-
Notifications
You must be signed in to change notification settings - Fork 0
75 lines (63 loc) · 2.8 KB
/
macOS.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
name: macOS
on: [push]
jobs:
build_app:
name: Build and sign macOS app
runs-on: macos-latest
env:
PYTHON: /Library/Frameworks/Python.framework/Versions/3.13/bin/python3
steps:
- name: Checkout repo
uses: actions/checkout@v4
- name: Clone Snappy repo
run: |
git clone https://github.com/3-manifolds/snappy/
- name: Download frameworks for py2app
uses: dawidd6/action-download-artifact@v6
with:
github_token: ${{secrets.GITHUB_TOKEN}}
repo: 3-manifolds/frameworks
workflow: build.yml
workflow_conclusion: success
branch: python_3.13
name: Frameworks.tgz
path: frameworks
- name: Install the Apple certificate and provisioning profile
env:
BUILD_CERTIFICATE_BASE64: ${{ secrets.BUILD_CERTIFICATE_BASE64 }}
P12_PASSWORD: ${{ secrets.P12_PASSWORD }}
KEYCHAIN_PASSWORD: ${{ secrets.KEYCHAIN_PASSWORD }}
DEV_ID: ${{ secrets.DEV_ID }}
DEV_USERNAME: ${{ secrets.NOTARIZE_USERNAME }}
DEV_PASSWORD: ${{ secrets.NOTARIZE_PASSWORD }}
run: |
# create variables
CERTIFICATE_PATH=$RUNNER_TEMP/build_certificate.p12
PP_PATH=$RUNNER_TEMP/build_pp.mobileprovision
KEYCHAIN_PATH=$RUNNER_TEMP/app-signing.keychain-db
# import certificate and provisioning profile from secrets
echo -n "$BUILD_CERTIFICATE_BASE64" | base64 --decode --output=$CERTIFICATE_PATH
# create temporary keychain
security create-keychain -p "$KEYCHAIN_PASSWORD" $KEYCHAIN_PATH
security set-keychain-settings -lut 21600 $KEYCHAIN_PATH
security unlock-keychain -p "$KEYCHAIN_PASSWORD" $KEYCHAIN_PATH
# import certificate to keychain
security import $CERTIFICATE_PATH -P "$P12_PASSWORD" -A -t cert -f pkcs12 -k $KEYCHAIN_PATH
security list-keychain -d user -s $KEYCHAIN_PATH
# Create config file needed by release.py
echo -e "[developer]\nidentity = $DEV_ID" > notabot.cfg
echo -e "username = $DEV_USERNAME" >> notabot.cfg
echo -e "password = $DEV_PASSWORD\n" >> notabot.cfg
echo -e "[app]\napp_name = SnapPy" >> notabot.cfg
echo -e "app_path = dist/SnapPy.app" >> notabot.cfg
echo -e "dmg_path = disk_images/SnapPy.dmg" >> notabot.cfg
echo -e "[entitlements]\nplist_file = entitlements.plist" >> notabot.cfg
cp notabot.cfg snappy/macOS_app
- name: Run build script
run: |
# Uses PyPI for auxiliary SnapPy packages (FXrays, Cython, etc.)
bash build_mac_app.sh --use-pypi
- uses: actions/upload-artifact@v4
with:
name: SnapPy.dmg
path: snappy/macOS_app/disk_images/SnapPy.dmg