1717 XCODE_PROJECT : TablePro.xcodeproj
1818
1919jobs :
20+ resolve-tags :
21+ name : Resolve Plugin Tags
22+ runs-on : ubuntu-latest
23+ outputs :
24+ matrix : ${{ steps.tags.outputs.matrix }}
25+ steps :
26+ - id : tags
27+ run : |
28+ if [ -n "${{ inputs.tags }}" ]; then
29+ IFS=',' read -ra TAGS <<< "${{ inputs.tags }}"
30+ else
31+ TAGS=("${{ github.ref_name }}")
32+ fi
33+ JSON='{"include":['
34+ FIRST=true
35+ for TAG in "${TAGS[@]}"; do
36+ TAG=$(echo "$TAG" | xargs)
37+ if [ "$FIRST" = true ]; then FIRST=false; else JSON+=','; fi
38+ JSON+="{\"tag\":\"$TAG\"}"
39+ done
40+ JSON+=']}'
41+ echo "matrix=$JSON" >> "$GITHUB_OUTPUT"
42+ echo "Matrix: $JSON"
43+
2044build-plugin :
21- name : Build Plugin
22- runs-on : self-hosted
23- timeout-minutes : 60
45+ name : " Build ${{ matrix.tag }}"
46+ needs : resolve-tags
47+ runs-on : macos-latest
48+ timeout-minutes : 30
49+ strategy :
50+ matrix : ${{ fromJson(needs.resolve-tags.outputs.matrix) }}
51+ fail-fast : false
2452
2553 steps :
26- - name : Install Git LFS
27- run : brew list git-lfs &>/dev/null || brew install git-lfs; git lfs install
28-
2954 - name : Checkout code
3055 uses : actions/checkout@v4
3156 with :
@@ -34,17 +59,44 @@ jobs:
3459 - name : Pull LFS files
3560 run : git lfs pull
3661
37- - name : Build and release plugins
62+ - name : Select Xcode 16.2
63+ uses : maxim-lobanov/setup-xcode@v1
64+ with :
65+ xcode-version : " 16.2"
66+
67+ - name : Import signing certificate
68+ env :
69+ CERTIFICATES_P12 : ${{ secrets.CERTIFICATES_P12 }}
70+ CERTIFICATES_PASSWORD : ${{ secrets.CERTIFICATES_PASSWORD }}
71+ run : |
72+ KEYCHAIN_PATH=$RUNNER_TEMP/app-signing.keychain-db
73+ security create-keychain -p "" "$KEYCHAIN_PATH"
74+ security set-keychain-settings -lut 21600 "$KEYCHAIN_PATH"
75+ security unlock-keychain -p "" "$KEYCHAIN_PATH"
76+ echo "$CERTIFICATES_P12" | base64 --decode > $RUNNER_TEMP/certificate.p12
77+ security import $RUNNER_TEMP/certificate.p12 -P "$CERTIFICATES_PASSWORD" \
78+ -A -t cert -f pkcs12 -k "$KEYCHAIN_PATH"
79+ security set-key-partition-list -S apple-tool:,apple: -k "" "$KEYCHAIN_PATH"
80+ security list-keychain -d user -s "$KEYCHAIN_PATH" login.keychain
81+
82+ name : Configure notarization
83+ env :
84+ APPLE_ID : ${{ secrets.APPLE_ID }}
85+ APPLE_TEAM_ID : ${{ secrets.APPLE_TEAM_ID }}
86+ NOTARY_PASSWORD : ${{ secrets.NOTARY_PASSWORD }}
87+ run : |
88+ xcrun notarytool store-credentials "TablePro" \
89+ --apple-id "$APPLE_ID" \
90+ --team-id "$APPLE_TEAM_ID" \
91+ --password "$NOTARY_PASSWORD"
92+
93+ name : Build and release plugin
