alice.mosphere.at / AXe
this repo has no description
0
fork

Configure Feed

Select the types of activity you want to include in your feed.

Create draft workflow

Cameron Cooke 3672f6aa 0160669f

+283
+283
.github/workflows/build-and-release.yml
··· 1 + name: CI 2 + 3 + on: 4 + release: 5 + types: [created] 6 + 7 + env: 8 + ARCHIVE_NAME: AXe-macOS # Name for the release archive 9 + 10 + permissions: 11 + contents: write 12 + actions: read 13 + 14 + jobs: 15 + build-and-release: 16 + runs-on: macos-15 17 + 18 + outputs: 19 + archive_name: ${{ steps.create_archive.outputs.archive_name }} 20 + archive_sha256: ${{ steps.create_archive.outputs.sha256 }} 21 + version: ${{ steps.version.outputs.version }} 22 + tag: ${{ steps.version.outputs.tag }} 23 + package_path: ${{ steps.notarize.outputs.package_path }} 24 + 25 + steps: 26 + - name: Checkout repository 27 + uses: actions/checkout@v4 28 + 29 + - name: Setup Xcode 30 + uses: maxim-lobanov/setup-xcode@v1 31 + with: 32 + xcode-version: '16.3' 33 + 34 + - name: Install dependencies 35 + run: | 36 + brew install jq 37 + 38 + - name: Extract version from tag 39 + id: version 40 + run: | 41 + VERSION=${GITHUB_REF#refs/tags/v} 42 + echo "version=$VERSION" >> $GITHUB_OUTPUT 43 + echo "tag=${GITHUB_REF#refs/tags/}" >> $GITHUB_OUTPUT 44 + echo "Building version: $VERSION" 45 + 46 + - name: Cache idb repository 47 + uses: actions/cache@v4 48 + with: 49 + path: idb_checkout 50 + key: idb-repo-${{ runner.os }}-stable 51 + restore-keys: | 52 + idb-repo-${{ runner.os }}- 53 + 54 + - name: Check IDB repository freshness 55 + id: idb_check 56 + run: | 57 + set -e 58 + 59 + # Get latest remote commit 60 + REMOTE_COMMIT=$(git ls-remote https://github.com/facebook/idb.git HEAD | cut -f1) 61 + echo "Latest IDB commit on remote: $REMOTE_COMMIT" 62 + 63 + if [ -d "idb_checkout" ] && [ -d "idb_checkout/.git" ]; then 64 + # We have a cached repo, check if it's up to date 65 + LOCAL_COMMIT=$(git -C idb_checkout rev-parse HEAD) 66 + echo "Cached IDB commit: $LOCAL_COMMIT" 67 + 68 + if [ "$LOCAL_COMMIT" = "$REMOTE_COMMIT" ]; then 69 + echo "✅ Cached IDB repository is up to date" 70 + echo "needs_setup=false" >> $GITHUB_OUTPUT 71 + else 72 + echo "🔄 Cached IDB repository is outdated, needs refresh" 73 + echo "needs_setup=true" >> $GITHUB_OUTPUT 74 + fi 75 + else 76 + # No cached repo or invalid cache 77 + echo "📥 No cached IDB repository found, needs setup" 78 + echo "needs_setup=true" >> $GITHUB_OUTPUT 79 + fi 80 + 81 + # Always output the remote commit for cache keys 82 + echo "idb_commit=$REMOTE_COMMIT" >> $GITHUB_OUTPUT 83 + 84 + - name: Setup - Clone IDB repository 85 + if: steps.idb_check.outputs.needs_setup == 'true' 86 + run: | 87 + chmod +x scripts/build.sh 88 + scripts/build.sh setup 89 + 90 + - name: Make build script executable 91 + run: chmod +x scripts/build.sh 92 + 93 + # Build Script Steps - Only needed if IDB was updated 94 + - name: Clean - Remove previous build artifacts 95 + if: steps.idb_check.outputs.needs_setup == 'true' 96 + run: scripts/build.sh clean 97 + 98 + - name: Build - IDB Frameworks 99 + if: steps.idb_check.outputs.needs_setup == 'true' 100 + run: scripts/build.sh frameworks 101 + 102 + - name: Install - Copy frameworks to build directory 103 + if: steps.idb_check.outputs.needs_setup == 'true' 104 + run: scripts/build.sh install 105 + 106 + - name: Strip - Remove nested frameworks 107 + if: steps.idb_check.outputs.needs_setup == 'true' 108 + run: scripts/build.sh strip 109 + 110 + # Code Signing Setup 111 + - name: Setup - Import code signing certificate 112 + env: 113 + DEVELOPER_ID_APPLICATION_P12: ${{ secrets.DEVELOPER_ID_APPLICATION_P12 }} 114 + DEVELOPER_ID_APPLICATION_PASSWORD: ${{ secrets.DEVELOPER_ID_APPLICATION_PASSWORD }} 115 + run: | 116 + set -e 117 + if [ -z "$DEVELOPER_ID_APPLICATION_P12" ]; then 118 + echo "⚠️ No certificate provided - builds will be unsigned" 119 + exit 0 120 + fi 121 + 122 + echo "🔐 Setting up code signing certificate..." 