Bump toitlang/action-macos-sign-notarize from 1.2.1 to 1.3.0 (#2972) #641
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Zero-Clause BSD License | |
| # Copyright (C) 2025 Toit contributors. | |
| # Permission to use, copy, modify, and/or distribute this software for any | |
| # purpose with or without fee is hereby granted. | |
| # THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES WITH | |
| # REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND | |
| # FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY SPECIAL, DIRECT, | |
| # INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM | |
| # LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR | |
| # OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR | |
| # PERFORMANCE OF THIS SOFTWARE. | |
| name: Upload full source tarball and debian package | |
| on: | |
| release: | |
| types: [published] | |
| push: | |
| env: | |
| RUN_AUR_FLOW: ${{ (github.event_name == 'release' && github.event.release.prerelease != true) && | |
| github.repository_owner == 'toitlang' }} | |
| jobs: | |
| build-and-upload: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout repository without submodules | |
| uses: actions/checkout@v6 | |
| with: | |
| submodules: false | |
| fetch-depth: 0 # Fetch all history so the archive has correct metadata. | |
| - name: Create tarball including mbedtls | |
| id: create-tarball | |
| shell: bash | |
| run: | | |
| version=${{ github.event.release.tag_name }} | |
| if [ -z "$version" ]; then | |
| version=$(cmake -DPRINT_VERSION=1 -P tools/gitversion.cmake) | |
| fi | |
| archive_name="toit-${version}-with-submodules.tar.gz" | |
| # Archive the Toit sources. | |
| prefix="toit-${version}/" | |
| git archive --format=tar --prefix="$prefix" HEAD | tar x | |
| # Archive the relevant submodules. | |
| # Initialize the top-level modules but not nested ones. This fills in the esp-idf submodule. | |
| git submodule update --depth=1 --init . | |
| esp_idf=${{ github.workspace }}/third_party/esp-idf | |
| # We only need mbedtls of the esp-idf submodule to build the host tools. | |
| # Don't bother initializing all the other components. | |
| cd $esp_idf | |
| git submodule update --depth=1 --init components/mbedtls | |
| paths_to_archive=( | |
| components/mbedtls | |
| components/mbedtls/mbedtls | |
| ) | |
| for path in "${paths_to_archive[@]}"; do | |
| cd $esp_idf/$path | |
| # Archive the mbedtls submodule. | |
| # The --prefix option is used to set the directory structure in the archive. | |
| # Tar needs to extract to the same directory structure as the original. | |
| git archive --format=tar --prefix="$prefix/third_party/esp-idf/$path/" HEAD . | tar x -C ${{ github.workspace }} | |
| done | |
| # Download bootstrap packages. | |
| cd "${{github.workspace}}/$prefix" | |
| make download-bootstrap-packages | |
| rm -rf build | |
| cd ${{ github.workspace }} | |
| echo "set(TOIT_GIT_VERSION \"$version\")" > "$prefix/version.cmake" | |
| cp third_party/esp-idf/LICENSE ${prefix}third_party/esp-idf/LICENSE | |
| tar -czf "$archive_name" "$prefix" | |
| echo "archive_name=$archive_name" >> $GITHUB_OUTPUT | |
| echo "archive_path=${{ github.workspace }}/$archive_name" >> $GITHUB_OUTPUT | |
| echo "archive_prefix=$prefix" >> $GITHUB_OUTPUT | |
| echo "version=$version" >> $GITHUB_OUTPUT | |
