Don't fail build if notarization is slow #12
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Build Release | |
| on: | |
| push: | |
| tags: | |
| - 'v*' | |
| permissions: | |
| contents: write | |
| jobs: | |
| build: | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| include: | |
| - name: macOS | |
| os: macos-latest | |
| arch: universal | |
| output: tinysystems-darwin-universal.dmg | |
| build_flags: "-platform darwin/universal" | |
| - name: Windows | |
| os: windows-latest | |
| arch: amd64 | |
| output: tinysystems-windows-amd64.exe | |
| build_flags: "-platform windows/amd64" | |
| - name: Linux | |
| os: ubuntu-latest | |
| arch: amd64 | |
| output: tinysystems-linux-amd64.deb | |
| build_flags: "-platform linux/amd64" | |
| runs-on: ${{ matrix.os }} | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: 0 | |
| - name: Setup Go | |
| uses: actions/setup-go@v5 | |
| with: | |
| go-version: '1.24.2' | |
| - name: Setup Node | |
| uses: actions/setup-node@v4 | |
| with: | |
| node-version: '20' | |
| - name: Install Wails | |
| run: go install github.com/wailsapp/wails/v2/cmd/wails@latest | |
| # macOS specific dependencies | |
| - name: Install macOS dependencies | |
| if: matrix.os == 'macos-latest' | |
| run: | | |
| # No additional dependencies needed for macOS | |
| # Import signing certificate (macOS only) | |
| - name: Import Code Signing Certificate | |
| if: matrix.os == 'macos-latest' | |
| env: | |
| MACOS_CERTIFICATE: ${{ secrets.MACOS_CERTIFICATE }} | |
| MACOS_CERTIFICATE_PWD: ${{ secrets.MACOS_CERTIFICATE_PWD }} | |
| run: | | |
| # Create temporary keychain for signing | |
| KEYCHAIN_PATH=$RUNNER_TEMP/app-signing.keychain-db | |
| KEYCHAIN_PASSWORD=$(openssl rand -base64 32) | |
| # Create and unlock keychain | |
| security create-keychain -p "$KEYCHAIN_PASSWORD" $KEYCHAIN_PATH | |
| security set-keychain-settings -lut 21600 $KEYCHAIN_PATH | |
| security unlock-keychain -p "$KEYCHAIN_PASSWORD" $KEYCHAIN_PATH | |
| # Import certificate | |
| echo $MACOS_CERTIFICATE | base64 --decode > certificate.p12 | |
| security import certificate.p12 -k $KEYCHAIN_PATH -P "$MACOS_CERTIFICATE_PWD" -T /usr/bin/codesign | |
| security set-key-partition-list -S apple-tool:,apple:,codesign: -s -k "$KEYCHAIN_PASSWORD" $KEYCHAIN_PATH | |
| # Add keychain to search list | |
| security list-keychain -d user -s $KEYCHAIN_PATH | |
| rm -f certificate.p12 | |
| # Windows specific dependencies | |
| - name: Install Windows dependencies | |
| if: matrix.os == 'windows-latest' | |
| run: | | |
| # WebView2 is included in Windows 10/11 | |
| # NSIS is pre-installed on GitHub runners | |
| # Linux specific dependencies | |
| - name: Install Linux dependencies | |
| if: matrix.os == 'ubuntu-latest' | |
| run: | | |
| sudo apt-get update | |
| sudo apt-get install -y \ | |
| libgtk-3-dev \ | |
| libwebkit2gtk-4.1-dev \ | |
| build-essential \ | |
| pkg-config \ | |
| dpkg-dev | |
| # Create symlink for webkit2gtk-4.0 to webkit2gtk-4.1 | |
| # Wails 2.11.0 still looks for webkit2gtk-4.0 | |
| sudo ln -sf /usr/lib/x86_64-linux-gnu/pkgconfig/webkit2gtk-4.1.pc /usr/lib/x86_64-linux-gnu/pkgconfig/webkit2gtk-4.0.pc | |
| - name: Install frontend dependencies | |
| run: | | |
| cd frontend | |
| npm install | |
| - name: Build application | |
| shell: bash | |
| run: | | |
| BUILD_TIME=$(date -u +%Y-%m-%dT%H:%M:%SZ) | |
| VERSION=${{ github.ref_name }} | |
| wails build ${{ matrix.build_flags }} -clean -o ${{ matrix.output }} -ldflags "-X main.BuildTime=${BUILD_TIME} -X main.Version=${VERSION}" | |
| env: | |
| CGO_ENABLED: 1 | |
| # Find and rename the built files | |
| - name: Prepare artifacts (macOS) | |
| if: matrix.os == 'macos-latest' | |
| env: | |
| APPLE_ID: ${{ secrets.APPLE_ID }} | |
| APPLE_APP_PASSWORD: ${{ secrets.APPLE_APP_PASSWORD }} | |
| APPLE_TEAM_ID: ${{ secrets.APPLE_TEAM_ID }} | |
| run: | | |
| # Wails creates a .app bundle, we need to create a DMG | |
| if [ -d "build/bin/tinysystems.app" ]; then | |
| APP_NAME="tinysystems.app" | |
| else | |
| echo "Error: No .app bundle found" | |