3894 env :
3995 REGISTRY_DEPLOY_KEY : ${{ secrets.REGISTRY_DEPLOY_KEY }}
4096 GH_TOKEN : ${{ github.token }}
4197 run : |
42- # Build tag list: from input (comma-separated) or from push event (single tag)
43- if [ -n "${{ inputs.tags }}" ]; then
44- IFS=',' read -ra TAGS <<< "${{ inputs.tags }}"
45- else
46- TAGS=("${{ github.ref_name }}")
47- fi
98+ TAG="${{ matrix.tag }}"
99+ echo "Processing: $TAG"
48100
49101 # Get current app version for minAppVersion
50102 MIN_APP_VERSION=$(sed -n 's/.*MARKETING_VERSION = \(.*\);/\1/p' \
@@ -112,46 +164,37 @@ jobs:
112164 esac
113165 }
114166
115- for TAG in "${TAGS[@]}"; do
116- TAG=$(echo "$TAG" | xargs) # trim whitespace
117- echo ""
118- echo "========================================"
119- echo "Processing: $TAG"
120- echo "========================================"
121-
122- PLUGIN_NAME=$(echo "$TAG" | sed -E 's/^plugin-([a-z]+)-v.*$/\1/')
123- VERSION=$(echo "$TAG" | sed -E 's/^plugin-[a-z]+-v(.*)$/\1/')
124-
125- resolve_plugin_info "$PLUGIN_NAME" || continue
126-
127- echo "Building $TARGET v$VERSION"
128-
129- # Build Cassandra dependencies if needed
130- if [ "$PLUGIN_NAME" = "cassandra" ]; then
131- ./scripts/build-cassandra.sh both
132- fi
133-
134- # Build both architectures
135- ./scripts/build-plugin.sh "$TARGET" arm64
136- ./scripts/build-plugin.sh "$TARGET" x86_64
137-
138- # Capture SHA-256
139- ARM64_SHA=$(cat "build/Plugins/${BUNDLE_NAME}-arm64.zip.sha256")
140- X86_SHA=$(cat "build/Plugins/${BUNDLE_NAME}-x86_64.zip.sha256")
141-
142- # Notarize if enabled
143- if [ "${NOTARIZE_PLUGINS:-}" = "true" ]; then
144- for zip in build/Plugins/${BUNDLE_NAME}-*.zip; do
145- xcrun notarytool submit "$zip" \
146- --apple-id "$APPLE_ID" \
147- --team-id "D7HJ5TFYCU" \
148- --keychain-profile "notarytool-profile" \
149- --wait
150- done
151- fi
152-
153- # Create GitHub Release
154- RELEASE_BODY="## $DISPLAY_NAME v$VERSION
167+ PLUGIN_NAME=$(echo "$TAG" | sed -E 's/^plugin-([a-z]+)-v.*$/\1/')
168+ VERSION=$(echo "$TAG" | sed -E 's/^plugin-[a-z]+-v(.*)$/\1/')
169+
170+ resolve_plugin_info "$PLUGIN_NAME"
171+
172+ echo "Building $TARGET v$VERSION"
173+
174+ # Build Cassandra dependencies if needed
175+ if [ "$PLUGIN_NAME" = "cassandra" ]; then
176+ ./scripts/build-cassandra.sh both
177+ fi
178+
179+ # Build both architectures
180+ ./scripts/build-plugin.sh "$TARGET" arm64
181+ ./scripts/build-plugin.sh "$TARGET" x86_64
182+
183+ # Capture SHA-256
184+ ARM64_SHA=$(cat "build/Plugins/${BUNDLE_NAME}-arm64.zip.sha256")
185+ X86_SHA=$(cat "build/Plugins/${BUNDLE_NAME}-x86_64.zip.sha256")
