Fix for issue #372 #2

Workflow file for this run

.github/workflows/binaries.yml at b0da898

	name: Binaries

	on:
	push:
	branches:
	- main
	- main-release
	paths-ignore:
	- 'docs/**'
	- 'src/test/**'
	- 'README.md'
	tags:
	- '*'
	pull_request:
	types:
	- opened
	- synchronize
	- reopened
	- labeled
	merge_group:
	workflow_dispatch:
	inputs:
	notarization:
	type: boolean
	required: false
	default: false

	permissions:
	actions: write
	contents: read
	pull-requests: write

	env:
	SpringerNatureAPIKey: ${{ secrets.SpringerNatureAPIKey }}
	AstrophysicsDataSystemAPIKey: ${{ secrets.AstrophysicsDataSystemAPIKey }}
	IEEEAPIKey: ${{ secrets.IEEEAPIKey }}
	BiodiversityHeritageApiKey: ${{ secrets.BiodiversityHeritageApiKey}}
	OSXCERT: ${{ secrets.OSX_SIGNING_CERT }}
	GRADLE_OPTS: -Xmx4g -Dorg.gradle.vfs.watch=false
	JAVA_OPTS: -Xmx4g

	concurrency:
	group: "${{ github.workflow }}-${{ github.head_ref \|\| github.ref }}-${{ github.event_name }}"
	cancel-in-progress: true

	jobs:
	conditions:
	runs-on: ubuntu-latest
	outputs:
	upload-to-builds-jabref-org: ${{ steps.binary.outputs.upload-to-builds-jabref-org }}
	secretspresent: ${{ steps.binary.outputs.secretspresent }}
	tagbuild: ${{ steps.binary.outputs.tagbuild }}
	# requried to avoid obsolete builds in case of labels != "dev: binaries"
	should-build: ${{ steps.binary.outputs.should-build }}
	should-notarize: ${{ steps.binary.outputs.should-notarize }}

	steps:
	- name: Determine conditions
	id: binary
	shell: bash
	env:
	BUILDJABREFPRIVATEKEY: ${{ secrets.buildJabRefPrivateKey }}
	GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
	EVENT_NAME: ${{ github.event_name }}
	LABEL_NAME: ${{ github.event.label.name }}
	REPO_OWNER: ${{ github.repository_owner }}
	run: \|
	if [[ "$GITHUB_WORKFLOW" == "early access" && "$REPO_OWNER" != "JabRef" ]]; then
	echo "🚫 Early access workflow for JabRef disabled for non-JabRef owner"
	echo "should-build=false" >> "$GITHUB_OUTPUT"
	exit 0
	fi

	if [[ "$EVENT_NAME" != "labeled" \|\| "$LABEL_NAME" == "automerge" \|\| "$LABEL_NAME" == "dev: binaries" ]]; then
	echo "📦 build enabled"
	echo "should-build=true" >> "$GITHUB_OUTPUT"
	else
	echo "🚫 build should be skipped"
	echo "should-build=false" >> "$GITHUB_OUTPUT"
	exit 0
	fi

	if [ -z "$BUILDJABREFPRIVATEKEY" ]; then
	echo "upload-to-builds-jabref-org=false" >> "$GITHUB_OUTPUT"
	echo "secretspresent=false" >> "$GITHUB_OUTPUT"
	echo "🚫 Secret BUILDJABREFPRIVATEKEY not present – skipping upload"
	exit 0
	fi
	echo "secretspresent=true" >> "$GITHUB_OUTPUT"

	if [[ "$GITHUB_REF" == refs/heads/gh-readonly-queue* ]]; then
	echo "upload-to-builds-jabref-org=false" >> "$GITHUB_OUTPUT"
	echo "🚫 merge queue – skipping upload"
	exit 0
	fi

	if [[ "${GITHUB_REF}" == refs/tags/* ]]; then
	echo "tagbuild=true" >> "$GITHUB_OUTPUT"
	else
	echo "tagbuild=false" >> "$GITHUB_OUTPUT"
	fi

	if [[ "${GITHUB_REF}" == refs/tags/* ]] \|\| [[ "${{ inputs.notarization }}" == "true" ]]; then
	# This workflow runs on ubuntu-latest even for notarization for macOS; need to check later if really on macOS
	echo "🧾 macOS notarization"
	echo "should-notarize=true" >> "$GITHUB_OUTPUT"
	echo "☁️ will upload"
	echo "upload-to-builds-jabref-org=true" >> "$GITHUB_OUTPUT"
	exit 0;
	else
	echo "🚫 no macOS notarization"
	echo "should-notarize=false" >> "$GITHUB_OUTPUT"
	fi

	if [ "${{ github.event_name }}" != "pull_request" ]; then
	echo "upload-to-builds-jabref-org=true" >> "$GITHUB_OUTPUT"
	echo "☁️ Non-PR event – will upload"
	exit 0
	fi

