mirror of
https://github.com/borgbase/vorta
synced 2024-12-22 07:43:09 +00:00
Add signing to Github Action Workflow (#912)
This commit is contained in:
parent
af2d6a9e73
commit
7dc6f83b92
4 changed files with 34 additions and 8 deletions
34
.github/workflows/build-macos.yml
vendored
34
.github/workflows/build-macos.yml
vendored
|
@ -30,11 +30,12 @@ jobs:
|
||||||
- name: Install build dependencies
|
- name: Install build dependencies
|
||||||
run: |
|
run: |
|
||||||
brew install --cask sparkle
|
brew install --cask sparkle
|
||||||
pip install -r dev.txt
|
brew install create-dmg
|
||||||
|
pip3 install -r dev.txt
|
||||||
working-directory: requirements.d
|
working-directory: requirements.d
|
||||||
- name: Install Vorta
|
- name: Install Vorta
|
||||||
run: |
|
run: |
|
||||||
pip install .
|
pip3 install .
|
||||||
- name: Package with PyInstaller
|
- name: Package with PyInstaller
|
||||||
run: |
|
run: |
|
||||||
pyinstaller --clean --noconfirm package/vorta.spec
|
pyinstaller --clean --noconfirm package/vorta.spec
|
||||||
|
@ -42,9 +43,34 @@ jobs:
|
||||||
curl -LJO https://github.com/borgbackup/borg/releases/download/${{ github.event.inputs.borg_version }}/borg-macosx64.tgz
|
curl -LJO https://github.com/borgbackup/borg/releases/download/${{ github.event.inputs.borg_version }}/borg-macosx64.tgz
|
||||||
tar xvf borg-macosx64.tgz -C dist/Vorta.app/Contents/Resources/
|
tar xvf borg-macosx64.tgz -C dist/Vorta.app/Contents/Resources/
|
||||||
cd dist && zip -rq --symlinks Vorta.zip Vorta.app
|
cd dist && zip -rq --symlinks Vorta.zip Vorta.app
|
||||||
|
|
||||||
|
- name: Codesign executable
|
||||||
|
continue-on-error: false
|
||||||
|
working-directory: dist
|
||||||
|
env:
|
||||||
|
MACOS_CERTIFICATE: ${{ secrets.MACOS_CERTIFICATE }}
|
||||||
|
MACOS_CERTIFICATE_PWD: ${{ secrets.MACOS_CERTIFICATE_PWD }}
|
||||||
|
CERTIFICATE_NAME: ${{ secrets.MACOS_CERTIFICATE_NAME }}
|
||||||
|
APPLE_ID_USER: ${{ secrets.APPLE_ID_USER }}
|
||||||
|
APPLE_ID_PASSWORD: ${{ secrets.APPLE_ID_PASSWORD }}
|
||||||
|
run: |
|
||||||
|
echo $MACOS_CERTIFICATE | base64 --decode > certificate.p12
|
||||||
|
security create-keychain -p 123 build.keychain
|
||||||
|
security default-keychain -s build.keychain
|
||||||
|
security unlock-keychain -p 123 build.keychain
|
||||||
|
security import certificate.p12 -k build.keychain -A -P $MACOS_CERTIFICATE_PWD -T /usr/bin/codesign
|
||||||
|
security set-key-partition-list -S apple-tool:,apple:,codesign: -s -k 123 build.keychain
|
||||||
|
python3 ../package/fix_app_qt_folder_names_for_codesign.py Vorta.app
|
||||||
|
sh ../package/macos-package-app.sh
|
||||||
|
|
||||||
|
# - name: Setup tmate session
|
||||||
|
# uses: mxschmitt/action-tmate@v3
|
||||||
|
# if: ${{ failure() }}
|
||||||
|
# timeout-minutes: 15
|
||||||
|
|
||||||
- name: Upload build
|
- name: Upload build
|
||||||
uses: actions/upload-artifact@v2
|
uses: actions/upload-artifact@v2
|
||||||
with:
|
with:
|
||||||
name: Vorta macOS
|
name: Vorta.dmg
|
||||||
path: dist/Vorta.zip
|
path: dist/Vorta.dmg
|
||||||
retention-days: 10
|
retention-days: 10
|
||||||
|
|
2
.github/workflows/test.yml
vendored
2
.github/workflows/test.yml
vendored
|
@ -49,7 +49,7 @@ jobs:
|
||||||
pip install -r requirements.d/dev.txt
|
pip install -r requirements.d/dev.txt
|
||||||
|
|
||||||
# - name: Setup tmate session
|
# - name: Setup tmate session
|
||||||
# uses: mxschmitt/action-tmate@v1
|
# uses: mxschmitt/action-tmate@v3
|
||||||
|
|
||||||
- name: Test with pytest (Linux)
|
- name: Test with pytest (Linux)
|
||||||
if: runner.os == 'Linux'
|
if: runner.os == 'Linux'
|
||||||
|
|
|
@ -44,8 +44,7 @@ RESULT=$(xcrun altool --notarize-app --type osx \
|
||||||
--username $APPLE_ID_USER --password $APPLE_ID_PASSWORD \
|
--username $APPLE_ID_USER --password $APPLE_ID_PASSWORD \
|
||||||
--file "$APP_BUNDLE.dmg" --output-format xml)
|
--file "$APP_BUNDLE.dmg" --output-format xml)
|
||||||
|
|
||||||
REQUEST_UUID=$(echo "$RESULT" | xpath -q -e \
|
REQUEST_UUID=$(echo "$RESULT" | xpath5.18 "//key[normalize-space(text()) = 'RequestUUID']/following-sibling::string[1]/text()" 2> /dev/null)
|
||||||
"//key[normalize-space(text()) = 'RequestUUID']/following-sibling::string[1]/text()" 2> /dev/null)
|
|
||||||
|
|
||||||
# Poll for notarization status
|
# Poll for notarization status
|
||||||
echo "Submitted notarization request $REQUEST_UUID, waiting for response..."
|
echo "Submitted notarization request $REQUEST_UUID, waiting for response..."
|
||||||
|
@ -56,7 +55,7 @@ do
|
||||||
--username "$APPLE_ID_USER" \
|
--username "$APPLE_ID_USER" \
|
||||||
--password "$APPLE_ID_PASSWORD" \
|
--password "$APPLE_ID_PASSWORD" \
|
||||||
--output-format xml)
|
--output-format xml)
|
||||||
STATUS=$(echo "$RESULT" | xpath -q -e "//key[normalize-space(text()) = 'Status']/following-sibling::string[1]/text()" 2> /dev/null)
|
STATUS=$(echo "$RESULT" | xpath5.18 "//key[normalize-space(text()) = 'Status']/following-sibling::string[1]/text()" 2> /dev/null)
|
||||||
|
|
||||||
if [ "$STATUS" = "success" ]; then
|
if [ "$STATUS" = "success" ]; then
|
||||||
echo "Notarization of $APP_BUNDLE succeeded!"
|
echo "Notarization of $APP_BUNDLE succeeded!"
|
||||||
|
|
|
@ -1,5 +1,6 @@
|
||||||
coverage
|
coverage
|
||||||
flake8
|
flake8
|
||||||
|
macholib
|
||||||
pyinstaller
|
pyinstaller
|
||||||
pylint
|
pylint
|
||||||
pytest
|
pytest
|
||||||
|
|
Loading…
Reference in a new issue