Pro Release #12

Workflow file for this run

.github/workflows/pro-release.yaml at 1a3fa4a

	name: Pro Release

	on:
	push:
	tags:
	- '*v'
	workflow_run:
	workflows:
	- 'Pro Bump'
	types:
	- completed

	permissions:
	contents: write

	env:
	TAG: ${{ github.sha }}
	appcast: ''
	Identity: ''
	SCHEME: GitOK
	DESTINATION: 'generic/platform=macOS'
	ArchivePath: './myapp'
	BuildPath: './temp'
	BUILD_CERTIFICATE_BASE64: ${{ secrets.BUILD_CERTIFICATE_BASE64 }}

	jobs:
	build_with_signing:
	runs-on: macos-latest
	steps:
	- name: Checkout repository
	uses: actions/checkout@v4
	with:
	ref: main
	- name: 读取版本号
	run: \|
	# 读取配置文件路径
	projectFile=$(find $(pwd) ! -path "Resources" -type f -name "*.pbxproj" \| head -n 1)

	# 读取文件中的版本号
	version=$(grep -o 'MARKETING_VERSION = [^"]*' $projectFile \| head -n 1 \| grep -o '[0-9]\+\.[0-9]\+\.[0-9]\+')

	echo "版本号->$version"

	build=$(agvtool what-version -terse)

	echo "TAG=v$version" >> $GITHUB_ENV
	# https://docs.github.com/zh/actions/deployment/deploying-xcode-applications/installing-an-apple-certificate-on-macos-runners-for-xcode-development
	- name: Install the Apple certificate and provisioning profile
	env:
	P12_PASSWORD: ${{ secrets.BUILD_CERTIFICATE_P12_PASSWORD }}
	BUILD_PROVISION_PROFILE_BASE64: ${{ secrets.BUILD_PROVISION_PROFILE_BASE64_GITOK_MACOS }}
	KEYCHAIN_PASSWORD: 'xxx'
	run: \|
	# create variables
	CERTIFICATE_PATH=$RUNNER_TEMP/build_certificate.p12
	PP_PATH=$RUNNER_TEMP/build_pp.provisionprofile
	KEYCHAIN_PATH=$RUNNER_TEMP/app-signing.keychain-db

	# import certificate and provisioning profile from secrets
	echo -n "${{ env.BUILD_CERTIFICATE_BASE64 }}" \| base64 --decode -o $CERTIFICATE_PATH
	echo -n "$BUILD_PROVISION_PROFILE_BASE64" \| base64 --decode -o $PP_PATH

	# create temporary keychain
	security create-keychain -p "$KEYCHAIN_PASSWORD" $KEYCHAIN_PATH
	security set-keychain-settings -lut 21600 $KEYCHAIN_PATH
	security unlock-keychain -p "$KEYCHAIN_PASSWORD" $KEYCHAIN_PATH

	# import certificate to keychain
	security import $CERTIFICATE_PATH -P "$P12_PASSWORD" -A -t cert -f pkcs12 -k $KEYCHAIN_PATH
	security list-keychain -d user -s $KEYCHAIN_PATH

	# apply provisioning profile
	mkdir -p ~/Library/MobileDevice/Provisioning\ Profiles
	cp $PP_PATH ~/Library/MobileDevice/Provisioning\ Profiles
	- name: 生成 App Store Connect API 的 AuthKey
	run: \|
	mkdir -p ./private_keys
	echo -n "${{ secrets.APP_STORE_CONNECT_KEY_BASE64 }}" \| base64 --decode -o ./private_keys/AuthKey_${{ secrets.APP_STORE_CONNECT_KEY_ID }}.p8
	- run: security find-identity -v
	# Build
	- name: Build
	run: xcodebuild -scheme ${{ env.SCHEME }} -configuration Release -derivedDataPath ${{ env.BuildPath }} clean build

	- name: find identity
	run: \|
	i=$(security find-identity -v -p codesigning \| grep '^[[:space:]]*1)' \| awk -F'[(\|)]' '{print $3}')
	echo "Identity=$i" >> $GITHUB_ENV

