From f7ac88207ebb26067eb752ea9871f4a4c2c0c2da Mon Sep 17 00:00:00 2001 From: Jacob Heider Date: Tue, 21 Feb 2023 18:23:47 -0500 Subject: [PATCH] move codesigning before tests, since it can affect them --- .github/workflows/bottle.yml | 15 +-------------- .github/workflows/build.yml | 21 +++++++++++++++++++-- 2 files changed, 20 insertions(+), 16 deletions(-) diff --git a/.github/workflows/bottle.yml b/.github/workflows/bottle.yml index b468e2c2..5472ffa7 100644 --- a/.github/workflows/bottle.yml +++ b/.github/workflows/bottle.yml @@ -75,23 +75,10 @@ jobs: - run: tar xzvf artifacts.tgz - run: | - for file in built relative-paths srcs; do + for file in built srcs; do echo "$file=$(cat $file)" >>$GITHUB_ENV done - - uses: actions/checkout@v3 - if: startsWith(inputs.platform, 'darwin+') - with: - path: pantry - repository: teaxyz/pantry.core - - uses: ./pantry/.github/actions/apple-signing - if: startsWith(inputs.platform, 'darwin+') - with: - p12-file-base64: ${{ secrets.APPLE_CERTIFICATE_P12 }} - p12-password: ${{ secrets.APPLE_CERTIFICATE_P12_PASSWORD }} - identity: "Developer ID Application: Tea Inc. (7WV56FL599)" - paths: ${{ env.relative-paths}} - - run: | tea +gnupg.org gpg-agent --daemon || true echo $GPG_PRIVATE_KEY | \ diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 874326b7..cd0bc9dc 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -72,11 +72,28 @@ jobs: GITHUB_TOKEN: ${{ github.token }} FORCE_UNSAFE_CONFIGURE: 1 # some configure scripts refuse to run as root + - run: | + ABS_PATHS=$(echo $PATHS | tr ' ' '\n' | sed -e "s_^_$TEA_PREFIX/_" | tr '\n' ' ') + echo "paths=$ABS_PATHS" >> $GITHUB_OUTPUT + if: startsWith(inputs.platform, 'darwin+') + id: absolute-paths + env: + PATHS: ${{ steps.build.outputs.relative-paths }} + TEA_PREFIX: ${{ steps.tea.outputs.prefix }} + + # sign macOS binaries + - uses: teaxyz/pantry.core/.github/actions/apple-signing@main + if: startsWith(inputs.platform, 'darwin+') + with: + p12-file-base64: ${{ secrets.APPLE_CERTIFICATE_P12 }} + p12-password: ${{ secrets.APPLE_CERTIFICATE_P12_PASSWORD }} + identity: "Developer ID Application: Tea Inc. (7WV56FL599)" + paths: ${{ steps.absolute-paths.outputs.paths }} + # cache data we'll need in the bottling job - name: assemble artifact metadata run: | echo ${{ steps.build.outputs.pkgs }} >built - echo ${{ steps.build.outputs.relative-paths }} >relative-paths echo ${{ steps.build.outputs.srcs }} >srcs working-directory: ${{ steps.tea.outputs.prefix }} @@ -87,7 +104,7 @@ jobs: tar czvf $GITHUB_WORKSPACE/artifacts.tgz ${{ steps.build.outputs.relative-paths }} ${{ steps.build.outputs.srcs-relative-paths }} - built relative-paths srcs + built srcs working-directory: ${{ steps.tea.outputs.prefix }} - name: upload artifacts