-
Notifications
You must be signed in to change notification settings - Fork 2
132 lines (114 loc) · 3.86 KB
/
build-macos.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
name: SUB - Build on macOS
on:
workflow_dispatch:
inputs:
env:
description: "An Environment"
required: true
type: choice
options:
- development
- production
version:
description: "A Version"
required: true
type: string
workflow_call:
inputs:
env:
description: "An Environment"
required: true
type: string
version:
description: "A Version"
required: true
type: string
env:
app_name: ${{ inputs.env == 'production' && 'Moonshine SDK Installer Signed_NonSandbox' || 'Moonshine SDK Installer Development_Signed_NonSandbox' }}
jobs:
build:
runs-on: "macos-latest"
steps:
- uses: actions/checkout@v4
- uses: actions/setup-java@v3
with:
distribution: 'temurin'
java-version: '11'
- uses: krdlab/setup-haxe@v1
with:
haxe-version: 4.2.5
- uses: joshtynjala/setup-apache-flex-action@v2
with:
flex-version: "4.16.1"
air-version: "33.1"
accept-air-license: true
# Prepare signing
- name: Check for Keychain
id: check_keychain
shell: bash
run: |
if security list-keychains | grep -q "build.keychain"; then
echo "keychain_exists=true" >> $GITHUB_OUTPUT
else
echo "keychain_exists=false" >> $GITHUB_OUTPUT
fi
- name: Create keychain
if: steps.check_keychain.outputs.keychain_exists == 'false'
shell: bash
run: |
security create-keychain -p "${{ secrets.MAC_KEYCHAIN_PASS }}" build.keychain
echo "Keychain created"
security set-keychain-settings -lut 21600 build.keychain
echo "Keychain settings set"
security default-keychain -s build.keychain
echo "Keychain made default"
security unlock-keychain -p "${{ secrets.MAC_KEYCHAIN_PASS }}" build.keychain
echo "Keychain unlocked"
- name: Import certificates
shell: bash
run: |
echo "${{ secrets.MAC_APPLICATION_CERTKEY }}" | base64 --decode > application_certkey.p12
echo "${{ secrets.MAC_INSTALLER_CERTKEY }}" | base64 --decode > installer_certkey.p12
security import ./application_certkey.p12 \
-k build.keychain \
-f pkcs12 \
-P "${{ secrets.MAC_CERTKEY_PASS }}" \
-T /usr/bin/codesign \
-T /usr/bin/productsign \
-T /usr/bin/productbuild
security import ./installer_certkey.p12 \
-k build.keychain \
-f pkcs12 \
-P "${{ secrets.MAC_CERTKEY_PASS }}" \
-T /usr/bin/codesign \
-T /usr/bin/productsign
- name: Allow codesign and productsign to use keychain
shell: bash
run: |
security set-key-partition-list \
-S apple-tool:,apple:,codesign:,productsign: \
-s \
-k "${{ secrets.MAC_KEYCHAIN_PASS }}" \
build.keychain
- name: Build with Ant
run: >
ant
-buildfile MoonshineSDKInstaller/build/build.xml all
-Dapp.version=${{ inputs.version }}
-Dbuild.is.signed=true
-Dbuild.is.development=${{ inputs.env != 'production' }}
-Dkeychain.name=build.keychain
-Dkeychain.password=${{ secrets.MAC_KEYCHAIN_PASS }}
- name: Notarize pkg
uses: moonshine-ide/macos-notarize-action@main
with:
app-path: MoonshineSDKInstaller/build/bin/msdki_signed.pkg
mac-notarization-apple-id: ${{ secrets.MAC_NOTARIZATION_APPLE_ID }}
mac-notarization-team-id: ${{ secrets.MAC_NOTARIZATION_TEAM_ID }}
mac-notarization-pass: ${{ secrets.MAC_NOTARIZATION_PASS }}
- name: Upload Artifact
uses: actions/upload-artifact@v4
with:
name: MoonshineSDKInstaller
path: MoonshineSDKInstaller/build/bin/msdki_signed.pkg
if-no-files-found: error