Merge pull request #29 from otrov/main #20

Workflow file for this run

.github/workflows/Publish.yml at 7aee44c

	name: Publish new release

	on:
	push:
	branches: [ "main" ]

	env:
	PROJECT_PATH: src/SecureElementReader/SecureElementReader.csproj
	MACOS_PATH: src/SecureElementReader/bin/Release/net6.0/osx-x64/publish

	jobs:
	build:
	name: Build
	runs-on: ${{ matrix.os }}
	outputs:
	semVer: ${{ steps.gitversion.outputs.semVer }}
	gitSha: ${{ steps.gitversion.outputs.Sha }}
	strategy:
	matrix:
	os: [macos-latest, windows-latest, ubuntu-latest]
	include:
	- os: ubuntu-latest
	os_name: linux-x64
	- os: macos-latest
	os_name: osx-x64
	- os: windows-latest
	os_name: win-x64

	steps:
	- uses: actions/checkout@v2
	with:
	fetch-depth: 0

	- uses: actions/setup-dotnet@v2
	with:
	dotnet-version: 6.0.x

	- name: Install GitVersion
	uses: gittools/actions/gitversion/setup@v0.9.13
	with:
	versionSpec: '5.x'

	- name: Determine Version
	id: gitversion
	uses: gittools/actions/gitversion/execute@v0.9.13
	with:
	useConfigFile: true
	configFilePath: .github/workflows/GitVersion.yml

	- name: Linux
	if: matrix.os == 'ubuntu-latest'
	run: \|
	dotnet restore ${{ env.PROJECT_PATH }}
	dotnet build ${{ env.PROJECT_PATH }} -c Release --no-restore
	dotnet publish ${{ env.PROJECT_PATH }} -c Release -r ${{ matrix.os_name }} --self-contained -p:PublishSingleFile=true -p:AssemblyVersion=${{ steps.gitversion.outputs.semVer }}

	- name: Windows
	if: matrix.os == 'windows-latest'
	run: \|
	dotnet restore ${{ env.PROJECT_PATH }} -r win-x64
	dotnet build ${{ env.PROJECT_PATH }} -c Release --no-restore -p:PublishSingleFile=true
	dotnet publish ${{ env.PROJECT_PATH }} -c Release -r win-x64 --self-contained -p:PublishSingleFile=true --no-build -p:AssemblyVersion=${{ steps.gitversion.outputs.semVer }}

	- name: Publish project for mac
	if: matrix.os == 'macos-latest'
	run: \|
	cd src/SecureElementReader
	dotnet restore -r osx-x64
	dotnet msbuild -t:BundleApp -p:TargetFramework=net6.0 -p:RuntimeIdentifier=osx-x64 -property:Configuration=Release -p:AssemblyVersion=${{ steps.gitversion.outputs.semVer }} -p:UseAppHost=true
	dotnet publish -c Release -p:TargetFramework=net6.0 -p:RuntimeIdentifier=osx-x64 -p:AssemblyVersion=${{ steps.gitversion.outputs.semVer }} --self-contained true
	mkdir Assets/logo.iconset
	cp Assets/taxcore.png Assets/logo.iconset/icon_512x512.png
	iconutil -c icns Assets/logo.iconset
	cp Assets/logo.icns bin/Release/net6.0/osx-x64/publish/SecureElementReader.app/Contents/Resources/logo.icns
	rm Assets/logo.icns
	rm -rf Assets/logo.iconset

	- name: Setup Keychain
	if: matrix.os == 'macos-latest'
	run: \|

	security create-keychain -p "${{ secrets.PROD_MACOS_CI_KEYCHAIN_PWD }}" build.keychain
	security default-keychain -s build.keychain
	security unlock-keychain -p "${{ secrets.PROD_MACOS_CI_KEYCHAIN_PWD }}" build.keychain
	echo "${{ secrets.PROD_MACOS_CERTIFICATE }}" \| base64 --decode > certificate.p12
	security import certificate.p12 -k build.keychain -P "${{ secrets.PROD_MACOS_CERTIFICATE_PWD }}" -T /usr/bin/codesign
	security set-key-partition-list -S apple-tool:,apple:,codesign: -s -k "${{ secrets.PROD_MACOS_CI_KEYCHAIN_PWD }}" build.keychain
	xcrun notarytool store-credentials "AC_PASSWORD" --apple-id "${{ secrets.PROD_MACOS_NOTARIZATION_APPLE_ID }}" --team-id ${{ secrets.PROD_MACOS_NOTARIZATION_TEAM_ID }} --password "${{ secrets.PROD_MACOS_NOTARIZATION_PWD }}"

