mirror of
https://github.com/ghostty-org/ghostty.git
synced 2025-07-25 13:16:11 +03:00
ba55791a51
Bumps [cachix/install-nix-action](https://github.com/cachix/install-nix-action) from 18 to 19. - [Release notes](https://github.com/cachix/install-nix-action/releases) - [Commits](https://github.com/cachix/install-nix-action/compare/v18...v19) --- updated-dependencies: - dependency-name: cachix/install-nix-action dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com>
166 lines
6.2 KiB
YAML
166 lines
6.2 KiB
YAML
on:
|
|
workflow_run:
|
|
workflows: [Test]
|
|
types: [completed]
|
|
branches: [main]
|
|
|
|
workflow_dispatch: {}
|
|
|
|
name: Release Tip
|
|
|
|
jobs:
|
|
build-macos:
|
|
if: ${{ github.event_name == 'workflow_dispatch' || github.event.workflow_run.conclusion == 'success' }}
|
|
runs-on: ubuntu-latest
|
|
env:
|
|
# Needed for macos SDK
|
|
AGREE: "true"
|
|
steps:
|
|
- name: Checkout code
|
|
uses: actions/checkout@v3
|
|
with:
|
|
submodules: recursive
|
|
fetch-depth: 0
|
|
|
|
# Install Nix and use that so our environment matches exactly.
|
|
- uses: cachix/install-nix-action@v19
|
|
with:
|
|
nix_path: nixpkgs=channel:nixos-unstable
|
|
|
|
# Cross-compile the binary. We always use static building for this
|
|
# because its the only way to access the headers.
|
|
- name: Build aarch64
|
|
run: |
|
|
nix develop -c zig build -Dcpu=baseline -Dstatic=true -Dtarget=aarch64-macos -Drelease-fast
|
|
mv zig-out/bin/ghostty zig-out/bin/ghostty-aarch64-macos
|
|
- name: Build x86_64
|
|
run: |
|
|
nix develop -c zig build -Dcpu=baseline -Dstatic=true -Dtarget=x86_64-macos -Drelease-fast
|
|
mv zig-out/bin/ghostty zig-out/bin/ghostty-x86_64-macos
|
|
|
|
- name: Create Universal Binary
|
|
run: |
|
|
# Lipo our binaries
|
|
nix develop -c \
|
|
llvm-lipo \
|
|
zig-out/bin/ghostty-aarch64-macos \
|
|
zig-out/bin/ghostty-x86_64-macos \
|
|
-create \
|
|
-output zig-out/bin/ghostty-universal
|
|
|
|
# Ensure the app is universal
|
|
cp zig-out/bin/ghostty-universal zig-out/Ghostty.app/Contents/MacOS/ghostty
|
|
|
|
# Upload the App bundle so we can sign it later on macOS
|
|
- name: Store App Bundle Artifact
|
|
uses: actions/upload-artifact@v3
|
|
with:
|
|
name: app-bundle
|
|
path: zig-out/
|
|
retention-days: 5
|
|
|
|
- name: Zip Unsigned App
|
|
run: nix develop -c sh -c 'cd zig-out && zip -9 -r ../ghostty-macos-universal-unsigned.zip Ghostty.app'
|
|
|
|
# Update Release
|
|
- name: Release Unsigned
|
|
uses: softprops/action-gh-release@v1
|
|
with:
|
|
name: "Ghostty Tip (\"Nightly\")"
|
|
prerelease: true
|
|
tag_name: tip
|
|
target_commitish: ${{ github.sha }}
|
|
files: ghostty-macos-universal-unsigned.zip
|
|
|
|
# Update the Release Tag
|
|
- name: Tip Tag
|
|
uses: rickstaa/action-create-tag@v1
|
|
with:
|
|
tag: "tip"
|
|
message: "Latest Continuous Release"
|
|
force_push_tag: true
|
|
|
|
sign-and-release:
|
|
runs-on: macos-12
|
|
needs: build-macos
|
|
steps:
|
|
- name: Checkout code
|
|
uses: actions/checkout@v3
|
|
with:
|
|
submodules: recursive
|
|
fetch-depth: 0
|
|
|
|
- uses: actions/download-artifact@v3
|
|
with:
|
|
name: app-bundle
|
|
path: zig-out
|
|
|
|
- name: Fix Permissions
|
|
run: |
|
|
chmod +x zig-out/Ghostty.app/Contents/MacOS/ghostty
|
|
|
|
- name: Codesign app bundle
|
|