123 + KEYCHAIN_PATH="$RUNNER_TEMP/build.keychain" 124 + KEYCHAIN_PASSWORD=$(openssl rand -base64 32) 125 + 126 + # Create and configure keychain 127 + security create-keychain -p "$KEYCHAIN_PASSWORD" "$KEYCHAIN_PATH" 128 + security set-keychain-settings -lut 21600 "$KEYCHAIN_PATH" 129 + security unlock-keychain -p "$KEYCHAIN_PASSWORD" "$KEYCHAIN_PATH" 130 + 131 + # Import certificate 132 + echo "$DEVELOPER_ID_APPLICATION_P12" | base64 --decode > "$RUNNER_TEMP/certificate.p12" 133 + if [ -z "$DEVELOPER_ID_APPLICATION_PASSWORD" ]; then 134 + security import "$RUNNER_TEMP/certificate.p12" -A -t cert -f pkcs12 -k "$KEYCHAIN_PATH" 135 + else 136 + security import "$RUNNER_TEMP/certificate.p12" -P "$DEVELOPER_ID_APPLICATION_PASSWORD" -A -t cert -f pkcs12 -k "$KEYCHAIN_PATH" 137 + fi 138 + 139 + # Configure keychain 140 + security list-keychains -d user -s "$KEYCHAIN_PATH" $(security list-keychains -d user | sed s/\"//g) 141 + security set-key-partition-list -S apple-tool:,apple:,codesign: -s -k "$KEYCHAIN_PASSWORD" "$KEYCHAIN_PATH" 142 + 143 + echo "✅ Code signing certificate imported successfully" 144 + 145 + - name: Setup - Prepare notarization API key 146 + env: 147 + NOTARIZE_APP_STORE_CONNECT_API_KEY: ${{ secrets.NOTARIZE_APP_STORE_CONNECT_API_KEY }} 148 + run: | 149 + set -e 150 + if [ -z "$NOTARIZE_APP_STORE_CONNECT_API_KEY" ]; then 151 + echo "❌ ERROR: Notarization API key is required but not provided" 152 + echo "Please set NOTARIZE_APP_STORE_CONNECT_API_KEY secret in repository settings" 153 + exit 1 154 + fi 155 + 156 + echo "🔑 Setting up notarization API key..." 157 + mkdir -p keys 158 + echo "$NOTARIZE_APP_STORE_CONNECT_API_KEY" | base64 --decode > keys/AuthKey_${{ secrets.NOTARIZE_APP_STORE_CONNECT_API_KEY_ID }}.p8 159 + echo "✅ Notarization API key prepared" 160 + 161 + - name: Sign - Framework binaries 162 + if: steps.idb_check.outputs.needs_setup == 'true' 163 + run: scripts/build.sh sign-frameworks 164 + 165 + - name: Create - XCFrameworks 166 + if: steps.idb_check.outputs.needs_setup == 'true' 167 + run: scripts/build.sh xcframeworks 168 + 169 + - name: Sign - XCFramework bundles 170 + if: steps.idb_check.outputs.needs_setup == 'true' 171 + run: scripts/build.sh sign-xcframeworks 172 + 173 + - name: Build - AXe executable 174 + run: scripts/build.sh executable 175 + 176 + - name: Sign - AXe executable 177 + run: scripts/build.sh sign-executable 178 + 179 + - name: Package - Create notarization package 180 + run: scripts/build.sh package 181 + 182 + - name: Notarize - Submit to Apple for notarization 183 + id: notarize 184 + env: 185 + NOTARIZATION_API_KEY_PATH: keys/AuthKey_${{ secrets.NOTARIZE_APP_STORE_CONNECT_API_KEY_ID }}.p8 186 + NOTARIZATION_KEY_ID: ${{ secrets.NOTARIZE_APP_STORE_CONNECT_API_KEY_ID }} 187 + NOTARIZATION_ISSUER_ID: ${{ secrets.NOTARIZE_APP_STORE_CONNECT_ISSUER_ID }} 188 + TEMP_DIR: ${{ runner.temp }} 189 + run: | 190 + scripts/build.sh notarize 191 + # The notarization step outputs the package path - we need to capture it 192 + PACKAGE_PATH=$(find "$RUNNER_TEMP" -name "AXe-Final-*.zip" | head -1) 193 + if [ -n "$PACKAGE_PATH" ]; then 194 + echo "package_path=$PACKAGE_PATH" >> $GITHUB_OUTPUT 195 + echo "📦 Final package location: $PACKAGE_PATH" 196 + else 197 + echo "❌ Could not find final package" 198 + exit 1 199 + fi 200 + 201 + - name: Create release archive 202 + id: create_archive 203 + run: | 204 + ARCHIVE_NAME="${{ env.ARCHIVE_NAME }}-${{ steps.version.outputs.tag }}.tar.gz" 205 + echo "archive_name=$ARCHIVE_NAME" >> $GITHUB_OUTPUT 206 + 207 + PACKAGE_PATH="${{ steps.notarize.outputs.package_path }}" 208 + if [ -f "$PACKAGE_PATH" ]; then 209 + echo "📦 Creating release archive from: $PACKAGE_PATH" 210 + 211 + # Extract the package to create the tar.gz 212 + TEMP_EXTRACT="$RUNNER_TEMP/extract" 213 + mkdir -p "$TEMP_EXTRACT" 214 + unzip -q "$PACKAGE_PATH" -d "$TEMP_EXTRACT" 215 + 216 + # Create tar.gz from extracted contents 217 + tar -czf "$ARCHIVE_NAME" -C "$TEMP_EXTRACT" . 218 + 219 + # Calculate SHA256 220 + SHA256=$(shasum -a 256 "$ARCHIVE_NAME" | awk '{print $1}') 221 + echo "sha256=$SHA256" >> $GITHUB_OUTPUT 222 + echo "✅ Archive created: $ARCHIVE_NAME (SHA256: $SHA256)" 223 + else 224 + echo "❌ Package path not found: $PACKAGE_PATH" 225 + exit 1 226 + fi 227 + 228 + - name: Upload release asset 229 + uses: actions/upload-release-asset@v1 230 + env: 231 + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} 232 + with: 233 + upload_url: ${{ github.event.release.upload_url }} 234 + asset_path: ${{ steps.create_archive.outputs.archive_name }} 235 + asset_name: ${{ steps.create_archive.outputs.archive_name }} 236 + asset_content_type: application/gzip 237 + 238 + - name: Update Homebrew tap 239 + if: ${{ !github.event.release.prerelease }} 240 + env: 241 + HOMEBREW_TAP_TOKEN: ${{ secrets.HOMEBREW_TAP_TOKEN }} 242 + run: | 243 + set -e 244 + if [ -z "$HOMEBREW_TAP_TOKEN" ]; then 245 + echo "⚠️ Homebrew tap update skipped - no token provided" 246 + exit 0 247 + fi 248 + 249 + echo "🍺 Updating Homebrew tap..." 250 + git clone https://x-access-token:${HOMEBREW_TAP_TOKEN}@github.com/cameroncooke/homebrew-axe.git tap-repo 251 + cd tap-repo 252 + 253 + FORMULA_FILE="Formula/axe.rb" 254 + URL="https://github.com/${{ github.repository }}/releases/download/${{ steps.version.outputs.tag }}/${{ steps.create_archive.outputs.archive_name }}" 255 + SHA256="${{ steps.create_archive.outputs.sha256 }}" 256 + VERSION_TAG="${{ steps.version.outputs.version }}" 257 + 258 + # Update formula with new version, URL, and SHA256 259 + awk -v version="$VERSION_TAG" -v url="$URL" -v sha="$SHA256" ' 260 + /version "/ {gsub(/version \".*\"/, "version \"" version "\""); print; next} 261 + /url "/ {gsub(/url \".*\"/, "url \"" url "\""); print; next} 262 + /sha256 "/ {gsub(/sha256 \".*\"/, "sha256 \"" sha "\""); print; next} 263 + {print} 264 + ' "$FORMULA_FILE" > "${FORMULA_FILE}.new" && mv "${FORMULA_FILE}.new" "$FORMULA_FILE" 265 + 266 + git config user.name "github-actions[bot]" 267 + git config user.email "github-actions[bot]@users.noreply.github.com" 268 + git add "$FORMULA_FILE" 269 + if ! git diff --staged --quiet; then 270 + git commit -m "Update axe to v${VERSION_TAG}" 271 + git push origin main 272 + echo "✅ Homebrew formula updated successfully to v${VERSION_TAG}" 273 + else 274 + echo "ℹ️ No changes to commit for Homebrew formula (v${VERSION_TAG})" 275 + fi 276 + 277 + - name: Cleanup 278 + if: always() 279 + run: | 280 + echo "🧹 Cleaning up sensitive files..." 281 + rm -rf keys/ 282 + rm -f "$RUNNER_TEMP"/*.p12 283 + echo "✅ Cleanup completed"