Update build_exe.yml #78
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Build Executables | ||
|
Check failure on line 1 in .github/workflows/build_exe.yml
|
||
| on: | ||
| workflow_call: | ||
| secrets: | ||
| APPLE_DEV_EMAIL: | ||
| APP_SPEC_PASS: | ||
| DEV_APP_CERT: | ||
| DEV_APP_CERT_PASS: | ||
| DEV_INST_CERT: | ||
| DEV_INST_CERT_PASS: | ||
| APPLE_KEY_PASS: | ||
| APPLE_APP_CERT_ID: | ||
| APPLE_INST_CERT_ID: | ||
| TEAM_ID: | ||
| inputs: | ||
| is_release: | ||
| default: false | ||
| description: 'Is this a release?' | ||
| type: boolean | ||
| required: false | ||
| jobs: | ||
| build: | ||
| strategy: | ||
| matrix: | ||
| include: | ||
| - platform_name: Windows | ||
| artifact_name: windows | ||
| os: windows-2022 | ||
| version_command: icacls "VERSION" /grant Everyone:F /T /C /Q | ||
| move_command: move dist\mangotango.exe dist\mangotango_windows.exe | ||
| sha_command: pwsh -c "Get-FileHash -Algorithm SHA1 dist\mangotango_windows.exe | Format-Table Hash -HideTableHeaders > dist\mangotango_windows.exe.sha1" | ||
| list_command: dir dist | ||
| check_command: dist\mangotango_windows.exe --noop | ||
| - platform_name: MacOS (x86) | ||
| artifact_name: macos-x86 | ||
| os: macos-13 | ||
| move_command: mv dist/mangotango dist/mangotango_macos-x86 | ||
| sha_command: shasum -a 1 dist/mangotango_macos-x86 > dist/mangotango_macos-x86.sha1 | ||
| sha_command_pkg: shasum -a 1 dist/mangotango_macos-x86.pkg > dist/mangotango_macos-x86.pkg.sha1 | ||
| list_command: ls -ll dist | ||
| check_command: dist/mangotango_macos-x86 --noop | ||
| - platform_name: MacOS (arm64) | ||
| artifact_name: macos-arm64 | ||
| os: macos-15 | ||
| move_command: mv dist/mangotango dist/mangotango_macos-arm64 | ||
| sha_command: shasum -a 1 dist/mangotango_macos-arm64 > dist/mangotango_macos-arm64.sha1 | ||
| sha_command_pkg: shasum -a 1 dist/mangotango_macos-arm64.pkg > dist/mangotango_macos-arm64.pkg.sha1 | ||
| list_command: ls -ll dist | ||
| check_command: dist/mangotango_macos-arm64 --noop | ||
| name: Build ${{ matrix.platform_name }} | ||
| runs-on: ${{ matrix.os }} | ||
| steps: | ||
| - name: Checkout code | ||
| uses: actions/checkout@v4 | ||
| - name: Set up Python | ||
| uses: actions/setup-python@v4 | ||
| with: | ||
| python-version: 3.12 | ||
| cache: 'pip' | ||
| cache-dependency-path: '**/requirements*.txt' | ||
| - name: Install dependencies | ||
| run: | | ||
| python -m pip install --upgrade pip | ||
| pip install -r requirements.txt | ||
| - name: Install PyInstaller | ||
| run: | | ||
| pip install pyinstaller | ||
| echo "PYINST_BIN=\"$(which pyinstaller)\"" >> "$GITHUB_ENV" | ||
| - name: Create macOS keychain | ||
| id: keychain | ||
| if: runner.os == 'macOS' && inputs.is_release | ||
| env: | ||
| APPLE_DEV_EMAIL: ${{secrets.APPLE_DEV_EMAIL}} | ||
| APP_SPEC_PASS: ${{secrets.APP_SPEC_PASS}} | ||
| APPLE_APP_CERTIFICATE: ${{secrets.DEV_APP_CERT}} | ||
| APPLE_APP_CERT_PASSWORD: ${{secrets.DEV_APP_CERT_PASS}} | ||
| APPLE_INST_CERTIFICATE: ${{secrets.DEV_INST_CERT}} | ||
| APPLE_INST_CERT_PASSWORD: ${{secrets.DEV_INST_CERT_PASS}} | ||
| APPLE_KEYCHAIN_PASS: ${{secrets.APPLE_KEY_PASS}} | ||
| run: | | ||
| echo "$APPLE_APP_CERTIFICATE" | base64 --decode > app_certificate.p12 | ||
| echo "$APPLE_INST_CERTIFICATE" | base64 --decode > inst_certificate.p12 | ||
| security create-keychain -p $APPLE_KEYCHAIN_PASS build.keychain | ||
| security default-keychain -s build.keychain | ||
| security set-keychain-settings -lut 21600 build.keychain | ||
| security unlock-keychain -p $APPLE_KEYCHAIN_PASS build.keychain | ||
