Fix branding: TinySystems → Tiny Systems #15
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Build Release | |
| on: | |
| push: | |
| tags: | |
| - 'v*' | |
| permissions: | |
| contents: write | |
| jobs: | |
| build: | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| include: | |
| - name: macOS | |
| os: macos-latest | |
| arch: universal | |
| output: tinysystems-darwin-universal.dmg | |
| build_flags: "-platform darwin/universal" | |
| - name: Windows | |
| os: windows-latest | |
| arch: amd64 | |
| output: tinysystems-windows-amd64.exe | |
| build_flags: "-platform windows/amd64" | |
| - name: Linux | |
| os: ubuntu-latest | |
| arch: amd64 | |
| output: tinysystems-linux-amd64.deb | |
| build_flags: "-platform linux/amd64" | |
| runs-on: ${{ matrix.os }} | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: 0 | |
| - name: Setup Go | |
| uses: actions/setup-go@v5 | |
| with: | |
| go-version: '1.24.2' | |
| - name: Setup Node | |
| uses: actions/setup-node@v4 | |
| with: | |
| node-version: '20' | |
| - name: Install Wails | |
| run: go install github.com/wailsapp/wails/v2/cmd/wails@latest | |
| # macOS specific dependencies | |
| - name: Install macOS dependencies | |
| if: matrix.os == 'macos-latest' | |
| run: | | |
| # No additional dependencies needed for macOS | |
| # Import signing certificate (macOS only) | |
| - name: Import Code Signing Certificate | |
| if: matrix.os == 'macos-latest' | |
| env: | |
| MACOS_CERTIFICATE: ${{ secrets.MACOS_CERTIFICATE }} | |
| MACOS_CERTIFICATE_PWD: ${{ secrets.MACOS_CERTIFICATE_PWD }} | |
| run: | | |
| # Create temporary keychain for signing | |
| KEYCHAIN_PATH=$RUNNER_TEMP/app-signing.keychain-db | |
| KEYCHAIN_PASSWORD=$(openssl rand -base64 32) | |
| # Create and unlock keychain | |
| security create-keychain -p "$KEYCHAIN_PASSWORD" $KEYCHAIN_PATH | |
| security set-keychain-settings -lut 21600 $KEYCHAIN_PATH | |
| security unlock-keychain -p "$KEYCHAIN_PASSWORD" $KEYCHAIN_PATH | |
| # Import certificate | |
| echo $MACOS_CERTIFICATE | base64 --decode > certificate.p12 | |
| security import certificate.p12 -k $KEYCHAIN_PATH -P "$MACOS_CERTIFICATE_PWD" -T /usr/bin/codesign | |
| security set-key-partition-list -S apple-tool:,apple:,codesign: -s -k "$KEYCHAIN_PASSWORD" $KEYCHAIN_PATH | |
| # Add keychain to search list | |
| security list-keychain -d user -s $KEYCHAIN_PATH | |
| rm -f certificate.p12 | |
| # Windows specific dependencies | |
| - name: Install Windows dependencies | |
| if: matrix.os == 'windows-latest' | |
| run: | | |
| # WebView2 is included in Windows 10/11 | |
| # NSIS is pre-installed on GitHub runners | |
| # Linux specific dependencies | |
| - name: Install Linux dependencies | |
| if: matrix.os == 'ubuntu-latest' | |
| run: | | |
| sudo apt-get update | |
| sudo apt-get install -y \ | |
| libgtk-3-dev \ | |
| libwebkit2gtk-4.1-dev \ | |
| build-essential \ | |
| pkg-config \ | |
| dpkg-dev | |
| # Create symlink for webkit2gtk-4.0 to webkit2gtk-4.1 | |
| # Wails 2.11.0 still looks for webkit2gtk-4.0 | |
| sudo ln -sf /usr/lib/x86_64-linux-gnu/pkgconfig/webkit2gtk-4.1.pc /usr/lib/x86_64-linux-gnu/pkgconfig/webkit2gtk-4.0.pc | |
