Upload builds to CloudFlare R2

Upload unpacked builds for MacOS to CloudFlare R2 when changes are pushed to the `dev` branch. In addition, improve `.gitignore` for VSCode.
created macos-online-installer and repository for v4
2026-05-08 14:33:23 +00:00 · 2023-10-31 00:39:39 +07:00 · 2023-10-26 21:43:45 +08:00
5 changed files with 126 additions and 7 deletions
--- a/.github/workflows/deploy.yml
+++ b/.github/workflows/deploy.yml
@@ -1,6 +1,5 @@
 name: 'Deploy workflow'

-
 on: [push]

 jobs:
@@ -249,12 +248,21 @@ jobs:
        export QIF_BIN_DIR="${{ runner.temp }}/Qt/Tools/QtInstallerFramework/${{ env.QIF_VERSION }}/bin"
        bash deploy/build_macos.sh

+    - name: 'Upload upacked build to update server'
+      if: github.ref_name == 'dev'
+      env:
+        MACOS_UNPACKED_BUILD_PATH: deploy/build/installer/amneziavpn-macos-repository
+        AWS_ACCESS_KEY_ID: ${{ secrets.CF_R2_ACCESS_KEY_ID }}
+        AWS_SECRET_ACCESS_KEY: ${{ secrets.CF_R2_SECRET_ACCESS_KEY }}
+      run: aws s3 sync --endpoint-url https://${{ vars.CF_ACCOUNT_ID }}.r2.cloudflarestorage.com ${{ env.MACOS_UNPACKED_BUILD_PATH }} s3://updates/beta/macos --delete
+
    - name: 'Upload installer artifact'
      uses: actions/upload-artifact@v3
      with:
        name: AmneziaVPN_MacOS_installer
        path: AmneziaVPN.dmg
        retention-days: 7
+
    - name: 'Upload unpacked artifact'
      uses: actions/upload-artifact@v3
      with:
--- a/.gitignore
+++ b/.gitignore
@@ -9,7 +9,7 @@ deploy/build_32/*
 deploy/build_64/*
 winbuild*.bat
 .cache/
-
+.vscode/

 # Qt-es
 /.qmake.cache
--- a/deploy/build_macos.sh
+++ b/deploy/build_macos.sh
@@ -163,7 +163,18 @@ if [ "${MAC_CERT_PW+x}" ]; then
  fi
 fi

