mirror of
https://gitea.shironeko-all.duckdns.org/shironeko/Hytale-F2P-2.git
synced 2026-02-26 18:51:46 -03:00
98123d7338
Add macOS code signing and notarization for Gatekeeper compatibility: - Add hardened runtime configuration in package.json - Add entitlements.mac.plist for required app permissions - Enable built-in electron-builder notarization - Add code signing and notarization secrets to workflow Required GitHub Secrets: - CSC_LINK: Base64-encoded .p12 certificate file - CSC_KEY_PASSWORD: Password for the .p12 certificate - APPLE_ID: Apple Developer account email - APPLE_APP_SPECIFIC_PASSWORD: App-specific password from appleid.apple.com - APPLE_TEAM_ID: 10-character Apple Developer Team ID Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
179 lines
4.5 KiB
YAML
179 lines
4.5 KiB
YAML
name: Build and Release
|
|
|
|
on:
|
|
push:
|
|
tags:
|
|
- 'v*'
|
|
workflow_dispatch:
|
|
|
|
jobs:
|
|
build-windows:
|
|
runs-on: windows-latest
|
|
steps:
|
|
- uses: actions/checkout@v4
|
|
- uses: actions/setup-node@v4
|
|
with:
|
|
node-version: '22'
|
|
cache: 'npm'
|
|
- run: npm ci
|
|
|
|
- name: Build Windows Packages
|
|
run: npx electron-builder --win --publish never
|
|
- uses: actions/upload-artifact@v4
|
|
with:
|
|
name: windows-builds
|
|
path: |
|
|
dist/*.exe
|
|
dist/*.exe.blockmap
|
|
dist/latest.yml
|
|
|
|
build-macos:
|
|
runs-on: macos-latest
|
|
steps:
|
|
- uses: actions/checkout@v4
|
|
- uses: actions/setup-node@v4
|
|
with:
|
|
node-version: '22'
|
|
cache: 'npm'
|
|
- run: npm ci
|
|
|
|
- name: Build macOS Packages
|
|
env:
|
|
# Code signing
|
|
CSC_LINK: ${{ secrets.CSC_LINK }}
|
|
CSC_KEY_PASSWORD: ${{ secrets.CSC_KEY_PASSWORD }}
|
|
# Notarization
|
|
APPLE_ID: ${{ secrets.APPLE_ID }}
|
|
APPLE_APP_SPECIFIC_PASSWORD: ${{ secrets.APPLE_APP_SPECIFIC_PASSWORD }}
|
|
APPLE_TEAM_ID: ${{ secrets.APPLE_TEAM_ID }}
|
|
run: npx electron-builder --mac --publish never
|
|
- uses: actions/upload-artifact@v4
|
|
with:
|
|
name: macos-builds
|
|
path: |
|
|
dist/*.dmg
|
|
dist/*.zip
|
|
dist/*.blockmap
|
|
dist/latest-mac.yml
|
|
|
|
build-linux:
|
|
runs-on: ubuntu-latest
|
|
steps:
|
|
- uses: actions/checkout@v4
|
|
- name: Install build dependencies
|
|
run: |
|
|
sudo apt-get update
|
|
sudo apt-get install -y libarchive-tools
|
|
|
|
- uses: actions/setup-node@v4
|
|
with:
|
|
node-version: '22'
|
|
cache: 'npm'
|
|
- run: npm ci
|
|
|
|
- name: Build Linux Packages
|
|
run: |
|
|
npx electron-builder --linux AppImage deb rpm --publish never
|
|
- uses: actions/upload-artifact@v4
|
|
with:
|
|
name: linux-builds
|
|
path: |
|
|
dist/*.AppImage
|
|
dist/*.AppImage.blockmap
|
|
dist/*.deb
|
|
dist/*.rpm
|
|
dist/latest-linux.yml
|
|
|
|
build-arch:
|
|
runs-on: ubuntu-latest
|
|
container:
|
|
image: archlinux:latest
|
|
steps:
|
|
- name: Checkout repository
|
|
uses: actions/checkout@v4
|
|
with:
|
|
fetch-depth: 0
|
|
|
|
- name: Install base packages
|
|
run: |
|
|
pacman -Syu --noconfirm
|
|
pacman -S --noconfirm \
|
|
base-devel \
|
|
git \
|
|
nodejs \
|
|
npm \
|
|
rpm-tools \
|
|
libxcrypt-compat
|
|
|
|
- name: Create build user
|
|
run: |
|
|
useradd -m builder
|
|
echo "builder ALL=(ALL) NOPASSWD: ALL" >> /etc/sudoers
|
|
|
|
- name: Fix Permissions
|
|
run: chown -R builder:builder .
|
|
|
|
- name: Build Arch Package
|
|
run: |
|
|
sudo -u builder bash << 'EOF'
|
|
set -e
|
|
makepkg --printsrcinfo > .SRCINFO
|
|
makepkg -s --noconfirm
|
|
EOF
|
|
|
|
- name: Fix permissions for upload
|
|
if: always()
|
|
run: |
|
|
sudo chown -R $(id -u):$(id -g) .
|
|
|
|
- name: Upload Arch Package
|
|
uses: actions/upload-artifact@v4
|
|
with:
|
|
name: arch-package
|
|
path: |
|
|
*.pkg.tar.zst
|
|
.SRCINFO
|
|
include-hidden-files: true
|
|
|
|
release:
|
|
needs: [build-windows, build-macos, build-linux, build-arch]
|
|
runs-on: ubuntu-latest
|
|
if: |
|
|
startsWith(github.ref, 'refs/tags/v') ||
|
|
github.ref == 'refs/heads/main' ||
|
|
github.event_name == 'workflow_dispatch'
|
|
|
|
permissions:
|
|
contents: write
|
|
|
|
steps:
|
|
- name: Checkout code
|
|
uses: actions/checkout@v4
|
|
|
|
- name: Download all artifacts
|
|
uses: actions/download-artifact@v4
|
|
with:
|
|
path: artifacts
|
|
|
|
- name: Display structure of downloaded files
|
|
run: ls -R artifacts
|
|
|
|
- name: Get version from package.json
|
|
id: pkg_version
|
|
run: echo "VERSION=$(node -p "require('./package.json').version")" >> $GITHUB_OUTPUT
|
|
|
|
- name: Create Release
|
|
uses: softprops/action-gh-release@v2
|
|
with:
|
|
tag_name: ${{ github.ref_name }}
|
|
files: |
|
|
artifacts/arch-package/*.pkg.tar.zst
|
|
artifacts/arch-package/.SRCINFO
|
|
artifacts/linux-builds/**/*
|
|
artifacts/windows-builds/**/*
|
|
artifacts/macos-builds/**/*
|
|
generate_release_notes: true
|
|
draft: true
|
|
prerelease: false
|
|
|