| - name: Upload tarball to artifacts | |
| uses: actions/upload-artifact@v6 | |
| with: | |
| path: ${{ steps.create-tarball.outputs.archive_path }} | |
| name: ${{ steps.create-tarball.outputs.archive_name }} | |
| - name: Upload tarball to release | |
| if: github.event_name == 'release' | |
| uses: svenstaro/upload-release-action@v2 | |
| with: | |
| repo_token: ${{ secrets.GITHUB_TOKEN }} | |
| file: ${{ steps.create-tarball.outputs.archive_path }} | |
| asset_name: ${{ steps.create-tarball.outputs.archive_name }} | |
| tag: ${{ github.event.release.tag_name }} | |
| overwrite: true | |
| outputs: | |
| version: ${{ steps.create-tarball.outputs.version }} | |
| archive_name: ${{ steps.create-tarball.outputs.archive_name }} | |
| archive_prefix: ${{ steps.create-tarball.outputs.archive_prefix }} | |
| run-aur-flow: ${{ env.RUN_AUR_FLOW }} | |
| test: | |
| needs: build-and-upload | |
| strategy: | |
| matrix: | |
| os: [ubuntu-latest, macos-latest, windows-latest] | |
| runs-on: ${{ matrix.os }} | |
| steps: | |
| - name: Download tarball from artifacts | |
| uses: actions/download-artifact@v7 | |
| with: | |
| name: ${{ needs.build-and-upload.outputs.archive_name }} | |
| - name: Set up Go | |
| uses: actions/setup-go@v6 | |
| with: | |
| go-version: stable | |
| - name: Extract tarball | |
| shell: bash | |
| run: | | |
| tar -xzf ${{ needs.build-and-upload.outputs.archive_name }} | |
| - name: Detect number of CPU cores and multiply | |
| id: detect_cores | |
| shell: bash | |
| run: | | |
| if [[ "$RUNNER_OS" == "Windows" ]]; then | |
| cores=$(powershell -Command '$env:NUMBER_OF_PROCESSORS') | |
| elif [[ "$RUNNER_OS" == "macOS" ]]; then | |
| cores=$(sysctl -n hw.ncpu) | |
| else | |
| cores=$(nproc) | |
| fi | |
| jobs=$(( cores * 2 )) | |
| echo "jobs=$jobs" >> $GITHUB_OUTPUT | |
| - name: Build | |
| env: | |
| CMAKE_BUILD_PARALLEL_LEVEL: ${{ steps.detect_cores.outputs.jobs }} | |
| run: | | |
| cd ${{ needs.build-and-upload.outputs.archive_prefix }} | |
| # Note that we build without any special requisites. With the exception of 'go', the | |
| # GitHub builders should have everything ready. | |
| mkdir build | |
| cmake -S . -B build --preset=default | |
| cmake --build build | |
| cmake --install build --prefix ${{ github.workspace }}/out/usr | |
| - name: Test | |
| shell: bash | |
| run: | | |
| out/usr/bin/toit version | |
| out/usr/lib/toit/bin/toit.compile --version | |
| out/usr/lib/toit/bin/toit.run --version | |
| out/usr/lib/toit/bin/toit.pkg version | |
| ls out/usr/lib/toit/lib/core/core.toit | |
| debian: | |
| needs: build-and-upload | |
| # Don't use the latest Ubuntu to make it more compatible with older systems. | |
| runs-on: ubuntu-22.04 | |
| steps: | |
| - name: Download tarball from artifacts | |
| uses: actions/download-artifact@v7 | |
| with: | |
| name: ${{ needs.build-and-upload.outputs.archive_name }} | |
| - name: Extract tarball | |
| shell: bash | |
| run: | | |
| tar -xzf ${{ needs.build-and-upload.outputs.archive_name }} | |
| mv ${{ needs.build-and-upload.outputs.archive_prefix }} toit | |
| - name: Build debian package | |
| shell: bash | |
| run: | | |
| cd toit | |
| version=${{ needs.build-and-upload.outputs.version }} | |
| # Remove the leading 'v' from the version if it exists. | |
| version_without_v=${version:1} | |
