From b1f486518e3db19cca8ea9f33eb1d8d1afa247e7 Mon Sep 17 00:00:00 2001 From: Kenneth Chew Date: Fri, 20 May 2022 21:57:37 -0400 Subject: Use GitHub Actions to get signature for Sparkle Requires a secret called `SPARKLE_ED25519_KEY`, in the format of a private key file --- .github/workflows/build.yml | 23 ++++++++++++++++++++++- 1 file changed, 22 insertions(+), 1 deletion(-) (limited to '.github/workflows/build.yml') diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 0590b348..b6d6a9c3 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -100,7 +100,7 @@ jobs: run: | brew update brew install qt@5 ninja - + - name: Update Qt (AppImage) if: runner.os == 'Linux' && matrix.appimage == true run: | @@ -170,6 +170,27 @@ jobs: sudo codesign --sign - --deep --force --entitlements "../program_info/App.entitlements" --options runtime "PolyMC.app/Contents/MacOS/polymc" tar -czf ../PolyMC.tar.gz * + - name: Make Sparkle signature (macOS) + if: runner.os == 'macOS' + run: | + if [ '${{ secrets.SPARKLE_ED25519_KEY }}' != '' ]; then + brew install openssl@3 + echo '${{ secrets.SPARKLE_ED25519_KEY }}' > ed25519-priv.pem + signature=$(/usr/local/opt/openssl@3/bin/openssl pkeyutl -sign -rawin -in ${{ github.workspace }}/PolyMC.tar.gz -inkey ed25519-priv.pem | openssl base64 | tr -d \\n) + rm ed25519-priv.pem + cat >> $GITHUB_STEP_SUMMARY << EOF + ### Sparkle Signatures :memo: + + - macOS Archive: $signature + EOF + else + cat >> $GITHUB_STEP_SUMMARY << EOF + ### Sparkle Signatures :memo: + + - macOS Archive: No private key available (likely a pull request or fork) + EOF + fi + - name: Package (Windows) if: runner.os == 'Windows' shell: msys2 {0} -- cgit From 3bc02b9662b84c2ab86b5de1b08b4537177fde90 Mon Sep 17 00:00:00 2001 From: Kenneth Chew Date: Sat, 21 May 2022 13:23:02 -0400 Subject: Fix Sparkle signing step --- .github/workflows/build.yml | 14 ++++++++------ .github/workflows/trigger_builds.yml | 2 ++ 2 files changed, 10 insertions(+), 6 deletions(-) (limited to '.github/workflows/build.yml') diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index b6d6a9c3..abab0ed0 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -7,6 +7,10 @@ on: description: Type of build (Debug, Release, RelWithDebInfo, MinSizeRel) type: string default: Debug + secrets: + SPARKLE_ED25519_KEY: + description: Private key for signing Sparkle updates + required: false jobs: build: @@ -179,15 +183,13 @@ jobs: signature=$(/usr/local/opt/openssl@3/bin/openssl pkeyutl -sign -rawin -in ${{ github.workspace }}/PolyMC.tar.gz -inkey ed25519-priv.pem | openssl base64 | tr -d \\n) rm ed25519-priv.pem cat >> $GITHUB_STEP_SUMMARY << EOF - ### Sparkle Signatures :memo: - - - macOS Archive: $signature + ### Artifact Information :information_source: + - :memo: Sparkle Signature (ed25519): \`$signature\` EOF else cat >> $GITHUB_STEP_SUMMARY << EOF - ### Sparkle Signatures :memo: - - - macOS Archive: No private key available (likely a pull request or fork) + ### Artifact Information :information_source: + - :warning: Sparkle Signature (ed25519): No private key available (likely a pull request or fork) EOF fi diff --git a/.github/workflows/trigger_builds.yml b/.github/workflows/trigger_builds.yml index 3ec6bb95..ee9eb4ea 100644 --- a/.github/workflows/trigger_builds.yml +++ b/.github/workflows/trigger_builds.yml @@ -28,3 +28,5 @@ jobs: uses: ./.github/workflows/build.yml with: build_type: Debug + secrets: + SPARKLE_ED25519_KEY: ${{ secrets.SPARKLE_ED25519_KEY }} -- cgit