Skip to content

Update build.yml

Update build.yml #573

Workflow file for this run

name: Specify 6 CI
on: [push]
jobs:
build:
name: Build and Package Specify 6
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
- name: Unbase64 code signing certs
run: |
echo $MAC_PKCS12 | base64 -d > packaging/expdevidapp.p12
echo $WIN_PKCS12 | base64 -d > packaging/certwithroot.pfx
env:
WIN_PKCS12: ${{ secrets.WIN_PKCS12 }}
MAC_PKCS12: ${{ secrets.MAC_PKCS12_V2 }}
- name: Set up JDK 1.8
uses: actions/setup-java@v1
with:
java-version: 1.8
- name: Compile Specify 6
run: ant -noinput -buildfile build.xml compile-nonmac
- name: Compile Specify 6 for Mac
run: ant -noinput -buildfile build.xml compile-mac
- name: Get Install4j from cache
id: cache-install4j
uses: actions/cache@v1
with:
path: install4j8.0.11
key: install4j8.0.11-cache
- name: Download Install4j
if: steps.cache-install4j.outputs.cache-hit != 'true'
run: |
wget https://download-gcdn.ej-technologies.com/install4j/install4j_unix_8_0_11.tar.gz
tar -zxvf install4j_unix_8_0_11.tar.gz
- name: Set Install4j license
run: install4j8.0.11/bin/install4jc --license=$INSTALL4J_LICENSE
env:
INSTALL4J_LICENSE: ${{ secrets.INSTALL4J8_LICENSE }}
- name: Package Specify 6
run: >
ant -noinput -buildfile build.xml -Dinstall4j.dir=./install4j8.0.11
-Dwin-keystore-password=$WIN_KEYSTORE_PASSWORD -Dmac-keystore-password=$MAC_KEYSTORE_PASSWORD
-Dwin.pkcs12=certwithroot.pfx -Dmac.pkcs12=expdevidapp.p12 -Dcode.signing=true
package-all
env:
WIN_KEYSTORE_PASSWORD: ${{ secrets.WIN_KEYSTORE_PASSWORD }}
MAC_KEYSTORE_PASSWORD: ${{ secrets.MAC_KEYSTORE_PASSWORD_V2 }}
- name: Upload Specify_windows_64.exe as artifact
uses: actions/upload-artifact@v1
with:
name: Specify_windows_64
path: packages/Specify_windows_64.exe
- name: Upload Specify_unix_64.sh as artifact
uses: actions/upload-artifact@v1
with:
name: Specify_unix_64
path: packages/Specify_unix_64.sh
- name: Upload Specify_macos.dmg as artifact
uses: actions/upload-artifact@v1
with:
name: Specify_macos
path: packages/Specify_macos.dmg
- name: Upload updates.xml as artifact
uses: actions/upload-artifact@v1
with:
name: updates.xml
path: packages/updates.xml
notarize:
name: Notarize the Specify 6 Mac package
needs: build
runs-on: macos-latest
steps:
- name: Download Specify_macos artifact
uses: actions/download-artifact@v1
with:
name: Specify_macos
- name: Inspect directory structure
run: |
echo "Current directory:"
pwd
echo "Contents of current directory:"
ls -R
echo "Searching for DMG file:"
find . -name "*.dmg"
echo "Searching for APP file:"
find . -name "*.app" -type d
- name: Extract DMG if present
run: |
DMG_FILE=$(find . -name "*.dmg")
if [ -n "$DMG_FILE" ]; then
echo "DMG file found: $DMG_FILE"
hdiutil attach "$DMG_FILE"
MOUNT_POINT=$(hdiutil info | grep -B 1 "Specify" | grep "/Volumes/" | awk '{print $1}')
echo "Mount point: $MOUNT_POINT"
cp -R "$MOUNT_POINT"/*.app ./Specify.app
hdiutil detach "$MOUNT_POINT"
else
echo "No DMG file found"
exit 1
fi
- name: Sign binaries in JAR files
run: |
# For libgluegen-rt.jnilib
GLUEGEN_JAR=$(find . -name "gluegen-rt-natives-macosx-universal.jar")
if [ -n "$GLUEGEN_JAR" ]; then
mkdir -p temp_gluegen
cd temp_gluegen
unzip "../$GLUEGEN_JAR"
if [ -f "libgluegen-rt.jnilib" ]; then
