fix macos notarization #2 #89
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Build/Release | |
| on: [push, workflow_dispatch] | |
| jobs: | |
| MacOS: | |
| runs-on: macos-latest | |
| steps: | |
| - name: Check out Git repository | |
| uses: actions/checkout@master | |
| - name: Install Node.js, NPM and Yarn | |
| uses: actions/setup-node@master | |
| with: | |
| node-version: 16 | |
| - name: Prepare for private keys | |
| run: | | |
| mkdir -p ~/private_keys/ | |
| - name: Prepare for app notarization | |
| # Import Apple API key for app notarization on macOS | |
| run: | | |
| echo '${{ secrets.api_key }}' > ~/private_keys/AuthKey_${{ secrets.api_key_id }}.p8 | |
| - name: Install Dependencies | |
| run: yarn | |
| - name: Build Electron app | |
| if: ${{ !startsWith(github.ref, 'refs/tags/v') }} | |
| run: yarn build | |
| env: | |
| # macOS Signing | |
| CSC_LINK: ${{ secrets.mac_certs }} | |
| CSC_KEY_PASSWORD: ${{ secrets.mac_certs_password }} | |
| # macOS notarization API key | |
| APPLE_ID: ${{ secrets.apple_id }} | |
| APPLE_ID_PASSWORD: ${{ secrets.apple_id_password }} | |
| APPLE_APP_SPECIFIC_PASSWORD: ${{ secrets.apple_id_password }} | |
| APPLE_TEAM_ID: ${{ secrets.apple_team_id }} | |
| ARCH: universal | |
| - name: Release Electron app | |
| if: ${{ startsWith(github.ref, 'refs/tags/v') }} | |
| run: yarn release | |
| env: | |
| # GitHub token, automatically provided to the action | |
| # (No need to define this secret in the repo settings) | |
| GH_TOKEN: ${{ secrets.github_token }} | |
| # macOS Signing | |
| CSC_LINK: ${{ secrets.mac_certs }} | |
| CSC_KEY_PASSWORD: ${{ secrets.mac_certs_password }} | |
| # macOS notarization API key | |
| APPLE_ID: ${{ secrets.apple_id }} | |
| APPLE_ID_PASSWORD: ${{ secrets.apple_id_password }} | |
| APPLE_APP_SPECIFIC_PASSWORD: ${{ secrets.apple_id_password }} | |
| APPLE_TEAM_ID: ${{ secrets.apple_team_id }} | |
| ARCH: universal | |
| - name: .dmg artifacts | |
| if: ${{ !startsWith(github.ref, 'refs/tags/v') }} | |
| uses: actions/upload-artifact@v3 | |
| with: | |
| name: dmg file | |
| path: | | |
| dist/*.dmg | |
| Windows: | |
| runs-on: windows-latest | |
| steps: | |
| - name: Check out Git repository | |
| uses: actions/checkout@master | |
| - name: Install Node.js, NPM and Yarn | |
| uses: actions/setup-node@master | |
| with: | |
| node-version: 16 | |
| - name: Create Windows certificate file | |
| # Import certificate from secret store | |
| run: | | |
| echo "$windows_certs" > cert.p7b | |
| shell: bash | |
| env: | |
| windows_certs: ${{ secrets.windows_certs }} | |
| - name: Download jsign | |
| run: | | |
| curl -L -o jsign.jar https://github.com/ebourg/jsign/releases/download/6.0/jsign-6.0.jar | |
| shell: bash | |
| - name: Install Dependencies | |
| run: yarn | |
| - name: Build Electron app | |
| if: ${{ !startsWith(github.ref, 'refs/tags/v') }} | |
| run: yarn build | |
| env: | |
| CERT_PATH: cert.p7b | |
| AWS_REGION: ${{ secrets.aws_region }} | |
| AWS_ACCESS_KEY: ${{ secrets.aws_access_key }} | |
| AWS_SECRET_KEY: ${{ secrets.aws_secret_key }} | |
| KMS_ARN: ${{ secrets.kms_arn }} | |
| ARCH: x64 | |
| - name: Release Electron app | |
| if: ${{ startsWith(github.ref, 'refs/tags/v') }} | |
| run: yarn release | |
| env: | |
| # GitHub token, automatically provided to the action | |
| # (No need to define this secret in the repo settings) | |
| GH_TOKEN: ${{ secrets.github_token }} | |
| CERT_PATH: cert.p7b | |
| AWS_REGION: ${{ secrets.aws_region }} | |
| AWS_ACCESS_KEY: ${{ secrets.aws_access_key }} | |
| AWS_SECRET_KEY: ${{ secrets.aws_secret_key }} | |
| KMS_ARN: ${{ secrets.kms_arn }} | |
| ARCH: x64 | |
| - name: .exe artifacts | |
| if: ${{ !startsWith(github.ref, 'refs/tags/v') }} | |
| uses: actions/upload-artifact@v3 | |
| with: | |
| name: exe file | |
| path: | | |
| dist/*.exe | |
| - name: .msi artifacts | |
| if: ${{ !startsWith(github.ref, 'refs/tags/v') }} | |
| uses: actions/upload-artifact@v3 | |
| with: | |
| name: msi file | |
| path: | | |
| dist/*.msi | |
| Linux: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Check out Git repository | |
| uses: actions/checkout@master | |
| - name: Install Node.js, NPM and Yarn | |
| uses: actions/setup-node@master | |
| with: | |
| node-version: 16 | |
| - name: Install Dependencies | |
| run: yarn | |
| - name: Build Electron app | |
| if: ${{ !startsWith(github.ref, 'refs/tags/v') }} | |
| run: yarn build | |
| env: | |
| ARCH: x64 | |
| - name: Release Electron app | |
| if: ${{ startsWith(github.ref, 'refs/tags/v') }} | |
| run: yarn release | |
| env: | |
| # GitHub token, automatically provided to the action | |
| # (No need to define this secret in the repo settings) | |
| GH_TOKEN: ${{ secrets.github_token }} | |
| ARCH: x64 | |
| - name: .deb artifacts | |
| if: ${{ !startsWith(github.ref, 'refs/tags/v') }} | |
| uses: actions/upload-artifact@v3 | |
| with: | |
| name: deb file | |
| path: | | |
| dist/*.deb | |
| - name: .rpm artifacts | |
| if: ${{ !startsWith(github.ref, 'refs/tags/v') }} | |
| uses: actions/upload-artifact@v3 | |
| with: | |
| name: rpm file | |
| path: | | |
| dist/*.rpm | |
| - name: .AppImage artifacts | |
| if: ${{ !startsWith(github.ref, 'refs/tags/v') }} | |
| uses: actions/upload-artifact@v3 | |
| with: | |
| name: AppImage file | |
| path: | | |
| dist/*.AppImage |