Skip to content

⬆️ update dependencies #5

⬆️ update dependencies

⬆️ update dependencies #5

Workflow file for this run

name: Build package
on:
push:
tags:
- 'v[0-9]+.[0-9]+.[0-9]+*'
defaults:
run:
shell: bash
env:
PUB_ENVIRONMENT: bot.github
permissions: read-all
jobs:
publish:
name: "Build"
runs-on: macos-latest
environment: build
permissions:
contents: write
env:
GITHUB_REPOSITORY_URL: ${{ github.server_url }}/${{ github.repository }}
steps:
- uses: dart-lang/setup-dart@v1
with:
sdk: stable
- id: checkout
uses: actions/checkout@v4
- name: Compare version with ref/tag
if: startsWith(github.ref, 'refs/tags/')
id: compare_version_with_tag
run: |
set -e
VERSION=$(awk '/^version: / {print $2}' pubspec.yaml)
TAG=${GITHUB_REF_NAME#v}
if [[ "$VERSION" != "$TAG" ]]; then
echo "Version in pubspec.yaml ($VERSION) does not match tag ($TAG)"
exit 1
fi
echo "VERSION=$VERSION" >> $GITHUB_ENV
- name: Configure .env file
id: generate_env_file
env:
ALGOLIA_SEARCH_INDEX: ${{ vars.ALGOLIA_SEARCH_INDEX }}
ALGOLIA_APPLICATION_ID: ${{ vars.ALGOLIA_APPLICATION_ID }}
ALGOLIA_SEARCH_ONLY_API_KEY: ${{ vars.ALGOLIA_SEARCH_ONLY_API_KEY }}
run: |
set -e
mv .env.example .env
sed -i '' "s#APP_VERSION=.*#APP_VERSION=$VERSION#" .env
sed -i '' "s#GITHUB_REPOSITORY_URL=.*#GITHUB_REPOSITORY_URL=$GITHUB_REPOSITORY_URL#" .env
sed -i '' "s#ALGOLIA_SEARCH_INDEX=.*#ALGOLIA_SEARCH_INDEX=$ALGOLIA_SEARCH_INDEX#" .env
sed -i '' "s#ALGOLIA_APPLICATION_ID=.*#ALGOLIA_APPLICATION_ID=$ALGOLIA_APPLICATION_ID#" .env
sed -i '' "s#ALGOLIA_SEARCH_ONLY_API_KEY=.*#ALGOLIA_SEARCH_ONLY_API_KEY=$ALGOLIA_SEARCH_ONLY_API_KEY#" .env
- name: Configure the info.plist
id: info_plist
run: |
set -e
/usr/libexec/PlistBuddy -c "Set :version $VERSION" info.plist
/usr/libexec/PlistBuddy -c "Set :webaddress $GITHUB_REPOSITORY_URL" info.plist
- name: Install dependencies
id: install_dependencies
run: |
dart pub get
dart pub global activate -sgit https://github.com/techouse/dart_pubspec_licenses_lite
- name: Run Dart code generation
id: generate_code
run: dart run build_runner build --delete-conflicting-outputs
- name: Check formatting
run: dart format --output=none --set-exit-if-changed .
- name: Analyze
run: dart analyze --fatal-infos
- name: Build executable
id: build_executable
run: bash build.sh
- name: Install the Apple certificate
id: install_certificate
env:
BUILD_CERTIFICATE_BASE64: ${{ secrets.BUILD_CERTIFICATE_BASE64 }}
P12_PASSWORD: ${{ secrets.P12_PASSWORD }}
KEYCHAIN_PASSWORD: ${{ secrets.KEYCHAIN_PASSWORD }}
run: |
set -e
CERTIFICATE_PATH=$RUNNER_TEMP/build_certificate.p12
KEYCHAIN_PATH=$RUNNER_TEMP/app-signing.keychain-db
# import certificate
echo -n "$BUILD_CERTIFICATE_BASE64" | base64 --decode -o $CERTIFICATE_PATH
