CI - Patch latest Sequoia metallib's #1128
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: CI - Patch latest Sequoia metallib's | |
on: | |
schedule: | |
- cron: "0 */3 * * *" | |
push: | |
branches: | |
- main | |
concurrency: | |
cancel-in-progress: true | |
group: ${{ github.workflow }} | |
jobs: | |
build: | |
name: CI - Patch latest Sequoia metallib's | |
runs-on: macos-latest | |
env: | |
# GitHub Releases API | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
# PKG Signing | |
ORG_MAC_DEVELOPER_ID_INSTALLER_IDENTITY: ${{ secrets.ORG_MAC_DEVELOPER_ID_INSTALLER_IDENTITY }} | |
# Notarization | |
ORG_MAC_NOTARIZATION_TEAM_ID: ${{ secrets.ORG_MAC_NOTARIZATION_TEAM_ID }} | |
ORG_MAC_NOTARIZATION_APPLE_ID: ${{ secrets.ORG_MAC_NOTARIZATION_APPLE_ID }} | |
ORG_MAC_NOTARIZATION_PASSWORD: ${{ secrets.ORG_MAC_NOTARIZATION_PASSWORD }} | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Set up Python 3.11 | |
uses: actions/setup-python@v2 | |
with: | |
python-version: 3.11 | |
- name: Import Installer Signing Certificate | |
uses: dhinakg/import-codesign-certs@master | |
with: | |
p12-file-base64: ${{ secrets.ORG_MAC_DEVELOPER_ID_INSTALLER_CERT_P12_BASE64 }} | |
p12-password: ${{ secrets.ORG_MAC_DEVELOPER_ID_INSTALLER_CERT_P12_PASSWORD }} | |
- name: Free up space | |
run: | | |
mkdir empty_dir | |
rsync -a --delete empty_dir/ /Applications/Xcode_16.1_beta.app/ | |
rsync -a --delete empty_dir/ /Applications/Xcode_16_beta_6.app/ | |
rsync -a --delete empty_dir/ /Applications/Xcode_15.3.app/ | |
rsync -a --delete empty_dir/ /Applications/Xcode_15.2.app/ | |
rsync -a --delete empty_dir/ /Applications/Xcode_15.1.app/ | |
rsync -a --delete empty_dir/ /Applications/Xcode_15.0.1.app/ | |
rsync -a --delete empty_dir/ /Applications/Xcode_14.3.1.app/ | |
rsync -a --delete empty_dir/ /Users/runner/Library/Android/sdk/ | |
- name: Install dependencies | |
run: python3 -m pip install -r requirements.txt | |
- name: Download latest Sequoia IPSW | |
run: echo "IPSW_FILE=$(python3 metallib.py --download --continuous-integration)" >> $GITHUB_OUTPUT | |
id: download | |
- name: Extract system volume | |
if: steps.download.outputs.IPSW_FILE != '' | |
run: echo "DMG_FILE=$(python3 metallib.py --extract ${{ steps.download.outputs.IPSW_FILE }})" >> $GITHUB_OUTPUT | |
id: extract | |
- name: Fetch metal libraries | |
if: steps.extract.outputs.DMG_FILE != '' | |
run: echo "BACKUP_FOLDER=$(python3 metallib.py --fetch ${{ steps.extract.outputs.DMG_FILE }})" >> $GITHUB_OUTPUT | |
id: fetch | |
- name: Patch metal libraries | |
if: steps.fetch.outputs.BACKUP_FOLDER != '' | |
run: python3 metallib.py --patch ${{ steps.fetch.outputs.BACKUP_FOLDER }} | |
- name: Build sys_patch_dict.py | |
if: steps.fetch.outputs.BACKUP_FOLDER != '' | |
run: python3 metallib.py --build-sys-patch ${{ steps.fetch.outputs.BACKUP_FOLDER }} --continuous-integration | |
- name: Build Package | |
if: steps.fetch.outputs.BACKUP_FOLDER != '' | |
run: python3 metallib.py --build-pkg ${{ steps.fetch.outputs.BACKUP_FOLDER }} --pkg-signing-identity "${{env.ORG_MAC_DEVELOPER_ID_INSTALLER_IDENTITY}}" --notarization-team-id "${{env.ORG_MAC_NOTARIZATION_TEAM_ID}}" --notarization-apple-id "${{env.ORG_MAC_NOTARIZATION_APPLE_ID}}" --notarization-password "${{env.ORG_MAC_NOTARIZATION_PASSWORD}}" | |
- name: Upload metal libraries to Artifacts | |
if: steps.fetch.outputs.BACKUP_FOLDER != '' | |
uses: actions/upload-artifact@v4 | |
with: | |
name: MetallibSupportPkg.pkg | |
path: ./MetallibSupportPkg-*.pkg | |
- name: Upload sys_patch_dict.py to Artifacts | |
if: steps.fetch.outputs.BACKUP_FOLDER != '' | |
uses: actions/upload-artifact@v4 | |
with: | |
name: sys_patch_dict.py | |
path: sys_patch_dict.py | |
- name: Upload manifest to Artifacts | |
if: steps.fetch.outputs.BACKUP_FOLDER != '' | |
uses: actions/upload-artifact@v4 | |
with: | |
name: manifest.json | |
path: deploy/manifest.json | |
- name: Create GitHub release | |
if: ${{ github.ref == 'refs/heads/main' && steps.fetch.outputs.BACKUP_FOLDER != '' }} | |
uses: softprops/action-gh-release@v1 | |
with: | |
files: | | |
MetallibSupportPkg-*.pkg | |
sys_patch_dict.py | |
token: ${{ secrets.GITHUB_TOKEN }} | |
tag_name: ${{ steps.fetch.outputs.BACKUP_FOLDER }} | |
- name: Sync GitHub Pages | |
if: ${{ github.ref == 'refs/heads/main' && steps.fetch.outputs.BACKUP_FOLDER != '' }} | |
uses: JamesIves/[email protected] | |
with: | |
ACCESS_TOKEN: ${{ secrets.ACCESS_TOKEN }} | |
BRANCH: gh-pages | |
FOLDER: deploy/ | |
CLEAN: true |