CI - Patch latest Sequoia metallib's #30
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: CI - Patch latest Sequoia metallib's | |
on: | |
schedule: | |
- cron: "0 */3 * * *" | |
push: | |
branches: | |
- main | |
concurrency: | |
cancel-in-progress: true | |
group: ${{ github.workflow }}-${{ github.event_name }}-${{ github.ref }} | |
jobs: | |
build: | |
name: CI - Patch latest Sequoia metallib's | |
runs-on: macos-latest | |
env: | |
# PKG Signing | |
ORG_MAC_DEVELOPER_ID_INSTALLER_IDENTITY: ${{ secrets.ORG_MAC_DEVELOPER_ID_INSTALLER_IDENTITY }} | |
# Notarization | |
ORG_MAC_NOTARIZATION_TEAM_ID: ${{ secrets.ORG_MAC_NOTARIZATION_TEAM_ID }} | |
ORG_MAC_NOTARIZATION_APPLE_ID: ${{ secrets.ORG_MAC_NOTARIZATION_APPLE_ID }} | |
ORG_MAC_NOTARIZATION_PASSWORD: ${{ secrets.ORG_MAC_NOTARIZATION_PASSWORD }} | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Set up Python 3.11 | |
uses: actions/setup-python@v2 | |
with: | |
python-version: 3.11 | |
- name: Import Installer Signing Certificate | |
uses: dhinakg/import-codesign-certs@master | |
with: | |
p12-file-base64: ${{ secrets.ORG_MAC_DEVELOPER_ID_INSTALLER_CERT_P12_BASE64 }} | |
p12-password: ${{ secrets.ORG_MAC_DEVELOPER_ID_INSTALLER_CERT_P12_PASSWORD }} | |
- name: Install dependencies | |
run: python3 -m pip install -r requirements.txt | |
- name: Download latest Sequoia IPSW | |
run: echo "IPSW_FILE=$(python3 metallib.py --download --continuous-integration)" >> $GITHUB_OUTPUT | |
id: download | |
- name: Extract system volume | |
if: steps.download.outputs.IPSW_FILE != '' | |
run: echo "DMG_FILE=$(python3 metallib.py --extract ${{ steps.download.outputs.IPSW_FILE }})" >> $GITHUB_OUTPUT | |
id: extract | |
- name: Fetch metal libraries | |
if: steps.extract.outputs.DMG_FILE != '' | |
run: echo "BACKUP_FOLDER=$(python3 metallib.py --fetch ${{ steps.extract.outputs.DMG_FILE }})" >> $GITHUB_OUTPUT | |
id: fetch | |
- name: Patch metal libraries | |
if: steps.fetch.outputs.BACKUP_FOLDER != '' | |
run: python3 metallib.py --patch ${{ steps.fetch.outputs.BACKUP_FOLDER }} | |
- name: Build sys_patch_dict.py | |
if: steps.fetch.outputs.BACKUP_FOLDER != '' | |
run: python3 metallib.py --build-sys-patch ${{ steps.fetch.outputs.BACKUP_FOLDER }} --continuous-integration | |
- name: Build Package | |
if: steps.fetch.outputs.BACKUP_FOLDER != '' | |
run: python3 metallib.py --build-pkg ${{ steps.fetch.outputs.BACKUP_FOLDER }} --pkg-signing-identity "${{env.ORG_MAC_DEVELOPER_ID_INSTALLER_IDENTITY}}" --notarization-team-id "${{env.ORG_MAC_NOTARIZATION_TEAM_ID}}" --notarization-apple-id "${{env.ORG_MAC_NOTARIZATION_APPLE_ID}}" --notarization-password "${{env.ORG_MAC_NOTARIZATION_PASSWORD}}" | |
- name: Upload metal libraries to Artifacts | |
if: steps.fetch.outputs.BACKUP_FOLDER != '' | |
uses: actions/upload-artifact@v3 | |
with: | |
name: MetallibSupportPkg.pkg | |
path: ./MetallibSupportPkg-*.pkg | |
- name: Upload sys_patch_dict.py to Artifacts | |
if: steps.fetch.outputs.BACKUP_FOLDER != '' | |
uses: actions/upload-artifact@v3 | |
with: | |
name: sys_patch_dict.py | |
path: sys_patch_dict.py | |
- name: Upload manifest to Artifacts | |
if: steps.fetch.outputs.BACKUP_FOLDER != '' | |
uses: actions/upload-artifact@v3 | |
with: | |
name: manifest.json | |
path: deploy/manifest.json | |
- name: Sync GitHub Pages | |
if: ${{ github.event_name == 'push' && github.ref == 'refs/heads/main' && steps.fetch.outputs.BACKUP_FOLDER != '' }} | |
uses: JamesIves/github-pages-deploy-action@3.7.1 | |
with: | |
ACCESS_TOKEN: ${{ secrets.ACCESS_TOKEN }} | |
BRANCH: gh-pages | |
FOLDER: deploy/ | |
CLEAN: true | |
- name: Create GitHub release | |
if: ${{ github.event_name == 'push' && github.ref == 'refs/heads/main' && steps.fetch.outputs.BACKUP_FOLDER != '' }} | |
uses: softprops/action-gh-release@v1 | |
with: | |
files: | | |
MetallibSupportPkg-*.pkg | |
sys_patch_dict.py | |
token: ${{ secrets.GITHUB_TOKEN }} | |
tag_name: ${{ steps.fetch.outputs.BACKUP_FOLDER }} |