release.yml

name: Release

on:
  push:
    tags:
      - 'v*'

permissions:
  contents: write

jobs:
  build-and-release:
    runs-on: macos-14

    steps:
      - uses: actions/checkout@v4

      - name: Select Xcode
        run: sudo xcode-select -s /Applications/Xcode_16.2.app

      - name: Install tools
        run: brew install xcodegen create-dmg

      - name: Set version from tag
        run: |
          VERSION="${GITHUB_REF_NAME#v}"
          /usr/libexec/PlistBuddy -c "Set :CFBundleShortVersionString $VERSION" Echoic/Resources/Info.plist
          /usr/libexec/PlistBuddy -c "Set :CFBundleVersion ${{ github.run_number }}" Echoic/Resources/Info.plist

      - name: Generate Xcode project
        run: xcodegen generate

      - name: Import signing certificate
        env:
          CERTIFICATE_P12: ${{ secrets.CERTIFICATE_P12 }}
          CERTIFICATE_PASSWORD: ${{ secrets.CERTIFICATE_PASSWORD }}
        run: |
          KEYCHAIN_PATH=$RUNNER_TEMP/app-signing.keychain-db
          CERT_PATH=$RUNNER_TEMP/certificate.p12

          echo -n "$CERTIFICATE_P12" | base64 --decode -o "$CERT_PATH"

          security create-keychain -p "" "$KEYCHAIN_PATH"
          security set-keychain-settings -lut 21600 "$KEYCHAIN_PATH"
          security unlock-keychain -p "" "$KEYCHAIN_PATH"

          security import "$CERT_PATH" -P "$CERTIFICATE_PASSWORD" \
            -A -t cert -f pkcs12 -k "$KEYCHAIN_PATH"
          security set-key-partition-list -S apple-tool:,apple: \
            -k "" "$KEYCHAIN_PATH"
          security list-keychain -d user -s "$KEYCHAIN_PATH"

      - name: Build
        env:
          DEVELOPMENT_TEAM: ${{ secrets.DEVELOPMENT_TEAM }}
        run: |
          xcodebuild -scheme Echoic \
            -configuration Release \
            -destination 'platform=macOS,arch=arm64' \
            -archivePath build/Echoic.xcarchive \
            CODE_SIGN_STYLE=Manual \
            CODE_SIGN_IDENTITY="Developer ID Application" \
            DEVELOPMENT_TEAM="$DEVELOPMENT_TEAM" \
            archive

      - name: Export app
        run: |
          cat > build/ExportOptions.plist << 'PLIST'
          <?xml version="1.0" encoding="UTF-8"?>
          <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
          <plist version="1.0">
          <dict>
            <key>method</key>
            <string>developer-id</string>
          </dict>
          </plist>
          PLIST

          xcodebuild -exportArchive \
            -archivePath build/Echoic.xcarchive \
            -exportOptionsPlist build/ExportOptions.plist \
            -exportPath build/export

      - name: Create DMG
        run: |
          create-dmg \
            --volname "Echoic" \
            --window-pos 200 120 \
            --window-size 600 400 \
            --icon-size 100 \
            --icon "Echoic.app" 150 190 \
            --app-drop-link 450 190 \
            "build/Echoic-${GITHUB_REF_NAME}.dmg" \
            "build/export/Echoic.app"

      - name: Notarize DMG
        env:
          APPLE_ID: ${{ secrets.APPLE_ID }}
          APPLE_ID_PASSWORD: ${{ secrets.APPLE_ID_PASSWORD }}
          APPLE_TEAM_ID: ${{ secrets.DEVELOPMENT_TEAM }}
        run: |
          xcrun notarytool submit "build/Echoic-${GITHUB_REF_NAME}.dmg" \
            --apple-id "$APPLE_ID" \
            --password "$APPLE_ID_PASSWORD" \
            --team-id "$APPLE_TEAM_ID" \
            --wait

          xcrun stapler staple "build/Echoic-${GITHUB_REF_NAME}.dmg"

      - name: Create GitHub Release
        env:
          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
        run: |
          gh release create "$GITHUB_REF_NAME" \
            "build/Echoic-${GITHUB_REF_NAME}.dmg" \
            --title "Echoic ${GITHUB_REF_NAME}" \
            --generate-notes