entitlements --timestamp -f dist/pieces -v | |
### Packing and Notarizing the app bundle for intel macs | |
### NOTE IMPORTANT @NATHAN ~ Currently not possible to staple a ticket to a binary directly see: | |
### https://developer.apple.com/documentation/security/notarizing_macos_software_before_distribution/customizing_the_notarization_workflow | |
- name: Pack & Notarize Intel | |
run: |- | |
ditto -c -k --sequesterRsrc "dist/pieces" dist/pieces-cli.zip | |
xcrun notarytool submit dist/pieces-cli.zip --password ${{ secrets.APPLE_APP_SPECIFIC_PASSWORD }} --apple-id "[email protected]" --team-id "287L9TU9JL" --wait | |
# xcrun stapler staple "dist/pieces" - NOTE Currently Not Possible | |
### Uploading our builds to GitHub Artifacts | |
- name: Upload Artifacts | |
uses: actions/upload-artifact@v3 | |
with: | |
path: |- | |
dist | |
- name: Release | |
uses: softprops/action-gh-release@v1 | |
if: startsWith(github.ref, 'refs/tags/') | |
with: | |
files: dist/pieces* | |