Create draft_new_release.yml

2025-05-18 17:25:21 -04:00 · 2023-06-22 23:39:26 +10:00 · 2023-06-22 23:39:26 +10:00 · e7637716f4
commit e7637716f4
parent eee557da8a
1 changed files with 91 additions and 0 deletions
--- a/.github/workflows/draft_new_release.yml
+++ b/.github/workflows/draft_new_release.yml
@ -0,0 +1,91 @@
+name: Draft New Release
+on: workflow_dispatch
+jobs:
+  build:
+    name: Draft New Release
+    runs-on: macos-13
+    env:
+      APPLE_DEVELOPER_ID_APPLICATION_CERTIFICATE: ${{ secrets.APPLE_DEVELOPER_ID_APPLICATION_CERTIFICATE }}
+      APPLE_DEVELOPER_ID_APPLICATION_CERTIFICATE_PASSWORD: ${{ secrets.APPLE_DEVELOPER_ID_APPLICATION_CERTIFICATE_PASSWORD }}
+      APPLE_DEVELOPER_ID_APPLICATION_SIGNING_IDENTITY: "Developer ID Application: Nindi Gill (7K3HVCLV7Z)"
+      APPLE_DEVELOPER_ID_INSTALLER_CERTIFICATE: ${{ secrets.APPLE_DEVELOPER_ID_INSTALLER_CERTIFICATE }}
+      APPLE_DEVELOPER_ID_INSTALLER_CERTIFICATE_PASSWORD: ${{ secrets.APPLE_DEVELOPER_ID_INSTALLER_CERTIFICATE_PASSWORD }}
+      APPLE_DEVELOPER_ID_INSTALLER_SIGNING_IDENTITY: "Developer ID Installer: Nindi Gill (7K3HVCLV7Z)"
+      APPLE_DEVELOPER_CERTIFICATE_AUTHORITY: ${{ secrets.APPLE_DEVELOPER_CERTIFICATE_AUTHORITY }}
+      APPLE_DEVELOPER_KEYCHAIN_PASSWORD: ${{ secrets.APPLE_DEVELOPER_KEYCHAIN_PASSWORD }}
+      APPLE_DEVELOPER_APPLE_ID: ${{ secrets.APPLE_DEVELOPER_APPLE_ID }}
+      APPLE_DEVELOPER_APPLE_ID_PASSWORD: ${{ secrets.APPLE_DEVELOPER_APPLE_ID_PASSWORD }}
+      APPLE_DEVELOPER_TEAM_ID: "7K3HVCLV7Z"
+      KEYCHAIN_FILE: "apple-developer.keychain-db"
+    steps:
+      - uses: actions/checkout@v3
+      - uses: swift-actions/setup-swift@v1
+      - name: Install Apple Developer ID Certificates
+        run: |
+          APPLE_DEVELOPER_ID_APPLICATION_CERTIFICATE_PATH="$RUNNER_TEMP/apple-developer-id-application-certificate.p12"
+          APPLE_DEVELOPER_ID_INSTALLER_CERTIFICATE_PATH="$RUNNER_TEMP/apple-developer-id-installer-certificate.p12"
+          APPLE_DEVELOPER_CERTIFICATE_AUTHORITY_PATH="$RUNNER_TEMP/apple-developer-certificate-authority.cer"
+          echo -n "$APPLE_DEVELOPER_ID_APPLICATION_CERTIFICATE" | base64 --decode -i - -o "$APPLE_DEVELOPER_ID_APPLICATION_CERTIFICATE_PATH"
+          echo -n "$APPLE_DEVELOPER_ID_INSTALLER_CERTIFICATE" | base64 --decode -i - -o "$APPLE_DEVELOPER_ID_INSTALLER_CERTIFICATE_PATH"
+          echo -n "$APPLE_DEVELOPER_CERTIFICATE_AUTHORITY" | base64 --decode -i - -o "$APPLE_DEVELOPER_CERTIFICATE_AUTHORITY_PATH"
+          security create-keychain -p "$APPLE_DEVELOPER_KEYCHAIN_PASSWORD" "$RUNNER_TEMP/$KEYCHAIN_FILE"
+          security set-keychain-settings -lut 21600 "$RUNNER_TEMP/$KEYCHAIN_FILE"
+          security unlock-keychain -p "$APPLE_DEVELOPER_KEYCHAIN_PASSWORD" "$RUNNER_TEMP/$KEYCHAIN_FILE"
+          security import "$APPLE_DEVELOPER_ID_APPLICATION_CERTIFICATE_PATH" -P "$APPLE_DEVELOPER_ID_APPLICATION_CERTIFICATE_PASSWORD" -A -t cert -f pkcs12 -k "$RUNNER_TEMP/$KEYCHAIN_FILE"
+          security import "$APPLE_DEVELOPER_ID_INSTALLER_CERTIFICATE_PATH" -P "$APPLE_DEVELOPER_ID_INSTALLER_CERTIFICATE_PASSWORD" -A -t cert -f pkcs12 -k "$RUNNER_TEMP/$KEYCHAIN_FILE"
+          security import "$APPLE_DEVELOPER_CERTIFICATE_AUTHORITY_PATH" -P "$APPLE_DEVELOPER_CERTIFICATE_PASSWORD" -A -t cert -f pkcs7 -k "$RUNNER_TEMP/$KEYCHAIN_FILE"
