CleanCopy/.github/workflows/release.yml at main · sachasayan/CleanCopy · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
# GitHub Actions Workflow for creating CleanCopy Releases

name: Create Release

# Controls when the workflow will run
on:
  push:
    tags:
      - 'v*' # Trigger on tags starting with 'v' (e.g., v1.0.0, v1.1.0)

jobs:
  build-release:
    name: Build and Release CleanCopy
    runs-on: macos-latest # Use the latest macOS runner provided by GitHub

    steps:
      # 1. Check out the repository code at the specific tag
      - name: Checkout code
        uses: actions/checkout@v4

      # 2. Import code signing certificate using Apple Actions
      - name: Import Code Signing Certificates
        uses: apple-actions/import-codesign-certs@v3
        with:
          p12-file-base64: ${{ secrets.APPSTORE_CERTIFICATES_FILE_BASE64 }}
          p12-password: ${{ secrets.APPSTORE_CERTIFICATES_PASSWORD }}

      # 3. Install create-dmg dependency (required by 'make package')
      - name: Install create-dmg
        run: brew install create-dmg

      # 4. Build the Release configuration, package, and sign the DMG
      #    Override Xcode settings to force manual signing.
      #    The identity should be picked up from the keychain set up by the previous step.
      - name: Build and Package Release DMG
        run: |
          echo "Building and packaging with manual signing overrides..."
          make package CONFIG=Release \
            CODE_SIGN_STYLE=Manual \
            DEVELOPMENT_TEAM="" \
            PROVISIONING_PROFILE_SPECIFIER=""

      # 5. Create a Draft GitHub Release and upload the DMG
      - name: Create GitHub Release
        uses: softprops/action-gh-release@v2
        with:
          # Use the tag name (e.g., v1.0.0) for the release name and tag
          tag_name: ${{ github.ref_name }}
          name: Release ${{ github.ref_name }}
          # Create the release as a draft, allowing manual review/editing before publishing
          draft: true
          # Set to false to automatically publish (not recommended initially)
          # prerelease: false
          # Specify the files to upload as release assets
          files: |
            CleanCopy-Release.dmg
            dmg-resources/LICENSE.txt # Also include the license file
        env:
          GITHUB_TOKEN: ${{ secrets.ACCESS_TOKEN }}

      # 6. Cleanup step removed as apple-actions/import-codesign-certs handles its keychain.