-
Notifications
You must be signed in to change notification settings - Fork 6
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge branch 'notarization-backport' into v6.7.04_notarized
- Loading branch information
Showing
5 changed files
with
3,222 additions
and
4,066 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -4,10 +4,10 @@ on: [push] | |
|
|
||
| jobs: | ||
| build: | ||
| name: Build and Package Specify 6 | ||
| runs-on: ubuntu-latest | ||
|
|
||
| steps: | ||
|
|
||
| - uses: actions/checkout@v2 | ||
|
|
||
| - name: Unbase64 code signing certs | ||
|
|
@@ -16,7 +16,7 @@ jobs: | |
| echo $WIN_PKCS12 | base64 -d > packaging/certwithroot.pfx | ||
| env: | ||
| WIN_PKCS12: ${{ secrets.WIN_PKCS12 }} | ||
| MAC_PKCS12: ${{ secrets.MAC_PKCS12 }} | ||
| MAC_PKCS12: ${{ secrets.MAC_PKCS12_V2 }} | ||
|
|
||
| - name: Set up JDK 1.8 | ||
| uses: actions/setup-java@v1 | ||
|
|
@@ -33,58 +33,58 @@ jobs: | |
| id: cache-install4j | ||
| uses: actions/cache@v1 | ||
| with: | ||
| path: install4j7.0.7 | ||
| key: install4j7.0.7-cache | ||
| path: install4j8.0.4 | ||
| key: install4j8.0.4-cache | ||
|
|
||
| - name: Download Install4j | ||
| if: steps.cache-install4j.outputs.cache-hit != 'true' | ||
| run: | | ||
| wget https://download-keycdn.ej-technologies.com/install4j/install4j_unix_7_0_7.tar.gz | ||
| tar -zxvf install4j_unix_7_0_7.tar.gz | ||
| wget https://download-gcdn.ej-technologies.com/install4j/install4j_unix_8_0_4.tar.gz | ||
| tar -zxvf install4j_unix_8_0_4.tar.gz | ||
| - name: Set Install4j license | ||
| run: install4j7.0.7/bin/install4jc --license=$INSTALL4J_LICENSE | ||
| run: install4j8.0.4/bin/install4jc --license=$INSTALL4J_LICENSE | ||
| env: | ||
| INSTALL4J_LICENSE: ${{ secrets.INSTALL4J_LICENSE }} | ||
| INSTALL4J_LICENSE: ${{ secrets.INSTALL4J8_LICENSE }} | ||
|
|
||
| - name: Package Specify 6 | ||
| run: > | ||
| ant -noinput -buildfile build.xml -Dinstall4j.dir=./install4j7.0.7 | ||
| ant -noinput -buildfile build.xml -Dinstall4j.dir=./install4j8.0.4 | ||
| -Dwin-keystore-password=$WIN_KEYSTORE_PASSWORD -Dmac-keystore-password=$MAC_KEYSTORE_PASSWORD | ||
| -Dwin.pkcs12=certwithroot.pfx -Dmac.pkcs12=expdevidapp.p12 -Dcode.signing=true | ||
| package-all | ||
| env: | ||
| WIN_KEYSTORE_PASSWORD: ${{ secrets.WIN_KEYSTORE_PASSWORD }} | ||
| MAC_KEYSTORE_PASSWORD: ${{ secrets.MAC_KEYSTORE_PASSWORD }} | ||
| MAC_KEYSTORE_PASSWORD: ${{ secrets.MAC_KEYSTORE_PASSWORD_V2 }} | ||
|
|
||
| - name: Upload Specify_windows_64.exe as artifact | ||
| uses: actions/upload-artifact@v1 | ||
| with: | ||
| name: Specify_windows_64.exe | ||
| name: Specify_windows_64 | ||
| path: packages/Specify_windows_64.exe | ||
|
|
||
| - name: Upload Specify_windows.exe as artifact | ||
| uses: actions/upload-artifact@v1 | ||
| with: | ||
| name: Specify_windows.exe | ||
| name: Specify_windows | ||
| path: packages/Specify_windows.exe | ||
|
|
||
| - name: Upload Specify_unix_64.sh as artifact | ||
| uses: actions/upload-artifact@v1 | ||
| with: | ||
| name: Specify_unix_64.sh | ||
| name: Specify_unix_64 | ||
| path: packages/Specify_unix_64.sh | ||
|
|
||
| - name: Upload Specify_unix.sh as artifact | ||
| uses: actions/upload-artifact@v1 | ||
| with: | ||
| name: Specify_unix.sh | ||
| name: Specify_unix | ||
| path: packages/Specify_unix.sh | ||
|
|
||
| - name: Upload Specify_macos.dmg as artifact | ||
| uses: actions/upload-artifact@v1 | ||
| with: | ||
| name: Specify_macos.dmg | ||
