added retry #8
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Build YNOT | |
| on: | |
| push: | |
| tags: | |
| - 'v*' | |
| permissions: | |
| contents: write | |
| jobs: | |
| build: | |
| runs-on: ${{ matrix.os }} | |
| strategy: | |
| matrix: | |
| os: [macos-latest, windows-latest] | |
| python-version: ['3.11'] | |
| steps: | |
| - uses: actions/checkout@v2 | |
| - name: Set up Python | |
| uses: actions/setup-python@v2 | |
| with: | |
| python-version: ${{ matrix.python-version }} | |
| - name: Install dependencies | |
| run: | | |
| python -m pip install --upgrade pip | |
| pip install pyinstaller yt-dlp | |
| - name: Build executable (Windows) | |
| if: matrix.os == 'windows-latest' | |
| run: pyinstaller --onefile --windowed --name ynot main.py | |
| - name: Build executable (macOS) | |
| if: matrix.os == 'macos-latest' | |
| env: | |
| CERTIFICATE_BASE64: ${{ secrets.MACOS_CERTIFICATE }} | |
| CERTIFICATE_PASSWORD: ${{ secrets.MACOS_CERTIFICATE_PWD }} | |
| run: | | |
| # Decode and import certificate | |
| echo $CERTIFICATE_BASE64 | base64 --decode > certificate.p12 | |
| security create-keychain -p temppass build.keychain | |
| security default-keychain -s build.keychain | |
| security unlock-keychain -p temppass build.keychain | |
| security import certificate.p12 -k build.keychain -P "$CERTIFICATE_PASSWORD" -T /usr/bin/codesign | |
| security set-key-partition-list -S apple-tool:,apple:,codesign: -s -k temppass build.keychain | |
| # Build and sign | |
| pyinstaller --onefile --name ynot main.py | |
| codesign --force --options runtime --entitlements entitlements.plist --sign "Developer ID Application" dist/ynot | |
| ditto -c -k --keepParent dist/ynot dist/ynot.zip | |
| xcrun notarytool submit dist/ynot.zip --apple-id ${{ secrets.APPLE_ID }} --password ${{ secrets.APPLE_PASSWORD }} --team-id ${{ secrets.APPLE_TEAM_ID }} --wait | |
| # Wait for notarization to propagate and retry stapling if needed | |
| sleep 30 | |
| for i in {1..3}; do | |
| if xcrun stapler staple dist/ynot; then | |
| break | |
| fi | |
| echo "Stapling attempt $i failed, waiting before retry..." | |
| sleep 30 | |
| done | |
| - name: Create Release | |
| uses: softprops/action-gh-release@v1 | |
| if: startsWith(github.ref, 'refs/tags/') | |
| with: | |
| files: | | |
| dist/ynot* | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} |