fix: enhance notarization process by capturing logs and adding step ID #805
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Publish | |
| on: | |
| push: | |
| tags: | |
| - 'v*' | |
| workflow_dispatch: | |
| jobs: | |
| # TODO: Rework publish-binaries with a generic reusable action | |
| publish-binaries: | |
| uses: devantler-tech/.github/.github/workflows/dotnet-application-publish.yaml@main | |
| secrets: inherit | |
| # TODO: Remove old publish-binaries once the new one is working | |
| publish-binaries-old: | |
| name: Publish binaries | |
| runs-on: macos-latest | |
| env: | |
| APPLE_TEAM_ID: F2NXL88V7B | |
| steps: | |
| - name: Generate GitHub App Token | |
| uses: actions/create-github-app-token@v1 | |
| id: app-token | |
| with: | |
| app-id: ${{ vars.APP_ID }} | |
| private-key: ${{ secrets.APP_PRIVATE_KEY }} | |
| - name: π Checkout | |
| uses: actions/checkout@v4 | |
| - name: βοΈ Setup Homebrew | |
| uses: Homebrew/actions/setup-homebrew@master | |
| - name: βοΈ Setup .NET | |
| uses: actions/[email protected] | |
| with: | |
| dotnet-version: 9 | |
| - name: π¦ Publish | |
| run: | | |
| version=$(echo "${{ github.ref_name }}" | sed -e 's/v//') | |
| dotnet publish -c Release -r osx-x64 src/KSail/KSail.csproj /p:Version=$version | |
| mv src/KSail/bin/Release/net9.0/osx-x64/publish/ksail ksail-darwin-amd64 | |
| dotnet publish -c Release -r osx-arm64 src/KSail/KSail.csproj /p:Version=$version | |
| mv src/KSail/bin/Release/net9.0/osx-arm64/publish/ksail ksail-darwin-arm64 | |
| dotnet publish -c Release -r linux-x64 src/KSail/KSail.csproj /p:Version=$version | |
| mv src/KSail/bin/Release/net9.0/linux-x64/publish/ksail ksail-linux-amd64 | |
| dotnet publish -c Release -r linux-arm64 src/KSail/KSail.csproj /p:Version=$version | |
| mv src/KSail/bin/Release/net9.0/linux-arm64/publish/ksail ksail-linux-arm64 | |
| # https://docs.github.com/en/actions/use-cases-and-examples/deploying/installing-an-apple-certificate-on-macos-runners-for-xcode-development#creating-secrets-for-your-certificate-and-provisioning-profile | |
| - name: π Add Cert to Keychain | |
| uses: apple-actions/import-codesign-certs@v3 | |
| id: import-codesign-certs | |
| with: | |
| p12-file-base64: ${{ secrets.APPLE_CERT_P12_BASE64 }} | |
| p12-password: ${{ secrets.APPLE_CERT_P12_PASSWORD }} | |
| - name: π Sign | |
| env: | |
| APPLE_CERT_NAME: "Apple Distribution: Nikolai Emil Damm (F2NXL88V7B)" | |
| run: | | |
| codesign --timestamp --sign "${{ env.APPLE_CERT_NAME }}" ksail-darwin-amd64 --options=runtime --no-strict --entitlements entitlements.xml -f | |
| codesign --timestamp --sign "${{ env.APPLE_CERT_NAME }}" ksail-darwin-arm64 --options=runtime --no-strict --entitlements entitlements.xml -f | |
| codesign --timestamp --sign "${{ env.APPLE_CERT_NAME }}" ksail-linux-amd64 --options=runtime --no-strict --entitlements entitlements.xml -f | |
| codesign --timestamp --sign "${{ env.APPLE_CERT_NAME }}" ksail-linux-arm64 --options=runtime --no-strict --entitlements entitlements.xml -f | |
| - name: π Notarize | |
| run: | | |
| echo "Create keychain profile" | |
| xcrun notarytool store-credentials "notarytool-profile" --apple-id ${{ secrets.APPLE_NOTARY_USER }} --team-id F2NXL88V7B --password ${{ secrets.APPLE_NOTARY_PASSWORD }} | |
| echo "Creating temp notarization archive" | |
| zip -r notarization.zip ksail-darwin-amd64 ksail-darwin-arm64 | |
| echo "Notarize app and retrieve logs" | |
| id=$(xcrun notarytool submit "notarization.zip" --keychain-profile "notarytool-profile" --wait | grep 'id:' | awk '{print $2}') | |
| echo "$id" | |
| xcrun notarytool log $id --keychain-profile "notarytool-profile" developer_log.json | |
| cat developer_log.json | |
| - name: π¦ Tar binaries | |
| run: tar -czf ksail.tar.gz ksail-darwin-amd64 ksail-darwin-arm64 ksail-linux-amd64 ksail-linux-arm64 | |
| - name: π Release | |
| uses: softprops/action-gh-release@v2 | |
| with: | |
| files: | | |
| ksail-darwin-amd64 | |
| ksail-darwin-arm64 | |
| ksail-linux-amd64 | |
| ksail-linux-arm64 | |
| ksail.tar.gz | |
| token: ${{ steps.app-token.outputs.token }} | |
| - name: πΊ Brew tap formulas | |
| run: brew tap devantler-tech/formulas | |
| - name: πΊ Brew bump formulas | |
| run: | | |
| brew bump --no-fork --open-pr --formulae ksail | |
| env: | |
| HOMEBREW_GITHUB_API_TOKEN: ${{ secrets.HOMEBREW_GITHUB_API_TOKEN }} | |
| # - name: πΊ Brew bump core formulas | |
| # uses: Homebrew/actions/bump-packages@master | |
| # with: | |
| # token: ${{ steps.app-token.outputs.token }} | |
| # formulae: | | |
| # ksail | |
| # TODO: Rework docker publish with a generic reusable action | |
| publish-images: | |
| uses: devantler-tech/.github/.github/workflows/image-publish.yaml@main | |
| secrets: inherit |