Fix codesign macos for application and installer #144
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: CI Cortex Release | |
on: | |
push: | |
tags: ["v[0-9]+.[0-9]+.[0-9]+", "v[0-9]+.[0-9]+.[0-9]+-*", "!v[0-9]+.[0-9]+.[0-9]+-cortex-js"] | |
paths: ["cortex-cpp/**", "cortex-js/**"] | |
workflow_dispatch: | |
jobs: | |
create-draft-release: | |
runs-on: ubuntu-latest | |
if: github.event_name == 'push' && startsWith(github.ref, 'refs/tags/') | |
outputs: | |
upload_url: ${{ steps.create_release.outputs.upload_url }} | |
version: ${{ steps.get_version.outputs.version }} | |
permissions: | |
contents: write | |
steps: | |
- name: Extract tag name without v prefix | |
id: get_version | |
run: | | |
echo "VERSION=${GITHUB_REF#refs/tags/v}" >> $GITHUB_ENV && echo "::set-output name=version::${GITHUB_REF#refs/tags/v}" | |
env: | |
GITHUB_REF: ${{ github.ref }} | |
- name: Create Draft Release | |
id: create_release | |
uses: softprops/action-gh-release@v2 | |
with: | |
tag_name: ${{ github.ref_name }} | |
token: ${{ secrets.GITHUB_TOKEN }} | |
name: "${{ env.VERSION }}" | |
draft: true | |
prerelease: false | |
build-and-test: | |
runs-on: ${{ matrix.runs-on }} | |
needs: [create-draft-release] | |
timeout-minutes: 40 | |
strategy: | |
fail-fast: false | |
matrix: | |
include: | |
- os: "linux" | |
name: "amd64" | |
runs-on: "ubuntu-20-04" | |
cmake-flags: "-DCORTEX_CPP_VERSION=${{needs.create-draft-release.outputs.version}}" | |
build-deps-cmake-flags: "" | |
arch: "x64" | |
platform: "linux" | |
- os: "mac" | |
name: "amd64" | |
runs-on: "macos-13" | |
cmake-flags: "-DCORTEX_CPP_VERSION=${{needs.create-draft-release.outputs.version}}" | |
build-deps-cmake-flags: "" | |
arch: "x64" | |
platform: "darwin" | |
- os: "mac" | |
name: "arm64" | |
runs-on: "macos-latest" | |
cmake-flags: "-DCORTEX_CPP_VERSION=${{needs.create-draft-release.outputs.version}} -DMAC_ARM64=ON" | |
build-deps-cmake-flags: "" | |
arch: "arm64" | |
platform: "darwin" | |
- os: "windows" | |
name: "amd64" | |
runs-on: "windows-cuda-12-0" | |
cmake-flags: "-DCORTEX_CPP_VERSION=${{needs.create-draft-release.outputs.version}} -DBUILD_SHARED_LIBS=OFF -DCMAKE_BUILD_TYPE=RELEASE -DCMAKE_CXX_COMPILER_LAUNCHER=ccache -DCMAKE_C_COMPILER_LAUNCHER=ccache -DCMAKE_CUDA_COMPILER_LAUNCHER=ccache -GNinja" | |
build-deps-cmake-flags: "-DCMAKE_BUILD_TYPE=RELEASE -DCMAKE_CXX_COMPILER_LAUNCHER=ccache -DCMAKE_C_COMPILER_LAUNCHER=ccache -DCMAKE_CUDA_COMPILER_LAUNCHER=ccache -GNinja" | |
arch: "x64" | |
platform: "win32" | |
steps: | |
- name: Clone | |
id: checkout | |
uses: actions/checkout@v3 | |
with: | |
submodules: recursive | |
- uses: actions/setup-dotnet@v3 | |
if: runner.os == 'Windows' | |
with: | |
dotnet-version: "8.0.x" | |
- uses: actions/setup-node@v3 | |
with: | |
node-version: "20.x" | |
registry-url: "https://registry.npmjs.org" | |
- name: Install choco on Windows | |
if: runner.os == 'Windows' | |
run: | | |
choco install make pkgconfiglite ccache awscli 7zip ninja -y | |
- name: Download ccache from s3 | |
if: runner.os == 'Windows' | |
continue-on-error: true | |
run: | | |
Import-Module "$env:ChocolateyInstall\helpers\chocolateyProfile.psm1" | |
refreshenv | |
