Fix permission recovery, prefs UX, arming flow, and hotkey diagnostics #21
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: macOS Release | |
| on: | |
| push: | |
| tags: | |
| - "v*" | |
| workflow_dispatch: | |
| permissions: | |
| contents: write | |
| jobs: | |
| release: | |
| runs-on: macos-15 | |
| env: | |
| APPLE_CERTIFICATE_P12: ${{ secrets.APPLE_CERTIFICATE_P12 }} | |
| APPLE_CERTIFICATE_PASSWORD: ${{ secrets.APPLE_CERTIFICATE_PASSWORD }} | |
| APPLE_KEYCHAIN_PASSWORD: ${{ secrets.APPLE_KEYCHAIN_PASSWORD }} | |
| APPLE_SIGNING_IDENTITY_SECRET: ${{ secrets.APPLE_SIGNING_IDENTITY }} | |
| APPLE_ID: ${{ secrets.APPLE_ID }} | |
| APPLE_TEAM_ID: ${{ secrets.APPLE_TEAM_ID }} | |
| APPLE_APP_PASSWORD: ${{ secrets.APPLE_APP_PASSWORD }} | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| - name: Select Xcode with Swift 6.2 | |
| uses: maxim-lobanov/setup-xcode@v1 | |
| with: | |
| xcode-version: "16.4" | |
| - name: Import Developer ID certificate | |
| if: ${{ env.APPLE_CERTIFICATE_P12 != '' && env.APPLE_CERTIFICATE_PASSWORD != '' }} | |
| run: | | |
| CERT_PATH="$RUNNER_TEMP/apple_certificate.p12" | |
| KEYCHAIN_PATH="$RUNNER_TEMP/build.keychain-db" | |
| KEYCHAIN_PASSWORD="${APPLE_KEYCHAIN_PASSWORD:-temp-keychain-password}" | |
| if ! (echo "$APPLE_CERTIFICATE_P12" | base64 --decode > "$CERT_PATH" 2>/dev/null); then | |
| echo "$APPLE_CERTIFICATE_P12" | base64 -D > "$CERT_PATH" | |
| fi | |
| security create-keychain -p "$KEYCHAIN_PASSWORD" "$KEYCHAIN_PATH" | |
| security set-keychain-settings -lut 21600 "$KEYCHAIN_PATH" | |
| security unlock-keychain -p "$KEYCHAIN_PASSWORD" "$KEYCHAIN_PATH" | |
| CURRENT_KEYCHAINS=$(security list-keychains -d user | tr -d '"') | |
| security list-keychains -d user -s "$KEYCHAIN_PATH" $CURRENT_KEYCHAINS | |
| security default-keychain -s "$KEYCHAIN_PATH" | |
| security import "$CERT_PATH" -k "$KEYCHAIN_PATH" -P "$APPLE_CERTIFICATE_PASSWORD" -A -T /usr/bin/codesign -T /usr/bin/security | |
| security set-key-partition-list -S apple-tool:,apple: -s -k "$KEYCHAIN_PASSWORD" "$KEYCHAIN_PATH" | |
| - name: Resolve signing identity | |
| if: ${{ env.APPLE_CERTIFICATE_P12 != '' && env.APPLE_CERTIFICATE_PASSWORD != '' && env.APPLE_SIGNING_IDENTITY_SECRET == '' }} | |
| run: | | |
| IDENTITY=$(security find-identity -v -p codesigning | awk -F'"' '/Developer ID Application/ {print $2; exit}') | |
| if [[ -z "$IDENTITY" ]]; then | |
| echo "No Developer ID Application identity found" | |
| exit 1 | |
| fi | |
| echo "RESOLVED_APPLE_SIGNING_IDENTITY=$IDENTITY" >> "$GITHUB_ENV" | |
| - name: Build and package artifacts | |
| env: | |
| APPLE_SIGNING_IDENTITY: ${{ env.APPLE_SIGNING_IDENTITY_SECRET }} | |
| APPLE_ID: ${{ env.APPLE_ID }} | |
| APPLE_TEAM_ID: ${{ env.APPLE_TEAM_ID }} | |
| APPLE_APP_PASSWORD: ${{ env.APPLE_APP_PASSWORD }} | |
| run: | | |
| if [[ -z "${APPLE_SIGNING_IDENTITY:-}" ]] && [[ -n "${RESOLVED_APPLE_SIGNING_IDENTITY:-}" ]]; then | |
| export APPLE_SIGNING_IDENTITY="$RESOLVED_APPLE_SIGNING_IDENTITY" | |
| fi | |
| macos/scripts/package-release.sh | |
| - name: Validate DMG layout | |
| run: | | |
| ATTACH_LINE=$(hdiutil attach dist/Quedo.dmg -nobrowse | tail -n 1) | |
| MOUNT_POINT=$(printf '%s\n' "$ATTACH_LINE" | awk -F'\t' '{print $3}') | |
| DEVICE_NODE=$(printf '%s\n' "$ATTACH_LINE" | awk '{print $1}') | |
| test -d "$MOUNT_POINT/Quedo.app" | |
| test -L "$MOUNT_POINT/Applications" | |
| test "$(readlink "$MOUNT_POINT/Applications")" = "/Applications" | |
| hdiutil detach "$DEVICE_NODE" -quiet | |
| - name: Upload workflow artifacts | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: macos-release-artifacts | |
| path: | | |
| dist/Quedo.app.zip | |
| dist/Quedo.dmg | |
| dist/quedo-cli-macos.zip | |
| dist/SHA256SUMS.txt | |
| - name: Publish GitHub release | |
| if: startsWith(github.ref, 'refs/tags/') | |
| uses: softprops/action-gh-release@v2 | |
| with: | |
| files: | | |
| dist/Quedo.app.zip | |
| dist/Quedo.dmg | |
| dist/quedo-cli-macos.zip | |
| dist/SHA256SUMS.txt | |
| generate_release_notes: true |