-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathaction.yml
107 lines (95 loc) · 3.74 KB
/
action.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
name: 'Preternatural Archive & Notarize Action'
description: 'Archive & notarize a MacOS application using Preternatural CLI'
inputs:
xcode-version:
description: 'Xcode version to use'
required: true
default: '16.2'
notarization_username:
description: 'App Store Connect Username for notarization'
required: true
notarization_password:
description: 'App Store Connect Password for notarization'
required: true
notarization_team_id:
description: 'App Store Connect Team ID for notarization'
required: false
build_certificate_base64:
description: 'Base64-encoded Apple certificate'
required: true
p12_password:
description: 'Password for the P12 certificate'
required: true
fuck-swift-syntax:
description: 'Enable the --fuck-swift-syntax flag for the archive command'
required: false
default: true
type: boolean
runs:
using: 'composite'
steps:
- name: Setup Xcode
uses: maxim-lobanov/setup-xcode@v1
with:
xcode-version: ${{ inputs.xcode-version }}
- name: Install Preternatural
if: ${{ !env.ACT }} # Skipping when run locally.
shell: bash
run: |
brew tap PreternaturalAI/preternatural
brew install preternatural
- name: Install the Apple certificate and provisioning profile
if: ${{ !env.ACT }} # Skipping when run locally.
shell: bash
env:
BUILD_CERTIFICATE_BASE64: ${{ inputs.build_certificate_base64 }}
P12_PASSWORD: ${{ inputs.p12_password }}
run: |
# Generate a random keychain password
KEYCHAIN_PASSWORD=$(openssl rand -base64 15)
# Create variables
CERTIFICATE_PATH=$RUNNER_TEMP/build_certificate.p12
KEYCHAIN_PATH=$RUNNER_TEMP/app-signing.keychain-db
# Import certificate from inputs
echo -n "$BUILD_CERTIFICATE_BASE64" | base64 --decode -o $CERTIFICATE_PATH
# Create temporary keychain
security create-keychain -p "$KEYCHAIN_PASSWORD" $KEYCHAIN_PATH
security set-keychain-settings -lut 21600 $KEYCHAIN_PATH
security unlock-keychain -p "$KEYCHAIN_PASSWORD" $KEYCHAIN_PATH
# Import certificate to keychain
security import $CERTIFICATE_PATH -P "$P12_PASSWORD" -A -t cert -f pkcs12 -k $KEYCHAIN_PATH
security set-key-partition-list -S apple-tool:,apple: -k "$KEYCHAIN_PASSWORD" $KEYCHAIN_PATH
security list-keychain -d user -s $KEYCHAIN_PATH
- name: Run preternatural archive command
shell: bash
env:
NOTARIZATION_APP_STORE_CONNECT_USERNAME: ${{ inputs.notarization_username }}
NOTARIZATION_APP_STORE_CONNECT_PASSWORD: ${{ inputs.notarization_password }}
run: |
# Construct the command as a string
PRETERNATURAL_CMD="script -q /dev/null preternatural archive"
if [ -n "${{ inputs.notarization_team_id }}" ]; then
PRETERNATURAL_CMD="$PRETERNATURAL_CMD --team-id "${{ inputs.notarization_team_id }}"
fi
if [ "${{ inputs.fuck-swift-syntax }}" == "true" ]; then
PRETERNATURAL_CMD="$PRETERNATURAL_CMD --fuck-swift-syntax"
fi
echo "Running preternatural archive command:"
echo "${PRETERNATURAL_CMD}"
eval ${PRETERNATURAL_CMD} 2>&1
- name: Find archive file
shell: bash
run: |
ARCHIVE_FILE=$(find . -name "*Notarized*.zip" -print -quit)
if [ -z "$ARCHIVE_FILE" ]; then
echo "Error: No notarized ZIP file found"
exit 1
fi
echo "ARCHIVE_FILE=$ARCHIVE_FILE" >> $GITHUB_ENV
echo "Found archive file: $ARCHIVE_FILE"
- name: Upload archive as artifact
uses: actions/upload-artifact@v4
with:
name: notarized-app
path: ${{ env.ARCHIVE_FILE }}
if-no-files-found: error