Skip to content
Build TablePro

release: v0.24.1 #165

Sign in to view logs

release: v0.24.1

release: v0.24.1 #165

Workflow file for this run

.github/workflows/build.yml at 232f5db
name: Build TablePro
on:
push:
tags: ["v*"]
paths-ignore:
- "**.md"
- "docs/**"
- ".vscode/**"
env:
XCODE_PROJECT: TablePro.xcodeproj
XCODE_SCHEME: TablePro
BUILD_CONFIGURATION: Release
jobs:
lint:
name: SwiftLint
runs-on: macos-15
timeout-minutes: 10
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Install SwiftLint
run: brew list swiftlint &>/dev/null || brew install swiftlint
- name: Run SwiftLint
run: swiftlint lint --strict
build-arm64:
name: Build ARM64
runs-on: macos-15
needs: lint
timeout-minutes: 20
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Select Xcode
uses: maxim-lobanov/setup-xcode@v1
with:
xcode-version: '26.2'
- name: Download static libraries
env:
GH_TOKEN: ${{ github.token }}
run: scripts/download-libs.sh --force
- name: Install ARM64 dependencies
run: |
echo "Installing ARM64 dependencies..."
# Check and install only if needed
if ! brew list mariadb-connector-c &>/dev/null; then
echo "📦 Installing mariadb-connector-c..."
brew install mariadb-connector-c
else
echo "✅ mariadb-connector-c already installed"
fi
# Link packages with --force and --overwrite (needed for keg-only formulas)
brew link --force --overwrite mariadb-connector-c 2>/dev/null || true
echo "✅ ARM64 dependencies installed"
- name: Prepare libraries
run: scripts/ci/prepare-libs.sh arm64
- name: Verify Xcode
run: |
echo "Active Xcode:"
xcode-select -p
xcodebuild -version
- name: Create Secrets.xcconfig
env:
ANALYTICS_HMAC_SECRET: ${{ secrets.ANALYTICS_HMAC_SECRET }}
run: echo "ANALYTICS_HMAC_SECRET = ${ANALYTICS_HMAC_SECRET}" > Secrets.xcconfig
- name: Import signing certificate
env:
CERTIFICATES_P12: ${{ secrets.CERTIFICATES_P12 }}
CERTIFICATES_PASSWORD: ${{ secrets.CERTIFICATES_PASSWORD }}
run: |
KEYCHAIN_PATH=$RUNNER_TEMP/app-signing.keychain-db
security create-keychain -p "" "$KEYCHAIN_PATH"
security set-keychain-settings -lut 21600 "$KEYCHAIN_PATH"
security unlock-keychain -p "" "$KEYCHAIN_PATH"
echo "$CERTIFICATES_P12" | base64 --decode > $RUNNER_TEMP/certificate.p12
security import $RUNNER_TEMP/certificate.p12 -P "$CERTIFICATES_PASSWORD" \
-A -t cert -f pkcs12 -k "$KEYCHAIN_PATH"
security set-key-partition-list -S apple-tool:,apple: -k "" "$KEYCHAIN_PATH"
security list-keychain -d user -s "$KEYCHAIN_PATH" login.keychain
- name: Configure notarization
env:
APPLE_ID: ${{ secrets.APPLE_ID }}
APPLE_TEAM_ID: ${{ secrets.APPLE_TEAM_ID }}
NOTARY_PASSWORD: ${{ secrets.NOTARY_PASSWORD }}
run: |
xcrun notarytool store-credentials "TablePro" \
--apple-id "$APPLE_ID" \
--team-id "$APPLE_TEAM_ID" \
--password "$NOTARY_PASSWORD"
- name: Install provisioning profile
env:
PROVISIONING_PROFILE: ${{ secrets.PROVISIONING_PROFILE }}
run: |
mkdir -p ~/Library/MobileDevice/Provisioning\ Profiles
echo "$PROVISIONING_PROFILE" | base64 --decode > ~/Library/MobileDevice/Provisioning\ Profiles/tablepro.provisionprofile
- name: Build ARM64
env:
ANALYTICS_HMAC_SECRET: ${{ secrets.ANALYTICS_HMAC_SECRET }}
NOTARIZE: "true"
run: |
chmod +x scripts/build-release.sh
scripts/build-release.sh arm64
- name: Verify build
run: scripts/ci/verify-build.sh arm64
- name: Package artifacts
env:
NOTARIZE: "true"
run: scripts/ci/package-artifacts.sh arm64