| - name: Install frontend dependencies | |
| run: | | |
| cd frontend | |
| npm install | |
| - name: Build application | |
| shell: bash | |
| run: | | |
| BUILD_TIME=$(date -u +%Y-%m-%dT%H:%M:%SZ) | |
| VERSION=${{ github.ref_name }} | |
| wails build ${{ matrix.build_flags }} -clean -o ${{ matrix.output }} -ldflags "-X main.BuildTime=${BUILD_TIME} -X main.Version=${VERSION}" | |
| env: | |
| CGO_ENABLED: 1 | |
| # Find and rename the built files | |
| - name: Prepare artifacts (macOS) | |
| if: matrix.os == 'macos-latest' | |
| env: | |
| APPLE_ID: ${{ secrets.APPLE_ID }} | |
| APPLE_APP_PASSWORD: ${{ secrets.APPLE_APP_PASSWORD }} | |
| APPLE_TEAM_ID: ${{ secrets.APPLE_TEAM_ID }} | |
| run: | | |
| # Wails creates a .app bundle, we need to create a DMG | |
| if [ -d "build/bin/tinysystems.app" ]; then | |
| APP_NAME="tinysystems.app" | |
| else | |
| echo "Error: No .app bundle found" | |
| ls -la build/bin/ | |
| exit 1 | |
| fi | |
| # Sign the app with entitlements | |
| if [ -n "${{ secrets.MACOS_CERTIFICATE }}" ]; then | |
| echo "Signing app with Developer ID certificate..." | |
| codesign --force --deep \ | |
| --sign "Developer ID Application: Tiny Systems Limited (74JHK2JWS7)" \ | |
| --entitlements build/darwin/entitlements.plist \ | |
| --options runtime \ | |
| --timestamp \ | |
| "build/bin/${APP_NAME}" | |
| # Verify signature | |
| codesign -dv --verbose=4 "build/bin/${APP_NAME}" | |
| # Create DMG | |
| hdiutil create -volname "TinySystems" \ | |
| -srcfolder "build/bin/${APP_NAME}" \ | |
| -ov -format UDZO \ | |
| "build/bin/${{ matrix.output }}" | |
| # Sign the DMG | |
| codesign --force \ | |
| --sign "Developer ID Application: Tiny Systems Limited (74JHK2JWS7)" \ | |
| --timestamp \ | |
| "build/bin/${{ matrix.output }}" | |
| # Notarize the DMG (two-phase: submit, then poll until done) | |
| if [ -n "$APPLE_ID" ] && [ -n "$APPLE_APP_PASSWORD" ] && [ -n "$APPLE_TEAM_ID" ]; then | |
| echo "Submitting for notarization..." | |
| SUBMIT_OUTPUT=$(xcrun notarytool submit "build/bin/${{ matrix.output }}" \ | |
| --apple-id "$APPLE_ID" \ | |
| --password "$APPLE_APP_PASSWORD" \ | |
| --team-id "$APPLE_TEAM_ID" \ | |
| --output-format json 2>&1) | |
| echo "$SUBMIT_OUTPUT" | |
| SUBMISSION_ID=$(echo "$SUBMIT_OUTPUT" | python3 -c "import sys,json; print(json.load(sys.stdin)['id'])" 2>/dev/null || true) | |
| if [ -z "$SUBMISSION_ID" ]; then | |
| echo "Error: Failed to extract submission ID" | |
| else | |
| echo "Submission ID: $SUBMISSION_ID" | |
| echo "Polling for notarization status (up to 60 minutes)..." | |
| MAX_ATTEMPTS=60 | |
| POLL_INTERVAL=60 | |
| for i in $(seq 1 $MAX_ATTEMPTS); do | |
| sleep $POLL_INTERVAL | |
| STATUS_OUTPUT=$(xcrun notarytool info "$SUBMISSION_ID" \ | |
| --apple-id "$APPLE_ID" \ | |
| --password "$APPLE_APP_PASSWORD" \ | |
| --team-id "$APPLE_TEAM_ID" \ | |
| --output-format json 2>&1) | |
| STATUS=$(echo "$STATUS_OUTPUT" | python3 -c "import sys,json; print(json.load(sys.stdin)['status'])" 2>/dev/null || true) | |
| echo "Attempt $i/$MAX_ATTEMPTS: status=$STATUS" | |
| if [ "$STATUS" = "Accepted" ]; then | |
| echo "Notarization accepted! Stapling ticket..." | |
