Update dependency net.harawata:appdirs to v1.5.0 (#14068) #5893
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Binaries | |
| on: | |
| push: | |
| branches: | |
| - main | |
| - main-release | |
| paths-ignore: | |
| - 'docs/**' | |
| - 'src/test/**' | |
| - 'README.md' | |
| tags: | |
| - '*' | |
| pull_request: | |
| types: | |
| - opened | |
| - synchronize | |
| - reopened | |
| - labeled | |
| merge_group: | |
| workflow_dispatch: | |
| inputs: | |
| notarization: | |
| type: boolean | |
| required: false | |
| default: false | |
| permissions: | |
| actions: write | |
| contents: read | |
| pull-requests: write | |
| env: | |
| SpringerNatureAPIKey: ${{ secrets.SpringerNatureAPIKey }} | |
| AstrophysicsDataSystemAPIKey: ${{ secrets.AstrophysicsDataSystemAPIKey }} | |
| IEEEAPIKey: ${{ secrets.IEEEAPIKey }} | |
| BiodiversityHeritageApiKey: ${{ secrets.BiodiversityHeritageApiKey}} | |
| OSXCERT: ${{ secrets.OSX_SIGNING_CERT }} | |
| GRADLE_OPTS: -Xmx4g -Dorg.gradle.vfs.watch=false | |
| JAVA_OPTS: -Xmx4g | |
| concurrency: | |
| group: "${{ github.workflow }}-${{ github.head_ref || github.ref }}-${{ github.event_name }}" | |
| cancel-in-progress: true | |
| jobs: | |
| conditions: | |
| runs-on: ubuntu-latest | |
| outputs: | |
| upload-to-builds-jabref-org: ${{ steps.binary.outputs.upload-to-builds-jabref-org }} | |
| secretspresent: ${{ steps.binary.outputs.secretspresent }} | |
| tagbuild: ${{ steps.binary.outputs.tagbuild }} | |
| # requried to avoid obsolete builds in case of labels != "dev: binaries" | |
| should-build: ${{ steps.binary.outputs.should-build }} | |
| should-notarize: ${{ steps.binary.outputs.should-notarize }} | |
| steps: | |
| - name: Determine conditions | |
| id: binary | |
| shell: bash | |
| env: | |
| BUILDJABREFPRIVATEKEY: ${{ secrets.buildJabRefPrivateKey }} | |
| GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| EVENT_NAME: ${{ github.event_name }} | |
| LABEL_NAME: ${{ github.event.label.name }} | |
| REPO_OWNER: ${{ github.repository_owner }} | |
| run: | | |
| if [[ "$GITHUB_WORKFLOW" == *"early access"* && "$REPO_OWNER" != "JabRef" ]]; then | |
| echo "🚫 Early access workflow for JabRef disabled for non-JabRef owner" | |
| echo "should-build=false" >> "$GITHUB_OUTPUT" | |
| exit 0 | |
| fi | |
| if [[ "$EVENT_NAME" != "labeled" || "$LABEL_NAME" == "automerge" || "$LABEL_NAME" == "dev: binaries" ]]; then | |
| echo "📦 build enabled" | |
| echo "should-build=true" >> "$GITHUB_OUTPUT" | |
| else | |
| echo "🚫 build should be skipped" | |
| echo "should-build=false" >> "$GITHUB_OUTPUT" | |
| exit 0 | |
| fi | |
| if [ -z "$BUILDJABREFPRIVATEKEY" ]; then | |
| echo "upload-to-builds-jabref-org=false" >> "$GITHUB_OUTPUT" | |
| echo "secretspresent=false" >> "$GITHUB_OUTPUT" | |
| echo "🚫 Secret BUILDJABREFPRIVATEKEY not present – skipping upload" | |
| exit 0 | |
| fi | |
| echo "secretspresent=true" >> "$GITHUB_OUTPUT" | |
| if [[ "$GITHUB_REF" == refs/heads/gh-readonly-queue* ]]; then | |
| echo "upload-to-builds-jabref-org=false" >> "$GITHUB_OUTPUT" | |
