name: Build Squirrel on: [push, pull_request] env: DOTNET_VERSION: '6.0.202' jobs: build-windows: name: Build Windows runs-on: windows-latest steps: - uses: actions/checkout@v2 with: fetch-depth: 0 - name: Setup .NET uses: actions/setup-dotnet@v1 with: dotnet-version: ${{ env.DOTNET_VERSION }} # - name: Install NGBV # run: dotnet tool install --tool-path . nbgv - name: Build shell: pwsh run: .\build.ps1 # - name: Create NuGet Package # shell: pwsh # run: .\pack.ps1 # - name: Test # run: dotnet test test\Squirrel.Tests.csproj -l "console;verbosity=detailed" # - name: "Upload Tools" # uses: actions/upload-artifact@v3 # with: # path: .\build\SquirrelTools*.zip # if-no-files-found: error # https://stackoverflow.com/questions/63817052/github-actions-run-step-only-for-certain-pull-request-base-branches # - name: "Upload NuGet Package" # uses: actions/upload-artifact@v3 # with: # path: .\build\Clowd.Squirrel*.nupkg # if-no-files-found: error # - name: Publish to GitHub Packages # if: ${{ github.ref == 'ref/head/develop' }} # run: dotnet nuget push .\build\Clowd.Squirrel*.nupkg - name: Upload Windows Artifacts uses: actions/upload-artifact@v3 with: name: windows-build path: .\build\* - name: Bundle Tools shell: pwsh run: .\vendor\7zip\7z.exe a squirrel-win-x64.zip -tzip -aoa -y -mmt "$env:GITHUB_WORKSPACE\build\publish\*" - name: Upload Tools uses: actions/upload-artifact@v3 with: name: tools path: squirrel-win-x64.zip build-macos: name: Build OSX runs-on: macos-latest steps: - uses: actions/checkout@v2 with: fetch-depth: 0 - name: Setup .NET uses: actions/setup-dotnet@v1 with: dotnet-version: ${{ env.DOTNET_VERSION }} - name: Build SquirrelMac run: dotnet publish -v minimal --self-contained -c Release -r osx.10.12-x64 ./src/Squirrel.CommandLine.OSX/Squirrel.CommandLine.OSX.csproj -o ./publish - name: Build UpdateMac run: dotnet publish -v minimal --self-contained -c Release -r osx.10.12-x64 ./src/Update.OSX/Update.OSX.csproj -o ./publish - name: Upload MacOS Artifacts uses: actions/upload-artifact@v3 with: name: osx-build path: ./publish/* package-macos: name: Package OSX runs-on: macos-latest needs: [build-macos] steps: - uses: actions/checkout@v2 - name: Download MacOS Artifacts uses: actions/download-artifact@v3 with: name: osx-build path: ./osx-build - name: Install Apple Certificate env: BUILD_CERTIFICATE_BASE64: ${{ secrets.APPLE_BUILD_CERTIFICATE_BASE64 }} P12_PASSWORD: ${{ secrets.APPLE_BUILD_CERTIFICATE_PASSWORD }} KEYCHAIN_PASSWORD: ${{ secrets.KEYCHAIN_PASSWORD }} run: | # write certificate to file CERTIFICATE_PATH=$RUNNER_TEMP/build_certificate.p12 echo -n "$BUILD_CERTIFICATE_BASE64" | base64 --decode --output $CERTIFICATE_PATH # create temporary keychain KEYCHAIN_PATH=$RUNNER_TEMP/app-signing.keychain-db security create-keychain -p "$KEYCHAIN_PASSWORD" $KEYCHAIN_PATH security set-keychain-settings -lut 21600 $KEYCHAIN_PATH security unlock-keychain -p "$KEYCHAIN_PASSWORD" $KEYCHAIN_PATH # import certificate to keychain security import $CERTIFICATE_PATH -P "$P12_PASSWORD" -A -t cert -f pkcs12 -k $KEYCHAIN_PATH security list-keychain -d user -s $KEYCHAIN_PATH - name: Install mitchellh/gon run: brew install mitchellh/gon/gon - name: Bundle, Sign, and Notarize env: AC_USERNAME: ${{ secrets.NOTARIZATION_USERNAME }} AC_PASSWORD: ${{ secrets.NOTARIZATION_PASSWORD }} run: gon ./gon.config.json - name: Clean up KeyChain if: ${{ always() }} run: security delete-keychain $RUNNER_TEMP/app-signing.keychain-db - name: Upload Tools uses: actions/upload-artifact@v3 with: name: tools path: squirrel-osx-x64.zip # https://docs.github.com/en/actions/deployment/deploying-xcode-applications/installing-an-apple-certificate-on-macos-runners-for-xcode-development deploy: name: "Deploy" needs: [build-windows, package-macos] runs-on: ubuntu-latest env: NUGET_AUTH_TOKEN: ${{secrets.GITHUB_TOKEN}} steps: - uses: actions/checkout@v2 with: fetch-depth: 0 - name: Setup .NET uses: actions/setup-dotnet@v1 with: dotnet-version: ${{ env.DOTNET_VERSION }} source-url: https://nuget.pkg.github.com/${{ github.repository_owner }}/index.json - name: Install NGBV run: dotnet tool install --tool-path . nbgv - name: Install NuGet run: sudo apt install nuget - name: Download Windows Artifacts uses: actions/download-artifact@v3 with: name: windows-build path: ./build - name: Download Tools uses: actions/download-artifact@v3 with: name: tools - name: Decompress OSX run: | unzip ./squirrel-osx-x64.zip -d ./build/publish mv ./build/publish/7zz ./build/publish/bin/ - name: Create NuGet Package run: | export NUGET_VERSION=$(nbgv get-version -f json | python3 -c "import sys, json; print(json.load(sys.stdin)['NuGetPackageVersion'])") echo $NUGET_VERSION nuget pack ./src/Clowd.Squirrel.nuspec -BasePath ./src -OutputDirectory . -Version $NUGET_VERSION - name: Upload NuGet Package uses: actions/upload-artifact@v3 with: name: tools path: '*.nupkg' - name: Publish Dev NuGet Package if: ${{ github.ref == 'refs/heads/master' || github.ref == 'refs/heads/develop' || github.ref == 'refs/heads/cs/xplat' }} run: | dotnet nuget push *.nupkg --skip-duplicate # - name: Upload Artifacts # uses: actions/upload-artifact@v3 # with: # name: tools # path: ./SquirrelTools.* # - name: CodeSign Binaries # run: | # codesign --force --timestamp --options=runtime --keychain $KEYCHAIN_PATH --entitlements ./Squirrel.entitlements --sign "Developer ID Application: Caelan Sayler" ./osx-tools/SquirrelMac # codesign --force --timestamp --options=runtime --keychain $KEYCHAIN_PATH --entitlements ./Squirrel.entitlements --sign "Developer ID Application: Caelan Sayler" ./osx-tools/UpdateMac # - name: Bundle Tools # run: | # zip SquirrelTools.zip ./osx-tools/* # zip SquirrelTools.zip ./windows-tools/*