Test macOS signing workflow #2

Workflow file for this run

.github/workflows/release_test.yml at dce002e

	name: release (macOS signing test)

	on:
	pull_request:
	branches:
	- "**"

	permissions:
	contents: write

	jobs:
	release:
	runs-on: ubuntu-latest
	steps:
	- name: Checkout
	uses: actions/checkout@v4
	- name: Set up QEMU
	uses: docker/setup-qemu-action@49b3bc8e6bdd4a60e6116a5414239cba5943d3cf # [email protected]
	- name: Set up Docker Buildx
	uses: docker/setup-buildx-action@988b5a0280414f521da01fcc63a27aeeb4b104db # [email protected]
	- name: Version
	id: version
	run: \|
	if [[ "${{ github.event_name }}" == "pull_request" ]]; then
	echo "VERSION=pr-${{ github.event.pull_request.number }}-${{ github.run_number }}" >> "$GITHUB_OUTPUT"
	else
	echo "VERSION=${GITHUB_REF#refs/tags/}" >> "$GITHUB_OUTPUT"
	fi
	- name: Login to DockerHub
	uses: docker/login-action@f4ef78c080cd8ba55a85445d5b36e214a81df20a # [email protected]
	with:
	username: ${{ secrets.DOCKER_USER }}
	password: ${{ secrets.DOCKER_PASSWORD }}
	- name: Release
	run: \|
	make all
	bash ./build/release.sh -xe
	env:
	API_TOKEN_GITHUB: ${{ secrets.API_TOKEN_GITHUB }}
	GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
	VERSION: ${{ steps.version.outputs.VERSION }}
	- name: Upload built binaries
	uses: actions/upload-artifact@v4
	with:
	name: dist
	path: dist/
	- name: Create draft GitHub Release
	uses: softprops/action-gh-release@de2c0eb89ae2a093876385947365aca7b0e5f844 # pin@v1
	with:
	draft: true
	name: ${{ github.ref_name }}
	tag_name: ${{ github.ref_name }}
	env:
	GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

	sign_and_notarize:
	runs-on: macos-latest
	needs: release
	steps:
	- name: Checkout
	uses: actions/checkout@v4
	- name: Download built binaries
	uses: actions/download-artifact@v4
	with:
	name: dist
	path: dist
	- name: Sign CLI binaries
	run: bash ./build/sign_and_notarize.sh
	env:
	SIGNING_CERTIFICATE: ${{ secrets.SIGNING_CERTIFICATE }}
	CERTIFICATE_PASSWORD: ${{ secrets.CERTIFICATE_PASSWORD }}
	SIGNING_IDENTITY: ${{ secrets.SIGNING_IDENTITY }}
	KEYCHAIN_PASSWORD: ${{ secrets.KEYCHAIN_PASSWORD }}
	DIST_DIR: "dist"
	NOTARIZATION_APPLE_ID: ${{ secrets.NOTARIZATION_APPLE_ID }}
	NOTARIZATION_APP_PASSWORD: ${{ secrets.NOTARIZATION_APP_PASSWORD }}
	NOTARIZATION_TEAM_ID: ${{ secrets.NOTARIZATION_TEAM_ID }}
	- name: Upload signed binaries to Draft Release
	uses: softprops/action-gh-release@de2c0eb89ae2a093876385947365aca7b0e5f844 # pin@v1
	with:
	files: \|
	dist/phrase_macosx_*.zip
	dist/*.tar.gz
	fail_on_unmatched_files: true
	overwrite: true
	name: ${{ github.ref_name }}
	tag_name: ${{ github.ref_name }}
	draft: true
	env:
	GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
	# - name: Publish GitHub Release
	# uses: softprops/action-gh-release@de2c0eb89ae2a093876385947365aca7b0e5f844 # pin@v1
	# with:
	# draft: false
	# name: ${{ github.ref_name }}
	# tag_name: ${{ github.ref_name }}
	# env:
	# GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
	# brew:
	# runs-on: ubuntu-latest
	# needs: sign_and_notarize
	# steps:
	# - name: Checkout
	# uses: actions/checkout@v4
	# - name: Update Homebrew formula
	# uses: dawidd6/action-homebrew-bump-formula@75ed025ff3ad1d617862838b342b06d613a0ddf3 # v3.10.1
	# with:
	# # Required, custom GitHub access token with the 'public_repo' and 'workflow' scopes
	# token: ${{secrets.GH_ACCESS_TOKEN}}
	# # Formula name, required
	# formula: phrase-cli
	# # Optional, will be determined automatically
	# tag: ${{github.ref_name}}
	# # Optional, will be determined automatically
	# revision: ${{github.sha}}
	# # Optional, if don't want to check for already open PRs
	# force: false

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Test macOS signing workflow #2

Workflow file

Test macOS signing workflow #2

Uh oh!

Workflow file for this run