| echo "🚫 merge queue – skipping upload" | |
| exit 0 | |
| fi | |
| if [[ "${GITHUB_REF}" == refs/tags/* ]]; then | |
| echo "tagbuild=true" >> "$GITHUB_OUTPUT" | |
| else | |
| echo "tagbuild=false" >> "$GITHUB_OUTPUT" | |
| fi | |
| if [[ "${GITHUB_REF}" == refs/tags/* ]] || [[ "${{ inputs.notarization }}" == "true" ]]; then | |
| # This workflow runs on ubuntu-latest even for notarization for macOS; need to check later if really on macOS | |
| echo "🧾 macOS notarization" | |
| echo "should-notarize=true" >> "$GITHUB_OUTPUT" | |
| echo "☁️ will upload" | |
| echo "upload-to-builds-jabref-org=true" >> "$GITHUB_OUTPUT" | |
| exit 0; | |
| else | |
| echo "🚫 no macOS notarization" | |
| echo "should-notarize=false" >> "$GITHUB_OUTPUT" | |
| fi | |
| if [ "${{ github.event_name }}" != "pull_request" ]; then | |
| echo "upload-to-builds-jabref-org=true" >> "$GITHUB_OUTPUT" | |
| echo "☁️ Non-PR event – will upload" | |
| exit 0 | |
| fi | |
| LABELS=$(gh api repos/${{ github.repository }}/issues/${{ github.event.pull_request.number }}/labels --jq '.[].name') | |
| if echo "$LABELS" | grep -q "^dev: binaries$"; then | |
| echo "upload-to-builds-jabref-org=true" >> "$GITHUB_OUTPUT" | |
| echo "☁️ Label 'dev: binaries' found – will upload" | |
| else | |
| echo "upload-to-builds-jabref-org=false" >> "$GITHUB_OUTPUT" | |
| echo "🚫 Label 'dev: binaries' not found – skipping upload" | |
| fi | |
| build: | |
| needs: [conditions] | |
| if: ${{ needs.conditions.outputs.should-build == 'true' }} | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| include: | |
| # if you change the os version rename all other occurrences | |
| - os: ubuntu-22.04 | |
| displayName: linux | |
| archivePortable: tar -c -C jabgui/build/packages/ubuntu-22.04 JabRef | pigz --rsyncable > jabgui/build/packages/ubuntu-22.04/JabRef-portable_linux.tar.gz && rm -R jabgui/build/packages/ubuntu-22.04/JabRef | |
| archivePortableJabKit: tar -c -C jabkit/build/packages/ubuntu-22.04 jabkit | pigz --rsyncable > jabkit/build/packages/ubuntu-22.04/jabkit-portable_linux.tar.gz && rm -R jabkit/build/packages/ubuntu-22.04/jabkit | |
| suffix: '' | |
| archForDebianRepack: '_amd64' | |
| - os: ubuntu-22.04-arm | |
| displayName: linux-arm | |
| archivePortable: tar -c -C jabgui/build/packages/ubuntu-22.04-arm JabRef | pigz --rsyncable > jabgui/build/packages/ubuntu-22.04-arm/JabRef-portable_linux_arm64.tar.gz && rm -R jabgui/build/packages/ubuntu-22.04-arm/JabRef | |
| archivePortableJabKit: tar -c -C jabkit/build/packages/ubuntu-22.04-arm jabkit | pigz --rsyncable > jabkit/build/packages/ubuntu-22.04-arm/jabkit-portable_linux_arm64.tar.gz && rm -R jabkit/build/packages/ubuntu-22.04-arm/jabkit | |
| suffix: '_arm64' | |
| archForDebianRepack: '_arm64' | |
| - os: windows-latest | |
| displayName: windows | |
| archivePortable: 7z a -r jabgui/build/packages/windows-latest/JabRef-portable_windows.zip ./jabgui/build/packages/windows-latest/JabRef && rm -R jabgui/build/packages/windows-latest/JabRef | |
