2525run :go test -v -race -cover -coverprofile coverage.txt -covermode=atomic ./...
2626 -name :update codecov
2727run :|
28- CODECOV_TOKEN="${{ secrets.CODECOV_TOKEN }}" bash <(curl -s https://codecov.io/bash)
28+ CODECOV_TOKEN="${{ secrets.CODECOV_TOKEN }}" bash <(curl -s https://codecov.io/bash)
2929name :Build and pack
3030run :|
3131 # build package
@@ -34,41 +34,31 @@ jobs:
3434 lipo -create -output .workflow/exe exe_amd64 exe_arm64
3535 rm exe_amd64
3636 rm exe_arm64
37-
38- # pack
39- cd .workflow
40- plutil -replace version -string "${{ env.tag }}" info.plist
41- zip -r ../"AkTest_GALLERY-${{ env.tag }}.alfredworkflow" .
42- cd ..
43-
44- echo "artifact=$(echo "AkTest_GALLERY-${{ env.tag }}.alfredworkflow")" >> $GITHUB_ENV
45- name :Import Code-Signing Certificates
46- uses :Apple-Actions/import-codesign-certs@v1
47- with :
48- # The certificates in a PKCS12 file encoded as a base64 string
49- p12-file-base64 :" ${{ secrets.APPLE_DEVELOPER_CERTIFICATE_P12_BASE64 }}"
50- # The password used to import the PKCS12 file.
51- p12-password :" ${{ secrets.APPLE_DEVELOPER_CERTIFICATE_PASSWORD }}"
52- -name :Install gon via HomeBrew for code signing and app notarization
37+ name :Configure macOS signing
38+ env :
39+ APPLE_DEVELOPER_ID :${{ vars.APPLE_DEVELOPER_ID }}
40+ APPLE_APPLICATION_CERT :${{ secrets.APPLE_APPLICATION_CERT }}
41+ APPLE_APPLICATION_CERT_PASSWORD :${{ secrets.APPLE_APPLICATION_CERT_PASSWORD }}
5342run :|
54- brew tap mitchellh/gon
55- brew install mitchellh/gon/gon
56- name :code sign and notarize
43+ keychain="$RUNNER_TEMP/buildagent.keychain"
44+ keychain_password="password1"
45+
46+ security create-keychain -p "$keychain_password" "$keychain"
47+ security default-keychain -s "$keychain"
48+ security unlock-keychain -p "$keychain_password" "$keychain"
49+
50+ base64 -D <<<"$APPLE_APPLICATION_CERT" > "$RUNNER_TEMP/cert.p12"
51+ security import "$RUNNER_TEMP/cert.p12" -k "$keychain" -P "$APPLE_APPLICATION_CERT_PASSWORD" -T /usr/bin/codesign
52+ security set-key-partition-list -S "apple-tool:,apple:,codesign:" -s -k "$keychain_password" "$keychain"
53+ rm "$RUNNER_TEMP/cert.p12"
54+ name :codesign and notarize
5755env :
58- AC_USERNAME :" ${{ secrets.AC_USERNAME }}"
59- AC_PASSWORD :" ${{ secrets.AC_PASSWORD }}"
56+ APPLE_ID :${{ vars.APPLE_ID }}
57+ APPLE_ID_PASSWORD :${{ secrets.APPLE_ID_PASSWORD }}
58+ APPLE_DEVELOPER_ID :${{ vars.APPLE_DEVELOPER_ID }}
6059run :|
61- # gon code sign
62- cat <<EOF >> gon.json
63- {
64- "source" : [".workflow/exe"],
65- "bundle_id" : "com.xxx.aktest",
66- "sign" :{
67- "application_identity" : ""
68- }
69- }
70- EOF
71- gon -log-level=debug -log-json ./gon.json
60+ # codesign
61+ codesign --timestamp --options=runtime -s "$APPLE_DEVELOPER_ID" -v .workflow/exe
7262
7363 # pack alfredworkflow
7464 cd .workflow
7868
7969 # zip alfredworkflow as zip archive for notarize
8070 zip -r "AkTest_GALLERY-${{ env.tag }}.alfredworkflow.zip" "AkTest_GALLERY-${{ env.tag }}.alfredworkflow"
81-
82- # gon notarize
83- cat <<EOF >> notarize.json
84- {
85- "notarize": [{
86- "path": "${PWD}/AkTest_GALLERY-${{ env.tag }}.alfredworkflow.zip",
87- "bundle_id": "com.xxx.aktest",
88- "staple":false
89- }]
90- }
91- EOF
92- gon -log-level=debug -log-json ./notarize.json
93-
71+
72+ xcrun notarytool submit "AkTest_GALLERY-${{ env.tag }}.alfredworkflow.zip" --apple-id "$APPLE_ID" --team-id "$APPLE_DEVELOPER_ID" --password "$APPLE_ID_PASSWORD"
73+
9474 echo "artifact=$(echo "AkTest_GALLERY-${{ env.tag }}.alfredworkflow")" >> $GITHUB_ENV
9575uses :shogo82148/actions-upload-release-asset@v1
9676with :