secretive/.github/workflows/release.yml

name: Release

on: 
  push:
    tags:
      - '*'
jobs:
  test:
    runs-on: macOS-latest
    timeout-minutes: 10
    steps:
    - uses: actions/checkout@v1
    - name: Setup Signing
      env: 
        SIGNING_DATA: ${{ secrets.SIGNING_DATA }}
        SIGNING_PASSWORD: ${{ secrets.SIGNING_PASSWORD }}
        HOST_PROFILE_DATA: ${{ secrets.HOST_PROFILE_DATA }}
        AGENT_PROFILE_DATA: ${{ secrets.AGENT_PROFILE_DATA }}
      run: ./.github/scripts/signing.sh
    - name: Test
      run: xcrun xcodebuild test -project Secretive.xcodeproj -scheme Secretive
  build:
    runs-on: macOS-latest
    timeout-minutes: 10
    steps:
    - uses: actions/checkout@v1
    - name: Create Release
      id: create_release
      uses: actions/create-release@v1
      env:
        GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
      with:
        tag_name: ${{ github.ref }}
        release_name: ${{ github.ref }}
        body: "Build: https://github.com/maxgoedjen/secretive/actions/runs/${{ github.run_id }}"
        draft: true
        prerelease: false
    - name: Setup Signing
      env: 
        SIGNING_DATA: ${{ secrets.SIGNING_DATA }}
        SIGNING_PASSWORD: ${{ secrets.SIGNING_PASSWORD }}
        HOST_PROFILE_DATA: ${{ secrets.HOST_PROFILE_DATA }}
        AGENT_PROFILE_DATA: ${{ secrets.AGENT_PROFILE_DATA }}
      run: ./.github/scripts/signing.sh
    - name: Update Build Number
      env:
        TAG_NAME: ${{ github.ref }}
      run: |
            export CLEAN_TAG=$(echo $TAG_NAME | sed -e 's/refs\/tags\/v//')
            sed -i '' -e "s/CI_VERSION = 0.0.0/CI_VERSION = $CLEAN_TAG/g" Config/Config.xcconfig            
    - name: Build
      run: xcrun xcodebuild -project Secretive.xcodeproj -scheme Secretive -configuration Release -archivePath Archive.xcarchive archive
    - name: Create ZIPs
      run: |
            ditto -c -k --sequesterRsrc --keepParent Archive.xcarchive/Products/Applications/Secretive.app ./Secretive.zip
            ditto -c -k --sequesterRsrc --keepParent Archive.xcarchive ./Archive.zip            
    - name: Notarize
      env: 
        APPLE_USERNAME: ${{ secrets.APPLE_USERNAME }}
        APPLE_PASSWORD: ${{ secrets.APPLE_PASSWORD }}
      run: xcrun altool --notarize-app --primary-bundle-id "com.maxgoedjen.secretive.host" --username $APPLE_USERNAME --password $APPLE_PASSWORD --file Secretive.zip
    - name: Document SHAs
      run: |
            shasum -a 512 Secretive.zip
            shasum -a 512 Archive.zip            
    - name: Upload App to Release
      id: upload-release-asset 
      uses: actions/upload-release-asset@v1.0.1
      env:
        GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
      with:
        upload_url: ${{ steps.create_release.outputs.upload_url }}
        asset_path: ./Secretive.zip
        asset_name: Secretive.zip
        asset_content_type: application/zip
    - name: Upload Archive to Artifacts
      uses: actions/upload-artifact@v1
      with:
        name: Archive.zip
        path: Archive.zip
    - name: Upload Archive to Artifacts
      uses: actions/upload-artifact@v1
      with:
        name: Secretive.zip
        path: Secretive.zip