fix: Make both firewall states as valid ones #242

Workflow file for this run

.github/workflows/release.yml at 9b1c8a3

	name: Release

	on:
	push:
	tags:
	- "*"

	jobs:
	release:
	name: Release and Archive Native
	runs-on: macos-latest
	timeout-minutes: 30
	permissions:
	issues: write
	contents: write
	deployments: write
	steps:
	- uses: maxim-lobanov/setup-xcode@v1
	with:
	xcode-version: "latest-stable"

	- name: "Import Certificate: Development"
	env:
	DEVELOPMENT_CERTIFICATE_DATA: ${{ secrets.DEVELOPMENT_CERTIFICATE_DATA }}
	DEVELOPMENT_CERTIFICATE_PASSPHRASE: ${{ secrets.DEVELOPMENT_CERTIFICATE_PASSPHRASE }}
	KEYCHAIN_PASSWORD: ${{ secrets.KEYCHAIN_PASSWORD }}
	run: \|
	# create variables
	CERTIFICATE_PATH=$RUNNER_TEMP/dev_certificate.p12
	KEYCHAIN_PATH=$RUNNER_TEMP/app-signing.keychain-db

	# import certificate and provisioning profile from secrets
	echo -n "$DEVELOPMENT_CERTIFICATE_DATA" \| base64 --decode > $CERTIFICATE_PATH

	# create temporary keychain
	security create-keychain -p "$KEYCHAIN_PASSWORD" $KEYCHAIN_PATH \|\| true
	security set-keychain-settings -lut 21600 $KEYCHAIN_PATH
	security unlock-keychain -p "$KEYCHAIN_PASSWORD" $KEYCHAIN_PATH

	# import certificate to keychain
	security import $CERTIFICATE_PATH -P "$DEVELOPMENT_CERTIFICATE_PASSPHRASE" -A -t cert -f pkcs12 -k $KEYCHAIN_PATH
	security list-keychain -d user -s $KEYCHAIN_PATH
	- name: "Import Certificate: Release"
	env:
	RELEASE_CERTIFICATE_DATA: ${{ secrets.RELEASE_CERTIFICATE_DATA }}
	RELEASE_CERTIFICATE_PASSPHRASE: ${{ secrets.RELEASE_CERTIFICATE_PASSPHRASE }}
	KEYCHAIN_PASSWORD: ${{ secrets.KEYCHAIN_PASSWORD }}
	run: \|
	# create variables
	CERTIFICATE_PATH=$RUNNER_TEMP/dev_certificate.p12
	KEYCHAIN_PATH=$RUNNER_TEMP/app-signing.keychain-db

	# import certificate and provisioning profile from secrets
	echo -n "$RELEASE_CERTIFICATE_DATA" \| base64 --decode > $CERTIFICATE_PATH

	# create temporary keychain
	security create-keychain -p "$KEYCHAIN_PASSWORD" $KEYCHAIN_PATH \|\| true
	security set-keychain-settings -lut 21600 $KEYCHAIN_PATH
	security unlock-keychain -p "$KEYCHAIN_PASSWORD" $KEYCHAIN_PATH

	# import certificate to keychain
	security import $CERTIFICATE_PATH -P "$RELEASE_CERTIFICATE_PASSPHRASE" -A -t cert -f pkcs12 -k $KEYCHAIN_PATH
	security list-keychain -d user -s $KEYCHAIN_PATH
	- name: "Import Certificate: Developer ID Application"
	env:
	APPLICATION_CERTIFICATE_DATA: ${{ secrets.APPLICATION_CERTIFICATE_DATA }}
	APPLICATION_CERTIFICATE_PASSPHRASE: ${{ secrets.APPLICATION_CERTIFICATE_PASSPHRASE }}
	KEYCHAIN_PASSWORD: ${{ secrets.KEYCHAIN_PASSWORD }}
	run: \|
	# create variables
	CERTIFICATE_PATH=$RUNNER_TEMP/dev_certificate.p12
	KEYCHAIN_PATH=$RUNNER_TEMP/app-signing.keychain-db

	# import certificate and provisioning profile from secrets
	echo -n "$APPLICATION_CERTIFICATE_DATA" \| base64 --decode > $CERTIFICATE_PATH

	# create temporary keychain
	security create-keychain -p "$KEYCHAIN_PASSWORD" $KEYCHAIN_PATH \|\| true
	security set-keychain-settings -lut 21600 $KEYCHAIN_PATH
	security unlock-keychain -p "$KEYCHAIN_PASSWORD" $KEYCHAIN_PATH

