@@ -8,12 +8,58 @@ permissions:
88jobs :
99 build-mac :
1010 runs-on : macos-latest
11+ env :
12+ GH_TOKEN : ${{ secrets.GITHUB_TOKEN }}
1113
1214 steps :
1315 - name : Checkout code
1416 uses : actions/checkout@v4
1517 with :
1618 submodules : recursive
19+ fetch-depth : 0 # Fetch full history for branches
20+
21+ - name : Keys and certificates
22+ env :
23+ APPLE_CERT_DATA : ${{ secrets.CSC_INSTALLER_LINK }}
24+ APPLE_CERT_PASSWORD : ${{ secrets.CSC_INSTALLER_KEY_PASSWORD }}
25+ DEVELOPER_APP_CER : ${{ secrets.CSC_LINK}}
26+ DEVELOPER_APP_KEY : ${{ secrets.CSC_KEY_PASSWORD }}
27+
28+ run : |
29+ CERTIFICATE_PATH=$RUNNER_TEMP/build_certificate.p12
30+ echo -n "$APPLE_CERT_DATA" | base64 --decode -o certificate_installer.p12
31+ echo -n "$DEVELOPER_APP_CER" | base64 --decode -o certificate_application.p12
32+
33+ KEYCHAIN_PATH=$RUNNER_TEMP/app-signing.keychain-db
34+ security create-keychain -p "${{ secrets.CSC_KEY_PASSWORD }}" $KEYCHAIN_PATH
35+ security set-keychain-settings -lut 21600 $KEYCHAIN_PATH
36+ security unlock-keychain -p "${{ secrets.CSC_KEY_PASSWORD }}" $KEYCHAIN_PATH
37+
38+ security import certificate_installer.p12 -P "${{ secrets.CSC_KEY_PASSWORD }}" -A -t cert -f pkcs12 -k $KEYCHAIN_PATH
39+ security import certificate_application.p12 -P "${{ secrets.CSC_KEY_PASSWORD }}" -A -t cert -f pkcs12 -k $KEYCHAIN_PATH
40+ security list-keychain -d user -s $KEYCHAIN_PATH
41+ # Store as a keychain profile (for signing)
42+
43+ name : keychain profile
44+ env :
45+ APPLE_NOTARY_USER : ${{ secrets.APPLE_ID }}
46+ APPLE_NOTARY_PASSWORD : ${{ secrets.APPLE_ID_PASSWORD }}
47+ APPLE_TEAM_ID : ${{ secrets.APPLE_TEAM_ID }}
48+ run : |
49+ xcrun notarytool store-credentials "notarytool-password" --apple-id "$APPLE_NOTARY_USER" --team-id "$APPLE_TEAM_ID" --password "$APPLE_NOTARY_PASSWORD"
50+
51+ name : Checking out the correct branches for submodules
52+ run : |
53+ git submodule foreach '
54+ if [ "$name" = "pythonCode/submodules/MEDimage" ]; then
55+ git fetch origin && git checkout -B dev_lab origin/dev_lab && git pull origin dev_lab
56+ elif [ "$name" = "pythonCode/submodules/MEDprofiles" ]; then
57+ git fetch origin && git checkout -B fusion_MEDomicsLab origin/fusion_MEDomicsLab && git pull origin fusion_MEDomicsLab
58+ else
59+ echo "No branch specified for $name"
60+ fi
61+ '
62+
1763name : Setup Go
1864 uses : actions/setup-go@v4
1965 with :
3783 uses : actions/setup-python@v2
3884 with :
3985 python-version : 3.9
40- - name : Bash python 1st try
41- run : |
42- echo $PATH
43- python --version
44- which python
45- name : Bash python 2nd try
46- run : |
47- echo $PATH
48- python --version
49- which python
50- shell : bash {0}
51- - name : Bash python 3rd try
86+
87+ - name : Bash python version
5288 run : |
5389 echo $PATH
5490 python --version
67103name : Install dependencies
68104 run : npm install
69105
70- - uses : actions/checkout@v4
71-
72106 - name : Cache node modules
73107 id : cache-npm
74108 uses : actions/cache@v3
@@ -103,20 +137,80 @@ jobs:
103137 - name : Allocate more memory
104138 run : export NODE_OPTIONS=--max-old-space-size=8192
105139
106- - name : Build for Mac
107- run : npm run build:mac
108-
109140 - name : Get tag name
110141 id : get-tag
111142 run : |
112143 VERSION=${GITHUB_REF/refs\/tags\//}
113- echo "::set-output name=VERSION::${VERSION#m}"
144+ echo "VERSION=${VERSION#v}" >> "$GITHUB_OUTPUT"
145+
146+ name : dotenv file
147+ run : |
148+ echo "DEVELOPER_ID_APP='${{ secrets.DEVELOPER_ID_APP }}'" >> .env
149+ echo "DEVELOPER_ID_INSTALLER='${{ secrets.DEVELOPER_ID_INSTALLER }}'" >> .env
150+
151+ name : Build for Mac
152+ env :
153+ APPLE_ID : ${{ secrets.APPLE_ID }}
154+ APPLE_APP_SPECIFIC_PASSWORD : ${{ secrets.APPLE_ID_PASSWORD }}
155+ APPLE_TEAM_ID : ${{ secrets.APPLE_TEAM_ID }}
156+ CSC_LINK : ${{ secrets.CSC_LINK }}
157+ CSC_KEY_PASSWORD : ${{ secrets.CSC_KEY_PASSWORD }}
158+ CSC_INSTALLER_LINK : ${{ secrets.CSC_INSTALLER_LINK }}
159+ CSC_INSTALLER_KEY_PASSWORD : ${{ secrets.CSC_INSTALLER_KEY_PASSWORD }}
