Apple signing steps #208
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Release Dash Evo Tool | |
on: | |
push: | |
tags: | |
- 'v*' | |
- 'v*-dev.*' | |
release: | |
types: | |
- published | |
workflow_dispatch: | |
inputs: | |
tag: | |
description: "Version (i.e. v0.1.0)" | |
required: true | |
permissions: | |
id-token: write | |
attestations: write | |
contents: write | |
jobs: | |
build-and-release: | |
name: Build and Release Dash Evo Tool | |
strategy: | |
matrix: | |
include: | |
- name: "linux-x86_64" | |
runs-on: "ubuntu-20.04" | |
target: "x86_64-unknown-linux-gnu" | |
platform: "x86_64-linux" | |
release-ext: "zip" | |
- name: "linux-arm64" | |
runs-on: ["self-hosted", "Linux", "ARM64", "ubuntu20.04"] # Array of tags for ARM64 | |
target: "aarch64-unknown-linux-gnu" | |
platform: "arm64-linux" | |
release-ext: "zip" | |
- name: "macos-x86_64" | |
runs-on: "macos-13" | |
target: "x86_64-apple-darwin" | |
platform: "x86_64-mac" | |
release-ext: "dmg" | |
- name: "macos-arm64" | |
runs-on: "macos-latest" | |
target: "aarch64-apple-darwin" | |
platform: "arm64-mac" | |
release-ext: "dmg" | |
- name: "Windows" | |
runs-on: "ubuntu-20.04" | |
target: "x86_64-pc-windows-gnu" | |
platform: "windows" | |
ext: ".exe" | |
release-ext: "zip" | |
runs-on: ${{ matrix.runs-on }} | |
steps: | |
- name: Check out code | |
uses: actions/checkout@v4 | |
- name: Cache Cargo registry | |
uses: actions/cache@v4 | |
with: | |
path: | | |
~/.cargo/registry | |
~/.cargo/git | |
target | |
key: ${{ runner.os }}-cargo-${{ hashFiles('**/Cargo.lock') }} | |
restore-keys: | | |
${{ runner.os }}-cargo- | |
- name: Setup prerequisites | |
run: | | |
mkdir -p dash-evo-tool/ | |
cp .env.example dash-evo-tool/.env | |
cp -r dash_core_configs/ dash-evo-tool/dash_core_configs | |
- name: Install Rust toolchain | |
uses: actions-rs/toolchain@v1 | |
with: | |
toolchain: stable | |
target: ${{ matrix.target }} | |
override: true | |
- name: Install essentials | |
if: ${{ runner.os == 'Linux' }} | |
run: sudo apt-get update && sudo apt-get install -y build-essential pkg-config clang cmake unzip libsqlite3-dev gcc-mingw-w64 mingw-w64 libsqlite3-dev mingw-w64-x86-64-dev gcc-aarch64-linux-gnu zip && uname -a && cargo clean | |
- name: Install protoc (ARM) | |
if: ${{ matrix.platform == 'arm64' }} | |
run: curl -OL https://github.com/protocolbuffers/protobuf/releases/download/v25.2/protoc-25.2-linux-aarch_64.zip && sudo unzip -o protoc-25.2-linux-aarch_64.zip -d /usr/local bin/protoc && sudo unzip -o protoc-25.2-linux-aarch_64.zip -d /usr/local 'include/*' && rm -f protoc-25.2-linux-aarch_64.zip | |
env: | |
PROTOC: /usr/local/bin/protoc | |
- name: Install protoc (AMD) | |
if: ${{ matrix.target == 'x86_64-unknown-linux-gnu' }} | |
run: curl -OL https://github.com/protocolbuffers/protobuf/releases/download/v25.2/protoc-25.2-linux-x86_64.zip && sudo unzip -o protoc-25.2-linux-x86_64.zip -d /usr/local bin/protoc && sudo unzip -o protoc-25.2-linux-x86_64.zip -d /usr/local 'include/*' && rm -f protoc-25.2-linux-x86_64.zip | |