-echo "Finished, artifact is $DMG_FILENAME"
-
+echo "Finished to generate local installer, artifact is $DMG_FILENAME"
 # restore keychain
 security default-keychain -s login.keychain
+
+echo "Generate online installer and repository..."
+
+cd $PROJECT_DIR
+DIRNAME=$0
+if [ "${DIRNAME:0:1}" = "/" ];then
+    CURDIR=`dirname $DIRNAME`
+else
+    CURDIR="`pwd`"/"`dirname $DIRNAME`"
+fi
+
+source $CURDIR/build_macos_online_installer.sh
--- a/deploy/build_macos_online_installer.sh
+++ b/deploy/build_macos_online_installer.sh
@@ -0,0 +1,100 @@
+#!/bin/bash
+echo "___________________________________________________________________"
+echo "..................repository and online installer.................."
+echo "___________________________________________________________________"
+
+set -o errexit -o nounset
+
+while getopts n flag
+do
+    case "${flag}" in
+        n) NOTARIZE_APP=1;;
+    esac
+done
+
+# Hold on to current directory
+PROJECT_DIR=$(pwd)
+DEPLOY_DIR=$PROJECT_DIR/deploy
+
+mkdir -p $DEPLOY_DIR/build
+BUILD_DIR=$DEPLOY_DIR/build
+
+echo "Project dir: ${PROJECT_DIR}" 
+echo "Build dir: ${BUILD_DIR}"
+
+APP_NAME=amneziavpn-online-installer
+APP_FILENAME=$APP_NAME.app
+APP_DOMAIN=org.amneziavpn.package
+PLIST_NAME=$APP_NAME.plist
+
+REPO_NAME=amneziavpn-macos-repository
+
+OUT_APP_DIR=$BUILD_DIR/client
+BUNDLE_DIR=$OUT_APP_DIR/$APP_FILENAME
+
+PREBUILT_DEPLOY_DATA_DIR=$PROJECT_DIR/deploy/data/deploy-prebuilt/macos
+DEPLOY_DATA_DIR=$PROJECT_DIR/deploy/data/macos
+
+INSTALLER_DATA_DIR=$BUILD_DIR/installer/packages/$APP_DOMAIN/data
+INSTALLER_BUNDLE_DIR=$BUILD_DIR/installer/$APP_FILENAME
+DMG_FILENAME=$PROJECT_DIR/${APP_NAME}.dmg
+
+# Search Qt
+if [ -z "${QT_VERSION+x}" ]; then
+QT_VERSION=6.5.1;
+QIF_VERSION=4.6
+QT_BIN_DIR=$HOME/Qt/$QT_VERSION/macos/bin
+QIF_BIN_DIR=$QT_BIN_DIR/../../../Tools/QtInstallerFramework/$QIF_VERSION/bin
+fi
+
+echo "Using Qt in $QT_BIN_DIR"
+echo "Using QIF in $QIF_BIN_DIR"
+
+
+echo "Generating repository..."
+$QIF_BIN_DIR/repogen -p $BUILD_DIR/installer/packages $BUILD_DIR/installer/$REPO_NAME
+
+echo "Building online installer..."
+$QIF_BIN_DIR/binarycreator --online-only -c $BUILD_DIR/installer/config/macos.xml -p $BUILD_DIR/installer/packages $INSTALLER_BUNDLE_DIR
+
+
+if [ "${MAC_CERT_PW+x}" ]; then
+  echo "Signing installer bundle..."
+  security unlock-keychain -p $TEMP_PASS $KEYCHAIN
+  /usr/bin/codesign --deep --force --verbose --timestamp -o runtime --sign "$MAC_SIGNER_ID" $INSTALLER_BUNDLE_DIR
+  /usr/bin/codesign --verify -vvvv $INSTALLER_BUNDLE_DIR || true
+
+  if [ "${NOTARIZE_APP+x}" ]; then
+    echo "Notarizing installer bundle..."
+    /usr/bin/ditto -c -k --keepParent $INSTALLER_BUNDLE_DIR $PROJECT_DIR/Installer_bundle_to_notarize.zip
+    xcrun notarytool submit $PROJECT_DIR/Installer_bundle_to_notarize.zip --apple-id $APPLE_DEV_EMAIL --team-id $MAC_TEAM_ID --password $APPLE_DEV_PASSWORD
+    rm $PROJECT_DIR/Installer_bundle_to_notarize.zip
+    sleep 300
+    xcrun stapler staple $INSTALLER_BUNDLE_DIR
+    xcrun stapler validate $INSTALLER_BUNDLE_DIR
+    spctl -a -vvvv $INSTALLER_BUNDLE_DIR || true
+  fi
+fi
+
+echo "Building DMG installer..."
+hdiutil create -volname AmneziaVPN -srcfolder $BUILD_DIR/installer/$APP_NAME.app -ov -format UDZO $DMG_FILENAME
+
+if [ "${MAC_CERT_PW+x}" ]; then
+  echo "Signing DMG installer..."
+  security unlock-keychain -p $TEMP_PASS $KEYCHAIN
+  /usr/bin/codesign --deep --force --verbose --timestamp -o runtime --sign "$MAC_SIGNER_ID" $DMG_FILENAME
+  /usr/bin/codesign --verify -vvvv $DMG_FILENAME || true
+
+  if [ "${NOTARIZE_APP+x}" ]; then
+    echo "Notarizing DMG installer..."
+    xcrun notarytool submit $DMG_FILENAME --apple-id $APPLE_DEV_EMAIL --team-id $MAC_TEAM_ID --password $APPLE_DEV_PASSWORD
+    sleep 300
+    xcrun stapler staple $DMG_FILENAME
+    xcrun stapler validate $DMG_FILENAME
+  fi
+fi
+
+echo "Finished to generate online instaler and repository, artifact is $DMG_FILENAME"
+
+# restore keychain
+security default-keychain -s login.keychain
--- a/deploy/installer/config/macos.xml.in
+++ b/deploy/installer/config/macos.xml.in
@@ -13,14 +13,14 @@
    <AllowSpaceInPath>true</AllowSpaceInPath>
    <AllowNonAsciiCharacters>false</AllowNonAsciiCharacters>
    <ControlScript>controlscript.js</ControlScript>
-    <RepositorySettingsPageVisible>false</RepositorySettingsPageVisible>
+    <RepositorySettingsPageVisible>true</RepositorySettingsPageVisible>
    <DependsOnLocalInstallerBinary>true</DependsOnLocalInstallerBinary>
    <SupportsModify>false</SupportsModify>
    <DisableAuthorizationFallback>true</DisableAuthorizationFallback>
    <RemoteRepositories>
        <Repository>
-            <Url>https://amneziavpn.org/updates/macos</Url>
-            <Enabled>true</Enabled>
+            <Url>https://updates.amnezia.org/amneziavpn-macos-repository</Url>
+            <Enabled>1</Enabled>
            <DisplayName>AmneziaVPN - repository for macOS</DisplayName>
        </Repository>
    </RemoteRepositories>
Author	SHA1	Message	Date
tiaga	506df2eb89	Upload builds to CloudFlare R2 Upload unpacked builds for MacOS to CloudFlare R2 when changes are pushed to the `dev` branch. In addition, improve `.gitignore` for VSCode.	2023-10-31 00:39:39 +07:00
ronoaer	fbdae95802	created macos-online-installer and repository for v4	2023-10-26 21:43:45 +08:00