Build and upload Mac app artifact #90

Summary
Jobs
- build-mac
Run details
- Usage
- Workflow file

Workflow file for this run

.github/workflows/app-artifacts-mac.yml at 7c822de

	name: Build and upload Mac app artifact

	on:
	workflow_dispatch:
	inputs:
	buildBranch:
	description: 'Headlamp ref/branch/tag'
	required: true
	default: 'main'
	signBinaries:
	description: Notarize app
	default: false
	type: boolean
	jobs:
	build-mac:
	runs-on: macos-latest
	steps:
	- uses: actions/checkout@v4
	with:
	ref: ${{ github.event.inputs.buildBranch }}
	- name: Setup nodejs
	uses: actions/setup-node@v4
	with:
	node-version: 18.x
	cache: 'npm'
	cache-dependency-path: \|
	app/package-lock.json
	frontend/package-lock.json
	- uses: actions/setup-go@v5
	with:
	go-version: '1.20.*'
	cache-dependency-path: \|
	backend/go.sum
	- name: Dependencies
	run: brew install make
	- name: Build Backend and Frontend
	run: \|
	make
	- name: Add MacOS certs
	run: cd ./app/mac/scripts/ && sh ./setup-certificate.sh
	env:
	APPLE_CERTIFICATE: ${{ secrets.TEST_APPLE_DEV_CERT }}
	APPLE_CERTIFICATE_PASSWORD: ${{ secrets.TEST_APPLE_DEV_CERT_PASS }}
	- name: Build Notarized App Mac
	if: ${{ inputs.signBinaries }}
	run: \|
	make app-build
	# env:
	# APPLEID: ${{ secrets.APPLEID }}
	# APPLEIDPASS: ${{ secrets.APPLEIDPASS }}
	# APPLETEAMID: ${{ secrets.APPLETEAMID }}
	# - name: Build App Mac
	# if: ${{ ! inputs.signBinaries }}
	# run: \|
	# make app-mac
	- name: CodeSign
	run: \|
	cd ./app/dist/mac && codesign -s ${{ secrets.TEST_APPLE_TEAM_ID }} --deep --force --options runtime --entitlements ../../mac/entitlements.mac.plist ./Headlamp.app
	- name: Zip Artifact
	run: \|
	cd ./app/dist/mac/ && ditto -c -k --sequesterRsrc --keepParent Headlamp.app ./Headlamp.zip
	- name: Upload artifact
	uses: actions/upload-artifact@v4
	with:
	name: zipbuild
	path: ./app/dist/mac/Headlamp.zip
	if-no-files-found: error
	retention-days: 1
	# notarize:
	# runs-on: windows-latest
	# # needs: build-mac
	# if: ${{ inputs.signBinaries }}
	# steps:
	# - uses: actions/checkout@v4
	# with:
	# ref: ${{ github.event.inputs.buildBranch }}
	# - name: Setup nodejs
	# uses: actions/setup-node@v4
	# with:
	# node-version: 18.x
	# cache: 'npm'
	# cache-dependency-path: \|
	# app/package-lock.json
	# frontend/package-lock.json
	# # - name: Download Direct (test/temp)
	# # shell: pwsh
	# # run: \|
	# # $currentPath = (Get-Location).Path
	# # Invoke-WebRequest -Uri 'https://productionresultssa11.blob.core.windows.net/actions-results/e4420c55-2c75-424d-bd2a-6d68d68ae923/workflow-job-run-6f8d8423-5c14-5ef4-cc1e-ef33e16df4c9/artifacts/700818bb65e893a1e8bc92c8d61be9906c54ffaec4cedca1e84eb903f43dd9de.zip?rscd=attachment%3B+filename%3D%22zipbuild.zip%22&se=2024-02-16T13%3A20%3A21Z&sig=KdKO7YoEyQWSgbqqFtIYrnHhvXDR%2F1WfIUpnTTWipdU%3D&sp=r&spr=https&sr=b&st=2024-02-16T13%3A10%3A21Z&sv=2021-12-02' -OutFile $currentPath\app\dist
	# - name: Download artifact
	# id: download-artifact
	# uses: dawidd6/action-download-artifact@v3
	# with:
	# # Optional, GitHub token, a Personal Access Token with `public_repo` scope if needed
	# # Required, if the artifact is from a different repo
	# # Required, if the repo is private a Personal Access Token with `repo` scope is needed or GitHub token in a job where the permissions `action` scope set to `read`
	# github_token: ${{secrets.GITHUB_TOKEN}}
	# run_id: 7933816288

	# # - name: Download artifact
	# # uses: actions/download-artifact@v2
	# # with:
	# # name: zipbuild
	# - name: Fetch certificates
	# if: ${{ inputs.signBinaries }}
	# shell: pwsh
	# run: \|
	# az login --service-principal -u ${{ secrets.WINDOWS_CLIENT_ID }} -p ${{ secrets.AZ_LOGIN_PASS }} --tenant 72f988bf-86f1-41af-91ab-2d7cd011db47
	# az keyvault secret download --subscription ${{ secrets.AZ_SUBSCRIPTION_ID }} --vault-name headlamp --name HeadlampAuthCert --file c:\HeadlampAuthCert.pfx --encoding base64
	# az keyvault secret download --subscription ${{ secrets.AZ_SUBSCRIPTION_ID }} --vault-name headlamp --name ESRPHeadlampReqCert --file c:\HeadlampReqCert.pfx --encoding base64
	# - name: Set up certificates
	# if: ${{ inputs.signBinaries }}
	# shell: pwsh
	# run: \|
	# Import-PfxCertificate -FilePath c:\HeadlampAuthCert.pfx -CertStoreLocation Cert:\LocalMachine\My -Exportable
	# Import-PfxCertificate -FilePath c:\HeadlampReqCert.pfx -CertStoreLocation Cert:\LocalMachine\My -Exportable

	# - name: Download and Set up ESRPClient
	# if: ${{ inputs.signBinaries }}
	# shell: pwsh
	# run: \|
	# nuget.exe sources add -name esrp -source ${{ secrets.ESRP_NUGET_INDEX_URL }} -username headlamp -password ${{ secrets.AZ_DEVOPS_TOKEN }}
	# nuget.exe install Microsoft.EsrpClient -Version 1.2.80 -source ${{ secrets.ESRP_NUGET_INDEX_URL }} \| out-null

	# - name: App Windows
	# shell: pwsh
	# run: \|
	# ls app/mac/scripts
	# ls
	# if ("${{ inputs.signBinaries }}" -eq "true") {
	# $env:ESRP_PATH="$(Get-Location)\Microsoft.EsrpClient.1.2.80\tools\EsrpClient.exe"
	# $env:HEADLAMP_WINDOWS_CLIENT_ID="${{ secrets.WINDOWS_CLIENT_ID }}"
	# $env:HEADLAMP_WINDOWS_SIGN_EMAIL="${{ secrets.WINDOWS_SIGN_EMAIL }}"
	# } else {
	# echo "Not signing binaries"
	# }
	# cd ./app/mac/scripts
	# ls ../../../zipbuild
	# node ./esrp-notarize.js ../../../zipbuild/Headlamp.zip

	# - name: Upload Notarized
	# uses: actions/upload-artifact@v4
	# with:
	# name: Win exes
	# path: ./app/dist/Headlamp.
	# if-no-files-found: error
	# retention-days: 2

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Build and upload Mac app artifact #90

Workflow file

Build and upload Mac app artifact #90

Jobs

Run details

Workflow file for this run