Skip to content

Commit 13c76c9

Browse files
chensjlvchensjlv
committed
add githu workflow
fix
1 parent 7e64c81 commit 13c76c9

File tree

4 files changed

+163
-78
lines changed

4 files changed

+163
-78
lines changed

.github/dependabot.yml

Lines changed: 0 additions & 11 deletions
This file was deleted.

.github/workflows/build-and-release.yml

Lines changed: 163 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,163 @@
1+
name: Build and Release Protols
2+
3+
concurrency:
4+
group: ${{ github.workflow }}-${{ github.ref }}
5+
cancel-in-progress: ${{ github.event_name == 'pull_request' }}
6+
7+
on:
8+
push:
9+
branches:
10+
- main
11+
workflow_dispatch:
12+
13+
jobs:
14+
build-and-release:
15+
strategy:
16+
matrix:
17+
os: [macos-15-large, macos-15-xlarge, ubuntu-latest]
18+
runs-on: ${{ matrix.os }}
19+
steps:
20+
- name: Checkout repository
21+
uses: actions/checkout@v4
22+
23+
- name: Set up Go
24+
uses: actions/setup-go@v5
25+
with:
26+
go-version: 1.22
27+
28+
- name: Decode and import the certificate
29+
if: ${{ matrix.os == 'macos-15-large' || matrix.os == 'macos-15-xlarge' }}
30+
run: |
31+
# Decode the base64-encoded certificate and save it as a .p12 file
32+
echo "${{ secrets.CERTIFICATE_P12_BASE64 }}" | base64 --decode > certificate.p12
33+
34+
# Import the .p12 certificate into the macOS keychain
35+
security create-keychain -p "temp-password" build.keychain
36+
security import certificate.p12 -k build.keychain -P "${{ secrets.CERTIFICATE_PASSWORD }}" -T /usr/bin/codesign
37+
38+
# Set the keychain as default and unlock it
39+
security list-keychains -s build.keychain
40+
security unlock-keychain -p "temp-password" build.keychain
41+
42+
# Set keychain settings to prevent it from locking automatically
43+
security set-keychain-settings build.keychain
44+
45+
# Pre-authorize codesign to access the certificate
46+
security set-key-partition-list -S apple-tool:,apple: -s -k "temp-password" build.keychain
47+
48+
echo "SIGN_IDENTITY=${{ secrets.SIGN_IDENTITY }}" >> $GITHUB_ENV
49+
echo "APPLE_ID=${{ secrets.APPLE_ID }}" >> $GITHUB_ENV
50+
echo "APPLE_APP_SPECIFIC_PASSWORD=${{ secrets.APPLE_APP_SPECIFIC_PASSWORD }}" >> $GITHUB_ENV
51+
echo "APPLE_TEAM_ID=${{ secrets.APPLE_TEAM_ID }}" >> $GITHUB_ENV
52+
53+
- name: Build Protols
54+
id: build_protols
55+
run: |
56+
mkdir -p release
57+
GOBIN=$PWD/release go install ./cmd/protols
58+
if [ "${{ matrix.os }}" == "macos-15-xlarge" ]; then
59+
echo "ARCH=arm64" >> $GITHUB_OUTPUT
60+
echo "FILENAME=protols-darwin-arm64.zip" >> $GITHUB_OUTPUT
61+
elif [ "${{ matrix.os }}" == "macos-15-large" ]; then
62+
echo "ARCH=amd64" >> $GITHUB_OUTPUT
63+
echo "FILENAME=protols-darwin-amd64.zip" >> $GITHUB_OUTPUT
64+
else
65+
echo "ARCH=amd64" >> $GITHUB_OUTPUT
66+
echo "FILENAME=protols-linux-amd64.zip" >> $GITHUB_OUTPUT
67+
fi
68+
69+
- name: Prepare Release Assets
70+
run: |
71+
zip -j release/${{ steps.build_protols.outputs.FILENAME }} release/protols
72+
73+
- name: Notarize and Staple
74+
if: ${{ matrix.os == 'macos-15-large' || matrix.os == 'macos-15-xlarge' }}
