vscodium/.github/workflows/macos.yml

name: macos_build

on:
  workflow_dispatch:
    inputs:
      new_release:
        type: choice
        description: Force new Release
        options:
        - no
        - yes
  schedule:
    - cron: '0 0 * * *'
  push:
  pull_request:
    branches: [ master ]

jobs:
  build:
    runs-on: ${{ matrix.runner }}

    strategy:
      fail-fast: false
      matrix:
        include:
          - runner: macOS-10.15
            vscode_arch: x64
          - runner: [self-hosted, macOS, ARM64]
            vscode_arch: arm64

    env:
      OS_NAME: "osx"
      VSCODE_ARCH: ${{ matrix.vscode_arch }}

    steps:
      - uses: actions/checkout@v3

      - name: Setup Node.js environment
        uses: actions/setup-node@v3
        with:
          node-version: 16

      - name: Clone VSCode repo
        run: . get_repo.sh

      - name: Check PR or cron
        run: . check_cron_or_pr.sh

      - name: Check existing VSCodium tags/releases
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
          NEW_RELEASE: ${{ github.event.inputs.new_release }}
        run: . check_tags.sh
        if: env.SHOULD_DEPLOY == 'yes'

      - name: Compute cache key
        id: yarnCacheKey
        run: echo "::set-output name=value::$(node build/azure-pipelines/computeYarnCacheKey.js)"
        if: env.SHOULD_BUILD == 'yes'

      - name: Get yarn cache directory path
        id: yarnCacheDirPath
        run: echo "::set-output name=dir::$(yarn cache dir)"
        if: env.SHOULD_BUILD == 'yes'

      - name: Cache yarn directory
        uses: actions/cache@v3
        with:
          path: ${{ steps.yarnCacheDirPath.outputs.dir }}
          key: ${{ env.OS_NAME }}-${{ env.VSCODE_ARCH }}-yarnCacheDir-${{ steps.yarnCacheKey.outputs.value }}
          restore-keys: ${{ env.OS_NAME }}-${{ env.VSCODE_ARCH }}-yarnCacheDir-
        if: env.SHOULD_BUILD == 'yes'

      - name: Build
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
        run: ./build.sh
        if: env.SHOULD_BUILD == 'yes'

      - name: Sign binary
        env:
          CERTIFICATE_OSX_P12: ${{ secrets.CERTIFICATE_OSX_P12 }}
          CERTIFICATE_OSX_PASSWORD: ${{ secrets.CERTIFICATE_OSX_PASSWORD }}
          CERTIFICATE_OSX_ID: ${{ secrets.CERTIFICATE_OSX_ID }}
        if: env.SHOULD_BUILD == 'yes' && env.SHOULD_DEPLOY == 'yes'
        run: |
          if [ -d "VSCode-darwin-${VSCODE_ARCH}" ]; then # just in case the build failed
            cd "VSCode-darwin-${VSCODE_ARCH}"
            export CERTIFICATE_P12=VSCodium.p12
            echo $CERTIFICATE_OSX_P12 | base64 --decode > $CERTIFICATE_P12
            export KEYCHAIN=$RUNNER_TEMP/build.keychain
            security create-keychain -p mysecretpassword $KEYCHAIN
            security default-keychain -s $KEYCHAIN
            security unlock-keychain -p mysecretpassword $KEYCHAIN
            security import $CERTIFICATE_P12 -k $KEYCHAIN -P $CERTIFICATE_OSX_PASSWORD -T /usr/bin/codesign
            security set-key-partition-list -S apple-tool:,apple: -s -k mysecretpassword $KEYCHAIN
            codesign --deep --force --verbose --sign "$CERTIFICATE_OSX_ID" VSCodium.app
          fi

      - name: Prepare artifacts
        run: ./prepare_artifacts.sh
        if: env.SHOULD_BUILD == 'yes' && env.SHOULD_DEPLOY == 'yes'

      - name: Release
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
        run: ./release.sh
        if: env.SHOULD_BUILD == 'yes' && env.SHOULD_DEPLOY == 'yes'

      - name: Update versions repo
        if: env.SHOULD_BUILD == 'yes' && env.SHOULD_DEPLOY == 'yes'
        run: ./update_version.sh
        env:
          GITHUB_TOKEN: ${{ secrets.STRONGER_GITHUB_TOKEN }}
          GITHUB_USERNAME: ${{ github.repository_owner }}

      - name: Clean up keychain
        if: always()
        run: |
          KEYCHAIN=$RUNNER_TEMP/build.keychain

          if [ -f "$KEYCHAIN" ];
          then
            security delete-keychain $KEYCHAIN
          fi
(experiment) cleanup and move linux builds to GHA 2020-09-20 17:26:06 -04:00			`name: macos_build`
(experiment) github action 2020-09-18 08:41:04 -04:00
			`on:`
workflows manual trigger via dispatch event 2021-03-28 17:07:35 -04:00			`workflow_dispatch:`
ci: add input to force new release (#1197) 2022-08-16 09:33:34 -04:00			`inputs:`
			`new_release:`
			`type: choice`
			`description: Force new Release`
			`options:`
			`- no`
			`- yes`
(experiment) add cron 2020-09-20 18:28:07 -04:00			`schedule:`
			`- cron: '0 0 * * *'`
(experiment) github action 2020-09-18 08:41:04 -04:00			`push:`
			`pull_request:`
			`branches: [ master ]`