| archivePortableJabKit: 7z a -r jabkit/build/packages/windows-latest/jabkit-portable_windows.zip ./jabkit/build/packages/windows-latest/jabkit && rm -R jabkit/build/packages/windows-latest/jabkit | |
| suffix: '' | |
| archForDebianRepack: '' | |
| - os: macos-15-intel # intel image | |
| displayName: macOS | |
| archivePortable: 7z a -r jabgui/build/packages/macos-15-intel/JabRef-portable_macos.zip ./jabgui/build/packages/macos-15-intel/JabRef.app && rm -R jabgui/build/packages/macos-15-intel/JabRef.app | |
| archivePortableJabKit: 7z a -r jabkit/build/packages/macos-15-intel/jabkit-portable_macos.zip ./jabkit/build/packages/macos-15-intel/jabkit.app && rm -R jabkit/build/packages/macos-15-intel/jabkit.app | |
| suffix: '' | |
| archForDebianRepack: '' | |
| - os: macos-15 | |
| displayName: macOS-arm | |
| archivePortable: 7z a -r jabgui/build/packages/macos-15/JabRef-portable_macos-arm.zip ./jabgui/build/packages/macos-15/JabRef.app && rm -R jabgui/build/packages/macos-15/JabRef.app | |
| archivePortableJabKit: 7z a -r jabkit/build/packages/macos-15/jabkit-portable_macos-arm.zip ./jabkit/build/packages/macos-15/jabkit.app && rm -R jabkit/build/packages/macos-15/jabkit.app | |
| suffix: '_arm64' | |
| archForDebianRepack: '' | |
| runs-on: ${{ matrix.os }} | |
| outputs: | |
| major: ${{ steps.gitversion.outputs.Major }} | |
| minor: ${{ steps.gitversion.outputs.Minor }} | |
| branchname: ${{ steps.gitversion.outputs.branchName }} | |
| name: ${{ matrix.displayName }} installer and portable version | |
| steps: | |
| - name: Fetch all history for all tags and branches | |
| uses: actions/checkout@v5 | |
| with: | |
| fetch-depth: 0 | |
| submodules: 'true' | |
| show-progress: 'false' | |
| - name: Install pigz and cache (linux) | |
| if: (startsWith(matrix.os, 'ubuntu')) | |
| uses: awalsh128/cache-apt-pkgs-action@latest | |
| with: | |
| packages: pigz | |
| version: 1.0 | |
| - name: Install GitVersion | |
| uses: gittools/actions/gitversion/[email protected] | |
| with: | |
| versionSpec: "5.x" | |
| - name: Run GitVersion | |
| id: gitversion | |
| uses: gittools/actions/gitversion/[email protected] | |
| - name: Setup JDK | |
| uses: actions/setup-java@v5 | |
| with: | |
| java-version: '24' | |
| distribution: 'corretto' | |
| check-latest: true | |
| - name: Setup Gradle | |
| uses: gradle/actions/setup-gradle@v5 | |
| - name: Generate JBang cache key | |
| id: cache-key | |
| shell: bash | |
| run: | | |
| echo "cache_key=jbang-$(date +%F)" >> $GITHUB_OUTPUT | |
| - name: Use cache | |
| uses: actions/cache@v4 | |
| with: | |
| path: ~/.jbang | |
| key: ${{ steps.cache-key.outputs.cache_key }} | |
| restore-keys: | |
| jbang- | |
| - name: Setup JBang | |
| uses: jbangdev/setup-jbang@main | |
| - name: Setup macOS key chain | |
| if: (startsWith(matrix.os, 'macos')) && (needs.conditions.outputs.secretspresent == 'true') | |
| uses: slidoapp/import-codesign-certs@1923310662e8682dd05b76b612b53301f431cd5d | |
| with: | |
| p12-file-base64: ${{ secrets.OSX_SIGNING_CERT }} | |
| p12-password: ${{ secrets.OSX_CERT_PWD }} | |
| keychain-password: jabref | |
