-
Notifications
You must be signed in to change notification settings - Fork 6
76 lines (68 loc) · 3.06 KB
/
Copy pathmacos-pkg.yml
File metadata and controls
76 lines (68 loc) · 3.06 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
name: MacOS PKG Build
on:
push:
branches: [ "dev", "release/**" ]
paths-ignore:
- 'README.md'
- 'LICENSE'
- 'docs/**'
pull_request:
branches: [ "**" ]
workflow_dispatch:
concurrency:
group: ${{ github.workflow }}-${{ github.head_ref || github.ref_name }}
cancel-in-progress: true
jobs:
build-pkg:
runs-on: macos-latest
steps:
- name: Checkout Repository
uses: actions/checkout@v6
- name: Set up JDK 25
uses: actions/setup-java@v5
with:
java-version: '25'
distribution: 'temurin'
cache: maven
- name: Build macOS PKG
run: mvn clean install -pl jdm-core,jdm-dist/jdm-pkg -am -Pmacos-pkg --no-transfer-progress
- name: Build and Sign macOS PKG (if secrets available)
if: env.MACOS_CERTIFICATE != ''
env:
MACOS_CERTIFICATE: ${{ secrets.MACOS_CERTIFICATE }}
MACOS_CERTIFICATE_PWD: ${{ secrets.MACOS_CERTIFICATE_PWD }}
KEYCHAIN_PASSWORD: ${{ secrets.KEYCHAIN_PASSWORD }}
APPLE_ID: ${{ secrets.APPLE_ID }}
APPLE_APP_SPECIFIC_PASSWORD: ${{ secrets.APPLE_APP_SPECIFIC_PASSWORD }}
APPLE_TEAM_ID: ${{ secrets.APPLE_TEAM_ID }}
run: |
# [Tyler's keychain logic]
KEYCHAIN_PATH=$RUNNER_TEMP/app-signing.keychain-db
echo -n "$MACOS_CERTIFICATE" | base64 --decode -o /tmp/build_certificate.p12
security create-keychain -p "$KEYCHAIN_PASSWORD" "$KEYCHAIN_PATH"
security set-keychain-settings -lut 21600 "$KEYCHAIN_PATH"
security unlock-keychain -p "$KEYCHAIN_PASSWORD" "$KEYCHAIN_PATH"
security import /tmp/build_certificate.p12 -P "$MACOS_CERTIFICATE_PWD" -A -t cert -f pkcs12 -k "$KEYCHAIN_PATH"
security set-key-partition-list -S apple-tool:,apple: -s -k "$KEYCHAIN_PASSWORD" "$KEYCHAIN_PATH"
security list-keychain -d user -s "$KEYCHAIN_PATH"
# Run signed build
mvn install -pl jdm-dist/jdm-pkg -Pmacos-pkg \
-Dsigning.identity="Developer ID Application: Tyler Lui (232JY57U23)" \
-Dmac.installer.signing.identity="Developer ID Installer: Tyler Lui (232JY57U23)" \
-Dapple.id="$APPLE_ID" \
-Dapple.password="$APPLE_APP_SPECIFIC_PASSWORD" \
-Dapple.team.id="$APPLE_TEAM_ID"
- name: Upload PKG Artifact
uses: actions/upload-artifact@v7
with:
name: jdiskmark-macos-pkg
# plain wildcard — package-pkg.sh deletes all intermediate *.pkg files
# (component, unsigned) so exactly one file matches at upload time.
# NOTE: do NOT replace this with a step output variable — doing so breaks
# 'archive: false' and causes the action to fall back to zip mode.
path: jdm-dist/jdm-pkg/target/*.pkg
if-no-files-found: error
# archive: false — upload the raw .pkg without zipping it.
# Requires upload-artifact@v7+. Do NOT downgrade to @v4 or below;
# older versions always zip and will break raw download behaviour.
archive: false