Update build.yml #573
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Specify 6 CI | |
on: [push] | |
jobs: | |
build: | |
name: Build and Package Specify 6 | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v2 | |
- name: Unbase64 code signing certs | |
run: | | |
echo $MAC_PKCS12 | base64 -d > packaging/expdevidapp.p12 | |
echo $WIN_PKCS12 | base64 -d > packaging/certwithroot.pfx | |
env: | |
WIN_PKCS12: ${{ secrets.WIN_PKCS12 }} | |
MAC_PKCS12: ${{ secrets.MAC_PKCS12_V2 }} | |
- name: Set up JDK 1.8 | |
uses: actions/setup-java@v1 | |
with: | |
java-version: 1.8 | |
- name: Compile Specify 6 | |
run: ant -noinput -buildfile build.xml compile-nonmac | |
- name: Compile Specify 6 for Mac | |
run: ant -noinput -buildfile build.xml compile-mac | |
- name: Get Install4j from cache | |
id: cache-install4j | |
uses: actions/cache@v1 | |
with: | |
path: install4j8.0.11 | |
key: install4j8.0.11-cache | |
- name: Download Install4j | |
if: steps.cache-install4j.outputs.cache-hit != 'true' | |
run: | | |
wget https://download-gcdn.ej-technologies.com/install4j/install4j_unix_8_0_11.tar.gz | |
tar -zxvf install4j_unix_8_0_11.tar.gz | |
- name: Set Install4j license | |
run: install4j8.0.11/bin/install4jc --license=$INSTALL4J_LICENSE | |
env: | |
INSTALL4J_LICENSE: ${{ secrets.INSTALL4J8_LICENSE }} | |
- name: Package Specify 6 | |
run: > | |
ant -noinput -buildfile build.xml -Dinstall4j.dir=./install4j8.0.11 | |
-Dwin-keystore-password=$WIN_KEYSTORE_PASSWORD -Dmac-keystore-password=$MAC_KEYSTORE_PASSWORD | |
-Dwin.pkcs12=certwithroot.pfx -Dmac.pkcs12=expdevidapp.p12 -Dcode.signing=true | |
package-all | |
env: | |
WIN_KEYSTORE_PASSWORD: ${{ secrets.WIN_KEYSTORE_PASSWORD }} | |
MAC_KEYSTORE_PASSWORD: ${{ secrets.MAC_KEYSTORE_PASSWORD_V2 }} | |
- name: Upload Specify_windows_64.exe as artifact | |
uses: actions/upload-artifact@v1 | |
with: | |
name: Specify_windows_64 | |
path: packages/Specify_windows_64.exe | |
- name: Upload Specify_unix_64.sh as artifact | |
uses: actions/upload-artifact@v1 | |
with: | |
name: Specify_unix_64 | |
path: packages/Specify_unix_64.sh | |
- name: Upload Specify_macos.dmg as artifact | |
uses: actions/upload-artifact@v1 | |
with: | |
name: Specify_macos | |
path: packages/Specify_macos.dmg | |
- name: Upload updates.xml as artifact | |
uses: actions/upload-artifact@v1 | |
with: | |
name: updates.xml | |
path: packages/updates.xml | |
notarize: | |
name: Notarize the Specify 6 Mac package | |
needs: build | |
runs-on: macos-latest | |
steps: | |
- name: Download Specify_macos artifact | |
uses: actions/download-artifact@v1 | |
with: | |
name: Specify_macos | |
- name: Inspect directory structure | |
run: | | |
echo "Current directory:" | |
pwd | |
echo "Contents of current directory:" | |
ls -R | |
echo "Searching for DMG file:" | |
find . -name "*.dmg" | |
echo "Searching for APP file:" | |
find . -name "*.app" -type d | |
- name: Extract DMG if present | |
run: | | |
DMG_FILE=$(find . -name "*.dmg") | |
if [ -n "$DMG_FILE" ]; then | |
echo "DMG file found: $DMG_FILE" | |
hdiutil attach "$DMG_FILE" | |
MOUNT_POINT=$(hdiutil info | grep -B 1 "Specify" | grep "/Volumes/" | awk '{print $1}') | |
echo "Mount point: $MOUNT_POINT" | |
cp -R "$MOUNT_POINT"/*.app ./Specify.app | |
hdiutil detach "$MOUNT_POINT" | |
else | |
echo "No DMG file found" | |
exit 1 | |
fi | |
- name: Sign binaries in JAR files | |
run: | | |
# For libgluegen-rt.jnilib | |
GLUEGEN_JAR=$(find . -name "gluegen-rt-natives-macosx-universal.jar") | |
if [ -n "$GLUEGEN_JAR" ]; then | |
mkdir -p temp_gluegen | |
cd temp_gluegen | |
unzip "../$GLUEGEN_JAR" | |
if [ -f "libgluegen-rt.jnilib" ]; then | |
