Build FontGoggles Application #119
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Build FontGoggles Application | |
on: | |
push: | |
tags: | |
- "v*" | |
workflow_dispatch: # allow manual trigger | |
jobs: | |
build: | |
runs-on: macos-latest | |
steps: | |
- name: Install Certificates | |
run: | | |
echo ${{ secrets.CERTIFICATE_P12 }} | base64 --decode > certificate.p12 | |
security import certificate.p12 -P ${{ secrets.CERTIFICATE_PASSWORD }} | |
security create-keychain -p fgKeychain fg.keychain | |
security default-keychain -s fg.keychain | |
security set-keychain-settings -l -u -t 8000 | |
security unlock-keychain -p fgKeychain fg.keychain | |
security import certificate.p12 -k fg.keychain -P ${{ secrets.CERTIFICATE_PASSWORD }} -T /usr/bin/codesign | |
security set-key-partition-list -S apple-tool:,apple:,codesign: -s -k fgKeychain fg.keychain | |
rm -fr *.p12 | |
# security find-identity -v -p codesigning | |
- name: Git checkout | |
uses: actions/checkout@v4 | |
- name: Set up Python from python.org | |
run: | | |
curl https://www.python.org/ftp/python/3.12.3/python-3.12.3-macos11.pkg --output python-installer.pkg | |
sudo installer -pkg python-installer.pkg -target / | |
# Somehow using plain "python3" gives us the runner's homebrew Python, | |
# so let's be explicit about the path: | |
ourpython=/Library/Frameworks/Python.framework/Versions/3.12/bin/python3.12 | |
ls -l $ourpython | |
$ourpython --version | |
$ourpython -c "import platform; print('platform:', platform.platform())" | |
$ourpython -c "import platform; print('macOS version:', platform.mac_ver()[0])" | |
$ourpython -m venv venv | |
source venv/bin/activate | |
python -c "print('venv')" | |
python -c "import sys; print('\n'.join(sys.path))" | |
python -c "import platform; print('platform:', platform.platform())" | |
python -c "import platform; print('macOS version:', platform.mac_ver()[0])" | |
- name: Install dependencies | |
run: | | |
source venv/bin/activate | |
python -m pip install --upgrade pip | |
python -m pip --version | |
pip install -r requirements.txt | tee pip_log.txt | |
python App/Distribute/ensure_universal_wheels.py pip_log.txt | |
pip install --force build/universal_wheels/*.whl | |
pip install -r requirements-dev.txt | |
pip install . | |
- name: Run Tests | |
run: | | |
source venv/bin/activate | |
pytest | |
- name: Build Application | |
run: | | |
source venv/bin/activate | |
python App/setup.py py2app | |
- name: Codesign and Notarize | |
run: | | |
APP_PATH="App/dist/FontGoggles.app" | |
DMG_PATH="App/dist/FontGoggles.dmg" | |
ENTITLEMENTS_PATH="App/Distribute/entitlements.xml" | |
source venv/bin/activate | |
App/Distribute/codesign_app.sh "${{ secrets.CODESIGN_NAME }}" "$APP_PATH" "$ENTITLEMENTS_PATH" | |
python App/Distribute/build_dmg.py "$APP_PATH" "$DMG_PATH" | |
codesign --sign "${{ secrets.CODESIGN_NAME }}" "$DMG_PATH" | |
echo "Run notarytool..." | |
xcrun notarytool submit \ | |
--apple-id "${{ secrets.NOTARIZE_DEVELOPER }}" \ | |
--team-id "${{ secrets.NOTARIZE_TEAM_ID }}" \ | |
--password "${{ secrets.NOTARIZE_PASSWORD }}" \ | |
--output-format json \ | |
--wait \ | |
$DMG_PATH \ | |
| python App/Distribute/print_notarize_log.py \ | |
"${{ secrets.NOTARIZE_DEVELOPER }}" \ | |
"${{ secrets.NOTARIZE_TEAM_ID }}" \ | |
"${{ secrets.NOTARIZE_PASSWORD }}" | |
xcrun stapler staple "$DMG_PATH" | |
- name: Storing macOS Artifacts | |
uses: actions/upload-artifact@v4 | |
with: | |
name: FontGoggles | |
path: App/dist/FontGoggles.dmg | |
- name: Read CHANGELOG.md | |
id: changelog | |
if: startsWith(github.event.ref, 'refs/tags') | |
env: | |
GITHUB_REF: ${{ github.ref }} | |
run: | | |
source venv/bin/activate | |
echo "changelog_contents=$(python App/Distribute/extract_changes.py)" >>$GITHUB_OUTPUT | |
- name: Create Release | |
id: create_release | |
if: startsWith(github.event.ref, 'refs/tags') | |
uses: actions/create-release@v1 | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
with: | |
tag_name: ${{ github.ref }} | |
release_name: Release ${{ github.ref }} | |
body: ${{ steps.changelog.outputs.changelog_contents }} | |
draft: true | |
prerelease: false | |
- name: Upload Release Asset | |
id: upload-release-asset | |
if: startsWith(github.event.ref, 'refs/tags') | |
uses: actions/upload-release-asset@v1 | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
with: | |
upload_url: ${{ steps.create_release.outputs.upload_url }} # This pulls from the CREATE RELEASE step above, referencing it's ID to get its outputs object, which include a `upload_url`. See this blog post for more info: https://jasonet.co/posts/new-features-of-github-actions/#passing-data-to-future-steps | |
asset_path: App/dist/FontGoggles.dmg | |
asset_name: FontGoggles.dmg | |
asset_content_type: application/octet-stream |