+          security list-keychain -d user -s "$RUNNER_TEMP/$KEYCHAIN_FILE"
+      - name: Archive Mist
+        run: xcodebuild -scheme Mist clean archive -configuration release -archivePath Mist -quiet
+      - name: Export Mist
+        run: xcodebuild -exportArchive -archivePath Mist.xcarchive -exportPath Export -exportOptionsPlist ExportOptions.plist
+      - name: Notarize Mist
+        run: |
+          ditto -c -k --keepParent "Export/Mist.app" "Export/Mist.zip"
+          xcrun notarytool submit "Export/Mist.zip" --apple-id "$APPLE_DEVELOPER_APPLE_ID" --password "$APPLE_DEVELOPER_APPLE_ID_PASSWORD" --team-id "$APPLE_DEVELOPER_TEAM_ID" --wait
+          xcrun stapler staple "Export/Mist.app"
+      - name: Determine Exported App Version
+        run: echo "APP_VERSION=$(defaults read "Export/Mist.app/Contents/Info.plist" CFBundleShortVersionString)" >> "$GITHUB_ENV"
+      - name: Create Disk Image
+        run: |
+          DISK_IMAGE_IDENTIFIER="com.ninxsoft.dmg.mist"
+          DISK_IMAGE_TEMP="$RUNNER_TEMP/$DISK_IMAGE_IDENTIFIER"
+          DISK_IMAGE_FILENAME="Mist.${{ env.APP_VERSION }}.dmg"
+          echo "DISK_IMAGE_FILENAME=$DISK_IMAGE_FILENAME" >> "$GITHUB_ENV"
+          mkdir -p "$DISK_IMAGE_TEMP"
+          ditto "Export/Mist.app" "$DISK_IMAGE_TEMP/Applications/Mist.app"
+          hdiutil create -fs "HFS+" -srcFolder "$DISK_IMAGE_TEMP" -volname "Mist"
+      - name: Notarize Disk Image
+        run: |
+          xcrun notarytool submit "${{ env.DISK_IMAGE_FILENAME }}" --apple-id "$APPLE_DEVELOPER_APPLE_ID" --password "$APPLE_DEVELOPER_APPLE_ID_PASSWORD" --team-id "$APPLE_DEVELOPER_TEAM_ID" --wait
+          xcrun stapler staple "${{ env.DISK_IMAGE_FILENAME }}"
+      - name: Create Package
+        run: |
+          PACKAGE_IDENTIFIER="com.ninxsoft.pkg.mist"
+          PACKAGE_TEMP="$RUNNER_TEMP/$PACKAGE_IDENTIFIER"
+          PACKAGE_FILENAME="Mist.${{ env.APP_VERSION }}.pkg"
+          echo "PACKAGE_FILENAME=$PACKAGE_FILENAME" >> "$GITHUB_ENV"
+          mkdir -p "$PACKAGE_TEMP/Applications"
+          ditto "Export/Mist.app" "$PACKAGE_TEMP/Applications/Mist.app"
+          pkgbuild --root "$PACKAGE_TEMP" \
+                   --identifier "$PACKAGE_IDENTIFIER" \
+                   --version "${{ env.APP_VERSION }}" \
+                   --min-os-version "12.0" \
+                   --sign "$APPLE_DEVELOPER_ID_INSTALLER_SIGNING_IDENTITY" \
+                   "$PACKAGE_FILENAME"
+      - name: Notarize Package
+        run: |
+          xcrun notarytool submit "${{ env.PACKAGE_FILENAME }}" --apple-id "$APPLE_DEVELOPER_APPLE_ID" --password "$APPLE_DEVELOPER_APPLE_ID_PASSWORD" --team-id "$APPLE_DEVELOPER_TEAM_ID" --wait
+          xcrun stapler staple "${{ env.PACKAGE_FILENAME }}"
+      - name: Draft New Release
+        uses: softprops/action-gh-release@v1
+        with:
+          name: "${{ env.APP_VERSION }}"
+          tag_name: "v${{ env.APP_VERSION }}"
+          draft: true
+          files: |
+            "${{ env.DISK_IMAGE_FILENAME }}"
+            "${{ env.PACKAGE_FILENAME }}"
+      - name: Remove Apple Developer Keychain
+        if: ${{ always() }}
+        run: security delete-keychain $RUNNER_TEMP/apple-developer.keychain-db