diff --git a/.github/workflows/nightly.yml b/.github/workflows/nightly.yml index c4e7ad3..0d156bb 100644 --- a/.github/workflows/nightly.yml +++ b/.github/workflows/nightly.yml @@ -36,27 +36,23 @@ jobs: sed -i '' -e "s/GITHUB_BUILD_URL/https:\/\/github.com\/maxgoedjen\/secretive\/actions\/runs\/$RUN_ID/g" Sources/Secretive/Credits.rtf - name: Build run: xcrun xcodebuild -project Sources/Secretive.xcodeproj -scheme Secretive -configuration Release -archivePath Archive.xcarchive archive - - name: Create ZIPs + - name: Create ZIP run: | ditto -c -k --sequesterRsrc --keepParent Archive.xcarchive/Products/Applications/Secretive.app ./Secretive.zip - ditto -c -k --sequesterRsrc --keepParent Archive.xcarchive ./Xcode_Archive.zip - name: Notarize env: APPLE_API_KEY_ID: ${{ secrets.APPLE_API_KEY_ID }} APPLE_API_ISSUER: ${{ secrets.APPLE_API_ISSUER }} run: xcrun notarytool submit --key ~/.private_keys/AuthKey_$APPLE_API_KEY_ID.p8 --key-id $APPLE_API_KEY_ID --issuer $APPLE_API_ISSUER Secretive.zip - - name: Attest - id: attest - uses: actions/attest-build-provenance@v2 - with: - subject-path: 'Secretive.zip, Xcode_Archive.zip' - name: Upload App to Artifacts + id: upload uses: actions/upload-artifact@v4 with: name: Secretive.zip path: Secretive.zip - - name: Upload Archive to Artifacts - uses: actions/upload-artifact@v4 + - name: Attest + id: attest + uses: actions/attest-build-provenance@v2 with: - name: Xcode_Archive.zip - path: Xcode_Archive.zip + subject-name: "Secretive.zip" + subject-digest: ${{ steps.upload.outputs.artifact-digest }} diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index ebd0b01..da81788 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -56,39 +56,34 @@ jobs: sed -i '' -e "s/GITHUB_BUILD_URL/https:\/\/github.com\/maxgoedjen\/secretive\/actions\/runs\/$RUN_ID/g" Sources/Secretive/Credits.rtf - name: Build run: xcrun xcodebuild -project Sources/Secretive.xcodeproj -scheme Secretive -configuration Release -archivePath Archive.xcarchive archive - - name: Create ZIPs + - name: Create ZIP run: | ditto -c -k --sequesterRsrc --keepParent Archive.xcarchive/Products/Applications/Secretive.app ./Secretive.zip - ditto -c -k --sequesterRsrc --keepParent Archive.xcarchive ./Xcode_Archive.zip - name: Notarize env: APPLE_API_KEY_ID: ${{ secrets.APPLE_API_KEY_ID }} APPLE_API_ISSUER: ${{ secrets.APPLE_API_ISSUER }} run: xcrun notarytool submit --key ~/.private_keys/AuthKey_$APPLE_API_KEY_ID.p8 --key-id $APPLE_API_KEY_ID --issuer $APPLE_API_ISSUER Secretive.zip + - name: Upload App to Artifacts + id: upload + uses: actions/upload-artifact@v4 + with: + name: Secretive.zip + path: Secretive.zip - name: Attest id: attest uses: actions/attest-build-provenance@v2 with: - subject-path: 'Secretive.zip, Xcode_Archive.zip' + subject-name: "Secretive.zip" + subject-digest: ${{ steps.upload.outputs.artifact-digest }} - name: Create Release run: | sed -i.tmp "s/RUN_ID/$RUN_ID/g" .github/templates/release.md sed -i.tmp "s/ATTESTATION_ID/$ATTESTATION_ID/g" .github/templates/release.md gh release create $TAG_NAME -d -F .github/templates/release.md gh release upload Secretive.zip - gh release upload Xcode_Archive.zip env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} TAG_NAME: ${{ github.ref }} RUN_ID: ${{ github.run_id }} ATTESTATION_ID: ${{ steps.attest.outputs.attestation-id }} - - name: Upload App to Artifacts - uses: actions/upload-artifact@v4 - with: - name: Secretive.zip - path: Secretive.zip - - name: Upload Archive to Artifacts - uses: actions/upload-artifact@v4 - with: - name: Xcode_Archive.zip - path: Xcode_Archive.zip