fix: 为 GitHub Actions 添加 contents:write 权限 #35
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Build and Release | |
| on: | |
| push: | |
| tags: | |
| - 'v*' | |
| permissions: | |
| contents: write | |
| jobs: | |
| build: | |
| runs-on: macos-latest | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Setup Xcode | |
| uses: maxim-lobanov/setup-xcode@v1 | |
| with: | |
| xcode-version: latest-stable | |
| - name: Build Universal App | |
| run: | | |
| # 创建目录结构 | |
| mkdir -p dist/MacVimSwitch.app/Contents/{MacOS,Resources} | |
| # 复制 Info.plist 和应用图标 | |
| cp Info.plist dist/MacVimSwitch.app/Contents/ | |
| if [ -f "AppIcon.icns" ]; then | |
| cp AppIcon.icns dist/MacVimSwitch.app/Contents/Resources/ | |
| echo "已复制应用图标到资源文件夹" | |
| else | |
| echo "警告:未找到 AppIcon.icns 文件,将使用默认图标" | |
| fi | |
| # 构建 ARM64 版本 | |
| echo "构建 ARM64 版本..." | |
| swiftc -o dist/MacVimSwitch.app/Contents/MacOS/macvimswitch-arm64 \ | |
| inputsource.swift \ | |
| main.swift \ | |
| AppDelegate.swift \ | |
| StatusBarManager.swift \ | |
| InputMethodManager.swift \ | |
| UserPreferences.swift \ | |
| LaunchManager.swift \ | |
| -framework Cocoa \ | |
| -framework Carbon \ | |
| -target arm64-apple-macos11 \ | |
| -sdk $(xcrun --show-sdk-path) \ | |
| -O \ | |
| -whole-module-optimization \ | |
| -Xlinker -rpath \ | |
| -Xlinker @executable_path/../Frameworks | |
| # 构建 x86_64 版本 | |
| echo "构建 x86_64 版本..." | |
| swiftc -o dist/MacVimSwitch.app/Contents/MacOS/macvimswitch-x86_64 \ | |
| inputsource.swift \ | |
| main.swift \ | |
| AppDelegate.swift \ | |
| StatusBarManager.swift \ | |
| InputMethodManager.swift \ | |
| UserPreferences.swift \ | |
| LaunchManager.swift \ | |
| -framework Cocoa \ | |
| -framework Carbon \ | |
| -target x86_64-apple-macos11 \ | |
| -sdk $(xcrun --show-sdk-path) \ | |
| -O \ | |
| -whole-module-optimization \ | |
| -Xlinker -rpath \ | |
| -Xlinker @executable_path/../Frameworks | |
| # 合并为通用二进制 | |
| echo "合并为通用二进制..." | |
| lipo -create \ | |
| dist/MacVimSwitch.app/Contents/MacOS/macvimswitch-arm64 \ | |
| dist/MacVimSwitch.app/Contents/MacOS/macvimswitch-x86_64 \ | |
| -output dist/MacVimSwitch.app/Contents/MacOS/macvimswitch | |
| # 清理临时文件 | |
| rm dist/MacVimSwitch.app/Contents/MacOS/macvimswitch-arm64 | |
| rm dist/MacVimSwitch.app/Contents/MacOS/macvimswitch-x86_64 | |
| - name: Create Info.plist | |
| run: | | |
| cat > dist/MacVimSwitch.app/Contents/Info.plist << 'EOF' | |
| <?xml version="1.0" encoding="UTF-8"?> | |
| <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> | |
| <plist version="1.0"> | |
| <dict> | |
| <key>CFBundleExecutable</key> | |
| <string>macvimswitch</string> | |
| <key>CFBundleIconFile</key> | |
| <string>AppIcon</string> | |
| <key>CFBundleIdentifier</key> | |
| <string>com.jackiexiao.macvimswitch</string> | |
| <key>CFBundleName</key> | |
| <string>MacVimSwitch</string> | |
| <key>CFBundlePackageType</key> | |
| <string>APPL</string> | |
| <key>CFBundleShortVersionString</key> | |
| <string>${GITHUB_REF#refs/tags/v}</string> | |
| <key>CFBundleVersion</key> | |
| <string>${GITHUB_REF#refs/tags/v}</string> | |
| <key>LSMinimumSystemVersion</key> | |
| <string>11.0</string> | |
| <key>LSUIElement</key> | |
| <true/> | |
| <key>NSHighResolutionCapable</key> | |
| <true/> | |
| <key>LSApplicationCategoryType</key> | |
