forked from zen-browser/desktop
-
Notifications
You must be signed in to change notification settings - Fork 0
179 lines (147 loc) · 5.72 KB
/
macos-release-build.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
name: macOS Release Build
on:
workflow_call:
inputs:
build-version:
description: 'The version to build'
required: true
type: string
release-branch:
description: 'The branch to build'
required: true
type: string
jobs:
mac-build:
name: Build macOS - ${{ matrix.arch }}
runs-on: macos-14
strategy:
fail-fast: false
matrix:
arch: [x86_64, aarch64]
steps:
- name: Checkout repository
uses: actions/checkout@v4
with:
submodules: recursive
token: ${{ secrets.DEPLOY_KEY }}
- name: Setup Node.js
uses: actions/setup-node@v4
with:
node-version: 20
- name: Setup Python
uses: actions/setup-python@v5
with:
python-version: '3.11'
- name: Setup Git
run: |
git config --global user.email "[email protected]"
git config --global user.name "mauro-balades"
- name: Install system dependencies
run: |
brew update
brew install cairo sccache gnu-tar mercurial
sudo pip install setuptools
brew uninstall --ignore-dependencies python3.12 -f
export PATH="$(python3 -m site --user-base)/bin":$PATH
python3 -m pip install --user mercurial
rm '/usr/local/bin/2to3-3.11' '/usr/local/bin/2to3-3.12' '/usr/local/bin/2to3'
rm '/usr/local/bin/idle3.11' '/usr/local/bin/idle3.12' '/usr/local/bin/idle3'
rm '/usr/local/bin/pydoc3.11' '/usr/local/bin/pydoc3.12' '/usr/local/bin/pydoc3'
rm '/usr/local/bin/python3.11' '/usr/local/bin/python3.12' '/usr/local/bin/python3'
rm '/usr/local/bin/python3.11-config' '/usr/local/bin/python3.12-config' '/usr/local/bin/python3-config'
brew install watchman
curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- -y --default-toolchain 1.79
source $HOME/.cargo/env
if test "${{ matrix.arch }}" = "aarch64"; then
rustup target add aarch64-apple-darwin
else
rustup target add x86_64-apple-darwin
fi
- name: Force usage of gnu-tar
run: |
echo 'export PATH="/usr/local/opt/gnu-tar/libexec/gnubin:$PATH"' >> ~/.bash_profile
echo 'export PATH="/usr/local/opt/gnu-tar/libexec/gnubin:$PATH"' >> ~/.zsh
source ~/.bash_profile
- name: Setup pnpm
run: npm install -g pnpm
- name: Get pnpm store directory
id: pnpm-cache
shell: bash
run: |
echo "STORE_PATH=$(pnpm store path)" >> $GITHUB_OUTPUT
- name: Install dependencies
run: |
pnpm install
- name: Load surfer CI setup
run: pnpm surfer ci --brand ${{ inputs.release-branch }} --display-version ${{ inputs.build-version }}
- name: Download Firefox source and dependencies
run: pnpm surfer download
- name: Bootstrap
run: |
cd engine
export SURFER_PLATFORM="darwin"
export PATH="$(python3 -m site --user-base)/bin":$PATH
./mach --no-interactive bootstrap --application-choice browser --no-system-changes
cd ..
- name: Import
env:
SURFER_COMPAT: ${{ matrix.arch }}
run: pnpm surfer import --verbose
- name: Build language packs
run: sh scripts/download-language-packs.sh
- name: Build Zen
env:
SURFER_COMPAT: ${{ matrix.arch }}
run: |
export SURFER_PLATFORM="darwin"
if test "${{ matrix.arch }}" = "x86_64"; then
export ZEN_DISABLE_LTO=1
fi
sh .github/workflows/src/release-build.sh
- name: Rebuild Zen if failed
if: failure()
run: |
export SURFER_PLATFORM="darwin"
sh .github/workflows/src/release-build.sh
- name: Import APPLE DEVELOPER ID CERTIFICATE for .app
uses: Apple-Actions/import-codesign-certs@v3
with:
p12-file-base64: ${{ secrets.macOS_CERTIFICATES_P12_For_App_BASE64 }}
p12-password: ${{ secrets.macOS_CERTIFICATES_P12_PASSWORD }}
- name: Package
env:
SURFER_COMPAT: ${{ matrix.arch }}
run: |
export SURFER_PLATFORM="darwin"
export MACOS_APPLE_DEVELOPER_ID="${{ secrets.macOS_AppleDeveloperId }}"
pnpm package
- name: Rename artifacts
run: |
mv ./dist/output.mar macos-${{ matrix.arch }}.mar
- name: Sign .dmg
run: |
set -ex
hdiutil convert ./dist/*.dmg -format UDZO -imagekey zlib-level=9 -o zen.macos-${{ matrix.arch }}.dmg
xattr -cr zen.macos-${{ matrix.arch }}.dmg
codesign -s "${{ secrets.macOS_AppleDeveloperId }}" zen.macos-${{ matrix.arch }}.dmg
xcrun notarytool submit "zen.macos-${{ matrix.arch }}.dmg" \
--apple-id "${{ secrets.macOS_AppleAccountId }}" \
--team-id "${{ secrets.macOS_AppleDeveloperIdTeamId }}" \
--password "${{ secrets.macOS_AppleDeveloperIdPassword }}" \
--wait
xcrun stapler staple "zen.macos-${{ matrix.arch }}.dmg"
- name: Upload build artifact
uses: actions/upload-artifact@v4
with:
name: zen.macos-${{ matrix.arch }}.dmg
path: ./zen.macos-${{ matrix.arch }}.dmg
- name: Upload build artifact (.mar)
uses: actions/upload-artifact@v4
with:
name: macos-${{ matrix.arch }}.mar
path: ./macos-${{ matrix.arch }}.mar
- name: Upload build artifact (update manifests)
uses: actions/upload-artifact@v4
with:
name: macos_update_manifest_${{ matrix.arch }}
path: ./dist/update