	- name: Codesign app
	if: matrix.os == 'macos-latest'
	run: \|
	find "${{ env.MACOS_PATH }}/SecureElementReader.app/Contents/MacOS"\|while read fname; do
	if [ -f "$fname" ]
	then
	echo "[INFO] Signing $fname"
	codesign --force --deep --timestamp --options=runtime --entitlements SecureElementReader.entitlements --sign "${{ secrets.PROD_MACOS_CERTIFICATE_NAME }}" "$fname"
	fi
	done
	codesign --force --timestamp --options=runtime --entitlements SecureElementReader.entitlements --sign "${{ secrets.PROD_MACOS_CERTIFICATE_NAME }}" "${{ env.MACOS_PATH }}/SecureElementReader.app"

	- name: Notarise app
	if: matrix.os == 'macos-latest'
	run: \|
	ditto -c -k --sequesterRsrc --keepParent "${{ env.MACOS_PATH }}/SecureElementReader.app" "${{ steps.gitversion.outputs.semVer }}.${{ matrix.os_name }}.zip"
	xcrun notarytool submit "${{ steps.gitversion.outputs.semVer }}.${{ matrix.os_name }}.zip" --wait --keychain-profile "AC_PASSWORD"
	xcrun stapler staple "${{ env.MACOS_PATH }}/SecureElementReader.app"

	- name: Windows code signing
	if: matrix.os == 'windows-latest'
	uses: neoz-technologies/code-sign-action@v3
	with:
	certificate: ${{ secrets.CERT_FOR_SIGN }}
	password: ${{ secrets.CERT_PW }}
	folder: 'src\SecureElementReader\bin\Release\net6.0\win-x64\publish\'
	recursive: true

	- name: Zip Linux releases
	if: matrix.os == 'ubuntu-latest'
	uses: vimtor/action-zip@v1
	with:
	files: src/SecureElementReader/bin/Release/net6.0/linux-x64/publish/
	dest: ${{ steps.gitversion.outputs.semVer }}.${{ matrix.os_name }}.zip

	- name: Zip Win releases
	if: matrix.os == 'windows-latest'
	uses: vimtor/action-zip@v1
	with:
	files: src/SecureElementReader/bin/Release/net6.0/win-x64/publish/
	dest: ${{ steps.gitversion.outputs.semVer }}.${{ matrix.os_name }}.zip

	- name: Upload macos artifacts
	uses: actions/upload-artifact@v2
	if: matrix.os == 'macos-latest'
	with:
	name: ${{ steps.gitversion.outputs.semVer }}.${{ matrix.os_name }}.zip
	path: /Users/runner/work/Secure-Element-Reader/Secure-Element-Reader/${{ steps.gitversion.outputs.semVer }}.${{ matrix.os_name }}.zip

	- name: Upload ${{ matrix.name }} artifacts
	uses: actions/upload-artifact@v2
	if: matrix.os == 'ubuntu-latest'
	with:
	name: ${{ steps.gitversion.outputs.semVer }}.${{ matrix.os_name }}.zip
	path: ${{ steps.gitversion.outputs.semVer }}.${{ matrix.os_name }}.zip

	- name: Upload ${{ matrix.name }} artifacts
	uses: actions/upload-artifact@v2
	if: matrix.os == 'windows-latest'
	with:
	name: ${{ steps.gitversion.outputs.semVer }}.${{ matrix.os_name }}.zip
	path: ${{ steps.gitversion.outputs.semVer }}.${{ matrix.os_name }}.zip

	publish:
	name: Publish
	runs-on: ubuntu-latest
	needs: build

	steps:

	- uses: actions/download-artifact@v2
	with:
	name: ${{ needs.build.outputs.semVer }}.osx-x64.zip

	- uses: actions/download-artifact@v2
	with:
	name: ${{ needs.build.outputs.semVer }}.win-x64.zip

	- uses: actions/download-artifact@v2
	with:
	name: ${{ needs.build.outputs.semVer }}.linux-x64.zip

	- name: Create Tag
	uses: Yanjingzhu/FirstJSAction@v1.3
	with:
	tag: ${{ needs.build.outputs.semVer }}
	message: ${{ needs.build.outputs.semVer }}
	commit: ${{ needs.build.outputs.gitSha }}
	token: ${{ secrets.GITHUB_TOKEN }}

	- name: Create release
	uses: actions/create-release@v1
	id: create_release
	env:
	GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
	with:
	tag_name: ${{ needs.build.outputs.semVer }}
	release_name: ${{ needs.build.outputs.semVer }}

	- name: Publish release
	uses: csexton/release-asset-action@v2
	with:
	github-token: ${{ secrets.GITHUB_TOKEN }}
	files: \|
	${{ needs.build.outputs.semVer }}.win-x64.zip
	${{ needs.build.outputs.semVer }}.osx-x64.zip
	${{ needs.build.outputs.semVer }}.linux-x64.zip
	release-url: ${{ steps.create_release.outputs.upload_url }}

	- name: Delete Build Artifact
	uses: joutvhu/delete-artifact@v1.0.1

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Merge pull request #29 from otrov/main #20

Workflow file

Merge pull request #29 from otrov/main #20

Jobs

Run details

Workflow file for this run