@@ -328,7 +328,7 @@ jobs:
328328 fi
329329 echo $INSTALLER_ARCHIVE >installer-archive.filename
330330 echo "INSTALLER_ARCHIVE=$(cat installer-archive.filename)" >>$GITHUB_ENV
331- if : github.event_name == 'push' && contains(github.ref, 'refs/tags') && matrix .os.name != 'macos-10.15 '
331+ if : github.event_name == 'push' && contains(github.ref, 'refs/tags') && runner .os == 'Linux '
332332
333333 - name : Build ${{ runner.os }} swift-files binary.
334334 run : |
@@ -389,7 +389,7 @@ jobs:
389389 path : |
390390 ${{ env.INSTALLER_ARCHIVE }}
391391 installer-archive.filename
392- if : github.event_name == 'push' && contains(github.ref, 'refs/tags') && matrix .os.name != 'macos-10.15 '
392+ if : github.event_name == 'push' && contains(github.ref, 'refs/tags') && runner .os == 'Linux '
393393 - uses : actions/upload-artifact@v2
394394 with :
395395 name : ${{ runner.os }}-artifacts-debug
@@ -419,6 +419,7 @@ jobs:
419419 matrix :
420420 os :
421421 - macOS
422+ - Windows
422423 runs-on : [self-hosted, '${{ matrix.os }}', code-signer]
423424 steps :
424425
@@ -432,6 +433,7 @@ jobs:
432433 uses : actions/checkout@v2
433434 with :
434435 path : application
436+ lfs : true
435437
436438 - uses : actions/download-artifact@v2
437439 with :
@@ -444,15 +446,20 @@ jobs:
444446 run : |
445447 cd application
446448 mkdir -p py39-dist
447- tar -xvf "$(cat release-archive.filename)" -C py39-dist
449+ if [ "$RUNNER_OS" == "Windows" ]; then
450+ 7z x -so $(cat release-archive.filename) | 7z x -ttar -si -y -opy39-dist
451+ elif [ "$RUNNER_OS" == "macOS" ]; then
452+ tar -xvf "$(cat release-archive.filename)" -C py39-dist
453+ fi
448454
449455name : Build .app bundle.
450456 shell : bash
451457 run : |
452458 cd application
453459 cargo make dist-to-installer-app
460+ if : matrix.os == 'macOS'
454461
455- name : Sign application.
462+ - name : Sign application (${{ matrix.os }}) .
456463 shell : bash
457464 run : |
458465 cd "application/target/installer/Swift Console.app"
@@ -481,21 +488,100 @@ jobs:
481488 --timestamp \
482489 --options=runtime \
483490 "target/installer/Swift Console.app"
491+ if : matrix.os == 'macOS'
492+
493+ - name : Sign application (${{ matrix.os }}).
494+ shell : cmd
495+ run : |
496+ cd application
497+ "${{ env.CODE_SIGNER_PATH_WIN }}" sign ^
498+ /debug /v /td SHA256 ^
499+ /n "Swift Navigation, Inc." /a ^
500+ /tr http://rfc3161timestamp.globalsign.com/advanced ^
501+ py39-dist/swift-console.exe
502+ if : matrix.os == 'Windows'
484503
485- name : Build dmg file.
504+ - name : Create Installer (${{ matrix.os }})
486505 shell : bash
487506 run : |
488507 cd application
489508 cargo make store-version
490- cargo make dist-to-installer-dmg
509+ if [ "$RUNNER_OS" == "Windows" ]; then
510+ cargo make dist-to-installer
511+ elif [ "$RUNNER_OS" == "macOS" ]; then
512+ cargo make dist-to-installer-dmg
513+ fi
491514
492515name : Add archive to path.