	LABELS=$(gh api repos/${{ github.repository }}/issues/${{ github.event.pull_request.number }}/labels --jq '.[].name')

	if echo "$LABELS" \| grep -q "^dev: binaries$"; then
	echo "upload-to-builds-jabref-org=true" >> "$GITHUB_OUTPUT"
	echo "☁️ Label 'dev: binaries' found – will upload"
	else
	echo "upload-to-builds-jabref-org=false" >> "$GITHUB_OUTPUT"
	echo "🚫 Label 'dev: binaries' not found – skipping upload"
	fi

	build:
	needs: [conditions]
	if: ${{ needs.conditions.outputs.should-build == 'true' }}
	strategy:
	fail-fast: false
	matrix:
	include:
	# if you change the os version rename all other occurrences
	- os: ubuntu-22.04
	displayName: linux
	archivePortable: tar -c -C jabgui/build/distribution JabRef \| pigz --rsyncable > jabgui/build/distribution/JabRef-portable_linux.tar.gz && rm -R jabgui/build/distribution/JabRef
	archivePortableJabKit: tar -c -C jabkit/build/distribution jabkit \| pigz --rsyncable > jabkit/build/distribution/jabkit-portable_linux.tar.gz && rm -R jabkit/build/distribution/jabkit
	suffix: ''
	- os: windows-latest
	displayName: windows
	archivePortable: 7z a -r jabgui/build/distribution/JabRef-portable_windows.zip ./jabgui/build/distribution/JabRef && rm -R jabgui/build/distribution/JabRef
	archivePortableJabKit: 7z a -r jabkit/build/distribution/jabkit-portable_windows.zip ./jabkit/build/distribution/jabkit && rm -R jabkit/build/distribution/jabkit
	suffix: ''
	- os: macos-13 # intel image
	displayName: macOS
	suffix: ''
	- os: macos-14
	displayName: macOS (ARM64)
	suffix: '_arm64'
	runs-on: ${{ matrix.os }}
	outputs:
	major: ${{ steps.gitversion.outputs.Major }}
	minor: ${{ steps.gitversion.outputs.Minor }}
	branchname: ${{ steps.gitversion.outputs.branchName }}
	name: ${{ matrix.displayName }} installer and portable version
	steps:
	- name: Fetch all history for all tags and branches
	uses: actions/checkout@v4
	with:
	fetch-depth: 0
	submodules: 'true'
	show-progress: 'false'
	- name: Install pigz and cache (linux)
	if: (startsWith(matrix.os, 'ubuntu'))
	uses: awalsh128/cache-apt-pkgs-action@latest
	with:
	packages: pigz
	version: 1.0
	- name: Install GitVersion
	uses: gittools/actions/gitversion/[email protected]
	with:
	versionSpec: "5.x"
	- name: Run GitVersion
	id: gitversion
	uses: gittools/actions/gitversion/[email protected]
	- name: Setup JDK
	uses: actions/setup-java@v4
	with:
	java-version: '24'
	distribution: 'liberica'
	- name: Setup Gradle
	uses: gradle/actions/setup-gradle@v4

