ci: build for distribution #3

Summary
Jobs
- build
Run details
- Usage
- Workflow file

Workflow file for this run

.github/workflows/release.yml at 38a852c

	name: release

	on:
	# TODO: Switch to on `v*` tag push
	pull_request:

	# permissions:
	# # To upload assets to the release
	# contents: write

	jobs:
	build:
	runs-on: ${{ github.repository_owner == 'coder' && 'depot-macos-latest' \|\| 'macos-latest'}}
	if: ${{ github.repository_owner == 'coder' }}
	env:
	CERT_PATH: /tmp/apple_cert.p12
	APP_PROF_PATH: /tmp/app.provisionprofile
	EXT_PROF_PATH: /tmp/ext.provisionprofile
	KEYCHAIN_PATH: /tmp/app-signing.keychain-db
	RELEASE_BUILD: true
	steps:
	- name: Harden Runner
	uses: step-security/harden-runner@cb605e52c26070c328afc4562f0b4ada7618a84e # v2.10.4
	with:
	egress-policy: audit

	- name: Checkout
	uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
	with:
	fetch-depth: 1

	- name: Switch XCode Version
	uses: maxim-lobanov/setup-xcode@60606e260d2fc5762a71e64e74b2174e8ea3c8bd # v1.6.0
	with:
	xcode-version: "16.0.0"

	# - name: Setup Nix
	# uses: ./.github/actions/nix-devshell

	- name: Install Cert & Retrieve Provisioning Profiles
	env:
	APPLE_CERT: ${{ secrets.APPLE_DEVELOPER_ID_PKCS12_B64 }}
	APP_PROF: ${{ secrets.CODER_DESKTOP_APP_PROVISIONPROFILE_B64 }}
	EXT_PROF: ${{ secrets.CODER_DESKTOP_EXTENSION_PROVISIONPROFILE_B64 }}
	CERT_PASSWORD: ${{ secrets.APPLE_DEVELOPER_ID_PKCS12_PASSWORD }}
	run: \|
	set -euo pipefail
	echo -n "$APPLE_CERT" \| base64 -d -o "$CERT_PATH"
	security create-keychain -p "" "$KEYCHAIN_PATH"
	security set-keychain-settings -lut 21600 "$KEYCHAIN_PATH"
	security unlock-keychain -p "" "$KEYCHAIN_PATH"
	security import "$CERT_PATH" -P "CERT_PASSWORD" -A -t cert -f pkcs12 -k "$KEYCHAIN_PATH"
	security list-keychain -d user -s "$KEYCHAIN_PATH"

	echo -n "$EXT_PROF" \| base64 -d -o "$APP_PROF_PATH"
	echo -n "$APP_PROF" \| base64 -d -o "EXT_PROF_PATH"

	- name: Build
	run: \|
	make
	./scripts/build.sh

	- name: Clean Up
	if: always()
	run: \|
	security delete-keychain "$KEYCHAIN_PATH"
	rm -f /tmp/{apple_cert.p12,app.provisionprofile,ext.provisionprofile,app-signing.keychain-db}

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

ci: build for distribution #3

Workflow file

ci: build for distribution #3

Jobs

Run details

Workflow file for this run