			`jobs:`
			`build:`
ci: add macos arm64 (#1063) 2022-04-27 11:58:03 -04:00			`runs-on: ${{ matrix.runner }}`
feat: selective publish (#858) 2021-10-01 12:47:10 -04:00
feat: add arm64 on macos build (#848) 2021-09-18 04:12:10 -04:00			`strategy:`
			`fail-fast: false`
			`matrix:`
			`include:`
ci: add macos arm64 (#1063) 2022-04-27 11:58:03 -04:00			`- runner: macOS-10.15`
			`vscode_arch: x64`
			`- runner: [self-hosted, macOS, ARM64]`
			`vscode_arch: arm64`
feat: add arm64 on macos build (#848) 2021-09-18 04:12:10 -04:00
(experiment) github action 2020-09-18 08:41:04 -04:00			`env:`
(experiment) cleanup and move linux builds to GHA 2020-09-20 17:26:06 -04:00			`OS_NAME: "osx"`
feat: add arm64 on macos build (#848) 2021-09-18 04:12:10 -04:00			`VSCODE_ARCH: ${{ matrix.vscode_arch }}`

(experiment) github action 2020-09-18 08:41:04 -04:00			`steps:`
ci: bump github actions (#1046) 2022-04-11 08:37:54 -04:00			`- uses: actions/checkout@v3`
feat: selective publish (#858) 2021-10-01 12:47:10 -04:00
(experiment) github action 2020-09-18 08:41:04 -04:00			`- name: Setup Node.js environment`
ci: bump github actions (#1046) 2022-04-11 08:37:54 -04:00			`uses: actions/setup-node@v3`
(experiment) github action 2020-09-18 08:41:04 -04:00			`with:`
build: use node v16 (#1054) 2022-04-19 16:55:02 -04:00			`node-version: 16`
PR should build but not deploy 2021-03-10 10:48:45 -05:00
(experiment) github action 2020-09-18 08:41:04 -04:00			`- name: Clone VSCode repo`
feat: selective publish (#858) 2021-10-01 12:47:10 -04:00			`run: . get_repo.sh`

			`- name: Check PR or cron`
			`run: . check_cron_or_pr.sh`
(experiment) github action 2020-09-18 08:41:04 -04:00
			`- name: Check existing VSCodium tags/releases`
(experiment) set GITHUB_TOKEN env var 2020-09-18 09:01:29 -04:00			`env:`
			`GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}`
ci: add input to force new release (#1197) 2022-08-16 09:33:34 -04:00			`NEW_RELEASE: ${{ github.event.inputs.new_release }}`
feat: selective publish (#858) 2021-10-01 12:47:10 -04:00			`run: . check_tags.sh`
PR should build but not deploy 2021-03-10 10:48:45 -05:00			`if: env.SHOULD_DEPLOY == 'yes'`
add cache 2021-03-10 12:58:36 -05:00
			`- name: Compute cache key`
			`id: yarnCacheKey`
			`run: echo "::set-output name=value::$(node build/azure-pipelines/computeYarnCacheKey.js)"`
move build scripts 2021-03-10 13:24:52 -05:00			`if: env.SHOULD_BUILD == 'yes'`
add cache 2021-03-10 12:58:36 -05:00
			`- name: Get yarn cache directory path`
			`id: yarnCacheDirPath`
			`run: echo "::set-output name=dir::$(yarn cache dir)"`
move build scripts 2021-03-10 13:24:52 -05:00			`if: env.SHOULD_BUILD == 'yes'`
add cache 2021-03-10 12:58:36 -05:00
			`- name: Cache yarn directory`
ci: bump github actions (#1046) 2022-04-11 08:37:54 -04:00			`uses: actions/cache@v3`
add cache 2021-03-10 12:58:36 -05:00			`with:`
			`path: ${{ steps.yarnCacheDirPath.outputs.dir }}`
cache per os and arch 2021-03-10 13:38:28 -05:00			`key: ${{ env.OS_NAME }}-${{ env.VSCODE_ARCH }}-yarnCacheDir-${{ steps.yarnCacheKey.outputs.value }}`
			`restore-keys: ${{ env.OS_NAME }}-${{ env.VSCODE_ARCH }}-yarnCacheDir-`
add cache 2021-03-10 12:58:36 -05:00			`if: env.SHOULD_BUILD == 'yes'`