493516 shell : bash
494517 run : |
495- INSTALLER_ARCHIVE=$(find application -iname "*.dmg")
518+ if [ "$RUNNER_OS" == "Windows" ]; then
519+ INSTALLER_ARCHIVE="$(dir application/installers/Windows/*.exe)"
520+ elif [ "$RUNNER_OS" == "macOS" ]; then
521+ mv application/installers/macOS/*.dmg application
522+ INSTALLER_ARCHIVE=$(find application -maxdepth 1 -iname "*.dmg")
523+ fi
496524 echo $INSTALLER_ARCHIVE >installer-archive.filename
497525 echo "INSTALLER_ARCHIVE=$(cat installer-archive.filename)" >>$GITHUB_ENV
498526
527+ name : Sign installer (macOS)
528+ if : matrix.os == 'macOS'
529+ shell : bash
530+ run : |
531+ codesign -vvvv \
532+ -s "${{ secrets.APPLE_DEVELOPER_ID }}" \
533+ -f --timestamp \
534+ $(cat installer-archive.filename)
535+
536+ xcrun altool \
537+ --verbose \
538+ --notarize-app \
539+ --file $(cat installer-archive.filename) \
540+ --primary-bundle-id ${{ env.APP_BUNDLE_ID }} \
541+ --apiKey ${{ secrets.APPLE_KEY_ID }} \
542+ --apiIssuer ${{ secrets.APPLE_ISSUER_ID }} | tee notarize.log
543+
544+ REQUEST_UUID=$(cat notarize.log | grep RequestUUID | awk '{print $3}')
545+
546+ echo "REQUEST_UUID=$REQUEST_UUID" >>$GITHUB_ENV
547+
548+ name : Check notarization (macOS)
549+ if : matrix.os == 'macOS'
550+ uses : nick-invision/retry@v2
551+ with :
552+ shell : bash
553+ timeout_minutes : 3
554+ retry_wait_seconds : 120
555+ max_attempts : 10
556+ retry_on : error
557+ command : |
558+ xcrun altool \
559+ --verbose \
560+ --notarization-info ${{ env.REQUEST_UUID }} \
561+ --apiKey ${{ secrets.APPLE_KEY_ID }} \
562+ --apiIssuer ${{ secrets.APPLE_ISSUER_ID }} | tee notarize_status.log
563+
564+ NOTARIZATION_STATUS=$(cat notarize_status.log | grep Status: | awk '{print $2}')
565+ if [ $NOTARIZATION_STATUS == "success" ]; then
566+ echo "Notarization Successful"
567+ else
568+ echo "Notarization Failed"
569+ exit 1
570+ fi
571+
572+ xcrun stapler staple -v "$(cat installer-archive.filename)"
573+
574+ name : Sign NSIS installer (Windows)
575+ if : matrix.os == 'Windows'
576+ shell : cmd
577+ run : |
578+ set /p executable=<installer-archive.filename
579+ "${{ env.CODE_SIGNER_PATH_WIN }}" sign ^
580+ /debug /v /td SHA256 ^
581+ /n "Swift Navigation, Inc." /a ^
582+ /tr http://rfc3161timestamp.globalsign.com/advanced ^
583+ %executable%
584+
499585uses : actions/upload-artifact@v2
500586 with :
501587 name : ${{ runner.os }}-installer
@@ -592,116 +678,6 @@ jobs:
592678 exit 1
593679 fi
594680
595- sign_installer :
596- name : Sign Installers
597- timeout-minutes : 30
598- needs :
599- - sign_application
600- - frontend_bench
601- if : github.event_name == 'push' && contains(github.ref, 'refs/tags')
602- strategy :
603- matrix :
604- os :
605- - Windows
606- - macOS
607- runs-on : [self-hosted, '${{ matrix.os }}', code-signer]
608- steps :
609-
610- - name : Remove previous build.
