diff --git a/.github/workflows/draft_new_release.yml b/.github/workflows/draft_new_release.yml new file mode 100644 index 0000000..386203d --- /dev/null +++ b/.github/workflows/draft_new_release.yml @@ -0,0 +1,91 @@ +name: Draft New Release +on: workflow_dispatch +jobs: + build: + name: Draft New Release + runs-on: macos-13 + env: + APPLE_DEVELOPER_ID_APPLICATION_CERTIFICATE: ${{ secrets.APPLE_DEVELOPER_ID_APPLICATION_CERTIFICATE }} + APPLE_DEVELOPER_ID_APPLICATION_CERTIFICATE_PASSWORD: ${{ secrets.APPLE_DEVELOPER_ID_APPLICATION_CERTIFICATE_PASSWORD }} + APPLE_DEVELOPER_ID_APPLICATION_SIGNING_IDENTITY: "Developer ID Application: Nindi Gill (7K3HVCLV7Z)" + APPLE_DEVELOPER_ID_INSTALLER_CERTIFICATE: ${{ secrets.APPLE_DEVELOPER_ID_INSTALLER_CERTIFICATE }} + APPLE_DEVELOPER_ID_INSTALLER_CERTIFICATE_PASSWORD: ${{ secrets.APPLE_DEVELOPER_ID_INSTALLER_CERTIFICATE_PASSWORD }} + APPLE_DEVELOPER_ID_INSTALLER_SIGNING_IDENTITY: "Developer ID Installer: Nindi Gill (7K3HVCLV7Z)" + APPLE_DEVELOPER_CERTIFICATE_AUTHORITY: ${{ secrets.APPLE_DEVELOPER_CERTIFICATE_AUTHORITY }} + APPLE_DEVELOPER_KEYCHAIN_PASSWORD: ${{ secrets.APPLE_DEVELOPER_KEYCHAIN_PASSWORD }} + APPLE_DEVELOPER_APPLE_ID: ${{ secrets.APPLE_DEVELOPER_APPLE_ID }} + APPLE_DEVELOPER_APPLE_ID_PASSWORD: ${{ secrets.APPLE_DEVELOPER_APPLE_ID_PASSWORD }} + APPLE_DEVELOPER_TEAM_ID: "7K3HVCLV7Z" + KEYCHAIN_FILE: "apple-developer.keychain-db" + steps: + - uses: actions/checkout@v3 + - uses: swift-actions/setup-swift@v1 + - name: Install Apple Developer ID Certificates + run: | + APPLE_DEVELOPER_ID_APPLICATION_CERTIFICATE_PATH="$RUNNER_TEMP/apple-developer-id-application-certificate.p12" + APPLE_DEVELOPER_ID_INSTALLER_CERTIFICATE_PATH="$RUNNER_TEMP/apple-developer-id-installer-certificate.p12" + APPLE_DEVELOPER_CERTIFICATE_AUTHORITY_PATH="$RUNNER_TEMP/apple-developer-certificate-authority.cer" + echo -n "$APPLE_DEVELOPER_ID_APPLICATION_CERTIFICATE" | base64 --decode -i - -o "$APPLE_DEVELOPER_ID_APPLICATION_CERTIFICATE_PATH" + echo -n "$APPLE_DEVELOPER_ID_INSTALLER_CERTIFICATE" | base64 --decode -i - -o "$APPLE_DEVELOPER_ID_INSTALLER_CERTIFICATE_PATH" + echo -n "$APPLE_DEVELOPER_CERTIFICATE_AUTHORITY" | base64 --decode -i - -o "$APPLE_DEVELOPER_CERTIFICATE_AUTHORITY_PATH" + security create-keychain -p "$APPLE_DEVELOPER_KEYCHAIN_PASSWORD" "$RUNNER_TEMP/$KEYCHAIN_FILE" + security set-keychain-settings -lut 21600 "$RUNNER_TEMP/$KEYCHAIN_FILE" + security unlock-keychain -p "$APPLE_DEVELOPER_KEYCHAIN_PASSWORD" "$RUNNER_TEMP/$KEYCHAIN_FILE" + security import "$APPLE_DEVELOPER_ID_APPLICATION_CERTIFICATE_PATH" -P "$APPLE_DEVELOPER_ID_APPLICATION_CERTIFICATE_PASSWORD" -A -t cert -f pkcs12 -k "$RUNNER_TEMP/$KEYCHAIN_FILE" + security import "$APPLE_DEVELOPER_ID_INSTALLER_CERTIFICATE_PATH" -P "$APPLE_DEVELOPER_ID_INSTALLER_CERTIFICATE_PASSWORD" -A -t cert -f pkcs12 -k "$RUNNER_TEMP/$KEYCHAIN_FILE" + security import "$APPLE_DEVELOPER_CERTIFICATE_AUTHORITY_PATH" -P "$APPLE_DEVELOPER_CERTIFICATE_PASSWORD" -A -t cert -f pkcs7 -k "$RUNNER_TEMP/$KEYCHAIN_FILE" + security list-keychain -d user -s "$RUNNER_TEMP/$KEYCHAIN_FILE" + - name: Archive Mist + run: xcodebuild -scheme Mist clean archive -configuration release -archivePath Mist -quiet + - name: Export Mist + run: xcodebuild -exportArchive -archivePath Mist.xcarchive -exportPath Export -exportOptionsPlist ExportOptions.plist + - name: Notarize Mist + run: | + ditto -c -k --keepParent "Export/Mist.app" "Export/Mist.zip" + xcrun notarytool submit "Export/Mist.zip" --apple-id "$APPLE_DEVELOPER_APPLE_ID" --password "$APPLE_DEVELOPER_APPLE_ID_PASSWORD" --team-id "$APPLE_DEVELOPER_TEAM_ID" --wait + xcrun stapler staple "Export/Mist.app" + - name: Determine Exported App Version + run: echo "APP_VERSION=$(defaults read "Export/Mist.app/Contents/Info.plist" CFBundleShortVersionString)" >> "$GITHUB_ENV" + - name: Create Disk Image + run: | + DISK_IMAGE_IDENTIFIER="com.ninxsoft.dmg.mist" + DISK_IMAGE_TEMP="$RUNNER_TEMP/$DISK_IMAGE_IDENTIFIER" + DISK_IMAGE_FILENAME="Mist.${{ env.APP_VERSION }}.dmg" + echo "DISK_IMAGE_FILENAME=$DISK_IMAGE_FILENAME" >> "$GITHUB_ENV" + mkdir -p "$DISK_IMAGE_TEMP" + ditto "Export/Mist.app" "$DISK_IMAGE_TEMP/Applications/Mist.app" + hdiutil create -fs "HFS+" -srcFolder "$DISK_IMAGE_TEMP" -volname "Mist" + - name: Notarize Disk Image + run: | + xcrun notarytool submit "${{ env.DISK_IMAGE_FILENAME }}" --apple-id "$APPLE_DEVELOPER_APPLE_ID" --password "$APPLE_DEVELOPER_APPLE_ID_PASSWORD" --team-id "$APPLE_DEVELOPER_TEAM_ID" --wait + xcrun stapler staple "${{ env.DISK_IMAGE_FILENAME }}" + - name: Create Package + run: | + PACKAGE_IDENTIFIER="com.ninxsoft.pkg.mist" + PACKAGE_TEMP="$RUNNER_TEMP/$PACKAGE_IDENTIFIER" + PACKAGE_FILENAME="Mist.${{ env.APP_VERSION }}.pkg" + echo "PACKAGE_FILENAME=$PACKAGE_FILENAME" >> "$GITHUB_ENV" + mkdir -p "$PACKAGE_TEMP/Applications" + ditto "Export/Mist.app" "$PACKAGE_TEMP/Applications/Mist.app" + pkgbuild --root "$PACKAGE_TEMP" \ + --identifier "$PACKAGE_IDENTIFIER" \ + --version "${{ env.APP_VERSION }}" \ + --min-os-version "12.0" \ + --sign "$APPLE_DEVELOPER_ID_INSTALLER_SIGNING_IDENTITY" \ + "$PACKAGE_FILENAME" + - name: Notarize Package + run: | + xcrun notarytool submit "${{ env.PACKAGE_FILENAME }}" --apple-id "$APPLE_DEVELOPER_APPLE_ID" --password "$APPLE_DEVELOPER_APPLE_ID_PASSWORD" --team-id "$APPLE_DEVELOPER_TEAM_ID" --wait + xcrun stapler staple "${{ env.PACKAGE_FILENAME }}" + - name: Draft New Release + uses: softprops/action-gh-release@v1 + with: + name: "${{ env.APP_VERSION }}" + tag_name: "v${{ env.APP_VERSION }}" + draft: true + files: | + "${{ env.DISK_IMAGE_FILENAME }}" + "${{ env.PACKAGE_FILENAME }}" + - name: Remove Apple Developer Keychain + if: ${{ always() }} + run: security delete-keychain $RUNNER_TEMP/apple-developer.keychain-db