75+
run: |
76+
# Function to sign, notarize, and staple
77+
notarize_and_staple() {
78+
local package_path="$1"
79+
80+
# Unlock the keychain
81+
security unlock-keychain -p "$KEYCHAIN_PASSWD" ~/Library/Keychains/login.keychain
82+
83+
# Submit for notarization
84+
STATUS=$(xcrun notarytool submit "$package_path" \
85+
--team-id "$APPLE_TEAM_ID" \
86+
--apple-id "$APPLE_ID" \
87+
--password "$APPLE_APP_SPECIFIC_PASSWORD" 2>&1)
88+
89+
# Get the submission ID
90+
SUBMISSION_ID=$(echo "$STATUS" | awk -F ': ' '/id:/ { print $2; exit; }')
91+
echo "Notarization submission ID: $SUBMISSION_ID"
92+
93+
# Wait for notarization to complete
94+
xcrun notarytool wait "$SUBMISSION_ID" \
95+
--team-id "$APPLE_TEAM_ID" \
96+
--apple-id "$APPLE_ID" \
97+
--password "$APPLE_APP_SPECIFIC_PASSWORD"
98+
99+
# Check the notarization status
100+
REQUEST_STATUS=$(xcrun notarytool info "$SUBMISSION_ID" \
101+
--team-id "$APPLE_TEAM_ID" \
102+
--apple-id "$APPLE_ID" \
103+
--password "$APPLE_APP_SPECIFIC_PASSWORD" 2>&1 | \
104+
awk -F ': ' '/status:/ { print $2; }')
105+
106+
if [[ "$REQUEST_STATUS" != "Accepted" ]]; then
107+
echo "Notarization failed."
108+
exit 1
109+
fi
110+
}
111+
112+
# **Step 3: Notarize the Zip Archive**
113+
notarize_and_staple "release/${{ steps.build_protols.outputs.FILENAME }}"
114+
115+
116+
- name: Calculate SHA256 Checksums
117+
id: calculate_sha256
118+
run: |
119+
cd release
120+
echo "SHA256SUMS=$(shasum -a 256 ${{ steps.build_protols.outputs.FILENAME }} | awk '{print $1}')" >> $GITHUB_OUTPUT
121+
122+
- name: Get date
123+
id: get_date
124+
run: |
125+
echo "DATE=$(date +%Y%m%d)" >> $GITHUB_OUTPUT
126+
127+
- name: Delete Existing Release
128+
if: always()
129+
run: |
130+
tag="v${{ steps.get_date.outputs.DATE }}"
131+
release_id=$(gh release view "$tag" --json id -q '.id' 2>/dev/null || echo "")
132+
if [[ -n "$release_id" ]]; then
133+
gh release delete "$tag" -y
134+
fi
135+
env:
136+
GH_TOKEN: ${{ github.token }}
137+
138+
- name: Create GitHub Release
139+
id: create_release
140+
uses: actions/create-release@v1
141+
env:
142+
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
143+
with:
144+
tag_name: "v${{ steps.get_date.outputs.DATE }}"
145+
release_name: "${{ steps.get_date.outputs.DATE }}"
146+
draft: false
147+
prerelease: false
148+
body: |
149+
SHA256 Checksums:
150+
```
151+
${{ steps.calculate_sha256.outputs.SHA256SUMS }}
152+
```
153+
154+
- name: Upload Release Asset
155+
uses: actions/upload-release-asset@v1
156+
env:
157+
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
158+
with:
159+
upload_url: ${{ steps.create_release.outputs.upload_url }}
160+
asset_path: release/${{ steps.build_protols.outputs.FILENAME }}
161+
asset_name: ${{ steps.build_protols.outputs.FILENAME }}
162+
asset_content_type: application/zip
163+

.github/workflows/ci.yaml

Lines changed: 0 additions & 38 deletions
This file was deleted.

.github/workflows/release.yaml

Lines changed: 0 additions & 29 deletions
This file was deleted.

0 commit comments

Comments
 (0)