codesign --force --options runtime --sign "Developer ID Application: $APPLE_TEAM_ID" --timestamp libgluegen-rt.jnilib
zip -u "../$GLUEGEN_JAR" libgluegen-rt.jnilib
else
echo "libgluegen-rt.jnilib not found in the JAR"
fi
cd ..
rm -rf temp_gluegen
else
echo "gluegen-rt-natives-macosx-universal.jar not found"
fi
# For mac-universal.lib
SQLITE_JAR=$(find . -name "sqlitejdbc.jar")
if [ -n "$SQLITE_JAR" ]; then
mkdir -p temp_sqlitejdbc
cd temp_sqlitejdbc
unzip "../$SQLITE_JAR"
if [ -f "mac-universal.lib" ]; then
codesign --force --options runtime --sign "Developer ID Application: $APPLE_TEAM_ID" --timestamp mac-universal.lib
zip -u "../$SQLITE_JAR" mac-universal.lib
else
echo "mac-universal.lib not found in the JAR"
fi
cd ..
rm -rf temp_sqlitejdbc
else
echo "sqlitejdbc.jar not found"
fi
env:
APPLE_TEAM_ID: ${{ secrets.APPLE_TEAM_ID }}
- name: Re-sign the application
run: |
if [ -d "./Specify.app" ]; then
codesign --force --options runtime --sign "Developer ID Application: $APPLE_TEAM_ID" --timestamp "./Specify.app"
else
echo "Specify.app not found"
exit 1
fi
env:
APPLE_TEAM_ID: ${{ secrets.APPLE_TEAM_ID }}
- name: Create new DMG
run: |
if [ -d "./Specify.app" ]; then
hdiutil create -volname "Specify Installer" -srcfolder "./Specify.app" -ov -format UDZO Specify_macos_signed.dmg
else
echo "Specify.app not found"
exit 1
fi
- name: Notarize the Mac package
run: |
SUBMISSION_ID=$(xcrun notarytool submit Specify_macos_signed.dmg \
--apple-id "beach@ku.edu" \
--password "$AC_PASSWORD" \
--team-id "$APPLE_TEAM_ID" \
--output-format json | jq -r '.id')
echo "Submission ID: $SUBMISSION_ID"
xcrun notarytool wait "$SUBMISSION_ID" \
--apple-id "beach@ku.edu" \
--password "$AC_PASSWORD" \
--team-id "$APPLE_TEAM_ID"
NOTARIZATION_STATUS=$(xcrun notarytool info "$SUBMISSION_ID" \
--apple-id "beach@ku.edu" \
--password "$AC_PASSWORD" \
--team-id "$APPLE_TEAM_ID" \
--output-format json | jq -r '.status')
if [ "$NOTARIZATION_STATUS" != "Accepted" ]; then
echo "Notarization failed. Fetching logs..."
xcrun notarytool log "$SUBMISSION_ID" \
--apple-id "beach@ku.edu" \
--password "$AC_PASSWORD" \
--team-id "$APPLE_TEAM_ID"
exit 1
fi
env:
AC_PASSWORD: ${{ secrets.AC_PASSWORD }}
APPLE_TEAM_ID: ${{ secrets.APPLE_TEAM_ID }}
- name: Staple the notarization ticket to the installer
run: xcrun stapler staple Specify_macos_signed.dmg
- name: Upload the stapled Specify_macos.dmg as artifact
uses: actions/upload-artifact@v1
with:
name: Specify_macos_with_ticket
path: Specify_macos_signed.dmg
release:
name: Create a Specify 6 release
needs: [build, notarize]
if: startsWith(github.ref, 'refs/tags/')
runs-on: ubuntu-latest
steps:
- name: Download Specify_windows_64 artifact
uses: actions/download-artifact@v1
with:
name: Specify_windows_64
- name: Download Specify_unix_64 artifact
uses: actions/download-artifact@v1
with:
name: Specify_unix_64
- name: Download Specify_macos_with_ticket artifact
uses: actions/download-artifact@v1
with:
name: Specify_macos_with_ticket
- name: Download updates.xml artifact
uses: actions/download-artifact@v1
with:
name: updates.xml
- name: Create release
uses: softprops/action-gh-release@v1
with:
draft: true
prerelease: true
files: |
Specify_windows_64/*
Specify_unix_64/*
Specify_macos_with_ticket/*
updates.xml/*
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}