SUB - Build on macOS #16
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: SUB - Build on macOS | |
| on: | |
| workflow_dispatch: | |
| inputs: | |
| env: | |
| description: "An Environment" | |
| required: true | |
| type: choice | |
| options: | |
| - development | |
| - production | |
| version: | |
| description: "A Version" | |
| required: true | |
| type: string | |
| workflow_call: | |
| inputs: | |
| env: | |
| description: "An Environment" | |
| required: true | |
| type: string | |
| version: | |
| description: "A Version" | |
| required: true | |
| type: string | |
| env: | |
| app_name: ${{ inputs.env == 'production' && 'Moonshine SDK Installer Signed_NonSandbox' || 'Moonshine SDK Installer Development_Signed_NonSandbox' }} | |
| jobs: | |
| build: | |
| runs-on: "macos-latest" | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - uses: actions/setup-java@v3 | |
| with: | |
| distribution: 'temurin' | |
| java-version: '11' | |
| - uses: krdlab/setup-haxe@v1 | |
| with: | |
| haxe-version: 4.2.5 | |
| - uses: joshtynjala/setup-apache-flex-action@v2 | |
| with: | |
| flex-version: "4.16.1" | |
| air-version: "33.1" | |
| accept-air-license: true | |
| # Prepare signing | |
| - name: Check for Keychain | |
| id: check_keychain | |
| shell: bash | |
| run: | | |
| if security list-keychains | grep -q "build.keychain"; then | |
| echo "keychain_exists=true" >> $GITHUB_OUTPUT | |
| else | |
| echo "keychain_exists=false" >> $GITHUB_OUTPUT | |
| fi | |
| - name: Create keychain | |
| if: steps.check_keychain.outputs.keychain_exists == 'false' | |
| shell: bash | |
| run: | | |
| security create-keychain -p "${{ secrets.MAC_KEYCHAIN_PASS }}" build.keychain | |
| echo "Keychain created" | |
| security set-keychain-settings -lut 21600 build.keychain | |
| echo "Keychain settings set" | |
| security default-keychain -s build.keychain | |
| echo "Keychain made default" | |
| security unlock-keychain -p "${{ secrets.MAC_KEYCHAIN_PASS }}" build.keychain | |
| echo "Keychain unlocked" | |
| - name: Import certificates | |
| shell: bash | |
| run: | | |
| echo "${{ secrets.MAC_APPLICATION_CERTKEY }}" | base64 --decode > application_certkey.p12 | |
| echo "${{ secrets.MAC_INSTALLER_CERTKEY }}" | base64 --decode > installer_certkey.p12 | |
| security import ./application_certkey.p12 \ | |
| -k build.keychain \ | |
| -f pkcs12 \ | |
| -P "${{ secrets.MAC_CERTKEY_PASS }}" \ | |
| -T /usr/bin/codesign \ | |
| -T /usr/bin/productsign \ | |
| -T /usr/bin/productbuild | |
| security import ./installer_certkey.p12 \ | |
| -k build.keychain \ | |
| -f pkcs12 \ | |
| -P "${{ secrets.MAC_CERTKEY_PASS }}" \ | |
| -T /usr/bin/codesign \ | |
| -T /usr/bin/productsign | |
| - name: Allow codesign and productsign to use keychain | |
| shell: bash | |
| run: | | |
| security set-key-partition-list \ | |
| -S apple-tool:,apple:,codesign:,productsign: \ | |
| -s \ | |
| -k "${{ secrets.MAC_KEYCHAIN_PASS }}" \ | |
| build.keychain | |
| - name: Build with Ant | |
| run: > | |
| ant | |
| -buildfile MoonshineSDKInstaller/build/build.xml all | |
| -Dapp.version=${{ inputs.version }} | |
| -Dbuild.is.signed=true | |
| -Dbuild.is.development=${{ inputs.env != 'production' }} | |
| -Dkeychain.name=build.keychain | |
| -Dkeychain.password=${{ secrets.MAC_KEYCHAIN_PASS }} | |
| - name: Notarize pkg | |
| uses: moonshine-ide/macos-notarize-action@main | |
| with: | |
| app-path: MoonshineSDKInstaller/build/bin/msdki_signed.pkg | |
| mac-notarization-apple-id: ${{ secrets.MAC_NOTARIZATION_APPLE_ID }} | |
| mac-notarization-team-id: ${{ secrets.MAC_NOTARIZATION_TEAM_ID }} | |
| mac-notarization-pass: ${{ secrets.MAC_NOTARIZATION_PASS }} | |
| - name: Upload Artifact | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: MoonshineSDKInstaller | |
| path: MoonshineSDKInstaller/build/bin/msdki_signed.pkg | |
| if-no-files-found: error |