186+
187+ # Notarize if enabled
188+ if [ "${NOTARIZE_PLUGINS:-}" = "true" ]; then
189+ for zip in build/Plugins/${BUNDLE_NAME}-*.zip; do
190+ xcrun notarytool submit "$zip" \
191+ --keychain-profile "TablePro" \
192+ --wait
193+ done
194+ fi
195+
196+ # Create GitHub Release
197+ RELEASE_BODY="## $DISPLAY_NAME v$VERSION
155198
156199 Plugin release for TablePro.
157200
@@ -162,33 +205,33 @@ jobs:
162205 - ARM64: \`$ARM64_SHA\`
163206 - x86_64: \`$X86_SHA\`"
164207
165- # Delete existing release if any, then create
166- gh release delete "$TAG" --yes 2>/dev/null || true
167- gh release create "$TAG" \
168- --title "$DISPLAY_NAME v$VERSION" \
169- --notes "$RELEASE_BODY" \
170- build/Plugins/${BUNDLE_NAME}-arm64.zip \
171- build/Plugins/${BUNDLE_NAME}-x86_64.zip
172-
173- # Update plugin registry
174- if [ -n "${REGISTRY_DEPLOY_KEY:-}" ]; then
175- ARM64_URL="https://github.com/${{ github.repository }}/releases/download/${TAG}/${BUNDLE_NAME}-arm64.zip"
176- X86_64_URL="https://github.com/${{ github.repository }}/releases/download/${TAG}/${BUNDLE_NAME}-x86_64.zip"
177-
178- WORK=$(mktemp -d)
179- eval "$(ssh-agent -s)"
180- echo "$REGISTRY_DEPLOY_KEY" | ssh-add -
181-
182- git clone git@github.com:datlechin/tablepro-plugins.git "$WORK/registry"
183- cd "$WORK/registry"
184- git pull --rebase origin main
185-
186- python3 - \
187- "$BUNDLE_ID" "$DISPLAY_NAME" "$VERSION" "$SUMMARY" \
188- "$DB_TYPE_IDS" "$ARM64_URL" "$ARM64_SHA" \
189- "$X86_64_URL" "$X86_SHA" "$MIN_APP_VERSION" \
190- "$ICON" "$HOMEPAGE" "$CATEGORY" \
191- <<'PYTHON_SCRIPT'
208+ # Delete existing release if any, then create
209+ gh release delete "$TAG" --yes 2>/dev/null || true
210+ gh release create "$TAG" \
211+ --title "$DISPLAY_NAME v$VERSION" \
212+ --notes "$RELEASE_BODY" \
213+ build/Plugins/${BUNDLE_NAME}-arm64.zip \
214+ build/Plugins/${BUNDLE_NAME}-x86_64.zip
215+
216+ # Update plugin registry
217+ if [ -n "${REGISTRY_DEPLOY_KEY:-}" ]; then
218+ ARM64_URL="https://github.com/${{ github.repository }}/releases/download/${TAG}/${BUNDLE_NAME}-arm64.zip"
219+ X86_64_URL="https://github.com/${{ github.repository }}/releases/download/${TAG}/${BUNDLE_NAME}-x86_64.zip"
220+
221+ WORK=$(mktemp -d)
222+ eval "$(ssh-agent -s)"
223+ echo "$REGISTRY_DEPLOY_KEY" | ssh-add -
224+
225+ git clone git@github.com:datlechin/tablepro-plugins.git "$WORK/registry"
226+ cd "$WORK/registry"
227+ git pull --rebase origin main
228+
229+ python3 - \
230+ "$BUNDLE_ID" "$DISPLAY_NAME" "$VERSION" "$SUMMARY" \
231+ "$DB_TYPE_IDS" "$ARM64_URL" "$ARM64_SHA" \
232+ "$X86_64_URL" "$X86_SHA" "$MIN_APP_VERSION" \
233+ "$ICON" "$HOMEPAGE" "$CATEGORY" \
234+ <<'PYTHON_SCRIPT'
192235 import json, sys
193236
194237 bundle_id, name, version, summary = sys.argv[1:5]
@@ -225,25 +268,16 @@ jobs:
225268 f.write("\n")
226269 PYTHON_SCRIPT
227270
228- git config user.name "github-actions[bot]"
229- git config user.email "github-actions[bot]@users.noreply.github.com"
230- git add plugins.json
231- git commit -m "Update $DISPLAY_NAME to v$VERSION"
232- git push
271+ git config user.name "github-actions[bot]"
272+ git config user.email "github-actions[bot]@users.noreply.github.com"
273+ git add plugins.json
274+ git commit -m "Update $DISPLAY_NAME to v$VERSION"
275+ git push
233276
234- ssh-add -D
235- eval "$(ssh-agent -k)"
236- cd -
237- rm -rf "$WORK"
238- fi
239-
240- # Clean plugin build artifacts for next iteration
241- rm -f build/Plugins/${BUNDLE_NAME}-*.zip build/Plugins/${BUNDLE_NAME}-*.sha256
242-
243- echo "✅ $DISPLAY_NAME v$VERSION released"
244- done
277+ ssh-add -D
278+ eval "$(ssh-agent -k)"
279+ cd -
280+ rm -rf "$WORK"
281+ fi
245282
246- echo ""
247- echo "========================================"
248- echo "All plugins processed!"
249- echo "========================================"
283+ echo "$DISPLAY_NAME v$VERSION released"
0 commit comments