| ls -la build/bin/ | |
| exit 1 | |
| fi | |
| # Sign the app with entitlements | |
| if [ -n "${{ secrets.MACOS_CERTIFICATE }}" ]; then | |
| echo "Signing app with Developer ID certificate..." | |
| codesign --force --deep \ | |
| --sign "Developer ID Application: Tiny Systems Limited (74JHK2JWS7)" \ | |
| --entitlements build/darwin/entitlements.plist \ | |
| --options runtime \ | |
| --timestamp \ | |
| "build/bin/${APP_NAME}" | |
| # Verify signature | |
| codesign -dv --verbose=4 "build/bin/${APP_NAME}" | |
| # Create DMG | |
| hdiutil create -volname "TinySystems" \ | |
| -srcfolder "build/bin/${APP_NAME}" \ | |
| -ov -format UDZO \ | |
| "build/bin/${{ matrix.output }}" | |
| # Sign the DMG | |
| codesign --force \ | |
| --sign "Developer ID Application: Tiny Systems Limited (74JHK2JWS7)" \ | |
| --timestamp \ | |
| "build/bin/${{ matrix.output }}" | |
| # Notarize the DMG | |
| if [ -n "$APPLE_ID" ] && [ -n "$APPLE_APP_PASSWORD" ] && [ -n "$APPLE_TEAM_ID" ]; then | |
| echo "Submitting for notarization..." | |
| xcrun notarytool submit "build/bin/${{ matrix.output }}" \ | |
| --apple-id "$APPLE_ID" \ | |
| --password "$APPLE_APP_PASSWORD" \ | |
| --team-id "$APPLE_TEAM_ID" \ | |
| --wait --timeout 15m || echo "Warning: Notarization not yet complete (will be processed by Apple in background)" | |
| # Try to staple — if Apple hasn't finished yet, the DMG still works | |
| # (Gatekeeper checks online on first launch) | |
| xcrun stapler staple "build/bin/${{ matrix.output }}" || echo "Warning: Stapling failed — notarization may still be in progress" | |
| else | |
| echo "Warning: Notarization credentials not set. Skipping notarization." | |
| fi | |
| else | |
| echo "Warning: No signing certificate found. Using ad-hoc signature..." | |
| codesign --force --deep --sign - \ | |
| --entitlements build/darwin/entitlements.plist \ | |
| "build/bin/${APP_NAME}" | |
| hdiutil create -volname "TinySystems" \ | |
| -srcfolder "build/bin/${APP_NAME}" \ | |
| -ov -format UDZO \ | |
| "build/bin/${{ matrix.output }}" | |
| fi | |
| ls -la build/bin/ | |
| - name: Prepare artifacts (Windows) | |
| if: matrix.os == 'windows-latest' | |
| shell: bash | |
| run: | | |
| # Wails creates an exe in build/bin directory | |
| if [ -f "build/bin/tinysystems.exe" ]; then | |
| mv build/bin/tinysystems.exe build/bin/${{ matrix.output }} | |
| fi | |
| ls -la build/bin/ | |
| - name: Prepare artifacts (Linux) | |
| if: matrix.os == 'ubuntu-latest' | |
| run: | | |
| # Build DEB package | |
| if [ -f "build/bin/tinysystems" ]; then | |
| # Create DEB package structure | |
| mkdir -p build/deb/DEBIAN | |
| mkdir -p build/deb/usr/local/bin | |
| # Copy binary | |
| cp build/bin/tinysystems build/deb/usr/local/bin/tinysystems | |
| # Create control file | |
| cat > build/deb/DEBIAN/control << EOF | |
| Package: tinysystems | |
| Version: ${GITHUB_REF#refs/tags/v} | |
| Section: utils | |
| Priority: optional | |
| Architecture: amd64 | |
| Maintainer: Maksym Trofimenko <hello@tinysystems.io> | |
| Description: TinySystems Desktop Client | |
| Desktop client for TinySystems | |
| EOF | |
| # Build DEB package | |
| dpkg-deb --build build/deb build/bin/${{ matrix.output }} | |
| fi | |
| ls -la build/bin/ | |
| - name: Upload artifacts | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: ${{ matrix.output }} | |
| path: build/bin/${{ matrix.output }} | |
| if-no-files-found: error | |
| release: | |
| needs: build | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Download all artifacts | |
| uses: actions/download-artifact@v4 | |
| with: | |
| path: artifacts | |
| merge-multiple: true | |
| - name: List artifacts | |
| run: ls -la artifacts/ | |
| - name: Create Release | |
| uses: softprops/action-gh-release@v2 | |
| with: | |
| files: | | |
| artifacts/tinysystems-darwin-universal.dmg | |
| artifacts/tinysystems-windows-amd64.exe | |
| artifacts/tinysystems-linux-amd64.deb | |
| draft: false | |
| prerelease: false | |
| generate_release_notes: true | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} |