	# Codesign sparkle
	- name: Codesign sparkle
	run: \|
	codesign -f -s ${{ env.Identity }} -o runtime temp/Build/Products/Release/${{ env.SCHEME }}.app/Contents/Frameworks/Sparkle.framework/Versions/B/XPCServices/Installer.xpc
	codesign -f -s ${{ env.Identity }} -o runtime --preserve-metadata=entitlements temp/Build/Products/Release/${{ env.SCHEME }}.app/Contents/Frameworks/Sparkle.framework/Versions/B/XPCServices/Downloader.xpc
	codesign -f -s ${{ env.Identity }} -o runtime temp/Build/Products/Release/${{ env.SCHEME }}.app/Contents/Frameworks/Sparkle.framework/Versions/B/Autoupdate
	codesign -f -s ${{ env.Identity }} -o runtime temp/Build/Products/Release/${{ env.SCHEME }}.app/Contents/Frameworks/Sparkle.framework/Versions/B/Updater.app
	codesign -f -s ${{ env.Identity }} -o runtime temp/Build/Products/Release/${{ env.SCHEME }}.app/Contents/Frameworks/Sparkle.framework

	# Codesign
	- name: Codesign
	run: \|
	codesign --force -s ${{ env.Identity }} --option=runtime temp/Build/Products/Release/${{ env.SCHEME }}.app

	- name: Codesign Check
	run: codesign -dv temp/Build/Products/Release/${{ env.SCHEME }}.app

	- name: Codesign Check 2
	continue-on-error: true
	run: codesign -vvv --deep --strict temp/Build/Products/Release/${{ env.SCHEME }}.app

	- name: Create DMG
	run: \|
	npm i -g create-dmg
	create-dmg "temp/Build/Products/Release/${{ env.SCHEME }}.app"
	for file in *.dmg; do
	mv "$file" "${file// /-}"
	done
	ls -alh

	- name: Notary
	continue-on-error: true
	run: \|
	file=$(find . -maxdepth 1 -type f -name "*.dmg" \| head -n 1)
	xcrun notarytool submit "$file" \
	--key ./private_keys/AuthKey_${{ secrets.APP_STORE_CONNECT_KEY_ID }}.p8 \
	--key-id=${{ secrets.APP_STORE_CONNECT_KEY_ID }} \
	--issuer ${{ secrets.APP_STORE_CONNECT_KEY_ISSER_ID }} \
	--wait \
	--timeout 10m
	stapler staple "$file"

	# 如果出现错误，查询日志
	# xcrun notarytool log f66d58e3-d03a-4202-937e-5fca4e7cea83
	# --key ./private_keys/AuthKey_${{ secrets.APP_STORE_CONNECT_KEY_ID }}.p8 \
	# --key-id ${{ secrets.APP_STORE_CONNECT_KEY_ID }} \
	# --issuer ${{ secrets.APP_STORE_CONNECT_KEY_ISSER_ID }}
	- name: 公证结果
	continue-on-error: true
	run: \|
	file=$(find . -maxdepth 1 -type f -name "*.dmg" \| head -n 1)
	stapler validate "$file"
	# - name: Generate Changelog
	# run: echo ""> ${{ github.workspace }}-CHANGELOG.txt
	- name: Check
	run: \|
	ls -alh
	mkdir updates
	cp *.dmg updates/
	echo "the updates is in ${{ github.workspace }}/updates"
	ls -alh updates
	- name: generate appcast
	continue-on-error: true
	run: \|
	pwd
	xcodebuild -resolvePackageDependencies
	cd $(ls -d ~/Library/Developer/Xcode/DerivedData/${{ env.SCHEME }}*/ \| head -n 1)
	cd SourcePackages/artifacts/sparkle/Sparkle/bin
	echo "${{ secrets.SPARKLE_PRIVATE_KEY_GITOK }}" \| ./generate_appcast --ed-key-file - ${{ github.workspace }}/updates

	- name: make appcast.xml
	run: \|
	pwd
	cd updates

	# 获取第一个 dmg 文件的名字
	dmg_file=$(ls *.dmg 2>/dev/null \| head -n 1)

	echo $dmg_file

	# 使用 sed 替换 enclosure 中 url 的内容
	u="https://github.com/CofficLab/GitOK/releases/latest/download/$dmg_file"

	echo $u

	# 使用 sed 替换 enclosure 中的 url
	sed -i '' "s\|$enclosure url=\"$[^\"]*\|\1$u\|" "appcast.xml"

	mv appcast.xml ../appcast.xml
	- uses: softprops/action-gh-release@v2
	with:
	tag_name: ${{ env.TAG }}
	# body_path: ${{ github.workspace }}-CHANGELOG.txt
	prerelease: false
	files: \|
	./updates/*.dmg
	./appcast.xml

	- name: 推送到仓库
	uses: stefanzweifel/git-auto-commit-action@v4
	with:
	commit_message: '🎨 Update appcast.yml'
	commit_user_name: GitHub Action
	file_pattern: 'appcast.xml'

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Pro Release #12

Workflow file

Pro Release #12

Jobs

Run details

Workflow file for this run