- name: Upload artifacts
uses: actions/upload-artifact@v4
with:
name: artifacts-arm64
path: |
build/Release/TablePro-*.dmg
build/Release/TablePro-*.zip
build-x86_64:
name: Build x86_64
runs-on: macos-15
needs: lint
timeout-minutes: 20
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Select Xcode
uses: maxim-lobanov/setup-xcode@v1
with:
xcode-version: '26.2'
- name: Download static libraries
env:
GH_TOKEN: ${{ github.token }}
run: scripts/download-libs.sh --force
- name: Install Rosetta 2
run: softwareupdate --install-rosetta --agree-to-license || true
- name: Install x86_64 Homebrew
run: |
if [ ! -f /usr/local/bin/brew ]; then
echo "Installing x86_64 Homebrew..."
arch -x86_64 /bin/bash -c "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/HEAD/install.sh)"
fi
- name: Install x86_64 dependencies
run: |
echo "Installing x86_64 dependencies..."
# Check and install only if needed
if ! arch -x86_64 /usr/local/bin/brew list mariadb-connector-c &>/dev/null; then
echo "📦 Installing mariadb-connector-c (x86_64)..."
arch -x86_64 /usr/local/bin/brew install mariadb-connector-c
else
echo "✅ mariadb-connector-c (x86_64) already installed"
fi
# Link packages with --force (needed for keg-only formulas)
arch -x86_64 /usr/local/bin/brew link --force --overwrite mariadb-connector-c 2>/dev/null || true
echo "✅ x86_64 dependencies installed"
- name: Prepare libraries
run: scripts/ci/prepare-libs.sh x86_64
- name: Verify Xcode
run: |
echo "Active Xcode:"
xcode-select -p
xcodebuild -version
- name: Create Secrets.xcconfig
env:
ANALYTICS_HMAC_SECRET: ${{ secrets.ANALYTICS_HMAC_SECRET }}
run: echo "ANALYTICS_HMAC_SECRET = ${ANALYTICS_HMAC_SECRET}" > Secrets.xcconfig
- name: Import signing certificate
env:
CERTIFICATES_P12: ${{ secrets.CERTIFICATES_P12 }}
CERTIFICATES_PASSWORD: ${{ secrets.CERTIFICATES_PASSWORD }}
run: |
KEYCHAIN_PATH=$RUNNER_TEMP/app-signing.keychain-db
security create-keychain -p "" "$KEYCHAIN_PATH"
security set-keychain-settings -lut 21600 "$KEYCHAIN_PATH"
security unlock-keychain -p "" "$KEYCHAIN_PATH"
echo "$CERTIFICATES_P12" | base64 --decode > $RUNNER_TEMP/certificate.p12
security import $RUNNER_TEMP/certificate.p12 -P "$CERTIFICATES_PASSWORD" \
-A -t cert -f pkcs12 -k "$KEYCHAIN_PATH"
security set-key-partition-list -S apple-tool:,apple: -k "" "$KEYCHAIN_PATH"
security list-keychain -d user -s "$KEYCHAIN_PATH" login.keychain
- name: Configure notarization
env:
APPLE_ID: ${{ secrets.APPLE_ID }}
APPLE_TEAM_ID: ${{ secrets.APPLE_TEAM_ID }}
NOTARY_PASSWORD: ${{ secrets.NOTARY_PASSWORD }}
run: |
xcrun notarytool store-credentials "TablePro" \
--apple-id "$APPLE_ID" \
--team-id "$APPLE_TEAM_ID" \
--password "$NOTARY_PASSWORD"
- name: Install provisioning profile
env:
PROVISIONING_PROFILE: ${{ secrets.PROVISIONING_PROFILE }}
run: |
mkdir -p ~/Library/MobileDevice/Provisioning\ Profiles
echo "$PROVISIONING_PROFILE" | base64 --decode > ~/Library/MobileDevice/Provisioning\ Profiles/tablepro.provisionprofile
- name: Build x86_64
env:
ANALYTICS_HMAC_SECRET: ${{ secrets.ANALYTICS_HMAC_SECRET }}
NOTARIZE: "true"
run: |
chmod +x scripts/build-release.sh
scripts/build-release.sh x86_64
- name: Verify build
run: scripts/ci/verify-build.sh x86_64
- name: Package artifacts
env:
NOTARIZE: "true"
run: scripts/ci/package-artifacts.sh x86_64
- name: Upload artifacts
