name: 'build Mac OS'
description: 'build Mac OS package'
inputs:
  name:
    required: true
    description: "Version name"
  icon:
    required: true
    description: "App icons (.icns)"
  APPLE_API_ID:
    required: true
    description: "API key ID"
  APPLE_API_ISSUER:
    required: true
    description: "API issuer ID"
  APPLE_API_KEY:
    required: true
    description: "API key content"
  APPLE_APP_IDENTIFIER:
    required: true
    description: "Bundle ID"
  APPLE_KEYCHAIN_NAME:
    required: true
    description: "Temporary keychain name"
  APPLE_KEYCHAIN_PWD:
    required: true
    description: "Temporary keychain password"
  FASTLANE_MATCH_PWD:
    required: true
    description: "Fastlane Match description password"
  FASTLANE_MATCH_TOKEN:
    required: true
    description: "Fastlane Match Github token"
runs:
  using: "composite"
  steps:
    - uses: ./.github/actions/build-love
    - name: Checkout template
      uses: actions/checkout@v2
      with:
        repository: '26F-Studio/Techmino-macOS'
        path: 'Techmino-macOS'
    - name: Download ColdClear
      uses: ./.github/actions/get-cc
      with:
        arch: macOS
    - name: Fastlane match
      uses: maierj/fastlane-action@v2.0.1
      with:
        lane: 'get_cert'
        subdirectory: 'Techmino-macOS'
      env:
          API_ID: '${{ inputs.APPLE_API_ID }}'
          API_ISSUER: '${{ inputs.APPLE_API_ISSUER }}'
          API_KEY: '${{ inputs.APPLE_API_KEY }}'
          APP_IDENTIFIER: '${{ inputs.APPLE_APP_IDENTIFIER }}'
          KEYCHAIN_NAME: '${{ inputs.APPLE_KEYCHAIN_NAME }}'
          KEYCHAIN_PWD: '${{ inputs.APPLE_KEYCHAIN_PWD }}'
          MATCH_PASSWORD: '${{ inputs.FASTLANE_MATCH_PWD }}'
          MATCH_TOKEN: '${{ inputs.FASTLANE_MATCH_TOKEN }}'
    - name: Modify template
      shell: python
      run: |
        import datetime
        from io import open
        thisYear = str(datetime.datetime.today().year)
        with open('./.github/build/macOS/info.plist.template', 'r', encoding='utf-8') as file:
          data = file.read()
          data = data\
            .replace('@versionName', '${{ inputs.name }}'[1:])\
            .replace('@thisYear', thisYear)\
            .replace('@bundleId', '${{ inputs.APPLE_APP_IDENTIFIER }}')
        with open('./Techmino-macOS/Techmino.app/Contents/info.plist', 'w+', encoding='utf-8') as file:
          file.write(data)
    - name: Pack
      shell: bash
      run: |
        mv Techmino.love Techmino-macOS/Techmino.app/Contents/Resources
        mv CCloader.dylib Techmino-macOS/Techmino.app/Contents/Frameworks
        mv ${{ inputs.icon }} Techmino-macOS/Techmino.app/Contents/Resources/iconfile.icns

        chmod +x Techmino-macOS/Techmino.app/Contents/Frameworks/CCloader.dylib
        chmod +x Techmino-macOS/Techmino.app/Contents/MacOS/love
    - name: Codesign executable
      shell: bash
      run: |
        security unlock-keychain -p ${{ inputs.TEMP_KEYCHAIN_PASSWORD }} \
        ~/Library/Keychains/${{ inputs.TEMP_KEYCHAIN_USER }}-db

        [[ $(security find-identity) =~ ([0-9A-F]{40}) ]]

        codesign --timestamp --force --strict --deep -v \
        --options runtime \
        -s ${BASH_REMATCH[1]} \
        --entitlements Techmino-macOS/love.entitlements \
        Techmino-macOS/Techmino.app
    - name: Fastlane notarize
      uses: maierj/fastlane-action@v2.0.1
      with:
        lane: 'make_safe'
        subdirectory: 'Techmino-macOS'
      env:
        API_ID: '${{ inputs.APPLE_API_ID }}'
        API_ISSUER: '${{ inputs.APPLE_API_ISSUER }}'
        API_KEY: '${{ inputs.APPLE_API_KEY }}'
        APP_IDENTIFIER: '${{ inputs.APPLE_APP_IDENTIFIER }}'
        NOTARIZE_OBJECT: 'Techmino.app'
    - name: Create DMG file
      shell: bash
      run: |
        brew install create-dmg
        create-dmg \
          --volname "Techmino for MacOS" \
          --volicon "./.github/build/macOS/Techminodisk.icns" \
          --window-pos 200 120 \
          --window-size 800 500 \
          --icon-size 100 \
          --icon "Techmino.app" 239 203 \
          --background ".github/build/macOS/backgroundImage.tiff" \
          --hide-extension "Techmino.app" \
          --app-drop-link 565 203 \
          "Techmino-macOS/Techmino-macOS.dmg" \
          "Techmino-macOS/Techmino.app/"
    - name: Codesign DMG
      shell: bash
      run: |
        security unlock-keychain -p ${{ inputs.TEMP_KEYCHAIN_PASSWORD }} \
        ~/Library/Keychains/${{ inputs.TEMP_KEYCHAIN_USER }}-db

        [[ $(security find-identity) =~ ([0-9A-F]{40}) ]]

        codesign --timestamp --force --strict --deep -v \
        --options runtime \
        -s ${BASH_REMATCH[1]} \
        --entitlements Techmino-macOS/love.entitlements \
        Techmino-macOS/Techmino-macOS.dmg
    - name: Fastlane notarize
      uses: maierj/fastlane-action@v2.0.1
      with:
        lane: 'make_safe'
        subdirectory: 'Techmino-macOS'
      env:
        API_ID: '${{ inputs.APPLE_API_ID }}'
        API_ISSUER: '${{ inputs.APPLE_API_ISSUER }}'
        API_KEY: '${{ inputs.APPLE_API_KEY }}'
        APP_IDENTIFIER: '${{ inputs.APPLE_APP_IDENTIFIER }}'
        NOTARIZE_OBJECT: 'Techmino-macOS.dmg'
    - name: Finalize
      shell: bash
      run: |
        mv Techmino-macOS/Techmino-macOS.dmg Techmino.dmg
        spctl -a -t open --context context:primary-signature -vv Techmino.dmg