release #1

Workflow file for this run

.github/workflows/release.yml at 9ebe048

	name: release

	on:
	release:
	types: [created]

	permissions:
	contents: write

	jobs:
	release:
	name: Release - ${{ matrix.platform.release_for }}
	strategy:
	matrix:
	platform:
	- release_for: macOS-x86_64
	os: macOS-latest
	target: x86_64-apple-darwin
	bin: tmignore
	name: tmignore-Darwin-x86_64.tar.gz

	- release_for: macOS-aarch64
	os: macOS-latest
	target: aarch64-apple-darwin
	bin: tmignore
	name: tmignore-Darwin-aarch64.tar.gz

	runs-on: ${{ matrix.platform.os }}

	steps:
	- name: Checkout
	uses: actions/checkout@v4

	- name: Build binary
	uses: houseabsolute/actions-rust-cross@v0
	with:
	target: ${{ matrix.platform.target }}
	args: "--locked --release"
	strip: true

	- name: Import code signing certificate
	env:
	APPLE_CERTIFICATE_BASE64: ${{ secrets.APPLE_CERTIFICATE_BASE64 }}
	APPLE_CERTIFICATE_PASSWORD: ${{ secrets.APPLE_CERTIFICATE_PASSWORD }}
	run: \|
	CERTIFICATE_PATH=$RUNNER_TEMP/certificate.p12
	KEYCHAIN_PATH=$RUNNER_TEMP/signing.keychain-db
	KEYCHAIN_PASSWORD=$(openssl rand -base64 32)

	echo -n "$APPLE_CERTIFICATE_BASE64" \| base64 --decode -o $CERTIFICATE_PATH

	security create-keychain -p "$KEYCHAIN_PASSWORD" $KEYCHAIN_PATH
	security set-keychain-settings -lut 21600 $KEYCHAIN_PATH
	security unlock-keychain -p "$KEYCHAIN_PASSWORD" $KEYCHAIN_PATH
	security import $CERTIFICATE_PATH -P "$APPLE_CERTIFICATE_PASSWORD" -A -t cert -f pkcs12 -k $KEYCHAIN_PATH
	security set-key-partition-list -S apple-tool:,apple: -k "$KEYCHAIN_PASSWORD" $KEYCHAIN_PATH
	security list-keychain -d user -s $KEYCHAIN_PATH

	- name: Sign binary
	run: \|
	codesign --force --options runtime \
	--sign "Developer ID Application: Wassim Metallaoui (${{ secrets.APPLE_TEAM_ID }})" \
	target/${{ matrix.platform.target }}/release/${{ matrix.platform.bin }}

	- name: Notarize binary
	continue-on-error: true
	timeout-minutes: 15
	env:
	APPLE_ID: ${{ secrets.APPLE_ID }}
	APPLE_ID_PASSWORD: ${{ secrets.APPLE_ID_PASSWORD }}
	APPLE_TEAM_ID: ${{ secrets.APPLE_TEAM_ID }}
	run: \|
	ZIP_PATH=$RUNNER_TEMP/${{ matrix.platform.bin }}-notarize.zip
	ditto -c -k target/${{ matrix.platform.target }}/release/${{ matrix.platform.bin }} "$ZIP_PATH"
	xcrun notarytool submit "$ZIP_PATH" \
	--apple-id "$APPLE_ID" \
	--password "$APPLE_ID_PASSWORD" \
	--team-id "$APPLE_TEAM_ID" \
	--wait

	- name: Archive binary
	shell: bash
	run: \|
	cd target/${{ matrix.platform.target }}/release
	tar czvf ../../../${{ matrix.platform.name }} ${{ matrix.platform.bin }}
	cd -

	- name: Generate SHA-256
	shell: bash
	run: \|
	shasum -a 256 ${{ matrix.platform.name }} > ${{ matrix.platform.name }}-sha.txt

	- name: Publish release artifacts
	uses: actions/upload-artifact@v4
	with:
	name: tmignore-${{ matrix.platform.target }}
	path: "tmignore-*"

	- name: Publish GitHub release
	uses: softprops/action-gh-release@v2
	with:
	files: "tmignore*"

	- name: Clean up keychain
	if: always()
	run: security delete-keychain $RUNNER_TEMP/signing.keychain-db

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

release #1

Workflow file

release #1

Uh oh!

Workflow file for this run