env:
|
|
MACOS_CERTIFICATE: ${{ secrets.PROD_MACOS_CERTIFICATE }}
|
|
MACOS_CERTIFICATE_PWD: ${{ secrets.PROD_MACOS_CERTIFICATE_PWD }}
|
|
MACOS_CERTIFICATE_NAME: ${{ secrets.PROD_MACOS_CERTIFICATE_NAME }}
|
|
MACOS_CI_KEYCHAIN_PWD: ${{ secrets.PROD_MACOS_CI_KEYCHAIN_PWD }}
|
|
run: |
|
|
# Turn our base64-encoded certificate back to a regular .p12 file
|
|
echo $MACOS_CERTIFICATE | base64 --decode > certificate.p12
|
|
|
|
# We need to create a new keychain, otherwise using the certificate will prompt
|
|
# with a UI dialog asking for the certificate password, which we can't
|
|
# use in a headless CI environment
|
|
security create-keychain -p "$MACOS_CI_KEYCHAIN_PWD" build.keychain
|
|
security default-keychain -s build.keychain
|
|
security unlock-keychain -p "$MACOS_CI_KEYCHAIN_PWD" build.keychain
|
|
security import certificate.p12 -k build.keychain -P "$MACOS_CERTIFICATE_PWD" -T /usr/bin/codesign
|
|
security set-key-partition-list -S apple-tool:,apple:,codesign: -s -k "$MACOS_CI_KEYCHAIN_PWD" build.keychain
|
|
|
|
# We finally codesign our app bundle, specifying the Hardened runtime option
|
|
/usr/bin/codesign --force -s "$MACOS_CERTIFICATE_NAME" --options runtime zig-out/Ghostty.app -v
|
|
|
|
- name: "Notarize app bundle"
|
|
env:
|
|
PROD_MACOS_NOTARIZATION_APPLE_ID: ${{ secrets.PROD_MACOS_NOTARIZATION_APPLE_ID }}
|
|
PROD_MACOS_NOTARIZATION_TEAM_ID: ${{ secrets.PROD_MACOS_NOTARIZATION_TEAM_ID }}
|
|
PROD_MACOS_NOTARIZATION_PWD: ${{ secrets.PROD_MACOS_NOTARIZATION_PWD }}
|
|
run: |
|
|
# Store the notarization credentials so that we can prevent a UI password dialog
|
|
# from blocking the CI
|
|
echo "Create keychain profile"
|
|
xcrun notarytool store-credentials "notarytool-profile" --apple-id "$PROD_MACOS_NOTARIZATION_APPLE_ID" --team-id "$PROD_MACOS_NOTARIZATION_TEAM_ID" --password "$PROD_MACOS_NOTARIZATION_PWD"
|
|
|
|
# We can't notarize an app bundle directly, but we need to compress it as an archive.
|
|
# Therefore, we create a zip file containing our app bundle, so that we can send it to the
|
|
# notarization service
|
|
echo "Creating temp notarization archive"
|
|
ditto -c -k --keepParent "zig-out/Ghostty.app" "notarization.zip"
|
|
|
|
# Here we send the notarization request to the Apple's Notarization service, waiting for the result.
|
|
# This typically takes a few seconds inside a CI environment, but it might take more depending on the App
|
|
# characteristics. Visit the Notarization docs for more information and strategies on how to optimize it if
|
|
# you're curious
|
|
echo "Notarize app"
|
|
xcrun notarytool submit "notarization.zip" --keychain-profile "notarytool-profile" --wait
|
|
|
|
# Finally, we need to "attach the staple" to our executable, which will allow our app to be
|
|
# validated by macOS even when an internet connection is not available.
|
|
echo "Attach staple"
|
|
xcrun stapler staple "zig-out/Ghostty.app"
|
|
|
|
# Zip up the app
|
|
- name: Zip App
|
|
run: cd zig-out && zip -9 -r ../ghostty-macos-universal.zip Ghostty.app
|
|
|
|
# Update Release
|
|
- name: Release
|
|
uses: softprops/action-gh-release@v1
|
|
with:
|
|
name: "Ghostty Tip (\"Nightly\")"
|
|
prerelease: true
|
|
tag_name: tip
|
|
target_commitish: ${{ github.sha }}
|
|
files: ghostty-macos-universal.zip
|