	# import certificate to keychain
	security import $CERTIFICATE_PATH -P "$APPLICATION_CERTIFICATE_PASSPHRASE" -A -t cert -f pkcs12 -k $KEYCHAIN_PATH
	security list-keychain -d user -s $KEYCHAIN_PATH

	- name: Repository checkout
	uses: actions/checkout@v3
	- name: Expose release info to actions
	id: release
	run: echo ::set-output name=tag::${GITHUB_REF#refs/*/}
	- name: Cache mint modules
	uses: actions/cache@v3
	env:
	cache-name: cache-mint-v2
	with:
	path: ~/.mint
	key: ${{ runner.os }}-mint-${{ env.cache-name }}-${{ hashFiles('Mintfile') }}
	restore-keys: \|
	${{ runner.os }}-mint-${{ env.cache-name }}-
	- name: Install mint and packages
	run: brew install mint && mint bootstrap
	- name: Cache DerivedData
	uses: actions/cache@v3
	env:
	cache-name: release-derived-data-v1
	with:
	path: ~/Library/Developer/Xcode/DerivedData
	key: ${{ runner.os }}-${{ env.cache-name }}
	restore-keys: \|
	${{ runner.os }}-${{ env.cache-name }}-
	- name: Cache SPM modules
	uses: actions/cache@v3
	env:
	cache-name: cache-spm-v2
	with:
	path: SourcePackages
	key: ${{ runner.os }}-spm-${{ env.cache-name }}-${{ hashFiles('Pareto Security.xcodeproj/project.xcworkspace/xcshareddata/swiftpm/Package.resolved') }}
	restore-keys: \|
	${{ runner.os }}-spm-${{ env.cache-name }}-
	- name: Patch version from release
	run: \|
	sed -E -i '' 's/MARKETING_VERSION = .*;/MARKETING_VERSION = ${{ steps.release.outputs.tag }};/g' Pareto\ Security.xcodeproj/project.pbxproj
	- name: "Archive for dist"
	run: make archive-release

	- name: Compress app for storage
	run: ditto -V -c -k --keepParent Export/Pareto\ Security.app ParetoSecurity.app.zip

	- name: Upload App to Artifacts
	uses: actions/upload-artifact@v4
	with:
	name: ParetoSecurity.app
	path: ParetoSecurity.app.zip

	- name: Build dmg for release
	run: npm install --global create-dmg && make dmg

	- name: "Notarize Release Build"
	run: xcrun notarytool submit ParetoSecurity.dmg --password ${{ secrets.NOTARIZATION_PASSWORD }} --apple-id ${{ secrets.NOTARIZATION_USERNAME }} --team-id PM784W7B8X --progress --wait

	- name: Upload DMG to Artifacts
	uses: actions/upload-artifact@v4
	with:
	name: ParetoSecurity.dmg
	path: ParetoSecurity.dmg

	- name: "Staple Release DMG"
	run: for i in {1..3}; do xcrun stapler staple ParetoSecurity.dmg && break \|\| sleep 15; done

	- name: Release DMG
	uses: softprops/action-gh-release@v1
	with:
	files: ParetoSecurity.dmg
	env:
	GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

	# - name: Build pkg for release
	# run: sudo make pkg

	# - name: "Notarize Release Build pkg"
	# run: xcrun notarytool submit ParetoSecurity.pkg --password ${{ secrets.NOTARIZATION_PASSWORD }} --apple-id ${{ secrets.NOTARIZATION_USERNAME }} --team-id PM784W7B8X --progress --wait

	# - name: Upload pkg to Artifacts
	# uses: actions/upload-artifact@v2
	# with:
	# name: ParetoSecurity.pkg
	# path: ParetoSecurity.pkg

	# - name: "Staple Release pkg"
	# run: for i in {1..3}; do xcrun stapler staple ParetoSecurity.pkg && break \|\| sleep 15; done

	# - name: Release pkg
	# uses: softprops/action-gh-release@v1
	# with:
	# files: ParetoSecurity.pkg
	# env:
	# GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

	- name: Cleanup
	run: rm -f ParetoSecurity.app.zip

	- name: Compress app for release
	run: ditto -V -c -k --keepParent Export/Pareto\ Security.app ParetoSecurity.app.zip

	- name: Release app
	uses: softprops/action-gh-release@v1
	with:
	files: ParetoSecurity.app.zip
	env:
	GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

	- name: Generate checks info
	run: Export/Pareto\ Security.app/Contents/MacOS/Pareto\ Security -export > checks.json