env: | |
PROTOC: /usr/local/bin/protoc | |
- name: Install protoc (Windows) | |
if: ${{ matrix.target == 'x86_64-pc-windows-gnu' }} | |
run: curl -OL https://github.com/protocolbuffers/protobuf/releases/download/v25.2/protoc-25.2-linux-x86_64.zip && sudo unzip -o protoc-25.2-linux-x86_64.zip -d /usr/local bin/protoc && sudo unzip -o protoc-25.2-linux-x86_64.zip -d /usr/local 'include/*' && rm -f protoc-25.2-linux-x86_64.zip | |
env: | |
PROTOC: /usr/local/bin/protoc | |
- name: Install protoc (Mac x64) | |
if: ${{ matrix.target == 'x86_64-apple-darwin' }} | |
run: curl -OL https://github.com/protocolbuffers/protobuf/releases/download/v25.2/protoc-25.2-osx-x86_64.zip && sudo unzip -o protoc-25.2-osx-x86_64.zip -d /usr/local bin/protoc && sudo unzip -o protoc-25.2-osx-x86_64.zip -d /usr/local 'include/*' && rm -f protoc-25.2-osx-x86_64.zip && uname -a | |
env: | |
PROTOC: /usr/local/bin/protoc | |
- name: Install protoc (Mac ARM) | |
if: ${{ matrix.target == 'aarch64-apple-darwin' }} | |
run: curl -OL https://github.com/protocolbuffers/protobuf/releases/download/v25.2/protoc-25.2-osx-aarch_64.zip && sudo unzip -o protoc-25.2-osx-aarch_64.zip -d /usr/local bin/protoc && sudo unzip -o protoc-25.2-osx-aarch_64.zip -d /usr/local 'include/*' && rm -f protoc-25.2-osx-aarch_64.zip | |
env: | |
PROTOC: /usr/local/bin/protoc | |
- name: Windows libsql | |
if: ${{ matrix.target == 'x86_64-pc-windows-gnu' }} | |
run: curl -OL https://www.sqlite.org/2024/sqlite-dll-win-x64-3460100.zip && sudo unzip -o sqlite-dll-win-x64-3460100.zip -d winlibs && sudo chown -R runner:docker winlibs/ && pwd && ls -lah && cd winlibs && x86_64-w64-mingw32-dlltool -d sqlite3.def -l libsqlite3.a && ls -lah && cd .. | |
- name: Set VERSION | |
run: | | |
if [ "${{ github.event_name }}" == "workflow_dispatch" ]; then | |
echo "VERSION=${{ inputs.tag }}" >> $GITHUB_ENV | |
elif [ "${{ github.event_name }}" == "release" ]; then | |
echo "VERSION=${{ github.event.release.tag_name }}" >> $GITHUB_ENV | |
else | |
echo "VERSION=${{ github.ref_name }}" >> $GITHUB_ENV | |
fi | |
- name: Build project | |
run: | | |
cargo build --release --target ${{ matrix.target }} | |
mv target/${{ matrix.target }}/release/dash-evo-tool${{ matrix.ext }} dash-evo-tool/dash-evo-tool${{ matrix.ext }} | |
env: | |
CC_x86_64_pc_windows_gnu: x86_64-w64-mingw32-gcc | |
AR_x86_64_pc_windows_gnu: x86_64-w64-mingw32-ar | |
CFLAGS_x86_64_pc_windows_gnu: "-O2" | |
# Import code signing certificate for macOS | |
- name: Import code signing certificate | |
if: contains(matrix.target, 'apple-darwin') | |
id: import_certs | |
uses: apple-actions/import-codesign-certs@v1 | |
with: | |
p12-file-base64: ${{ secrets.APPLE_CERTIFICATE }} | |
p12-password: ${{ secrets.APPLE_CERTIFICATE_PASSWORD }} | |
keychain: 'login' | |
