Fix notarization in actions #60
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Build | |
on: | |
push: | |
branches: | |
- main | |
tags: | |
- "**" | |
pull_request: | |
permissions: | |
contents: write | |
jobs: | |
build: | |
strategy: | |
fail-fast: false | |
matrix: | |
# TODO: enable other platforms once I verify the app/build works | |
# runs-on: [windows-latest, ubuntu-latest] | |
runs-on: [macos-14] | |
python-version: ["3.11"] | |
poetry-version: ["1.8.3"] | |
runs-on: ${{ matrix.runs-on }} | |
outputs: | |
app_version: ${{ steps.get-app-version.outputs.app_version }} | |
steps: | |
- name: Checkout project | |
uses: actions/checkout@v4 | |
- name: Setup Python | |
uses: actions/setup-python@v4 | |
with: | |
python-version: ${{ matrix.python-version }} | |
- name: Set up poetry | |
uses: abatilo/actions-poetry@v2 | |
with: | |
poetry-version: ${{ matrix.poetry-version }} | |
- name: Set up cache | |
uses: actions/cache@v3 | |
with: | |
path: ./.venv | |
key: venv-${{ hashFiles('poetry.lock') }} | |
- name: Install dependencies | |
run: poetry install | |
- name: Build package | |
run: poetry build | |
- name: Run tests | |
if: false # TODO: Enable once tests are set up | |
run: poetry run pytest -v | |
- name: Get app version | |
id: get-app-version | |
shell: bash | |
run: | | |
app_version=$(poetry version -s) | |
echo "app_version=$app_version" | |
echo "app_version=$app_version" >> "$GITHUB_OUTPUT" | |
- name: Set up keychain | |
if: (startsWith(github.ref, 'refs/tags/') && startsWith(${{ matrix.runs-on }}, 'macos-')) | |
run: ./scripts/setup_keychain.sh | |
env: | |
DEVELOPER_ID_INSTALLER: ${{ secrets.DEVELOPER_ID_INSTALLER }} | |
DEVELOPER_ID_APPLICATION: ${{ secrets.DEVELOPER_ID_APPLICATION }} | |
P12_PASSWORD: ${{ secrets.P12_PASSWORD }} | |
KEYCHAIN_PASSWORD: ${{ secrets.KEYCHAIN_PASSWORD }} | |
- name: Build executable | |
if: startsWith(github.ref, 'refs/tags/') | |
run: ./scripts/build_executable.sh | |
env: | |
CODESIGN_IDENTITY: ${{ secrets.CODESIGN_IDENTITY }} | |
- name: Notarize app | |
if: (startsWith(github.ref, 'refs/tags/') && startsWith(${{ matrix.runs-on }}, 'macos-')) | |
run: ./scripts/notarize_app.sh | |
env: | |
KEYCHAIN_PROFILE: ${{ secrets.KEYCHAIN_PROFILE }} | |
APPLE_ID: ${{ secrets.APPLE_ID }} | |
TEAM_ID: ${{ secrets.TEAM_ID }} | |
NOTARYTOOL_PASSWORD: ${{ secrets.NOTARYTOOL_PASSWORD }} | |
- name: Cleanup keychain | |
if: (startsWith(github.ref, 'refs/tags/') && startsWith(${{ matrix.runs-on }}, 'macos-')) | |
run: security delete-keychain $RUNNER_TEMP/notarization.keychain-db | |
- name: Prepare artifacts | |
if: startsWith(github.ref, 'refs/tags/') | |
run: | | |
poetry run python scripts/prepare_artifacts.py "${{ matrix.runs-on }}" "${{ steps.get-app-version.outputs.app_version }}" | |
- name: Upload artifacts | |
uses: actions/upload-artifact@v4 | |
if: startsWith(github.ref, 'refs/tags/') | |
with: | |
name: yt-dlp-guitk_${{ matrix.runs-on }} | |
path: artifacts/* | |
release: | |
runs-on: ubuntu-latest | |
needs: [build] | |
if: startsWith(github.ref, 'refs/tags/') | |
outputs: | |
is_prerelease: ${{ steps.check-prerelease.outputs.is_prerelease }} | |
steps: | |
- name: Download artifacts | |
id: download-artifacts | |
uses: actions/download-artifact@v4 | |
with: | |
path: artifacts/ | |
pattern: yt-dlp-guitk_* | |
merge-multiple: true | |
- name: Check prerelease | |
id: check-prerelease | |
run: | | |
if [[ ${{ needs.build.outputs.app_version }} =~ ^([0-9]+\.?)+-(alpha|beta|a|b)\.[0-9]+$ ]]; then | |
echo "is_prerelease=true" >> "$GITHUB_OUTPUT" | |
else | |
echo "is_prerelease=false" >> "$GITHUB_OUTPUT" | |
fi | |
- name: Print files | |
run: | | |
tree -L 2 | |
- name: Create release | |
uses: softprops/action-gh-release@v2 | |
with: | |
files: | | |
${{ steps.download-artifacts.outputs.download-path }}/*.zip | |
token: ${{ secrets.GITHUB_TOKEN }} | |
prerelease: ${{ steps.check-prerelease.outputs.is_prerelease }} |