forked from JabRef/jabref
-
Notifications
You must be signed in to change notification settings - Fork 15
168 lines (164 loc) · 8.14 KB
/
deployment-arm64.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
name: Deployment Release for ARM64 - Run manually!
on:
workflow_dispatch:
inputs:
notarization:
type: boolean
required: true
default: true
push:
branches:
- arm64mac-release
- updateArm64Notarization
env:
SpringerNatureAPIKey: ${{ secrets.SpringerNatureAPIKey }}
AstrophysicsDataSystemAPIKey: ${{ secrets.AstrophysicsDataSystemAPIKey }}
IEEEAPIKey: ${{ secrets.IEEEAPIKey }}
BiodiversityHeritageApiKey: ${{ secrets.BiodiversityHeritageApiKey}}
OSXCERT: ${{ secrets.OSX_SIGNING_CERT }}
GRADLE_OPTS: -Xmx4g -Dorg.gradle.daemon=false -Dorg.gradle.vfs.watch=false
JAVA_OPTS: -Xmx4g
concurrency:
group: "${{ github.workflow }}-${{ github.head_ref || github.ref }}"
cancel-in-progress: true
jobs:
build:
strategy:
fail-fast: false
matrix:
os: [self-hosted]
include:
- os: self-hosted
displayName: macOS (Arm64)
suffix: '_arm64'
runs-on: ${{ matrix.os }}
name: Create installer and portable version for ${{ matrix.displayName }}
steps:
- name: Check secrets presence
id: checksecrets
shell: bash
run: |
[ -n "$BUILDJABREFPRIVATEKEY" ] || exit 1
env:
BUILDJABREFPRIVATEKEY: ${{ secrets.buildJabRefPrivateKey }}
- name: Fetch all history for all tags and branches
uses: actions/checkout@v4
with:
fetch-depth: 0
submodules: 'true'
show-progress: 'false'
- name: Install GitVersion
uses: gittools/actions/gitversion/[email protected]
with:
versionSpec: "5.x"
- name: Run GitVersion
id: gitversion
uses: gittools/actions/gitversion/[email protected]
- name: Setup JDK
uses: actions/setup-java@v4
with:
java-version: 21.0.1
distribution: 'liberica'
- name: Clean up keychain
run: |
security delete-keychain signing_temp.keychain ${{runner.temp}}/keychain/notarization.keychain || true
- name: Setup OSX key chain on macOS
uses: apple-actions/import-codesign-certs@v2
with:
p12-file-base64: ${{ secrets.OSX_SIGNING_CERT }}
p12-password: ${{ secrets.OSX_CERT_PWD }}
keychain-password: jabref
- name: Setup OSX key chain on OSX for app id cert
uses: apple-actions/import-codesign-certs@v2
with:
p12-file-base64: ${{ secrets.OSX_SIGNING_CERT_APPLICATION }}
p12-password: ${{ secrets.OSX_CERT_PWD }}
create-keychain: false
keychain-password: jabref
- name: Create notarization keychain
run: |
mkdir ${{runner.temp}}/keychain
security create-keychain -p jabref ${{runner.temp}}/keychain/notarization.keychain
security set-keychain-settings ${{runner.temp}}/keychain/notarization.keychain
- name: Setup Gradle
uses: gradle/gradle-build-action@v2
- name: Prepare merged jars and modules dir (macOS)
run: ./gradlew -i -PprojVersion="${{ steps.gitversion.outputs.AssemblySemVer }}" -PprojVersionInfo="${{ steps.gitversion.outputs.InformationalVersion }}" prepareModulesDir
- name: Build dmg (macOS)
shell: bash
run: |
jpackage \
--module org.jabref/org.jabref.cli.Launcher \
--module-path ${{env.JAVA_HOME}}/jmods/:build/jlinkbase/jlinkjars \
--add-modules org.jabref,org.jabref.merged.module \
--dest build/distribution \
--app-content buildres/mac/jabrefHost.py \
--app-content buildres/mac/native-messaging-host \
--name JabRef \
--app-version ${{ steps.gitversion.outputs.Major }}.${{ steps.gitversion.outputs.Minor }} \
--verbose \
--mac-sign \
--vendor "JabRef e.V." \
--mac-package-identifier JabRef \
--mac-package-name JabRef \
--type dmg --mac-signing-key-user-name "JabRef e.V. (6792V39SK3)" \
--mac-package-signing-prefix org.jabref \
--mac-entitlements buildres/mac/jabref.entitlements \
--icon src/main/resources/icons/jabref.icns \
