Skip to content

ref go 1.21 in go.mod for linter compatibility #16

ref go 1.21 in go.mod for linter compatibility

ref go 1.21 in go.mod for linter compatibility #16

Workflow file for this run

---
name: CI
"on":
push:
branches:
- "main"
tags:
- "v*.*.*"
pull_request:
branches:
- "main"
permissions:
contents: read
jobs:
meta:
name: Derive Build Metadata
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Derive version string
id: bin_version
run: echo "bin_version=$(./.version.sh)" >> "$GITHUB_OUTPUT"
- name: bin_version
run: "echo bin_version: ${{ steps.bin_version.outputs.bin_version }}"
- name: Check if this is a running version tag update
id: running_version_tag
run: |
if [ -z "${{ github.event.ref }}" ]; then
echo "is_running_version_tag_update=false" >> "$GITHUB_OUTPUT"
elif [[ "${{ github.event.ref }}" =~ ^refs/tags/v[0-9]+\.[0-9]+$ ]]; then
echo "is_running_version_tag_update=true" >> "$GITHUB_OUTPUT"
elif [[ "${{ github.event.ref }}" =~ ^refs/tags/v[0-9]+$ ]]; then
echo "is_running_version_tag_update=true" >> "$GITHUB_OUTPUT"
else
echo "is_running_version_tag_update=false" >> "$GITHUB_OUTPUT"
fi
- name: is_running_version_tag
run: "echo is_running_version_tag_update: ${{ steps.running_version_tag.outputs.is_running_version_tag_update }}"
outputs:
bin_name: alfred-bear-${{ steps.bin_version.outputs.bin_version }}.alfredworkflow
bin_version: ${{ steps.bin_version.outputs.bin_version }}
is_prerelease: >-
${{
steps.running_version_tag.outputs.is_running_version_tag_update != 'true' &&
startsWith(github.ref, 'refs/tags/v') &&
(contains(github.ref, '-alpha.')
|| contains(github.ref, '-beta.')
|| contains(github.ref, '-rc.'))
}}
is_release: >-
${{
steps.running_version_tag.outputs.is_running_version_tag_update != 'true' &&
startsWith(github.ref, 'refs/tags/v') &&
!(contains(github.ref, '-alpha.')
|| contains(github.ref, '-beta.')
|| contains(github.ref, '-rc.'))
}}
is_pull_request: ${{ github.event_name == 'pull_request' }}
is_running_version_tag_update: ${{ steps.running_version_tag.outputs.is_running_version_tag_update }}
lint:
name: Lint
runs-on: ubuntu-latest
permissions:
contents: write
checks: write
issues: write
pull-requests: write
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Run MegaLinter
uses: oxsecurity/megalinter@v7
env:
# See https://megalinter.io/configuration and .mega-linter.yml
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- name: Archive MegaLinter artifacts
if: ( !env.ACT && ( success() || failure() ) )
uses: actions/upload-artifact@v4
with:
name: MegaLinter artifacts
path: |
megalinter-reports
mega-linter.log
package:
name: Workflow Package
needs: [meta] # +lint
if: needs.meta.outputs.is_running_version_tag_update != 'true'
runs-on: macos-latest
steps:
- name: Checkout
uses: actions/checkout@v4
- uses: actions/setup-go@v5
with:
go-version-file: "go.mod"
check-latest: true
- run: go version
- name: Build alfred-bear binary
run: make build
- name: Sign alfred-bear binary
if: >-
needs.meta.outputs.is_release == 'true' ||
needs.meta.outputs.is_prerelease == 'true'
working-directory: out
env:
DEVID_SIGNING_CERT_BASE64: ${{ secrets.DEVID_SIGNING_CERT }}
DEVID_SIGNING_CERT_PASS: ${{ secrets.DEVID_SIGNING_CERT_PASS }}
DEVID_SIGNING_CERT_ID: 072D402E34FDAA37E45A50A75D67FF974403582F
KEYCHAIN_PASS: ${{ secrets.KEYCHAIN_PASS }}
run: |
security create-keychain -p "$KEYCHAIN_PASS" build.keychain
security default-keychain -s build.keychain
security unlock-keychain -p "$KEYCHAIN_PASS" build.keychain
echo "$DEVID_SIGNING_CERT_BASE64" | base64 --decode > certificate.p12
security import certificate.p12 -k build.keychain -P "$DEVID_SIGNING_CERT_PASS" -T /usr/bin/codesign
security set-key-partition-list -S apple-tool:,apple:,codesign: -s -k "$KEYCHAIN_PASS" build.keychain
/usr/bin/codesign --force --timestamp --options=runtime -s "$DEVID_SIGNING_CERT_ID" ./alfred-bear -v
- name: Build workflow
run: make package
- name: Upload workflow artifact
uses: actions/upload-artifact@v4
with:
name: ${{ needs.meta.outputs.bin_name }}
path: out
release:
name: GitHub (Pre)Release
needs: [meta, package]
if: >-
needs.meta.outputs.is_release == 'true' ||
needs.meta.outputs.is_prerelease == 'true'
runs-on: macos-latest
permissions:
contents: write
steps:
- name: Download workflow artifact
uses: actions/download-artifact@v3
with:
name: ${{ needs.meta.outputs.bin_name }}
path: out
- name: Create .dmg
working-directory: out
run: |
mkdir ./.dmg-src
xattr -cr ./.dmg-src
cp ${{ needs.meta.outputs.bin_name }} ./.dmg-src/
hdiutil create -srcfolder ./.dmg-src \
-fs "HFS+" \
-volname "${{ needs.meta.outputs.bin_name }}" \
./${{ needs.meta.outputs.bin_name }}.dmg
hdiutil verify ./${{ needs.meta.outputs.bin_name }}.dmg
- name: Notarize .dmg
working-directory: out
env:
NOTARIZATION_APPLE_ID: ${{ secrets.NOTARIZATION_APPLE_ID }}
NOTARIZATION_TEAM_ID: ${{ secrets.NOTARIZATION_TEAM_ID }}
NOTARIZATION_PASS: ${{ secrets.NOTARIZATION_PASS }}
run: |
xcrun notarytool store-credentials "notarytool-profile" \
--apple-id "$NOTARIZATION_APPLE_ID" \
--team-id "$NOTARIZATION_TEAM_ID" \
--password "$NOTARIZATION_PASS"
xcrun notarytool submit ./${{ needs.meta.outputs.bin_name }}.dmg --keychain-profile "notarytool-profile" --wait
xcrun stapler staple ./${{ needs.meta.outputs.bin_name }}.dmg
- name: Upload notarized .dmg artifact
uses: actions/upload-artifact@v4
with:
name: ${{ needs.meta.outputs.bin_name }}.dmg
path: out/${{ needs.meta.outputs.bin_name }}.dmg
- name: Create GitHub release
uses: softprops/action-gh-release@v1
with:
files: out/${{ needs.meta.outputs.bin_name }}.dmg
prerelease: ${{ needs.meta.outputs.is_prerelease == 'true' }}
fail_on_unmatched_files: true
generate_release_notes: true
tags:
name: Update Release Tags
needs: [meta, release]
if: needs.meta.outputs.is_release == 'true'
runs-on: ubuntu-latest
permissions:
contents: write
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Update running major/minor version tags
uses: sersoft-gmbh/running-release-tags-action@v3
with:
fail-on-non-semver-tag: true
create-release: false
update-full-release: false