Build macOS release #107
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Build macOS release | |
| on: | |
| workflow_dispatch: | |
| inputs: | |
| borg_version: | |
| description: 'Borg version to package' | |
| required: true | |
| default: '1.4.4' | |
| macos_version: | |
| description: 'macOS runner image' | |
| required: true | |
| default: 'macos-26' | |
| type: choice | |
| options: | |
| - macos-26 | |
| - macos-26-intel | |
| - macos-15 | |
| - macos-15-intel | |
| env: | |
| PYTHON_VERSION: ${{ vars.PYTHON_VERSION || '3.12' }} | |
| jobs: | |
| build: | |
| runs-on: ${{ inputs.macos_version }} | |
| timeout-minutes: 120 | |
| steps: | |
| - name: Validate borg_version | |
| env: | |
| BORG_VERSION: ${{ inputs.borg_version }} | |
| run: | | |
| if ! [[ "$BORG_VERSION" =~ ^[0-9]+\.[0-9]+\.[0-9]+([ab][0-9]+)?$ ]]; then | |
| echo "Invalid borg_version: $BORG_VERSION" >&2 | |
| exit 1 | |
| fi | |
| - name: Check out selected branch | |
| uses: actions/checkout@v4 | |
| - name: Install uv | |
| uses: astral-sh/setup-uv@v4 | |
| with: | |
| enable-cache: true | |
| cache-dependency-glob: "uv.lock" | |
| - name: Set up Python ${{ env.PYTHON_VERSION }} | |
| run: uv python install "$PYTHON_VERSION" | |
| - name: Install system dependencies | |
| run: | | |
| brew install openssl readline xz | |
| - name: Install build dependencies | |
| run: | | |
| brew install --cask sparkle | |
| brew install create-dmg | |
| uv sync --group dev | |
| - name: Package with PyInstaller | |
| env: | |
| BORG_VERSION: ${{ inputs.borg_version }} | |
| run: | | |
| if [ "$(uname -m)" = "arm64" ]; then BORG_ARCHIVE="borg-macos-15-arm64-gh.tgz"; else BORG_ARCHIVE="borg-macos-15-x86_64-gh.tgz"; fi | |
| uv run pyinstaller --clean --noconfirm package/vorta.spec | |
| cp -R $(brew --prefix)/Caskroom/sparkle/*/Sparkle.framework dist/Vorta.app/Contents/Frameworks/ | |
| curl -LJO "https://github.com/borgbackup/borg/releases/download/${BORG_VERSION}/${BORG_ARCHIVE}" | |
| tar -xzf "./${BORG_ARCHIVE}" | |
| xattr -dr com.apple.quarantine ./borg-dir | |
| mv ./borg-dir dist/Vorta.app/Contents/Resources/ | |
| - name: Codesign executable | |
| continue-on-error: false | |
| working-directory: dist | |
| env: | |
| MACOS_CERTIFICATE: ${{ secrets.MACOS_CERTIFICATE }} | |
| MACOS_CERTIFICATE_PWD: ${{ secrets.MACOS_CERTIFICATE_PWD }} | |
| CERTIFICATE_NAME: ${{ secrets.MACOS_CERTIFICATE_NAME }} | |
| APPLE_ID_USER: ${{ secrets.APPLE_ID_USER }} | |
| APPLE_ID_PASSWORD: ${{ secrets.APPLE_ID_PASSWORD }} | |
| APPLE_TEAM_ID: ${{ secrets.APPLE_TEAM_ID }} | |
| run: | | |
| echo $MACOS_CERTIFICATE | base64 --decode > certificate.p12 | |
| security create-keychain -p 123 build.keychain | |
| security default-keychain -s build.keychain | |
| security unlock-keychain -p 123 build.keychain | |
| security import certificate.p12 -k build.keychain -A -P $MACOS_CERTIFICATE_PWD -T /usr/bin/codesign | |
| security set-key-partition-list -S apple-tool:,apple:,codesign: -s -k 123 build.keychain | |
| uv run python ../package/fix_app_qt_folder_names_for_codesign.py Vorta.app | |
| sh ../package/macos-package-app.sh | |
| - name: Rename DMG | |
| id: rename | |
| run: | | |
| VERSION=$(uv run python -c "from src.vorta._version import __version__; print(__version__)") | |
| if [ "$(uname -m)" = "arm64" ]; then ARCH="arm"; else ARCH="intel"; fi | |
| DMG_NAME="Vorta-v${VERSION}-${ARCH}.dmg" | |
| mv dist/Vorta.dmg "dist/${DMG_NAME}" | |
| echo "dmg_name=${DMG_NAME}" >> $GITHUB_OUTPUT | |
| # - name: Setup tmate session | |
| # uses: mxschmitt/action-tmate@v3 | |
| # if: ${{ failure() }} | |
| # timeout-minutes: 15 | |
| - name: Upload build | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: ${{ steps.rename.outputs.dmg_name }} | |
| path: dist/Vorta-v*-*.dmg | |
| retention-days: 60 |