Publish cli wallet #6
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Publish cli wallet | |
on: workflow_dispatch | |
env: | |
CARGO_INCREMENTAL: 0 | |
jobs: | |
create-release: | |
runs-on: ubuntu-latest | |
outputs: | |
RELEASE_UPLOAD_URL: ${{ steps.create_release.outputs.upload_url }} | |
steps: | |
- uses: actions/checkout@v3 | |
- name: set version env variable | |
run: echo "CRATE_VERSION=$(cat cli/Cargo.toml | sed -n 's/.*version = "\([^"]*\)".*/\1/p' | head -1)" >> $GITHUB_ENV | |
- name: create release | |
id: create_release | |
uses: actions/[email protected] | |
env: | |
GITHUB_TOKEN: ${{ secrets.CUSTOM_GITHUB_TOKEN }} | |
with: | |
tag_name: "cli-wallet-v${{ env.CRATE_VERSION }}" | |
release_name: "cli-wallet-v${{ env.CRATE_VERSION }}" | |
body: | | |
https://github.com/iotaledger/iota-sdk/blob/develop/cli/CHANGELOG.md | |
|Asset|SHA-256 checksum| | |
|---|---| | |
|wallet-linux|| | |
|wallet-macos|| | |
|wallet-windows.exe|| | |
draft: false | |
prerelease: false | |
create-and-upload-assets: | |
needs: create-release | |
runs-on: ${{ matrix.os }} | |
timeout-minutes: 90 | |
strategy: | |
fail-fast: false | |
matrix: | |
os: [ubuntu-latest] | |
include: | |
- os: ubuntu-latest | |
identifier: linux | |
ext: "" | |
steps: | |
- uses: actions/checkout@v3 | |
- name: Set up Rust | |
uses: ./.github/actions/setup-rust | |
- name: Install required packages (Ubuntu) | |
if: matrix.os == 'ubuntu-latest' | |
run: | | |
sudo apt-get update | |
sudo apt-get install libudev-dev libusb-1.0-0-dev | |
- name: Install gon (macOS) | |
# Fork of https://github.com/mitchellh/gon | |
# https://github.com/Bearer/gon | |
# Since we're dealing with code signing secrets we want to pin the version of gon | |
run: | | |
wget https://raw.githubusercontent.com/Bearer/homebrew-tap/366bc999e14a8d04e07e24f9387bcbaf89c1bc53/Formula/gon.rb | |
brew install --formula gon.rb | |
rm gon.rb | |
if: matrix.os == 'macos-latest' | |
- name: Install LLVM and Clang (Windows) # required for bindgen to work, see https://github.com/rust-lang/rust-bindgen/issues/1797 | |
uses: KyleMayes/install-llvm-action@c135b3937686fd69c2651507aabc9925a8f9eee8 | |
if: matrix.os == 'windows-latest' | |
with: | |
version: "11.0" | |
directory: ${{ runner.temp }}/llvm | |
- name: Set LIBCLANG_PATH (Windows) | |
run: echo "LIBCLANG_PATH=$((gcm clang).source -replace "clang.exe")" >> $env:GITHUB_ENV | |
if: matrix.os == 'windows-latest' | |
# build the CLI | |
- name: Build | |
run: cargo build --manifest-path ./cli/Cargo.toml --profile production | |
- name: Import code signing assets (macOS) | |
# Based on https://github.com/Apple-Actions/import-codesign-certs/blob/master/src/security.ts | |
run: | | |
security create-keychain -p $KEYCHAIN_PASSWORD signing.keychain | |
security set-keychain-settings -lut 3600 signing.keychain | |
security unlock-keychain -p $KEYCHAIN_PASSWORD signing.keychain | |
echo $MAC_CERT_BASE64 | base64 -D -o signing.p12 | |
security import signing.p12 -k signing.keychain -f pkcs12 -T "/usr/bin/codesign" -T "/usr/bin/security" -P $MAC_CERT_PASSWORD | |
rm signing.p12 | |
security -q set-key-partition-list -S apple-tool:,apple: -k $KEYCHAIN_PASSWORD signing.keychain > /dev/null | |
security -v list-keychains -s signing.keychain | |
security find-identity -vp codesigning | |
env: | |
KEYCHAIN_PASSWORD: ${{ secrets.KEYCHAIN_PASSWORD }} | |
MAC_CERT_BASE64: ${{ secrets.MAC_CERT_BASE64 }} | |
MAC_CERT_PASSWORD: ${{ secrets.MAC_CERT_PASSWORD }} | |
if: matrix.os == 'macos-latest' | |
- name: Sign and notarize Wallet CLI binary (macOS) | |
working-directory: cli | |
run: | | |
gon gon-config.json | |
unzip wallet.zip | |
mv -f wallet ../target/production/wallet | |
env: | |
AC_USERNAME: ${{ secrets.ASC_APPLE_ID }} | |
AC_PASSWORD: ${{ secrets.ASC_PASSWORD }} | |
if: matrix.os == 'macos-latest' | |
- name: Delete keychain (macOS) | |
run: security delete-keychain signing.keychain | |
# Run even if previous steps fail | |
if: ${{ matrix.os == 'macos-latest' && always() }} | |
# Computes SHA-256 checksum | |
- name: SHA-256 checksum | |
run: shasum -a 256 "./target/production/wallet${{ matrix.ext }}" | |
# upload binary to the GH release | |
- name: upload release asset | |
id: upload-release-asset | |
uses: actions/[email protected] | |
env: | |
GITHUB_TOKEN: ${{ secrets.CUSTOM_GITHUB_TOKEN }} | |
with: | |
upload_url: ${{ needs.create-release.outputs.RELEASE_UPLOAD_URL }} | |
asset_path: ${{ format('./target/production/wallet{0}', matrix.ext ) }} | |
asset_name: ${{ format('wallet-{0}{1}', matrix.identifier, matrix.ext ) }} | |
asset_content_type: application/octet-stream |