Skip to content

Pass entitlements while creating packages. #2245

Pass entitlements while creating packages.

Pass entitlements while creating packages. #2245

Workflow file for this run

name: Publish releases
on:
# Triggers the workflow on push when pushing to a version tag
push:
branches:
- jigar/macos-update-profile
tags:
- '*lantern-*'
workflow_run:
workflows: [ "go" ]
types:
- completed
workflow_dispatch:
permissions:
contents: "read"
id-token: "write"
env:
GOPRIVATE: github.com/getlantern
S3_BUCKET: lantern
jobs:
determine-platform:
runs-on: ubuntu-latest
outputs:
platform: ${{ steps.set-platform.outputs.platform }}
steps:
- name: Determine Platform
id: set-platform
run: |
echo "GITHUB_REF is: $GITHUB_REF"
if [[ "$GITHUB_REF" == refs/tags/* ]]; then
TAG=${GITHUB_REF#refs/tags/}
echo "Tag is: $TAG"
if [[ $TAG == ios-* ]]; then
echo "Platform determined: ios"
echo "platform=ios" >> "$GITHUB_OUTPUT"
elif [[ $TAG == android-* ]]; then
echo "Platform determined: android"
echo "platform=android" >> "$GITHUB_OUTPUT"
elif [[ $TAG == desktop-* ]]; then
echo "Platform determined: desktop"
echo "platform=desktop" >> "$GITHUB_OUTPUT"
else
echo "Platform determined: all (tag did not match specific platforms)"
echo "platform=all" >> "$GITHUB_OUTPUT"
fi
else
echo "Not a tag reference, defaulting to all platforms"
echo "platform=all" >> "$GITHUB_OUTPUT"
fi
set-version:
needs: determine-platform
runs-on: ubuntu-latest
outputs:
version: ${{ steps.set-version.outputs.version }}
prefix: ${{ steps.set-version.outputs.prefix }}
version_file: ${{ steps.set-version.outputs.version_file }}
steps:
- id: set-version
shell: python
run: |
import sys, os
ref = os.environ.get("GITHUB_REF","")
if "refs/tags" in ref:
tag = ref.strip()
if tag.startswith('refs/tags/android-lantern-'):
a = tag.replace('refs/tags/android-lantern-', '')
elif tag.startswith('refs/tags/ios-lantern-'):
a = tag.replace('refs/tags/ios-lantern-', '')
elif tag.startswith('refs/tags/desktop-lantern-'):
a = tag.replace('refs/tags/desktop-lantern-', '')
else:
a = tag.replace('refs/tags/lantern-', '')
parts = a.split('-', 1)
suffix = parts[1] if len(parts) > 1 else ''
beta = 'beta' in suffix
internal = 'internal' in suffix
if beta:
li = 'lantern-installer-preview'
vf = 'version-android-beta.txt'
version = parts[0]
elif internal:
li = 'lantern-installer-internal'
vf = 'version-android-internal.txt'
version = parts[0]
else:
li = 'lantern-installer'
vf = 'version-android.txt'
version = parts[0] if len(parts) > 0 else a
else:
li = 'lantern-installer-dev'
vf = 'version-android-dev.txt'
version = '9999.99.99-dev'
print('Setting version to ' + version)
print('Setting prefix to ' + li)
print('Setting version file to ' + vf)
print(f'::set-output name=version::{version}')
print(f'::set-output name=prefix::{li}')
print(f'::set-output name=version_file::{vf}')
build:
uses: ./.github/workflows/build.yml
secrets: inherit
needs: set-version
with:
macos_version: macos-14
xcode_version: latest-stable
version: ${{ needs.set-version.outputs.version }}
version_file: ${{ needs.set-version.outputs.version_file }}
prefix: ${{ needs.set-version.outputs.prefix }}
build-suffix: 64
dist-suffix: x64
installer-suffix: -x64
windows-arch: x64
push-binaries:
runs-on: ubuntu-latest
needs: [ determine-platform,set-version, build ]
env:
version: ${{ needs.set-version.outputs.version }}
prefix: ${{ needs.set-version.outputs.prefix }}
steps:
- name: Download the mac build output
uses: actions/download-artifact@v4
with:
name: macos-build
