CI first pass (#36)

This commit is contained in:
Max Goedjen 2020-03-14 18:32:02 -07:00 committed by GitHub
parent f20c2b90a6
commit dab1cf3d50
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 86 additions and 0 deletions

67
.github/release.yml vendored Normal file
View File

@ -0,0 +1,67 @@
name: Release
on:
push:
branches:
- 'master'
tags:
- '*'
jobs:
build:
runs-on: macOS-latest
timeout-minutes: 10
steps:
- uses: actions/checkout@v1
- name: Create Release
id: create_release
uses: actions/create-release@v1
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
tag_name: ${{ github.ref }}
release_name: ${{ github.ref }}
body: ''
draft: true
prerelease: false
- name: Set up signing
env:
SIGNING_DATA: ${{ secrets.SIGNING_DATA }}
SIGNING_PASSWORD: ${{ secrets.SIGNING_PASSWORD }}
HOST_PROFILE_DATA: ${{ secrets.HOST_PROFILE_DATA }}
AGENT_PROFILE_DATA: ${{ secrets.AGENT_PROFILE_DATA }}
run: ./scripts/signing.sh
- name: Build
run: xcrun xcodebuild -project Secretive.xcodeproj -scheme Secretive -configuration Release -archivePath Archive.xcarchive archive
- name: Create ZIPs
run: |
ditto -c -k --sequesterRsrc --keepParent Archive.xcarchive/Products/Applications/Secretive.app ./Secretive.zip
ditto -c -k --sequesterRsrc --keepParent Archive.xcarchive ./Archive.zip
- name: Notarize
env:
APPLE_USERNAME: ${{ secrets.APPLE_USERNAME }}
APPLE_PASSWORD: ${{ secrets.APPLE_PASSWORD }}
run: xcrun altool --notarize-app --primary-bundle-id "com.maxgoedjen.secretive.host" --username "$APPLE_USERNAME" --password "$APPLE_PASSWORD" --file Secretive.zip
- name: Document SHAs
run: |
shasum -a 512 Secretive.zip
shasum -a 512 Archive.zip
- name: Upload App
id: upload-release-asset
uses: actions/upload-release-asset@v1.0.1
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
upload_url: ${{ steps.create_release.outputs.upload_url }}
asset_path: ./Secretive.zip
asset_name: Secretive.zip
asset_content_type: application/zip
- name: Upload Archive
id: upload-release-asset
uses: actions/upload-release-asset@v1.0.1
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
upload_url: ${{ steps.create_release.outputs.upload_url }}
asset_path: ./Archive.zip
asset_name: Archive.zip
asset_content_type: application/zip

19
.github/scripts/signing.sh vendored Normal file
View File

@ -0,0 +1,19 @@
#!/bin/bash
# Import certificate and private key
echo $SIGNING_DATA | base64 -d -o Signing.p12
security create-keychain -p ci ci.keychain
security default-keychain -s ci.keychain
security list-keychains -s ci.keychain
security import ./Signing.p12 -k ci.keychain -P $SIGNING_PASSWORD -A
security set-key-partition-list -S apple-tool:,apple:,codesign: -s -k ci ci.keychain
# Import Profiles
mkdir -p ~/Library/MobileDevice/Provisioning\ Profiles
echo $HOST_PROFILE_DATA | base64 -d -o Host.mobileprovision
HOST_UUID=`grep UUID -A1 -a Profile.mobileprovision | grep -io "[-A-F0-9]\{36\}"`
cp Host.mobileprovision ~/Library/MobileDevice/Provisioning\ Profiles/$HOST_UUID.mobileprovision
echo $AGENT_PROFILE_DATA | base64 -d -o Agent.mobileprovision
AGENT_UUID=`grep UUID -A1 -a Agent.mobileprovision | grep -io "[-A-F0-9]\{36\}"`
cp Agent.mobileprovision ~/Library/MobileDevice/Provisioning\ Profiles/$AGENT_UUID.mobileprovision