Merge pull request #826 from NexaAI/chore/mengsheng/bump_version #176
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: NexaCLI on MacOS | |
| on: | |
| push: | |
| tags: | |
| - "v*" | |
| workflow_dispatch: | |
| jobs: | |
| build-cli: | |
| name: macos_${{ matrix.arch }} | |
| runs-on: ${{ matrix.runner }} | |
| env: | |
| ARCH: ${{ matrix.arch }} | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| include: | |
| - runner: macos-13 | |
| arch: x86_64 | |
| - runner: macos-14 | |
| arch: arm64 | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/checkout@v4 | |
| - name: Detect Tag Version | |
| if: startsWith(github.ref, 'refs/tags/v') | |
| run: echo "VERSION=${{ github.ref_name }}" >> $GITHUB_ENV | |
| - name: Detect Commit Hash | |
| if: github.event_name == 'workflow_dispatch' | |
| run: echo "VERSION=$(echo ${{ github.sha }} | cut -c1-7)" >> $GITHUB_ENV | |
| - name: Setup Go | |
| uses: actions/setup-go@v5 | |
| with: | |
| go-version: 1.24.3 | |
| cache-dependency-path: runner/go.sum | |
| - name: Download runtime | |
| run: | | |
| cd runner | |
| make download | |
| - name: Build Nexa Cli | |
| run: | | |
| cd runner | |
| make build | |
| rm build/ml.h | |
| - name: Upload Artifact | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: nexa-cli_macos_${{ matrix.arch }} | |
| path: runner/build | |
| include-hidden-files: true | |
| package-and-release: | |
| name: Package for macos_${{ matrix.arch }} | |
| needs: build-cli | |
| runs-on: ${{ matrix.runner }} | |
| if: github.ref_type == 'tag' | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| include: | |
| - runner: macos-13 | |
| arch: x86_64 | |
| - runner: macos-14 | |
| arch: arm64 | |
| env: | |
| VERSION: ${{ github.ref_name }} | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/checkout@v4 | |
| - name: Download build artifacts | |
| uses: actions/download-artifact@v4 | |
| with: | |
| name: nexa-cli_macos_${{ matrix.arch }} | |
| path: artifacts | |
| - name: Prepare file structure for packaging | |
| id: prep_files | |
| run: | | |
| chmod +x runner/release/darwin/scripts/prepackage.sh | |
| bash runner/release/darwin/scripts/prepackage.sh "${{ env.VERSION }}" | |
| - name: Fix dylib Linkages (RPATH) | |
| run: | | |
| RESOURCES_PATH="${{ env.APP_PATH }}/Contents/Resources" | |
| install_name_tool -add_rpath "@loader_path" "${RESOURCES_PATH}/nexa-cli" | |
| - name: Import Code Signing Certificates | |
| env: | |
| APP_CERTIFICATE_BASE64: ${{ secrets.APPLE_CERTIFICATE_BASE64 }} | |
| APP_CERTIFICATE_PASSWORD: ${{ secrets.APPLE_CERTIFICATE_PASSWORD }} | |
| INSTALLER_CERTIFICATE_BASE64: ${{ secrets.APPLE_INSTALLER_CERTIFICATE_BASE64 }} | |
| INSTALLER_CERTIFICATE_PASSWORD: ${{ secrets.APPLE_CERTIFICATE_PASSWORD }} | |
| run: | | |
| echo $APP_CERTIFICATE_BASE64 | base64 --decode > app_certificate.p12 | |
| echo $INSTALLER_CERTIFICATE_BASE64 | base64 --decode > installer_certificate.p12 | |
| security create-keychain -p "" build.keychain | |
| security default-keychain -s build.keychain | |
| security unlock-keychain -p "" build.keychain | |
| security import app_certificate.p12 -k build.keychain -P $APP_CERTIFICATE_PASSWORD -T /usr/bin/codesign | |
| security import installer_certificate.p12 -k build.keychain -P $INSTALLER_CERTIFICATE_PASSWORD -T /usr/bin/productsign | |
| security set-key-partition-list -S apple-tool:,apple:,codesign: -s -k "" build.keychain | |
| - name: Sign binaries and libraries | |
| run: | | |
| chmod +x runner/release/darwin/scripts/sign.sh | |
| bash runner/release/darwin/scripts/sign.sh "${{ env.APP_PATH }}" "${{ secrets.APPLE_ID_APPLICATION }}" | |
| - name: Build PKG | |
| run: | | |
| pkgbuild --root "${{ steps.prep_files.outputs.STAGING_DIR }}" \ | |
| --scripts "${{ steps.prep_files.outputs.SCRIPTS_DIR }}" \ | |
| --identifier "com.nexaai.nexa-sdk" \ | |
| --version "${{ env.VERSION }}" \ | |
| --install-location / \ | |
| "artifacts/nexa-cli_macos_${{ matrix.arch }}-unsigned.pkg" | |
| - name: Productsign PKG | |
| run: | | |
| productsign --sign "${{ secrets.APPLE_ID_INSTALLER }}" --timestamp "artifacts/nexa-cli_macos_${{ matrix.arch }}-unsigned.pkg" "artifacts/nexa-cli_macos_${{ matrix.arch }}.pkg" | |
| pkgutil --check-signature "artifacts/nexa-cli_macos_${{ matrix.arch }}.pkg" | |
| rm "artifacts/nexa-cli_macos_${{ matrix.arch }}-unsigned.pkg" | |
| - name: Notarize & Staple PKG | |
| run: | | |
| chmod +x runner/release/darwin/scripts/notarize.sh | |
| bash runner/release/darwin/scripts/notarize.sh \ | |
| "artifacts/nexa-cli_macos_${{ matrix.arch }}.pkg" \ | |
| "${{ secrets.APPLE_ID }}" \ | |
| "${{ secrets.APPLE_ID_PASSWORD }}" \ | |
| "${{ secrets.APPLE_TEAM_ID }}" | |
| - name: Create GitHub Release | |
| uses: softprops/action-gh-release@v2 | |
| with: | |
| repository: NexaAI/nexa-sdk | |
| tag_name: ${{ env.VERSION }} | |
| files: | | |
| artifacts/nexa-cli_macos_${{ matrix.arch }}.pkg | |
| draft: ${{ contains(github.ref, '-rc') }} | |
| generate_release_notes: true | |
| make_latest: ${{ !contains(github.ref, '-rc') }} | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.ZACK_ACCESS_TOKEN }} | |
| - name: Configure AWS credentials | |
| if: ${{ !contains(github.ref, '-rc') }} | |
| uses: aws-actions/configure-aws-credentials@v4 | |
| with: | |
| aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
| aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
| aws-region: us-west-1 | |
| - name: Sync to S3 | |
| if: ${{ !contains(github.ref, '-rc') }} | |
| shell: bash | |
| run: | | |
| aws s3 cp "artifacts/nexa-cli_macos_${{ matrix.arch }}.pkg" "s3://nexa-model-hub-bucket/public/nexa_sdk/downloads/nexa-cli_macos_${{ matrix.arch }}.pkg" |