Techmino/.github/actions/build-macos/action.yml

name: 'build Mac OS'
description: 'build Mac OS package'
inputs:
  name:
    required: true
  type:
    required: true
  icon:
    required: true
  DEVELOPER_APP_IDENTIFIER:
    required: true
  MATCH_PASSWORD:
    required: true
  GIT_AUTHORIZATION:
    required: true
  TEMP_KEYCHAIN_PASSWORD:
    required: true
  TEMP_KEYCHAIN_USER:
    required: true
  APPLE_KEY_ID:
    required: true
  APPLE_ISSUER_ID:
    required: true
  APPLE_KEY_CONTENT:
    required: true
runs:
  using: "composite"
  steps:
    - uses: ./.github/actions/build-love
    - name: Checkout template
      uses: actions/checkout@v2
      with:
        repository: '26F-Studio/Techmino-macOS'
        path: 'Techmino-macOS'
    - name: Download ColdClear
      uses: ./.github/actions/get-cc
      with:
        arch: macOS
    - name: Fastlane match
      uses: maierj/fastlane-action@v2.0.1
      with:
        lane: 'get_cert'
        subdirectory: 'Techmino-macOS'
      env:
          DEVELOPER_APP_IDENTIFIER: '${{ inputs.DEVELOPER_APP_IDENTIFIER }}'
          MATCH_PASSWORD: '${{ inputs.MATCH_PASSWORD }}'
          GIT_AUTHORIZATION: '${{ inputs.GIT_AUTHORIZATION }}'
          TEMP_KEYCHAIN_PASSWORD: '${{ inputs.TEMP_KEYCHAIN_PASSWORD }}'
          TEMP_KEYCHAIN_USER: '${{ inputs.TEMP_KEYCHAIN_USER }}'
          APPLE_KEY_ID: '${{ inputs.APPLE_KEY_ID }}'
          APPLE_ISSUER_ID: '${{ inputs.APPLE_ISSUER_ID }}'
          APPLE_KEY_CONTENT: '${{ inputs.APPLE_KEY_CONTENT }}'
    - name: Modify template
      shell: bash
      run: |
        python3 .github/workflows/updateVersion.py -T macOS_${{ inputs.type }} -N ${{ inputs.name }}
        mv Techmino.love Techmino-macOS/Techmino.app/Contents/Resources
        mv CCloader.dylib Techmino-macOS/Techmino.app/Contents/Frameworks
        mv ${{ inputs.icon }} Techmino-macOS/Techmino.app/Contents/Resources/iconfile.icns

        chmod +x Techmino-macOS/Techmino.app/Contents/Frameworks/CCloader.dylib
        chmod +x Techmino-macOS/Techmino.app/Contents/MacOS/love
    - name: Codesign executable
      shell: bash
      run: |
        security unlock-keychain -p ${{ inputs.TEMP_KEYCHAIN_PASSWORD }} \
        ~/Library/Keychains/${{ inputs.TEMP_KEYCHAIN_USER }}-db

        [[ $(security find-identity) =~ ([0-9A-F]{40}) ]]

        codesign --timestamp --force --strict --deep -v \
        --options runtime \
        -s ${BASH_REMATCH[1]} \
        --entitlements Techmino-macOS/love.entitlements \
        Techmino-macOS/Techmino.app
    - name: Fastlane notarize
      uses: maierj/fastlane-action@v2.0.1
      with:
        lane: 'make_safe'
        subdirectory: 'Techmino-macOS'
      env:
          APPLE_KEY_ID: '${{ inputs.APPLE_KEY_ID }}'
          APPLE_ISSUER_ID: '${{ inputs.APPLE_ISSUER_ID }}'
          APPLE_KEY_CONTENT: '${{ inputs.APPLE_KEY_CONTENT }}'
    - name: Check codesign
      shell: bash
      run: |
        codesign -dvvv Techmino-macOS/Techmino.app
    - name: Check for access
      shell: bash
      run: |
        spctl --assess -vv Techmino-macOS/Techmino.app
    - name: Ditto zip
      shell: bash
      run: |
        ditto Techmino-macOS/Techmino.app  Archive/
        ditto -c Archive Techmino.zip