added cert info #6
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Build YNOT | |
| on: | |
| push: | |
| tags: | |
| - 'v*' | |
| permissions: | |
| contents: write | |
| jobs: | |
| build: | |
| runs-on: ${{ matrix.os }} | |
| strategy: | |
| matrix: | |
| os: [macos-latest, windows-latest] | |
| python-version: ['3.11'] | |
| steps: | |
| - uses: actions/checkout@v2 | |
| - name: Set up Python | |
| uses: actions/setup-python@v2 | |
| with: | |
| python-version: ${{ matrix.python-version }} | |
| - name: Install dependencies | |
| run: | | |
| python -m pip install --upgrade pip | |
| pip install pyinstaller yt-dlp | |
| - name: Build executable (Windows) | |
| if: matrix.os == 'windows-latest' | |
| run: pyinstaller --onefile --windowed --name ynot main.py | |
| - name: Build executable (macOS) | |
| if: matrix.os == 'macos-latest' | |
| env: | |
| CERTIFICATE_BASE64: ${{ secrets.MACOS_CERTIFICATE }} | |
| CERTIFICATE_PASSWORD: ${{ secrets.MACOS_CERTIFICATE_PWD }} | |
| run: | | |
| # Decode and import certificate | |
| echo $CERTIFICATE_BASE64 | base64 --decode > certificate.p12 | |
| security create-keychain -p temppass build.keychain | |
| security default-keychain -s build.keychain | |
| security unlock-keychain -p temppass build.keychain | |
| security import certificate.p12 -k build.keychain -P $CERTIFICATE_PASSWORD -T /usr/bin/codesign | |
| security set-key-partition-list -S apple-tool:,apple:,codesign: -s -k temppass build.keychain | |
| # Build and sign | |
| pyinstaller --onefile --name ynot main.py | |
| codesign --force --options runtime --entitlements entitlements.plist --sign "Developer ID Application" dist/ynot | |
| ditto -c -k --keepParent dist/ynot dist/ynot.zip | |
| xcrun notarytool submit dist/ynot.zip --apple-id ${{ secrets.APPLE_ID }} --password ${{ secrets.APPLE_PASSWORD }} --team-id ${{ secrets.APPLE_TEAM_ID }} --wait | |
| xcrun stapler staple dist/ynot | |
| - name: Create Release | |
| uses: softprops/action-gh-release@v1 | |
| if: startsWith(github.ref, 'refs/tags/') | |
| with: | |
| files: | | |
| dist/ynot* | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} |