-
Notifications
You must be signed in to change notification settings - Fork 63
76 lines (69 loc) · 2.89 KB
/
build-macosx-amd64.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
name: build-macosx-amd64
on:
workflow_dispatch:
inputs:
repo:
description: 'Git repository to clone'
required: true
default: 'https://bitbucket.org/chromiumembedded/java-cef.git'
ref:
description: 'Git commit id to checkout'
required: true
default: 'master'
jobs:
build-macosx-amd64:
runs-on: macos-12
steps:
- uses: actions/checkout@v3
-
name: Setup environment
run: |
chmod +x scripts/install_macos_dependencies.sh
./scripts/install_macos_dependencies.sh
- name: Set up Java
uses: actions/setup-java@v3
with:
java-version: '8'
distribution: 'adopt'
- uses: actions/setup-python@v5
with:
python-version: '3.10.11'
- name: Install Apple certificate
env:
BUILD_CERTIFICATE_BASE64: ${{ secrets.APPLE_BUILD_CERTIFICATE_BASE64 }}
P12_PASSWORD: ${{ secrets.APPLE_P12_PASSWORD }}
KEYCHAIN_PASSWORD: ${{ secrets.APPLE_KEYCHAIN_PASSWORD }}
APPLE_API_KEY_BASE64: ${{ secrets.APPLE_API_KEY_BASE64 }}
APPLE_API_KEY_NAME: ${{ secrets.APPLE_API_KEY_NAME }}
run: |
# create variables
CERTIFICATE_PATH=$RUNNER_TEMP/build_certificate.p12
KEYCHAIN_PATH=$RUNNER_TEMP/app-signing.keychain-db
# import certificate from secrets
echo -n "$BUILD_CERTIFICATE_BASE64" | base64 --decode --output $CERTIFICATE_PATH
# create temporary keychain
security create-keychain -p "$KEYCHAIN_PASSWORD" $KEYCHAIN_PATH
security set-keychain-settings -lut 21600 $KEYCHAIN_PATH
security unlock-keychain -p "$KEYCHAIN_PASSWORD" $KEYCHAIN_PATH
# import certificate to keychain
security import $CERTIFICATE_PATH -P "$P12_PASSWORD" -A -t cert -f pkcs12 -k $KEYCHAIN_PATH -T /usr/bin/codesign
security list-keychain -d user -s $KEYCHAIN_PATH
# import api key from secrets
mkdir "${HOME}/private_keys"
echo -n "$APPLE_API_KEY_BASE64" | base64 --decode --output "${HOME}/private_keys/AuthKey_$APPLE_API_KEY_NAME.p8"
-
name: Build
run: |
chmod +x compile_macosx.sh
./compile_macosx.sh amd64 Release ${{ github.event.inputs.repo }} ${{ github.event.inputs.ref }} "${{ secrets.APPLE_BUILD_CERTIFICATE_NAME }}" ${{ secrets.APPLE_TEAM_NAME }} ${{ secrets.APPLE_API_KEY_ID }} "${HOME}/private_keys/AuthKey_${{ secrets.APPLE_API_KEY_NAME }}.p8" ${{ secrets.APPLE_API_KEY_ISSUER }}
- name: Clean up keychain
if: ${{ always() }}
run: |
security delete-keychain $RUNNER_TEMP/app-signing.keychain-db
rm -rf "${HOME}/private_keys"
-
name: Export artifacts
uses: actions/upload-artifact@v3
with:
name: macosx-amd64.tar.gz
path: out/binary_distrib.tar.gz