aws s3 cp s3://${{ secrets.MINIO_BUCKET_NAME }}/cortex-cpp-${{ matrix.os }}-${{ matrix.name }} ${{ matrix.ccache-dir }} --recursive --endpoint ${{ secrets.MINIO_ENDPOINT }} | |
env: | |
AWS_ACCESS_KEY_ID: "${{ secrets.MINIO_ACCESS_KEY_ID }}" | |
AWS_SECRET_ACCESS_KEY: "${{ secrets.MINIO_SECRET_ACCESS_KEY }}" | |
AWS_DEFAULT_REGION: "${{ secrets.MINIO_REGION }}" | |
- name: Get Cer for code signing | |
if: runner.os == 'macOS' | |
run: base64 -d <<< "$CODE_SIGN_P12_BASE64" > /tmp/codesign.p12 | |
shell: bash | |
env: | |
CODE_SIGN_P12_BASE64: ${{ secrets.CODE_SIGN_P12_BASE64 }} | |
- name: Install the Apple certificate and provisioning profile | |
if: runner.os == 'macOS' | |
env: | |
BUILD_CERTIFICATE_BASE64: ${{ secrets.CODE_SIGN_P12_BASE64 }} | |
P12_PASSWORD: ${{ secrets.CODE_SIGN_P12_PASSWORD }} | |
KEYCHAIN_PASSWORD: ${{ secrets.KEYCHAIN_PASSWORD }} | |
run: | | |
# create variables | |
CERTIFICATE_PATH=$RUNNER_TEMP/build_certificate.p12 | |
KEYCHAIN_PATH=$RUNNER_TEMP/app-signing.keychain-db | |
# import certificate and provisioning profile from secrets | |
echo -n "$BUILD_CERTIFICATE_BASE64" | base64 --decode -o $CERTIFICATE_PATH | |
# create temporary keychain | |
security create-keychain -p "$KEYCHAIN_PASSWORD" $KEYCHAIN_PATH | |
security set-keychain-settings -lut 21600 $KEYCHAIN_PATH | |
security unlock-keychain -p "$KEYCHAIN_PASSWORD" $KEYCHAIN_PATH | |
# import certificate to keychain | |
security import $CERTIFICATE_PATH -P "$P12_PASSWORD" -A -t cert -f pkcs12 -k $KEYCHAIN_PATH | |
security set-key-partition-list -S apple-tool:,apple: -k "$KEYCHAIN_PASSWORD" $KEYCHAIN_PATH | |
security list-keychain -d user -s $KEYCHAIN_PATH | |
- name: Build | |
run: | | |
cd cortex-cpp | |
make build CMAKE_EXTRA_FLAGS="${{ matrix.cmake-flags }}" BUILD_DEPS_CMAKE_EXTRA_FLAGS="${{ matrix.build-deps-cmake-flags }}" | |
- name: Pre-package | |
run: | | |
cd cortex-cpp | |
make pre-package | |
- name: Code Signing macOS | |
if: runner.os == 'macOS' | |
run: | | |
cd cortex-cpp | |
make codesign CODE_SIGN=true DEVELOPER_ID="${{ secrets.DEVELOPER_ID }}" | |
- uses: nick-fields/retry@v3 | |
with: | |
continue_on_error: true | |
retry_wait_seconds: 10 | |
timeout_minutes: 10 | |
max_attempts: 3 | |
shell: cmd | |
command: | | |
cd cortex-cpp | |
set PATH=%PATH%;%USERPROFILE%\.dotnet\tools | |
make codesign CODE_SIGN=true AZURE_KEY_VAULT_URI="${{ secrets.AZURE_KEY_VAULT_URI }}" AZURE_CLIENT_ID="${{ secrets.AZURE_CLIENT_ID }}" AZURE_TENANT_ID="${{ secrets.AZURE_TENANT_ID }}" AZURE_CLIENT_SECRET="${{ secrets.AZURE_CLIENT_SECRET }}" AZURE_CERT_NAME="${{ secrets.AZURE_CERT_NAME }}" | |
name: Code Signing Windows | |
if: runner.os == 'Windows' | |
- name: Package | |
run: | | |
cd cortex-cpp | |
make package | |
- uses: actions/[email protected] | |
if: github.event_name == 'push' && startsWith(github.ref, 'refs/tags/') | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
with: | |
upload_url: ${{ needs.create-draft-release.outputs.upload_url }} | |
asset_path: ./cortex-cpp/cortex-cpp.tar.gz | |
asset_name: cortex-cpp-${{ needs.create-draft-release.outputs.version }}-${{ matrix.os }}-${{ matrix.name }}.tar.gz | |
asset_content_type: application/gzip | |
- name: Upload ccache to s3 | |
continue-on-error: true | |
if: always() && runner.os == 'Windows' | |
run: | | |
