# Huge thanks to Alacritty, as their configuration served as a starting point for this one! # See: https://github.com/alacritty/alacritty name: Release on: push: branches: - master - dev env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} CARGO_TERM_COLOR: always jobs: extract-version: name: extract-version runs-on: ubuntu-latest outputs: espanso_version: ${{ steps.version.outputs.version }} steps: - uses: actions/checkout@v2 - name: "Extract version" id: "version" run: | ESPANSO_VERSION=$(grep '^version' espanso/Cargo.toml | awk -F '"' '{ print $2 }') echo version: $ESPANSO_VERSION echo "::set-output name=version::v$ESPANSO_VERSION" create-release: name: create-release needs: ["extract-version"] runs-on: ubuntu-latest steps: - uses: actions/checkout@v2 - name: Create new release (only on master) if: ${{ github.ref == 'refs/heads/master' }} run: | COMMIT_HASH=$(git rev-list --max-count=1 HEAD) echo "Creating release: ${{ needs.extract-version.outputs.espanso_version }}" echo "for hash: $COMMIT_HASH" gh release create ${{ needs.extract-version.outputs.espanso_version }} \ -t ${{ needs.extract-version.outputs.espanso_version }} \ --notes "Automatically released by CI" \ --prerelease \ --target $COMMIT_HASH windows: needs: ["extract-version", "create-release"] runs-on: windows-latest defaults: run: shell: bash steps: - uses: actions/checkout@v2 - name: Print target version run: | echo Using version ${{ needs.extract-version.outputs.espanso_version }} - name: Install rust-script and cargo-make run: | cargo install rust-script --version "0.7.0" cargo install --force cargo-make --version 0.34.0 - name: Test run: cargo make test-binary --profile release - name: Build resources run: cargo make build-windows-resources --profile release - name: Sign resources run: cargo make sign-windows-resources env: CODESIGN_PWD: ${{ secrets.WIN_CODESIGN_PWD }} CODESIGN_CROSS_SIGNED_B64: ${{ secrets.WIN_CODESIGN_INTERMEDIATE_B64 }} CODESIGN_CERTIFICATE_B64: ${{ secrets.WIN_CODESIGN_CERTIFICATE_B64 }} - name: Build installer run: cargo make build-windows-installer --profile release --skip-tasks build-windows-resources - name: Sign installer run: cargo make sign-windows-installer env: CODESIGN_PWD: ${{ secrets.WIN_CODESIGN_PWD }} CODESIGN_CROSS_SIGNED_B64: ${{ secrets.WIN_CODESIGN_INTERMEDIATE_B64 }} CODESIGN_CERTIFICATE_B64: ${{ secrets.WIN_CODESIGN_CERTIFICATE_B64 }} - name: Build portable mode archive run: cargo make build-windows-portable --profile release --skip-tasks build-windows-resources - name: Create portable mode archive shell: powershell run: | Rename-Item target/windows/portable espanso-portable Compress-Archive target/windows/espanso-portable target/windows/Espanso-Win-Portable-x86_64.zip - name: Calculate hashes shell: powershell run: | Get-FileHash target/windows/Espanso-Win-Portable-x86_64.zip -Algorithm SHA256 | select-object -ExpandProperty Hash > target/windows/Espanso-Win-Portable-x86_64.zip.sha256.txt Get-FileHash target/windows/installer/Espanso-Win-Installer-x86_64.exe -Algorithm SHA256 | select-object -ExpandProperty Hash > target/windows/installer/Espanso-Win-Installer-x86_64.exe.sha256.txt - uses: actions/upload-artifact@v2 name: "Upload artifacts" with: name: Windows Artifacts path: | target/windows/installer/Espanso-Win-Installer-x86_64.exe target/windows/Espanso-Win-Portable-x86_64.zip target/windows/installer/Espanso-Win-Installer-x86_64.exe.sha256.txt target/windows/Espanso-Win-Portable-x86_64.zip.sha256.txt - name: Upload artifacts to Github Releases (if master) if: ${{ github.ref == 'refs/heads/master' }} run: | gh release upload ${{ needs.extract-version.outputs.espanso_version }} target/windows/installer/Espanso-Win-Installer-x86_64.exe target/windows/Espanso-Win-Portable-x86_64.zip target/windows/installer/Espanso-Win-Installer-x86_64.exe.sha256.txt target/windows/Espanso-Win-Portable-x86_64.zip.sha256.txt linux-x11: needs: ["extract-version", "create-release"] runs-on: ubuntu-latest steps: - uses: actions/checkout@v2 - name: Print target version run: | echo Using version ${{ needs.extract-version.outputs.espanso_version }} - name: Build docker image run: | sudo docker build -t espanso-ubuntu . -f .github/scripts/ubuntu/Dockerfile - name: Build AppImage run: | sudo docker run --rm -v "$(pwd):/shared" espanso-ubuntu espanso/.github/scripts/ubuntu/build_appimage.sh - uses: actions/upload-artifact@v2 name: "Upload artifacts" with: name: Linux X11 Artifacts path: | Espanso-X11.AppImage Espanso-X11.AppImage.sha256.txt - name: Upload artifacts to Github Releases (if master) if: ${{ github.ref == 'refs/heads/master' }} run: | gh release upload ${{ needs.extract-version.outputs.espanso_version }} Espanso-X11.AppImage Espanso-X11.AppImage.sha256.txt linux-deb: needs: ["extract-version", "create-release"] runs-on: ubuntu-latest steps: - uses: actions/checkout@v2 - name: Print target version run: | echo Using version ${{ needs.extract-version.outputs.espanso_version }} - name: Build docker image run: | sudo docker build -t espanso-ubuntu . -f .github/scripts/ubuntu/Dockerfile - name: Build Deb packages run: | sudo docker run --rm -v "$(pwd):/shared" espanso-ubuntu espanso/.github/scripts/ubuntu/build_deb.sh - uses: actions/upload-artifact@v2 name: "Upload artifacts" with: name: Ubuntu-Debian Artifacts path: | espanso-debian-x11-amd64.deb espanso-debian-wayland-amd64.deb - name: Upload artifacts to Github Releases (if master) if: ${{ github.ref == 'refs/heads/master' }} run: | gh release upload ${{ needs.extract-version.outputs.espanso_version }} espanso-debian-x11-amd64.deb espanso-debian-wayland-amd64.deb espanso-debian-x11-amd64-sha256.txt espanso-debian-wayland-amd64-sha256.txt macos-intel: needs: ["extract-version", "create-release"] runs-on: macos-11 steps: - uses: actions/checkout@v2 - name: Print target version run: | echo Using version ${{ needs.extract-version.outputs.espanso_version }} - name: Install rust-script and cargo-make run: | cargo install rust-script --version "0.7.0" cargo install --force cargo-make --version 0.34.0 - name: Test run: cargo make test-binary --profile release env: MACOSX_DEPLOYMENT_TARGET: "10.13" - name: Build run: cargo make create-bundle --profile release env: MACOSX_DEPLOYMENT_TARGET: "10.13" - name: Codesign executable env: MACOS_CERTIFICATE: ${{ secrets.PROD_MACOS_CERTIFICATE }} MACOS_CERTIFICATE_PWD: ${{ secrets.PROD_MACOS_CERTIFICATE_PWD }} MACOS_CERTIFICATE_NAME: ${{ secrets.PROD_MACOS_CERTIFICATE_NAME }} MACOS_CI_KEYCHAIN_PWD: ${{ secrets.PROD_MACOS_CI_KEYCHAIN_PWD }} run: | echo $MACOS_CERTIFICATE | base64 --decode > certificate.p12 security create-keychain -p "$MACOS_CI_KEYCHAIN_PWD" buildespanso.keychain security default-keychain -s buildespanso.keychain security unlock-keychain -p "$MACOS_CI_KEYCHAIN_PWD" buildespanso.keychain security import certificate.p12 -k buildespanso.keychain -P "$MACOS_CERTIFICATE_PWD" -T /usr/bin/codesign security set-key-partition-list -S apple-tool:,apple:,codesign: -s -k "$MACOS_CI_KEYCHAIN_PWD" buildespanso.keychain /usr/bin/codesign --force -s "$MACOS_CERTIFICATE_NAME" --options runtime target/mac/Espanso.app -v - name: "Notarize executable" env: PROD_MACOS_NOTARIZATION_APPLE_ID: ${{ secrets.PROD_MACOS_NOTARIZATION_APPLE_ID }} PROD_MACOS_NOTARIZATION_TEAM_ID: ${{ secrets.PROD_MACOS_NOTARIZATION_TEAM_ID }} PROD_MACOS_NOTARIZATION_PWD: ${{ secrets.PROD_MACOS_NOTARIZATION_PWD }} run: | echo "Create keychain profile" xcrun notarytool store-credentials "espanso-notarytool-profile" --apple-id "$PROD_MACOS_NOTARIZATION_APPLE_ID" --team-id "$PROD_MACOS_NOTARIZATION_TEAM_ID" --password "$PROD_MACOS_NOTARIZATION_PWD" echo "Creating temp notarization archive" ditto -c -k --keepParent "target/mac/Espanso.app" "notarization.zip" echo "Notarize app" xcrun notarytool submit "notarization.zip" --keychain-profile "espanso-notarytool-profile" --wait echo "Attach staple" xcrun stapler staple "target/mac/Espanso.app" - name: Create ZIP archive run: | ditto -c -k --sequesterRsrc --keepParent