Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Deployment Release for ARM64 - Run manually! | |
| on: | |
| workflow_dispatch: | |
| inputs: | |
| notarization: | |
| type: boolean | |
| required: true | |
| default: true | |
| push: | |
| branches: | |
| - arm64mac-release | |
| - updateArm64Notarization | |
| env: | |
| SpringerNatureAPIKey: ${{ secrets.SpringerNatureAPIKey }} | |
| AstrophysicsDataSystemAPIKey: ${{ secrets.AstrophysicsDataSystemAPIKey }} | |
| IEEEAPIKey: ${{ secrets.IEEEAPIKey }} | |
| BiodiversityHeritageApiKey: ${{ secrets.BiodiversityHeritageApiKey}} | |
| OSXCERT: ${{ secrets.OSX_SIGNING_CERT }} | |
| GRADLE_OPTS: -Xmx4g -Dorg.gradle.daemon=false -Dorg.gradle.vfs.watch=false | |
| JAVA_OPTS: -Xmx4g | |
| concurrency: | |
| group: "${{ github.workflow }}-${{ github.head_ref || github.ref }}" | |
| cancel-in-progress: true | |
| jobs: | |
| build: | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| os: [self-hosted] | |
| include: | |
| - os: self-hosted | |
| displayName: macOS (Arm64) | |
| suffix: '_arm64' | |
| runs-on: ${{ matrix.os }} | |
| name: Create installer and portable version for ${{ matrix.displayName }} | |
| steps: | |
| - name: Check secrets presence | |
| id: checksecrets | |
| shell: bash | |
| run: | | |
| [ -n "$BUILDJABREFPRIVATEKEY" ] || exit 1 | |
| env: | |
| BUILDJABREFPRIVATEKEY: ${{ secrets.buildJabRefPrivateKey }} | |
| - name: Fetch all history for all tags and branches | |
| uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: 0 | |
| submodules: 'true' | |
| show-progress: 'false' | |
| - name: Install GitVersion | |
| uses: gittools/actions/gitversion/[email protected] | |
| with: | |
| versionSpec: "5.x" | |
| - name: Run GitVersion | |
| id: gitversion | |
| uses: gittools/actions/gitversion/[email protected] | |
| - name: Setup JDK | |
| uses: actions/setup-java@v4 | |
| with: | |
| java-version: 21.0.1 | |
| distribution: 'liberica' | |
| - name: Clean up keychain | |
| run: | | |
| security delete-keychain signing_temp.keychain ${{runner.temp}}/keychain/notarization.keychain || true | |
| - name: Setup OSX key chain on macOS | |
| uses: apple-actions/import-codesign-certs@v2 | |
| with: | |
| p12-file-base64: ${{ secrets.OSX_SIGNING_CERT }} | |
| p12-password: ${{ secrets.OSX_CERT_PWD }} | |
| keychain-password: jabref | |
| - name: Setup OSX key chain on OSX for app id cert | |
| uses: apple-actions/import-codesign-certs@v2 | |
| with: | |
| p12-file-base64: ${{ secrets.OSX_SIGNING_CERT_APPLICATION }} | |
| p12-password: ${{ secrets.OSX_CERT_PWD }} | |
| create-keychain: false | |
| keychain-password: jabref | |
| - name: Create notarization keychain | |
| run: | | |
| mkdir ${{runner.temp}}/keychain | |
| security create-keychain -p jabref ${{runner.temp}}/keychain/notarization.keychain | |
| security set-keychain-settings ${{runner.temp}}/keychain/notarization.keychain | |
| - name: Setup Gradle | |
| uses: gradle/gradle-build-action@v2 | |
| - name: Prepare merged jars and modules dir (macOS) | |
| run: ./gradlew -i -PprojVersion="${{ steps.gitversion.outputs.AssemblySemVer }}" -PprojVersionInfo="${{ steps.gitversion.outputs.InformationalVersion }}" prepareModulesDir | |
| - name: Build dmg (macOS) | |
| shell: bash | |
| run: | | |
| jpackage \ | |
| --module org.jabref/org.jabref.cli.Launcher \ | |
| --module-path ${{env.JAVA_HOME}}/jmods/:build/jlinkbase/jlinkjars \ | |
| --add-modules org.jabref,org.jabref.merged.module \ | |
| --dest build/distribution \ | |
| --app-content buildres/mac/jabrefHost.py \ | |
| --app-content buildres/mac/native-messaging-host \ | |
| --name JabRef \ | |
| --app-version ${{ steps.gitversion.outputs.Major }}.${{ steps.gitversion.outputs.Minor }} \ | |
| --verbose \ | |
| --mac-sign \ | |
| --vendor "JabRef e.V." \ | |
| --mac-package-identifier JabRef \ | |
| --mac-package-name JabRef \ | |
| --type dmg --mac-signing-key-user-name "JabRef e.V. (6792V39SK3)" \ | |
| --mac-package-signing-prefix org.jabref \ | |