# - name: Download the linux deb build output
# uses: actions/download-artifact@v4
# with:
# name: linux-rpm-build
# - name: Download the linux rpm build output
# uses: actions/download-artifact@v4
# with:
# name: linux-deb-build
#
# - name: Download the windows64 build output
# uses: actions/download-artifact@v4
# with:
# name: windows64-installer-signed
#
# - name: Download the apk build output
# uses: actions/download-artifact@v4
# with:
# name: android-apk-build
#
# - name: Download the aab build output
# uses: actions/download-artifact@v4
# with:
# name: android-aab-build
#
# - name: Download the IPA
# uses: actions/download-artifact@v4
# with:
# name: Lantern.ipa
#
# - name: Download the Debug Symbols
# uses: actions/download-artifact@v4
# with:
# name: debug-symbols.zip
#
# - name: Download the mapping file
# uses: actions/download-artifact@v4
# with:
# name: mapping.txt
#
#
# - name: Upload Lantern to TestFlight
# uses: apple-actions/upload-testflight-build@v1
# if: (needs.set-version.outputs.prefix == 'lantern-installer-preview'|| needs.set-version.outputs.prefix == 'lantern-installer') && (needs.determine-platform.outputs.platform == 'ios' || needs.determine-platform.outputs.platform == 'all')
# with:
# app-path: Lantern.ipa
# issuer-id: ${{ secrets.APPSTORE_ISSUER_ID }}
# api-key-id: ${{ secrets.APPSTORE_API_KEY_ID }}
# api-private-key: ${{ secrets.APPSTORE_API_PRIVATE_KEY }}
#
# - name: Upload Android App bundle to Play Store (beta)
# if: needs.set-version.outputs.prefix == 'lantern-installer-preview' && (needs.determine-platform.outputs.platform == 'android' || needs.determine-platform.outputs.platform == 'all')
# uses: r0adkll/upload-google-play@v1
# with:
# serviceAccountJsonPlainText: ${{ secrets.SERVICE_ACCOUNT_JSON }}
# packageName: org.getlantern.lantern
# releaseFiles: lantern-installer.aab
# track: beta
# debugSymbols: debug-symbols.zip
# mappingFile: mapping.txt
#
# - name: Upload Android App bundle to Play Store (production)
# if: needs.set-version.outputs.prefix == 'lantern-installer' && (needs.determine-platform.outputs.platform == 'android' || needs.determine-platform.outputs.platform == 'all')
# uses: r0adkll/upload-google-play@v1
# with:
# serviceAccountJsonPlainText: ${{ secrets.SERVICE_ACCOUNT_JSON }}
# packageName: org.getlantern.lantern
# releaseFiles: lantern-installer.aab
# track: production
# debugSymbols: debug-symbols.zip
# mappingFile: mapping.txt
#
# - name: Grant private modules access
# run: git config --global url."https://${{ secrets.CI_PRIVATE_REPOS_GH_TOKEN }}:[email protected]/".insteadOf "https://github.com/"
#
# - name: Clone binaries repo
# run: git clone --depth 1 https://github.com/getlantern/lantern-binaries
#
# - name: Rename builds
# run: |
# diff lantern-installer.apk ${{ env.prefix }}.apk || mv -f lantern-installer.apk ${{ env.prefix }}.apk
# diff lantern-installer.aab ${{ env.prefix }}.aab || mv -f lantern-installer.aab ${{ env.prefix }}.aab
# mv -f lantern-installer-x64.deb ${{ env.prefix }}-64-bit.deb
# mv -f lantern-installer-x64.rpm ${{ env.prefix }}.rpm
# mv -f lantern-installer.dmg ${{ env.prefix }}.dmg
# diff lantern-installer-x64.exe ${{ env.prefix }}-64-bit.exe || mv -f lantern-installer-x64.exe ${{ env.prefix }}-64-bit.exe
# mv -f Lantern.ipa ${{ env.prefix }}.ipa
#
# - name: Prepare sha256 sums
# run: |
# shasum -a 256 ${{ env.prefix }}.apk | cut -d " " -f 1 > ${{ env.prefix }}.apk.sha256
# shasum -a 256 ${{ env.prefix }}.aab | cut -d " " -f 1 > ${{ env.prefix }}.aab.sha256
# shasum -a 256 ${{ env.prefix }}-mac.dmg | cut -d " " -f 1 > ${{ env.prefix }}-mac.dmg.sha256
# shasum -a 256 ${{ env.prefix }}-mac_arm.dmg | cut -d " " -f 1 > ${{ env.prefix }}-mac_arm.dmg.sha256
# shasum -a 256 ${{ env.prefix }}-x64.exe | cut -d " " -f 1 > ${{ env.prefix }}-x64.exe.sha256
# shasum -a 256 ${{ env.prefix }}-64-bit.deb | cut -d " " -f 1 > ${{ env.prefix }}-64-bit.deb.sha256
# shasum -a 256 ${{ env.prefix }}.ipa | cut -d " " -f 1 > ${{ env.prefix }}.ipa.sha256
# - name: Commit
# run: |
# mv lantern-installer* ./lantern-binaries/
# cd lantern-binaries
# git config user.email "[email protected]"
# git config user.name "Lantern Bot"
# git add .
# git commit -m "Lantern binaries for version ${{ env.version }}"
# git push origin main