-
Notifications
You must be signed in to change notification settings - Fork 79
76 lines (68 loc) · 2.34 KB
/
gh-release.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
# release package
name: Github Release
on:
workflow_dispatch:
push:
tags:
- "v*.*.*"
jobs:
build-binaries:
runs-on: macos-latest
permissions:
contents: read
id-token: write
strategy:
matrix:
arch: [x64,arm64]
platform: [linux,macos,win]
exclude:
- platform: win
arch: arm64
steps:
- name: Checkout
uses: actions/checkout@v4
- uses: depot/setup-action@v1
with:
oidc: true
- name: Build using Docker (with depot)
run: mkdir preevy-bin && depot build --project ${{ vars.DEPOT_PROJECT_ID }} --build-arg CLI_TARGET=${{ matrix.platform }}-${{ matrix.arch }} -f Dockerfile.cli --target=cli --output=type=tar,dest=./preevy-bin/preevy-${{ matrix.platform }}-${{ matrix.arch }}.tar --progress=plain --platform=linux/${{ matrix.arch == 'x64' && 'amd64' || matrix.arch }} .
- uses: apple-actions/import-codesign-certs@v2
if: ${{ matrix.platform == 'macos' }}
with:
p12-file-base64: ${{ secrets.APPLE_CERT_DATA }}
p12-password: ${{ secrets.APPLE_CERT_PASS }}
- name: Sign mac binaries
if: ${{ matrix.platform == 'macos' }}
env:
CERT_CN: ${{ vars.APPLE_CERT_CN }}
run: |
tar -xf ./preevy-bin/preevy-${{ matrix.platform }}-${{ matrix.arch }}.tar
codesign --remove-signature ./preevy
security find-identity -v
codesign --verbose=4 --sign "$CERT_CN" ./preevy
tar -cf ./preevy-bin/preevy-${{ matrix.platform }}-${{ matrix.arch }}.tar ./preevy
- name: Upload artifacts
uses: actions/upload-artifact@v3
with:
name: preevy-bin
path: ./preevy-bin/**
release:
runs-on: ubuntu-latest
needs: build-binaries
steps:
- name: Checkout
uses: actions/checkout@v4
- uses: depot/setup-action@v1
- name: Download artifacts
uses: actions/download-artifact@v3
with:
name: preevy-bin
path: ./preevy-bin
- name: Release
uses: softprops/action-gh-release@v1
with:
generate_release_notes: true
draft: ${{ !startsWith(github.ref, 'refs/tags/') }}
prerelease: ${{ !startsWith(github.ref, 'refs/tags/') }}
files: |
./preevy-bin/**