--resource-dir buildres/mac \
--file-associations buildres/mac/bibtexAssociations.properties \
--jlink-options --bind-services
- name: Build pkg (macOS)
shell: bash
run: |
jpackage \
--module org.jabref/org.jabref.cli.Launcher \
--module-path ${{env.JAVA_HOME}}/jmods/:build/jlinkbase/jlinkjars \
--add-modules org.jabref,org.jabref.merged.module \
--dest build/distribution \
--app-content buildres/mac/jabrefHost.py \
--app-content buildres/mac/native-messaging-host \
--name JabRef \
--app-version ${{ steps.gitversion.outputs.Major }}.${{ steps.gitversion.outputs.Minor }} \
--verbose \
--mac-sign \
--vendor "JabRef e.V." \
--mac-package-identifier JabRef \
--mac-package-name JabRef \
--type pkg --mac-signing-key-user-name "JabRef e.V. (6792V39SK3)" \
--mac-package-signing-prefix org.jabref \
--mac-entitlements buildres/mac/jabref.entitlements \
--icon src/main/resources/icons/jabref.icns \
--resource-dir buildres/mac \
--file-associations buildres/mac/bibtexAssociations.properties \
--jlink-options --bind-services
- name: Rename files with arm64 suffix as well
shell: bash
run: |
mv build/distribution/JabRef-${{ steps.gitversion.outputs.Major }}.${{ steps.gitversion.outputs.Minor }}.dmg build/distribution/JabRef-${{ steps.gitversion.outputs.Major }}.${{ steps.gitversion.outputs.Minor }}-arm64.dmg
mv build/distribution/JabRef-${{ steps.gitversion.outputs.Major }}.${{ steps.gitversion.outputs.Minor }}.pkg build/distribution/JabRef-${{ steps.gitversion.outputs.Major }}.${{ steps.gitversion.outputs.Minor }}-arm64.pkg
- name: Notarize dmg
if: (startsWith(github.ref, 'refs/tags/') || (${{ inputs.notarization }}))
shell: bash
run: |
xcrun notarytool store-credentials "notarytool-profile" --apple-id "[email protected]" --team-id "6792V39SK3" --password "${{ secrets.OSX_NOTARIZATION_APP_PWD }}" --keychain ${{runner.temp}}/keychain/notarization.keychain
xcrun notarytool submit build/distribution/JabRef-${{ steps.gitversion.outputs.Major }}.${{ steps.gitversion.outputs.Minor }}-arm64.dmg --keychain-profile "notarytool-profile" --keychain ${{runner.temp}}/keychain/notarization.keychain --wait
xcrun stapler staple build/distribution/JabRef-${{ steps.gitversion.outputs.Major }}.${{ steps.gitversion.outputs.Minor }}-arm64.dmg
- name: Notarize pkg
if: (startsWith(github.ref, 'refs/tags/') || (${{ inputs.notarization }}))
shell: bash
run: |
xcrun notarytool store-credentials "notarytool-profile" --apple-id "[email protected]" --team-id "6792V39SK3" --password "${{ secrets.OSX_NOTARIZATION_APP_PWD }}" --keychain ${{runner.temp}}/keychain/notarization.keychain
xcrun notarytool submit build/distribution/JabRef-${{ steps.gitversion.outputs.Major }}.${{ steps.gitversion.outputs.Minor }}-arm64.pkg --keychain-profile "notarytool-profile" --keychain ${{runner.temp}}/keychain/notarization.keychain --wait
xcrun stapler staple build/distribution/JabRef-${{ steps.gitversion.outputs.Major }}.${{ steps.gitversion.outputs.Minor }}-arm64.pkg
- name: Upload with rsync
if: ${{ !startsWith(github.ref, 'refs/heads/gh-readonly-queue') }}
shell: bash
run: |
rsync -Pavz --itemize-changes --stats --partial-dir=/tmp/partial --rsync-path="mkdir -p /var/www/builds.jabref.org/www/${{ steps.gitversion.outputs.branchName }} && rsync" -e 'ssh -p 9922 -i ~/.ssh/id_rsa' build/distribution/ [email protected]:/var/www/builds.jabref.org/www/${{ steps.gitversion.outputs.branchName }}/
- name: Upload to GitHub workflow artifacts store
if: ${{ !startsWith(github.ref, 'refs/heads/gh-readonly-queue') }}
uses: actions/upload-artifact@v4
with:
name: JabRef-${{ matrix.displayName }}
path: build/distribution