| - name: Setup macOS key chain for app id cert | |
| if: (startsWith(matrix.os, 'macos')) && (needs.conditions.outputs.secretspresent == 'true') | |
| uses: slidoapp/import-codesign-certs@1923310662e8682dd05b76b612b53301f431cd5d | |
| with: | |
| p12-file-base64: ${{ secrets.OSX_SIGNING_CERT_APPLICATION }} | |
| p12-password: ${{ secrets.OSX_CERT_PWD }} | |
| create-keychain: false | |
| keychain-password: jabref | |
| - name: Build runtime image and installer | |
| shell: bash | |
| run: ./gradlew -i -PprojVersion="${{ steps.gitversion.outputs.AssemblySemVer }}" -PprojVersionInfo="${{ steps.gitversion.outputs.InformationalVersion }}" :jabgui:jpackage | |
| - name: Package JabGui application image | |
| shell: bash | |
| run: | | |
| set -e | |
| ${{ matrix.archivePortable }} | |
| - name: Rename files | |
| shell: pwsh | |
| run: | | |
| get-childitem -Path 'jabgui/build/packages/*/*' | rename-item -NewName {$_.name -replace "${{ steps.gitversion.outputs.AssemblySemVer }}","${{ steps.gitversion.outputs.Major }}.${{ steps.gitversion.outputs.Minor }}${{ matrix.suffix }}"} | |
| - name: Repack deb file for Debian | |
| if: (startsWith(matrix.os, 'ubuntu')) | |
| shell: bash | |
| run: | | |
| cd jabgui/build/packages/${{ matrix.os }} | |
| ls -l | |
| ar x jabref_${{ steps.gitversion.outputs.Major }}.${{ steps.gitversion.outputs.Minor }}${{ matrix.suffix }}${{ matrix.archForDebianRepack }}.deb | |
| rm jabref_${{ steps.gitversion.outputs.Major }}.${{ steps.gitversion.outputs.Minor }}${{ matrix.suffix }}${{ matrix.archForDebianRepack }}.deb | |
| zstd -d < control.tar.zst | xz > control.tar.xz | |
| zstd -d < data.tar.zst | xz > data.tar.xz | |
| ar -m -c -a sdsd jabref_${{ steps.gitversion.outputs.Major }}.${{ steps.gitversion.outputs.Minor }}${{ matrix.suffix }}${{ matrix.archForDebianRepack }}_repackaged.deb debian-binary control.tar.xz data.tar.xz | |
| rm debian-binary control.tar.* data.tar.* | |
| mv -f jabref_${{ steps.gitversion.outputs.Major }}.${{ steps.gitversion.outputs.Minor }}${{ matrix.suffix }}${{ matrix.archForDebianRepack }}_repackaged.deb jabref_${{ steps.gitversion.outputs.Major }}.${{ steps.gitversion.outputs.Minor }}${{ matrix.suffix }}.deb | |
| - name: Build JabKit | |
| shell: bash | |
| run: ./gradlew -i -PprojVersion="${{ steps.gitversion.outputs.AssemblySemVer }}" -PprojVersionInfo="${{ steps.gitversion.outputs.InformationalVersion }}" :jabkit:jpackage | |
| - name: Package JabKit application image | |
| shell: bash | |
| run: | | |
| set -e | |
| ${{ matrix.archivePortableJabKit }} | |
| # region Upload to builds.jabref.org / GitHub artifacts store | |
| - name: Setup SSH key | |
| if: (needs.conditions.outputs.upload-to-builds-jabref-org == 'true') | |
| run: | | |
| echo "${{ secrets.buildJabRefPrivateKey }}" > sshkey | |
| chmod 600 sshkey | |
| - name: Check disk space on builds.jabref.org | |
| if: (needs.conditions.outputs.upload-to-builds-jabref-org == 'true') | |
| id: diskspace | |
| shell: bash | |
| run: | | |
| USAGE=$(ssh -p 9922 -i sshkey -o StrictHostKeyChecking=no [email protected] \ | |