	# region Publish JabLib on Maven Central
	- name: Decode secretKeyRingFile
	if: (needs.conditions.outputs.upload-to-builds-jabref-org == 'true') && (startsWith(matrix.os, 'ubuntu'))
	id: secring
	uses: timheuer/base64-to-file@v1
	with:
	fileName: 'secring.gpg'
	encodedString: ${{ secrets.KOPPOR_SIGNING_SECRETKEYRINGFILE_BASE64 }}
	- name: store secrets
	if: (needs.conditions.outputs.upload-to-builds-jabref-org == 'true') && (startsWith(matrix.os, 'ubuntu'))
	run: \|
	cat >> gradle.properties <<EOF
	signing.keyId=${{ secrets.KOPPOR_SIGNING_KEYID }}
	signing.password=${{ secrets.KOPPOR_SIGNING_PASSWORD }}
	signing.secretKeyRingFile=${{ steps.secring.outputs.filePath }}
	mavenCentralUsername=${{ secrets.KOPPOR_MAVENCENTRALUSERNAME }}
	mavenCentralPassword=${{ secrets.KOPPOR_MAVENCENTRALPASSWORD }}
	EOF
	grep secretKeyRingFile gradle.properties
	file ${{ steps.secring.outputs.filePath }}
	md5sum ${{ steps.secring.outputs.filePath }}
	- name: publishAllPublicationsToMavenCentralRepository
	run: ./gradlew -PprojVersion="${{ steps.gitversion.outputs.AssemblySemVer }}" -PprojVersionInfo="${{ steps.gitversion.outputs.InformationalVersion }}" -Ptagbuild="${{ needs.conditions.outputs.tagbuild }}" :jablib:publishAllPublicationsToMavenCentralRepository
	if: (needs.conditions.outputs.upload-to-builds-jabref-org == 'true') && (startsWith(matrix.os, 'ubuntu'))
	# endregion

	- name: Prepare merged jars and modules dir
	# prepareModulesDir is executing a build, which should run through even if no upload to builds.jabref.org is made
	if: (startsWith(matrix.os, 'macos')) \|\| (needs.conditions.outputs.upload-to-builds-jabref-org == 'false')
	run: ./gradlew -i -PprojVersion="${{ steps.gitversion.outputs.AssemblySemVer }}" -PprojVersionInfo="${{ steps.gitversion.outputs.InformationalVersion }}" :jabgui:prepareModulesDir
	- name: Setup macOS key chain
	if: (startsWith(matrix.os, 'macos')) && (needs.conditions.outputs.secretspresent == 'true')
	uses: slidoapp/import-codesign-certs@1923310662e8682dd05b76b612b53301f431cd5d
	with:
	p12-file-base64: ${{ secrets.OSX_SIGNING_CERT }}
	p12-password: ${{ secrets.OSX_CERT_PWD }}
	keychain-password: jabref
	- name: Setup macOS key chain for app id cert
	if: (startsWith(matrix.os, 'macos')) && (needs.conditions.outputs.secretspresent == 'true')
	uses: slidoapp/import-codesign-certs@1923310662e8682dd05b76b612b53301f431cd5d
	with:
	p12-file-base64: ${{ secrets.OSX_SIGNING_CERT_APPLICATION }}
	p12-password: ${{ secrets.OSX_CERT_PWD }}
	create-keychain: false
	keychain-password: jabref
	- name: Build dmg (macOS)
	if: (startsWith(matrix.os, 'macos')) && (needs.conditions.outputs.secretspresent == 'true')
	shell: bash
	run: \|
	set -e
	cd jabgui

	jpackage \
	--module org.jabref/org.jabref.Launcher \
	--module-path $JAVA_HOME/jmods/:build/jlinkbase/jlinkjars \
	--add-modules org.jabref,org.jabref.merged.module \
	--add-modules jdk.incubator.vector \
	--dest build/distribution \
	--app-content buildres/mac/Resources \
	--name JabRef \
	--app-version ${{ steps.gitversion.outputs.Major }}.${{ steps.gitversion.outputs.Minor }} \
	--verbose \
	--mac-sign \
	--vendor "JabRef e.V." \
	--mac-package-identifier JabRef \
	--mac-package-name JabRef \
	--type dmg --mac-signing-key-user-name "JabRef e.V. (6792V39SK3)" \
	--mac-package-signing-prefix org.jabref \
	--mac-entitlements buildres/mac/jabref.entitlements \
	--icon src/main/resources/icons/jabref.icns \
	--resource-dir buildres/mac \
	--file-associations buildres/mac/bibtexAssociations.properties \
	--jlink-options --bind-services \
	--java-options -XX:+UnlockExperimentalVMOptions \
	--java-options -XX:+UseCompactObjectHeaders \
	--java-options -XX:+UseZGC --java-options -XX:+ZUncommit \
	--java-options -XX:+UseStringDeduplication \
	--java-options --add-exports=javafx.base/com.sun.javafx.event=org.jabref.merged.module \
	--java-options --add-exports=javafx.controls/com.sun.javafx.scene.control=org.jabref.merged.module \
	--java-options --add-opens=javafx.graphics/javafx.scene=org.jabref.merged.module \
	--java-options --add-opens=javafx.controls/javafx.scene.control=org.jabref.merged.module \
	--java-options --add-opens=javafx.controls/javafx.scene.control.skin=org.jabref.merged.module \
	--java-options --add-opens=javafx.controls/com.sun.javafx.scene.control=org.jabref.merged.module \
	--java-options --add-opens=javafx.controls/javafx.scene.control=org.jabref \
	--java-options --add-exports=javafx.base/com.sun.javafx.event=org.jabref \
	--java-options --add-exports=javafx.controls/com.sun.javafx.scene.control=org.jabref \
	--java-options --add-opens=javafx.graphics/javafx.scene=org.jabref \
	--java-options --add-opens=javafx.controls/javafx.scene.control=org.jabref \
	--java-options --add-opens=javafx.controls/com.sun.javafx.scene.control=org.jabref \
	--java-options --add-opens=javafx.base/javafx.collections=org.jabref \
	--java-options --add-opens=javafx.base/javafx.collections.transformation=org.jabref \
	--java-options --add-modules=jdk.incubator.vector \
	--java-options --enable-native-access=org.jabref.merged.module,ai.djl.tokenizers,ai.djl.pytorch_engine,com.sun.jna,javafx.graphics,javafx.media,javafx.web,jkeychain,org.apache.lucene.core
	- name: Build pkg (macOS)
	if: (startsWith(matrix.os, 'macos')) && (needs.conditions.outputs.secretspresent == 'true')
	shell: bash
	run: \|
	set -e
	cd jabgui

