@@ -164,6 +164,11 @@ runs:
164164 cache : ${{ inputs.build-cache }}
165165 cache-dependency-path : ' go.sum'
166166 go-version : ${{ inputs.go-version }}
167+ - name : Pull NSIS
168+ if : runner.os == 'Windows'
169+ run : |
170+ winget install NSIS.NSIS --silent --accept-package-agreements --accept-source-agreements
171+ shell : bash
167172 - name : Install Garble
168173 if : inputs.build-obfuscate == 'true'
169174 run : go install mvdan.cc/garble@latest
@@ -194,84 +199,16 @@ runs:
194199 - name : Build App
195200 if : inputs.build == 'true'
196201 working-directory : ${{ inputs.app-working-directory }}
197- run : OS=${{inputs.build-platform}} wails3 task build
198- shell : bash
199- - name : Add macOS perms
200- if : inputs.build == 'true' && runner.os == 'macOS'
201- working-directory : ${{ inputs.app-working-directory }}
202- run : chmod +x bin/ig-desktop
203- shell : bash
204- - name : Add Linux perms
205- if : inputs.build == 'true' && runner.os == 'Linux'
206- working-directory : ${{ inputs.app-working-directory }}
207- run : chmod +x bin/ig-desktop
202+ run : OS=${{inputs.build-platform}} PRODUCTION=true wails3 task package
208203 shell : bash
209- # Package and Sign MacOS
210- - name : Import Code-Signing Certificates for macOS
211- if : runner.os == 'macOS' && inputs.sign != 'false' && startsWith(github.ref, 'refs/tags/')
212- uses : Apple-Actions/import-codesign-certs@v1
213- with :
214- keychain-password : ${{ inputs.sign-macos-apple-password }}
215- p12-file-base64 : ${{ inputs.sign-macos-app-cert }}
216- p12-password : ${{ inputs.sign-macos-app-cert-password }}
217- - name : Import Code-Signing Certificates for macOS Installer
218- if : runner.os == 'macOS' && inputs.sign != 'false' && startsWith(github.ref, 'refs/tags/')
219- uses : Apple-Actions/import-codesign-certs@v1
220- with :
221- keychain-password : ${{ inputs.sign-macos-apple-password }}
222- p12-file-base64 : ${{ inputs.sign-macos-installer-cert }}
223- p12-password : ${{ inputs.sign-macos-installer-cert-password }}
224- create-keychain : false
225- - name : Sign our macOS binary
226- if : runner.os == 'macOS' && inputs.sign != 'false' && startsWith(github.ref, 'refs/tags/')
227- shell : bash
228- working-directory : ${{ inputs.app-working-directory }}
229- env :
230- APPLE_PASSWORD : ${{ inputs.sign-macos-apple-password }}
231- run : |
232- echo "Signing Package"
233- gon -log-level=info ./build/darwin/gon-sign.json
234204 - name : Build .app zip file
235205 if : runner.os == 'macOS'
236206 working-directory : ${{ inputs.app-working-directory }}
237207 shell : bash
238208 run : |
239- ditto -c -k --keepParent ${{ inputs.app-working-directory }}/build/bin/Inspektor\ Gadget\ Desktop.app ${{ inputs.app-working-directory }}/build/bin/${{inputs.build-name}}.app.zip
240- - name : Building Installer
241- if : runner.os == 'macOS' && inputs.sign != 'false' && inputs.sign-macos-installer-id != '' && startsWith(github.ref, 'refs/tags/')
242- shell : bash
243- working-directory : ${{ inputs.app-working-directory }}
244- run : |
245- productbuild --sign '${{inputs.sign-macos-installer-id}}' --component ${{ inputs.app-working-directory }}/build/bin/Inspektor\ Gadget\ Desktop.app /Applications ${{ inputs.app-working-directory }}/build/bin/${{inputs.build-name}}.pkg
246- - name : Building Installer
247- if : runner.os == 'macOS' && inputs.sign-macos-installer-id == '' && startsWith(github.ref, 'refs/tags/')
248- shell : bash
249- working-directory : ${{ inputs.app-working-directory }}
250- run : |
251- productbuild --component ${{ inputs.app-working-directory }}/build/bin/Inspektor\ Gadget\ Desktop.app /Applications ${{ inputs.app-working-directory }}/build/bin/${{inputs.build-name}}.pkg
252- - name : Notarising Installer and zip
253- if : runner.os == 'macOS' && inputs.sign != 'false' && startsWith(github.ref, 'refs/tags/')
254- shell : bash
255- working-directory : ${{ inputs.app-working-directory }}
256- env :
257- APPLE_PASSWORD : ${{ inputs.sign-macos-apple-password }}
258- run : |
259- gon -log-level=info ${{ inputs.app-working-directory }}/build/darwin/gon-notarize.json
260- # Windows signing
261- - name : Sign Windows binaries
262- shell : powershell
263- if : runner.os == 'Windows' && inputs.sign != 'false' && inputs.sign-windows-cert != ''
264- working-directory : ${{ inputs.app-working-directory }}
265- run : |
266- echo "Creating certificate file"
267- New-Item -ItemType directory -Path certificate
268- Set-Content -Path certificate\certificate.txt -Value '${{ inputs.sign-windows-cert }}'
269- certutil -decode certificate\certificate.txt certificate\certificate.pfx
270- echo "Signing our binaries"
271- & 'C:/Program Files (x86)/Windows Kits/10/bin/10.0.17763.0/x86/signtool.exe' sign /fd sha256 /tr http://ts.ssl.com /f certificate\certificate.pfx /p '${{ inputs.sign-windows-cert-password }}' .\build\bin\${{inputs.build-name}}.exe
272- echo "Signing Installer" & 'C:/Program Files (x86)/Windows Kits/10/bin/10.0.17763.0/x86/signtool.exe' sign /fd sha256 /tr http://ts.ssl.com /f certificate\certificate.pfx /p '${{ inputs.sign-windows-cert-password }}' .\build\bin\${{inputs.build-name}}-amd64-installer.exe
273-
274- # Upload build assets
209+ ditto -c -k --keepParent ${{ inputs.app-working-directory }}/bin/ig-desktop.app ${{ inputs.app-working-directory }}/bin/${{inputs.build-name}}.app.zip
210+ rm -rf ${{ inputs.app-working-directory }}/bin/ig-desktop.app
211+ rm ${{ inputs.app-working-directory }}/bin/ig-desktop
275212 - uses : actions/upload-artifact@v4
276213 if : inputs.package == 'true'
277214 with :
0 commit comments