mirror of
https://github.com/h3pdesign/Neon-Vision-Editor
synced 2026-04-21 21:37:17 +00:00
104 lines
3.5 KiB
YAML
104 lines
3.5 KiB
YAML
name: Release macOS app (unsigned dry-run)
|
|
|
|
on:
|
|
workflow_dispatch:
|
|
inputs:
|
|
tag:
|
|
description: "Existing Git tag to validate (e.g. v0.4.8)"
|
|
required: true
|
|
type: string
|
|
|
|
permissions:
|
|
contents: read
|
|
|
|
jobs:
|
|
release:
|
|
timeout-minutes: 90
|
|
concurrency:
|
|
group: unsigned-dry-run-${{ inputs.tag }}
|
|
cancel-in-progress: true
|
|
runs-on: macos-15
|
|
steps:
|
|
- name: Checkout (no external actions)
|
|
env:
|
|
TAG_NAME: ${{ inputs.tag }}
|
|
REPO: ${{ github.repository }}
|
|
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
|
|
SERVER_URL: ${{ github.server_url }}
|
|
run: |
|
|
set -euo pipefail
|
|
SERVER_HOST="${SERVER_URL#https://}"
|
|
git init
|
|
git remote add origin "https://x-access-token:${GH_TOKEN}@${SERVER_HOST}/${REPO}.git"
|
|
git fetch --depth=1 origin "refs/tags/${TAG_NAME}"
|
|
git checkout -b "release-${TAG_NAME}" FETCH_HEAD
|
|
|
|
- name: Show Xcode Version
|
|
run: |
|
|
set -euo pipefail
|
|
scripts/ci/select_xcode17.sh
|
|
|
|
- name: Build macOS archive
|
|
env:
|
|
ARCHIVE_PATH: ${{ runner.temp }}/NeonVisionEditor.xcarchive
|
|
run: |
|
|
set -euo pipefail
|
|
xcodebuild \
|
|
-project "Neon Vision Editor.xcodeproj" \
|
|
-scheme "Neon Vision Editor" \
|
|
-configuration Release \
|
|
-destination "generic/platform=macOS" \
|
|
-archivePath "$ARCHIVE_PATH" \
|
|
MACOSX_DEPLOYMENT_TARGET=15.5 \
|
|
CODE_SIGNING_ALLOWED=NO \
|
|
CODE_SIGNING_REQUIRED=NO \
|
|
CODE_SIGN_IDENTITY="" \
|
|
DEVELOPMENT_TEAM="" \
|
|
archive
|
|
|
|
- name: Verify app icon payload
|
|
env:
|
|
ARCHIVE_PATH: ${{ runner.temp }}/NeonVisionEditor.xcarchive
|
|
run: |
|
|
set -euo pipefail
|
|
APP="$ARCHIVE_PATH/Products/Applications/Neon Vision Editor.app"
|
|
scripts/ci/verify_icon_payload.sh "$APP"
|
|
|
|
- name: Zip app
|
|
env:
|
|
ARCHIVE_PATH: ${{ runner.temp }}/NeonVisionEditor.xcarchive
|
|
run: |
|
|
set -euo pipefail
|
|
APP_PATH="$ARCHIVE_PATH/Products/Applications/Neon Vision Editor.app"
|
|
if [[ ! -d "$APP_PATH" ]]; then
|
|
echo "App not found at $APP_PATH" >&2
|
|
exit 1
|
|
fi
|
|
ditto -c -k --sequesterRsrc --keepParent "$APP_PATH" "Neon.Vision.Editor.app.zip"
|
|
|
|
- name: Extract changelog section
|
|
env:
|
|
TAG_NAME: ${{ inputs.tag }}
|
|
run: |
|
|
set -euo pipefail
|
|
./scripts/extract_changelog_section.sh CHANGELOG.md "$TAG_NAME" > release-notes.md
|
|
|
|
- name: Validate release docs are in sync
|
|
env:
|
|
TAG_NAME: ${{ inputs.tag }}
|
|
run: |
|
|
set -euo pipefail
|
|
if grep -nE "^- TODO$" release-notes.md >/dev/null; then
|
|
echo "CHANGELOG section for ${TAG_NAME} still contains TODO entries." >&2
|
|
exit 1
|
|
fi
|
|
grep -nE "^> Latest release: \\*\\*${TAG_NAME}\\*\\*$" README.md >/dev/null
|
|
grep -nE "^- Latest release: \\*\\*${TAG_NAME}\\*\\*$" README.md >/dev/null
|
|
grep -nE "^\\| .*\\(https://github\\.com/h3pdesign/Neon-Vision-Editor/releases/tag/${TAG_NAME}\\) \\|" README.md >/dev/null
|
|
|
|
- name: Upload unsigned ZIP as workflow artifact
|
|
run: |
|
|
set -euo pipefail
|
|
mkdir -p unsigned-artifacts
|
|
cp Neon.Vision.Editor.app.zip unsigned-artifacts/
|
|
echo "Unsigned dry-run artifact prepared; this workflow never publishes GitHub release assets."
|