uses: actions/upload-artifact@v4
with:
name: artifacts-x86_64
path: |
build/Release/TablePro-*.dmg
build/Release/TablePro-*.zip
release:
name: Create GitHub Release
runs-on: macos-15
needs: [build-arm64, build-x86_64]
if: startsWith(github.ref, 'refs/tags/v')
timeout-minutes: 10
permissions:
contents: write
steps:
- name: Checkout code
uses: actions/checkout@v4
with:
fetch-depth: 0
- name: Select Xcode
uses: maxim-lobanov/setup-xcode@v1
with:
xcode-version: '26.2'
- name: Download build artifacts
uses: actions/download-artifact@v4
with:
path: artifacts-raw/
merge-multiple: true
- name: Flatten artifacts
run: |
mkdir -p artifacts/
find artifacts-raw/ -type f \( -name "*.dmg" -o -name "*.zip" \) -exec mv {} artifacts/ \;
rm -rf artifacts-raw/
echo "Artifacts:"
ls -lh artifacts/
- name: Verify and organize artifacts for release
run: |
VERSION=${GITHUB_REF#refs/tags/v}
if [ -z "$VERSION" ]; then
echo "❌ ERROR: Failed to extract version from ref: $GITHUB_REF"
exit 1
fi
echo "Preparing artifacts for version: $VERSION"
echo "Contents of artifacts directory:"
ls -la artifacts/
# Note: DMG files should already have correct names from build
# ZIP files need to be renamed
# Rename ZIP files if they exist
if [ -f "artifacts/TablePro-arm64.zip" ]; then
mv artifacts/TablePro-arm64.zip "artifacts/TablePro-${VERSION}-arm64.zip"
fi
if [ -f "artifacts/TablePro-x86_64.zip" ]; then
mv artifacts/TablePro-x86_64.zip "artifacts/TablePro-${VERSION}-x86_64.zip"
fi
echo "✅ Artifacts organized successfully"
echo "Final artifacts:"
ls -lh artifacts/
- name: Sign update archives with Sparkle
if: env.SPARKLE_PRIVATE_KEY != ''
env:
SPARKLE_PRIVATE_KEY: ${{ secrets.SPARKLE_PRIVATE_KEY }}
run: scripts/ci/sign-and-appcast.sh "${GITHUB_REF#refs/tags/v}"
- name: Upload appcast artifact
if: env.SPARKLE_PRIVATE_KEY != ''
uses: actions/upload-artifact@v4
env:
SPARKLE_PRIVATE_KEY: ${{ secrets.SPARKLE_PRIVATE_KEY }}
with:
name: appcast-${{ github.sha }}
path: appcast/appcast.xml
retention-days: 90
- name: Commit appcast.xml to repo
if: env.SPARKLE_PRIVATE_KEY != ''
continue-on-error: true
env:
SPARKLE_PRIVATE_KEY: ${{ secrets.SPARKLE_PRIVATE_KEY }}
run: |
if [ ! -f appcast/appcast.xml ]; then
echo "⚠️ No appcast.xml to commit"
exit 0
fi
cp appcast/appcast.xml appcast.xml
git config user.name "github-actions[bot]"
git config user.email "github-actions[bot]@users.noreply.github.com"
git fetch origin main
git checkout main
git add appcast.xml
git diff --cached --quiet && echo "No changes to appcast.xml" && exit 0
git commit -m "Update appcast.xml for v${GITHUB_REF#refs/tags/v}"
git push origin main
- name: Extract release notes from CHANGELOG.md
run: scripts/ci/extract-release-notes.sh "${GITHUB_REF#refs/tags/v}"
- name: Create GitHub Release
uses: softprops/action-gh-release@v1
with:
files: |
artifacts/*.dmg
artifacts/*.zip
body_path: release_notes.md
draft: false
prerelease: ${{ contains(github.ref, '-beta') || contains(github.ref, '-alpha') || contains(github.ref, '-rc') }}
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- name: Notify Telegram
if: success() && env.TELEGRAM_BOT_TOKEN != ''
env:
TELEGRAM_BOT_TOKEN: ${{ secrets.TELEGRAM_BOT_TOKEN }}
TELEGRAM_CHAT_ID: ${{ secrets.TELEGRAM_CHAT_ID }}
TELEGRAM_TOPIC_ID: ${{ secrets.TELEGRAM_TOPIC_ID }}
run: scripts/ci/notify-telegram.sh "${GITHUB_REF#refs/tags/v}"