LuckyRobots/LuckyWorld
15
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects 1 Releases 13 Wiki Activity

chore(workflows): disable push trigger for build workflow and add new test signing workflow for macOS

Browse Source
This commit is contained in:
Ozgur 2025-04-13 14:08:12 +02:00
parent 49032920a1
commit 6ed4a8f9d1
No known key found for this signature in database
GPG Key ID: 66CDF27505A35546
2 changed files with 168 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
.gitea/workflows/build.yml
View File

@ -2,8 +2,8 @@ name: Unreal Engine Build
on:
workflow_dispatch:
push:
branches: [ozgur/build]
# push:
# branches: [ozgur/build]
jobs:
windows-build:

166
.gitea/workflows/test-signing.yml Normal file
View File

@ -0,0 +1,166 @@
name: Test macOS Signing
on:
workflow_dispatch:
inputs:
use_previous_build:
description: 'Use a previous successful build artifact instead of local app path'
required: true
type: boolean
default: false
app_path:
description: 'Path to the app bundle to sign (if not using artifact)'
required: false
default: 'Builds/Mac/LuckyRobots.app'
artifact_run_id:
description: 'Run ID of the workflow that produced the artifact to use (if using artifact)'
required: false
default: ''
jobs:
test-signing:
runs-on: macos
steps:
- name: Checkout repository
uses: actions/checkout@v3
with:
lfs: true
fetch-depth: 0
- name: Download Previous Build
if: ${{ github.event.inputs.use_previous_build == 'true' }}
run: |
# Create directories
mkdir -p Builds/Mac
# Download artifact (using GitHub API or direct download)
echo "Downloading previous build artifact..."
# If artifact_run_id is provided, use it
if [[ -n "${{ github.event.inputs.artifact_run_id }}" ]]; then
RUN_ID="${{ github.event.inputs.artifact_run_id }}"
else
# Get latest successful build run ID
echo "No specific run ID provided, finding latest successful build..."
# You'll need to have proper authentication to access the API
# This is simplified, you might need to adjust based on your setup
RUN_ID=$(curl -s "https://luckyrobots.com/api/v1/repos/luckyrobots/luckyworld/actions/runs?status=success&event=push" | grep -o '"id":[0-9]*' | head -1 | cut -d':' -f2)
if [[ -z "$RUN_ID" ]]; then
echo "Could not find a successful run ID. Please specify one manually."
exit 1
fi
fi
echo "Using run ID: $RUN_ID"
# Download artifact using your Gitea API
# This is a simplified example - adjust as needed for your actual API
curl -L "https://luckyrobots.com/luckyrobots/luckyworld/actions/runs/$RUN_ID/artifacts/LuckyRobots-macOS" -o build.zip
# Extract to Builds directory
unzip -o build.zip -d Builds/Mac/
# Find extracted app bundle
APP_PATH=$(find Builds/Mac -type d -name "*.app" | head -1)
if [[ -z "$APP_PATH" ]]; then
echo "Could not find app bundle in downloaded artifact"
exit 1
fi
echo "Downloaded app bundle: $APP_PATH"
echo "app_path=$APP_PATH" >> $GITHUB_ENV
shell: bash
- name: Validate App Path
id: validate-app
run: |
if [[ "${{ github.event.inputs.use_previous_build }}" == "true" ]]; then
APP_PATH="$app_path"
else
APP_PATH="${{ github.event.inputs.app_path }}"
fi
if [ ! -d "$APP_PATH" ]; then
echo "Error: Application path does not exist: $APP_PATH"
echo "You can download a previous successful build artifact or specify a different path"
# List available directories to help user
echo "Available directories in workspace:"
find . -type d -maxdepth 3 | grep -v "node_modules\|.git"
exit 1
fi
echo "Will sign and notarize: $APP_PATH"
echo "app_path=$APP_PATH" >> $GITHUB_OUTPUT
shell: bash
- name: Setup for Signing
id: setup-signing
env:
API_KEY_PATH: ${{ secrets.NOTARY_API_KEY_PATH }}
run: |
# Decode the API key from Base64 secret
echo "$API_KEY_PATH" | base64 --decode > api_key.p8
echo "api_key_file=$(pwd)/api_key.p8" >> $GITHUB_OUTPUT
shell: bash
- name: Sign macOS App
uses: lando/code-sign-action@v3
id: sign-app
with:
file: ${{ steps.validate-app.outputs.app_path }}
certificate-data: ${{ secrets.MACOS_CERTIFICATE }}
certificate-password: ${{ secrets.MACOS_CERTIFICATE_PWD }}
certificate-id: ${{ secrets.APPLE_TEAM_ID }}
options: --force --options runtime --deep --timestamp --entitlements ./LuckyRobots.entitlements
- name: Notarize macOS App
run: |
# Create a temporary file for notarization
APP_PATH="${{ steps.validate-app.outputs.app_path }}"
NOTARIZE_APP_PATH="./LuckyRobots-notarize.zip"
ditto -c -k --keepParent "$APP_PATH" "$NOTARIZE_APP_PATH"
API_KEY_FILE="${{ steps.setup-signing.outputs.api_key_file }}"
# Submit for notarization using API key
echo "Submitting for notarization with API key..."
xcrun notarytool submit "$NOTARIZE_APP_PATH" --key "$API_KEY_FILE" --key-id "${{ secrets.NOTARY_API_KEY_ID }}" --issuer "${{ secrets.NOTARY_API_KEY_ISSUER_ID }}" --wait
# Staple the ticket to the application
xcrun stapler staple "$APP_PATH"
# Clean up the API key file
rm -f "$API_KEY_FILE"
rm -f "$NOTARIZE_APP_PATH"
shell: bash
- name: Package macOS App
run: |
# Package the signed and notarized app
APP_PATH="${{ steps.validate-app.outputs.app_path }}"
APP_NAME=$(basename "$APP_PATH")
DIR_PATH=$(dirname "$APP_PATH")
# Create test output directory
mkdir -p TestSignedApps
echo "Creating test package..."
(cd "$DIR_PATH" && zip -r "../../TestSignedApps/Test-$APP_NAME.zip" "$APP_NAME")
echo "Created test package: TestSignedApps/Test-$APP_NAME.zip"
echo "Test packaged apps:"
ls -la TestSignedApps/
shell: bash
- name: Upload Test Signed App
uses: actions/upload-artifact@v3
if: success()
with:
name: TestSigned-macOS-App
path: TestSignedApps/Test-*.zip
retention-days: 7