# Sign the binary for macOS | |
- name: Sign binary | |
if: contains(matrix.target, 'apple-darwin') | |
run: codesign --timestamp --sign "${{ steps.import_certs.outputs.identity }}" dash-evo-tool/dash-evo-tool${{ matrix.ext }} | |
- name: Package release | |
run: "${GITHUB_WORKSPACE}/scripts/pack.sh ${{ env.VERSION }} ${{ matrix.platform }} ${{ matrix.ext }}" | |
# Sign the .dmg for macOS | |
- name: Sign .dmg | |
if: contains(matrix.target, 'apple-darwin') | |
run: codesign --timestamp --sign "${{ steps.import_certs.outputs.identity }}" dist/dash-evo-tool-${{ matrix.platform }}.${{ matrix.release-ext }} | |
# Notarize the .dmg for macOS | |
- name: Notarize .dmg | |
if: contains(matrix.target, 'apple-darwin') | |
uses: apple-actions/macos-notarize@v1 | |
with: | |
app-path: dist/dash-evo-tool-${{ matrix.platform }}.${{ matrix.release-ext }} | |
primary-bundle-id: com.yourcompany.dash-evo-tool | |
env: | |
AC_USERNAME: ${{ secrets.APPLE_ID }} | |
AC_PASSWORD: ${{ secrets.APPLE_APP_SPECIFIC_PASSWORD }} | |
# Staple the notarization ticket to the .dmg for macOS | |
- name: Staple Notarization Ticket | |
if: contains(matrix.target, 'apple-darwin') | |
run: xcrun stapler staple dist/dash-evo-tool-${{ matrix.platform }}.${{ matrix.release-ext }} | |
- name: Package release | |
run: "${GITHUB_WORKSPACE}/scripts/pack.sh ${{ env.VERSION }} ${{ matrix.platform }} ${{ matrix.ext }}" | |
- name: Attest | |
uses: actions/attest-build-provenance@v1 | |
with: | |
subject-path: 'dist/dash-evo-tool-${{ matrix.platform }}.${{ matrix.release-ext }}' | |
- name: Upload build artifact | |
uses: actions/upload-artifact@v4 | |
with: | |
name: dash-evo-tool-${{ matrix.platform }}.${{ matrix.release-ext }} | |
path: dist/dash-evo-tool-${{ matrix.platform }}.${{ matrix.release-ext }} | |
release: | |
name: Create GitHub Release | |
needs: build-and-release | |
runs-on: ubuntu-latest | |
steps: | |
- name: Download Linux AMD64 Artifact | |
uses: actions/download-artifact@v4 | |
with: | |
name: dash-evo-tool-x86_64-linux.zip | |
- name: Download Linux Arm64 Artifact | |
uses: actions/download-artifact@v4 | |
with: | |
name: dash-evo-tool-arm64-linux.zip | |
- name: Download MacOS AMD64 Artifact | |
uses: actions/download-artifact@v4 | |
with: | |
name: dash-evo-tool-x86_64-mac.dmg | |
- name: Download MacOS ARM64 Artifact | |
uses: actions/download-artifact@v4 | |
with: | |
name: dash-evo-tool-arm64-mac.dmg | |
- name: Download Windows Artifact | |
uses: actions/download-artifact@v4 | |
with: | |
name: dash-evo-tool-windows.zip | |
- name: Publish release | |
uses: softprops/action-gh-release@v1 | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
with: | |
tag_name: ${{ github.event.inputs.tag }} | |
files: | | |
./dash-evo-tool-x86_64-linux.zip | |
./dash-evo-tool-arm64-linux.zip | |
./dash-evo-tool-x86_64-mac.dmg | |
./dash-evo-tool-arm64-mac.dmg | |
./dash-evo-tool-windows.zip | |
draft: false | |
prerelease: true |