Import-Module "$env:ChocolateyInstall\helpers\chocolateyProfile.psm1" | |
refreshenv | |
aws s3 cp ${{ matrix.ccache-dir }} s3://${{ secrets.MINIO_BUCKET_NAME }}/cortex-cpp-${{ matrix.os }}-${{ matrix.name }} --recursive --endpoint ${{ secrets.MINIO_ENDPOINT }} | |
env: | |
AWS_ACCESS_KEY_ID: "${{ secrets.MINIO_ACCESS_KEY_ID }}" | |
AWS_SECRET_ACCESS_KEY: "${{ secrets.MINIO_SECRET_ACCESS_KEY }}" | |
AWS_DEFAULT_REGION: "${{ secrets.MINIO_REGION }}" | |
## cortex-cpp node binding | |
# update version in package.json | |
- name: Install jq | |
uses: dcarbone/[email protected] | |
- name: "Update version by tag" | |
working-directory: cortex-cpp | |
run: | | |
echo "Version: ${{ needs.create-draft-release.outputs.version }}" | |
# Update the version in package.json | |
jq --arg version "${{ needs.create-draft-release.outputs.version }}" '.version = $version' package.json > package-tmp.json | |
rm package.json | |
mv package-tmp.json package.json | |
# build prebuilds | |
- name: Build Prebuilds | |
working-directory: cortex-cpp | |
run: | | |
npm install -g yarn | |
yarn && yarn prebuild | |
# upload prebuilds | |
- name: Upload Prebuilds Darwin | |
uses: actions/[email protected] | |
if: github.event_name == 'push' && startsWith(github.ref, 'refs/tags/') | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
with: | |
upload_url: ${{ needs.create-draft-release.outputs.upload_url }} | |
asset_path: ./cortex-cpp/prebuilds/cortex-cpp-v${{ needs.create-draft-release.outputs.version }}-napi-v8-${{matrix.platform}}-${{ matrix.arch }}.tar.gz | |
asset_name: cortex-cpp-v${{ needs.create-draft-release.outputs.version }}-napi-v8-${{matrix.platform}}-${{ matrix.arch }}.tar.gz | |
asset_content_type: application/gzip | |
# Setup .npmrc file to publish to npm - upload only once | |
- run: npm publish --access public | |
continue-on-error: true | |
if: runner.os == 'linux' | |
env: | |
NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }} | |
working-directory: ./cortex-cpp | |
- name: Clean up keychain | |
if: ${{ always() && runner.os == 'macOS' }} | |
run: | | |
security delete-keychain $RUNNER_TEMP/app-signing.keychain-db | |
build-cortex-single-binary: | |
runs-on: ${{ matrix.runs-on }} | |
needs: [create-draft-release, build-and-test] | |
timeout-minutes: 20 | |
strategy: | |
fail-fast: false | |
matrix: | |
include: | |
- os: "linux" | |
name: "amd64" | |
runs-on: "ubuntu-latest" | |
- os: "windows" | |
name: "amd64" | |
runs-on: "windows-2019" | |
- os: "mac" | |
name: "amd64" | |
runs-on: "macos-desktop" | |
- os: "mac" | |
name: "arm64" | |
runs-on: "macos-silicon" | |
steps: | |
- name: Clone | |
id: checkout | |
uses: actions/checkout@v3 | |
with: | |
submodules: recursive | |
- uses: actions/setup-dotnet@v3 | |
if: runner.os == 'Windows' | |
with: | |
dotnet-version: "8.0.x" | |
- name: Install jq | |
uses: dcarbone/[email protected] | |
- uses: actions/setup-node@v3 | |
with: | |
node-version: "20.x" | |
registry-url: "https://registry.npmjs.org" | |
- name: "Update version by tag" | |
working-directory: cortex-js | |
shell: bash | |
run: | | |
echo "Version: ${{ needs.create-draft-release.outputs.version }}" | |
# Update the version in package.json | |
jq --arg version "${{ needs.create-draft-release.outputs.version }}" '.version = $version' package.json > /tmp/package.json | |
