Skip to content

Adapt to changed xcode build settings output when signing dev builds #402

Adapt to changed xcode build settings output when signing dev builds

Adapt to changed xcode build settings output when signing dev builds #402

Workflow file for this run

name: Development Builds
on:
push:
branches:
- master
jobs:
config:
runs-on: "ubuntu-latest"
permissions:
contents: none
outputs:
has-secrets: ${{ steps.check.outputs.has-secrets }}
steps:
- name: "Check for secrets"
id: check
shell: bash
run: |
if [ -n "${{ (secrets.REPO_GPG_PASSPHRASE != '' && secrets.NIGHTLY_KEYCHAIN_PASSPHRASE != '') || '' }}" ]; then
echo "has-secrets=1" >> "$GITHUB_OUTPUT"
fi
build:
needs: config
if: needs.config.outputs.has-secrets
name: Build and Sign
runs-on: macos-15
permissions:
contents: read
env:
IS_CI: 1
IS_NIGHTLY: 1
steps:
- uses: maxim-lobanov/setup-xcode@v1
with:
xcode-version: 16.1.0
- name: Checkout Hammerspoon Code
uses: actions/checkout@v4
with:
fetch-depth: 0
- name: Checkout Hammerspoon Secrets
uses: actions/checkout@v4
with:
repository: Hammerspoon/ci-secrets
path: ./ci-secrets
- name: Prepare build environment
run: ./scripts/github-ci-pre.sh
- name: Decrypt Secrets
env:
REPO_GPG_PASSPHRASE: ${{ secrets.REPO_GPG_PASSPHRASE }}
run: ./ci-secrets/crypto.sh decrypt
- name: Prepare keychain
env:
KEYCHAIN_PASSPHRASE: ${{ secrets.NIGHTLY_KEYCHAIN_PASSPHRASE }}
run: ./scripts/build.sh keychain-prep -s Release -c Release -p ./ci-secrets/Cleartext/Hammerspoon-Nightly-Certificates.p12 -o ./ci-secrets/Cleartext/token-notarization
- name: Prepare secure tokens
run: /bin/cp ./ci-secrets/Cleartext/token* ../
- name: Remove Secrets checkout
run: /bin/rm -rf ./ci-secrets
- name: Get version number
id: version
run: |
echo "NIGHTLY_VERSION=$(git describe)" >> $GITHUB_OUTPUT
echo "RELEASE_VERSION=$(git describe --abbrev=0)" >> $GITHUB_OUTPUT
- name: Build
run: ./scripts/build.sh build -s Release -c Release
- name: Generate API docs
run: ./scripts/build.sh docs
- name: Notarize
run: ./scripts/build.sh notarize
- name: Delete notarization/signing credentials
if: ${{ always() }}
run: ./scripts/build.sh keychain-post
- name: Validate signing/notarization
run: ./scripts/build.sh validate -d
- name: Archive build
run: ./scripts/build.sh archive
- name: Upload build log on failure
if: failure()
uses: actions/upload-artifact@v4
with:
name: nightly-build.log
path: build/Release-build.log
- name: Generate Release Notes
id: release_notes_generator
uses: mikepenz/release-changelog-builder-action@main
with:
configuration: ".github/workflows/release_notes_config.json"
toTag: "HEAD"
env:
GITHUB_TOKEN: "${{ secrets.GITHUB_TOKEN }}"
- name: Capture Release Notes
id: capture_release_notes
run: |
echo "${{ steps.release_notes_generator.outputs.changelog }}" >release_notes.txt
- name: Upload Release Notes
id: upload_release_notes
uses: actions/upload-artifact@v4
with:
name: Release_Notes-${{ steps.version.outputs.NIGHTLY_VERSION }}.txt
path: release_notes.txt
- name: Prepare artifacts
run: mv ../archive ./ ; find ./archive
- name: Upload artifacts App bundle
uses: actions/upload-artifact@v4
with:
name: Hammerspoon.app-${{ steps.version.outputs.NIGHTLY_VERSION }}.zip
path: archive/${{ steps.version.outputs.NIGHTLY_VERSION }}/Hammerspoon.app-${{ steps.version.outputs.NIGHTLY_VERSION }}.zip
- name: Upload artifacts Debug symbols
uses: actions/upload-artifact@v4
with:
name: dSYM-${{ steps.version.outputs.NIGHTLY_VERSION }}.zip
path: archive/${{ steps.version.outputs.NIGHTLY_VERSION }}/Hammerspoon-dSYM-${{ steps.version.outputs.NIGHTLY_VERSION }}.zip
- name: Upload artifacts HTML docs
uses: actions/upload-artifact@v4
with:
name: docs-${{ steps.version.outputs.NIGHTLY_VERSION }}.zip
path: archive/${{ steps.version.outputs.NIGHTLY_VERSION }}/docs/${{ steps.version.outputs.NIGHTLY_VERSION }}-docs.zip
- name: Upload artifacts docs json
uses: actions/upload-artifact@v4
with:
name: docs-${{ steps.version.outputs.NIGHTLY_VERSION }}.json
path: archive/${{ steps.version.outputs.NIGHTLY_VERSION }}/docs/docs.json
- name: Upload artifacts Build log
uses: actions/upload-artifact@v4
with:
name: Release-build.log
path: archive/${{ steps.version.outputs.NIGHTLY_VERSION }}/Release-build.log
- name: Send notification
if: env.CI_WEBHOOK_URL != '' && env.CI_WEBHOOK_SECRET != ''
env:
CI_WEBHOOK_URL: ${{ secrets.CI_WEBHOOK_URL }}
CI_WEBHOOK_SECRET: ${{ secrets.CI_WEBHOOK_SECRET }}
run: |
/usr/bin/curl -H "X-CI-WebHook: true" -H "Content-Type: application/json" -d '{"secret": "$CI_WEBHOOK_SECRET", "repository": "hammerspoon", "workflow": "Dev Build", "message": "New development build: ${{ steps.version.outputs.NIGHTLY_VERSION }}"}' $CI_WEBHOOK_URL