Bump version to 0.5.2 #33

Workflow file for this run

.github/workflows/release.yml at edaaeb3

	name: Release

	on:
	push:
	tags:
	- "v*"
	workflow_dispatch:

	permissions:
	contents: write

	concurrency:
	group: release-${{ github.ref }}
	cancel-in-progress: false

	jobs:
	build-and-release:
	runs-on: macos-26
	timeout-minutes: 30
	env:
	APP_PATH: /tmp/octodot-export/Octodot.app
	XCARCHIVE_PATH: /tmp/Octodot.xcarchive
	EXPORT_PATH: /tmp/octodot-export
	EXPORT_OPTIONS_PLIST: /tmp/OctodotExportOptions.plist
	ARCHIVE_PATH: /tmp/Octodot-${{ github.ref_name }}-unsigned.zip
	FINAL_ARCHIVE_PATH: Octodot-${{ github.ref_name }}-macos.zip
	KEYCHAIN_PATH: /tmp/octodot-build.keychain-db
	KEYCHAIN_PROFILE: octodot-notary

	steps:
	- name: Check out repository
	uses: actions/checkout@v4
	with:
	fetch-depth: 0

	- name: Show Xcode version
	run: xcodebuild -version

	- name: Resolve release version
	run: \|
	echo "RELEASE_MARKETING_VERSION=${GITHUB_REF_NAME#v}" >> "$GITHUB_ENV"
	echo "RELEASE_BUILD_NUMBER=${GITHUB_RUN_NUMBER}" >> "$GITHUB_ENV"

	- name: Run test suite
	run: \|
	xcodebuild test \
	-project Octodot.xcodeproj \
	-scheme Octodot \
	-destination 'platform=macOS,arch=arm64' \
	-derivedDataPath .deriveddata \
	MARKETING_VERSION="$RELEASE_MARKETING_VERSION" \
	CURRENT_PROJECT_VERSION="$RELEASE_BUILD_NUMBER"

	- name: Import Developer ID certificate
	env:
	APPLE_CERTIFICATE_BASE64: ${{ secrets.APPLE_CERTIFICATE_BASE64 }}
	APPLE_CERTIFICATE_PASSWORD: ${{ secrets.APPLE_CERTIFICATE_PASSWORD }}
	APPLE_SIGNING_IDENTITY: ${{ secrets.APPLE_SIGNING_IDENTITY }}
	run: \|
	test -n "$APPLE_CERTIFICATE_BASE64"
	test -n "$APPLE_CERTIFICATE_PASSWORD"
	test -n "$APPLE_SIGNING_IDENTITY"

	CERTIFICATE_PATH=/tmp/octodot-developer-id.p12
	KEYCHAIN_PASSWORD="$(uuidgen)"

	printf '%s' "$APPLE_CERTIFICATE_BASE64" \| base64 -D > "$CERTIFICATE_PATH"
	security create-keychain -p "$KEYCHAIN_PASSWORD" "$KEYCHAIN_PATH"
	security set-keychain-settings -lut 21600 "$KEYCHAIN_PATH"
	security unlock-keychain -p "$KEYCHAIN_PASSWORD" "$KEYCHAIN_PATH"
	security import "$CERTIFICATE_PATH" \
	-k "$KEYCHAIN_PATH" \
	-P "$APPLE_CERTIFICATE_PASSWORD" \
	-T /usr/bin/codesign \
	-T /usr/bin/security \
	-T /usr/bin/xcrun
	security set-key-partition-list -S apple-tool:,apple:,codesign: -s -k "$KEYCHAIN_PASSWORD" "$KEYCHAIN_PATH"
	security list-keychains -d user -s "$KEYCHAIN_PATH"
	security default-keychain -d user -s "$KEYCHAIN_PATH"
	echo "KEYCHAIN_PASSWORD=$KEYCHAIN_PASSWORD" >> "$GITHUB_ENV"

	- name: Create export options plist
	env:
	APPLE_SIGNING_IDENTITY: ${{ secrets.APPLE_SIGNING_IDENTITY }}
	APPLE_TEAM_ID: ${{ secrets.APPLE_TEAM_ID }}
	run: \|
	cat > "$EXPORT_OPTIONS_PLIST" <<EOF
	<?xml version="1.0" encoding="UTF-8"?>
	<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
	<plist version="1.0">
	<dict>
	<key>method</key>
	<string>developer-id</string>
	<key>signingCertificate</key>
	<string>${APPLE_SIGNING_IDENTITY}</string>
	<key>teamID</key>
	<string>${APPLE_TEAM_ID}</string>
	</dict>
	</plist>
	EOF

	- name: Archive signed release app
	env:
	APPLE_SIGNING_IDENTITY: ${{ secrets.APPLE_SIGNING_IDENTITY }}
	APPLE_TEAM_ID: ${{ secrets.APPLE_TEAM_ID }}
	run: \|
	test -n "$APPLE_SIGNING_IDENTITY"
	test -n "$APPLE_TEAM_ID"

	xcodebuild archive \
	-project Octodot.xcodeproj \
	-scheme Octodot \
	-configuration Release \
	-destination 'generic/platform=macOS' \
	-derivedDataPath .deriveddata-release \
	-archivePath "$XCARCHIVE_PATH" \
	MARKETING_VERSION="$RELEASE_MARKETING_VERSION" \
	CURRENT_PROJECT_VERSION="$RELEASE_BUILD_NUMBER" \
	CODE_SIGN_STYLE=Manual \
	CODE_SIGN_IDENTITY="$APPLE_SIGNING_IDENTITY" \
	DEVELOPMENT_TEAM="$APPLE_TEAM_ID" \
	OTHER_CODE_SIGN_FLAGS="--timestamp"