611- shell : bash
612- continue-on-error : true
613- run : |
614- rm -rf installer
615-
616- uses : actions/download-artifact@v2
617- with :
618- name : ${{ matrix.os }}-installer
619- path : |
620- installer
621-
622- name : Sign NSIS installer (Windows)
623- if : matrix.os == 'Windows'
624- shell : cmd
625- run : |
626- cd installer
627- set /p executable=<installer-archive.filename
628- "${{ env.CODE_SIGNER_PATH_WIN }}" sign ^
629- /debug /v ^
630- /n "Swift Navigation, Inc." /a ^
631- /tr http://rfc3161timestamp.globalsign.com/advanced ^
632- /td SHA256 %executable%
633-
634- name : Sign installer (macOS)
635- if : matrix.os == 'macOS'
636- shell : bash
637- run : |
638- cd installer
639-
640- codesign -vvvv \
641- -s "${{ secrets.APPLE_DEVELOPER_ID }}" \
642- -f --timestamp \
643- $(cat installer-archive.filename)
644-
645- xcrun altool \
646- --verbose \
647- --notarize-app \
648- --file $(cat installer-archive.filename) \
649- --primary-bundle-id ${{ env.APP_BUNDLE_ID }} \
650- --apiKey ${{ secrets.APPLE_KEY_ID }} \
651- --apiIssuer ${{ secrets.APPLE_ISSUER_ID }} | tee notarize.log
652-
653- REQUEST_UUID=$(cat notarize.log | grep RequestUUID | awk '{print $3}')
654-
655- echo "REQUEST_UUID=$REQUEST_UUID" >>$GITHUB_ENV
656-
657- name : Check notarization (macOS)
658- if : matrix.os == 'macOS'
659- uses : nick-invision/retry@v2
660- with :
661- shell : bash
662- timeout_minutes : 3
663- retry_wait_seconds : 120
664- max_attempts : 10
665- retry_on : error
666- command : |
667- cd installer
668-
669- xcrun altool \
670- --verbose \
671- --notarization-info ${{ env.REQUEST_UUID }} \
672- --apiKey ${{ secrets.APPLE_KEY_ID }} \
673- --apiIssuer ${{ secrets.APPLE_ISSUER_ID }} | tee notarize_status.log
674-
675- NOTARIZATION_STATUS=$(cat notarize_status.log | grep Status: | awk '{print $2}')
676- if [ $NOTARIZATION_STATUS == "success" ]; then
677- echo "Notarization Successful"
678- else
679- echo "Notarization Failed"
680- exit 1
681- fi
682-
683- xcrun stapler staple -v "$(cat installer-archive.filename)"
684-
685- name : Add archive to path.
686- shell : bash
687- run : |
688- if [ "$RUNNER_OS" == "Linux" ]; then
689- INSTALLER_ARCHIVE=$(find installer -iname "*.deb")
690- elif [ "$RUNNER_OS" == "Windows" ]; then
691- INSTALLER_ARCHIVE=$(ls installer/installers/Windows/*.exe)
692- elif [ "$RUNNER_OS" == "macOS" ]; then
693- INSTALLER_ARCHIVE=$(find installer -iname "*.dmg")
694- fi
695- echo $INSTALLER_ARCHIVE >installer-archive.filename
696- echo "INSTALLER_ARCHIVE=$(cat installer-archive.filename)" >>$GITHUB_ENV
697-
698- uses : actions/upload-artifact@v2
699- with :
700- name : ${{ runner.os }}-installer-signed
701- path : |
702- ${{ env.INSTALLER_ARCHIVE }}
703- installer-archive.filename
704-
705681sign_binaries :
706682 name : Sign Binaries
707683 timeout-minutes : 30
@@ -747,10 +723,10 @@ jobs:
747723 shell : cmd
748724 run : |
749725 "${{ env.CODE_SIGNER_PATH_WIN }}" sign ^
750- /debug /v ^
726+ /debug /v /td SHA256 ^
751727 /n "Swift Navigation, Inc." /a ^
752728 /tr http://rfc3161timestamp.globalsign.com/advanced ^
753- /td SHA256 binaries/swift-${{ matrix.type }}_${{ env.VERSION }}_${{ matrix.os.short_name }}${{ matrix.os.exe_suffix }}
729+ binaries/swift-${{ matrix.type }}_${{ env.VERSION }}_${{ matrix.os.short_name }}${{ matrix.os.exe_suffix }}
754730if : matrix.os.name == 'Windows'
755731
756732 - name : Sign Binaries.
@@ -876,7 +852,7 @@ jobs:
876852 name : Create Release
877853 needs :
878854 - sign_zipped_binaries
879- - sign_installer
855+ - sign_application
880856 if : github.event_name == 'push' && contains(github.ref, 'refs/tags')
881857 runs-on : ubuntu-20.04
882858 steps :
@@ -888,7 +864,7 @@ jobs:
888864name : Pull Windows Installer
889865 uses : actions/download-artifact@v2
890866 with :
891- name : Windows-installer-signed
867+ name : Windows-installer
892868 path : windows
893869 - name : Pull Windows Binaries
894870 uses : actions/download-artifact@v2
0 commit comments