From daac6e3fd3e0a775fb36c7d5abef9799799db778 Mon Sep 17 00:00:00 2001 From: Simos Mikelatos Date: Mon, 15 Jun 2026 17:26:53 +0000 Subject: [PATCH] ci: add macos desktop release workflow --- .github/workflows/desktop-macos-release.yml | 103 ++++++++++++++++++++ package.json | 1 + 2 files changed, 104 insertions(+) create mode 100644 .github/workflows/desktop-macos-release.yml diff --git a/.github/workflows/desktop-macos-release.yml b/.github/workflows/desktop-macos-release.yml new file mode 100644 index 00000000..d8893018 --- /dev/null +++ b/.github/workflows/desktop-macos-release.yml @@ -0,0 +1,103 @@ +name: Desktop macOS Release + +on: + workflow_dispatch: + inputs: + tag: + description: 'Release tag to create or update (defaults to v)' + required: false + type: string + release_name: + description: 'Release name (defaults to "CloudCLI Desktop macOS ")' + required: false + type: string + prerelease: + description: 'Mark the GitHub release as a prerelease' + required: true + default: false + type: boolean + +jobs: + build-macos: + name: Build signed macOS desktop app + runs-on: macos-latest + permissions: + contents: write + steps: + - name: Checkout + uses: actions/checkout@v6 + with: + fetch-depth: 0 + + - name: Set up Node.js + uses: actions/setup-node@v6 + with: + node-version: 22 + cache: npm + + - name: Install dependencies + run: npm ci + + - name: Typecheck + run: npm run typecheck + + - name: Resolve release metadata + id: release + run: | + VERSION="$(node -p "require('./package.json').version")" + TAG="${{ inputs.tag }}" + if [ -z "$TAG" ]; then + TAG="v${VERSION}" + fi + + RELEASE_NAME="${{ inputs.release_name }}" + if [ -z "$RELEASE_NAME" ]; then + RELEASE_NAME="CloudCLI Desktop macOS ${TAG}" + fi + + echo "tag=$TAG" >> "$GITHUB_OUTPUT" + echo "release_name=$RELEASE_NAME" >> "$GITHUB_OUTPUT" + + - name: Verify signing secrets are configured + run: | + test -n "$CSC_LINK" + test -n "$CSC_KEY_PASSWORD" + test -n "$APPLE_ID" + test -n "$APPLE_APP_SPECIFIC_PASSWORD" + test -n "$APPLE_TEAM_ID" + env: + CSC_LINK: ${{ secrets.CSC_LINK }} + CSC_KEY_PASSWORD: ${{ secrets.CSC_KEY_PASSWORD }} + APPLE_ID: ${{ secrets.APPLE_ID }} + APPLE_APP_SPECIFIC_PASSWORD: ${{ secrets.APPLE_APP_SPECIFIC_PASSWORD }} + APPLE_TEAM_ID: ${{ secrets.APPLE_TEAM_ID }} + + - name: Build signed and notarized macOS artifacts + run: npm run desktop:dist:mac -- --publish never + env: + CSC_LINK: ${{ secrets.CSC_LINK }} + CSC_KEY_PASSWORD: ${{ secrets.CSC_KEY_PASSWORD }} + APPLE_ID: ${{ secrets.APPLE_ID }} + APPLE_APP_SPECIFIC_PASSWORD: ${{ secrets.APPLE_APP_SPECIFIC_PASSWORD }} + APPLE_TEAM_ID: ${{ secrets.APPLE_TEAM_ID }} + + - name: Verify macOS artifacts + run: | + test -n "$(find release -maxdepth 1 -name '*.dmg' -print -quit)" + test -n "$(find release -maxdepth 1 -name '*.zip' -print -quit)" + shasum -a 256 release/*.{dmg,zip} > release/SHASUMS256.txt + cat release/SHASUMS256.txt + + - name: Publish GitHub release assets + uses: softprops/action-gh-release@v2 + with: + tag_name: ${{ steps.release.outputs.tag }} + name: ${{ steps.release.outputs.release_name }} + prerelease: ${{ inputs.prerelease }} + fail_on_unmatched_files: false + files: | + release/*.dmg + release/*.zip + release/*.yml + release/*.blockmap + release/SHASUMS256.txt diff --git a/package.json b/package.json index a4579d82..0d224b41 100644 --- a/package.json +++ b/package.json @@ -83,6 +83,7 @@ "mac": { "category": "public.app-category.developer-tools", "icon": "electron/assets/logo-macos.icns", + "notarize": true, "target": [ "dmg", "zip"