-
Notifications
You must be signed in to change notification settings - Fork 14
73 lines (66 loc) · 3.17 KB
/
dist_mac.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
name: Build on macOS
on: push
jobs:
build:
runs-on: macos-12
steps:
- name: Check out repository code
uses: actions/checkout@v3
with:
fetch-depth: 0
- name: Install certificates. Write dist_config.json.
env:
DIST_CONFIG: ${{ secrets.PROD_MACOS_DIST_CONFIG }}
CERTIFICATE: ${{ secrets.PROD_MACOS_CERTIFICATE }}
CERTIFICATE_PWD: ${{ secrets.PROD_MACOS_CERTIFICATE_PWD }}
CERTIFICATE_NAME: ${{ secrets.PROD_MACOS_CERTIFICATE_NAME }}
KEYCHAIN_PWD: ${{ secrets.PROD_MACOS_CI_KEYCHAIN_PWD }}
NOTARIZATION_APPLE_ID: ${{ secrets.PROD_MACOS_NOTARIZATION_APPLE_ID }}
NOTARIZATION_TEAM_ID: ${{ secrets.PROD_MACOS_NOTARIZATION_TEAM_ID }}
NOTARIZATION_PWD: ${{ secrets.PROD_MACOS_NOTARIZATION_PWD }}
NOTARIZATION_PROFILE: ${{ secrets.PROD_MACOS_NOTARIZATION_PROFILE }}
run: |
# Adapted from https://federicoterzi.com/blog/automatic-code-signing-and-notarization-for-macos-apps-using-github-actions/
# Turn our base64-encoded certificate back to a regular .p12 file
echo $CERTIFICATE | base64 --decode > certificate.p12
echo $DIST_CONFIG | base64 --decode > dist_config.json
# We need to create a new keychain, otherwise using the certificate will prompt
# with a UI dialog asking for the certificate password, which we can't
# use in a headless CI environment
security create-keychain -p "$KEYCHAIN_PWD" build.keychain
security default-keychain -s build.keychain
security unlock-keychain -p "$KEYCHAIN_PWD" build.keychain
security import certificate.p12 -k build.keychain -P "$CERTIFICATE_PWD" -T /usr/bin/codesign
security set-key-partition-list -S apple-tool:,apple:,codesign: -s -k "$KEYCHAIN_PWD" build.keychain
echo "Create keychain profile"
xcrun notarytool store-credentials "$NOTARIZATION_PROFILE" --apple-id "$NOTARIZATION_APPLE_ID" --team-id "$NOTARIZATION_TEAM_ID" --password "$NOTARIZATION_PWD"
- name: Install build deps
run: brew install nim scons yasm
- name: Install nim
run: |
curl -LO https://github.com/nim-lang/nightlies/releases/download/2024-03-28-version-2-0-b47747d31844c6bd9af4322efe55e24fefea544c/nim-2.0.4-macosx_x64.tar.xz
tar xzf nim-2.0.4-macosx_x64.tar.xz
echo "$(pwd)/nim-2.0.4/bin" >> $GITHUB_PATH
- name: Update path
run: echo "$HOME/.nimble/bin" >> $GITHUB_PATH
- name: Install nimble deps
run: nimble setup -y
- name: Save SHAs of submodules
run: 'git submodule status > .submodules.tmp'
- name: prereq cache
id: prereq-cache
uses: actions/cache@v3
with:
path: |
vendor/godot/bin
fonts
key: ${{ runner.os }}-prereq-cache-v2-${{ hashFiles('.submodules.tmp') }}
- name: build prereqs
run: nimble dist_prereqs
if: steps.prereq-cache.outputs.cache-hit != 'true'
- name: Dist
run: nimble dist_package
- uses: actions/upload-artifact@v3
with:
name: Enu macOS Distribution
path: dist/*.dmg