160+ run : |
161+ npm run build:mac
162+
163+ name : Notarize Mac .pkg
164+ id : notarize-pkg
165+ continue-on-error : true
166+ env :
167+ VERSION : ${{ steps.get-tag.outputs.VERSION }}
168+ run : |
169+ xcrun notarytool submit build/dist/MEDomics-${{ env.VERSION }}-mac.pkg --keychain-profile "notarytool-password" --wait
170+
171+ name : staple
172+ continue-on-error : true
173+ env :
174+ VERSION : ${{ steps.get-tag.outputs.VERSION }}
175+ APPLE_ID : ${{ secrets.APPLE_ID }}
176+ APPLE_APP_SPECIFIC_PASSWORD : ${{ secrets.APPLE_ID_PASSWORD }}
177+ APPLE_TEAM_ID : ${{ secrets.APPLE_TEAM_ID }}
178+ run : |
179+ xcrun stapler staple build/dist/MEDomics-${{ env.VERSION }}-mac.pkg
114180
115181name : Archive Mac
116182 uses : actions/upload-artifact@v4
117183 with :
118184 name : mac-built
119- path : ./build/dist/MEDomicsLab-${{ env.VERSION }}-mac.dmg
185+ path : ./build/dist/MEDomics-${{ env.VERSION }}-mac.pkg
186+ compression-level : 0
187+ env :
188+ VERSION : ${{ steps.get-tag.outputs.VERSION }}
189+
190+ - name : Archive Mac
191+ uses : actions/upload-artifact@v4
192+ with :
193+ name : mac-built-pkg
194+ path : ./build/dist/MEDomics-${{ env.VERSION }}-mac.pkg
195+ compression-level : 0
196+ env :
197+ VERSION : ${{ steps.get-tag.outputs.VERSION }}
198+
199+ - name : Archive Mac DMG
200+ uses : actions/upload-artifact@v4
201+ with :
202+ name : mac-built-dmg
203+ path : ./build/dist/MEDomics-${{ env.VERSION }}-mac.dmg
204+ compression-level : 0
205+ env :
206+ VERSION : ${{ steps.get-tag.outputs.VERSION }}
207+
208+ - name : Archive Mac DMG
209+ uses : actions/upload-artifact@v4
210+ with :
211+ name : mac-built-zip
212+ path : ./build/dist/MEDomics-${{ env.VERSION }}-mac.zip
213+ compression-level : 0
120214 env :
121215 VERSION : ${{ steps.get-tag.outputs.VERSION }}
122216
@@ -128,10 +222,20 @@ jobs:
128222 - name : Checkout code
129223 uses : actions/checkout@v4
130224
131- - name : Download Mac
225+ - name : Download Mac PKG
132226 uses : actions/download-artifact@v4
133227 with :
134- name : mac-built
228+ name : mac-built-pkg
229+
230+ - name : Download Mac DMG
231+ uses : actions/download-artifact@v4
232+ with :
233+ name : mac-built-dmg
234+
235+ - name : Download Mac ZIP
236+ uses : actions/download-artifact@v4
237+ with :
238+ name : mac-built-zip
135239
136240 - name : Install zip
137241 run : sudo apt-get install zip
@@ -148,27 +252,31 @@ jobs:
148252 ls -R
149253
150254name : zip Mac
151- run : zip -r MEDomicsLab-PythonEnv-mac.zip ./create_conda_env_mac.sh ./requirements_mac.txt
255+ run : zip -r MEDomics-PythonEnv-mac.zip ./create_conda_env_mac.sh ./requirements_mac.txt
256+
152257 - name : Get tag name
153258 id : get-tag
154259 run : |
155260 VERSION=${GITHUB_REF/refs\/tags\//}
156- echo "::set-output name= VERSION:: ${VERSION#m} "
261+ echo "VERSION= ${VERSION#v}" >> "$GITHUB_OUTPUT "
157262
158263name : Publish to GitHub
159264 uses : softprops/action-gh-release@v1
160265 with :
161266 files : |
162- ./MEDomicsLab-${{ env.VERSION }}-mac.dmg
163- ./MEDomicsLab-PythonEnv-mac.zip
164- name : MEDomicsLab-${{ env.VERSION }}
267+ ./MEDomics-${{ env.VERSION }}-mac.pkg
268+ ./MEDomics-${{ env.VERSION }}-mac.dmg
269+ ./MEDomics-${{ env.VERSION }}-mac.zip
270+ name : MEDomics-${{ env.VERSION }}
165271 body : |
166- MEDomicsLab -${{ env.VERSION }}
167- This is a full release of MEDomicsLab . This release includes the MEDomicsLab application and the Python environment.
272+ MEDomics -${{ env.VERSION }}
273+ This is a full release of MEDomics . This release includes the MEDomics platform and the Python environment.
168274 Refer to the [Documentation](https://medomics-udes.gitbook.io/medomicslab-docs/)
169275 ${{ github.ref }}
170276draft : true
171277 prerelease : false
172278 token : ${{ secrets.GITHUB_TOKEN }}
173279 env :
280+ GH_TOKEN : ${{ secrets.GITHUB_TOKEN }}
281+ GITHUB_TOKEN : ${{ secrets.GITHUB_TOKEN }}
174282 VERSION : ${{ steps.get-tag.outputs.VERSION }}
0 commit comments