name: macos_build on: push: pull_request: branches: [ master ] jobs: build: runs-on: macOS-latest env: OS_NAME: "osx" steps: - uses: actions/checkout@v2 - name: Setup Node.js environment uses: actions/setup-node@v1.4.3 with: node-version: 12.14.1 - name: Clone VSCode repo run: | . get_repo.sh echo "::set-env name=LATEST_MS_TAG::$LATEST_MS_TAG" echo "::set-env name=LATEST_MS_COMMIT::$LATEST_MS_COMMIT" - name: Check existing VSCodium tags/releases env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} run: | . check_tags.sh echo "::set-env name=SHOULD_BUILD::$SHOULD_BUILD" - name: Build env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} run: ./build.sh if: env.SHOULD_BUILD == 'yes' - name: Sign binary env: CERTIFICATE_OSX_P12: ${{ secrets.CERTIFICATE_OSX_P12 }} CERTIFICATE_OSX_PASSWORD: ${{ secrets.CERTIFICATE_OSX_PASSWORD }} CERTIFICATE_OSX_ID: ${{ secrets.CERTIFICATE_OSX_ID }} if: env.SHOULD_BUILD == 'yes' run: | if [ -d "VSCode-darwin" ]; then # just in case the build failed cd VSCode-darwin export CERTIFICATE_P12=VSCodium.p12 echo $CERTIFICATE_OSX_P12 | base64 --decode > $CERTIFICATE_P12 export KEYCHAIN=build.keychain security create-keychain -p mysecretpassword $KEYCHAIN security default-keychain -s $KEYCHAIN security unlock-keychain -p mysecretpassword $KEYCHAIN security import $CERTIFICATE_P12 -k $KEYCHAIN -P $CERTIFICATE_OSX_PASSWORD -T /usr/bin/codesign security set-key-partition-list -S apple-tool:,apple: -s -k mysecretpassword $KEYCHAIN codesign --deep --force --verbose --sign "$CERTIFICATE_OSX_ID" VSCodium.app fi - name: Zip release run: | cd VSCode-darwin zip -r -X -y ../VSCodium-darwin-${LATEST_MS_TAG}.zip ./*.app if: env.SHOULD_BUILD == 'yes' - name: DMG the release run: | pushd VSCode-darwin npx create-dmg VSCodium.app .. mv "../VSCodium ${LATEST_MS_TAG}.dmg" "../VSCodium.${LATEST_MS_TAG}.dmg" popd if: env.SHOULD_BUILD == 'yes' - name: Generate shasums run: ./sum.sh if: env.SHOULD_BUILD == 'yes' - name: Release uses: softprops/action-gh-release@v1 if: env.SHOULD_BUILD == 'yes' with: tag_name: ${{ env.LATEST_MS_TAG }} files: | ./*.zip ./*.dmg ./*.sha256 env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - name: Update versions repo if: env.SHOULD_BUILD == 'yes' run: ./update_version.sh env: GITHUB_TOKEN: ${{ secrets.STRONGER_GITHUB_TOKEN }} GITHUB_USERNAME: ${{ github.repository_owner }}