Skip to content
Release

⚑ optimize release build size #29

Sign in to view logs

⚑ optimize release build size

⚑ optimize release build size #29

Workflow file for this run

.github/workflows/release.yml at 8b76edc
name: Release
on:
push:
tags:
- 'v[0-9]+.[0-9]+.[0-9]+'
- 'v[0-9]+.[0-9]+.[0-9]+-beta'
- 'v[0-9]+.[0-9]+.[0-9]+-alpha'
jobs:
release:
name: Xcode Build (Release)
runs-on: macos-13
steps:
- name: Select Xcode Version
run: sudo xcrun xcode-select -s /Applications/Xcode_14.3.app
- name: Set Environment Variables
run: |
APP_NAME="BeezyLight"
echo "APP_NAME=${APP_NAME}" >> $GITHUB_ENV
echo "XCARCHIVE_PATH=${PWD}/${APP_NAME}.xcarchive" >> $GITHUB_ENV
echo "APP_PATH=${PWD}/${APP_NAME}.xcarchive/Products/Applications/${APP_NAME}.app" >> $GITHUB_ENV
echo "ZIP_PATH=${RUNNER_TEMP}/${APP_NAME}.zip" >> $GITHUB_ENV
echo "BUILD_CERTIFICATE_PATH=${RUNNER_TEMP}/build_certificate.p12" >> $GITHUB_ENV
echo "NOTARIZATION_KEY_PATH=${RUNNER_TEMP}/notarization_key.p8" >> $GITHUB_ENV
echo "KEYCHAIN_PATH=${RUNNER_TEMP}/app-signing.keychain-db" >> $GITHUB_ENV
- name: Checkout repository
uses: actions/checkout@v3
- name: Generate Release Config
run: './Scripts/generate-release-config "${{ secrets.PRODUCT_BUNDLE_IDENTIFIER }}" "${GITHUB_REF_NAME#v}" "$GITHUB_RUN_NUMBER" "${{ secrets.XCODE_DEVELOPMENT_TEAM }}"'
- name: Install Developer ID Certificate
run: |
# import build certificate from secrets
echo -n "${{ secrets.BUILD_CERTIFICATE_BASE64 }}" | base64 --decode --output="$BUILD_CERTIFICATE_PATH"
# create temporary keychain
security create-keychain -p "${{ secrets.KEYCHAIN_PASSWORD }}" "$KEYCHAIN_PATH"
security set-keychain-settings -lut 21600 "$KEYCHAIN_PATH"
security unlock-keychain -p "${{ secrets.KEYCHAIN_PASSWORD }}" "$KEYCHAIN_PATH"
# import certificate to keychain
security import "$BUILD_CERTIFICATE_PATH" -P "${{ secrets.P12_PASSWORD }}" -A -t cert -f pkcs12 -k "$KEYCHAIN_PATH"
security list-keychain -d user -s "$KEYCHAIN_PATH"
rm "$BUILD_CERTIFICATE_PATH"
- name: Run xcode-build Script
run: './Scripts/xcode-build release "$XCARCHIVE_PATH"'
- name: Notarize App
run: |
# Save Notarization Credentials to Keychain
echo -n "${{ secrets.NOTARIZATION_KEY_BASE64 }}" | base64 --decode --output="$NOTARIZATION_KEY_PATH"
xcrun notarytool store-credentials "AppNotarization" \
-k "$NOTARIZATION_KEY_PATH" \
-d "${{ secrets.NOTARIZATION_KEY_ID }}" \
-i "${{ secrets.NOTARIZATION_KEY_ISSUER }}" \
--keychain "$KEYCHAIN_PATH"
# create temporary .zip for notarization purposes
ditto -c -k --sequesterRsrc --keepParent "$APP_PATH" "$ZIP_PATH"
# notarize the app and log the result to stdout
SUBMISSION_ID="$(xcrun notarytool submit "$ZIP_PATH" --keychain-profile "AppNotarization" | awk '$1 ~ /^id:$/ { id=$2 } END { print id }')"
xcrun notarytool wait "$SUBMISSION_ID" --keychain-profile "AppNotarization"
xcrun notarytool log "$SUBMISSION_ID" --keychain-profile "AppNotarization"
# staple .app bundle with the notarization ticket
xcrun stapler staple -vvv "$APP_PATH"
rm "$ZIP_PATH" "$NOTARIZATION_KEY_PATH"
- name: Validate .app bundle
run: |
xcrun stapler validate -vvv "$APP_PATH"
codesign --verify --deep --strict --verbose=1 "$APP_PATH"
spctl --assess --verbose --type open --type exec "$APP_PATH"
- name: Compress .app bundle
run: 'ditto -c -k --sequesterRsrc --keepParent "$APP_PATH" "$ZIP_PATH"'
- name: Upload App to Artifacts
uses: actions/upload-artifact@v3
with:
name: ${{ env.APP_NAME }}
path: ${{ env.ZIP_PATH }}
if-no-files-found: error
- name: Upload Archive to Artifacts
uses: actions/upload-artifact@v3
with:
name: ${{ env.APP_NAME }}.xcarchive
path: ${{ env.XCARCHIVE_PATH }}
if-no-files-found: error
- name: Check Git Status
run: git status --porcelain
- name: Create Release
id: create_release
uses: actions/create-release@v1
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
tag_name: ${{ github.ref_name }}
release_name: ${{ github.ref_name }}
draft: true
prerelease: false
- name: Upload Release Asset
uses: actions/upload-release-asset@v1
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
upload_url: ${{ steps.create_release.outputs.upload_url }}
asset_path: ${{ env.ZIP_PATH }}
asset_name: ${{ env.APP_NAME }}.zip
asset_content_type: application/zip
- name: Publish Release
run: "hub release edit --draft=false -m '' \"${GITHUB_REF_NAME}\""
env:
GITHUB_REPOSITORY: ${{ github.repository }}
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- name: Delete keychain
if: ${{ always() }}
run: |
security delete-keychain "$KEYCHAIN_PATH"
rm -f "$BUILD_CERTIFICATE_PATH" "$NOTARIZATION_KEY_PATH" "$KEYCHAIN_PATH"