Skip to content

Build FontGoggles Application #124

Build FontGoggles Application

Build FontGoggles Application #124

Workflow file for this run

name: Build FontGoggles Application
on:
push:
tags:
- "v*"
workflow_dispatch: # allow manual trigger
jobs:
build:
runs-on: macos-latest
steps:
- name: Install Certificates
run: |
echo ${{ secrets.CERTIFICATE_P12 }} | base64 --decode > certificate.p12
security import certificate.p12 -P ${{ secrets.CERTIFICATE_PASSWORD }}
security create-keychain -p fgKeychain fg.keychain
security default-keychain -s fg.keychain
security set-keychain-settings -l -u -t 8000
security unlock-keychain -p fgKeychain fg.keychain
security import certificate.p12 -k fg.keychain -P ${{ secrets.CERTIFICATE_PASSWORD }} -T /usr/bin/codesign
security set-key-partition-list -S apple-tool:,apple:,codesign: -s -k fgKeychain fg.keychain
rm -fr *.p12
# security find-identity -v -p codesigning
- name: Git checkout
uses: actions/checkout@v4
- name: Set up Python from python.org
run: |
curl https://www.python.org/ftp/python/3.12.3/python-3.12.3-macos11.pkg --output python-installer.pkg
sudo installer -pkg python-installer.pkg -target /
# Somehow using plain "python3" gives us the runner's homebrew Python,
# so let's be explicit about the path:
ourpython=/Library/Frameworks/Python.framework/Versions/3.12/bin/python3.12
ls -l $ourpython
$ourpython --version
$ourpython -c "import platform; print('platform:', platform.platform())"
$ourpython -c "import platform; print('macOS version:', platform.mac_ver()[0])"
$ourpython -m venv venv
source venv/bin/activate
python -c "print('venv')"
python -c "import sys; print('\n'.join(sys.path))"
python -c "import platform; print('platform:', platform.platform())"
python -c "import platform; print('macOS version:', platform.mac_ver()[0])"
- name: Install dependencies
run: |
source venv/bin/activate
python -m pip install --upgrade pip
python -m pip --version
pip install -r requirements.txt | tee pip_log.txt
python App/Distribute/ensure_universal_wheels.py pip_log.txt
pip install --force build/universal_wheels/*.whl
pip install -r requirements-dev.txt
pip install .
- name: Run Tests
run: |
source venv/bin/activate
pytest
- name: Build Application
run: |
source venv/bin/activate
python App/setup.py py2app
- name: Codesign and Notarize
run: |
APP_PATH="App/dist/FontGoggles.app"
DMG_PATH="App/dist/FontGoggles.dmg"
ENTITLEMENTS_PATH="App/Distribute/entitlements.xml"
source venv/bin/activate
App/Distribute/codesign_app.sh "${{ secrets.CODESIGN_NAME }}" "$APP_PATH" "$ENTITLEMENTS_PATH"
python App/Distribute/build_dmg.py "$APP_PATH" "$DMG_PATH"
codesign --sign "${{ secrets.CODESIGN_NAME }}" "$DMG_PATH"
echo "Run notarytool..."
xcrun notarytool submit \
--apple-id "${{ secrets.NOTARIZE_DEVELOPER }}" \
--team-id "${{ secrets.NOTARIZE_TEAM_ID }}" \
--password "${{ secrets.NOTARIZE_PASSWORD }}" \
--output-format json \
--wait \
$DMG_PATH \
| python App/Distribute/print_notarize_log.py \
"${{ secrets.NOTARIZE_DEVELOPER }}" \
"${{ secrets.NOTARIZE_TEAM_ID }}" \
"${{ secrets.NOTARIZE_PASSWORD }}"
xcrun stapler staple "$DMG_PATH"
- name: Storing macOS Artifacts
uses: actions/upload-artifact@v4
with:
name: FontGoggles
path: App/dist/FontGoggles.dmg
- name: Read CHANGELOG.md
id: changelog
if: startsWith(github.event.ref, 'refs/tags')
env:
GITHUB_REF: ${{ github.ref }}
run: |
source venv/bin/activate
echo "changelog_contents=$(python App/Distribute/extract_changes.py)" >>$GITHUB_OUTPUT
- name: Create Release
id: create_release
if: startsWith(github.event.ref, 'refs/tags')
uses: actions/create-release@v1
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
tag_name: ${{ github.ref }}
release_name: Release ${{ github.ref }}
body: ${{ steps.changelog.outputs.changelog_contents }}
draft: true
prerelease: false
- name: Upload Release Asset
id: upload-release-asset
if: startsWith(github.event.ref, 'refs/tags')
uses: actions/upload-release-asset@v1
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
upload_url: ${{ steps.create_release.outputs.upload_url }} # This pulls from the CREATE RELEASE step above, referencing it's ID to get its outputs object, which include a `upload_url`. See this blog post for more info: https://jasonet.co/posts/new-features-of-github-actions/#passing-data-to-future-steps
asset_path: App/dist/FontGoggles.dmg
asset_name: FontGoggles.dmg
asset_content_type: application/octet-stream