wonderbird/malimo

name: Pack for macOS

on:
  workflow_call:
    inputs:
      assembly_version:
        description: "Four number version for the .NET assembly, e.g. 0.1.8.180"
        required: true
        type: string
      is_dry_run:
        description: "Is this a dry run without actually notarizing the app by apple?"
        required: true
        type: boolean

jobs:
  pack_macos:
    name: Pack for macOS
    
    strategy:
      matrix:
        runtime:
          - osx.12-arm64
          - osx.12-x64

    env:
      PUBLISH_DIR: malimo.${{ matrix.runtime }}
      PUBLISH_ZIP_FILENAME: malimo.${{ matrix.runtime }}.bottle.zip
      NOTARIZE_LOG_FILENAME: notarize_log.${{ matrix.runtime }}.json

    runs-on: macos-latest
    
    steps:
      - uses: actions/checkout@v3

      - name: Setup .NET
        uses: actions/setup-dotnet@v3
        with:
          dotnet-version: 7.0.x

      - name: Create application
        run: |
          dotnet publish malimo/malimo.csproj --configuration Release --runtime "${{ matrix.runtime }}" --self-contained true -p:PublishSingleFile=true -p:Version=${{ inputs.assembly_version }} --output "${{ env.PUBLISH_DIR }}"

      - name: Prepare release files
        run: |
          rm -vf "${{ env.PUBLISH_DIR }}/malimo.pdb"
          chmod +x "${{ env.PUBLISH_DIR }}/malimo"
          cp -v LICENSE README.md CHANGELOG.md "${{ env.PUBLISH_DIR }}"

      - name: Add cert to keychain
        if: ${{ inputs.is_dry_run == false }}
        uses: apple-actions/import-codesign-certs@v2
        with:
          p12-file-base64: ${{ secrets.APPLE_DEVELOPER_ID_APP_CERTIFICATE_BASE64 }}
          p12-password: ${{ secrets.APPLE_DEVELOPER_ID_APP_CERTIFICATE_PASSWORD }}

      - name: Sign application
        if: ${{ inputs.is_dry_run == false }}
        run: |
          /bin/sh ./build/SignMac.sh "${{ env.PUBLISH_DIR }}/malimo" "Developer ID Application: Stefan Boos" "./build/entitlements.plist"

      - name: ZIP application
        run: |
          ditto -c --sequesterRsrc -k -V "${{ env.PUBLISH_DIR }}" "${{ env.PUBLISH_ZIP_FILENAME }}"

      - name: Notarize application
        if: ${{ inputs.is_dry_run == false }}
        run: |
          /bin/sh ./build/Notarize.sh "xpdbumm@boos.systems" "${{ secrets.APPLE_ID_APP_SPECIFIC_PASSWORD }}" "M9YN683HBZ" "${{ env.PUBLISH_ZIP_FILENAME }}"

      - name: Attach notarize log to build artifacts
        if: ${{ inputs.is_dry_run == false }}
        uses: actions/upload-artifact@v3
        with:
          name: ${{ env.NOTARIZE_LOG_FILENAME }}
          path: ./notarize_log.json
          retention-days: ${{ env.RETENTION_DAYS }}

      - name: Attach application to build artifacts
        uses: actions/upload-artifact@v3
        with:
          name: ${{ env.PUBLISH_ZIP_FILENAME }}
          path: ${{ env.PUBLISH_ZIP_FILENAME }}
          retention-days: ${{ env.RETENTION_DAYS }}