-
Notifications
You must be signed in to change notification settings - Fork 591
144 lines (133 loc) · 5.26 KB
/
ci_nightly.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
name: Development Builds
on:
push:
branches:
- master
jobs:
config:
runs-on: "ubuntu-latest"
permissions:
contents: none
outputs:
has-secrets: ${{ steps.check.outputs.has-secrets }}
steps:
- name: "Check for secrets"
id: check
shell: bash
run: |
if [ -n "${{ (secrets.REPO_GPG_PASSPHRASE != '' && secrets.NIGHTLY_KEYCHAIN_PASSPHRASE != '') || '' }}" ]; then
echo "has-secrets=1" >> "$GITHUB_OUTPUT"
fi
build:
needs: config
if: needs.config.outputs.has-secrets
name: Build and Sign
runs-on: macos-15
permissions:
contents: read
env:
IS_CI: 1
IS_NIGHTLY: 1
steps:
- uses: maxim-lobanov/setup-xcode@v1
with:
xcode-version: 16.1.0
- name: Checkout Hammerspoon Code
uses: actions/checkout@v4
with:
fetch-depth: 0
- name: Checkout Hammerspoon Secrets
uses: actions/checkout@v4
with:
repository: Hammerspoon/ci-secrets
path: ./ci-secrets
- name: Prepare build environment
run: ./scripts/github-ci-pre.sh
- name: Decrypt Secrets
env:
REPO_GPG_PASSPHRASE: ${{ secrets.REPO_GPG_PASSPHRASE }}
run: ./ci-secrets/crypto.sh decrypt
- name: Prepare keychain
env:
KEYCHAIN_PASSPHRASE: ${{ secrets.NIGHTLY_KEYCHAIN_PASSPHRASE }}
run: ./scripts/build.sh keychain-prep -s Release -c Release -p ./ci-secrets/Cleartext/Hammerspoon-Nightly-Certificates.p12 -o ./ci-secrets/Cleartext/token-notarization
- name: Prepare secure tokens
run: /bin/cp ./ci-secrets/Cleartext/token* ../
- name: Remove Secrets checkout
run: /bin/rm -rf ./ci-secrets
- name: Get version number
id: version
run: |
echo "NIGHTLY_VERSION=$(git describe)" >> $GITHUB_OUTPUT
echo "RELEASE_VERSION=$(git describe --abbrev=0)" >> $GITHUB_OUTPUT
- name: Build
run: ./scripts/build.sh build -s Release -c Release
- name: Generate API docs
run: ./scripts/build.sh docs
- name: Notarize
run: ./scripts/build.sh notarize
- name: Delete notarization/signing credentials
if: ${{ always() }}
run: ./scripts/build.sh keychain-post
- name: Validate signing/notarization
run: ./scripts/build.sh validate -d
- name: Archive build
run: ./scripts/build.sh archive
- name: Upload build log on failure
if: failure()
uses: actions/upload-artifact@v4
with:
name: nightly-build.log
path: build/Release-build.log
- name: Generate Release Notes
id: release_notes_generator
uses: mikepenz/release-changelog-builder-action@main
with:
configuration: ".github/workflows/release_notes_config.json"
toTag: "HEAD"
env:
GITHUB_TOKEN: "${{ secrets.GITHUB_TOKEN }}"
- name: Capture Release Notes
id: capture_release_notes
run: |
echo "${{ steps.release_notes_generator.outputs.changelog }}" >release_notes.txt
- name: Upload Release Notes
id: upload_release_notes
uses: actions/upload-artifact@v4
with:
name: Release_Notes-${{ steps.version.outputs.NIGHTLY_VERSION }}.txt
path: release_notes.txt
- name: Prepare artifacts
run: mv ../archive ./ ; find ./archive
- name: Upload artifacts App bundle
uses: actions/upload-artifact@v4
with:
name: Hammerspoon.app-${{ steps.version.outputs.NIGHTLY_VERSION }}.zip
path: archive/${{ steps.version.outputs.NIGHTLY_VERSION }}/Hammerspoon.app-${{ steps.version.outputs.NIGHTLY_VERSION }}.zip
- name: Upload artifacts Debug symbols
uses: actions/upload-artifact@v4
with:
name: dSYM-${{ steps.version.outputs.NIGHTLY_VERSION }}.zip
path: archive/${{ steps.version.outputs.NIGHTLY_VERSION }}/Hammerspoon-dSYM-${{ steps.version.outputs.NIGHTLY_VERSION }}.zip
- name: Upload artifacts HTML docs
uses: actions/upload-artifact@v4
with:
name: docs-${{ steps.version.outputs.NIGHTLY_VERSION }}.zip
path: archive/${{ steps.version.outputs.NIGHTLY_VERSION }}/docs/${{ steps.version.outputs.NIGHTLY_VERSION }}-docs.zip
- name: Upload artifacts docs json
uses: actions/upload-artifact@v4
with:
name: docs-${{ steps.version.outputs.NIGHTLY_VERSION }}.json
path: archive/${{ steps.version.outputs.NIGHTLY_VERSION }}/docs/docs.json
- name: Upload artifacts Build log
uses: actions/upload-artifact@v4
with:
name: Release-build.log
path: archive/${{ steps.version.outputs.NIGHTLY_VERSION }}/Release-build.log
- name: Send notification
if: env.CI_WEBHOOK_URL != '' && env.CI_WEBHOOK_SECRET != ''
env:
CI_WEBHOOK_URL: ${{ secrets.CI_WEBHOOK_URL }}
CI_WEBHOOK_SECRET: ${{ secrets.CI_WEBHOOK_SECRET }}
run: |
/usr/bin/curl -H "X-CI-WebHook: true" -H "Content-Type: application/json" -d '{"secret": "$CI_WEBHOOK_SECRET", "repository": "hammerspoon", "workflow": "Dev Build", "message": "New development build: ${{ steps.version.outputs.NIGHTLY_VERSION }}"}' $CI_WEBHOOK_URL