Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Release Executables for macOS | |
| on: | |
| push: | |
| tags: | |
| - "v*" | |
| workflow_dispatch: | |
| jobs: | |
| mac-build: | |
| runs-on: macos-latest | |
| permissions: | |
| contents: write | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - uses: oven-sh/setup-bun@v2 | |
| with: | |
| bun-version: latest | |
| - name: Install dependencies | |
| run: bun install | |
| - name: Build macOS executables | |
| run: | | |
| bun run build:mac | |
| bun run build:mac-intel | |
| - name: Create App Bundle | |
| env: | |
| MACOS_CF_BUNDLE_IDENTIFIER: ${{ secrets.MACOS_CF_BUNDLE_IDENTIFIER }} | |
| run: | | |
| mkdir -p dist/macos/Morphaweb.app/Contents/MacOS | |
| cp -r assets/macos/ dist/macos/ | |
| cp dist/morphaweb-mac-arm64 dist/macos/Morphaweb.app/Contents/MacOS/Morphaweb | |
| cat <<EOF > dist/macos/Morphaweb.app/Contents/Info.plist | |
| <?xml version="1.0" encoding="UTF-8"?> | |
| <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> | |
| <plist version="1.0"> | |
| <dict> | |
| <key>CFBundleExecutable</key> | |
| <string>Morphaweb</string> | |
| <key>CFBundleIdentifier</key> | |
| <string>${MACOS_CF_BUNDLE_IDENTIFIER}</string> | |
| <key>CFBundleName</key> | |
| <string>Morphaweb</string> | |
| <key>CFBundlePackageType</key> | |
| <string>APPL</string> | |
| <key>LSMinimumSystemVersion</key> | |
| <string>11.0</string> | |
| </dict> | |
| </plist> | |
| EOF | |
| - name: Import signing certificate | |
| env: | |
| MACOS_CERT_P12: ${{ secrets.MACOS_CERT_P12 }} | |
| MACOS_CERT_PASSWORD: ${{ secrets.MACOS_CERT_PASSWORD }} | |
| run: | | |
| echo "$MACOS_CERT_P12" | base64 --decode > cert.p12 | |
| security create-keychain -p "" build.keychain | |
| security default-keychain -s build.keychain | |
| security unlock-keychain -p "" build.keychain | |
| security import cert.p12 \ | |
| -k build.keychain \ | |
| -P "$MACOS_CERT_PASSWORD" \ | |
| -T /usr/bin/codesign | |
| security set-keychain-settings -lut 21600 build.keychain | |
| security list-keychains -d user -s build.keychain $(security list-keychains -d user | xargs) | |
| security set-key-partition-list \ | |
| -S apple-tool:,apple: \ | |
| -s -k "" build.keychain | |
| - name: Codesign binaries | |
| env: | |
| MACOS_CERT_IDENTITY_ID: ${{ secrets.MACOS_CERT_IDENTITY_ID }} | |
| run: | | |
| codesign --force --options runtime --deep \ | |
| --sign "$MACOS_CERT_IDENTITY_ID" \ | |
| dist/macos/Morphaweb.app | |
| #codesign --force --options runtime \ | |
| #--sign "$MACOS_CERT_IDENTITY_ID" \ | |
| #morphaweb-mac-x64 | |
| - name: Verify signature | |
| run: | | |
| codesign --verify --deep --strict --verbose=2 dist/macos/Morphaweb.app | |
| #codesign --verify --deep --strict --verbose=2 morphaweb-mac-x64 | |
| - name: Zip macOS binaries | |
| run: | | |
| zip -r morphaweb-mac-arm64.zip dist/macos/Morphaweb.app | |
| #zip -r morphaweb-mac-x64.zip morphaweb-mac-x64 | |
| - name: Notarize | |
| env: | |
| APPLE_ID: ${{ secrets.APPLE_ID }} | |
| APPLE_APP_PASSWORD: ${{ secrets.APPLE_APP_PASSWORD }} | |
| APPLE_TEAM_ID: ${{ secrets.APPLE_TEAM_ID }} | |
| run: | | |
| xcrun notarytool submit morphaweb-mac-arm64.zip \ | |
| --apple-id "$APPLE_ID" \ | |
| --password "$APPLE_APP_PASSWORD" \ | |
| --team-id "$APPLE_TEAM_ID" \ | |
| --wait | |
| #xcrun notarytool submit morphaweb-mac-x64.zip \ | |
| # --apple-id "$APPLE_ID" \ | |
| # --password "$APPLE_APP_PASSWORD" \ | |
| # --team-id "$APPLE_TEAM_ID" \ | |
| # --wait | |
| sleep 20 | |
| xcrun stapler staple dist/macos/Morphaweb.app | |
| #xcrun stapler staple morphaweb-mac-x64 | |
| - name: Release | |
| uses: softprops/action-gh-release@v2 | |
| with: | |
| files: | | |
| dist/macos/Morphaweb.app |