Skip to content

deploy

deploy #2

Workflow file for this run

name: 'deploy'
on:
workflow_dispatch:
push:
branches:
- feat/macos-deployment
jobs:
deploy-macos-app:
runs-on: macos-latest
env:
VITE_MOCK_DATA: false
VITE_FREECODECAMP_API: https://test-api.freecodecamp.dev
SENTRY_DSN: ${{ secrets.SENTRY_DSN }}
steps:
- uses: actions/checkout@v4
- name: setup node
uses: actions/setup-node@v4
with:
node-version: lts/*
- name: setup pnpm
uses: pnpm/action-setup@a3252b78c470c02df07e9d59298aecedc3ccdd6d #v3.0.0
with:
version: 9
- name: install Rust stable
uses: dtolnay/rust-toolchain@stable
- name: install codemagic cli tools
run: pip3 install codemagic-cli-tools --break-system-packages
- name: install apple certificates and provisioning profiles
env:
KEYCHAIN_PASSWORD: ${{ secrets.KEYCHAIN_PASSWORD }}
APPLE_DISTRIBUTION_CERT: ${{ secrets.APPLE_DISTRIBUTION_CERT }}
MAC_INSTALLER_DISTRIBUTION_CERT: ${{ secrets.MAC_INSTALLER_DISTRIBUTION_CERT }}
PROVISIONING_PROFILE: ${{ secrets.PROVISIONING_PROFILE }}
APPLE_API_KEY_ID: ${{ secrets.APPLE_API_KEY_ID }}
APPLE_API_KEY: ${{ secrets.APPLE_API_KEY }}
run: |
# create variables
mkdir private_keys
CERT_BASE_PATH=/Users/runner/Library/MobileDevice/Certificates
mkdir -p $CERT_BASE_PATH
DISTRIBUTION_CERT_PATH=$CERT_BASE_PATH/distribution_certificate.p12
MAC_INSTALLER_DISTRIBUTION_CERT_PATH=$CERT_BASE_PATH/mac_installer_distribution_certificate.p12
PP_PATH=./src-tauri/embedded.provisionprofile
KEYCHAIN_PATH=$RUNNER_TEMP/app-signing.keychain-db
APPLE_API_KEY_PATH=./private_keys/AuthKey_$APPLE_API_KEY_ID.p8
# import certificate and provisioning profile from secrets
echo -n "$APPLE_DISTRIBUTION_CERT" | base64 --decode -o $DISTRIBUTION_CERT_PATH
echo -n "$MAC_INSTALLER_DISTRIBUTION_CERT" | base64 --decode -o $MAC_INSTALLER_DISTRIBUTION_CERT_PATH
echo -n "$PROVISIONING_PROFILE" | base64 --decode -o $PP_PATH
echo -n "$APPLE_API_KEY" | base64 --decode -o $APPLE_API_KEY_PATH
# List file permissions
ls -l $DISTRIBUTION_CERT_PATH
ls -l $MAC_INSTALLER_DISTRIBUTION_CERT_PATH
ls -l $PP_PATH
ls -l $APPLE_API_KEY_PATH
# create temporary keychain
keychain initialize --password $KEYCHAIN_PASSWORD --path $KEYCHAIN_PATH --timeout 21600
# import certificate to keychain
keychain add-certificates
security set-key-partition-list -S apple-tool:,apple: -k "$KEYCHAIN_PASSWORD" $KEYCHAIN_PATH
security find-identity -v
- name: install frontend dependencies
run: pnpm install && pnpm run prisma-generate
- uses: tauri-apps/tauri-action@v0
env:
TAURI_SIGNING_PRIVATE_KEY: ${{ secrets.TAURI_SIGNING_PRIVATE_KEY }}
TAURI_SIGNING_PRIVATE_KEY_PASSWORD: ${{ secrets.TAURI_SIGNING_PRIVATE_KEY_PASSWORD }}
with:
args: "--target universal-apple-darwin"
# includeUpdaterJson: true
- name: generate and upload installer package
env:
APPLE_API_KEY_ID: ${{ secrets.APPLE_API_KEY_ID }}
APPLE_API_ISSUER: ${{ secrets.APPLE_API_ISSUER }}
run: |
xcrun productbuild --sign "3rd Party Mac Developer Installer: Free Code Camp, Inc. (L33K9LWVP9)" --component "./src-tauri/target/universal-apple-darwin/release/bundle/macos/Exam Environment.app" /Applications "Exam Environment.pkg"
xcrun altool --upload-app --type macos --file "Exam Environment.pkg" --apiKey $APPLE_API_KEY_ID --apiIssuer $APPLE_API_ISSUER