codesign --force --options runtime --sign "Developer ID Application: $APPLE_TEAM_ID" --timestamp libgluegen-rt.jnilib | |
zip -u "../$GLUEGEN_JAR" libgluegen-rt.jnilib | |
else | |
echo "libgluegen-rt.jnilib not found in the JAR" | |
fi | |
cd .. | |
rm -rf temp_gluegen | |
else | |
echo "gluegen-rt-natives-macosx-universal.jar not found" | |
fi | |
# For mac-universal.lib | |
SQLITE_JAR=$(find . -name "sqlitejdbc.jar") | |
if [ -n "$SQLITE_JAR" ]; then | |
mkdir -p temp_sqlitejdbc | |
cd temp_sqlitejdbc | |
unzip "../$SQLITE_JAR" | |
if [ -f "mac-universal.lib" ]; then | |
codesign --force --options runtime --sign "Developer ID Application: $APPLE_TEAM_ID" --timestamp mac-universal.lib | |
zip -u "../$SQLITE_JAR" mac-universal.lib | |
else | |
echo "mac-universal.lib not found in the JAR" | |
fi | |
cd .. | |
rm -rf temp_sqlitejdbc | |
else | |
echo "sqlitejdbc.jar not found" | |
fi | |
env: | |
APPLE_TEAM_ID: ${{ secrets.APPLE_TEAM_ID }} | |
- name: Re-sign the application | |
run: | | |
if [ -d "./Specify.app" ]; then | |
codesign --force --options runtime --sign "Developer ID Application: $APPLE_TEAM_ID" --timestamp "./Specify.app" | |
else | |
echo "Specify.app not found" | |
exit 1 | |
fi | |
env: | |
APPLE_TEAM_ID: ${{ secrets.APPLE_TEAM_ID }} | |
- name: Create new DMG | |
run: | | |
if [ -d "./Specify.app" ]; then | |
hdiutil create -volname "Specify Installer" -srcfolder "./Specify.app" -ov -format UDZO Specify_macos_signed.dmg | |
else | |
echo "Specify.app not found" | |
exit 1 | |
fi | |
- name: Notarize the Mac package | |
run: | | |
SUBMISSION_ID=$(xcrun notarytool submit Specify_macos_signed.dmg \ | |
--apple-id "beach@ku.edu" \ | |
--password "$AC_PASSWORD" \ | |
--team-id "$APPLE_TEAM_ID" \ | |
--output-format json | jq -r '.id') | |
echo "Submission ID: $SUBMISSION_ID" | |
xcrun notarytool wait "$SUBMISSION_ID" \ | |
--apple-id "beach@ku.edu" \ | |
--password "$AC_PASSWORD" \ | |
--team-id "$APPLE_TEAM_ID" | |
NOTARIZATION_STATUS=$(xcrun notarytool info "$SUBMISSION_ID" \ | |
--apple-id "beach@ku.edu" \ | |
--password "$AC_PASSWORD" \ | |
--team-id "$APPLE_TEAM_ID" \ | |
--output-format json | jq -r '.status') | |
if [ "$NOTARIZATION_STATUS" != "Accepted" ]; then | |
echo "Notarization failed. Fetching logs..." | |
xcrun notarytool log "$SUBMISSION_ID" \ | |
--apple-id "beach@ku.edu" \ | |
--password "$AC_PASSWORD" \ | |
--team-id "$APPLE_TEAM_ID" | |
exit 1 | |
fi | |
env: | |
AC_PASSWORD: ${{ secrets.AC_PASSWORD }} | |
APPLE_TEAM_ID: ${{ secrets.APPLE_TEAM_ID }} | |
- name: Staple the notarization ticket to the installer | |
run: xcrun stapler staple Specify_macos_signed.dmg | |
- name: Upload the stapled Specify_macos.dmg as artifact | |
uses: actions/upload-artifact@v1 | |
with: | |
name: Specify_macos_with_ticket | |
path: Specify_macos_signed.dmg | |
release: | |
name: Create a Specify 6 release | |
needs: [build, notarize] | |
if: startsWith(github.ref, 'refs/tags/') | |
runs-on: ubuntu-latest | |
steps: | |
- name: Download Specify_windows_64 artifact | |
uses: actions/download-artifact@v1 | |
with: | |
name: Specify_windows_64 | |
- name: Download Specify_unix_64 artifact | |
uses: actions/download-artifact@v1 | |
with: | |
name: Specify_unix_64 | |
- name: Download Specify_macos_with_ticket artifact | |
uses: actions/download-artifact@v1 | |
with: | |
name: Specify_macos_with_ticket | |
- name: Download updates.xml artifact | |
uses: actions/download-artifact@v1 | |
with: | |
name: updates.xml | |
- name: Create release | |
uses: softprops/action-gh-release@v1 | |
with: | |
draft: true | |
prerelease: true | |
files: | | |
Specify_windows_64/* | |
Specify_unix_64/* | |
Specify_macos_with_ticket/* | |
updates.xml/* | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} |