	- name: Upload checks info
	uses: softprops/action-gh-release@v1
	with:
	files: checks.json
	env:
	GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
	- name: Publish hashes
	run: \|
	echo "## Native" >> $GITHUB_STEP_SUMMARY
	openssl md5 Export/Pareto\ Security.app/Contents/MacOS/Pareto\ Security >> $GITHUB_STEP_SUMMARY
	openssl sha1 Export/Pareto\ Security.app/Contents/MacOS/Pareto\ Security >> $GITHUB_STEP_SUMMARY
	openssl sha256 Export/Pareto\ Security.app/Contents/MacOS/Pareto\ Security >> $GITHUB_STEP_SUMMARY
	- name: Install sentry-cli
	run: brew install getsentry/tools/sentry-cli
	- name: "Upload debug symbols"
	run: make sentry-debug-upload
	env:
	SENTRY_AUTH_TOKEN: ${{ secrets.SENTRY_AUTH_TOKEN }}
	release-setapp:
	name: Release and Archive Setapp
	runs-on: macos-latest
	timeout-minutes: 30
	permissions:
	issues: write
	contents: write
	deployments: write
	steps:
	- uses: maxim-lobanov/setup-xcode@v1
	with:
	xcode-version: "latest-stable"
	- name: Install sentry-cli
	run: brew install getsentry/tools/sentry-cli
	- name: "Import Certificate: Development"
	env:
	DEVELOPMENT_CERTIFICATE_DATA: ${{ secrets.DEVELOPMENT_CERTIFICATE_DATA }}
	DEVELOPMENT_CERTIFICATE_PASSPHRASE: ${{ secrets.DEVELOPMENT_CERTIFICATE_PASSPHRASE }}
	KEYCHAIN_PASSWORD: ${{ secrets.KEYCHAIN_PASSWORD }}
	run: \|
	# create variables
	CERTIFICATE_PATH=$RUNNER_TEMP/dev_certificate.p12
	KEYCHAIN_PATH=$RUNNER_TEMP/app-signing.keychain-db

	# import certificate and provisioning profile from secrets
	echo -n "$DEVELOPMENT_CERTIFICATE_DATA" \| base64 --decode > $CERTIFICATE_PATH

	# create temporary keychain
	security create-keychain -p "$KEYCHAIN_PASSWORD" $KEYCHAIN_PATH \|\| true
	security set-keychain-settings -lut 21600 $KEYCHAIN_PATH
	security unlock-keychain -p "$KEYCHAIN_PASSWORD" $KEYCHAIN_PATH

	# import certificate to keychain
	security import $CERTIFICATE_PATH -P "$DEVELOPMENT_CERTIFICATE_PASSPHRASE" -A -t cert -f pkcs12 -k $KEYCHAIN_PATH
	security list-keychain -d user -s $KEYCHAIN_PATH
	- name: "Import Certificate: Release"
	env:
	RELEASE_CERTIFICATE_DATA: ${{ secrets.RELEASE_CERTIFICATE_DATA }}
	RELEASE_CERTIFICATE_PASSPHRASE: ${{ secrets.RELEASE_CERTIFICATE_PASSPHRASE }}
	KEYCHAIN_PASSWORD: ${{ secrets.KEYCHAIN_PASSWORD }}
	run: \|
	# create variables
	CERTIFICATE_PATH=$RUNNER_TEMP/dev_certificate.p12
	KEYCHAIN_PATH=$RUNNER_TEMP/app-signing.keychain-db

	# import certificate and provisioning profile from secrets
	echo -n "$RELEASE_CERTIFICATE_DATA" \| base64 --decode > $CERTIFICATE_PATH

	# create temporary keychain
	security create-keychain -p "$KEYCHAIN_PASSWORD" $KEYCHAIN_PATH \|\| true
	security set-keychain-settings -lut 21600 $KEYCHAIN_PATH
	security unlock-keychain -p "$KEYCHAIN_PASSWORD" $KEYCHAIN_PATH

	# import certificate to keychain
	security import $CERTIFICATE_PATH -P "$RELEASE_CERTIFICATE_PASSPHRASE" -A -t cert -f pkcs12 -k $KEYCHAIN_PATH
	security list-keychain -d user -s $KEYCHAIN_PATH
	- name: "Import Certificate: Developer ID Application"
	env:
	APPLICATION_CERTIFICATE_DATA: ${{ secrets.APPLICATION_CERTIFICATE_DATA }}
	APPLICATION_CERTIFICATE_PASSPHRASE: ${{ secrets.APPLICATION_CERTIFICATE_PASSPHRASE }}
	KEYCHAIN_PASSWORD: ${{ secrets.KEYCHAIN_PASSWORD }}
	run: \|
	# create variables
	CERTIFICATE_PATH=$RUNNER_TEMP/dev_certificate.p12
	KEYCHAIN_PATH=$RUNNER_TEMP/app-signing.keychain-db

