File: release.yml

package info (click to toggle)
frescobaldi 4.0.5%2Bds1-1
links: PTS, VCS
area: main
in suites: forky, sid
size: 21,368 kB
sloc: python: 39,076; javascript: 263; makefile: 37; sh: 8
file content (194 lines) | stat: -rw-r--r-- 6,629 bytes
name: Frescobaldi release
# This action is intended to be run on releases, but the
# manual trigger (workflow_dispatch) might be useful
# to test the packages before a release.
on:
  workflow_dispatch:
  release:
    types: [published]

env:
  FORCE_COLOR: "1"

defaults:
  run:
    shell: bash

jobs:
  tarball:
    # Tarball including .mo files plus the built .desktop and .metainfo.xml files
    name: Tarball for Linux packagers
    runs-on: ubuntu-latest
    steps:
      - name: Checkout
        uses: actions/checkout@v4
      - name: Setup Python
        uses: actions/setup-python@v5
        with:
          python-version: "3.13"
      - name: Install dependencies
        run: |
          sudo apt update && sudo apt install -y appstream desktop-file-utils gettext
          python -m pip install --upgrade pip build wheel tox
      - name: Build tarball
        id: build_tarball
        run: |
          tox -e mo-generate
          tox -e linux-generate
          tox -e linux-validate
          python -m build
          echo "filename=$(ls dist/*.tar.gz)" >> "$GITHUB_OUTPUT"
      - name: Tarball upload
        if: github.event.release
        uses: svenstaro/upload-release-action@v2
        with:
          repo_token: ${{ secrets.GITHUB_TOKEN }}
          file_glob: true
          file: ${{ steps.build_tarball.outputs.filename }}
          tag: ${{ github.ref }}

  packages:
    name: Packages
    runs-on: ${{ matrix.runs-on }}
    strategy:
      fail-fast: false
      matrix:
        target: ["Windows", "macOS", "macOS-Intel"]
        include:
          - target: "Windows"
            platform: "windows"
            output-format: "app"
            runs-on: "windows-latest"
            filename: dist/*.msi

          - target: "macOS"
            platform: "macOS"
            output-format: "app"
            runs-on: "macos-latest"
            briefcase-package-args: '--identity "$CERTIFICATE_ID"'
            filename: dist/*.dmg

          - target: "macOS-Intel"
            platform: "macOS"
            output-format: "app"
            runs-on: "macos-latest"
            briefcase-package-args: '--identity "$CERTIFICATE_ID"'
            filename: dist/*.dmg

    steps:
      - name: Checkout
        uses: actions/checkout@v4

      - name: Import signing certificate on macOS
        if: ${{ (matrix.target == 'macOS') || (matrix.target == 'macOS-Intel') }}
        env:
          BUILD_CERTIFICATE_BASE64: ${{ secrets.BUILD_CERTIFICATE_BASE64 }}
          P12_PASSWORD: ${{ secrets.P12_PASSWORD }}
          KEYCHAIN_PASSWORD: ${{ secrets.KEYCHAIN_PASSWORD }}
          CERTIFICATE_ID: ${{ secrets.CERTIFICATE_ID }}
          TEAM_ID: ${{ secrets.TEAM_ID }}
          APPLE_ID: ${{ secrets.APPLE_ID }}
          BRIEFCASE_PASSWORD: ${{ secrets.BRIEFCASE_PASSWORD }}
        run: |
          # create variables
          CERTIFICATE_PATH=$RUNNER_TEMP/build_certificate.p12
          KEYCHAIN_PATH=$RUNNER_TEMP/app-signing.keychain-db

          # import certificate from secrets
          echo -n "$BUILD_CERTIFICATE_BASE64" | base64 --decode -o $CERTIFICATE_PATH

          # create temporary keychain
          security create-keychain -p "$KEYCHAIN_PASSWORD" $KEYCHAIN_PATH
          security set-keychain-settings -lut 21600 $KEYCHAIN_PATH
          security unlock-keychain -p "$KEYCHAIN_PASSWORD" $KEYCHAIN_PATH

          # import certificate to keychain
          security import $CERTIFICATE_PATH -P "$P12_PASSWORD" -A -t cert -f pkcs12 -k $KEYCHAIN_PATH
          security set-key-partition-list -S apple-tool:,apple: -k "$KEYCHAIN_PASSWORD" $KEYCHAIN_PATH
          security list-keychain -d user -s $KEYCHAIN_PATH

          # store app-specific password for notarization
          xcrun notarytool store-credentials "briefcase-macOS-$TEAM_ID" --apple-id "$APPLE_ID" --team-id $TEAM_ID --password $BRIEFCASE_PASSWORD

      - name: Setup Python
        uses: actions/setup-python@v5
        with:
          python-version: "3.13"

      - name: Install Windows dependencies
        if: matrix.target == 'Windows'
        shell: pwsh
        run: |
          iex (new-object net.webclient).downloadstring('https://get.scoop.sh')
          scoop install main/gettext

      - name: Install python dependencies
        run: |
          python -m pip install --upgrade pip setuptools wheel
          python -m pip install briefcase tox

      - name: Build Frescobaldi translations on Windows
        if: matrix.target == 'Windows'
        run: |
          export PATH=/c/Users/runneradmin/scoop/shims:$PATH
          tox -e mo-generate

      - name: Build Frescobaldi translations on macOS
        if: ${{ (matrix.target == 'macOS') || (matrix.target == 'macOS-Intel') }}
        run: tox -e mo-generate

      - name: Build Frescobaldi
        run: |
          ${{ matrix.briefcase-build-prefix }} \
          briefcase build \
            ${{ matrix.platform || matrix.target }} \
            ${{ matrix.output-format }} \
            --test --no-input --log \
            ${{ matrix.briefcase-args }} \
            ${{ matrix.briefcase-build-args }}

      - name: Package Frescobaldi
        env:
          CERTIFICATE_ID: ${{ secrets.CERTIFICATE_ID }}
        run: |
          ${{ matrix.briefcase-package-prefix }} \
          briefcase package \
            ${{ matrix.platform || matrix.target }} \
            ${{ matrix.output-format }} \
            --update --no-input --log \
            ${{ matrix.briefcase-args }} \
            ${{ matrix.briefcase-package-args }}

      # Briefcase generates Frescobaldi-$VERSION.dmg for
      # both macOS builds. We want to rename the Intel .dmg before
      # uploading it to Releases.
      - name: Rename macOS-Intel .dmg file
        if: matrix.target == 'macOS-Intel'
        run: |
          export VERSION=`sed -n 's/^version = "\(.*\)"/\1/p' frescobaldi/appinfo.py`
          echo $VERSION
          mv dist/Frescobaldi-$VERSION.dmg dist/Frescobaldi-$VERSION-Intel.dmg

      - name: Upload Frescobaldi
        uses: actions/upload-artifact@v4
        with:
          name: frescobaldi-${{ matrix.target }}
          path: dist
          if-no-files-found: error

      - name: Upload Log
        if: failure()
        uses: actions/upload-artifact@v4
        with:
          name: Log-Failure-${{ matrix.target }}
          path: logs/*

      - name: Release upload
        if: github.event.release
        uses: svenstaro/upload-release-action@v2
        with:
          repo_token: ${{ secrets.GITHUB_TOKEN }}
          file_glob: true
          file: ${{ matrix.filename }}
          tag: ${{ github.ref }}