-
Notifications
You must be signed in to change notification settings - Fork 0
98 lines (93 loc) · 3.62 KB
/
release.yml
File metadata and controls
98 lines (93 loc) · 3.62 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
name: Release
on:
push:
tags:
- "v*"
permissions:
contents: write
jobs:
prepare-release:
runs-on: ubuntu-latest
steps:
- name: Ensure release exists
env:
GH_TOKEN: ${{ github.token }}
run: |
TAG="${GITHUB_REF_NAME}"
TITLE="CodexControl ${TAG#v}"
gh release view "$TAG" --repo ademisler/codexcontrol >/dev/null 2>&1 || gh release create "$TAG" --repo ademisler/codexcontrol --title "$TITLE" --generate-notes
macos-release:
needs: prepare-release
runs-on: macos-15
steps:
- uses: actions/checkout@v5
- name: Import Developer ID certificate
env:
CERT_BASE64: ${{ secrets.APPLE_DEVELOPER_ID_APPLICATION_P12_BASE64 }}
CERT_PASSWORD: ${{ secrets.APPLE_DEVELOPER_ID_APPLICATION_P12_PASSWORD }}
run: |
if [[ -z "$CERT_BASE64" || -z "$CERT_PASSWORD" ]]; then
echo "Skipping Developer ID certificate import."
exit 0
fi
KEYCHAIN_PATH="$RUNNER_TEMP/codexcontrol-signing.keychain-db"
CERT_PATH="$RUNNER_TEMP/codexcontrol-dev-id.p12"
echo "$CERT_BASE64" | base64 --decode > "$CERT_PATH"
security create-keychain -p "" "$KEYCHAIN_PATH"
security set-keychain-settings -lut 21600 "$KEYCHAIN_PATH"
security unlock-keychain -p "" "$KEYCHAIN_PATH"
security import "$CERT_PATH" -k "$KEYCHAIN_PATH" -P "$CERT_PASSWORD" -T /usr/bin/codesign -T /usr/bin/security
security set-key-partition-list -S apple-tool:,apple: -s -k "" "$KEYCHAIN_PATH"
security list-keychains -d user -s "$KEYCHAIN_PATH" login.keychain-db
- name: Store notary credentials
env:
APPLE_ID: ${{ secrets.APPLE_NOTARY_APPLE_ID }}
APPLE_TEAM_ID: ${{ secrets.APPLE_NOTARY_TEAM_ID }}
APPLE_APP_PASSWORD: ${{ secrets.APPLE_NOTARY_APP_PASSWORD }}
run: |
if [[ -z "$APPLE_ID" || -z "$APPLE_TEAM_ID" || -z "$APPLE_APP_PASSWORD" ]]; then
echo "Skipping notary credential setup."
exit 0
fi
xcrun notarytool store-credentials "codexcontrol-notary" \
--apple-id "$APPLE_ID" \
--team-id "$APPLE_TEAM_ID" \
--password "$APPLE_APP_PASSWORD"
- name: Build release artifacts
env:
CODE_SIGN_IDENTITY: ${{ secrets.APPLE_DEVELOPER_ID_APPLICATION_IDENTITY }}
run: |
if [[ -n "${{ secrets.APPLE_NOTARY_APPLE_ID }}" && -n "${{ secrets.APPLE_NOTARY_TEAM_ID }}" && -n "${{ secrets.APPLE_NOTARY_APP_PASSWORD }}" ]]; then
export NOTARY_KEYCHAIN_PROFILE="codexcontrol-notary"
fi
./Scripts/build_release_artifacts.sh
- name: Publish GitHub release
env:
GH_TOKEN: ${{ github.token }}
run: |
TAG="${GITHUB_REF_NAME}"
gh release upload "$TAG" \
ReleaseArtifacts/CodexControl-macos.zip \
ReleaseArtifacts/CodexControl-macos.zip.sha256 \
--clobber
windows-release:
needs: prepare-release
runs-on: windows-latest
steps:
- uses: actions/checkout@v5
- uses: actions/setup-python@v5
with:
python-version: "3.12"
- name: Build Windows release package
shell: pwsh
run: .\windows\package_release.ps1 -Clean
- name: Publish Windows assets
env:
GH_TOKEN: ${{ github.token }}
shell: bash
run: |
TAG="${GITHUB_REF_NAME}"
gh release upload "$TAG" \
ReleaseArtifacts/CodexControl-windows.zip \
ReleaseArtifacts/CodexControl-windows.zip.sha256 \
--clobber