From d1c3a3e9f897664c5435ad72663506d00455decb Mon Sep 17 00:00:00 2001 From: David Kocher Date: Mon, 28 Apr 2025 17:42:44 +0200 Subject: [PATCH 01/10] Upload release artifacts. --- .github/workflows/snapshot.yml | 17 ++++++++++++++++- 1 file changed, 16 insertions(+), 1 deletion(-) diff --git a/.github/workflows/snapshot.yml b/.github/workflows/snapshot.yml index bad50a45b32..50f6cd86a6f 100644 --- a/.github/workflows/snapshot.yml +++ b/.github/workflows/snapshot.yml @@ -42,4 +42,19 @@ jobs: run: mvn --batch-mode deploy -DskipTests -DskipITs -DskipSign -DskipNotarize env: AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} - AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} \ No newline at end of file + AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} + - name: Upload Artifacts + uses: actions/upload-artifact@v4 + with: + name: Snapshot Binaries + path: |- + osx/target/release/*.zip + osx/target/release/*.pkg + windows/target/release/*.exe + windows/target/release/*.msi + windows/target/release/*.appx + cli/osx/target/release/*.pkg + cli/linux/target/release/*.deb + cli/linux/target/release/*.rpm + cli/windows/target/release/*.exe + cli/windows/target/release/*.msi \ No newline at end of file From 7abf49c7937f2efb7a78450b309bee736bb05f12 Mon Sep 17 00:00:00 2001 From: David Kocher Date: Mon, 28 Apr 2025 17:43:29 +0200 Subject: [PATCH 02/10] Copy private key for signing update feed to build environment. --- .github/workflows/snapshot.yml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/.github/workflows/snapshot.yml b/.github/workflows/snapshot.yml index 50f6cd86a6f..a3658bd9b8b 100644 --- a/.github/workflows/snapshot.yml +++ b/.github/workflows/snapshot.yml @@ -38,6 +38,10 @@ jobs: uses: crazy-max/ghaction-chocolatey@v3 with: args: install openssl -y + - name: Copy Sparkle Updater Private Key (DSA) + run: ${{ env.SPARKLE_PRIVATE_KEY_DSA }} > www/update/private.pem + env: + SPARKLE_PRIVATE_KEY_DSA: ${{ secrets.SPARKLE_PRIVATE_KEY_DSA }} - name: Build with Maven run: mvn --batch-mode deploy -DskipTests -DskipITs -DskipSign -DskipNotarize env: From 5e1509dda2aa16e2703e40723cebaea3e01503d9 Mon Sep 17 00:00:00 2001 From: David Kocher Date: Mon, 28 Apr 2025 17:43:49 +0200 Subject: [PATCH 03/10] Activate profile to build and sign installers. --- .github/workflows/snapshot.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/snapshot.yml b/.github/workflows/snapshot.yml index a3658bd9b8b..3f70c7b3fb2 100644 --- a/.github/workflows/snapshot.yml +++ b/.github/workflows/snapshot.yml @@ -43,7 +43,7 @@ jobs: env: SPARKLE_PRIVATE_KEY_DSA: ${{ secrets.SPARKLE_PRIVATE_KEY_DSA }} - name: Build with Maven - run: mvn --batch-mode deploy -DskipTests -DskipITs -DskipSign -DskipNotarize + run: mvn --batch-mode deploy -Pinstaller -DskipTests -DskipITs -DskipNotarize env: AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} From 8e7d18e7e6cadb8714be9f6c582d3304e874a80b Mon Sep 17 00:00:00 2001 From: David Kocher Date: Sun, 25 May 2025 18:41:12 +0200 Subject: [PATCH 04/10] Remove duplicate. --- .github/workflows/build.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 3e27a60d15d..5613c589f26 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -22,7 +22,7 @@ jobs: - name: Disable Testcontainers for Windows and MacOS run: echo "args=-P=no-testcontainers" >> "$GITHUB_ENV" shell: bash - if: runner.os == 'windows' || runner.os == 'macos' || runner.os == 'macos' + if: runner.os == 'windows' || runner.os == 'macos' - run: msiexec /i setup\wix\Bonjour64.msi /Quiet /Passive /NoRestart if: runner.os == 'windows' - uses: ilammy/msvc-dev-cmd@v1 From e2010eea34c39bc36391b9a970b37394f91d1499 Mon Sep 17 00:00:00 2001 From: David Kocher Date: Sun, 25 May 2025 18:42:34 +0200 Subject: [PATCH 05/10] Review runner conditions. --- .github/workflows/snapshot.yml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/snapshot.yml b/.github/workflows/snapshot.yml index 3f70c7b3fb2..b19f6fddf9b 100644 --- a/.github/workflows/snapshot.yml +++ b/.github/workflows/snapshot.yml @@ -21,20 +21,20 @@ jobs: java-version: 21 cache: maven - name: Add msbuild to PATH - if: ${{ runner.os == 'Windows' }} + if: runner.os == 'windows' uses: microsoft/setup-msbuild@v2 - name: Install Bonjour SDK - if: ${{ runner.os == 'Windows' }} + if: runner.os == 'windows' uses: crazy-max/ghaction-chocolatey@v3 with: args: install bonjour -y - name: Install WiX Toolset - if: ${{ runner.os == 'Windows' }} + if: runner.os == 'windows' uses: crazy-max/ghaction-chocolatey@v3 with: args: install wixtoolset -y - name: Install OpenSSL - if: ${{ runner.os == 'Windows' }} + if: runner.os == 'windows' uses: crazy-max/ghaction-chocolatey@v3 with: args: install openssl -y From 36149c99c0fcff34144b89aab2db3532f61d7fb4 Mon Sep 17 00:00:00 2001 From: David Kocher Date: Sun, 25 May 2025 18:53:47 +0200 Subject: [PATCH 06/10] Create keychain. --- .github/workflows/snapshot.yml | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/.github/workflows/snapshot.yml b/.github/workflows/snapshot.yml index b19f6fddf9b..b3e33646c1b 100644 --- a/.github/workflows/snapshot.yml +++ b/.github/workflows/snapshot.yml @@ -42,11 +42,20 @@ jobs: run: ${{ env.SPARKLE_PRIVATE_KEY_DSA }} > www/update/private.pem env: SPARKLE_PRIVATE_KEY_DSA: ${{ secrets.SPARKLE_PRIVATE_KEY_DSA }} + - name: Import Code-Signing Certificate + if: runner.os == 'macos' + uses: apple-actions/import-codesign-certs@v3 + with: + keychain: 'codesign.keychain' + create-keychain: true + p12-file-base64: ${{ secrets.CODESIGN_MACOS_CERTIFICATES_BASE64 }} + p12-password: ${{ secrets.CODESIGN_MACOS_CERTIFICATES_PASSWORD }} - name: Build with Maven run: mvn --batch-mode deploy -Pinstaller -DskipTests -DskipITs -DskipNotarize env: AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} + KEYCHAIN_PATH: 'codesign.keychain' - name: Upload Artifacts uses: actions/upload-artifact@v4 with: From 7690d6a282462b139a65b409c9adbd7705c3c1ac Mon Sep 17 00:00:00 2001 From: David Kocher Date: Sun, 25 May 2025 18:58:43 +0200 Subject: [PATCH 07/10] Copy private key for signing update feed to build environment. --- .github/workflows/snapshot.yml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/.github/workflows/snapshot.yml b/.github/workflows/snapshot.yml index b3e33646c1b..e9bce5f91d5 100644 --- a/.github/workflows/snapshot.yml +++ b/.github/workflows/snapshot.yml @@ -42,6 +42,10 @@ jobs: run: ${{ env.SPARKLE_PRIVATE_KEY_DSA }} > www/update/private.pem env: SPARKLE_PRIVATE_KEY_DSA: ${{ secrets.SPARKLE_PRIVATE_KEY_DSA }} + - name: Copy Sparkle Updater Private Key (ED25519) + run: ${{ env.SPARKLE_PRIVATE_KEY_ED25519 }} > www/update/private-ed25519.pem + env: + SPARKLE_PRIVATE_KEY_ED25519: ${{ secrets.SPARKLE_PRIVATE_KEY_ED25519 }} - name: Import Code-Signing Certificate if: runner.os == 'macos' uses: apple-actions/import-codesign-certs@v3 From 674ebf338ab29ec0425e430b7c54ba1abc58b633 Mon Sep 17 00:00:00 2001 From: David Kocher Date: Sun, 25 May 2025 19:00:43 +0200 Subject: [PATCH 08/10] Enable notarization. --- .github/workflows/snapshot.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/snapshot.yml b/.github/workflows/snapshot.yml index e9bce5f91d5..5df62962e8d 100644 --- a/.github/workflows/snapshot.yml +++ b/.github/workflows/snapshot.yml @@ -55,7 +55,7 @@ jobs: p12-file-base64: ${{ secrets.CODESIGN_MACOS_CERTIFICATES_BASE64 }} p12-password: ${{ secrets.CODESIGN_MACOS_CERTIFICATES_PASSWORD }} - name: Build with Maven - run: mvn --batch-mode deploy -Pinstaller -DskipTests -DskipITs -DskipNotarize + run: mvn --batch-mode deploy -Pinstaller -DskipTests -DskipITs env: AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} From c51e562c6d7e11777a8229a91d128064a10f9c87 Mon Sep 17 00:00:00 2001 From: David Kocher Date: Sun, 25 May 2025 19:00:52 +0200 Subject: [PATCH 09/10] Set feed channel. --- .github/workflows/snapshot.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/snapshot.yml b/.github/workflows/snapshot.yml index 5df62962e8d..9c595e993d1 100644 --- a/.github/workflows/snapshot.yml +++ b/.github/workflows/snapshot.yml @@ -55,7 +55,7 @@ jobs: p12-file-base64: ${{ secrets.CODESIGN_MACOS_CERTIFICATES_BASE64 }} p12-password: ${{ secrets.CODESIGN_MACOS_CERTIFICATES_PASSWORD }} - name: Build with Maven - run: mvn --batch-mode deploy -Pinstaller -DskipTests -DskipITs + run: mvn --batch-mode deploy -Pinstaller -DskipTests -DskipITs -D"sparkle.feed=nightly" env: AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} From 6b3105d298517e471c9d13971eebb1a5afa913ab Mon Sep 17 00:00:00 2001 From: David Kocher Date: Sun, 25 May 2025 19:21:04 +0200 Subject: [PATCH 10/10] Run for pushed tag. --- .github/workflows/snapshot.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/snapshot.yml b/.github/workflows/snapshot.yml index 9c595e993d1..a949206b401 100644 --- a/.github/workflows/snapshot.yml +++ b/.github/workflows/snapshot.yml @@ -1,6 +1,7 @@ name: Publish Snapshot Artifacts on: push: + tags: [ '*' ] branches: - master jobs: