Merge pull request #29 from otrov/main #20
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Publish new release | |
on: | |
push: | |
branches: [ "main" ] | |
env: | |
PROJECT_PATH: src/SecureElementReader/SecureElementReader.csproj | |
MACOS_PATH: src/SecureElementReader/bin/Release/net6.0/osx-x64/publish | |
jobs: | |
build: | |
name: Build | |
runs-on: ${{ matrix.os }} | |
outputs: | |
semVer: ${{ steps.gitversion.outputs.semVer }} | |
gitSha: ${{ steps.gitversion.outputs.Sha }} | |
strategy: | |
matrix: | |
os: [macos-latest, windows-latest, ubuntu-latest] | |
include: | |
- os: ubuntu-latest | |
os_name: linux-x64 | |
- os: macos-latest | |
os_name: osx-x64 | |
- os: windows-latest | |
os_name: win-x64 | |
steps: | |
- uses: actions/checkout@v2 | |
with: | |
fetch-depth: 0 | |
- uses: actions/setup-dotnet@v2 | |
with: | |
dotnet-version: 6.0.x | |
- name: Install GitVersion | |
uses: gittools/actions/gitversion/setup@v0.9.13 | |
with: | |
versionSpec: '5.x' | |
- name: Determine Version | |
id: gitversion | |
uses: gittools/actions/gitversion/execute@v0.9.13 | |
with: | |
useConfigFile: true | |
configFilePath: .github/workflows/GitVersion.yml | |
- name: Linux | |
if: matrix.os == 'ubuntu-latest' | |
run: | | |
dotnet restore ${{ env.PROJECT_PATH }} | |
dotnet build ${{ env.PROJECT_PATH }} -c Release --no-restore | |
dotnet publish ${{ env.PROJECT_PATH }} -c Release -r ${{ matrix.os_name }} --self-contained -p:PublishSingleFile=true -p:AssemblyVersion=${{ steps.gitversion.outputs.semVer }} | |
- name: Windows | |
if: matrix.os == 'windows-latest' | |
run: | | |
dotnet restore ${{ env.PROJECT_PATH }} -r win-x64 | |
dotnet build ${{ env.PROJECT_PATH }} -c Release --no-restore -p:PublishSingleFile=true | |
dotnet publish ${{ env.PROJECT_PATH }} -c Release -r win-x64 --self-contained -p:PublishSingleFile=true --no-build -p:AssemblyVersion=${{ steps.gitversion.outputs.semVer }} | |
- name: Publish project for mac | |
if: matrix.os == 'macos-latest' | |
run: | | |
cd src/SecureElementReader | |
dotnet restore -r osx-x64 | |
dotnet msbuild -t:BundleApp -p:TargetFramework=net6.0 -p:RuntimeIdentifier=osx-x64 -property:Configuration=Release -p:AssemblyVersion=${{ steps.gitversion.outputs.semVer }} -p:UseAppHost=true | |
dotnet publish -c Release -p:TargetFramework=net6.0 -p:RuntimeIdentifier=osx-x64 -p:AssemblyVersion=${{ steps.gitversion.outputs.semVer }} --self-contained true | |
mkdir Assets/logo.iconset | |
cp Assets/taxcore.png Assets/logo.iconset/icon_512x512.png | |
iconutil -c icns Assets/logo.iconset | |
cp Assets/logo.icns bin/Release/net6.0/osx-x64/publish/SecureElementReader.app/Contents/Resources/logo.icns | |
rm Assets/logo.icns | |
rm -rf Assets/logo.iconset | |
- name: Setup Keychain | |
if: matrix.os == 'macos-latest' | |
run: | | |
security create-keychain -p "${{ secrets.PROD_MACOS_CI_KEYCHAIN_PWD }}" build.keychain | |
security default-keychain -s build.keychain | |
security unlock-keychain -p "${{ secrets.PROD_MACOS_CI_KEYCHAIN_PWD }}" build.keychain | |
echo "${{ secrets.PROD_MACOS_CERTIFICATE }}" | base64 --decode > certificate.p12 | |
security import certificate.p12 -k build.keychain -P "${{ secrets.PROD_MACOS_CERTIFICATE_PWD }}" -T /usr/bin/codesign | |
security set-key-partition-list -S apple-tool:,apple:,codesign: -s -k "${{ secrets.PROD_MACOS_CI_KEYCHAIN_PWD }}" build.keychain | |
xcrun notarytool store-credentials "AC_PASSWORD" --apple-id "${{ secrets.PROD_MACOS_NOTARIZATION_APPLE_ID }}" --team-id ${{ secrets.PROD_MACOS_NOTARIZATION_TEAM_ID }} --password "${{ secrets.PROD_MACOS_NOTARIZATION_PWD }}" | |
- name: Codesign app | |
if: matrix.os == 'macos-latest' | |
run: | | |
find "${{ env.MACOS_PATH }}/SecureElementReader.app/Contents/MacOS"|while read fname; do | |
if [ -f "$fname" ] | |
then | |
echo "[INFO] Signing $fname" | |
codesign --force --deep --timestamp --options=runtime --entitlements SecureElementReader.entitlements --sign "${{ secrets.PROD_MACOS_CERTIFICATE_NAME }}" "$fname" | |
fi | |
done | |
codesign --force --timestamp --options=runtime --entitlements SecureElementReader.entitlements --sign "${{ secrets.PROD_MACOS_CERTIFICATE_NAME }}" "${{ env.MACOS_PATH }}/SecureElementReader.app" | |
- name: Notarise app | |
if: matrix.os == 'macos-latest' | |
run: | | |
ditto -c -k --sequesterRsrc --keepParent "${{ env.MACOS_PATH }}/SecureElementReader.app" "${{ steps.gitversion.outputs.semVer }}.${{ matrix.os_name }}.zip" | |
xcrun notarytool submit "${{ steps.gitversion.outputs.semVer }}.${{ matrix.os_name }}.zip" --wait --keychain-profile "AC_PASSWORD" | |
xcrun stapler staple "${{ env.MACOS_PATH }}/SecureElementReader.app" | |
- name: Windows code signing | |
if: matrix.os == 'windows-latest' | |
uses: neoz-technologies/code-sign-action@v3 | |
with: | |
certificate: ${{ secrets.CERT_FOR_SIGN }} | |
password: ${{ secrets.CERT_PW }} | |
folder: 'src\SecureElementReader\bin\Release\net6.0\win-x64\publish\' | |
recursive: true | |
- name: Zip Linux releases | |
if: matrix.os == 'ubuntu-latest' | |
uses: vimtor/action-zip@v1 | |
with: | |
files: src/SecureElementReader/bin/Release/net6.0/linux-x64/publish/ | |
dest: ${{ steps.gitversion.outputs.semVer }}.${{ matrix.os_name }}.zip | |
- name: Zip Win releases | |
if: matrix.os == 'windows-latest' | |
uses: vimtor/action-zip@v1 | |
with: | |
files: src/SecureElementReader/bin/Release/net6.0/win-x64/publish/ | |
dest: ${{ steps.gitversion.outputs.semVer }}.${{ matrix.os_name }}.zip | |
- name: Upload macos artifacts | |
uses: actions/upload-artifact@v2 | |
if: matrix.os == 'macos-latest' | |
with: | |
name: ${{ steps.gitversion.outputs.semVer }}.${{ matrix.os_name }}.zip | |
path: /Users/runner/work/Secure-Element-Reader/Secure-Element-Reader/${{ steps.gitversion.outputs.semVer }}.${{ matrix.os_name }}.zip | |
- name: Upload ${{ matrix.name }} artifacts | |
uses: actions/upload-artifact@v2 | |
if: matrix.os == 'ubuntu-latest' | |
with: | |
name: ${{ steps.gitversion.outputs.semVer }}.${{ matrix.os_name }}.zip | |
path: ${{ steps.gitversion.outputs.semVer }}.${{ matrix.os_name }}.zip | |
- name: Upload ${{ matrix.name }} artifacts | |
uses: actions/upload-artifact@v2 | |
if: matrix.os == 'windows-latest' | |
with: | |
name: ${{ steps.gitversion.outputs.semVer }}.${{ matrix.os_name }}.zip | |
path: ${{ steps.gitversion.outputs.semVer }}.${{ matrix.os_name }}.zip | |
publish: | |
name: Publish | |
runs-on: ubuntu-latest | |
needs: build | |
steps: | |
- uses: actions/download-artifact@v2 | |
with: | |
name: ${{ needs.build.outputs.semVer }}.osx-x64.zip | |
- uses: actions/download-artifact@v2 | |
with: | |
name: ${{ needs.build.outputs.semVer }}.win-x64.zip | |
- uses: actions/download-artifact@v2 | |
with: | |
name: ${{ needs.build.outputs.semVer }}.linux-x64.zip | |
- name: Create Tag | |
uses: Yanjingzhu/FirstJSAction@v1.3 | |
with: | |
tag: ${{ needs.build.outputs.semVer }} | |
message: ${{ needs.build.outputs.semVer }} | |
commit: ${{ needs.build.outputs.gitSha }} | |
token: ${{ secrets.GITHUB_TOKEN }} | |
- name: Create release | |
uses: actions/create-release@v1 | |
id: create_release | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
with: | |
tag_name: ${{ needs.build.outputs.semVer }} | |
release_name: ${{ needs.build.outputs.semVer }} | |
- name: Publish release | |
uses: csexton/release-asset-action@v2 | |
with: | |
github-token: ${{ secrets.GITHUB_TOKEN }} | |
files: | | |
${{ needs.build.outputs.semVer }}.win-x64.zip | |
${{ needs.build.outputs.semVer }}.osx-x64.zip | |
${{ needs.build.outputs.semVer }}.linux-x64.zip | |
release-url: ${{ steps.create_release.outputs.upload_url }} | |
- name: Delete Build Artifact | |
uses: joutvhu/delete-artifact@v1.0.1 |