| "df --output=pcent /var/www/builds.jabref.org | tail -n1 | tr -dc '0-9'") | |
| echo "Remote usage: $USAGE%" | |
| if [ "$USAGE" -lt 90 ]; then | |
| echo "available=true" >> "$GITHUB_OUTPUT" | |
| else | |
| echo "available=false" >> "$GITHUB_OUTPUT" | |
| fi | |
| - name: Setup rsync (macOS) | |
| if: ${{ (steps.diskspace.outputs.available == 'true') && (startsWith(matrix.os, 'macos') && (needs.conditions.outputs.upload-to-builds-jabref-org == 'true')) }} | |
| run: brew install rsync | |
| - name: Setup rsync (Windows) | |
| if: ${{ (steps.diskspace.outputs.available == 'true') && (matrix.os == 'windows-latest') }} | |
| # We want to have rsync available at this place to avoid uploading and downloading from GitHub artifact store (taking > 5 minutes in total) | |
| # We cannot use "action-rsyncer", because that requires Docker which is unavailable on Windows | |
| # We cannot use "setup-rsync", because that does not work on Windows | |
| # We do not use egor-tensin/setup-cygwin@v4, because it replaces the default shell | |
| # We need to use v6.4.4 as v6.4.5 misses "lib\rsync\tools\bin\ssh.exe" | |
| run: choco install rsync --version=6.4.4 | |
| - name: Upload jabgui to builds.jabref.org (Windows) | |
| if: ${{ (steps.diskspace.outputs.available == 'true') && (matrix.os == 'windows-latest') }} | |
| shell: cmd | |
| # for rsync installed by chocolatey, we need the ssh.exe delivered with that installation | |
| run: | | |
| rsync -rt --chmod=Du=rwx,Dg=rx,Do=rx,Fu=rw,Fg=r,Fo=r --itemize-changes --stats --rsync-path="mkdir -p /var/www/builds.jabref.org/www/${{ steps.gitversion.outputs.branchName }} && rsync" -e 'C:\ProgramData\chocolatey\lib\rsync\tools\bin\ssh.exe -p 9922 -i sshkey -o StrictHostKeyChecking=no' jabgui/build/packages/${{ matrix.os }}/ [email protected]:/var/www/builds.jabref.org/www/${{ steps.gitversion.outputs.branchName }}/ || true | |
| - name: Upload jabkkit to builds.jabref.org (Windows) | |
| if: ${{ (steps.diskspace.outputs.available == 'true') && (matrix.os == 'windows-latest') }} | |
| shell: cmd | |
| # for rsync installed by chocolatey, we need the ssh.exe delivered with that installation | |
| run: | | |
| rsync -rt --chmod=Du=rwx,Dg=rx,Do=rx,Fu=rw,Fg=r,Fo=r --itemize-changes --stats --rsync-path="mkdir -p /var/www/builds.jabref.org/www/${{ steps.gitversion.outputs.branchName }} && rsync" -e 'C:\ProgramData\chocolatey\lib\rsync\tools\bin\ssh.exe -p 9922 -i sshkey -o StrictHostKeyChecking=no' jabkit/build/packages/${{ matrix.os }}/ [email protected]:/var/www/builds.jabref.org/www/${{ steps.gitversion.outputs.branchName }}/ || true | |
| - name: Upload jabgui to builds.jabref.org (linux, macOS) | |
| if: ${{ (steps.diskspace.outputs.available == 'true') && (startsWith(matrix.os, 'macos') || startsWith(matrix.os, 'ubuntu')) }} | |
| shell: bash | |
| run: | | |
| rsync -rt --chmod=Du=rwx,Dg=rx,Do=rx,Fu=rw,Fg=r,Fo=r --itemize-changes --stats --rsync-path="mkdir -p /var/www/builds.jabref.org/www/${{ steps.gitversion.outputs.branchName }} && rsync" -e 'ssh -p 9922 -i sshkey -o StrictHostKeyChecking=no' jabgui/build/packages/${{ matrix.os }}/ [email protected]:/var/www/builds.jabref.org/www/${{ steps.gitversion.outputs.branchName }}/ || true | |