(experiment) github action 2020-09-18 08:41:04 -04:00			`- name: Build`
(experiment) set GITHUB_TOKEN env var in build.sh 2020-09-18 09:44:31 -04:00			`env:`
			`GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}`
(experiment) github action 2020-09-18 08:41:04 -04:00			`run: ./build.sh`
(experiment) cleanup and move linux builds to GHA 2020-09-20 17:26:06 -04:00			`if: env.SHOULD_BUILD == 'yes'`
(experiment) github action 2020-09-18 08:41:04 -04:00
(experiment) re-enable everything(?) and remove Mac stuff from Travis 2020-09-18 18:34:07 -04:00			`- name: Sign binary`
			`env:`
			`CERTIFICATE_OSX_P12: ${{ secrets.CERTIFICATE_OSX_P12 }}`
			`CERTIFICATE_OSX_PASSWORD: ${{ secrets.CERTIFICATE_OSX_PASSWORD }}`
			`CERTIFICATE_OSX_ID: ${{ secrets.CERTIFICATE_OSX_ID }}`
PR should build but not deploy 2021-03-10 10:48:45 -05:00			`if: env.SHOULD_BUILD == 'yes' && env.SHOULD_DEPLOY == 'yes'`
(experiment) cleanup and move linux builds to GHA 2020-09-20 17:26:06 -04:00			`run: \|`
Update other places Darwin arch is mentioned 2020-12-14 17:22:48 -05:00			`if [ -d "VSCode-darwin-${VSCODE_ARCH}" ]; then # just in case the build failed`
Update signing to use new path 2020-12-14 17:53:43 -05:00			`cd "VSCode-darwin-${VSCODE_ARCH}"`
(experiment) cleanup and move linux builds to GHA 2020-09-20 17:26:06 -04:00			`export CERTIFICATE_P12=VSCodium.p12`
			`echo $CERTIFICATE_OSX_P12 \| base64 --decode > $CERTIFICATE_P12`
fix(macos): correctly clean up keychain (#1075) 2022-05-07 11:29:18 -04:00			`export KEYCHAIN=$RUNNER_TEMP/build.keychain`
(experiment) cleanup and move linux builds to GHA 2020-09-20 17:26:06 -04:00			`security create-keychain -p mysecretpassword $KEYCHAIN`
			`security default-keychain -s $KEYCHAIN`
			`security unlock-keychain -p mysecretpassword $KEYCHAIN`
			`security import $CERTIFICATE_P12 -k $KEYCHAIN -P $CERTIFICATE_OSX_PASSWORD -T /usr/bin/codesign`
			`security set-key-partition-list -S apple-tool:,apple: -s -k mysecretpassword $KEYCHAIN`
			`codesign --deep --force --verbose --sign "$CERTIFICATE_OSX_ID" VSCodium.app`
			`fi`
(experiment) re-enable everything(?) and remove Mac stuff from Travis 2020-09-18 18:34:07 -04:00
feat: selective publish (#858) 2021-10-01 12:47:10 -04:00			`- name: Prepare artifacts`
			`run: ./prepare_artifacts.sh`
PR should build but not deploy 2021-03-10 10:48:45 -05:00			`if: env.SHOULD_BUILD == 'yes' && env.SHOULD_DEPLOY == 'yes'`
(experiment) more cleanup 2020-09-18 17:54:45 -04:00
(experiment) github action 2020-09-18 08:41:04 -04:00			`- name: Release`
			`env:`
fix: correctly read exit status (#914) 2021-11-10 04:40:20 -05:00			`GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}`
feat: selective publish (#858) 2021-10-01 12:47:10 -04:00			`run: ./release.sh`
			`if: env.SHOULD_BUILD == 'yes' && env.SHOULD_DEPLOY == 'yes'`
(experiment) github action 2020-09-18 08:41:04 -04:00
(experiment) re-enable everything(?) and remove Mac stuff from Travis 2020-09-18 18:34:07 -04:00			`- name: Update versions repo`
PR should build but not deploy 2021-03-10 10:48:45 -05:00			`if: env.SHOULD_BUILD == 'yes' && env.SHOULD_DEPLOY == 'yes'`
(experiment) re-enable everything(?) and remove Mac stuff from Travis 2020-09-18 18:34:07 -04:00			`run: ./update_version.sh`
			`env:`
(experiment) use stronger GH token for version update 2020-09-18 19:30:10 -04:00			`GITHUB_TOKEN: ${{ secrets.STRONGER_GITHUB_TOKEN }}`
(experiment) re-enable everything(?) and remove Mac stuff from Travis 2020-09-18 18:34:07 -04:00			`GITHUB_USERNAME: ${{ github.repository_owner }}`
fix(macos): clean up keychain (#1074) 2022-05-07 11:18:14 -04:00
			`- name: Clean up keychain`
fix(macos): correctly clean up keychain (#1075) 2022-05-07 11:29:18 -04:00			`if: always()`
fix(macos): clean up keychain (#1074) 2022-05-07 11:18:14 -04:00			`run: \|`
fix(macos): correctly clean up keychain (#1075) 2022-05-07 11:29:18 -04:00			`KEYCHAIN=$RUNNER_TEMP/build.keychain`

			`if [ -f "$KEYCHAIN" ];`
			`then`
			`security delete-keychain $KEYCHAIN`
			`fi`