mirror of
https://github.com/maxgoedjen/secretive.git
synced 2025-10-31 15:30:57 +00:00
84d5a56fb0
* . * Test * Release * Release * Release * -r * ls * Fix yml * Path * Path * Path * List * Zip direct * Zip direct * Sha * sha * Zip direct * Auth. * . * . * . * . * . * .
67 lines
2.5 KiB
YAML
67 lines
2.5 KiB
YAML
name: Nightly
|
|
|
|
on:
|
|
schedule:
|
|
- cron: "0 8 * * *"
|
|
workflow_dispatch:
|
|
|
|
jobs:
|
|
build:
|
|
runs-on: macos-26
|
|
permissions:
|
|
id-token: write
|
|
contents: write
|
|
attestations: write
|
|
actions: read
|
|
timeout-minutes: 10
|
|
steps:
|
|
- uses: actions/checkout@v5
|
|
- name: Setup Signing
|
|
env:
|
|
SIGNING_DATA: ${{ secrets.SIGNING_DATA }}
|
|
SIGNING_PASSWORD: ${{ secrets.SIGNING_PASSWORD }}
|
|
HOST_PROFILE_DATA: ${{ secrets.HOST_PROFILE_DATA }}
|
|
AGENT_PROFILE_DATA: ${{ secrets.AGENT_PROFILE_DATA }}
|
|
APPLE_API_KEY_DATA: ${{ secrets.APPLE_API_KEY_DATA }}
|
|
APPLE_API_KEY_ID: ${{ secrets.APPLE_API_KEY_ID }}
|
|
run: ./.github/scripts/signing.sh
|
|
- name: Set Environment
|
|
run: sudo xcrun xcode-select -s /Applications/Xcode_26.0.app
|
|
- name: Update Build Number
|
|
env:
|
|
RUN_ID: ${{ github.run_id }}
|
|
run: |
|
|
DATE=$(date "+%Y-%m-%d")
|
|
sed -i '' -e "s/GITHUB_CI_VERSION/0.0.0_nightly-$DATE/g" Sources/Config/Config.xcconfig
|
|
sed -i '' -e "s/GITHUB_BUILD_NUMBER/1.$RUN_ID/g" Sources/Config/Config.xcconfig
|
|
sed -i '' -e "s/GITHUB_BUILD_URL/https:\/\/github.com\/maxgoedjen\/secretive\/actions\/runs\/$RUN_ID/g" Sources/Config/Config.xcconfig
|
|
- name: Build
|
|
run: xcrun xcodebuild -project Sources/Secretive.xcodeproj -scheme Secretive -configuration Release -archivePath Archive.xcarchive archive
|
|
- name: Move to Artifact Folder
|
|
run: mkdir Artifact; cp -r Archive.xcarchive/Products/Applications/Secretive.app Artifact
|
|
- name: Upload App to Artifacts
|
|
id: upload
|
|
uses: actions/upload-artifact@v4
|
|
with:
|
|
name: Secretive
|
|
path: Artifact
|
|
- name: Download Zipped Artifact
|
|
id: download
|
|
env:
|
|
ZIP_ID: ${{ steps.upload.outputs.artifact-id }}
|
|
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
|
|
run: |
|
|
curl -L -H "Authorization: Bearer $GITHUB_TOKEN" -L \
|
|
https://api.github.com/repos/maxgoedjen/secretive/actions/artifacts/$ZIP_ID/zip > Secretive.zip
|
|
- name: Notarize
|
|
env:
|
|
APPLE_API_KEY_ID: ${{ secrets.APPLE_API_KEY_ID }}
|
|
APPLE_API_ISSUER: ${{ secrets.APPLE_API_ISSUER }}
|
|
run: xcrun notarytool submit --key ~/.private_keys/AuthKey_$APPLE_API_KEY_ID.p8 --key-id $APPLE_API_KEY_ID --issuer $APPLE_API_ISSUER Secretive.zip
|
|
- name: Attest
|
|
id: attest
|
|
uses: actions/attest-build-provenance@v2
|
|
with:
|
|
subject-name: "Secretive.zip"
|
|
subject-digest: sha256:${{ steps.upload.outputs.artifact-digest }}
|