	- name: Export Developer ID app
	run: \|
	rm -rf "$EXPORT_PATH"
	xcodebuild -exportArchive \
	-archivePath "$XCARCHIVE_PATH" \
	-exportPath "$EXPORT_PATH" \
	-exportOptionsPlist "$EXPORT_OPTIONS_PLIST"

	- name: Verify signed app
	run: \|
	codesign --verify --deep --strict --verbose=2 "$APP_PATH"
	codesign --display --verbose=4 "$APP_PATH"

	- name: Store notarization credentials
	env:
	APPLE_ID: ${{ secrets.APPLE_ID }}
	APPLE_APP_SPECIFIC_PASSWORD: ${{ secrets.APPLE_APP_SPECIFIC_PASSWORD }}
	APPLE_TEAM_ID: ${{ secrets.APPLE_TEAM_ID }}
	run: \|
	test -n "$APPLE_ID"
	test -n "$APPLE_APP_SPECIFIC_PASSWORD"
	test -n "$APPLE_TEAM_ID"
	xcrun notarytool store-credentials "$KEYCHAIN_PROFILE" \
	--apple-id "$APPLE_ID" \
	--team-id "$APPLE_TEAM_ID" \
	--password "$APPLE_APP_SPECIFIC_PASSWORD" \
	--keychain "$KEYCHAIN_PATH"

	- name: Create notarization archive
	run: \|
	ditto -c -k --sequesterRsrc --keepParent \
	"$APP_PATH" \
	"$ARCHIVE_PATH"

	- name: Submit for notarization
	run: \|
	xcrun notarytool submit "$ARCHIVE_PATH" \
	--keychain-profile "$KEYCHAIN_PROFILE" \
	--keychain "$KEYCHAIN_PATH" \
	--wait \
	--output-format json \| tee /tmp/notary-submit-output.json

	- name: Show notarization submission output
	if: always()
	run: \|
	cat /tmp/notary-submit-output.json

	- name: Fetch notarization log on rejection
	run: \|
	submission_id="$(/usr/bin/plutil -extract id raw -o - /tmp/notary-submit-output.json)"
	status="$(/usr/bin/plutil -extract status raw -o - /tmp/notary-submit-output.json)"

	if [ "$status" = "Accepted" ]; then
	exit 0
	fi

	echo "Notarization status: $status"
	xcrun notarytool log "$submission_id" \
	--keychain-profile "$KEYCHAIN_PROFILE" \
	--keychain "$KEYCHAIN_PATH" \
	/tmp/notary-log.json
	cat /tmp/notary-log.json
	exit 1

	- name: Staple notarization ticket
	run: \|
	for attempt in $(seq 1 20); do
	if xcrun stapler staple "$APP_PATH"; then
	break
	fi

	if [ "$attempt" -eq 20 ]; then
	exit 65
	fi

	echo "Stapler ticket not available yet; retrying in 15 seconds (attempt $attempt/20)..."
	sleep 15
	done
	xcrun stapler validate "$APP_PATH"
	spctl --assess --type execute --verbose=4 "$APP_PATH"

	- name: Package signed release app
	env:
	TAG_NAME: ${{ github.ref_name }}
	run: \|
	ditto -c -k --sequesterRsrc --keepParent \
	"$APP_PATH" \
	"$FINAL_ARCHIVE_PATH"

	- name: Generate release notes
	env:
	TAG_NAME: ${{ github.ref_name }}
	GITHUB_REPOSITORY: ${{ github.repository }}
	run: \|
	chmod +x scripts/generate_release_notes.sh
	scripts/generate_release_notes.sh "${TAG_NAME}" RELEASE_NOTES.md

	- name: Publish GitHub release
	uses: softprops/action-gh-release@v2
	with:
	files: ${{ env.FINAL_ARCHIVE_PATH }}
	body_path: RELEASE_NOTES.md

	- name: Clean up signing keychain
	if: always()
	run: \|
	security delete-keychain "$KEYCHAIN_PATH" \|\| true

	update-homebrew:
	needs: build-and-release
	runs-on: ubuntu-latest
	timeout-minutes: 5
	steps:
	- name: Update Homebrew cask
	env:
	TAP_TOKEN: ${{ secrets.HOMEBREW_TAP_TOKEN }}
	run: \|
	VERSION="${GITHUB_REF_NAME#v}"
	URL="https://github.com/jasonlong/octodot/releases/download/v${VERSION}/Octodot-v${VERSION}-macos.zip"
	SHA256=$(curl -sL "$URL" \| shasum -a 256 \| awk '{print $1}')

	git clone https://x-access-token:${TAP_TOKEN}@github.com/jasonlong/homebrew-tap.git tap
	cd tap

	cat > Casks/octodot.rb << CASK
	cask "octodot" do
	version "${VERSION}"
	sha256 "${SHA256}"

	url "https://github.com/jasonlong/octodot/releases/download/v#{version}/Octodot-v#{version}-macos.zip"
	name "Octodot"
	desc "GitHub notifications in the macOS menu bar"
	homepage "https://github.com/jasonlong/octodot"

	depends_on macos: ">= :ventura"

	preflight do
	system_command "/usr/bin/xattr",
	args: ["-cr", "#{staged_path}/Octodot.app"]
	end

	app "Octodot.app"

	zap trash: [
	"~/Library/Application Support/Octodot",
	"~/Library/Preferences/com.octodot.app.plist",
	]
	end
	CASK

	git config user.name "github-actions[bot]"
	git config user.email "github-actions[bot]@users.noreply.github.com"
	git add Casks/octodot.rb
	git commit -m "Update octodot to ${VERSION}"
	git push

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Bump version to 0.5.2 #33

Workflow file

Bump version to 0.5.2 #33

Uh oh!

Workflow file for this run