Skip to content

ci: build for distribution #51

ci: build for distribution

ci: build for distribution #51

Workflow file for this run

name: release
on:
# TODO: Switch to on `v*` tag push
pull_request:
permissions: {}
jobs:
build:
runs-on: ${{ github.repository_owner == 'coder' && 'depot-macos-latest' || 'macos-latest'}}
if: ${{ github.repository_owner == 'coder' }}
permissions:
# To upload assets to the release
contents: write
env:
KEYCHAIN_PATH: /tmp/app-signing.keychain-db
steps:
- name: Checkout
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
fetch-depth: 1
persist-credentials: false
- name: Switch XCode Version
uses: maxim-lobanov/setup-xcode@60606e260d2fc5762a71e64e74b2174e8ea3c8bd # v1.6.0
with:
xcode-version: "16.0.0"
- name: Setup Nix
uses: ./.github/actions/nix-devshell
# FIXME(ThomasK33): Only used for testing, shall be removed later
- name: Setup upterm session
uses: lhotari/action-upterm@v1
env:
APPLE_CERT: ${{ secrets.APPLE_DEVELOPER_ID_PKCS12_B64 }}
CERT_PASSWORD: ${{ secrets.APPLE_DEVELOPER_ID_PKCS12_PASSWORD }}
APPLE_ID: ${{ secrets.APPLE_NOTARYTOOL_USERNAME }}
APPLE_ID_PASSWORD: ${{ secrets.APPLE_NOTARYTOOL_PASSWORD }}
APP_PROF: ${{ secrets.CODER_DESKTOP_APP_PROVISIONPROFILE_B64 }}
EXT_PROF: ${{ secrets.CODER_DESKTOP_EXTENSION_PROVISIONPROFILE_B64 }}
with:
## limits ssh access and adds the ssh public key for the user which triggered the workflow
limit-access-to-actor: true
## limits ssh access and adds the ssh public keys of the listed GitHub users
limit-access-to-users: ThomasK33
- name: Install Cert & Retrieve Provisioning Profiles
env:
APPLE_CERT: ${{ secrets.APPLE_DEVELOPER_ID_PKCS12_B64 }}
CERT_PASSWORD: ${{ secrets.APPLE_DEVELOPER_ID_PKCS12_PASSWORD }}
run: |
set -euox pipefail
security create-keychain -p "" "$KEYCHAIN_PATH"
security set-keychain-settings -lut 21600 "$KEYCHAIN_PATH"
security unlock-keychain -p "" "$KEYCHAIN_PATH"
security import <(echo -n "$APPLE_CERT" | base64 -d) -P "$CERT_PASSWORD" -A -t cert -f pkcs12 -k "$KEYCHAIN_PATH"
security list-keychain -d user -s "$KEYCHAIN_PATH"
- name: Build
env:
APPLE_ID: ${{ secrets.APPLE_NOTARYTOOL_USERNAME }}
APPLE_ID_PASSWORD: ${{ secrets.APPLE_NOTARYTOOL_PASSWORD }}
APP_PROF: ${{ secrets.CODER_DESKTOP_APP_PROVISIONPROFILE_B64 }}
EXT_PROF: ${{ secrets.CODER_DESKTOP_EXTENSION_PROVISIONPROFILE_B64 }}
run: ./scripts/build.sh \
--app-prof-path <(echo -n "$APP_PROF" | base64 -d) \
--ext-prof-path <(echo -n "$EXT_PROF" | base64 -d) \
--keychain-path "$KEYCHAIN_PATH"
- name: Upload Build Artifacts
uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0
with:
name: app
path: |
./build
retention-days: 7