Rust

feat: Add Notarization and staple for macOS eim executables #117

Workflow file for this run

.github/workflows/build_rust.yaml at 1c40a39

	name: Rust

	on:
	push:
	tags:
	- 'v*'
	branches:
	- master
	pull_request:
	branches:
	- master

	jobs:
	build:
	name: Build for multiple platforms
	runs-on: ${{ matrix.os }}
	strategy:
	matrix:
	os: [ubuntu-latest, windows-latest, macos-latest, macos-12]

	steps:
	- name: Checkout repository
	uses: actions/checkout@v4

	- name: Set up Rust
	uses: actions-rs/toolchain@v1
	with:
	toolchain: stable
	override: true

	- name: Install OpenSSL (Windows)
	if: runner.os == 'Windows'
	shell: powershell
	run: \|
	echo "VCPKG_ROOT=$env:VCPKG_INSTALLATION_ROOT" \| Out-File -FilePath $env:GITHUB_ENV -Append
	vcpkg install openssl:x64-windows-static-md

	- name: Install OpenSSL (Macos)
	if: matrix.os == 'macos-latest'
	run: brew install openssl

	- name: Cache cargo registry
	uses: actions/cache@v4
	with:
	path: ~/.cargo/registry
	key: ${{ runner.os }}-cargo-registry
	restore-keys: \|
	${{ runner.os }}-cargo-registry

	- name: Cache cargo index
	uses: actions/cache@v4
	with:
	path: ~/.cargo/git
	key: ${{ runner.os }}-cargo-index
	restore-keys: \|
	${{ runner.os }}-cargo-index

	- name: Build
	run: cargo build --release

	# - name: Run tests
	# run: cargo test --release

	- name: Create release directory
	run: mkdir -p release

	- name: Create release system directory
	run: mkdir -p release/${{ matrix.os }}

	- name: Copy binary to release directory Windows
	if: matrix.os == 'windows-latest'
	run: cp target/release/idf-im-cli.exe release/${{ matrix.os }}/eim.exe

	- name: Copy binary to release directory POSIX
	if: matrix.os != 'windows-latest'
	run: cp target/release/idf-im-cli release/${{ matrix.os }}/eim

	- name: Codesign macOS eim executables
	if: startsWith(matrix.os, 'macos')
	env:
	MACOS_CERTIFICATE: ${{ secrets.MACOS_CERTIFICATE }}
	MACOS_CERTIFICATE_PWD: ${{ secrets.MACOS_CERTIFICATE_PWD }}
	run: \|
	echo $MACOS_CERTIFICATE \| base64 --decode > certificate.p12
	/usr/bin/security create-keychain -p espressif build.keychain
	/usr/bin/security default-keychain -s build.keychain
	/usr/bin/security unlock-keychain -p espressif build.keychain
	/usr/bin/security import certificate.p12 -k build.keychain -P $MACOS_CERTIFICATE_PWD -T /usr/bin/codesign
	/usr/bin/security set-key-partition-list -S apple-tool:,apple:,codesign: -s -k espressif build.keychain

	/usr/bin/codesign --options runtime --force -s "ESPRESSIF SYSTEMS (SHANGHAI) CO., LTD. (QWXF6GB4AV)" release/${{ matrix.os }}/eim -v
	/usr/bin/codesign -v -vvv --deep release/${{ matrix.os }}/eim

	- name: Zip eim executable for notarization
	if: startsWith(matrix.os, 'macos')
	run: \|
	cd release/${{ matrix.os }}
	zip eim.zip eim

	- name: Notarization of macOS eim executables
	# && github.ref == 'refs/heads/master'
	if: startsWith(matrix.os, 'macos')
	env:
	NOTARIZATION_USERNAME: ${{ secrets.NOTARIZATION_USERNAME }}
	NOTARIZATION_PASSWORD: ${{ secrets.NOTARIZATION_PASSWORD }}
	NOTARIZATION_TEAM_ID: ${{ secrets.NOTARIZATION_TEAM_ID }}
	run: \|
	echo "Create notary keychain"
	/usr/bin/security create-keychain -p espressif notary.keychain
	/usr/bin/security default-keychain -s notary.keychain
	/usr/bin/security unlock-keychain -p espressif notary.keychain

	echo "Create keychain profile"
	xcrun notarytool store-credentials "eim-notarytool-profile" --apple-id $NOTARIZATION_USERNAME --team-id $NOTARIZATION_TEAM_ID --password $NOTARIZATION_PASSWORD
	xcrun notarytool submit release/${{ matrix.os }}/eim.zip --keychain-profile "eim-notarytool-profile" --wait

	echo "Unzipping the executable"
	unzip -o release/${{ matrix.os }}/eim.zip -d release/${{ matrix.os }}

	# echo "Attach staple for eim executable"
	# xcrun stapler staple release/${{ matrix.os }}/eim

	- name: Upload build artifacts for POSIX
	uses: actions/upload-artifact@v4
	if: matrix.os != 'windows-latest'
	with:
	name: eim-${{ matrix.os }}
	path: release/${{ matrix.os }}/eim

	- name: Upload artifact for tag on POSIX
	if: startsWith(github.ref, 'refs/tags/') && matrix.os != 'windows-latest'
	uses: actions/upload-artifact@v4
	with:
	name: eim-${{ github.ref_name }}-${{ runner.os }}
	path: release/${{ matrix.os }}/eim

	- name: Upload build artifacts for Windows
	uses: actions/upload-artifact@v4
	if: matrix.os == 'windows-latest'
	with:
	name: eim-${{ matrix.os }}
	path: release/${{ matrix.os }}/eim.exe

	- name: Upload artifact for tag on Windows
	if: startsWith(github.ref, 'refs/tags/') && runner.os == 'Windows'
	uses: actions/upload-artifact@v4
	with:
	name: eim-${{ github.ref_name }}-${{ runner.os }}
	path: release/${{ matrix.os }}/eim.exe

	- name: Create aarch64-linux build
	if: matrix.os == 'ubuntu-latest'
	run: \|
	rustup target add aarch64-unknown-linux-gnu
	cargo install cross
	cross build --target aarch64-unknown-linux-gnu --release
	mkdir -p release/aarch64-unknown-linux-gnu
	cp target/aarch64-unknown-linux-gnu/release/idf-im-cli release/aarch64-unknown-linux-gnu/eim

	- name: Upload build artifacts for aarch64-linux
	uses: actions/upload-artifact@v4
	if: matrix.os == 'ubuntu-latest'
	with:
	name: eim-linux-arm64
	path: release/aarch64-unknown-linux-gnu/eim

	- name: Upload artifact for tag on aarch64-linux
	if: startsWith(github.ref, 'refs/tags/') && runner.os == 'Linux'
	uses: actions/upload-artifact@v4
	with:
	name: eim-${{ github.ref_name }}-linux-arm64
	path: release/aarch64-unknown-linux-gnu/eim

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

feat: Add Notarization and staple for macOS eim executables #117

Workflow file

feat: Add Notarization and staple for macOS eim executables #117

Jobs

Run details

Workflow file for this run