From 375b706ad16df679edaba0d037d1b211122fca28 Mon Sep 17 00:00:00 2001 From: Robin Sommer Date: Sun, 21 Jan 2024 07:57:15 +0100 Subject: [PATCH] Extend CI setup to build releases. Note that release binaries aren't notarized yet. --- .github/workflows/main.yml | 91 +++++++++++++++++++++++++++++++- CHANGES | 10 ++-- Makefile | 19 +++++-- VERSION | 2 +- qlview.xcodeproj/project.pbxproj | 6 +++ qlview/Info.plist | 4 +- 6 files changed, 119 insertions(+), 13 deletions(-) diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index a6f0af8..24b39d3 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -3,14 +3,101 @@ name: CI pipeline on: push jobs: - build: + adhoc: runs-on: macos-14 steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@v4 + + - name: Build code + run: make adhoc + + release: + runs-on: macos-14 + environment: release-macos + + steps: + - uses: actions/checkout@v4 + + - name: Install the Apple certificate and provisioning profile + env: + BUILD_CERTIFICATE_BASE64: ${{ secrets.BUILD_CERTIFICATE_BASE64 }} + P12_PASSWORD: ${{ secrets.P12_PASSWORD }} + BUILD_PROVISION_PROFILE_BASE64: ${{ secrets.BUILD_PROVISION_PROFILE_BASE64 }} + KEYCHAIN_PASSWORD: ${{ secrets.KEYCHAIN_PASSWORD }} + run: | + # create variables + CERTIFICATE_PATH=$RUNNER_TEMP/build_certificate.p12 + PP_PATH=$RUNNER_TEMP/build_pp.mobileprovision + KEYCHAIN_PATH=$RUNNER_TEMP/app-signing.keychain-db + + # import certificate profile from secrets + echo -n "$BUILD_CERTIFICATE_BASE64" | base64 --decode -o $CERTIFICATE_PATH + + # create temporary keychain + security create-keychain -p "$KEYCHAIN_PASSWORD" $KEYCHAIN_PATH + security set-keychain-settings -lut 21600 $KEYCHAIN_PATH + security unlock-keychain -p "$KEYCHAIN_PASSWORD" $KEYCHAIN_PATH + + # import certificate to keychain + security import $CERTIFICATE_PATH -P "$P12_PASSWORD" -A -t cert -f pkcs12 -k $KEYCHAIN_PATH + security list-keychain -d user -s $KEYCHAIN_PATH - name: Build code run: make release - name: Run check run: make check + + - name: Build ZIP + run: | + make dist + (cd build && echo "DIST=$(echo *.zip)" >>$GITHUB_ENV) + + - uses: actions/upload-artifact@v4 + with: + name: ${{env.DIST}} + path: build/${{env.DIST}} + + - name: Clean up keychain + if: ${{ always() }} + run: | + security delete-keychain $RUNNER_TEMP/app-signing.keychain-db + + publish_release: + permissions: + contents: write + + runs-on: macos-14 + if: (startsWith(github.ref, 'refs/tags/v') && !contains(github.ref, '-dev')) + needs: [release] + + steps: + - name: Checkout code + uses: actions/checkout@v4 + with: + submodules: recursive + + - name: Prepare release message + run: | + cat CHANGES | awk '/^[0-9]+\./{ n++; next; } n < 2 { print }' >${{ runner.temp }}/release-msg + echo "release_name=$(echo ${{ github.ref_name }} | sed 's/^v//')" >> $GITHUB_ENV + + - uses: actions/download-artifact@v4 + with: + path: artifacts + + - name: Display artifacts + run: ls -al artifacts/*/* + + - name: Upload artifacts + uses: softprops/action-gh-release@v1 + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + with: + draft: false + prerelease: false + name: ${{ env.release_name }} + body_path: ${{ runner.temp }}/release-msg + files: | + artifacts/*/*.zip diff --git a/CHANGES b/CHANGES index 0885808..278ee80 100644 --- a/CHANGES +++ b/CHANGES @@ -1,6 +1,4 @@ -0.1-3 | 2024-01-20 22:29:20 +0100 - - * Polish code infrastructure. +0.2 | 2024-02-03 22:24:03 +0100 * Implement printing. @@ -9,7 +7,11 @@ open them in their corresponding applications first and print from there. - * Remove unneccessary state. + * Extend CI setup to build releases. + + * Polish code infrastructure. + + * Remove unnecessary state. 0.1 | 2024-01-07 15:03:19 +0100 diff --git a/Makefile b/Makefile index 2454208..d658135 100644 --- a/Makefile +++ b/Makefile @@ -1,12 +1,21 @@ -all: debug +VERSION=$(shell cat VERSION) -debug: - @xcodebuild -quiet -target qlview-adhoc -configuration Debug +all: adhoc + +adhoc: + @xcodebuild -quiet -target qlview-adhoc -configuration Release release: @xcodebuild -quiet -target qlview-signed -configuration Release -check: +check: release codesign --verify --verbose build/Release/qlview - codesign --display --verbose=4 build/Release/qlview 2>&1 | grep Signed + spctl --assess --verbose build/Release/qlview + +dist: release + @rm -rf build/dist + @mkdir -p build/dist + cp -R build/Release/qlview build/dist + cd build/dist && zip -r ../qlview-$(VERSION).zip * + @ls build/*.zip diff --git a/VERSION b/VERSION index 2eaed16..3b04cfb 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -0.1-3 +0.2 diff --git a/qlview.xcodeproj/project.pbxproj b/qlview.xcodeproj/project.pbxproj index 82db87c..c7598b1 100644 --- a/qlview.xcodeproj/project.pbxproj +++ b/qlview.xcodeproj/project.pbxproj @@ -203,9 +203,12 @@ isa = XCBuildConfiguration; buildSettings = { CLANG_ENABLE_MODULES = YES; + CODE_SIGN_INJECT_BASE_ENTITLEMENTS = NO; CODE_SIGN_STYLE = Automatic; DEVELOPMENT_TEAM = 4UJK727T59; ENABLE_HARDENED_RUNTIME = YES; + OTHER_CODE_SIGN_FLAGS = "--timestamp"; + "PRODUCT_BUNDLE_IDENTIFIER[sdk=macosx*]" = org.rsmmr.qlview; PRODUCT_NAME = qlview; SWIFT_OPTIMIZATION_LEVEL = "-Onone"; SWIFT_VERSION = 5.0; @@ -216,9 +219,12 @@ isa = XCBuildConfiguration; buildSettings = { CLANG_ENABLE_MODULES = YES; + CODE_SIGN_INJECT_BASE_ENTITLEMENTS = NO; CODE_SIGN_STYLE = Automatic; DEVELOPMENT_TEAM = 4UJK727T59; ENABLE_HARDENED_RUNTIME = YES; + OTHER_CODE_SIGN_FLAGS = "--timestamp"; + "PRODUCT_BUNDLE_IDENTIFIER[sdk=macosx*]" = org.rsmmr.qlview; PRODUCT_NAME = qlview; SWIFT_VERSION = 5.0; }; diff --git a/qlview/Info.plist b/qlview/Info.plist index 9ab382b..3f1d8a7 100644 --- a/qlview/Info.plist +++ b/qlview/Info.plist @@ -4,11 +4,13 @@ CFBundleDevelopmentRegion English + CFBundleIdentifier + $(PRODUCT_BUNDLE_IDENTIFIER) CFBundleInfoDictionaryVersion 6.0 CFBundleName qlview CFBundleVersion - 0.1-3 + 0.2