mv /tmp/package.json package.json | |
- name: Install choco on Windows | |
if: runner.os == 'Windows' | |
run: | | |
choco install make -y | |
- uses: actions/setup-node@v3 | |
with: | |
node-version: "20.x" | |
registry-url: "https://registry.npmjs.org" | |
- uses: actions/setup-python@v3 | |
if: runner.os != 'macOS' | |
with: | |
python-version: "3.10" | |
- run: pip3 install --upgrade setuptools | |
if: runner.os == 'macOS' | |
- run: yarn install && yarn build:binary | |
working-directory: ./cortex-js | |
- name: update app info | |
run: | | |
cd cortex-js | |
make update-app-info | |
- name: copy bin file macos | |
if: runner.os == 'macOS' | |
run: | | |
cd cortex-js | |
mkdir -p installer | |
which cp | |
which mv | |
npm install -g cpx | |
npx cpx ./dist/cortexso-macos ./ | |
mv cortexso-macos cortex | |
- name: Code Signing macOS | |
if: runner.os == 'macOS' | |
env: | |
BUILD_CERTIFICATE_BASE64: ${{ secrets.CODE_SIGN_P12_BASE64 }} | |
P12_PASSWORD: ${{ secrets.CODE_SIGN_P12_PASSWORD }} | |
KEYCHAIN_PASSWORD: ${{ secrets.KEYCHAIN_PASSWORD }} | |
run: | | |
cd cortex-js | |
./dist/cortexso-macos --help | |
echo "--------" | |
./cortex --help | |
# create variables | |
CERTIFICATE_PATH=$RUNNER_TEMP/build_certificate.p12 | |
KEYCHAIN_PATH=$RUNNER_TEMP/app-signing.keychain-db | |
# import certificate and provisioning profile from secrets | |
echo -n "$BUILD_CERTIFICATE_BASE64" | base64 --decode -o $CERTIFICATE_PATH | |
# create temporary keychain | |
security create-keychain -p "$KEYCHAIN_PASSWORD" $KEYCHAIN_PATH | |
security set-keychain-settings -lut 21600 $KEYCHAIN_PATH | |
security unlock-keychain -p "$KEYCHAIN_PASSWORD" $KEYCHAIN_PATH | |
# import certificate to keychain | |
security import $CERTIFICATE_PATH -P "$P12_PASSWORD" -A -t cert -f pkcs12 -k $KEYCHAIN_PATH | |
security set-key-partition-list -S apple-tool:,apple: -k "$KEYCHAIN_PASSWORD" $KEYCHAIN_PATH | |
security list-keychain -d user -s $KEYCHAIN_PATH | |
# make codesign-binary CODE_SIGN=true DEVELOPER_ID="${{ secrets.DEVELOPER_ID }}" | |
npx cpx ./cortex ./installer | |
./installer/cortex --help | |
pkgbuild --identifier ai.cortex.pkg --install-location ./usr/local/bin/ --root ./installer cortex-installer.pkg | |
make codesign-installer CODE_SIGN=true DEVELOPER_ID="${{ secrets.DEVELOPER_ID }}" | |
- name: Create MacOS PKG Installer | |
if: runner.os == 'Linux' | |
run: | | |
cd cortex-js | |
mkdir -p cortexso/DEBIAN | |
mkdir -p cortexso/usr/local/bin | |
sed "s/Version:/Version: ${{ needs.create-draft-release.outputs.version }}/g" control.template > cortexso/DEBIAN/control | |
cp cortex cortexso/usr/local/bin/cortex | |
dpkg-deb --build cortexso | |
- run: | | |
cd cortex-js | |
set PATH=%PATH%;%USERPROFILE%\.dotnet\tools | |
make codesign-binary CODE_SIGN=true CORTEX_VERSION="0.${{ needs.create-draft-release.outputs.version }}" AZURE_KEY_VAULT_URI="${{ secrets.AZURE_KEY_VAULT_URI }}" AZURE_CLIENT_ID="${{ secrets.AZURE_CLIENT_ID }}" AZURE_TENANT_ID="${{ secrets.AZURE_TENANT_ID }}" AZURE_CLIENT_SECRET="${{ secrets.AZURE_CLIENT_SECRET }}" AZURE_CERT_NAME="${{ secrets.AZURE_CERT_NAME }}" | |
name: Code Signing Windows | |
shell: cmd | |
if: runner.os == 'Windows' | |
- name: Update version in installer.iss using sed | |
if: runner.os == 'Windows' | |
shell: bash | |
run: | | |
cd cortex-js | |
sed -i "s/AppVersion=1.0/AppVersion=${{ needs.create-draft-release.outputs.version }}/g" installer.iss | |
cat installer.iss | |
- name: Compile .ISS to .EXE Installer | |
uses: Minionguyjpro/[email protected] | |
if: runner.os == 'Windows' | |
with: | |
path: cortex-js/installer.iss | |
options: /O+ | |
- run: | | |
cd cortex-js | |
set PATH=%PATH%;%USERPROFILE%\.dotnet\tools | |
make codesign-installer CODE_SIGN=true CORTEX_VERSION="0.${{ needs.create-draft-release.outputs.version }}" AZURE_KEY_VAULT_URI="${{ secrets.AZURE_KEY_VAULT_URI }}" AZURE_CLIENT_ID="${{ secrets.AZURE_CLIENT_ID }}" AZURE_TENANT_ID="${{ secrets.AZURE_TENANT_ID }}" AZURE_CLIENT_SECRET="${{ secrets.AZURE_CLIENT_SECRET }}" AZURE_CERT_NAME="${{ secrets.AZURE_CERT_NAME }}" | |
name: Code Signing Windows | |
shell: cmd | |
if: runner.os == 'Windows' | |
- name: Post-Bundle | |
run: | | |
cd cortex-js | |
make postbundle | |
- name: Upload Cortex Installer | |
uses: actions/[email protected] | |
if: runner.os != 'Linux' | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
with: | |
upload_url: ${{ needs.create-draft-release.outputs.upload_url }} | |
asset_path: ./cortex-js/cortex-installer.tar.gz | |
asset_name: cortex-installer-${{ needs.create-draft-release.outputs.version }}-${{ matrix.name }}-${{ matrix.os }}.tar.gz | |
asset_content_type: application/gzip | |
- name: Upload Cortex Installer | |
uses: actions/[email protected] | |
if: runner.os == 'Windows' | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
with: | |
upload_url: ${{ needs.create-draft-release.outputs.upload_url }} | |
asset_path: ./cortex-js/setup.exe | |
asset_name: cortex-installer-${{ needs.create-draft-release.outputs.version }}-${{ matrix.name }}-${{ matrix.os }}.exe | |
asset_content_type: application/octet-stream | |
- uses: actions/[email protected] | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
with: | |
upload_url: ${{ needs.create-draft-release.outputs.upload_url }} | |
asset_path: ./cortex-js/cortex.tar.gz | |
asset_name: cortex-${{ needs.create-draft-release.outputs.version }}-${{ matrix.name }}-${{ matrix.os }}.tar.gz | |
asset_content_type: application/gzip | |
- uses: actions/[email protected] | |
if: runner.os == 'Linux' | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
with: | |
upload_url: ${{ needs.create-draft-release.outputs.upload_url }} | |
asset_path: ./cortex-js/cortexso.deb | |
asset_name: cortex-installer-${{ needs.create-draft-release.outputs.version }}-${{ matrix.name }}-${{ matrix.os }}.deb | |
asset_content_type: application/gzip | |
# Upload artifact for package manager | |
- name: Upload Artifact | |
if: runner.os == 'Linux' | |
uses: actions/upload-artifact@v2 | |
with: | |
name: cortex-linux | |
path: ./cortex-js/cortex | |
- name: Clean up keychain | |
if: ${{ always() && runner.os == 'macOS' }} | |
run: | | |
security delete-keychain $RUNNER_TEMP/app-signing.keychain-db | |
update_release_draft: | |
needs: [build-and-test, build-cortex-single-binary] | |
permissions: | |
# write permission is required to create a github release | |
contents: write | |
