Update site templates #297
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: insider | |
| on: | |
| push: | |
| tags: [ insider* ] | |
| jobs: | |
| insider: | |
| runs-on: self-hosted | |
| timeout-minutes: 120 | |
| strategy: | |
| matrix: | |
| run-config: | |
| - { scheme: 'Planet', destination: 'platform=macOS'} | |
| steps: | |
| - name: Checkout Repository | |
| uses: actions/checkout@v3 | |
| with: | |
| lfs: true | |
| - name: Checkout LFS objects | |
| run: git lfs pull | |
| - name: Set insider SUFeedURL | |
| run: /usr/libexec/PlistBuddy -c "Set :SUFeedURL https://opensource.planetable.xyz/planet-insider/appcast.xml" Planet/Info.plist | |
| - name: Set WalletConnectV2 Project ID | |
| run: /usr/libexec/PlistBuddy -c "Set :WALLETCONNECTV2_PROJECT_ID ${{ secrets.WALLETCONNECTV2_PROJECT_ID }}" Planet/Info.plist | |
| - name: Set Etherscan API token | |
| run: /usr/libexec/PlistBuddy -c "Set :ETHERSCAN_API_TOKEN ${{ secrets.ETHERSCAN_API_TOKEN }}" Planet/Info.plist | |
| - name: Set insider icon | |
| run: /usr/bin/sed -i '' 's/AppIcon/AppIcon-Insider/g' Planet/Release.xcconfig | |
| - name: Fix Package Dependencies | |
| run: xcodebuild -resolvePackageDependencies -onlyUsePackageVersionsFromResolvedFile | |
| - name: Show Build Version | |
| run: xcodebuild -version | |
| - name: Show Build Settings | |
| run: xcodebuild -showBuildSettings | |
| - name: Show Build SDK | |
| run: xcodebuild -showsdks | |
| - name: Show Available Destinations | |
| env: | |
| scheme: ${{ matrix.run-config['scheme'] }} | |
| run: xcodebuild -scheme ${scheme} -showdestinations | |
| - name: Set ENV | |
| run: echo "RELEASE_VERSION=${GITHUB_REF#refs/*/}" >> $GITHUB_ENV | |
| - name: Install the Apple certificate | |
| env: | |
| BUILD_CERTIFICATE_BASE64: ${{ secrets.BUILD_CERTIFICATE_BASE64 }} | |
| P12_PASSWORD: ${{ secrets.P12_PASSWORD }} | |
| KEYCHAIN_PASSWORD: ${{ secrets.KEYCHAIN_PASSWORD }} | |
| run: | | |
| # create variables | |
| CERTIFICATE_PATH=$RUNNER_TEMP/build_certificate.p12 | |
| KEYCHAIN_PATH=$RUNNER_TEMP/app-signing.keychain-db | |
| # import certificate from secrets | |
| echo -n "$BUILD_CERTIFICATE_BASE64" | base64 -d -o $CERTIFICATE_PATH | |
| # create temporary keychain | |
| security create-keychain -p "$KEYCHAIN_PASSWORD" $KEYCHAIN_PATH | |
| security set-keychain-settings -lut 21600 $KEYCHAIN_PATH | |
| security unlock-keychain -p "$KEYCHAIN_PASSWORD" $KEYCHAIN_PATH | |
| # import certificate to keychain | |
| security import $CERTIFICATE_PATH -P "$P12_PASSWORD" -A -t cert -f pkcs12 -k $KEYCHAIN_PATH | |
| security list-keychain -d user -s $KEYCHAIN_PATH | |
| - name: Build | |
| env: | |
| scheme: ${{ matrix.run-config['scheme'] }} | |
| run: | | |
| xcodebuild archive -scheme ${scheme} -archivePath archive/Planet.xcarchive -showBuildTimingSummary -allowProvisioningUpdates | |
| - name: Prepare for Codesign | |
| run: | | |
| mkdir to-be-signed | |
| ditto archive/Planet.xcarchive/Products/Applications/Planet.app to-be-signed/Planet-Insider.app | |
| - name: Codesign with Developer ID | |
| run: | | |
| xcrun codesign --options runtime --deep --force --verbose --timestamp --sign "Developer ID Application: ${{ secrets.DEVELOPER_NAME }}" to-be-signed/Planet-Insider.app/Contents/Frameworks/Sparkle.framework/Versions/B/XPCServices/Installer.xpc | |
| xcrun codesign --options runtime --deep --force --verbose --timestamp --sign "Developer ID Application: ${{ secrets.DEVELOPER_NAME }}" to-be-signed/Planet-Insider.app/Contents/Frameworks/Sparkle.framework/Versions/B/XPCServices/Downloader.xpc | |
| xcrun codesign --options runtime --deep --force --verbose --timestamp --sign "Developer ID Application: ${{ secrets.DEVELOPER_NAME }}" to-be-signed/Planet-Insider.app/Contents/Frameworks/Sparkle.framework/Versions/B/Autoupdate | |