| <string>public.app-category.utilities</string> | |
| <key>NSPrincipalClass</key> | |
| <string>NSApplication</string> | |
| <key>NSAppleEventsUsageDescription</key> | |
| <string>MacVimSwitch needs to control system events to manage input sources.</string> | |
| <key>NSAppleScriptEnabled</key> | |
| <true/> | |
| <key>NSAccessibilityUsageDescription</key> | |
| <string>MacVimSwitch needs accessibility access to monitor keyboard events.</string> | |
| </dict> | |
| </plist> | |
| EOF | |
| - name: Create Entitlements | |
| run: | | |
| cat > entitlements.plist << 'EOF' | |
| <?xml version="1.0" encoding="UTF-8"?> | |
| <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> | |
| <plist version="1.0"> | |
| <dict> | |
| <key>com.apple.security.automation.apple-events</key> | |
| <true/> | |
| <key>com.apple.security.temporary-exception.apple-events</key> | |
| <array> | |
| <string>com.apple.systemevents</string> | |
| </array> | |
| <key>com.apple.security.cs.allow-jit</key> | |
| <true/> | |
| <key>com.apple.security.cs.allow-unsigned-executable-memory</key> | |
| <true/> | |
| <key>com.apple.security.cs.disable-library-validation</key> | |
| <true/> | |
| </dict> | |
| </plist> | |
| EOF | |
| - name: Sign Application | |
| run: | | |
| # 设置执行权限 | |
| chmod +x dist/MacVimSwitch.app/Contents/MacOS/macvimswitch | |
| # 使用更安全的签名方式 | |
| # 移除属性标签(避免 quarantine 问题) | |
| xattr -cr dist/MacVimSwitch.app | |
| # 使用 adhoc 签名(比完全自签名更安全) | |
| codesign --force --deep --sign - --entitlements entitlements.plist \ | |
| --options runtime --timestamp dist/MacVimSwitch.app | |
| # 验证签名 | |
| codesign --verify --verbose dist/MacVimSwitch.app | |
| # 显示签名信息 | |
| codesign -dv dist/MacVimSwitch.app | |
| - name: Create DMG | |
| run: | | |
| # 创建临时挂载点 | |
| mkdir -p /tmp/dmg | |
| # 创建应用程序文件夹符号链接 | |
| ln -s /Applications /tmp/dmg/Applications | |
| # 复制应用 | |
| cp -r dist/MacVimSwitch.app /tmp/dmg/ | |
| # 创建 DMG | |
| hdiutil create -volname "MacVimSwitch" -srcfolder /tmp/dmg -ov -format UDZO MacVimSwitch.dmg | |
| # 清理 | |
| rm -rf /tmp/dmg | |
| - name: Calculate SHA256 | |
| run: | | |
| echo "DMG_SHA256=$(shasum -a 256 MacVimSwitch.dmg | cut -d ' ' -f 1)" >> $GITHUB_ENV | |
| - name: Get Tag Message | |
| id: tag | |
| run: | | |
| tag_message=$(git tag -l --format='%(contents)' ${{ github.ref_name }}) | |
| echo "message<<EOF" >> $GITHUB_OUTPUT | |
| echo "$tag_message" >> $GITHUB_OUTPUT | |
| echo "EOF" >> $GITHUB_OUTPUT | |
| - name: Create Release | |
| uses: softprops/action-gh-release@v1 | |
| with: | |
| files: MacVimSwitch.dmg | |
| body: | | |
| ${{ steps.tag.outputs.message }} | |
| Universal Binary (支持 Intel 和 Apple Silicon Mac) | |
| ## 安装方法(重要): | |
| **由于 macOS 安全策略,初次安装可能需要以下步骤:** | |
| ### 方法1:标准安装(推荐) | |
| 1. 双击打开 DMG 文件 | |
| 2. 将 MacVimSwitch 拖入 Applications 文件夹 | |
| 3. **右键点击** MacVimSwitch.app → 选择 "打开" | |
| 4. 点击 "打开" 确认信任该应用 | |
| ### 方法2:命令行解除(高级用户) | |
| ```bash | |
| # 在终端中运行(请修改为实际路径) | |
| sudo xattr -rd com.apple.quarantine /Applications/MacVimSwitch.app | |
| ``` | |
| ### 系统设置步骤: | |
| 1. 在系统偏好设置中授予必要权限 | |
| 2. 如果从 v0.6.3 之前旧版本升级,需要先删除原来的应用权限,再重新授权 | |
| SHA256: ${{ env.DMG_SHA256 }} | |
| You can verify the SHA256 checksum of the DMG file using: | |
| ```bash | |
| shasum -a 256 MacVimSwitch.dmg | |
| ``` | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} |