	jpackage \
	--module org.jabref/org.jabref.Launcher \
	--module-path $JAVA_HOME/jmods/:build/jlinkbase/jlinkjars \
	--add-modules org.jabref,org.jabref.merged.module \
	--add-modules jdk.incubator.vector \
	--dest build/distribution \
	--app-content buildres/mac/Resources \
	--name JabRef \
	--app-version ${{ steps.gitversion.outputs.Major }}.${{ steps.gitversion.outputs.Minor }} \
	--verbose \
	--mac-sign \
	--vendor "JabRef e.V." \
	--mac-package-identifier JabRef \
	--mac-package-name JabRef \
	--type pkg --mac-signing-key-user-name "JabRef e.V. (6792V39SK3)" \
	--mac-package-signing-prefix org.jabref \
	--mac-entitlements buildres/mac/jabref.entitlements \
	--icon src/main/resources/icons/jabref.icns \
	--resource-dir buildres/mac \
	--file-associations buildres/mac/bibtexAssociations.properties \
	--jlink-options --bind-services \
	--java-options --add-exports=javafx.base/com.sun.javafx.event=org.jabref.merged.module \
	--java-options --add-exports=javafx.controls/com.sun.javafx.scene.control=org.jabref.merged.module \
	--java-options --add-opens=javafx.graphics/javafx.scene=org.jabref.merged.module \
	--java-options --add-opens=javafx.controls/javafx.scene.control=org.jabref.merged.module \
	--java-options --add-opens=javafx.controls/com.sun.javafx.scene.control=org.jabref.merged.module \
	--java-options --add-opens=javafx.controls/javafx.scene.control=org.jabref \
	--java-options --add-exports=javafx.base/com.sun.javafx.event=org.jabref \
	--java-options --add-exports=javafx.controls/com.sun.javafx.scene.control=org.jabref \
	--java-options --add-opens=javafx.graphics/javafx.scene=org.jabref \
	--java-options --add-opens=javafx.controls/javafx.scene.control=org.jabref \
	--java-options --add-opens=javafx.controls/com.sun.javafx.scene.control=org.jabref \
	--java-options --add-opens=javafx.base/javafx.collections=org.jabref \
	--java-options --add-opens=javafx.base/javafx.collections.transformation=org.jabref \
	--java-options --add-modules=jdk.incubator.vector \
	--java-options --enable-native-access=org.jabref.merged.module,ai.djl.tokenizers,ai.djl.pytorch_engine,com.sun.jna,javafx.graphics,javafx.media,javafx.web,jkeychain,org.apache.lucene.core
	- name: Rename files for mac
	if: (startsWith(matrix.os, 'macos')) && (needs.conditions.outputs.secretspresent == 'true')
	shell: bash
	run: \|
	cd jabgui
	mv build/distribution/JabRef-${{ steps.gitversion.outputs.Major }}.${{ steps.gitversion.outputs.Minor }}.dmg build/distribution/JabRef-${{ steps.gitversion.outputs.Major }}.${{ steps.gitversion.outputs.Minor }}${{ matrix.suffix }}.dmg
	mv build/distribution/JabRef-${{ steps.gitversion.outputs.Major }}.${{ steps.gitversion.outputs.Minor }}.pkg build/distribution/JabRef-${{ steps.gitversion.outputs.Major }}.${{ steps.gitversion.outputs.Minor }}${{ matrix.suffix }}.pkg
	- name: Build runtime image and installer (linux, Windows)
	if: ${{ !startsWith(matrix.os, 'macos') }}
	shell: bash
	run: ./gradlew -i -PprojVersion="${{ steps.gitversion.outputs.AssemblySemVer }}" -PprojVersionInfo="${{ steps.gitversion.outputs.InformationalVersion }}" :jabgui:jpackage
	- name: Package JabGui application image (linux, Windows)
	if: ${{ !startsWith(matrix.os, 'macos') }}
	shell: bash
	run: \|
	set -e
	${{ matrix.archivePortable }}
	- name: Rename files
	if: ${{ !startsWith(matrix.os, 'macos') }}
	shell: pwsh
	run: \|
	get-childitem -Path jabgui/build/distribution/* \| rename-item -NewName {$_.name -replace "${{ steps.gitversion.outputs.AssemblySemVer }}","${{ steps.gitversion.outputs.Major }}.${{ steps.gitversion.outputs.Minor }}${{ matrix.suffix }}"}
	get-childitem -Path jabgui/build/distribution/* \| rename-item -NewName {$_.name -replace "portable","${{ steps.gitversion.outputs.Major }}.${{ steps.gitversion.outputs.Minor }}${{ matrix.suffix }}-portable"}
	- name: Repack deb file for Debian
	if: (startsWith(matrix.os, 'ubuntu'))
	shell: bash
	run: \|
	cd jabgui/build/distribution
	ar x jabref_${{ steps.gitversion.outputs.Major }}.${{ steps.gitversion.outputs.Minor }}${{ matrix.suffix }}_amd64.deb
	zstd -d < control.tar.zst \| xz > control.tar.xz
	zstd -d < data.tar.zst \| xz > data.tar.xz
	ar -m -c -a sdsd jabref_${{ steps.gitversion.outputs.Major }}.${{ steps.gitversion.outputs.Minor }}${{ matrix.suffix }}_amd64_repackaged.deb debian-binary control.tar.xz data.tar.xz
	rm debian-binary control.tar.* data.tar.*
	mv -f jabref_${{ steps.gitversion.outputs.Major }}.${{ steps.gitversion.outputs.Minor }}${{ matrix.suffix }}_amd64_repackaged.deb jabref_${{ steps.gitversion.outputs.Major }}.${{ steps.gitversion.outputs.Minor }}${{ matrix.suffix }}_amd64.deb

