--- name: Build on: schedule: - cron: "0 0 * * *" workflow_dispatch: inputs: gitRef: description: "Emacs git ref to build" required: true default: "master" extraPlanArgs: description: "Extra plan args" required: false default: "" extraCheckArgs: description: "Extra check args" required: false default: "" extraBuildArgs: description: "Extra build args" required: false default: "" extraPackageArgs: description: "Extra package args" required: false default: "" extraReleaseArgs: description: "Extra release args" required: false default: "" jobs: plan: runs-on: macos-10.15 outputs: check: "${{ steps.check.outcome }}" steps: - name: Checkout build-emacs-for-macos repo uses: actions/checkout@v2 with: repository: jimeh/build-emacs-for-macos ref: "v0.6.8" path: builder - uses: actions/setup-go@v2 with: go-version: 1.16 - uses: actions/cache@v2 id: builder-cache with: path: ~/go/pkg/mod key: ${{ runner.os }}-go-${{ hashFiles('builder/**/go.sum') }} restore-keys: ${{ runner.os }}-go- - name: Pre-build emacs-builder tool run: make build working-directory: builder - name: Plan build run: >- builder/bin/emacs-builder -l debug plan --output build-plan.yml --output-dir '${{ github.workspace }}/builds' ${{ github.event.inputs.extraPlanArgs }} '${{ github.event.inputs.gitRef }}' env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - name: Show plan run: cat build-plan.yml - name: Check if planned release and asset already exist id: check continue-on-error: true run: >- builder/bin/emacs-builder -l debug release --plan build-plan.yml check ${{ github.event.inputs.extraCheckArgs }} env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - name: Upload pre-built emacs-builder artifact uses: actions/upload-artifact@v2 with: name: emacs-builder path: builder/bin/emacs-builder if-no-files-found: error - name: Upload build-plan.yml artifact uses: actions/upload-artifact@v2 with: name: build-plan.yml path: build-plan.yml if-no-files-found: error build: runs-on: macos-10.15 needs: [plan] # Only run if check for existing release and asset failed. if: ${{ needs.plan.outputs.check == 'failure' }} steps: - name: Checkout build-emacs-for-macos repo uses: actions/checkout@v2 with: repository: jimeh/build-emacs-for-macos ref: "v0.6.8" path: builder - uses: ruby/setup-ruby@v1 with: ruby-version: 2.7 - name: Install dependencies run: make bootstrap-ci working-directory: builder - name: Download pre-built emacs-builder artifact uses: actions/download-artifact@v2 id: builder with: name: emacs-builder path: bin - name: Ensure emacs-builder is executable run: chmod +x bin/emacs-builder - name: Download build-plan.yml artifact uses: actions/download-artifact@v2 id: plan with: name: build-plan.yml path: ./ - name: Build Emacs run: >- ./builder/build-emacs-for-macos --plan build-plan.yml --native-full-aot ${{ github.event.inputs.extraBuildArgs }} env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - name: Install the Apple signing certificate run: | # create variables CERTIFICATE_PATH="$RUNNER_TEMP/build_certificate.p12" KEYCHAIN_PATH="$RUNNER_TEMP/app-signing.keychain-db" # import certificate and provisioning profile from secrets echo -n "$CERT_BASE64" | base64 --decode --output "$CERTIFICATE_PATH" # create temporary keychain security create-keychain -p "$KEYCHAIN_PASSWORD" "$KEYCHAIN_PATH" security set-keychain-settings -lut 21600 "$KEYCHAIN_PATH" security unlock-keychain -p "$KEYCHAIN_PASSWORD" "$KEYCHAIN_PATH" # import certificate to keychain security import "$CERTIFICATE_PATH" -P "$CERT_PASSWORD" -A \ -t cert -f pkcs12 -k "$KEYCHAIN_PATH" security list-keychain -d user -s "$KEYCHAIN_PATH" env: CERT_BASE64: ${{ secrets.APPLE_DEVELOPER_CERTIFICATE_P12_BASE64 }} CERT_PASSWORD: ${{ secrets.APPLE_DEVELOPER_CERTIFICATE_PASSWORD }} KEYCHAIN_PASSWORD: ${{ secrets.KEYCHAIN_PASSWORD }} - name: Sign, package and notarize build run: >- bin/emacs-builder -l debug package -v --plan build-plan.yml --sign --remove-source-dir ${{ github.event.inputs.extraPackageArgs }} env: AC_USERNAME: ${{ secrets.AC_USERNAME }} AC_PASSWORD: ${{ secrets.AC_PASSWORD }} AC_PROVIDER: ${{ secrets.AC_PROVIDER }} AC_SIGN_IDENTITY: ${{ secrets.AC_SIGN_IDENTITY }} - name: Upload disk image artifacts uses: actions/upload-artifact@v2 with: name: dmg path: | builds/*.dmg builds/*.sha* if-no-files-found: error - name: Clean up keychain used for signing certificate if: ${{ always() }} run: | security delete-keychain "$RUNNER_TEMP/app-signing.keychain-db" release: runs-on: macos-10.15 needs: [build] steps: - name: Download pre-built emacs-builder artifact uses: actions/download-artifact@v2 id: builder with: name: emacs-builder path: bin - name: Ensure emacs-builder is executable run: chmod +x bin/emacs-builder - name: Download build-plan.yml artifact uses: actions/download-artifact@v2 id: plan with: name: build-plan.yml path: ./ - name: Download disk image artifact uses: actions/download-artifact@v2 with: name: dmg path: builds - name: Publish disk image to a GitHub Release run: >- bin/emacs-builder -l debug release --plan build-plan.yml publish ${{ github.event.inputs.extraReleaseArgs }} env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - name: Trigger update casks workflow in homebrew tap run: >- gh workflow run --repo jimeh/homebrew-emacs-builds update-casks.yml env: GITHUB_TOKEN: ${{ secrets.TAP_REPO_TOKEN }}