| - name: Upload jabkit to builds.jabref.org (linux, macOS) | |
| if: ${{ (steps.diskspace.outputs.available == 'true') && (startsWith(matrix.os, 'macos') || startsWith(matrix.os, 'ubuntu')) }} | |
| shell: bash | |
| run: | | |
| rsync -rt --chmod=Du=rwx,Dg=rx,Do=rx,Fu=rw,Fg=r,Fo=r --itemize-changes --stats --rsync-path="mkdir -p /var/www/builds.jabref.org/www/${{ steps.gitversion.outputs.branchName }} && rsync" -e 'ssh -p 9922 -i sshkey -o StrictHostKeyChecking=no' jabkit/build/packages/${{ matrix.os }}/ [email protected]:/var/www/builds.jabref.org/www/${{ steps.gitversion.outputs.branchName }}/ || true | |
| - name: Upload to GitHub workflow artifacts store (macOS) | |
| if: ${{ (startsWith(matrix.os, 'macos')) && (needs.conditions.outputs.should-notarize == 'true') }} | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| # tbn = to-be-notarized | |
| name: JabRef-${{ matrix.os }}-tbn | |
| path: | | |
| jabgui/build/packages/${{ matrix.os }} | |
| jabkit/build/packages/${{ matrix.os }} | |
| compression-level: 0 # no compression | |
| # endregion | |
| comment-on-pr: | |
| name: Comment on PR | |
| # separate job, because it should wait until all binaries are available | |
| needs: [conditions, build] | |
| if: ${{ (github.event_name == 'pull_request') && (needs.conditions.outputs.upload-to-builds-jabref-org == 'true') }} | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Comment PR | |
| uses: thollander/actions-comment-pull-request@v3 | |
| with: | |
| message: | | |
| The build of this PR is available at <https://builds.jabref.org/pull/${{ github.event.pull_request.number }}/merge>. | |
| comment-tag: download-link | |
| mode: recreate | |
| comment-on-issue: | |
| name: Comment on issue | |
| # separate job, because it should wait until all binaries are available | |
| needs: [conditions, build] | |
| if: ${{ (github.event_name == 'pull_request') && (needs.conditions.outputs.upload-to-builds-jabref-org == 'true') }} | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: echo PR data | |
| run: | | |
| echo "PR Number: ${{ github.event.pull_request.number }}" | |
| echo "PR URL: ${{ github.event.pull_request.html_url }}" | |
| cat <<EOF | |
| PR Body: | |
| ${{ github.event.pull_request.body }} | |
| EOF | |
| - name: Determine issue number | |
| id: get_issue_number | |
| uses: koppor/ticket-check-action@add-output | |
| with: | |
| token: ${{ secrets.GITHUB_TOKEN }} | |
| ticketLink: 'https://github.com/JabRef/jabref/issues/%ticketNumber%' | |
| ticketPrefix: '#' | |
| titleRegex: '^#(?<ticketNumber>\d+)' | |
| branchRegex: '^(?<ticketNumber>\d+)' | |
| # Matches GitHub's closes/fixes/resolves #{number}, but does not match our example `Closes #13109` in PULL_REQUEST_TEMPLATE | |
| bodyRegex: '(?<action>fixes|closes|resolves)\s+(?:https?:\/\/github\.com\/JabRef\/jabref\/issues\/)?#?(?<ticketNumber>(?!13109\b)\d+)' | |
| bodyRegexFlags: 'i' | |
