add publish workflow #4
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Publish hostd | |
on: | |
push: | |
branches: | |
- master | |
tags: | |
- 'v[0-9]+.[0-9]+.[0-9]+' | |
- 'v[0-9]+.[0-9]+.[0-9]+-**' | |
jobs: | |
windows: | |
strategy: | |
matrix: | |
app: [ hostd, renterd ] | |
runs-on: windows-latest | |
steps: | |
- uses: actions/checkout@v3 | |
- uses: actions/setup-node@v3 | |
- uses: actions/setup-go@v3 | |
with: | |
go-version: 'stable' | |
- name: Setup | |
shell: bash | |
run: | | |
go install github.com/wailsapp/wails/v2/cmd/wails@latest | |
dotnet tool install --global AzureSignTool | |
- name: Build | |
shell: bash | |
run: | | |
cd ${{ matrix.app }} | |
wails build -webview2 embed | |
azuresigntool sign -kvu "${{ secrets.AZURE_KEY_VAULT_URI }}" -kvi "${{ secrets.AZURE_CLIENT_ID }}" -kvt "${{ secrets.AZURE_TENANT_ID }}" -kvs "${{ secrets.AZURE_CLIENT_SECRET }}" -kvc ${{ secrets.AZURE_CERT_NAME }} -tr http://timestamp.digicert.com -v "build/bin/${{ matrix.app }} Desktop.exe" | |
- name: Upload | |
uses: actions/upload-artifact@v3 | |
with: | |
name: ${{ matrix.app }} | |
path: ${{ matrix.app }}/build/bin/ | |
mac: | |
strategy: | |
matrix: | |
app: [ hostd, renterd ] | |
runs-on: macos-latest | |
steps: | |
- uses: actions/checkout@v3 | |
- uses: actions/setup-node@v3 | |
- uses: actions/setup-go@v3 | |
with: | |
go-version: 'stable' | |
- name: Setup | |
env: | |
APPLE_CERT_ID: ${{ secrets.APPLE_CERT_ID }} | |
APPLE_API_KEY: ${{ secrets.APPLE_API_KEY }} | |
APPLE_API_ISSUER: ${{ secrets.APPLE_API_ISSUER }} | |
APPLE_KEY_B64: ${{ secrets.APPLE_KEY_B64 }} | |
APPLE_CERT_B64: ${{ secrets.APPLE_CERT_B64 }} | |
APPLE_CERT_PASSWORD: ${{ secrets.APPLE_CERT_PASSWORD }} | |
APPLE_KEYCHAIN_PASSWORD: ${{ secrets.APPLE_KEYCHAIN_PASSWORD }} | |
run: | | |
# extract apple cert | |
APPLE_CERT_PATH=$RUNNER_TEMP/apple_cert.p12 | |
KEYCHAIN_PATH=$RUNNER_TEMP/app-signing.keychain-db | |
echo -n "$APPLE_CERT_B64" | base64 --decode --output $APPLE_CERT_PATH | |
# extract apple key | |
mkdir -p ~/private_keys | |
APPLE_API_KEY_PATH=~/private_keys/AuthKey_$APPLE_API_KEY.p8 | |
echo -n "$APPLE_KEY_B64" | base64 --decode --output $APPLE_API_KEY_PATH | |
# create temp keychain | |
security create-keychain -p "$APPLE_KEYCHAIN_PASSWORD" $KEYCHAIN_PATH | |
security default-keychain -s $KEYCHAIN_PATH | |
security set-keychain-settings -lut 21600 $KEYCHAIN_PATH | |
security unlock-keychain -p "$APPLE_KEYCHAIN_PASSWORD" $KEYCHAIN_PATH | |
# import keychain | |
security import $APPLE_CERT_PATH -P $APPLE_CERT_PASSWORD -A -t cert -f pkcs12 -k $KEYCHAIN_PATH | |
security find-identity -v $KEYCHAIN_PATH -p codesigning | |
security set-key-partition-list -S apple-tool:,apple:,codesign: -s -k $APPLE_KEYCHAIN_PASSWORD $KEYCHAIN_PATH | |
go install github.com/wailsapp/wails/v2/cmd/wails@latest | |
- name: Build amd64 | |
env: | |
APPLE_CERT_ID: ${{ secrets.APPLE_CERT_ID }} | |
APPLE_API_KEY: ${{ secrets.APPLE_API_KEY }} | |
APPLE_API_ISSUER: ${{ secrets.APPLE_API_ISSUER }} | |
APPLE_KEY_B64: ${{ secrets.APPLE_KEY_B64 }} | |
APPLE_CERT_B64: ${{ secrets.APPLE_CERT_B64 }} | |
APPLE_CERT_PASSWORD: ${{ secrets.APPLE_CERT_PASSWORD }} | |
APPLE_KEYCHAIN_PASSWORD: ${{ secrets.APPLE_KEYCHAIN_PASSWORD }} | |
run: | | |
cd ${{ matrix.app }} | |
wails build - | |
/usr/bin/codesign --deep -f -v --timestamp -o runtime,library -s $APPLE_CERT_ID "build/bin/${{ matrix.app }} Desktop.app/Contents/MacOS/${{ matrix.app }} Desktop" | |
xcrun notarytool submit -k ~/private_keys/AuthKey_$APPLE_API_KEY.p8 -d $APPLE_API_KEY -i $APPLE_API_ISSUER --wait --timeout 10m build/bin/${{ matrix.app }} Desktop.app | |
- name: Upload | |
uses: actions/upload-artifact@v3 | |
with: | |
name: ${{ matrix.app }} | |
path: ${{ matrix.app }}/build/bin/ | |