vscodium/.github/workflows/macos.yml

name: macos_build

on:
  schedule:
    - cron: '0 0 * * *'
  push:
  pull_request:
    branches: [ master ]

jobs:
  build:
    runs-on: macOS-latest
    env:
      OS_NAME: "osx"
    steps:
      - uses: actions/checkout@v2
        
      - name: Setup Node.js environment
        uses: actions/setup-node@v1.4.3
        with:
          node-version: 12.14.1
          
      - name: Clone VSCode repo
        run: |
          . get_repo.sh
          echo "::set-env name=LATEST_MS_TAG::$LATEST_MS_TAG"
          echo "::set-env name=LATEST_MS_COMMIT::$LATEST_MS_COMMIT"          

      - name: Check existing VSCodium tags/releases
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
        run: |
          . check_tags.sh
          echo "::set-env name=SHOULD_BUILD::$SHOULD_BUILD"
                    
      - name: Build
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
        run: ./build.sh
        if: env.SHOULD_BUILD == 'yes'

      - name: Sign binary
        env:
          CERTIFICATE_OSX_P12: ${{ secrets.CERTIFICATE_OSX_P12 }}
          CERTIFICATE_OSX_PASSWORD: ${{ secrets.CERTIFICATE_OSX_PASSWORD }}
          CERTIFICATE_OSX_ID: ${{ secrets.CERTIFICATE_OSX_ID }}
        if: env.SHOULD_BUILD == 'yes'
        run: |
          if [ -d "VSCode-darwin" ]; then # just in case the build failed
            cd VSCode-darwin
            export CERTIFICATE_P12=VSCodium.p12
            echo $CERTIFICATE_OSX_P12 | base64 --decode > $CERTIFICATE_P12
            export KEYCHAIN=build.keychain
            security create-keychain -p mysecretpassword $KEYCHAIN
            security default-keychain -s $KEYCHAIN
            security unlock-keychain -p mysecretpassword $KEYCHAIN
            security import $CERTIFICATE_P12 -k $KEYCHAIN -P $CERTIFICATE_OSX_PASSWORD -T /usr/bin/codesign
            security set-key-partition-list -S apple-tool:,apple: -s -k mysecretpassword $KEYCHAIN
            codesign --deep --force --verbose --sign "$CERTIFICATE_OSX_ID" VSCodium.app
          fi          

      - name: Zip release
        run: |
          cd VSCode-darwin
          zip -r -X -y ../VSCodium-darwin-${LATEST_MS_TAG}.zip ./*.app          
        if: env.SHOULD_BUILD == 'yes'

      - name: DMG the release
        run: |
          pushd VSCode-darwin
          npx create-dmg VSCodium.app ..
          mv "../VSCodium ${LATEST_MS_TAG}.dmg" "../VSCodium.${LATEST_MS_TAG}.dmg"
          popd          
        if: env.SHOULD_BUILD == 'yes'

      - name: Generate shasums
        run: ./sum.sh
        if: env.SHOULD_BUILD == 'yes'
      
      - name: Release
        uses: softprops/action-gh-release@v1
        if: env.SHOULD_BUILD == 'yes'
        with:
          tag_name: ${{ env.LATEST_MS_TAG }}
          files: |
            ./*.zip
            ./*.dmg
            ./*.sha256            
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

      - name: Update versions repo
        if: env.SHOULD_BUILD == 'yes'
        run: ./update_version.sh
        env:
          GITHUB_TOKEN: ${{ secrets.STRONGER_GITHUB_TOKEN }}
          GITHUB_USERNAME: ${{ github.repository_owner }}