	- name: Build JabKit
	shell: bash
	run: ./gradlew -i -PprojVersion="${{ steps.gitversion.outputs.AssemblySemVer }}" -PprojVersionInfo="${{ steps.gitversion.outputs.InformationalVersion }}" :jabkit:jpackage
	- name: Remove JabKit app build (macOS)
	if: ${{ startsWith(matrix.os, 'macos') }}
	run: rm -rf jabkit/build/distribution/jabkit.app
	- name: Package JabKit application image (linux, Windows)
	if: ${{ !startsWith(matrix.os, 'macos') && (needs.conditions.outputs.secretspresent == 'true') }}
	shell: bash
	run: \|
	set -e
	${{ matrix.archivePortableJabKit }}

	# region Upload to builds.jabref.org / GitHub artifacts store
	- name: Setup SSH key
	if: (needs.conditions.outputs.upload-to-builds-jabref-org == 'true')
	run: \|
	echo "${{ secrets.buildJabRefPrivateKey }}" > sshkey
	chmod 600 sshkey
	- name: Check disk space on builds.jabref.org
	if: (needs.conditions.outputs.upload-to-builds-jabref-org == 'true')
	id: diskspace
	shell: bash
	run: \|
	USAGE=$(ssh -p 9922 -i sshkey -o StrictHostKeyChecking=no [email protected] \
	"df --output=pcent /var/www/builds.jabref.org \| tail -n1 \| tr -dc '0-9'")
	echo "Remote usage: $USAGE%"
	if [ "$USAGE" -lt 90 ]; then
	echo "available=true" >> "$GITHUB_OUTPUT"
	else
	echo "available=false" >> "$GITHUB_OUTPUT"
	fi
	- name: Setup rsync (macOS)
	if: ${{ (steps.diskspace.outputs.available == 'true') && (startsWith(matrix.os, 'macos') && (needs.conditions.outputs.upload-to-builds-jabref-org == 'true')) }}
	run: brew install rsync
	- name: Setup rsync (Windows)
	if: ${{ (steps.diskspace.outputs.available == 'true') && (matrix.os == 'windows-latest') }}
	# We want to have rsync available at this place to avoid uploading and downloading from GitHub artifact store (taking > 5 minutes in total)
	# We cannot use "action-rsyncer", because that requires Docker which is unavailable on Windows
	# We cannot use "setup-rsync", because that does not work on Windows
	# We do not use egor-tensin/setup-cygwin@v4, because it replaces the default shell
	run: choco install --no-progress rsync
	- name: Upload jabgui to builds.jabref.org (Windows)
	if: ${{ (steps.diskspace.outputs.available == 'true') && (matrix.os == 'windows-latest') }}
	shell: cmd
	# for rsync installed by chocolatey, we need the ssh.exe delivered with that installation
	run: \|
	rsync -rt --chmod=Du=rwx,Dg=rx,Do=rx,Fu=rw,Fg=r,Fo=r --itemize-changes --stats --rsync-path="mkdir -p /var/www/builds.jabref.org/www/${{ steps.gitversion.outputs.branchName }} && rsync" -e 'C:\ProgramData\chocolatey\lib\rsync\tools\bin\ssh.exe -p 9922 -i sshkey -o StrictHostKeyChecking=no' jabgui/build/distribution/ [email protected]:/var/www/builds.jabref.org/www/${{ steps.gitversion.outputs.branchName }}/ \|\| true
