diff --git a/.github/workflows/go.yml b/.github/workflows/go.yml index 921ef7b..ab629e6 100644 --- a/.github/workflows/go.yml +++ b/.github/workflows/go.yml @@ -1,13 +1,14 @@ name: build releases on: + workflow_dispatch: release: types: [published] jobs: build: - runs-on: ubuntu-latest + runs-on: macos-latest steps: - uses: actions/checkout@v2 @@ -18,3 +19,8 @@ jobs: - name: build binaries run: GITHUB_TOKEN=${{ secrets.GITHUB_TOKEN }} ./build.sh + env: + AC_USERNAME: ${{ secrets.AC_USERNAME }} + AC_PASSWORD: ${{ secrets.AC_PASSWORD }} + APPLE_DEVELOPER_CERTIFICATE_P12_BASE64: ${{ secrets.APPLE_DEVELOPER_CERTIFICATE_P12_BASE64 }} + APPLE_DEVELOPER_CERTIFICATE_PASSWORD: ${{ secrets.APPLE_DEVELOPER_CERTIFICATE_PASSWORD }} diff --git a/amd64-darwin-sb-gon-config.json b/amd64-darwin-sb-gon-config.json new file mode 100644 index 0000000..3474e08 --- /dev/null +++ b/amd64-darwin-sb-gon-config.json @@ -0,0 +1,11 @@ +{ + "source" : ["./amd64-darwin-sb"], + "bundle_id" : "com.sparkbox.sb", + "sign" :{ + "application_identity" : "Developer ID Application: Rob Harr (J77MB48G77)" + }, + "dmg" :{ + "output_path" : "./amd64-darwin-sb.dmg", + "volume_name" : "amd64-sb" + } +} diff --git a/arm64-darwin-sb-gon-config.json b/arm64-darwin-sb-gon-config.json new file mode 100644 index 0000000..64164b4 --- /dev/null +++ b/arm64-darwin-sb-gon-config.json @@ -0,0 +1,11 @@ +{ + "source" : ["./arm64-darwin-sb"], + "bundle_id" : "com.sparkbox.sb", + "sign" :{ + "application_identity" : "Developer ID Application: Rob Harr (J77MB48G77)" + }, + "dmg" :{ + "output_path" : "./arm64-darwin-sb.dmg", + "volume_name" : "arm-sb" + } +} diff --git a/build.sh b/build.sh index ebbfcb9..058992b 100755 --- a/build.sh +++ b/build.sh @@ -4,24 +4,55 @@ # https://docs.github.com/en/actions/reference/environment-variables#default-environment-variables GIT_TAG=$(jq .release.tag_name < "${GITHUB_EVENT_PATH}" | sed -e 's/"//g') UPLOAD_URL=$(jq .release.upload_url < "${GITHUB_EVENT_PATH}" | sed -e 's/"//g' | cut -d "{" -f 1) +CERT_FILE="${HOME}/developer_id_certificate.p12" RELEASES="arm64-darwin-sb amd64-linux-sb amd64-darwin-sb" upload_file() { NAME=$1 - zip "${NAME}.zip" "${NAME}" + if [ "${NAME}" = "amd64-linux-sb" ]; then + zip "${NAME}.zip" "${NAME}" + NAME="${NAME}.zip" + else + NAME="${NAME}.dmg" + fi + curl -H "Accept: application/vnd.github.v3+json" \ -H "Authorization: Bearer ${GITHUB_TOKEN}" \ -H "Content-Type: application/zip" \ - --data-binary "@${NAME}.zip" \ - "${UPLOAD_URL}?name=${NAME}.zip" + --data-binary "@${NAME}" \ + "${UPLOAD_URL}?name=${NAME}" } +setup_keychain() { + echo "${APPLE_DEVELOPER_CERTIFICATE_P12_BASE64}" | base64 --decode > "${CERT_FILE}" + EPHEMERAL_KEYCHAIN="ci-ephemeral-keychain" + EPHEMERAL_KEYCHAIN_PASSWORD="$(openssl rand -base64 100)" + security create-keychain -p "${EPHEMERAL_KEYCHAIN_PASSWORD}" "${EPHEMERAL_KEYCHAIN}" + EPHEMERAL_KEYCHAIN_FULL_PATH="${HOME}/Library/Keychains/${EPHEMERAL_KEYCHAIN}-db" + security import "${CERT_FILE}" -k "${EPHEMERAL_KEYCHAIN_FULL_PATH}" -P "${APPLE_DEVELOPER_CERTIFICATE_PASSWORD}" -T "$(command -v codesign)" + security set-key-partition-list -S "apple-tool:,apple:" -s -k "${EPHEMERAL_KEYCHAIN_PASSWORD}" "${EPHEMERAL_KEYCHAIN_FULL_PATH}" + security default-keychain -d "user" -s "${EPHEMERAL_KEYCHAIN_FULL_PATH}" +} + +sign() { + PLATFORM=$1 + gon -log-json -log-level=info "./${PLATFORM}-gon-config.json" +} + +setup_keychain +brew tap mitchellh/gon +brew install mitchellh/gon/gon + for PLATFORM in ${RELEASES}; do GOOS=$(echo "${PLATFORM}" | cut -d - -f 2) \ GOARCH=$(echo "${PLATFORM}" | cut -d - -f 1) \ go build -o "${PLATFORM}" -a -ldflags="-X 'sb/cmd.AppVersion=${GIT_TAG}'" + if [ "${PLATFORM}" != "amd64-linux-sb" ]; then + sign "${PLATFORM}" + fi + if [ "${UPLOAD_URL}" != null ]; then upload_file "${PLATFORM}" fi