svrnty/swift-apple-intelligence-grpc
3
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 2 Wiki Activity
7655f1f0b8
swift-apple-intelligence-grpc/.gitea/workflows/release.yml
Mathias Beaulieu-Duncan 8e53dee03c Add CI/CD pipeline and documentation 
- Add Gitea Actions workflow for automated releases
  - Builds release binary
  - Signs app with Developer ID
  - Creates and signs DMG
  - Notarizes with Apple
  - Uploads to release

- Add documentation:
  - macos-runner-setup.md: Self-hosted runner setup guide
  - pipeline-configuration.md: Secrets and pipeline config guide

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2025-12-30 04:35:36 -05:00

151 lines
5.2 KiB
YAML
Raw Blame History

name: Build and Release
on:
release:
types: [created]
jobs:
build:
runs-on: macos-latest
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Setup Swift
uses: swift-actions/setup-swift@v2
with:
swift-version: "6.0"
- name: Install Certificate
env:
APPLE_CERTIFICATE_BASE64: ${{ secrets.APPLE_CERTIFICATE_BASE64 }}
APPLE_CERTIFICATE_PASSWORD: ${{ secrets.APPLE_CERTIFICATE_PASSWORD }}
run: |
# Create temporary keychain
KEYCHAIN_PATH=$RUNNER_TEMP/app-signing.keychain-db
KEYCHAIN_PASSWORD=$(openssl rand -base64 32)
security create-keychain -p "$KEYCHAIN_PASSWORD" "$KEYCHAIN_PATH"
security set-keychain-settings -lut 21600 "$KEYCHAIN_PATH"
security unlock-keychain -p "$KEYCHAIN_PASSWORD" "$KEYCHAIN_PATH"
# Import certificate
CERTIFICATE_PATH=$RUNNER_TEMP/certificate.p12
echo "$APPLE_CERTIFICATE_BASE64" | base64 --decode > "$CERTIFICATE_PATH"
security import "$CERTIFICATE_PATH" \
-P "$APPLE_CERTIFICATE_PASSWORD" \
-A -t cert -f pkcs12 \
-k "$KEYCHAIN_PATH"
security list-keychain -d user -s "$KEYCHAIN_PATH"
# Allow codesign to access keychain
security set-key-partition-list -S apple-tool:,apple:,codesign: \
-s -k "$KEYCHAIN_PASSWORD" "$KEYCHAIN_PATH"
- name: Build Release Binary
run: swift build -c release --product AppleIntelligenceApp
- name: Create App Bundle
run: |
APP_NAME="Apple Intelligence Server"
VERSION="${GITHUB_REF_NAME#v}"
mkdir -p "dist/$APP_NAME.app/Contents/MacOS"
mkdir -p "dist/$APP_NAME.app/Contents/Resources"
cp .build/release/AppleIntelligenceApp "dist/$APP_NAME.app/Contents/MacOS/$APP_NAME"
cat > "dist/$APP_NAME.app/Contents/Info.plist" << EOF
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>CFBundleExecutable</key>
<string>$APP_NAME</string>
<key>CFBundleIdentifier</key>
<string>com.svrnty.apple-intelligence-server</string>
<key>CFBundleName</key>
<string>$APP_NAME</string>
<key>CFBundlePackageType</key>
<string>APPL</string>
<key>CFBundleShortVersionString</key>
<string>$VERSION</string>
<key>CFBundleVersion</key>
<string>1</string>
<key>LSMinimumSystemVersion</key>
<string>26.0</string>
<key>LSUIElement</key>
<true/>
<key>NSHighResolutionCapable</key>
<true/>
<key>NSLocalNetworkUsageDescription</key>
<string>Apple Intelligence Server needs local network access to accept connections from other devices.</string>
<key>NSPrincipalClass</key>
<string>NSApplication</string>
</dict>
</plist>
EOF
echo -n "APPL????" > "dist/$APP_NAME.app/Contents/PkgInfo"
- name: Sign App
run: |
codesign --deep --force --verify --verbose \
--options runtime \
--sign "Developer ID Application: Mathias Beaulieu-Duncan (LD76P8L42W)" \
"dist/Apple Intelligence Server.app"
- name: Create DMG
run: |
VERSION="${GITHUB_REF_NAME#v}"
mkdir -p dist/dmg-temp
cp -R "dist/Apple Intelligence Server.app" dist/dmg-temp/
ln -s /Applications dist/dmg-temp/Applications
hdiutil create -volname "Apple Intelligence Server" \
-srcfolder dist/dmg-temp \
-ov -format UDRW dist/temp.dmg
hdiutil convert dist/temp.dmg -format UDZO \
-o "dist/AppleIntelligenceServer-$VERSION.dmg"
rm -rf dist/dmg-temp dist/temp.dmg
- name: Sign DMG
run: |
VERSION="${GITHUB_REF_NAME#v}"
codesign --force \
--sign "Developer ID Application: Mathias Beaulieu-Duncan (LD76P8L42W)" \
"dist/AppleIntelligenceServer-$VERSION.dmg"
- name: Notarize DMG
env:
APPLE_ID: ${{ secrets.APPLE_ID }}
APPLE_APP_PASSWORD: ${{ secrets.APPLE_APP_PASSWORD }}
APPLE_TEAM_ID: ${{ secrets.APPLE_TEAM_ID }}
run: |
VERSION="${GITHUB_REF_NAME#v}"
xcrun notarytool submit "dist/AppleIntelligenceServer-$VERSION.dmg" \
--apple-id "$APPLE_ID" \
--password "$APPLE_APP_PASSWORD" \
--team-id "$APPLE_TEAM_ID" \
--wait
- name: Staple DMG
run: |
VERSION="${GITHUB_REF_NAME#v}"
xcrun stapler staple "dist/AppleIntelligenceServer-$VERSION.dmg"
- name: Upload to Release
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: |
VERSION="${GITHUB_REF_NAME#v}"
gh release upload "$GITHUB_REF_NAME" \
"dist/AppleIntelligenceServer-$VERSION.dmg" \
--clobber
Reference in New Issue View Git Blame Copy Permalink