Merge branch 'apple-code-signing-and-notarization' #798

Workflow file for this run

.github/workflows/publish.yaml at 6b88012

	name: Publish
	on:
	push:
	tags:
	- 'v*'
	workflow_dispatch:

	jobs:
	# TODO: Rework publish-binaries with a generic reusable action
	publish-binaries:
	uses: devantler-tech/.github/.github/workflows/dotnet-application-publish.yaml@main
	secrets: inherit

	# TODO: Remove old publish-binaries once the new one is working
	publish-binaries-old:
	name: Publish binaries
	runs-on: macos-latest
	env:
	APPLE_TEAM_ID: F2NXL88V7B
	steps:
	- name: Generate GitHub App Token
	uses: actions/create-github-app-token@v1
	id: app-token
	with:
	app-id: ${{ vars.APP_ID }}
	private-key: ${{ secrets.APP_PRIVATE_KEY }}
	- name: 📑 Checkout
	uses: actions/checkout@v4
	- name: ⚙️ Setup Homebrew
	uses: Homebrew/actions/setup-homebrew@master
	- name: ⚙️ Setup .NET
	uses: actions/[email protected]
	with:
	dotnet-version: 9
	- name: 📦 Publish
	run: \|
	version=$(echo "${{ github.ref_name }}" \| sed -e 's/v//')

	dotnet publish -c Release -r osx-x64 src/KSail/KSail.csproj /p:Version=$version
	mv src/KSail/bin/Release/net9.0/osx-x64/publish/ksail ksail-darwin-amd64

	dotnet publish -c Release -r osx-arm64 src/KSail/KSail.csproj /p:Version=$version
	mv src/KSail/bin/Release/net9.0/osx-arm64/publish/ksail ksail-darwin-arm64

	dotnet publish -c Release -r linux-x64 src/KSail/KSail.csproj /p:Version=$version
	mv src/KSail/bin/Release/net9.0/linux-x64/publish/ksail ksail-linux-amd64

	dotnet publish -c Release -r linux-arm64 src/KSail/KSail.csproj /p:Version=$version
	mv src/KSail/bin/Release/net9.0/linux-arm64/publish/ksail ksail-linux-arm64
	# https://docs.github.com/en/actions/use-cases-and-examples/deploying/installing-an-apple-certificate-on-macos-runners-for-xcode-development#creating-secrets-for-your-certificate-and-provisioning-profile
	- name: 🔐 Sign binary (ksail-darwin-amd64)
	uses: lando/code-sign-action@v3
	with:
	file: ksail-darwin-amd64
	certificate-id: ${{ env.APPLE_TEAM_ID }}
	certificate-data: ${{ secrets.APPLE_CERT_P12_BASE64 }}
	certificate-password: ${{ secrets.APPLE_CERT_P12_PASSWORD }}
	apple-notary-user: ${{ secrets.APPLE_NOTARY_USER }}
	apple-notary-password: ${{ secrets.APPLE_NOTARY_PASSWORD }}
	apple-notary-tool: altool
	apple-product-id: dev.lando.code-sign-action
	options: --options runtime --entitlements entitlements.xml
	- name: 🔐 Sign binary (ksail-darwin-arm64)
	uses: lando/code-sign-action@v3
	with:
	file: ksail-darwin-arm64
	certificate-id: ${{ env.APPLE_TEAM_ID }}
	certificate-data: ${{ secrets.APPLE_CERT_P12_BASE64 }}
	certificate-password: ${{ secrets.APPLE_CERT_P12_PASSWORD }}
	apple-notary-user: ${{ secrets.APPLE_NOTARY_USER }}
	apple-notary-password: ${{ secrets.APPLE_NOTARY_PASSWORD }}
	apple-notary-tool: altool
	apple-product-id: dev.lando.code-sign-action
	options: --options runtime --entitlements entitlements.xml
	- name: 🔐 Sign binary (ksail-linux-amd64)
	uses: lando/code-sign-action@v3
	with:
	file: ksail-linux-amd64
	certificate-id: ${{ env.APPLE_TEAM_ID }}
	certificate-data: ${{ secrets.APPLE_CERT_P12_BASE64 }}
	certificate-password: ${{ secrets.APPLE_CERT_P12_PASSWORD }}
	apple-notary-user: ${{ secrets.APPLE_NOTARY_USER }}
	apple-notary-password: ${{ secrets.APPLE_NOTARY_PASSWORD }}
	apple-notary-tool: altool
	apple-product-id: dev.lando.code-sign-action
	options: --options runtime --entitlements entitlements.xml
	- name: 🔐 Sign binary (ksail-linux-arm64)
	uses: lando/code-sign-action@v3
	with:
	file: ksail-linux-arm64
	certificate-id: ${{ env.APPLE_TEAM_ID }}
	certificate-data: ${{ secrets.APPLE_CERT_P12_BASE64 }}
	certificate-password: ${{ secrets.APPLE_CERT_P12_PASSWORD }}
	apple-notary-user: ${{ secrets.APPLE_NOTARY_USER }}
	apple-notary-password: ${{ secrets.APPLE_NOTARY_PASSWORD }}
	apple-notary-tool: altool
	apple-product-id: dev.lando.code-sign-action
	options: --options runtime --entitlements entitlements.xml
	- name: 📦 Tar binaries
	run: tar -czf ksail.tar.gz ksail-darwin-amd64 ksail-darwin-arm64 ksail-linux-amd64 ksail-linux-arm64 ksail-windows-amd64.exe
	- name: 🎉 Release
	uses: softprops/action-gh-release@v2
	with:
	files: \|
	ksail-darwin-amd64
	ksail-darwin-arm64
	ksail-linux-amd64
	ksail-linux-arm64
	ksail.tar.gz
	token: ${{ steps.app-token.outputs.token }}
	- name: 🍺 Brew tap formulas
	run: brew tap devantler-tech/formulas
	- name: 🍺 Brew bump formulas
	run: \|
	brew bump --no-fork --open-pr --formulae ksail
	env:
	HOMEBREW_GITHUB_API_TOKEN: ${{ secrets.HOMEBREW_GITHUB_API_TOKEN }}
	# - name: 🍺 Brew bump core formulas
	# uses: Homebrew/actions/bump-packages@master
	# with:
	# token: ${{ steps.app-token.outputs.token }}
	# formulae: \|
	# ksail

	# TODO: Rework docker publish with a generic reusable action
	publish-images:
	uses: devantler-tech/.github/.github/workflows/image-publish.yaml@main
	secrets: inherit

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Merge branch 'apple-code-signing-and-notarization' #798

Workflow file

Merge branch 'apple-code-signing-and-notarization' #798

Jobs

Run details

Workflow file for this run