Update build.yml #572
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Specify 6 CI | |
| on: [push] | |
| jobs: | |
| build: | |
| name: Build and Package Specify 6 | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v2 | |
| - name: Unbase64 code signing certs | |
| run: | | |
| echo $MAC_PKCS12 | base64 -d > packaging/expdevidapp.p12 | |
| echo $WIN_PKCS12 | base64 -d > packaging/certwithroot.pfx | |
| env: | |
| WIN_PKCS12: ${{ secrets.WIN_PKCS12 }} | |
| MAC_PKCS12: ${{ secrets.MAC_PKCS12_V2 }} | |
| - name: Set up JDK 1.8 | |
| uses: actions/setup-java@v1 | |
| with: | |
| java-version: 1.8 | |
| - name: Compile Specify 6 | |
| run: ant -noinput -buildfile build.xml compile-nonmac | |
| - name: Compile Specify 6 for Mac | |
| run: ant -noinput -buildfile build.xml compile-mac | |
| - name: Get Install4j from cache | |
| id: cache-install4j | |
| uses: actions/cache@v1 | |
| with: | |
| path: install4j8.0.11 | |
| key: install4j8.0.11-cache | |
| - name: Download Install4j | |
| if: steps.cache-install4j.outputs.cache-hit != 'true' | |
| run: | | |
| wget https://download-gcdn.ej-technologies.com/install4j/install4j_unix_8_0_11.tar.gz | |
| tar -zxvf install4j_unix_8_0_11.tar.gz | |
| - name: Set Install4j license | |
| run: install4j8.0.11/bin/install4jc --license=$INSTALL4J_LICENSE | |
| env: | |
| INSTALL4J_LICENSE: ${{ secrets.INSTALL4J8_LICENSE }} | |
| - name: Package Specify 6 | |
| run: > | |
| ant -noinput -buildfile build.xml -Dinstall4j.dir=./install4j8.0.11 | |
| -Dwin-keystore-password=$WIN_KEYSTORE_PASSWORD -Dmac-keystore-password=$MAC_KEYSTORE_PASSWORD | |
| -Dwin.pkcs12=certwithroot.pfx -Dmac.pkcs12=expdevidapp.p12 -Dcode.signing=true | |
| package-all | |
| env: | |
| WIN_KEYSTORE_PASSWORD: ${{ secrets.WIN_KEYSTORE_PASSWORD }} | |
| MAC_KEYSTORE_PASSWORD: ${{ secrets.MAC_KEYSTORE_PASSWORD_V2 }} | |
| - name: Upload Specify_windows_64.exe as artifact | |
| uses: actions/upload-artifact@v1 | |
| with: | |
| name: Specify_windows_64 | |
| path: packages/Specify_windows_64.exe | |
| - name: Upload Specify_unix_64.sh as artifact | |
| uses: actions/upload-artifact@v1 | |
| with: | |
| name: Specify_unix_64 | |
| path: packages/Specify_unix_64.sh | |
| - name: Upload Specify_macos.dmg as artifact | |
| uses: actions/upload-artifact@v1 | |
| with: | |
| name: Specify_macos | |
| path: packages/Specify_macos.dmg | |
| - name: Upload updates.xml as artifact | |
| uses: actions/upload-artifact@v1 | |
| with: | |
| name: updates.xml | |
| path: packages/updates.xml | |
| notarize: | |
| name: Notarize the Specify 6 Mac package | |
| needs: build | |
| runs-on: macos-latest | |
| steps: | |
| - name: Download Specify_macos artifact | |
| uses: actions/download-artifact@v1 | |
| with: | |
| name: Specify_macos | |
| - name: Inspect directory structure | |
| run: | | |
| echo "Current directory:" | |
| pwd | |
| echo "Contents of current directory:" | |
| ls -R | |
| - name: Sign binaries in JAR files | |
| run: | | |
| # For libgluegen-rt.jnilib | |
| GLUEGEN_JAR=$(find . -name "gluegen-rt-natives-macosx-universal.jar") | |
| if [ -n "$GLUEGEN_JAR" ]; then | |
| mkdir -p temp_gluegen | |
| cd temp_gluegen | |
| unzip "../$GLUEGEN_JAR" | |
| if [ -f "libgluegen-rt.jnilib" ]; then | |
| codesign --force --options runtime --sign "Developer ID Application: $APPLE_TEAM_ID" --timestamp libgluegen-rt.jnilib | |
| zip -u "../$GLUEGEN_JAR" libgluegen-rt.jnilib | |
| else | |
| echo "libgluegen-rt.jnilib not found in the JAR" | |
| fi | |
| cd .. | |
| rm -rf temp_gluegen | |
| else | |
| echo "gluegen-rt-natives-macosx-universal.jar not found" | |