	- name: Upload jabkkit to builds.jabref.org (Windows)
	if: ${{ (steps.diskspace.outputs.available == 'true') && (matrix.os == 'windows-latest') }}
	shell: cmd
	# for rsync installed by chocolatey, we need the ssh.exe delivered with that installation
	run: \|
	rsync -rt --chmod=Du=rwx,Dg=rx,Do=rx,Fu=rw,Fg=r,Fo=r --itemize-changes --stats --rsync-path="mkdir -p /var/www/builds.jabref.org/www/${{ steps.gitversion.outputs.branchName }} && rsync" -e 'C:\ProgramData\chocolatey\lib\rsync\tools\bin\ssh.exe -p 9922 -i sshkey -o StrictHostKeyChecking=no' jabkit/build/distribution/ [email protected]:/var/www/builds.jabref.org/www/${{ steps.gitversion.outputs.branchName }}/ \|\| true
	- name: Upload jabgui to builds.jabref.org (linux, macOS)
	if: ${{ (steps.diskspace.outputs.available == 'true') && (startsWith(matrix.os, 'macos') \|\| startsWith(matrix.os, 'ubuntu')) }}
	shell: bash
	run: \|
	rsync -rt --chmod=Du=rwx,Dg=rx,Do=rx,Fu=rw,Fg=r,Fo=r --itemize-changes --stats --rsync-path="mkdir -p /var/www/builds.jabref.org/www/${{ steps.gitversion.outputs.branchName }} && rsync" -e 'ssh -p 9922 -i sshkey -o StrictHostKeyChecking=no' jabgui/build/distribution/ [email protected]:/var/www/builds.jabref.org/www/${{ steps.gitversion.outputs.branchName }}/ \|\| true
	- name: Upload jabkit to builds.jabref.org (linux, macOS)
	if: ${{ (steps.diskspace.outputs.available == 'true') && (startsWith(matrix.os, 'macos') \|\| startsWith(matrix.os, 'ubuntu')) }}
	shell: bash
	run: \|
	rsync -rt --chmod=Du=rwx,Dg=rx,Do=rx,Fu=rw,Fg=r,Fo=r --itemize-changes --stats --rsync-path="mkdir -p /var/www/builds.jabref.org/www/${{ steps.gitversion.outputs.branchName }} && rsync" -e 'ssh -p 9922 -i sshkey -o StrictHostKeyChecking=no' jabkit/build/distribution/ [email protected]:/var/www/builds.jabref.org/www/${{ steps.gitversion.outputs.branchName }}/ \|\| true
	- name: Upload to GitHub workflow artifacts store (macOS)
	if: ${{ (startsWith(matrix.os, 'macos')) && (needs.conditions.outputs.should-notarize == 'true') }}
	uses: actions/upload-artifact@v4
	with:
	# tbn = to-be-notarized
	name: JabRef-${{ matrix.os }}-tbn
	path: \|
	jabgui/build/distribution
	jabkit/build/distribution
	compression-level: 0 # no compression
	- name: Upload to GitHub workflow artifacts store
	if: ${{ (needs.conditions.outputs.upload-to-builds-jabref-org == 'false') }}
	uses: actions/upload-artifact@v4
	with:
	name: JabRef-${{ matrix.os }}
	path: \|
	jabgui/build/distribution
	jabkit/build/distribution
	compression-level: 0 # no compression
	# endregion

