Skip to content

Publish cli wallet

Publish cli wallet #6

Workflow file for this run

name: Publish cli wallet
on: workflow_dispatch
env:
CARGO_INCREMENTAL: 0
jobs:
create-release:
runs-on: ubuntu-latest
outputs:
RELEASE_UPLOAD_URL: ${{ steps.create_release.outputs.upload_url }}
steps:
- uses: actions/checkout@v3
- name: set version env variable
run: echo "CRATE_VERSION=$(cat cli/Cargo.toml | sed -n 's/.*version = "\([^"]*\)".*/\1/p' | head -1)" >> $GITHUB_ENV
- name: create release
id: create_release
uses: actions/[email protected]
env:
GITHUB_TOKEN: ${{ secrets.CUSTOM_GITHUB_TOKEN }}
with:
tag_name: "cli-wallet-v${{ env.CRATE_VERSION }}"
release_name: "cli-wallet-v${{ env.CRATE_VERSION }}"
body: |
https://github.com/iotaledger/iota-sdk/blob/develop/cli/CHANGELOG.md
|Asset|SHA-256 checksum|
|---|---|
|wallet-linux||
|wallet-macos||
|wallet-windows.exe||
draft: false
prerelease: false
create-and-upload-assets:
needs: create-release
runs-on: ${{ matrix.os }}
timeout-minutes: 90
strategy:
fail-fast: false
matrix:
os: [ubuntu-latest]
include:
- os: ubuntu-latest
identifier: linux
ext: ""
steps:
- uses: actions/checkout@v3
- name: Set up Rust
uses: ./.github/actions/setup-rust
- name: Install required packages (Ubuntu)
if: matrix.os == 'ubuntu-latest'
run: |
sudo apt-get update
sudo apt-get install libudev-dev libusb-1.0-0-dev
- name: Install gon (macOS)
# Fork of https://github.com/mitchellh/gon
# https://github.com/Bearer/gon
# Since we're dealing with code signing secrets we want to pin the version of gon
run: |
wget https://raw.githubusercontent.com/Bearer/homebrew-tap/366bc999e14a8d04e07e24f9387bcbaf89c1bc53/Formula/gon.rb
brew install --formula gon.rb
rm gon.rb
if: matrix.os == 'macos-latest'
- name: Install LLVM and Clang (Windows) # required for bindgen to work, see https://github.com/rust-lang/rust-bindgen/issues/1797
uses: KyleMayes/install-llvm-action@c135b3937686fd69c2651507aabc9925a8f9eee8
if: matrix.os == 'windows-latest'
with:
version: "11.0"
directory: ${{ runner.temp }}/llvm
- name: Set LIBCLANG_PATH (Windows)
run: echo "LIBCLANG_PATH=$((gcm clang).source -replace "clang.exe")" >> $env:GITHUB_ENV
if: matrix.os == 'windows-latest'
# build the CLI
- name: Build
run: cargo build --manifest-path ./cli/Cargo.toml --profile production
- name: Import code signing assets (macOS)
# Based on https://github.com/Apple-Actions/import-codesign-certs/blob/master/src/security.ts
run: |
security create-keychain -p $KEYCHAIN_PASSWORD signing.keychain
security set-keychain-settings -lut 3600 signing.keychain
security unlock-keychain -p $KEYCHAIN_PASSWORD signing.keychain
echo $MAC_CERT_BASE64 | base64 -D -o signing.p12
security import signing.p12 -k signing.keychain -f pkcs12 -T "/usr/bin/codesign" -T "/usr/bin/security" -P $MAC_CERT_PASSWORD
rm signing.p12
security -q set-key-partition-list -S apple-tool:,apple: -k $KEYCHAIN_PASSWORD signing.keychain > /dev/null
security -v list-keychains -s signing.keychain
security find-identity -vp codesigning
env:
KEYCHAIN_PASSWORD: ${{ secrets.KEYCHAIN_PASSWORD }}
MAC_CERT_BASE64: ${{ secrets.MAC_CERT_BASE64 }}
MAC_CERT_PASSWORD: ${{ secrets.MAC_CERT_PASSWORD }}
if: matrix.os == 'macos-latest'
- name: Sign and notarize Wallet CLI binary (macOS)
working-directory: cli
run: |
gon gon-config.json
unzip wallet.zip
mv -f wallet ../target/production/wallet
env:
AC_USERNAME: ${{ secrets.ASC_APPLE_ID }}
AC_PASSWORD: ${{ secrets.ASC_PASSWORD }}
if: matrix.os == 'macos-latest'
- name: Delete keychain (macOS)
run: security delete-keychain signing.keychain
# Run even if previous steps fail
if: ${{ matrix.os == 'macos-latest' && always() }}
# Computes SHA-256 checksum
- name: SHA-256 checksum
run: shasum -a 256 "./target/production/wallet${{ matrix.ext }}"
# upload binary to the GH release
- name: upload release asset
id: upload-release-asset
uses: actions/[email protected]
env:
GITHUB_TOKEN: ${{ secrets.CUSTOM_GITHUB_TOKEN }}
with:
upload_url: ${{ needs.create-release.outputs.RELEASE_UPLOAD_URL }}
asset_path: ${{ format('./target/production/wallet{0}', matrix.ext ) }}
asset_name: ${{ format('wallet-{0}{1}', matrix.identifier, matrix.ext ) }}
asset_content_type: application/octet-stream