	# import certificate and provisioning profile from secrets
	echo -n "$APPLICATION_CERTIFICATE_DATA" \| base64 --decode > $CERTIFICATE_PATH

	# create temporary keychain
	security create-keychain -p "$KEYCHAIN_PASSWORD" $KEYCHAIN_PATH \|\| true
	security set-keychain-settings -lut 21600 $KEYCHAIN_PATH
	security unlock-keychain -p "$KEYCHAIN_PASSWORD" $KEYCHAIN_PATH

	# import certificate to keychain
	security import $CERTIFICATE_PATH -P "$APPLICATION_CERTIFICATE_PASSPHRASE" -A -t cert -f pkcs12 -k $KEYCHAIN_PATH
	security list-keychain -d user -s $KEYCHAIN_PATH

	- name: Repository checkout
	uses: actions/checkout@v3
	- name: Expose release info to actions
	id: release
	run: echo ::set-output name=tag::${GITHUB_REF#refs/*/}
	- name: Cache mint modules
	uses: actions/cache@v3
	env:
	cache-name: cache-mint-v2
	with:
	path: ~/.mint
	key: ${{ runner.os }}-mint-${{ env.cache-name }}-${{ hashFiles('Mintfile') }}
	restore-keys: \|
	${{ runner.os }}-mint-${{ env.cache-name }}-
	- name: Install mint and packages
	run: brew install mint && mint bootstrap
	- name: Cache DerivedData
	uses: actions/cache@v3
	env:
	cache-name: release-derived-data-v1
	with:
	path: ~/Library/Developer/Xcode/DerivedData
	key: ${{ runner.os }}-${{ env.cache-name }}
	restore-keys: \|
	${{ runner.os }}-${{ env.cache-name }}-
	- name: Cache SPM modules
	uses: actions/cache@v3
	env:
	cache-name: cache-spm-v2
	with:
	path: SourcePackages
	key: ${{ runner.os }}-spm-${{ env.cache-name }}-${{ hashFiles('Pareto Security.xcodeproj/project.xcworkspace/xcshareddata/swiftpm/Package.resolved') }}
	restore-keys: \|
	${{ runner.os }}-spm-${{ env.cache-name }}-
	- name: Patch version from release
	run: \|
	sed -E -i '' 's/MARKETING_VERSION = .*;/MARKETING_VERSION = ${{ steps.release.outputs.tag }};/g' Pareto\ Security.xcodeproj/project.pbxproj
	- name: "Archive for dist"
	run: make archive-release-setapp

	- name: "Upload debug symbols"
	run: make sentry-debug-upload-setapp
	env:
	SENTRY_AUTH_TOKEN: ${{ secrets.SENTRY_AUTH_TOKEN }}

	- name: Compress app for notarization
	run: ditto -V -c -k --keepParent SetAppExport/Pareto\ Security.app ParetoSecurity.app.zip

	- name: "Notarize Release Build"
	run: xcrun notarytool submit ParetoSecurity.app.zip --password ${{ secrets.NOTARIZATION_PASSWORD }} --apple-id ${{ secrets.NOTARIZATION_USERNAME }} --team-id PM784W7B8X --progress --wait

	- name: "Staple Release App"
	run: for i in {1..3}; do xcrun stapler staple SetAppExport/Pareto\ Security.app && break \|\| sleep 15; done

	- name: Compress app for storage
	run: ditto -V -c -k --keepParent SetAppExport/Pareto\ Security.app ParetoSecuritySetApp.app.zip

	- name: "Attach AppIcon for SetApp"
	run: make build-release-setapp

	- name: Upload App to Artifacts
	uses: actions/upload-artifact@v4
	with:
	name: ParetoSecuritySetApp.app
	path: ParetoSecuritySetApp.app.zip

	- name: Publish hashes
	run: \|
	echo "## Setapp" >> $GITHUB_STEP_SUMMARY
	openssl md5 SetAppExport/Pareto\ Security.app/Contents/MacOS/Pareto\ Security\ SetApp >> $GITHUB_STEP_SUMMARY
	openssl sha1 SetAppExport/Pareto\ Security.app/Contents/MacOS/Pareto\ Security\ SetApp >> $GITHUB_STEP_SUMMARY
	openssl sha256 SetAppExport/Pareto\ Security.app/Contents/MacOS/Pareto\ Security\ SetApp >> $GITHUB_STEP_SUMMARY

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

fix: Make both firewall states as valid ones #242

Workflow file

fix: Make both firewall states as valid ones #242

Jobs

Run details

Workflow file for this run