Skip to content

Nightly Build

Nightly Build #337

Workflow file for this run

name: Nightly Build
on:
workflow_dispatch:
schedule:
- cron: '0 3 * * *' # at 03:00 AM UTC everyday
env:
XC_VERSION: ${{ '16.2' }}
jobs:
build:
runs-on: macos-15
if: github.ref == 'refs/heads/main' # run this job only for the main branch
steps:
- name: Select latest Xcode
run: "sudo xcode-select -s /Applications/Xcode_$XC_VERSION.app"
- name: Install deps
run: |
brew install create-dmg pandoc basictex
- uses: actions/checkout@v4
with:
fetch-depth: 0
- name: Install the Apple certificate and provisioning profile
env:
BUILD_CERTIFICATE_BASE64: ${{ secrets.BUILD_CERTIFICATE_BASE64 }}
P12_PASSWORD: ${{ secrets.P12_PASSWORD }}
BUILD_PROVISION_PROFILE_BASE64: ${{ secrets.BUILD_PROVISION_PROFILE_BASE64 }}
KEYCHAIN_PASSWORD: ${{ secrets.KEYCHAIN_PASSWORD }}
NOTARIZATION_APPLE_ID: ${{ secrets.NOTARIZATION_APPLE_ID }}
NOTARIZATION_PWD: ${{ secrets.NOTARIZATION_PWD }}
NOTARIZATION_TEAM: ${{ secrets.NOTARIZATION_TEAM }}
run: |
# create variables
CERTIFICATE_PATH=$RUNNER_TEMP/build_certificate.p12
PP_PATH=$RUNNER_TEMP/build_pp.provisionprofile
KEYCHAIN_PATH=$RUNNER_TEMP/app-signing.keychain-db
# import certificate and provisioning profile from secrets
echo -n "$BUILD_CERTIFICATE_BASE64" | base64 --decode -o $CERTIFICATE_PATH
echo -n "$BUILD_PROVISION_PROFILE_BASE64" | base64 --decode -o $PP_PATH
# create temporary keychain
security create-keychain -p "$KEYCHAIN_PASSWORD" $KEYCHAIN_PATH
security set-keychain-settings -lut 21600 $KEYCHAIN_PATH
security unlock-keychain -p "$KEYCHAIN_PASSWORD" $KEYCHAIN_PATH
# import certificate to keychain
security import $CERTIFICATE_PATH -P "$P12_PASSWORD" -A -t cert -f pkcs12 -k $KEYCHAIN_PATH
security list-keychain -d user -s $KEYCHAIN_PATH
# apply provisioning profile
mkdir -p ~/Library/MobileDevice/Provisioning\ Profiles
cp $PP_PATH ~/Library/MobileDevice/Provisioning\ Profiles
# store notatization credentials
xcrun notarytool store-credentials AC_PASSWORD --apple-id $NOTARIZATION_APPLE_ID --team-id $NOTARIZATION_TEAM --password $NOTARIZATION_PWD
- name: Build and package
env:
NC_SENSITIVE: ${{ secrets.NC_SENSITIVE }}
run: |
eval "$(/usr/libexec/path_helper)"
echo -n "$NC_SENSITIVE" | base64 --decode -o /Users/runner/.nc_sensitive.h
cd Scripts && ./build_nightly.sh
- name: Clean up keychain and provisioning profile
if: ${{ always() }}
run: |
security delete-keychain $RUNNER_TEMP/app-signing.keychain-db
rm ~/Library/MobileDevice/Provisioning\ Profiles/build_pp.provisionprofile
- uses: actions/upload-artifact@v4
with:
name: nimble-commander-nightly
path: Scripts/*.dmg
if-no-files-found: error