diff --git a/.github/workflows/auth-release.yml b/.github/workflows/auth-release.yml index ad03a348b..ff9a278a4 100644 --- a/.github/workflows/auth-release.yml +++ b/.github/workflows/auth-release.yml @@ -162,14 +162,14 @@ jobs: dart pub global activate flutter_distributor make innoinstall flutter_distributor package --platform=windows --targets=exe --skip-clean - cp dist/**/ente_auth-*-windows-setup.exe artifacts/ente-${{ github.ref_name }}-installer.exe + mv dist/**/ente_auth-*-windows-setup.exe artifacts/ente-${{ github.ref_name }}-installer.exe - name: Retain Windows EXE and DLLs # Temporarily disable desktop builds if: false run: cp -r build/windows/x64/runner/Release ente-${{ github.ref_name }}-windows - - name: Code Sign for Windows + - name: Code sign Windows installer and EXE # Temporarily disable desktop builds if: false uses: dlemstra/code-sign-action@v1 @@ -180,7 +180,7 @@ jobs: auth/artifacts/ente-${{ github.ref_name }}-installer.exe auth/ente-${{ github.ref_name }}-windows/auth.exe - - name: Create a Windows ZIP + - name: Zip Windows EXE and DLLs # Temporarily disable desktop builds if: false run: tar.exe -a -c -f auth/artifacts/ente-${{ github.ref_name }}-windows.zip auth/ente-${{ github.ref_name }}-windows @@ -201,3 +201,110 @@ jobs: draft: true allowUpdates: true updateOnlyUnreleased: true + + build-macos: + runs-on: macos-13 # latest is 12 + + defaults: + run: + # Run all the "run" steps inside the auth directory + working-directory: auth + + steps: + - name: Checkout code and submodules + uses: actions/checkout@v4 + with: + submodules: recursive + + - name: Install Flutter ${{ env.FLUTTER_VERSION }} + uses: subosito/flutter-action@v2 + with: + channel: "stable" + flutter-version: ${{ env.FLUTTER_VERSION }} + cache: true + + - name: Add provisioning profiles + run: | + PROFILES_HOME="$HOME/Library/MobileDevice/Provisioning Profiles" + mkdir -p "$PROFILES_HOME" + PROFILE_PATH="$(mktemp "$PROFILES_HOME"/$(uuidgen).provisionprofile)" + echo ${CM_PROVISIONING_PROFILE} | base64 --decode > "$PROFILE_PATH" + echo "Saved provisioning profile $PROFILE_PATH" + env: + CM_PROVISIONING_PROFILE: ${{ secrets.MAC_OS_BUILD_PROVISION_PROFILE_BASE64 }} + + - name: Add certificates + run: | + # create variables + CERTIFICATE_PATH=$RUNNER_TEMP/build_certificate.p12 + + # copy certificates from base64 + echo -n "$BUILD_CERTIFICATE_BASE64" | base64 --decode -o $CERTIFICATE_PATH + + # add certificate to keychain + keychain initialize + keychain add-certificates --certificate $CERTIFICATE_PATH --certificate-password $P12_PASSWORD + + # Use profile in current project + xcode-project use-profiles --project=macos/**/*.xcodeproj + env: + BUILD_CERTIFICATE_BASE64: ${{ secrets.MAC_OS_CERTIFICATE }} + P12_PASSWORD: ${{ secrets.MAC_OS_CERTIFICATE_PASSWORD }} + + - name: Install build dependencies + run: | + pip3 install codemagic-cli-tools + python3 -m pip install setuptools + npm install -g appdmg + + - name: Create artifacts directory + run: mkdir artifacts + + - name: Build macOS DMG + # Temporarily disable desktop builds + if: false + run: | + flutter config --enable-macos-desktop + dart pub global activate flutter_distributor + flutter_distributor package --platform=macos --targets=dmg --skip-clean + mv dist/**/ente_auth-*-macos.dmg artifacts/ente-${{ github.ref_name }}.dmg + + - name: Code sign DMG + # Temporarily disable desktop builds + if: false + run: | + CERT_NAME=$(security find-identity -v -p codesigning | grep "Developer ID Application" | awk -F'"' '{print $2}' | grep -m1 "") + codesign --force --timestamp --sign "$CERT_NAME" --options runtime artifacts/ente-${{ github.ref_name }}.dmg + codesign --verify --verbose=4 artifacts/ente-${{ github.ref_name }}.dmg + + - name: Notarize and staple DMG + # Temporarily disable desktop builds + if: false + run: | + xcrun notarytool submit artifacts/ente-${{ github.ref_name }}.dmg \ + --wait \ + --apple-id $APPLE_ID \ + --password $APPLE_PASSWORD \ + --team-id $APPLE_TEAM_ID + xcrun stapler staple artifacts/ente-${{ github.ref_name }}.dmg + env: + APPLE_ID: ${{ secrets.APPLE_ID }} + APPLE_PASSWORD: ${{ secrets.APPLE_PASSWORD }} + APPLE_TEAM_ID: ${{ secrets.APPLE_TEAM_ID }} + + - name: Temporary action + # TODO: Remove me when desktop builds are enabled + if: true + run: echo test > artifacts/example.txt + + - name: Generate checksums + run: sha256sum artifacts/ente-* > artifacts/sha256sum-mac + + - name: Create a draft GitHub release + uses: ncipollo/release-action@v1 + with: + artifacts: "auth/artifacts/*" + prerelease: true + draft: true + allowUpdates: true + updateOnlyUnreleased: true