| --mac-entitlements buildres/mac/jabref.entitlements \ | |
| --icon src/main/resources/icons/jabref.icns \ | |
| --resource-dir buildres/mac \ | |
| --file-associations buildres/mac/bibtexAssociations.properties \ | |
| --jlink-options --bind-services | |
| - name: Build pkg (macOS) | |
| shell: bash | |
| run: | | |
| jpackage \ | |
| --module org.jabref/org.jabref.cli.Launcher \ | |
| --module-path ${{env.JAVA_HOME}}/jmods/:build/jlinkbase/jlinkjars \ | |
| --add-modules org.jabref,org.jabref.merged.module \ | |
| --dest build/distribution \ | |
| --app-content buildres/mac/jabrefHost.py \ | |
| --app-content buildres/mac/native-messaging-host \ | |
| --name JabRef \ | |
| --app-version ${{ steps.gitversion.outputs.Major }}.${{ steps.gitversion.outputs.Minor }} \ | |
| --verbose \ | |
| --mac-sign \ | |
| --vendor "JabRef e.V." \ | |
| --mac-package-identifier JabRef \ | |
| --mac-package-name JabRef \ | |
| --type pkg --mac-signing-key-user-name "JabRef e.V. (6792V39SK3)" \ | |
| --mac-package-signing-prefix org.jabref \ | |
| --mac-entitlements buildres/mac/jabref.entitlements \ | |
| --icon src/main/resources/icons/jabref.icns \ | |
| --resource-dir buildres/mac \ | |
| --file-associations buildres/mac/bibtexAssociations.properties \ | |
| --jlink-options --bind-services | |
| - name: Rename files with arm64 suffix as well | |
| shell: bash | |
| run: | | |
| mv build/distribution/JabRef-${{ steps.gitversion.outputs.Major }}.${{ steps.gitversion.outputs.Minor }}.dmg build/distribution/JabRef-${{ steps.gitversion.outputs.Major }}.${{ steps.gitversion.outputs.Minor }}-arm64.dmg | |
| mv build/distribution/JabRef-${{ steps.gitversion.outputs.Major }}.${{ steps.gitversion.outputs.Minor }}.pkg build/distribution/JabRef-${{ steps.gitversion.outputs.Major }}.${{ steps.gitversion.outputs.Minor }}-arm64.pkg | |
| - name: Notarize dmg | |
| if: (startsWith(github.ref, 'refs/tags/') || (${{ inputs.notarization }})) | |
| shell: bash | |
| run: | | |
| xcrun notarytool store-credentials "notarytool-profile" --apple-id "[email protected]" --team-id "6792V39SK3" --password "${{ secrets.OSX_NOTARIZATION_APP_PWD }}" --keychain ${{runner.temp}}/keychain/notarization.keychain | |
| xcrun notarytool submit build/distribution/JabRef-${{ steps.gitversion.outputs.Major }}.${{ steps.gitversion.outputs.Minor }}-arm64.dmg --keychain-profile "notarytool-profile" --keychain ${{runner.temp}}/keychain/notarization.keychain --wait | |
| xcrun stapler staple build/distribution/JabRef-${{ steps.gitversion.outputs.Major }}.${{ steps.gitversion.outputs.Minor }}-arm64.dmg | |
| - name: Notarize pkg | |
| if: (startsWith(github.ref, 'refs/tags/') || (${{ inputs.notarization }})) | |
| shell: bash | |
| run: | | |
| xcrun notarytool store-credentials "notarytool-profile" --apple-id "[email protected]" --team-id "6792V39SK3" --password "${{ secrets.OSX_NOTARIZATION_APP_PWD }}" --keychain ${{runner.temp}}/keychain/notarization.keychain | |
| xcrun notarytool submit build/distribution/JabRef-${{ steps.gitversion.outputs.Major }}.${{ steps.gitversion.outputs.Minor }}-arm64.pkg --keychain-profile "notarytool-profile" --keychain ${{runner.temp}}/keychain/notarization.keychain --wait | |
| xcrun stapler staple build/distribution/JabRef-${{ steps.gitversion.outputs.Major }}.${{ steps.gitversion.outputs.Minor }}-arm64.pkg | |
| - name: Upload with rsync | |
| if: ${{ !startsWith(github.ref, 'refs/heads/gh-readonly-queue') }} | |
| shell: bash | |
| run: | | |
| rsync -Pavz --itemize-changes --stats --partial-dir=/tmp/partial --rsync-path="mkdir -p /var/www/builds.jabref.org/www/${{ steps.gitversion.outputs.branchName }} && rsync" -e 'ssh -p 9922 -i ~/.ssh/id_rsa' build/distribution/ [email protected]:/var/www/builds.jabref.org/www/${{ steps.gitversion.outputs.branchName }}/ | |
| - name: Upload to GitHub workflow artifacts store | |
| if: ${{ !startsWith(github.ref, 'refs/heads/gh-readonly-queue') }} | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: JabRef-${{ matrix.displayName }} | |
| path: build/distribution |