| outputOnly: true | |
| - name: Comment on issue | |
| if: ${{ steps.get_issue_number.outputs.ticketNumber != '-1' }} | |
| uses: thollander/actions-comment-pull-request@v3 | |
| with: | |
| pr-number: ${{ steps.get_issue_number.outputs.ticketNumber }} | |
| message: > | |
| A pull request addressing the issue has been created. | |
| The build of this PR is available at <https://builds.jabref.org/pull/${{ github.event.pull_request.number }}/merge>. | |
| For any feedback, add a comment to the pull request at ${{ github.event.pull_request.html_url }}. | |
| comment-tag: download-link | |
| mode: recreate | |
| notarize: | |
| # Outsourced in a separate job to be able to rerun if this fails for timeouts | |
| name: macOS notarization | |
| needs: [conditions, build] | |
| if: ${{ needs.conditions.outputs.should-notarize == 'true' }} | |
| strategy: | |
| # Ensure that calls to Apple are sequentially made | |
| max-parallel: 1 | |
| matrix: | |
| include: | |
| - os: macos-15 | |
| displayName: macOS (ARM64) | |
| suffix: '_arm64' | |
| - os: macos-15-intel # intel image | |
| displayName: macOS | |
| suffix: '' | |
| runs-on: ${{ matrix.os }} | |
| steps: | |
| - name: Download from GitHub workflow artifacts store (macOS) | |
| uses: actions/download-artifact@v5 | |
| with: | |
| name: JabRef-${{ matrix.os }}-tbn | |
| - name: Notarize dmg | |
| shell: bash | |
| run: | | |
| cd jabgui | |
| find . -type f | |
| xcrun notarytool store-credentials "notarytool-profile" --apple-id "[email protected]" --team-id "6792V39SK3" --password "${{ secrets.OSX_NOTARIZATION_APP_PWD }}" | |
| xcrun notarytool submit packages/${{ matrix.os }}/JabRef-${{ needs.build.outputs.major }}.${{ needs.build.outputs.minor }}${{ matrix.suffix}}.dmg --keychain-profile "notarytool-profile" --wait | |
| xcrun stapler staple packages/${{ matrix.os }}/JabRef-${{ needs.build.outputs.major }}.${{ needs.build.outputs.minor }}${{ matrix.suffix}}.dmg | |
| - name: Notarize pkg | |
| shell: bash | |
| run: | | |
| cd jabgui | |
| xcrun notarytool store-credentials "notarytool-profile" --apple-id "[email protected]" --team-id "6792V39SK3" --password "${{ secrets.OSX_NOTARIZATION_APP_PWD }}" | |
| xcrun notarytool submit packages/${{ matrix.os }}/JabRef-${{ needs.build.outputs.major }}.${{ needs.build.outputs.minor }}${{ matrix.suffix}}.pkg --keychain-profile "notarytool-profile" --wait | |
| xcrun stapler staple packages/${{ matrix.os }}/JabRef-${{ needs.build.outputs.major }}.${{ needs.build.outputs.minor }}${{ matrix.suffix}}.pkg | |
| - name: Upload to builds.jabref.org | |
| shell: bash | |
| run: | | |
| echo "${{ secrets.buildJabRefPrivateKey }}" > sshkey | |
| chmod 600 sshkey | |
| rsync -rt --chmod=Du=rwx,Dg=rx,Do=rx,Fu=rw,Fg=r,Fo=r --itemize-changes --stats --rsync-path="mkdir -p /var/www/builds.jabref.org/www/${{ needs.build.outputs.branchname }} && rsync" -e 'ssh -p 9922 -i sshkey -o StrictHostKeyChecking=no' jabgui/build/packages/${{ matrix.os }}/ [email protected]:/var/www/builds.jabref.org/www/${{ needs.build.outputs.branchname }}/ |