Desktop package apps #42

Workflow file for this run

.github/workflows/desktop_make.yml at 3435c9e

	name: Desktop package apps
	on:
	workflow_dispatch:
	inputs:
	macOS:
	description: 'MacOS'
	required: false
	type: boolean
	windows:
	description: 'Windows'
	required: false
	type: boolean
	linux:
	description: 'Linux'
	required: false
	type: boolean

	concurrency:
	group: desktop-packaging-${{ github.ref }}
	cancel-in-progress: false

	jobs:
	package-macos:
	name: Package macOS app
	if: ${{ inputs.macOS }}
	runs-on: macos-latest
	env:
	ORGANIZATION: ooni
	steps:
	- name: Checkout
	uses: actions/checkout@v4

	- name: Setup (repo action)
	uses: ./.github/actions/setup
	with:
	java_version: '23'

	- name: Cache Gradle
	uses: actions/cache@v4
	with:
	path: \|
	~/.gradle/caches
	~/.gradle/wrapper
	key: ${{ runner.os }}-gradle-${{ hashFiles('gradle/wrapper/gradle-wrapper.properties') }}-${{ hashFiles('/gradle.properties','/.gradle','/.gradle.kts') }}
	restore-keys: \|
	${{ runner.os }}-gradle-

	- name: Install the Apple certificate and provisioning profile
	env:
	APPLE_CERTIFICATE: ${{ secrets.APPLE_CERTIFICATE }}
	P12_PASSWORD: ${{ secrets.APPLE_CERTIFICATE_PASSWORD }}
	run: \|
	# create variables
	CERTIFICATE_PATH=$RUNNER_TEMP/build_certificate.p12
	PP_PATH=$RUNNER_TEMP/build_pp.mobileprovision
	KEYCHAIN_PATH=$RUNNER_TEMP/app-signing.keychain-db
	KEYCHAIN_PASSWORD=temporary # not relevant, since it's a single-use keychain

	# import certificate profile from secrets
	echo -n "$APPLE_CERTIFICATE" \| base64 --decode -o $CERTIFICATE_PATH

	# create temporary keychain
	security create-keychain -p "$KEYCHAIN_PASSWORD" $KEYCHAIN_PATH
	security set-keychain-settings -lut 21600 $KEYCHAIN_PATH
	security unlock-keychain -p "$KEYCHAIN_PASSWORD" $KEYCHAIN_PATH

	# import certificate to keychain
	security import $CERTIFICATE_PATH -P "$P12_PASSWORD" -A -t cert -f pkcs12 -k $KEYCHAIN_PATH
	security set-key-partition-list -S apple-tool:,apple: -k "$KEYCHAIN_PASSWORD" $KEYCHAIN_PATH
	security list-keychain -d user -s $KEYCHAIN_PATH

	- name: Package & notarize DMG
	run: \|
	./gradlew copyBrandingToCommonResources notarizeDmg -Porganization=${{ env.ORGANIZATION }} \
	-Pcompose.desktop.mac.sign=true \
	-Pcompose.desktop.mac.signing.identity="Open Observatory of Network Interference (OONI) ETS" \
	-Pcompose.desktop.mac.signing.keychain=$RUNNER_TEMP/app-signing.keychain-db \
	-Pcompose.desktop.mac.notarization.appleID=${{ secrets.APPLE_ID }} \
	-Pcompose.desktop.mac.notarization.password=${{ secrets.APPLE_ASP }} \
	-Pcompose.desktop.mac.notarization.teamID=${{ secrets.APPLE_TEAM_ID }}

	- name: Sparkle appcast generation
	run: ./gradlew generateSparkleAppCast -Porganization=${{ env.ORGANIZATION }}

	- name: Upload artifacts
	uses: actions/upload-artifact@v4
	with:
	name: desktopApps-macos-${{ github.run_id }}
	path: \|
	composeApp/build/compose/binaries/main/dmg/OONI Probe-*.dmg
	composeApp/build/compose/binaries/main/app/OONI Probe.app
	composeApp/macos-appcast.xml
	retention-days: 7

	package-windows:
	name: Package Windows app
	if: ${{ inputs.windows }}
	runs-on: windows-latest
	env:
	ORGANIZATION: ooni
	steps:
	- name: Checkout
	uses: actions/checkout@v4

	- name: Setup (repo action)
	uses: ./.github/actions/setup
	with:
	java_version: '23'

	- name: Package Exe
	shell: pwsh
	run: .\gradlew.bat copyBrandingToCommonResources packageExe -Porganization=${{ env.ORGANIZATION }}

	- name: Upload artifacts
	uses: actions/upload-artifact@v4
	with:
	name: desktopApps-windows-${{ github.run_id }}
	path: \|
	composeApp/build/compose/binaries/main/exe/OONI Probe-*.exe
	retention-days: 7

	package-linux:
	name: Package Linux app
	if: ${{ inputs.linux }}
	runs-on: ubuntu-latest
	env:
	ORGANIZATION: ooni
	steps:
	- name: Checkout
	uses: actions/checkout@v4

	- name: Setup (repo action)
	uses: ./.github/actions/setup
	with:
	java_version: '23'

	- name: Package Deb
	run: ./gradlew copyBrandingToCommonResources packageDeb -Porganization=${{ env.ORGANIZATION }}

	- name: Install libfuse2
	run: \|
	sudo add-apt-repository universe
	sudo apt-get update
	sudo apt-get install -y libfuse2

	- name: Package AppImage
	run: ./gradlew copyBrandingToCommonResources packageAppImage -Porganization=${{ env.ORGANIZATION }}

	- name: Upload artifacts
	uses: actions/upload-artifact@v4
	with:
	name: desktopApps-linux-${{ github.run_id }}
	path: \|
	composeApp/build/compose/binaries/main/deb/ooni-probe_*_amd64.deb
	composeApp/build/compose/binaries/main/appimage-workspace/OONI-Probe-*-x86_64.AppImage
	retention-days: 7

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Desktop package apps #42

Workflow file

Desktop package apps #42

Uh oh!

Workflow file for this run