# create temporary keychain
security create-keychain -p "$KEYCHAIN_PASSWORD" $KEYCHAIN_PATH
security set-keychain-settings -lut 21600 $KEYCHAIN_PATH
security unlock-keychain -p "$KEYCHAIN_PASSWORD" $KEYCHAIN_PATH
# import certificate to keychain
security import $CERTIFICATE_PATH -P "$P12_PASSWORD" -A -t cert -f pkcs12 -k $KEYCHAIN_PATH
security list-keychain -d user -s $KEYCHAIN_PATH
- name: Sign executable
id: sign_executable
env:
BUILD_CERTIFICATE_SHA1: ${{ secrets.BUILD_CERTIFICATE_SHA1 }}
run: |
set -e
BUNDLE_ID=$(/usr/libexec/PlistBuddy -c 'print ":bundleid"' info.plist)
codesign \
--sign="$BUILD_CERTIFICATE_SHA1" \
--identifier="$BUNDLE_ID" \
--deep \
--force \
--options=runtime \
--entitlement="entitlements.plist" \
--timestamp \
build/dist/workflow
- name: Verify signature
id: verify_executable_signature
env:
TEAM_ID: ${{ secrets.TEAM_ID }}
run: |
set -e
if [[ $(codesign -dv build/dist/workflow 2>&1 | awk -F= '/TeamIdentifier/{print $2}') != "$TEAM_ID" ]]; then
echo "The TeamIdentifier in the signature does not match the signing TeamIdentifier."
exit 1
fi
- name: Package executable into ZIP archive
id: zip_executable
run: |
set -e
zip -j build/dist/workflow.zip build/dist/workflow
- name: Create notarytool Keychain profile
id: create_keychain_profile
env:
APPLE_ID: ${{ secrets.APPLE_ID }}
TEAM_ID: ${{ secrets.TEAM_ID }}
NOTARYTOOL_PASSWORD: ${{ secrets.NOTARYTOOL_PASSWORD }}
NOTARYTOOL_KEYCHAIN_PROFILE: ${{ vars.NOTARYTOOL_KEYCHAIN_PROFILE }}
run: |
set -e
xcrun notarytool \
store-credentials "$NOTARYTOOL_KEYCHAIN_PROFILE" \
--apple-id "$APPLE_ID" \
--team-id "$TEAM_ID" \
--password "$NOTARYTOOL_PASSWORD"
- name: Notarize executable
id: notarize_executable
env:
NOTARYTOOL_KEYCHAIN_PROFILE: ${{ vars.NOTARYTOOL_KEYCHAIN_PROFILE }}
run: |
set -e
xcrun notarytool \
submit ./build/dist/workflow.zip \
--keychain-profile "$NOTARYTOOL_KEYCHAIN_PROFILE" \
--wait
- name: Delete obsolete ZIP archive
id: delete_zip_archive
run: |
set -e
rm -rf ./build/dist/workflow.zip
- name: Create Alfred Workflow
id: create_alfred_workflow
env:
WORKFLOW_NAME: ${{ vars.WORKFLOW_NAME }}
working-directory: build/dist
run: |
set -e
find . -not -path "./*_cache*" -exec zip --symlinks "../${WORKFLOW_NAME}-v${VERSION}.alfredworkflow" {} +
echo "artifactPath=build/${WORKFLOW_NAME}-v${VERSION}.alfredworkflow" >> $GITHUB_ENV
- name: Release
id: release_workflow
uses: softprops/action-gh-release@v1
with:
files: ${{ env.artifactPath }}
- name: Clean up keychain and build directory
id: clean_up
if: ${{ always() }}
run: |
security delete-keychain $RUNNER_TEMP/app-signing.keychain-db
rm -rf $RUNNER_TEMP/build_certificate.p12
rm .env
rm -rf build