| name: Specify_macos | ||
| path: packages/Specify_macos.dmg | ||
|
|
||
| - name: Upload updates.xml as artifact | ||
|
|
@@ -93,15 +93,98 @@ jobs: | |
| name: updates.xml | ||
| path: packages/updates.xml | ||
|
|
||
| - name: Release | ||
| notarize: | ||
| name: Notarize the Specify 6 Mac package | ||
| needs: build | ||
| runs-on: macos-latest | ||
|
|
||
| steps: | ||
| - name: Download Specify_macos artifact | ||
| uses: actions/download-artifact@v1 | ||
| with: | ||
| name: Specify_macos | ||
|
|
||
| - name: Upload the Mac package for notarization | ||
| run: > | ||
| xcrun altool --notarize-app --primary-bundle-id org.specifysoftware | ||
| --username [email protected] --password $AC_PASSWORD | ||
| --file Specify_macos/Specify_macos.dmg | tee notarize-app-output.txt | ||
| env: | ||
| AC_PASSWORD: ${{ secrets.AC_PASSWORD }} | ||
|
|
||
| - name: Get the request UUID | ||
| run: sed -En 's/RequestUUID = (.*)$/\1/p' notarize-app-output.txt | tee request-uuid.txt | ||
|
|
||
| - name: Check the notarization status | ||
| run: > | ||
| for i in {1..60}; do | ||
| sleep 120; | ||
| xcrun altool --notarization-info $(< request-uuid.txt) | ||
| --username [email protected] --password $AC_PASSWORD | ||
| | tee notarization-info.txt; | ||
| grep -q "Status: in progress" notarization-info.txt || break; | ||
| done; | ||
| grep -q "Status: success" notarization-info.txt || { echo "Notarization failed!"; exit 1; } | ||
| env: | ||
| AC_PASSWORD: ${{ secrets.AC_PASSWORD }} | ||
|
|
||
| - name: Staple the notarization ticket to the installer | ||
| run: xcrun stapler staple Specify_macos/Specify_macos.dmg | ||
|
|
||
| - name: Upload the stapled Specify_macos.dmg as artifact | ||
| uses: actions/upload-artifact@v1 | ||
| with: | ||
| name: Specify_macos_with_ticket | ||
| path: Specify_macos/Specify_macos.dmg | ||
|
|
||
| release: | ||
| name: Create a Specify 6 release | ||
| needs: [build, notarize] | ||
| if: startsWith(github.ref, 'refs/tags/') | ||
| runs-on: ubuntu-latest | ||
|
|
||
| steps: | ||
| - name: Download Specify_windows_64 artifact | ||
| uses: actions/download-artifact@v1 | ||
| with: | ||
| name: Specify_windows_64 | ||
|
|
||
| - name: Download Specify_windows artifact | ||
| uses: actions/download-artifact@v1 | ||
| with: | ||
| name: Specify_windows | ||
|
|
||
| - name: Download Specify_unix_64 artifact | ||
| uses: actions/download-artifact@v1 | ||
| with: | ||
| name: Specify_unix_64 | ||
|
|
||
| - name: Download Specify_unix artifact | ||
| uses: actions/download-artifact@v1 | ||
| with: | ||
| name: Specify_unix | ||
|
|
||
| - name: Download Specify_macos_with_ticket artifact | ||
| uses: actions/download-artifact@v1 | ||
| with: | ||
| name: Specify_macos_with_ticket | ||
|
|
||
| - name: Download updates.xml artifact | ||
| uses: actions/download-artifact@v1 | ||
| with: | ||
| name: updates.xml | ||
|
|
||
| - name: Create release | ||
| uses: softprops/action-gh-release@v1 | ||
| if: startsWith(github.ref, 'refs/tags/') | ||
| with: | ||
| draft: true | ||
| prerelease: true | ||
| files: | | ||
| packages/Specify* | ||
| packages/updates.xml | ||
| Specify_windows_64/* | ||
| Specify_windows/* | ||
| Specify_unix_64/* | ||
| Specify_unix/* | ||
| Specify_macos_with_ticket/* | ||
| updates.xml/* | ||
| env: | ||
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | ||
|
|
||
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.