# write permission is required for autolabeler | |
# otherwise, read permission is required at least | |
pull-requests: write | |
runs-on: ubuntu-latest | |
steps: | |
# (Optional) GitHub Enterprise requires GHE_HOST variable set | |
#- name: Set GHE_HOST | |
# run: | | |
# echo "GHE_HOST=${GITHUB_SERVER_URL##https:\/\/}" >> $GITHUB_ENV | |
# Drafts your next Release notes as Pull Requests are merged into "master" | |
- uses: release-drafter/release-drafter@v5 | |
# (Optional) specify config name to use, relative to .github/. Default: release-drafter.yml | |
# with: | |
# config-name: my-config.yml | |
# disable-autolabeler: true | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
# Add jobs with approval | |
public_package_manager: | |
needs: [create-draft-release, update_release_draft] | |
runs-on: ubuntu-latest | |
environment: package-manager | |
permissions: | |
contents: read | |
steps: | |
- name: checkout | |
uses: actions/checkout@v4 | |
- name: Download artifact | |
uses: actions/download-artifact@v2 | |
with: | |
name: cortex-linux | |
path: ./cortex-linux | |
- name: install dependencies | |
run: | | |
ls -al ./cortex-linux | |
sudo apt-get install dput devscripts build-essential debhelper-compat pbuilder debootstrap devscripts -y | |
- name: import gpg key with subkey | |
uses: crazy-max/ghaction-import-gpg@v4 | |
with: | |
gpg_private_key: ${{ secrets.HOMEBREW_GPG_PRIVATE_KEY }} | |
passphrase: ${{ secrets.HOMEBREW_GPG_PASSPHRASE }} | |
fingerprint: ${{ secrets.HOMEBREW_GPG_FINGERPRINT }} | |
- run: | | |
mkdir -p package-managers-template/launchpad/cortexso-${{ needs.create-draft-release.outputs.version }}/debian | |
cp package-managers-template/launchpad/cortexso/debian/* package-managers-template/launchpad/cortexso-${{ needs.create-draft-release.outputs.version }}/debian/ | |
cp ./cortex-linux/cortex package-managers-template/launchpad/cortexso-${{ needs.create-draft-release.outputs.version }}/ | |
- name: Get release notes | |
id: release_notes | |
run: | | |
RELEASE_NOTES="cortex update to version ${{ needs.create-draft-release.outputs.version }}" | |
echo "RELEASE_NOTES=${RELEASE_NOTES}" >> $GITHUB_ENV | |
- name: Update change log | |
run: | | |
sed -i "s/VERSION/${{ needs.create-draft-release.outputs.version }}/g" package-managers-template/launchpad/cortexso-${{ needs.create-draft-release.outputs.version }}/debian/changelog | |
sed -i "s/CHANGELOG_HERE/${{ env.RELEASE_NOTES }}/g" package-managers-template/launchpad/cortexso-${{ needs.create-draft-release.outputs.version }}/debian/changelog | |
timestamp=$(date -u +"%a, %d %b %Y %H:%M:%S +0000") | |
sed -i "s/TIME_HERE/${timestamp}/g" package-managers-template/launchpad/cortexso-${{ needs.create-draft-release.outputs.version }}/debian/changelog | |
- name: Build package | |
run: | | |
cd package-managers-template/launchpad/cortexso-${{ needs.create-draft-release.outputs.version }} | |
echo "y" | debuild -S -sa -k${{ secrets.HOMEBREW_GPG_FINGERPRINT }} | |
sudo pbuilder create --distribution jammy --debootstrapopts --variant=buildd | |
sudo pbuilder build ../cortexso_${{ needs.create-draft-release.outputs.version }}.dsc | |
dput ppa:homebrew-computer/main ../cortexso_${{ needs.create-draft-release.outputs.version }}_source.changes | |