SUB - Build on macOS #18
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: SUB - Build on macOS | |
on: | |
workflow_dispatch: | |
inputs: | |
env: | |
description: "An Environment" | |
required: true | |
type: choice | |
options: | |
- development | |
- production | |
version: | |
description: "A Version" | |
required: true | |
type: string | |
workflow_call: | |
inputs: | |
env: | |
description: "An Environment" | |
required: true | |
type: string | |
version: | |
description: "A Version" | |
required: true | |
type: string | |
env: | |
app_name: ${{ inputs.env == 'production' && 'MoonshineSDKInstaller' || 'MoonshineSDKInstallerDevelopment' }} | |
jobs: | |
build: | |
runs-on: "macos-latest" | |
steps: | |
- uses: actions/checkout@v4 | |
- uses: actions/setup-java@v3 | |
with: | |
distribution: 'temurin' | |
java-version: '11' | |
- uses: krdlab/setup-haxe@v1 | |
with: | |
haxe-version: 4.2.5 | |
- uses: joshtynjala/setup-apache-flex-action@v2 | |
with: | |
flex-version: "4.16.1" | |
air-version: "33.1" | |
accept-air-license: true | |
# Prepare signing | |
- name: Check for Keychain | |
id: check_keychain | |
shell: bash | |
run: | | |
if security list-keychains | grep -q "build.keychain"; then | |
echo "keychain_exists=true" >> $GITHUB_OUTPUT | |
else | |
echo "keychain_exists=false" >> $GITHUB_OUTPUT | |
fi | |
- name: Create keychain | |
if: steps.check_keychain.outputs.keychain_exists == 'false' | |
shell: bash | |
run: | | |
security create-keychain -p "${{ secrets.MAC_KEYCHAIN_PASS }}" build.keychain | |
echo "Keychain created" | |
security set-keychain-settings -lut 21600 build.keychain | |
echo "Keychain settings set" | |
security default-keychain -s build.keychain | |
echo "Keychain made default" | |
security unlock-keychain -p "${{ secrets.MAC_KEYCHAIN_PASS }}" build.keychain | |
echo "Keychain unlocked" | |
- name: Import certificates | |
shell: bash | |
run: | | |
echo "${{ secrets.MAC_APPLICATION_CERTKEY }}" | base64 --decode > application_certkey.p12 | |
echo "${{ secrets.MAC_INSTALLER_CERTKEY }}" | base64 --decode > installer_certkey.p12 | |
security import ./application_certkey.p12 \ | |
-k build.keychain \ | |
-f pkcs12 \ | |
-P "${{ secrets.MAC_CERTKEY_PASS }}" \ | |
-T /usr/bin/codesign \ | |
-T /usr/bin/productsign \ | |
-T /usr/bin/productbuild | |
security import ./installer_certkey.p12 \ | |
-k build.keychain \ | |
-f pkcs12 \ | |
-P "${{ secrets.MAC_CERTKEY_PASS }}" \ | |
-T /usr/bin/codesign \ | |
-T /usr/bin/productsign | |
- name: Allow codesign and productsign to use keychain | |
shell: bash | |
run: | | |
security set-key-partition-list \ | |
-S apple-tool:,apple:,codesign:,productsign: \ | |
-s \ | |
-k "${{ secrets.MAC_KEYCHAIN_PASS }}" \ | |
build.keychain | |
- name: Unlock keychain | |
shell: bash | |
run: | | |
security unlock-keychain -p "${{ secrets.MAC_KEYCHAIN_PASS }}" build.keychain | |
- name: Create notarization profile | |
shell: bash | |
run: | | |
xcrun notarytool \ | |
store-credentials "notarytool-profile" \ | |
--apple-id ${{ secrets.MAC_NOTARIZATION_APPLE_ID }} \ | |
--team-id ${{ secrets.MAC_NOTARIZATION_TEAM_ID }} \ | |
--password ${{ secrets.MAC_NOTARIZATION_PASS }}" | |
- name: Build with Ant | |
run: > | |
ant | |
-buildfile MoonshineSDKInstaller/build/build.xml build | |
-Dapp.version=${{ inputs.version }} | |
-Dbuild.is.development=${{ inputs.env != 'production' }} | |
- name: Sign Pack with Ant | |
run: > | |
ant | |
-buildfile MoonshineSDKInstaller/build/build.xml sign-pack | |
-Dkeychain.name=build.keychain | |
-Dnotarytool.profile="notarytool-profile" | |
- name: Upload Artifact | |
uses: actions/upload-artifact@v4 | |
with: | |
name: MoonshineSDKInstaller | |
path: MoonshineSDKInstaller/build/bin/msdki.pkg | |
if-no-files-found: error |