	comment-on-pr:
	name: Comment on PR
	# separate job, because it should wait until all binaries are available
	needs: [conditions, build]
	if: ${{ (github.event_name == 'pull_request') && (needs.conditions.outputs.upload-to-builds-jabref-org == 'true') }}
	runs-on: ubuntu-latest
	steps:
	- name: Comment PR
	uses: thollander/actions-comment-pull-request@v3
	with:
	message: \|
	The build of this PR is available at <https://builds.jabref.org/pull/${{ github.event.pull_request.number }}/merge>.
	comment-tag: download-link
	mode: recreate

	notarize:
	# Outsourced in a separate job to be able to rerun if this fails for timeouts
	name: macOS notarization
	needs: [conditions, build]
	if: ${{ needs.conditions.outputs.should-notarize == 'true' }}
	strategy:
	# Ensure that calls to Apple are sequentially made
	max-parallel: 1
	matrix:
	include:
	- os: macos-14
	displayName: macOS (ARM64)
	suffix: '_arm64'
	- os: macos-13 # intel image
	displayName: macOS
	suffix: ''
	runs-on: ${{ matrix.os }}
	steps:
	- name: Download from GitHub workflow artifacts store (macOS)
	uses: actions/download-artifact@v4
	with:
	name: JabRef-${{ matrix.os }}-tbn
	- name: Notarize dmg
	shell: bash
	run: \|
	cd jabgui
	find . -type f
	xcrun notarytool store-credentials "notarytool-profile" --apple-id "[email protected]" --team-id "6792V39SK3" --password "${{ secrets.OSX_NOTARIZATION_APP_PWD }}"
	xcrun notarytool submit build/distribution/JabRef-${{ needs.build.outputs.major }}.${{ needs.build.outputs.minor }}${{ matrix.suffix}}.dmg --keychain-profile "notarytool-profile" --wait
	xcrun stapler staple build/distribution/JabRef-${{ needs.build.outputs.major }}.${{ needs.build.outputs.minor }}${{ matrix.suffix}}.dmg
	- name: Notarize pkg
	shell: bash
	run: \|
	cd jabgui
	xcrun notarytool store-credentials "notarytool-profile" --apple-id "[email protected]" --team-id "6792V39SK3" --password "${{ secrets.OSX_NOTARIZATION_APP_PWD }}"
	xcrun notarytool submit build/distribution/JabRef-${{ needs.build.outputs.major }}.${{ needs.build.outputs.minor }}${{ matrix.suffix}}.pkg --keychain-profile "notarytool-profile" --wait
	xcrun stapler staple build/distribution/JabRef-${{ needs.build.outputs.major }}.${{ needs.build.outputs.minor }}${{ matrix.suffix}}.pkg
	- name: Upload to builds.jabref.org
	shell: bash
	run: \|
	echo "${{ secrets.buildJabRefPrivateKey }}" > sshkey
	chmod 600 sshkey
	rsync -rt --chmod=Du=rwx,Dg=rx,Do=rx,Fu=rw,Fg=r,Fo=r --itemize-changes --stats --rsync-path="mkdir -p /var/www/builds.jabref.org/www/${{ needs.build.outputs.branchname }} && rsync" -e 'ssh -p 9922 -i sshkey -o StrictHostKeyChecking=no' jabgui/build/distribution/ [email protected]:/var/www/builds.jabref.org/www/${{ needs.build.outputs.branchname }}/

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Fix for issue #372 #2

Workflow file

Fix for issue #372 #2

Uh oh!

Jobs

Run details

Workflow file for this run