Add debugging for notarization #570
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Specify 6 CI | |
| on: [push] | |
| jobs: | |
| build: | |
| name: Build and Package Specify 6 | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v2 | |
| - name: Unbase64 code signing certs | |
| run: | | |
| echo $MAC_PKCS12 | base64 -d > packaging/expdevidapp.p12 | |
| echo $WIN_PKCS12 | base64 -d > packaging/certwithroot.pfx | |
| env: | |
| WIN_PKCS12: ${{ secrets.WIN_PKCS12 }} | |
| MAC_PKCS12: ${{ secrets.MAC_PKCS12_V2 }} | |
| - name: Set up JDK 1.8 | |
| uses: actions/setup-java@v1 | |
| with: | |
| java-version: 1.8 | |
| - name: Compile Specify 6 | |
| run: ant -noinput -buildfile build.xml compile-nonmac | |
| - name: Compile Specify 6 for Mac | |
| run: ant -noinput -buildfile build.xml compile-mac | |
| - name: Get Install4j from cache | |
| id: cache-install4j | |
| uses: actions/cache@v1 | |
| with: | |
| path: install4j8.0.11 | |
| key: install4j8.0.11-cache | |
| - name: Download Install4j | |
| if: steps.cache-install4j.outputs.cache-hit != 'true' | |
| run: | | |
| wget https://download-gcdn.ej-technologies.com/install4j/install4j_unix_8_0_11.tar.gz | |
| tar -zxvf install4j_unix_8_0_11.tar.gz | |
| - name: Set Install4j license | |
| run: install4j8.0.11/bin/install4jc --license=$INSTALL4J_LICENSE | |
| env: | |
| INSTALL4J_LICENSE: ${{ secrets.INSTALL4J8_LICENSE }} | |
| - name: Package Specify 6 | |
| run: > | |
| ant -noinput -buildfile build.xml -Dinstall4j.dir=./install4j8.0.11 | |
| -Dwin-keystore-password=$WIN_KEYSTORE_PASSWORD -Dmac-keystore-password=$MAC_KEYSTORE_PASSWORD | |
| -Dwin.pkcs12=certwithroot.pfx -Dmac.pkcs12=expdevidapp.p12 -Dcode.signing=true | |
| package-all | |
| env: | |
| WIN_KEYSTORE_PASSWORD: ${{ secrets.WIN_KEYSTORE_PASSWORD }} | |
| MAC_KEYSTORE_PASSWORD: ${{ secrets.MAC_KEYSTORE_PASSWORD_V2 }} | |
| - name: Upload Specify_windows_64.exe as artifact | |
| uses: actions/upload-artifact@v1 | |
| with: | |
| name: Specify_windows_64 | |
| path: packages/Specify_windows_64.exe | |
| - name: Upload Specify_unix_64.sh as artifact | |
| uses: actions/upload-artifact@v1 | |
| with: | |
| name: Specify_unix_64 | |
| path: packages/Specify_unix_64.sh | |
| - name: Upload Specify_macos.dmg as artifact | |
| uses: actions/upload-artifact@v1 | |
| with: | |
| name: Specify_macos | |
| path: packages/Specify_macos.dmg | |
| - name: Upload updates.xml as artifact | |
| uses: actions/upload-artifact@v1 | |
| with: | |
| name: updates.xml | |
| path: packages/updates.xml | |
| notarize: | |
| name: Notarize the Specify 6 Mac package | |
| needs: build | |
| runs-on: macos-latest | |
| steps: | |
| - name: Download Specify_macos artifact | |
| uses: actions/download-artifact@v1 | |
| with: | |
| name: Specify_macos | |
| - name: Notarize the Mac package | |
| run: | | |
| SUBMISSION_ID=$(xcrun notarytool submit Specify_macos/Specify_macos.dmg \ | |
| --apple-id "[email protected]" \ | |
| --password "$AC_PASSWORD" \ | |
| --team-id "$APPLE_TEAM_ID" \ | |
| --output-format json | jq -r '.id') | |
| echo "Submission ID: $SUBMISSION_ID" | |
| xcrun notarytool wait "$SUBMISSION_ID" \ | |
| --apple-id "[email protected]" \ | |
| --password "$AC_PASSWORD" \ | |
| --team-id "$APPLE_TEAM_ID" | |
| NOTARIZATION_STATUS=$(xcrun notarytool info "$SUBMISSION_ID" \ | |
| --apple-id "[email protected]" \ | |
| --password "$AC_PASSWORD" \ | |
| --team-id "$APPLE_TEAM_ID" \ | |
| --output-format json | jq -r '.status') | |
| if [ "$NOTARIZATION_STATUS" != "Accepted" ]; then | |
| echo "Notarization failed. Fetching logs..." | |
| xcrun notarytool log "$SUBMISSION_ID" \ | |
| --apple-id "[email protected]" \ | |
| --password "$AC_PASSWORD" \ | |
| --team-id "$APPLE_TEAM_ID" | |
| exit 1 | |
| fi | |
| env: | |
| AC_PASSWORD: ${{ secrets.AC_PASSWORD }} | |
| APPLE_TEAM_ID: ${{ secrets.APPLE_TEAM_ID }} | |
| - name: Staple the notarization ticket to the installer | |
| run: xcrun stapler staple Specify_macos/Specify_macos.dmg | |
| - name: Upload the stapled Specify_macos.dmg as artifact | |
| uses: actions/upload-artifact@v1 | |
| with: | |
| name: Specify_macos_with_ticket | |
| path: Specify_macos/Specify_macos.dmg | |
| release: | |
| name: Create a Specify 6 release | |
| needs: [build, notarize] | |
| if: startsWith(github.ref, 'refs/tags/') | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Download Specify_windows_64 artifact | |
| uses: actions/download-artifact@v1 | |
| with: | |
| name: Specify_windows_64 | |
| - name: Download Specify_unix_64 artifact | |
| uses: actions/download-artifact@v1 | |
| with: | |
| name: Specify_unix_64 | |
| - name: Download Specify_macos_with_ticket artifact | |
| uses: actions/download-artifact@v1 | |
| with: | |
| name: Specify_macos_with_ticket | |
| - name: Download updates.xml artifact | |
| uses: actions/download-artifact@v1 | |
| with: | |
| name: updates.xml | |
| - name: Create release | |
| uses: softprops/action-gh-release@v1 | |
| with: | |
| draft: true | |
| prerelease: true | |
| files: | | |
| Specify_windows_64/* | |
| Specify_unix_64/* | |
| Specify_macos_with_ticket/* | |
| updates.xml/* | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} |