| fi | |
| # For mac-universal.lib | |
| SQLITE_JAR=$(find . -name "sqlitejdbc.jar") | |
| if [ -n "$SQLITE_JAR" ]; then | |
| mkdir -p temp_sqlitejdbc | |
| cd temp_sqlitejdbc | |
| unzip "../$SQLITE_JAR" | |
| if [ -f "mac-universal.lib" ]; then | |
| codesign --force --options runtime --sign "Developer ID Application: $APPLE_TEAM_ID" --timestamp mac-universal.lib | |
| zip -u "../$SQLITE_JAR" mac-universal.lib | |
| else | |
| echo "mac-universal.lib not found in the JAR" | |
| fi | |
| cd .. | |
| rm -rf temp_sqlitejdbc | |
| else | |
| echo "sqlitejdbc.jar not found" | |
| fi | |
| env: | |
| APPLE_TEAM_ID: ${{ secrets.APPLE_TEAM_ID }} | |
| - name: Re-sign the application | |
| run: | | |
| APP_PATH=$(find . -name "*.app" -type d) | |
| if [ -n "$APP_PATH" ]; then | |
| codesign --force --options runtime --sign "Developer ID Application: $APPLE_TEAM_ID" --timestamp "$APP_PATH" | |
| else | |
| echo "No .app directory found" | |
| exit 1 | |
| fi | |
| env: | |
| APPLE_TEAM_ID: ${{ secrets.APPLE_TEAM_ID }} | |
| - name: Create new DMG | |
| run: | | |
| APP_PATH=$(find . -name "*.app" -type d) | |
| hdiutil create -volname "Specify Installer" -srcfolder "$APP_PATH" -ov -format UDZO Specify_macos_signed.dmg | |
| - name: Notarize the Mac package | |
| run: | | |
| SUBMISSION_ID=$(xcrun notarytool submit Specify_macos_signed.dmg \ | |
| --apple-id "[email protected]" \ | |
| --password "$AC_PASSWORD" \ | |
| --team-id "$APPLE_TEAM_ID" \ | |
| --output-format json | jq -r '.id') | |
| echo "Submission ID: $SUBMISSION_ID" | |
| xcrun notarytool wait "$SUBMISSION_ID" \ | |
| --apple-id "[email protected]" \ | |
| --password "$AC_PASSWORD" \ | |
| --team-id "$APPLE_TEAM_ID" | |
| NOTARIZATION_STATUS=$(xcrun notarytool info "$SUBMISSION_ID" \ | |
| --apple-id "[email protected]" \ | |
| --password "$AC_PASSWORD" \ | |
| --team-id "$APPLE_TEAM_ID" \ | |
| --output-format json | jq -r '.status') | |
| if [ "$NOTARIZATION_STATUS" != "Accepted" ]; then | |
| echo "Notarization failed. Fetching logs..." | |
| xcrun notarytool log "$SUBMISSION_ID" \ | |
| --apple-id "[email protected]" \ | |
| --password "$AC_PASSWORD" \ | |
| --team-id "$APPLE_TEAM_ID" | |
| exit 1 | |
| fi | |
| env: | |
| AC_PASSWORD: ${{ secrets.AC_PASSWORD }} | |
| APPLE_TEAM_ID: ${{ secrets.APPLE_TEAM_ID }} | |
| - name: Staple the notarization ticket to the installer | |
| run: xcrun stapler staple Specify_macos_signed.dmg | |
| - name: Upload the stapled Specify_macos.dmg as artifact | |
| uses: actions/upload-artifact@v1 | |
| with: | |
| name: Specify_macos_with_ticket | |
| path: Specify_macos_signed.dmg | |
| release: | |
| name: Create a Specify 6 release | |
| needs: [build, notarize] | |
| if: startsWith(github.ref, 'refs/tags/') | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Download Specify_windows_64 artifact | |
| uses: actions/download-artifact@v1 | |
| with: | |
| name: Specify_windows_64 | |
| - name: Download Specify_unix_64 artifact | |
| uses: actions/download-artifact@v1 | |
| with: | |
| name: Specify_unix_64 | |
| - name: Download Specify_macos_with_ticket artifact | |
| uses: actions/download-artifact@v1 | |
| with: | |
| name: Specify_macos_with_ticket | |
| - name: Download updates.xml artifact | |
| uses: actions/download-artifact@v1 | |
| with: | |
| name: updates.xml | |
| - name: Create release | |
| uses: softprops/action-gh-release@v1 | |
| with: | |
| draft: true | |
| prerelease: true | |
| files: | | |
| Specify_windows_64/* | |
| Specify_unix_64/* | |
| Specify_macos_with_ticket/* | |
| updates.xml/* | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} |