| xcrun codesign --options runtime --deep --force --verbose --timestamp --sign "Developer ID Application: ${{ secrets.DEVELOPER_NAME }}" to-be-signed/Planet-Insider.app/Contents/Frameworks/Sparkle.framework/Versions/B/Sparkle | |
| xcrun codesign --options runtime --deep --force --verbose --timestamp --sign "Developer ID Application: ${{ secrets.DEVELOPER_NAME }}" to-be-signed/Planet-Insider.app/Contents/Frameworks/Sparkle.framework/Versions/B/Updater.app | |
| xcrun codesign --options runtime --deep --force --verbose --timestamp --sign "Developer ID Application: ${{ secrets.DEVELOPER_NAME }}" to-be-signed/Planet-Insider.app/Contents/Frameworks/Sparkle.framework | |
| xcrun codesign --options runtime --deep --force --verbose --timestamp --sign "Developer ID Application: ${{ secrets.DEVELOPER_NAME }}" to-be-signed/Planet-Insider.app/Contents/Frameworks/CodeMirror-SwiftUI.framework | |
| - name: Clean Junk Files | |
| run: | | |
| find to-be-signed/Planet-Insider.app -name '._*' -delete | |
| - name: Prepare for Notarization | |
| run: | | |
| ditto -c -k --keepParent --sequesterRsrc to-be-signed/Planet-Insider.app Planet-Insider.zip | |
| - name: Submit for Notarization | |
| run: | | |
| xcrun notarytool submit Planet-Insider.zip --apple-id ${{ secrets.NOTARIZE_USERNAME }} --password ${{ secrets.NOTARIZE_PASSWORD }} --team-id ${{ secrets.TEAM_ID }} --wait --timeout 30m --verbose | |
| - name: Staple | |
| run: | | |
| xcrun stapler staple -v to-be-signed/Planet-Insider.app | |
| - name: Clean Junk Files Before Release | |
| run: | | |
| find to-be-signed/Planet-Insider.app -name '._*' -delete | |
| - name: Generate Planet-Insider.zip | |
| run: | | |
| ditto -c -k --keepParent --sequesterRsrc to-be-signed/Planet-Insider.app Planet-Insider.zip | |
| - name: Generate Planet-Insider.zip.dSYM.zip | |
| run: | | |
| ditto -c -k --keepParent --sequesterRsrc archive/Planet.xcarchive/dSYMs/Planet.app.dSYM Planet-Insider.app.dSYM.zip | |
| - name: Release App | |
| uses: softprops/action-gh-release@v1 | |
| with: | |
| prerelease: true | |
| files: | | |
| Planet-Insider.zip | |
| Planet-Insider.app.dSYM.zip | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Upload to DigitalOcean Spaces | |
| uses: BetaHuhn/do-spaces-action@v2 | |
| with: | |
| access_key: ${{ secrets.DO_ACCESS_KEY }} | |
| secret_key: ${{ secrets.DO_SECRET_KEY }} | |
| space_name: ${{ secrets.DO_SPACE_NAME }} | |
| space_region: ${{ secrets.DO_SPACE_REGION }} | |
| source: Planet-Insider.zip | |
| out_dir: planet-insider/${{ env.RELEASE_VERSION }} | |
| - name: Prepare for Sparkle Appcast | |
| env: | |
| WORKPLACE: ${{ github.workspace }} | |
| run: | | |
| mkdir -p Release | |
| cp Planet-Insider.zip Release/ | |
| ${{ secrets.SPARKLE_GENERATE_INSIDER }} $WORKPLACE/Release ${{ env.RELEASE_VERSION }} | |
| - name: Upload Sparkle Appcast | |
| uses: BetaHuhn/do-spaces-action@v2 | |
| with: | |
| access_key: ${{ secrets.DO_ACCESS_KEY }} | |
| secret_key: ${{ secrets.DO_SECRET_KEY }} | |
| space_name: ${{ secrets.DO_SPACE_NAME }} | |
| space_region: ${{ secrets.DO_SPACE_REGION }} | |
| source: Release/appcast.xml | |
| out_dir: planet-insider | |
| - name: Purge CDN Cache (appcast.xml file only) | |
| run: | | |
| curl -X DELETE -H "Content-Type: application/json" -H "Authorization: Bearer ${{ secrets.DO_PLATFORM_TOKEN }}" -d '{"files": ["planet-insider/appcast.xml"]}' "https://api.digitalocean.com/v2/cdn/endpoints/${{ secrets.DO_CDN_ENDPOINT_ID }}/cache" | |
| - name: Cleanup Keychain | |
| if: ${{ always() }} | |
| run: | | |
| security delete-keychain $RUNNER_TEMP/app-signing.keychain-db |