GetHub/CleanMM
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 1 Wiki Activity

chore(release): prepare V1.0.2

Browse Source
This commit is contained in:
zhukang
2026-03-14 22:41:05 +08:00
parent 86e6ea1d80
commit 40405f1993
14 changed files with 513 additions and 22 deletions
Download Patch File Download Diff File Expand all files Collapse all files

120
.github/workflows/release.yml vendored
View File

@@ -54,9 +54,102 @@ jobs:
path: bin/*-darwin-*
retention-days: 1
native:
name: Build Native Release
runs-on: macos-latest
outputs:
packaging_mode: ${{ steps.mode.outputs.packaging_mode }}
prerelease: ${{ steps.mode.outputs.prerelease }}
steps:
- name: Checkout code
uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v4
- name: Derive native release version
run: |
echo "ATLAS_VERSION=${GITHUB_REF_NAME#V}" >> "$GITHUB_ENV"
echo "ATLAS_BUILD_NUMBER=${GITHUB_RUN_NUMBER}" >> "$GITHUB_ENV"
- name: Select native packaging mode
id: mode
env:
ATLAS_RELEASE_APP_CERT_P12_BASE64: ${{ secrets.ATLAS_RELEASE_APP_CERT_P12_BASE64 }}
ATLAS_RELEASE_APP_CERT_P12_PASSWORD: ${{ secrets.ATLAS_RELEASE_APP_CERT_P12_PASSWORD }}
ATLAS_RELEASE_INSTALLER_CERT_P12_BASE64: ${{ secrets.ATLAS_RELEASE_INSTALLER_CERT_P12_BASE64 }}
ATLAS_RELEASE_INSTALLER_CERT_P12_PASSWORD: ${{ secrets.ATLAS_RELEASE_INSTALLER_CERT_P12_PASSWORD }}
ATLAS_NOTARY_KEY_ID: ${{ secrets.ATLAS_NOTARY_KEY_ID }}
ATLAS_NOTARY_ISSUER_ID: ${{ secrets.ATLAS_NOTARY_ISSUER_ID }}
ATLAS_NOTARY_API_KEY_BASE64: ${{ secrets.ATLAS_NOTARY_API_KEY_BASE64 }}
run: |
required_vars=(
ATLAS_RELEASE_APP_CERT_P12_BASE64
ATLAS_RELEASE_APP_CERT_P12_PASSWORD
ATLAS_RELEASE_INSTALLER_CERT_P12_BASE64
ATLAS_RELEASE_INSTALLER_CERT_P12_PASSWORD
ATLAS_NOTARY_KEY_ID
ATLAS_NOTARY_API_KEY_BASE64
)
missing_vars=()
for name in "${required_vars[@]}"; do
if [[ -z "${!name:-}" ]]; then
missing_vars+=("$name")
fi
done
if [[ ${#missing_vars[@]} -eq 0 ]]; then
echo "packaging_mode=developer-id" >> "$GITHUB_OUTPUT"
echo "prerelease=false" >> "$GITHUB_OUTPUT"
echo "ATLAS_RELEASE_SIGNING_MODE=developer-id" >> "$GITHUB_ENV"
echo "Using Developer ID release packaging"
else
echo "packaging_mode=development" >> "$GITHUB_OUTPUT"
echo "prerelease=true" >> "$GITHUB_OUTPUT"
echo "ATLAS_RELEASE_SIGNING_MODE=development" >> "$GITHUB_ENV"
printf 'Falling back to development packaging; missing secrets: %s\n' "${missing_vars[*]}"
fi
- name: Configure release signing
if: steps.mode.outputs.packaging_mode == 'developer-id'
env:
ATLAS_RELEASE_APP_CERT_P12_BASE64: ${{ secrets.ATLAS_RELEASE_APP_CERT_P12_BASE64 }}
ATLAS_RELEASE_APP_CERT_P12_PASSWORD: ${{ secrets.ATLAS_RELEASE_APP_CERT_P12_PASSWORD }}
ATLAS_RELEASE_INSTALLER_CERT_P12_BASE64: ${{ secrets.ATLAS_RELEASE_INSTALLER_CERT_P12_BASE64 }}
ATLAS_RELEASE_INSTALLER_CERT_P12_PASSWORD: ${{ secrets.ATLAS_RELEASE_INSTALLER_CERT_P12_PASSWORD }}
ATLAS_NOTARY_KEY_ID: ${{ secrets.ATLAS_NOTARY_KEY_ID }}
ATLAS_NOTARY_ISSUER_ID: ${{ secrets.ATLAS_NOTARY_ISSUER_ID }}
ATLAS_NOTARY_API_KEY_BASE64: ${{ secrets.ATLAS_NOTARY_API_KEY_BASE64 }}
run: ./scripts/atlas/setup-release-signing-ci.sh
- name: Provision local development signing identity
if: steps.mode.outputs.packaging_mode == 'development'
run: ./scripts/atlas/ensure-local-signing-identity.sh
- name: Validate signing prerequisites
if: steps.mode.outputs.packaging_mode == 'developer-id'
run: ./scripts/atlas/signing-preflight.sh
- name: Build and package Atlas native app
run: ./scripts/atlas/package-native.sh
- name: Verify DMG can install to the user Applications folder
run: KEEP_INSTALLED_APP=1 ./scripts/atlas/verify-dmg-install.sh
- name: Upload native release artifacts
uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0
with:
name: atlas-native-release
path: |
dist/native/Atlas-for-Mac.zip
dist/native/Atlas-for-Mac.dmg
dist/native/Atlas-for-Mac.pkg
dist/native/Atlas-for-Mac.sha256
retention-days: 1
release:
name: Publish Release
needs: build
needs:
- build
- native
runs-on: ubuntu-latest
permissions:
contents: write
@@ -70,6 +163,24 @@ jobs:
pattern: binaries-*
merge-multiple: true
- name: Download native release artifacts
uses: actions/download-artifact@70fc10c6e5e1ce46ad2ea6f2b72d43f7d47b13c3 # v8.0.0
with:
name: atlas-native-release
path: bin
- name: Generate release body
run: |
if [[ "${{ needs.native.outputs.packaging_mode }}" == "development" ]]; then
{
echo "Native macOS assets in this tag were packaged in development mode because Developer ID release-signing credentials were not configured for this run."
echo
echo "These \`.zip\`, \`.dmg\`, and \`.pkg\` files are intended for internal testing or developer use. macOS Gatekeeper may require \`Open Anyway\` or a right-click \`Open\` flow before launch."
} > RELEASE_BODY.md
else
echo "Native macOS assets in this tag were packaged in CI using Developer ID signing and notarization, then uploaded alongside the existing command-line release artifacts." > RELEASE_BODY.md
fi
- name: Display structure of downloaded files
run: ls -R bin/
@@ -91,6 +202,10 @@ jobs:
bin/analyze-darwin-*
bin/status-darwin-*
bin/binaries-darwin-*.tar.gz
bin/Atlas-for-Mac.zip
bin/Atlas-for-Mac.dmg
bin/Atlas-for-Mac.pkg
bin/Atlas-for-Mac.sha256
bin/SHA256SUMS
- name: Create Release
@@ -99,6 +214,7 @@ jobs:
with:
name: ${{ github.ref_name }}
files: bin/*
body_path: RELEASE_BODY.md
generate_release_notes: false
draft: false
prerelease: false
prerelease: ${{ needs.native.outputs.prerelease == 'true' }}