| xcrun stapler staple "build/bin/${{ matrix.output }}" | |
| echo "Stapling complete." | |
| break | |
| elif [ "$STATUS" = "Invalid" ] || [ "$STATUS" = "Rejected" ]; then | |
| echo "Notarization failed with status: $STATUS" | |
| xcrun notarytool log "$SUBMISSION_ID" \ | |
| --apple-id "$APPLE_ID" \ | |
| --password "$APPLE_APP_PASSWORD" \ | |
| --team-id "$APPLE_TEAM_ID" 2>&1 || true | |
| break | |
| fi | |
| done | |
| if [ "$STATUS" != "Accepted" ] && [ "$STATUS" != "Invalid" ] && [ "$STATUS" != "Rejected" ]; then | |
| echo "Warning: Notarization still in progress after 60 minutes. DMG will work but isn't stapled." | |
| fi | |
| fi | |
| else | |
| echo "Warning: Notarization credentials not set. Skipping notarization." | |
| fi | |
| else | |
| echo "Warning: No signing certificate found. Using ad-hoc signature..." | |
| codesign --force --deep --sign - \ | |
| --entitlements build/darwin/entitlements.plist \ | |
| "build/bin/${APP_NAME}" | |
| hdiutil create -volname "TinySystems" \ | |
| -srcfolder "build/bin/${APP_NAME}" \ | |
| -ov -format UDZO \ | |
| "build/bin/${{ matrix.output }}" | |
| fi | |
| ls -la build/bin/ | |
| - name: Prepare artifacts (Windows) | |
| if: matrix.os == 'windows-latest' | |
| shell: bash | |
| run: | | |
| # Wails creates an exe in build/bin directory | |
| if [ -f "build/bin/tinysystems.exe" ]; then | |
| mv build/bin/tinysystems.exe build/bin/${{ matrix.output }} | |
| fi | |
| ls -la build/bin/ | |
| - name: Prepare artifacts (Linux) | |
| if: matrix.os == 'ubuntu-latest' | |
| run: | | |
| # Build DEB package | |
| if [ -f "build/bin/tinysystems" ]; then | |
| # Create DEB package structure | |
| mkdir -p build/deb/DEBIAN | |
| mkdir -p build/deb/usr/local/bin | |
| # Copy binary | |
| cp build/bin/tinysystems build/deb/usr/local/bin/tinysystems | |
| # Create control file | |
| cat > build/deb/DEBIAN/control << EOF | |
| Package: tinysystems | |
| Version: ${GITHUB_REF#refs/tags/v} | |
| Section: utils | |
| Priority: optional | |
| Architecture: amd64 | |
| Maintainer: Maksym Trofimenko <hello@tinysystems.io> | |
| Description: TinySystems Desktop Client | |
| Desktop client for TinySystems | |
| EOF | |
| # Build DEB package | |
| dpkg-deb --build build/deb build/bin/${{ matrix.output }} | |
| fi | |
| ls -la build/bin/ | |
| - name: Upload artifacts | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: ${{ matrix.output }} | |
| path: build/bin/${{ matrix.output }} | |
| if-no-files-found: error | |
| release: | |
| needs: build | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Download all artifacts | |
| uses: actions/download-artifact@v4 | |
| with: | |
| path: artifacts | |
| merge-multiple: true | |
| - name: List artifacts | |
| run: ls -la artifacts/ | |
| - name: Create Release | |
| uses: softprops/action-gh-release@v2 | |
| with: | |
| files: | | |
| artifacts/tinysystems-darwin-universal.dmg | |
| artifacts/tinysystems-windows-amd64.exe | |
| artifacts/tinysystems-linux-amd64.deb | |
| draft: false | |
| prerelease: false | |
| generate_release_notes: true | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} |