fixed build hopefully #17
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Build YNOT | |
| on: | |
| push: | |
| tags: | |
| - 'v*' | |
| permissions: | |
| contents: write | |
| jobs: | |
| build: | |
| runs-on: ${{ matrix.os }} | |
| strategy: | |
| matrix: | |
| os: [macos-latest, windows-latest] | |
| python-version: ['3.11'] | |
| steps: | |
| - uses: actions/checkout@v2 | |
| - name: Set up Python | |
| uses: actions/setup-python@v2 | |
| with: | |
| python-version: ${{ matrix.python-version }} | |
| - name: Install dependencies | |
| run: | | |
| python -m pip install --upgrade pip | |
| pip install pyinstaller yt-dlp | |
| - name: Build executable (Windows) | |
| if: matrix.os == 'windows-latest' | |
| run: pyinstaller --onefile --windowed --name YNOT --clean main.py | |
| - name: Build executable (macOS) | |
| if: matrix.os == 'macos-latest' | |
| env: | |
| CERTIFICATE_BASE64: ${{ secrets.MACOS_CERTIFICATE }} | |
| CERTIFICATE_PASSWORD: ${{ secrets.MACOS_CERTIFICATE_PWD }} | |
| run: | | |
| # Decode and import certificate | |
| echo $CERTIFICATE_BASE64 | base64 --decode > certificate.p12 | |
| security create-keychain -p temppass build.keychain | |
| security default-keychain -s build.keychain | |
| security unlock-keychain -p temppass build.keychain | |
| security import certificate.p12 -k build.keychain -P "$CERTIFICATE_PASSWORD" -T /usr/bin/codesign | |
| security set-key-partition-list -S apple-tool:,apple:,codesign: -s -k temppass build.keychain | |
| # Build and sign | |
| pyinstaller --windowed --name YNOT --clean --icon icon.icns --target-architecture universal2 main.py | |
| # Sign all binaries inside the .app bundle | |
| find "dist/YNOT.app/Contents/MacOS" -type f -exec codesign --force --options runtime --entitlements entitlements.plist --sign "Developer ID Application" {} \; | |
| # Sign the .app bundle itself | |
| codesign --force --options runtime --entitlements entitlements.plist --sign "Developer ID Application" --timestamp --deep --strict "dist/YNOT.app" | |
| # Verify signing | |
| codesign --verify --deep --strict --verbose=2 "dist/YNOT.app" | |
| # Create zip for notarization | |
| ditto -c -k --keepParent "dist/YNOT.app" dist/YNOT.zip | |
| # Submit for notarization | |
| SUBMISSION_ID=$(xcrun notarytool submit dist/YNOT.zip \ | |
| --apple-id "${{ secrets.APPLE_ID }}" \ | |
| --password "${{ secrets.APPLE_PASSWORD }}" \ | |
| --team-id "${{ secrets.APPLE_TEAM_ID }}" \ | |
| --no-progress \ | |
| --output-format json | jq -r '.id') | |
| # Wait for notarization to complete | |
| while true; do | |
| STATUS=$(xcrun notarytool info "$SUBMISSION_ID" \ | |
| --apple-id "${{ secrets.APPLE_ID }}" \ | |
| --password "${{ secrets.APPLE_PASSWORD }}" \ | |
| --team-id "${{ secrets.APPLE_TEAM_ID }}" \ | |
| --output-format json | jq -r '.status') | |
| if [ "$STATUS" = "Accepted" ]; then | |
| break | |
| elif [ "$STATUS" = "Invalid" ] || [ "$STATUS" = "Rejected" ]; then | |
| echo "Notarization failed with status: $STATUS" | |
| exit 1 | |
| fi | |
| echo "Waiting for notarization... Current status: $STATUS" | |
| sleep 30 | |
| done | |
| # Staple the notarization | |
| xcrun stapler staple "dist/YNOT.app" | |
| # Create final zip of stapled app | |
| ditto -c -k --keepParent "dist/YNOT.app" dist/YNOT.zip | |
| - name: Create Release | |
| uses: softprops/action-gh-release@v1 | |
| if: startsWith(github.ref, 'refs/tags/') | |
| with: | |
| files: | | |
| dist/ynot* | |
| dist/YNOT* | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} |