release #87
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: release | |
on: | |
push: | |
tags: | |
- '*' | |
workflow_dispatch: | |
permissions: | |
contents: read | |
jobs: | |
test: | |
uses: ./.github/workflows/pytest.yml | |
build: | |
needs: test | |
strategy: | |
fail-fast: false | |
matrix: | |
python-ver: [3.11] | |
# Intel mac for macos-13, M1/2 mac for macos-14 | |
os: [windows-latest, macos-13, macos-14] | |
include: | |
- os: windows-latest | |
build_cmd: build_win.bat | |
zip_name: PlaySK-PianoRoll-Reader-Win.x64.zip | |
- os: macos-13 | |
build_cmd: bash build_mac.sh | |
zip_name: PlaySK-PianoRoll-Reader-Mac.x64.zip | |
- os: macos-14 | |
build_cmd: bash build_mac.sh | |
zip_name: PlaySK-PianoRoll-Reader-Mac.ARM.zip | |
runs-on: ${{ matrix.os }} | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v4 | |
- name: Set up Python ${{ matrix.python-ver }} | |
uses: actions/setup-python@v5 | |
with: | |
python-version: ${{ matrix.python-ver }} | |
- name: Install poetry | |
uses: abatilo/actions-poetry@v2 | |
- name: Install dependencies | |
run: poetry install | |
- name: build binary | |
run: poetry run ${{ matrix.build_cmd }} | |
- name: Windows x64, collect release files | |
if: startsWith( matrix.os , 'windows' ) | |
run: Compress-Archive -Path "dist/PlaySK Piano Roll Reader/*","sample_scans/" -DestinationPath ${{ matrix.zip_name }} | |
- name: Mac arm/x64, codesign app | |
if: startsWith( matrix.os, 'mac' ) | |
env: | |
CERT_B64: ${{ secrets.CERT_B64 }} | |
CERT_PW: ${{ secrets.CERT_PW }} | |
CERT_NAME: ${{ secrets.CERT_NAME }} | |
KEYCHAIN_PW: ${{ secrets.KEYCHAIN_PW }} | |
run: | | |
pushd dist | |
security create-keychain -p "$KEYCHAIN_PW" build.keychain | |
security default-keychain -s build.keychain | |
security unlock-keychain -p "$KEYCHAIN_PW" build.keychain | |
echo $CERT_B64 | base64 --decode > cert.p12 | |
security import cert.p12 -k build.keychain -P "$CERT_PW" -T /usr/bin/codesign | |
security set-key-partition-list -S apple-tool:,apple:,codesign: -s -k "$KEYCHAIN_PW" build.keychain | |
/usr/bin/codesign --deep --force --options=runtime --entitlements ../entitlements.plist --sign "$CERT_NAME" --timestamp "PlaySK Piano Roll Reader.app/" | |
- name: Mac arm/x64, notarize app | |
if: startsWith( matrix.os, 'mac' ) | |
env: | |
NOTARY_APPLE_ID: ${{ secrets.NOTARY_APPLE_ID }} | |
NOTARY_TEAM_ID: ${{ secrets.NOTARY_TEAM_ID }} | |
NOTARY_PW: ${{ secrets.NOTARY_PW }} | |
run: | | |
pushd dist | |
mkdir to_notarize | |
mv "PlaySK Piano Roll Reader.app" playsk_config to_notarize/ | |
ditto -c -k -rsrc --keepParent to_notarize archive.zip | |
xcrun notarytool store-credentials "notary_profile" --apple-id "$NOTARY_APPLE_ID" --team-id "$NOTARY_TEAM_ID" --password "$NOTARY_PW" | |
xcrun notarytool submit archive.zip --keychain-profile "notary_profile" --wait | |
mv to_notarize/* . | |
rm -rf to_notarize archive.zip | |
xcrun stapler staple "PlaySK Piano Roll Reader.app" | |
- name: Mac arm/x64, create dmg installer and collect release files | |
if: startsWith( matrix.os, 'mac' ) | |
run: | | |
pushd dist | |
brew install create-dmg | |
test -f PlaySK-Installer.dmg && rm PlaySK-Installer.dmg | |
create-dmg --volname "PlaySK Installer" --background ../assets/dmg-bg.tiff --window-pos 200 120 --window-size 800 500 --icon-size 100 --icon "PlaySK Piano Roll Reader.app" 100 100 --add-file "playsk_config" playsk_config 100 300 --hide-extension "PlaySK Piano Roll Reader.app" --app-drop-link 600 200 "PlaySK-Installer.dmg" "PlaySK Piano Roll Reader.app" | |
popd | |
mv dist/PlaySK-Installer.dmg "dist/How to use Mac.png" dist/3rd-party-license.txt . | |
zip -qr ${{ matrix.zip_name }} sample_scans/ PlaySK-Installer.dmg "How to use Mac.png" "3rd-party-license.txt" | |
- uses: actions/upload-artifact@v4 | |
with: | |
name: ${{ matrix.zip_name }} | |
path: ${{ matrix.zip_name }} | |
release: | |
needs: build | |
runs-on: ubuntu-latest | |
permissions: | |
contents: write | |
steps: | |
- name: Download artifacts | |
uses: actions/download-artifact@v4 | |
with: | |
path: assets | |
- name: Display structure of downloaded files | |
run: ls -la assets/ | |
# currently no solution for double zipped | |
- name: create release | |
uses: softprops/action-gh-release@v1 | |
with: | |
draft: true | |
files: ./assets/*/* |