Release 0.41.0 #45
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: 🌍 Release | |
| run-name: Release ${{ github.ref_name }} | |
| on: | |
| workflow_dispatch: | |
| release: | |
| types: [published] | |
| permissions: | |
| contents: write | |
| jobs: | |
| release-nuget: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Setup .NET | |
| uses: actions/setup-dotnet@v4 | |
| with: | |
| dotnet-version: 10.0.100 | |
| - name: Download GitHub release artifacts | |
| uses: robinraju/release-downloader@v1.11 | |
| with: | |
| tag: ${{ github.ref_name }} | |
| fileName: '*.nupkg' | |
| - name: Push packages to NuGet | |
| run: | | |
| shopt -s nullglob | |
| for pkg in ./*.nupkg; do | |
| dotnet nuget push "$pkg" --skip-duplicate --api-key "${{ secrets.NUGET_KEY }}" --source https://api.nuget.org/v3/index.json | |
| done | |
| publish-vscode-extension: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Setup Node.js | |
| uses: actions/setup-node@v4 | |
| with: | |
| node-version: '22' | |
| - name: Download VSIX artifact | |
| uses: robinraju/release-downloader@v1.11 | |
| with: | |
| tag: ${{ github.ref_name }} | |
| fileName: '*.vsix' | |
| - name: Install extension publishing tools | |
| run: npm install -g @vscode/vsce@3.5 ovsx@0.9 | |
| - name: Publish to VS Code Marketplace | |
| shell: bash | |
| run: | | |
| VSIX_FILE=$(ls -1 *.vsix | head -n 1) | |
| if [ -z "$VSIX_FILE" ]; then | |
| echo "No VSIX artifact found in release assets." | |
| exit 1 | |
| fi | |
| vsce publish --packagePath "$VSIX_FILE" --pat "${{ secrets.VSCE_TOKEN }}" | |
| - name: Publish to Open VSX | |
| shell: bash | |
| run: | | |
| VSIX_FILE=$(ls -1 *.vsix | head -n 1) | |
| if [ -z "$VSIX_FILE" ]; then | |
| echo "No VSIX artifact found in release assets." | |
| exit 1 | |
| fi | |
| ovsx publish "$VSIX_FILE" --pat "${{ secrets.OPEN_VSX_TOKEN }}" | |
| sign-and-notarize: | |
| runs-on: macos-latest | |
| steps: | |
| - name: Download unsigned macOS artifacts | |
| uses: robinraju/release-downloader@v1.11 | |
| with: | |
| tag: ${{ github.ref_name }} | |
| fileName: 'fscript-*-darwin-unsigned.zip' | |
| - name: Extract binaries | |
| run: | | |
| mkdir -p .out/darwin | |
| unzip -d .out/darwin fscript-${{ github.ref_name }}-darwin-unsigned.zip | |
| test -f .out/darwin/entitlements.plist | |
| - name: Add cert to keychain | |
| uses: apple-actions/import-codesign-certs@v3 | |
| with: | |
| p12-file-base64: ${{ secrets.MAC_CERT_BASE64 }} | |
| p12-password: ${{ secrets.MAC_CERT_PASSWORD }} | |
| - name: Sign binaries | |
| run: | | |
| codesign --force --timestamp --sign "Developer ID Application: Magnus Opera (${{ secrets.MAC_DEV_TEAM_ID }})" .out/darwin/arm64/fscript --options=runtime --no-strict --entitlements .out/darwin/entitlements.plist --identifier "${{ secrets.MAC_CERT_BUNDLE_ID }}.arm64" | |
| codesign --force --timestamp --sign "Developer ID Application: Magnus Opera (${{ secrets.MAC_DEV_TEAM_ID }})" .out/darwin/x64/fscript --options=runtime --no-strict --entitlements .out/darwin/entitlements.plist --identifier "${{ secrets.MAC_CERT_BUNDLE_ID }}.x64" | |
| (cd .out/darwin/arm64; zip ../fscript-${{ github.ref_name }}-darwin-arm64.zip ./*) | |
| (cd .out/darwin/x64; zip ../fscript-${{ github.ref_name }}-darwin-x64.zip ./*) | |
| - name: Notarize arm64 | |
| uses: GuillaumeFalourd/notary-tools@v1 | |
| timeout-minutes: 10 | |
| with: | |
| product_path: '.out/darwin/fscript-${{ github.ref_name }}-darwin-arm64.zip' | |
| apple_id: ${{ secrets.MAC_DEV_LOGIN }} | |
| password: ${{ secrets.MAC_DEV_PASSWORD }} | |
| team_id: ${{ secrets.MAC_DEV_TEAM_ID }} | |
| xcode_path: '/Applications/Xcode_16.4.app' | |
| staple: false | |
| - name: Notarize x64 | |
| uses: GuillaumeFalourd/notary-tools@v1 | |
| timeout-minutes: 10 | |
| with: | |
| product_path: '.out/darwin/fscript-${{ github.ref_name }}-darwin-x64.zip' | |
| apple_id: ${{ secrets.MAC_DEV_LOGIN }} | |
| password: ${{ secrets.MAC_DEV_PASSWORD }} | |
| team_id: ${{ secrets.MAC_DEV_TEAM_ID }} | |
| xcode_path: '/Applications/Xcode_16.4.app' | |
| staple: false | |
| - name: Upload signed macOS artifacts | |
| uses: softprops/action-gh-release@v2 | |
| with: | |
| tag_name: ${{ github.ref_name }} | |
| files: | | |
| .out/darwin/fscript-${{ github.ref_name }}-darwin-arm64.zip | |
| .out/darwin/fscript-${{ github.ref_name }}-darwin-x64.zip | |
| - name: Remove unsigned macOS artifact | |
| uses: actions/github-script@v7 | |
| with: | |
| script: | | |
| const tag = context.ref.replace('refs/tags/', ''); | |
| const unsignedName = `fscript-${tag}-darwin-unsigned.zip`; | |
| const { data: release } = await github.rest.repos.getReleaseByTag({ | |
| owner: context.repo.owner, | |
| repo: context.repo.repo, | |
| tag, | |
| }); | |
| const asset = release.assets.find(a => a.name === unsignedName); | |
| if (!asset) { | |
| core.info(`Unsigned artifact not found: ${unsignedName}`); | |
| return; | |
| } | |
| await github.rest.repos.deleteReleaseAsset({ | |
| owner: context.repo.owner, | |
| repo: context.repo.repo, | |
| asset_id: asset.id, | |
| }); | |
| core.info(`Deleted unsigned artifact: ${unsignedName}`); | |
| update-homebrew-tap: | |
| uses: ./.github/workflows/release-homebrew-tap.yml | |
| needs: | |
| - release-nuget | |
| - publish-vscode-extension | |
| - sign-and-notarize | |
| with: | |
| ref: ${{ github.ref }} | |
| version: ${{ github.ref_name }} | |
| dry-run: false | |
| secrets: inherit |