target/mac/Espanso.app Espanso-Mac-Intel.zip - name: Calculate hashes run: | shasum -a 256 Espanso-Mac-Intel.zip > Espanso-Mac-Intel.zip.sha256.txt - uses: actions/upload-artifact@v2 name: "Upload artifacts" with: name: Mac Intel Artifacts path: | Espanso-Mac-Intel.zip Espanso-Mac-Intel.zip.sha256.txt - name: Upload artifacts to Github Releases (if master) if: ${{ github.ref == 'refs/heads/master' }} run: | gh release upload ${{ needs.extract-version.outputs.espanso_version }} Espanso-Mac-Intel.zip Espanso-Mac-Intel.zip.sha256.txt macos-m1: needs: ["extract-version", "create-release"] runs-on: macos-11 steps: - uses: actions/checkout@v2 - name: Print target version run: | echo Using version ${{ needs.extract-version.outputs.espanso_version }} - name: Install rust target run: rustup update && rustup target add aarch64-apple-darwin - name: Install rust-script and cargo-make run: | cargo install rust-script --version "0.7.0" cargo install --force cargo-make --version 0.34.0 - name: Build run: cargo make create-bundle --profile release --env BUILD_ARCH=aarch64-apple-darwin - name: Codesign executable env: MACOS_CERTIFICATE: ${{ secrets.PROD_MACOS_CERTIFICATE }} MACOS_CERTIFICATE_PWD: ${{ secrets.PROD_MACOS_CERTIFICATE_PWD }} MACOS_CERTIFICATE_NAME: ${{ secrets.PROD_MACOS_CERTIFICATE_NAME }} MACOS_CI_KEYCHAIN_PWD: ${{ secrets.PROD_MACOS_CI_KEYCHAIN_PWD }} run: | echo $MACOS_CERTIFICATE | base64 --decode > certificate.p12 security create-keychain -p "$MACOS_CI_KEYCHAIN_PWD" buildespanso.keychain security default-keychain -s buildespanso.keychain security unlock-keychain -p "$MACOS_CI_KEYCHAIN_PWD" buildespanso.keychain security import certificate.p12 -k buildespanso.keychain -P "$MACOS_CERTIFICATE_PWD" -T /usr/bin/codesign security set-key-partition-list -S apple-tool:,apple:,codesign: -s -k "$MACOS_CI_KEYCHAIN_PWD" buildespanso.keychain /usr/bin/codesign --force -s "$MACOS_CERTIFICATE_NAME" --options runtime target/mac/Espanso.app -v - name: "Notarize executable" env: PROD_MACOS_NOTARIZATION_APPLE_ID: ${{ secrets.PROD_MACOS_NOTARIZATION_APPLE_ID }} PROD_MACOS_NOTARIZATION_TEAM_ID: ${{ secrets.PROD_MACOS_NOTARIZATION_TEAM_ID }} PROD_MACOS_NOTARIZATION_PWD: ${{ secrets.PROD_MACOS_NOTARIZATION_PWD }} run: | echo "Create keychain profile" xcrun notarytool store-credentials "espanso-notarytool-profile" --apple-id "$PROD_MACOS_NOTARIZATION_APPLE_ID" --team-id "$PROD_MACOS_NOTARIZATION_TEAM_ID" --password "$PROD_MACOS_NOTARIZATION_PWD" echo "Creating temp notarization archive" ditto -c -k --keepParent "target/mac/Espanso.app" "notarization.zip" echo "Notarize app" xcrun notarytool submit "notarization.zip" --keychain-profile "espanso-notarytool-profile" --wait echo "Attach staple" xcrun stapler staple "target/mac/Espanso.app" - name: Create ZIP archive run: | ditto -c -k --sequesterRsrc --keepParent target/mac/Espanso.app Espanso-Mac-M1.zip - name: Calculate hashes run: | shasum -a 256 Espanso-Mac-M1.zip > Espanso-Mac-M1.zip.sha256.txt - uses: actions/upload-artifact@v2 name: "Upload artifacts" with: name: Mac M1 Artifacts path: | Espanso-Mac-M1.zip Espanso-Mac-M1.zip.sha256.txt - name: Upload artifacts to Github Releases (if master) if: ${{ github.ref == 'refs/heads/master' }} run: | gh release upload ${{ needs.extract-version.outputs.espanso_version }} Espanso-Mac-M1.zip Espanso-Mac-M1.zip.sha256.txt macos-publish-homebrew: needs: ["extract-version", "create-release", "macos-m1", "macos-intel"] runs-on: macos-11 steps: - uses: actions/checkout@v2 - name: Print target version run: | echo Using version ${{ needs.extract-version.outputs.espanso_version }} - name: "Setup SSH deploy key" uses: webfactory/ssh-agent@fc49353b67b2b7c1e0e6a600572d01a69f2672dd with: ssh-private-key: ${{ secrets.HOMEBREW_CASK_SSH_PRIVATE_KEY }} - name: Create and Publish Homebrew Cask if: ${{ github.ref == 'refs/heads/master' }} run: | VERSION="${{ needs.extract-version.outputs.espanso_version }}" ./scripts/publish_homebrew_version.sh echo "Cask formula has been published here: "