ClaudeCodeUsage/.github/workflows/release.yml at main · webcpu/ClaudeCodeUsage · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
name: Release

on:
  push:
    tags:
      - 'v*.*.*'
  workflow_dispatch:
    inputs:
      version:
        description: 'Version number (e.g., 1.2.3)'
        required: true
        type: string

permissions:
  contents: write

jobs:
  build-and-release:
    name: Build and Release
    runs-on: macos-15

    steps:
      - name: Checkout
        uses: actions/checkout@v4

      - name: Determine version
        id: version
        run: |
          if [ "${{ github.event_name }}" = "push" ]; then
            VERSION="${GITHUB_REF#refs/tags/v}"
          else
            VERSION="${{ github.event.inputs.version }}"
          fi
          echo "version=$VERSION" >> $GITHUB_OUTPUT
          echo "Version: $VERSION"

      - name: Install dependencies
        run: brew install create-dmg

      - name: Install Apple certificate
        env:
          CERTIFICATE_BASE64: ${{ secrets.APPLE_DEVELOPER_ID_APPLICATION_CERT_BASE64 }}
          CERTIFICATE_PASSWORD: ${{ secrets.APPLE_DEVELOPER_ID_APPLICATION_CERT_PASSWORD }}
          KEYCHAIN_PASSWORD: ${{ github.run_id }}
        run: |
          # Create temporary keychain
          KEYCHAIN_PATH="$RUNNER_TEMP/app-signing.keychain-db"
          security create-keychain -p "$KEYCHAIN_PASSWORD" "$KEYCHAIN_PATH"
          security set-keychain-settings -lut 21600 "$KEYCHAIN_PATH"
          security unlock-keychain -p "$KEYCHAIN_PASSWORD" "$KEYCHAIN_PATH"

          # Import certificate
          CERT_PATH="$RUNNER_TEMP/certificate.p12"
          echo "$CERTIFICATE_BASE64" | base64 --decode > "$CERT_PATH"
          security import "$CERT_PATH" \
            -P "$CERTIFICATE_PASSWORD" \
            -A \
            -t cert \
            -f pkcs12 \
            -k "$KEYCHAIN_PATH"

          # Allow codesign access without prompts
          security set-key-partition-list -S apple-tool:,apple: \
            -s -k "$KEYCHAIN_PASSWORD" "$KEYCHAIN_PATH"

          # Add to search list (prepend to ensure it's found first)
          security list-keychains -d user -s "$KEYCHAIN_PATH" login.keychain

          # Verify certificate was imported
          echo "Verifying certificate..."
          security find-identity -v -p codesigning "$KEYCHAIN_PATH"

      - name: Build and create DMG
        env:
          DEVELOPER_ID_APPLICATION: "Developer ID Application: Liang Yuan (${{ secrets.APPLE_TEAM_ID }})"
          APPLE_ID: ${{ secrets.APPLE_ID }}
          APPLE_TEAM_ID: ${{ secrets.APPLE_TEAM_ID }}
          APPLE_APP_SPECIFIC_PASSWORD: ${{ secrets.APPLE_APP_SPECIFIC_PASSWORD }}
        run: |
          chmod +x scripts/create-dmg.sh
          ./scripts/create-dmg.sh --version "${{ steps.version.outputs.version }}"

      - name: Upload DMG artifact
        uses: actions/upload-artifact@v4
        with:
          name: ClaudeCodeUsage-${{ steps.version.outputs.version }}
          path: build/ClaudeCodeUsage.dmg
          if-no-files-found: error

      - name: Create GitHub Release
        uses: softprops/action-gh-release@v2
        with:
          name: ClaudeCodeUsage v${{ steps.version.outputs.version }}
          draft: false
          prerelease: ${{ contains(steps.version.outputs.version, '-') }}
          files: build/ClaudeCodeUsage.dmg
          generate_release_notes: true
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

      - name: Cleanup keychain
        if: always()
        run: |
          security delete-keychain "$RUNNER_TEMP/app-signing.keychain-db" || true