| security import app_certificate.p12 -k build.keychain -P $APPLE_APP_CERT_PASSWORD -A | ||
| security import inst_certificate.p12 \ | ||
| -k build.keychain \ | ||
| -P "$APPLE_INST_CERT_PASSWORD" \ | ||
| -A | ||
| security set-key-partition-list -S apple-tool:,apple:,codesign: -s -k $APPLE_KEYCHAIN_PASS build.keychain | ||
| security find-identity -v -p codesigning -p macappstore | ||
| - name: Print version string (for tag) | ||
| id: get_version_tag | ||
| if: ${{ github.ref_type == 'tag' }} | ||
| run: | | ||
| python -c "with open('VERSION', 'w', encoding='utf-8') as f: f.write('${{ github.ref_name }}')" | ||
| - name: Print version string (for branch) | ||
| id: get_version_branch | ||
| if: ${{ github.ref_type != 'tag' }} | ||
| run: | | ||
| python -c "with open('VERSION', 'w', encoding='utf-8') as f: f.write('${{ github.ref_name }}-${{ github.sha }}')" | ||
| - name: Modify version string permission | ||
| if: ${{ matrix.version_command }} | ||
| run: ${{ matrix.version_command }} | ||
| - name: Build the executable | ||
| env: | ||
| APPLE_APP_CERT_ID: ${{ inputs.is_release && secrets.APPLE_APP_CERT_ID || "" }} | ||
| run: pyinstaller pyinstaller.spec | ||
| - name: Rename the executable to include platform suffix | ||
| run: ${{ matrix.move_command }} | ||
| - name: Compute the SHA1 hashsum | ||
| run: ${{ matrix.sha_command }} | ||
| - name: Create and sign mac package | ||
| if: runner.os == 'macOS' && inputs.is_release | ||
| env: | ||
| APPLE_INST_CERT_ID: ${{secrets.APPLE_INST_CERT_ID}} | ||
| APPLE_KEYCHAIN_PASS: ${{secrets.APPLE_KEY_PASS}} | ||
| run: | | ||
| mkdir -p /tmp/mangotango/ | ||
| ditto dist/mangotango_${{matrix.artifact_name}} /tmp/mangotango/mangotango | ||
| chmod +x /tmp/mangotango/mangotango | ||
| security unlock-keychain -p $APPLE_KEYCHAIN_PASS build.keychain | ||
| security set-key-partition-list -S apple-tool:,apple:,codesign: -s -k "$APPLE_KEYCHAIN_PASS" build.keychain | ||
| security find-identity -v -p codesigning build.keychain | ||
| pkgbuild --identifier "org.mangotango.cli" --timestamp --root /tmp/mangotango --install-location /Applications "./dist/mangotango_${{matrix.artifact_name}}_signed.pkg" --sign "$APPLE_INST_CERT_ID" | ||
| - name: Notarize Mac package | ||
| if: runner.os == 'macOS' && inputs.is_release | ||
| env: | ||
| APPLE_DEV_EMAIL: ${{secrets.APPLE_DEV_EMAIL}} | ||
| APPLE_TEAM_ID: ${{secrets.TEAM_ID}} | ||
| APP_SPEC_PASS: ${{secrets.APP_SPEC_PASS}} | ||
| run: xcrun notarytool submit dist/mangotango_${{matrix.artifact_name}}_signed.pkg --apple-id $APPLE_DEV_EMAIL --team-id $APPLE_TEAM_ID --password $APP_SPEC_PASS --wait | ||
| - name: Staple the notarization ticket | ||
| if: runner.os == 'macOS' && inputs.is_release | ||
| run: xcrun stapler staple dist/mangotango_${{matrix.artifact_name}}_signed.pkg | ||
| - name: Clean up macOS Artifacts | ||
| if: runner.os == 'macOS' && inputs.is_release | ||
| run: | | ||
| rm -rf /tmp/mangotango | ||
| rm -rf dist/mangotango_${{matrix.artifact_name}} | ||
| rm -rf dist/mangotango_${{matrix.artifact_name}}.pkg | ||
| mv dist/mangotango_${{matrix.artifact_name}}_signed.pkg dist/mangotango_${{matrix.artifact_name}}.pkg | ||
| - name: Compute the SHA1 hashsum for macOS .pkg | ||
| if: runner.os == 'macOS' && inputs.is_release | ||
| run: ${{ matrix.sha_command_pkg }} | ||
| - name: Inspect the dist/ directory before uploading artifacts | ||
| run: ${{ matrix.list_command }} | ||
| - name: Upload artifacts | ||
| uses: actions/upload-artifact@v4 | ||
| if: inputs.is_release | ||
| with: | ||
| name: ${{ matrix.artifact_name }} | ||
| path: | | ||
| dist/* | ||