| sed -i "s/VERSION/$version_without_v/" debian/changelog | |
| sudo apt-get update | |
| sudo apt-get install -y devscripts debhelper dh-cmake | |
| # Install the dependencies for the Toit package. | |
| sudo apt build-dep . | |
| dpkg-buildpackage -us -uc -b | |
| - name: Check debian package | |
| shell: bash | |
| run: | | |
| # Check that the deb package is there. | |
| if [ ! -f *.deb ]; then | |
| find . | |
| echo "Deb package not found!" | |
| exit 1 | |
| fi | |
| # Check that the deb package can be installed. | |
| sudo dpkg -i *.deb | |
| # Check that the Toit version is correct. | |
| expected_version=${{ needs.build-and-upload.outputs.version }} | |
| pkg_version=$(dpkg -s toit | grep Version | cut -d ' ' -f 2) | |
| # Add the '-1' suffix that Debian packages have, and deal with the missing 'v' prefix. | |
| if [ "v$pkg_version" != "$expected_version-1" ]; then | |
| echo "Expected pkg version $expected_version-1 but got v$pkg_version" | |
| exit 1 | |
| fi | |
| toit_version=$(toit version) | |
| if [ "$toit_version" != "$expected_version" ]; then | |
| echo "Expected toit version $expected_version but got $toit_version" | |
| exit 1 | |
| fi | |
| - name: Upload debian package to artifacts | |
| uses: actions/upload-artifact@v6 | |
| with: | |
| name: toit-debian | |
| path: "*.deb" | |
| - name: Upload debian package to release | |
| if: github.event_name == 'release' | |
| uses: svenstaro/upload-release-action@v2 | |
| with: | |
| repo_token: ${{ secrets.GITHUB_TOKEN }} | |
| file: "*.deb" | |
| file_glob: true | |
| tag: ${{ github.event.release.tag_name }} | |
| overwrite: true | |
| AUR: | |
| name: Update AUR package | |
| runs-on: ubuntu-latest | |
| needs: [build-and-upload, test] | |
| if: needs.build-and-upload.outputs.run-aur-flow == 'true' | |
| steps: | |
| # This shouldn't be necessary, but the archlinux-package-action | |
| # doesn't work without it. | |
| - uses: actions/checkout@v6 | |
| - name: Ssh | |
| env: | |
| AUR_SSH_KEY: ${{ secrets.AUR_SSH_KEY }} | |
| run: | | |
| echo "$AUR_SSH_KEY" > ${{ github.workspace }}/aur_ssh_key | |
| chmod 600 ${{ github.workspace }}/aur_ssh_key | |
| mkdir -p $HOME/.ssh | |
| echo "Host aur.archlinux.org" >> $HOME/.ssh/config | |
| echo " IdentityFile ${{ github.workspace }}/aur_ssh_key" >> $HOME/.ssh/config | |
| echo " User aur" >> $HOME/.ssh/config | |
| ssh-keyscan -H aur.archlinux.org > $HOME/.ssh/known_hosts | |
| - name: Fetch AUR package | |
| run: | | |
| git clone ssh://aur@aur.archlinux.org/toit.git | |
| - name: Configure git | |
| run: | | |
| cd toit | |
| git config user.email "leon@toit.io" | |
| git config user.name "Leon Gungadin Mogensen" | |
| - name: Update AUR package | |
| shell: bash | |
| run: | | |
| cd toit | |
| sed -i "s/_pkgver=.*/_pkgver=\"${{ needs.build-and-upload.outputs.version }}\"/g" PKGBUILD | |
| sed -i "s/pkgrel=.*/pkgrel=1/g" PKGBUILD | |
| - name: Update pkgsums and .SRCINFO for toit | |
| uses: toitlang/archlinux-package-action@main | |
| with: | |
| path: toit | |
| flags: '' | |
| namcap: false | |
| updpkgsums: true | |
| srcinfo: true | |
| - name: Upload toit | |
| run: | | |
| cd toit | |
| cat PKGBUILD | |
| cat .SRCINFO | |
| git commit -am "Update to version ${{ needs.build-and-upload.outputs.version }}" | |
| git push origin master |