Skip to content

config: add import certificate step #71

config: add import certificate step

config: add import certificate step #71

Workflow file for this run

name: "Deep Focus CI/CD and Release Workflow"
on:
pull_request:
paths:
- "**/*.ts"
- "**/*.tsx"
- "**/*.js"
- "package.json"
- "package-lock.json"
push:
branches:
- main
paths:
- "**/*.ts"
- "**/*.js"
- "package.json"
- "package-lock.json"
- ".github/workflows/release.yml"
permissions:
contents: write
issues: write
pull-requests: write
id-token: write
jobs:
build-and-release:
runs-on: macos-latest
env:
CI_JOB_NUMBER: 1
steps:
- name: Checkout code
uses: actions/checkout@v4
with:
fetch-depth: 0
- name: Setup Node.js
uses: actions/setup-node@v4
with:
node-version: 'lts/*'
- name: Install dependencies
run: npm install
- name: Install Code Signing Certificate
run: |
echo "$CERTIFICATE_P12" | base64 --decode > Certificates.p12
security import Certificates.p12 -P "$CERTIFICATE_PASSWORD" -A
security unlock-keychain -p "$CERTIFICATE_PASSWORD" /Users/runner/Library/Keychains/login.keychain-db
security set-key-partition-list -S apple-tool:,apple: -s -k "$CERTIFICATE_PASSWORD" /Users/runner/Library/Keychains/login.keychain-db
env:
CERTIFICATE_P12: ${{ secrets.CERTIFICATE_P12 }}
CERTIFICATE_PASSWORD: ${{ secrets.CERTIFICATE_PASSWORD }}
- name: Store Notarization Credentials
run: |
xcrun notarytool store-credentials --apple-id "timwillie73@gmail.com" --team-id "3Y4F3KTSJA" --password ${{ secrets.APPLE_APP_PASSWORD }} --keychain-profile "notary"
- name: Run Linting
run: npm run lint
- name: Build Electron App
run: npm run make
- name: Package as Zip
run: |
mkdir -p release
zip -r release/DeepFocus-${{ github.run_number }}.zip out/make/*
- name: Analyze and Create Bundle Size Badge
uses: timeowilliams/package-size-badge-action@v1.0.7
with:
path: ".vite/build/*.js"
limit: "800"
label: "Bundle Size"
color: "green"
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- name: Verify Package Integrity
run: npm audit
- name: Run Semantic Release
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: npx semantic-release
- name: Set Release Tag
id: set_tag
run: echo "RELEASE_TAG=$(git describe --tags $(git rev-list --tags --max-count=1))" >> $GITHUB_ENV
- name: Notarize App
run: |
xcrun notarytool submit release/DeepFocus-${{ github.run_number }}.zip --keychain-profile "notary" --wait
- name: Upload Release Artifact
uses: actions/upload-artifact@v4
with:
name: DeepFocus-${{ steps.set_tag.outputs.RELEASE_TAG }}-mac.zip
path: release/DeepFocus-${{ github.run_number }}.zip