fixed app package hopefully #14
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Build YNOT | |
| on: | |
| push: | |
| tags: | |
| - 'v*' | |
| permissions: | |
| contents: write | |
| jobs: | |
| build: | |
| runs-on: ${{ matrix.os }} | |
| strategy: | |
| matrix: | |
| os: [macos-latest, windows-latest] | |
| python-version: ['3.11'] | |
| steps: | |
| - uses: actions/checkout@v2 | |
| - name: Set up Python | |
| uses: actions/setup-python@v2 | |
| with: | |
| python-version: ${{ matrix.python-version }} | |
| - name: Install dependencies | |
| run: | | |
| python -m pip install --upgrade pip | |
| pip install pyinstaller yt-dlp | |
| - name: Build executable (Windows) | |
| if: matrix.os == 'windows-latest' | |
| run: pyinstaller --onefile --windowed --name YNOT --clean main.py | |
| - name: Build executable (macOS) | |
| if: matrix.os == 'macos-latest' | |
| env: | |
| CERTIFICATE_BASE64: ${{ secrets.MACOS_CERTIFICATE }} | |
| CERTIFICATE_PASSWORD: ${{ secrets.MACOS_CERTIFICATE_PWD }} | |
| run: | | |
| # Decode and import certificate | |
| echo $CERTIFICATE_BASE64 | base64 --decode > certificate.p12 | |
| security create-keychain -p temppass build.keychain | |
| security default-keychain -s build.keychain | |
| security unlock-keychain -p temppass build.keychain | |
| security import certificate.p12 -k build.keychain -P "$CERTIFICATE_PASSWORD" -T /usr/bin/codesign | |
| security set-key-partition-list -S apple-tool:,apple:,codesign: -s -k temppass build.keychain | |
| # Build and sign | |
| pyinstaller --windowed --name YNOT --clean --icon icon.icns --target-architecture universal2 main.py | |
| # Sign all binaries inside the .app bundle | |
| find "dist/YNOT.app/Contents/MacOS" -type f -exec codesign --force --options runtime --entitlements entitlements.plist --sign "Developer ID Application" {} \; | |
| # Sign the .app bundle itself | |
| codesign --force --options runtime --entitlements entitlements.plist --sign "Developer ID Application" "dist/YNOT.app" | |
| # Verify signing | |
| codesign --verify --deep --strict --verbose=2 "dist/YNOT.app" | |
| # Create zip for notarization | |
| ditto -c -k --keepParent "dist/YNOT.app" dist/YNOT.zip | |
| # Submit for notarization and wait | |
| xcrun notarytool submit dist/YNOT.zip --apple-id ${{ secrets.APPLE_ID }} --password ${{ secrets.APPLE_PASSWORD }} --team-id ${{ secrets.APPLE_TEAM_ID }} --wait | |
| # Wait and staple | |
| sleep 60 | |
| xcrun stapler staple "dist/YNOT.app" | |
| # Create final zip of stapled app | |
| ditto -c -k --keepParent "dist/YNOT.app" dist/YNOT.zip | |
| - name: Create Release | |
| uses: softprops/action-gh-release@v1 | |
| if: startsWith(github.ref, 'refs/tags/') | |
| with: | |
| files: | | |
| dist/ynot* | |
| dist/YNOT* | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} |