fix: LC+SS incorrect handling for ALTCertificate placement (#67) #211
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: "Build & Bundle" | |
| on: | |
| push: | |
| branches: | |
| - main | |
| paths: | |
| - "crates/**" | |
| - "Cargo.toml" | |
| - "Cargo.lock" | |
| - "apps/**" | |
| - "package/**" | |
| - ".github/workflows/build.yml" | |
| workflow_dispatch: | |
| env: | |
| BINARY_NAME: plumeimpactor | |
| BINARY_NAME_CLI: plumesign | |
| BUNDLE_NAME: Impactor | |
| jobs: | |
| build-linux: | |
| runs-on: ${{ matrix.os }} | |
| strategy: | |
| fail-fast: true | |
| matrix: | |
| include: | |
| - os: ubuntu-22.04 | |
| arch: x86_64 | |
| - os: ubuntu-22.04-arm | |
| arch: aarch64 | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - uses: dtolnay/rust-toolchain@stable | |
| - uses: snok/install-poetry@v1 | |
| - uses: actions/setup-python@v6 | |
| with: | |
| python-version: "3.14" | |
| - name: Install and cache apt pkgs | |
| uses: awalsh128/cache-apt-pkgs-action@latest | |
| with: | |
| packages: flatpak flatpak-builder libglib2.0-dev libsecret-1-dev libgtk-3-dev libpng-dev libjpeg-dev libgl1-mesa-dev libglu1-mesa-dev libxkbcommon-dev libexpat1-dev libtiff-dev | |
| version: 1.0 | |
| - name: Build binaries | |
| run: | | |
| make linux PROFILE=release APPIMAGE=1 | |
| - name: Upload binaries | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: ${{ env.BINARY_NAME }}-linux-${{ matrix.arch }} | |
| path: dist/* | |
| build-windows: | |
| runs-on: windows-latest | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - uses: dtolnay/rust-toolchain@stable | |
| - uses: ilammy/msvc-dev-cmd@v1 | |
| - name: Build binaries | |
| run: | | |
| choco install nsis.portable | |
| make windows PROFILE=release NSIS=1 | |
| - name: Upload Bundles | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: ${{ env.BINARY_NAME }}-windows | |
| path: dist/*.exe | |
| build-macos-slices: | |
| runs-on: ${{ matrix.os }} | |
| strategy: | |
| matrix: | |
| include: | |
| - os: macos-latest | |
| target: aarch64-apple-darwin | |
| arch: arm | |
| - os: macos-15-intel | |
| target: x86_64-apple-darwin | |
| arch: intel | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - uses: dtolnay/rust-toolchain@stable | |
| - name: Build binaries (${{ matrix.arch }}) | |
| run: | | |
| make macos PROFILE=release | |
| - name: Upload ${{ matrix.arch }} Slice | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: ${{ env.BINARY_NAME }}-macos-slice-${{ matrix.arch }} | |
| path: dist/* | |
| build-macos-universal: | |
| runs-on: macos-latest | |
| needs: [build-macos-slices] | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Get ARM Slice | |
| uses: actions/download-artifact@v4 | |
| with: | |
| name: ${{ env.BINARY_NAME }}-macos-slice-arm | |
| path: dist/slices | |
| - name: Get Intel Slice | |
| uses: actions/download-artifact@v4 | |
| with: | |
| name: ${{ env.BINARY_NAME }}-macos-slice-intel | |
| path: dist/slices | |
| - name: Setup Certificates | |
| uses: apple-actions/import-codesign-certs@v5 | |
| with: | |
| p12-file-base64: ${{ secrets.DEV_ID_P12_BASE64 }} | |
| p12-password: ${{ secrets.DEV_ID_P12_PASSWORD }} | |
| - name: Download CreateDMG | |
| run: | | |
| brew install create-dmg | |
| - name: Create Universal Binary | |
| run: | | |
| make macos BIN1=dist/slices/${{ env.BINARY_NAME }}-macos-arm64 BIN2=dist/slices/${{ env.BINARY_NAME }}-macos-x86_64 BUNDLE=1 ARCH=universal | |
| make macos BIN1=dist/slices/${{ env.BINARY_NAME_CLI }}-macos-arm64 BIN2=dist/slices/${{ env.BINARY_NAME_CLI }}-macos-x86_64 ARCH=universal | |
| - name: Codesign | |
| run: | | |
| mkdir -p dist/dmg | |
| mv dist/${{ env.BUNDLE_NAME }}.app dist/dmg/ | |
| codesign --deep --force --options runtime \ | |
| --sign "${{ secrets.DEV_ID_IDENTITY_NAME }}" dist/dmg/${{ env.BUNDLE_NAME }}.app | |
| - name: Create DMG | |
| run: | | |
| mkdir -p dist/out | |
| create-dmg \ | |
| --volname ${{ env.BUNDLE_NAME }} \ | |
| --background "package/macos/background.png" \ | |
| --window-pos 200 120 \ | |
| --window-size 510 350 \ | |
| --icon-size 100 \ | |
| --icon ${{ env.BUNDLE_NAME }}.app 160 155 \ | |
| --hide-extension "${{ env.BUNDLE_NAME }}.app" \ | |
| --app-drop-link 350 155 \ | |
| dist/${{ env.BUNDLE_NAME }}-macos-universal.dmg dist/dmg | |
| - name: Notarize DMG | |
| run: | | |
| xcrun notarytool submit dist/${{ env.BUNDLE_NAME }}-macos-universal.dmg --apple-id "${{ secrets.APPLE_ID_EMAIL }}" --password "${{ secrets.APPLE_ID_PASSWORD }}" --team-id "${{ secrets.APPLE_ID_TEAM }}" --wait | |
| xcrun stapler staple dist/${{ env.BUNDLE_NAME }}-macos-universal.dmg | |
| - name: Upload Universal DMG | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: ${{ env.BINARY_NAME }}-macos-universal | |
| path: | | |
| dist/${{ env.BUNDLE_NAME }}-macos-universal.dmg | |
| dist/${{ env.BINARY_NAME_CLI }}-macos-universal |