[uni] update release.yml

.github/workflows/release.yml

@@ -2,6 +2,10 @@ name: Handle Release
 on:
   workflow_dispatch:
     inputs:
+      tag_version:
+        description: "Tag version for release (e.g., 1.2.3)"
+        required: true
+        type: string
       do_github_release:
         description: "Perform a GitHub release?"
         required: true
@@ -60,7 +64,6 @@ jobs:
           name: macos-binary
           path: out/aplang
 
-  # --- JOB: create-pkg ---
   create-pkg:
     name: Create MacOS `.pkg`
     runs-on: macos-latest
@@ -75,18 +78,18 @@ jobs:
         run: |
           echo "$APPLICATION_CERT_BASE64" | base64 --decode > application_cert.p12
           echo "$INSTALLER_CERT_BASE64" | base64 --decode > installer_cert.p12
-          
+
           # Create a temporary keychain with a temporary password
           security create-keychain -p "$TEMP_KEYCHAIN_PASSWORD" temp.keychain
           security unlock-keychain -p "$TEMP_KEYCHAIN_PASSWORD" temp.keychain
-          
+
           # Set temp.keychain as default keychain
           security default-keychain -s temp.keychain
-          
+
           # Import certificates into the temporary keychain
           security import application_cert.p12 -k temp.keychain -P "$CERT_PASSWORD" -T /usr/bin/codesign -T /usr/bin/productsign
           security import installer_cert.p12 -k temp.keychain -P "$CERT_PASSWORD" -T /usr/bin/codesign -T/usr/bin/productsign
-          
+
           # Set the key partition list with explicit unlocking
           security set-key-partition-list -S apple-tool:,apple: -s -k "$TEMP_KEYCHAIN_PASSWORD" temp.keychain
 
@@ -104,8 +107,11 @@ jobs:
         run: |
           mkdir -p package-root/
           chmod +x package-root/aplang
-          TAG_VERSION="${GITHUB_REF_NAME#v}"
-          TAG_VERSION="${TAG_VERSION:-0.0.0}"
+          if [ "$GITHUB_EVENT_NAME" = "workflow_dispatch" ]; then
+            TAG_VERSION="${{ github.event.inputs.tag_version }}"
+          else
+            TAG_VERSION="${GITHUB_REF_NAME#v}"
+          fi
           echo "TAG_VERSION=$TAG_VERSION" >> $GITHUB_ENV
 
       - name: Sign Application Binary
@@ -119,17 +125,16 @@ jobs:
       - name: Sign the package
         run: |
           productsign --keychain temp.keychain --sign "Developer ID Installer: Patrick Unick (423YZUTX3G)" aplang-unsigned.pkg aplang.pkg
-          
-          
-          # - name: Notarize the package
-          #   env:
-          #     APPLE_ID_EMAIL: ${{ secrets.APPLE_ID_EMAIL }}
-          #     APPLE_APP_SPECIFIC_PASSWORD: ${{ secrets.APPLE_APP_SPECIFIC_PASSWORD }}
-          #   run: |
-          #     # Submit notary
-          #     xcrun notarytool submit aplang.pkg --apple-id "$APPLE_ID_EMAIL" --team-id "423YZUTX3G" --password "$APPLE_APP_SPECIFIC_PASSWORD" --wait
-          #     # Staple the notary
-          #     xcrun stapler staple aplang.pkg
+
+      - name: Notarize the package
+        env:
+          APPLE_ID_EMAIL: ${{ secrets.APPLE_ID_EMAIL }}
+          APPLE_APP_SPECIFIC_PASSWORD: ${{ secrets.APPLE_APP_SPECIFIC_PASSWORD }}
+        run: |
+          # Submit notary
+          xcrun notarytool submit aplang.pkg --apple-id "$APPLE_ID_EMAIL" --team-id "423YZUTX3G" --password "$APPLE_APP_SPECIFIC_PASSWORD" --wait
+          # Staple the notary
+          xcrun stapler staple aplang.pkg
 
       - name: Upload `.pkg` Artifact
         uses: actions/upload-artifact@v4
@@ -140,6 +145,8 @@ jobs:
   build-msix:
     runs-on: windows-latest
     needs: build-windows
+    env:
+      INPUT_TAG_VERSION: ${{ github.event.inputs.tag_version }}
     steps:
       - name: Checkout code
         uses: actions/checkout@v4
@@ -157,13 +164,14 @@ jobs:
 
       - name: Update Package Version
         run: |
-          if ($Env:GITHUB_REF_TYPE -eq "tag") {
+          if ($Env:GITHUB_EVENT_NAME -eq "workflow_dispatch") {
+              $TAG_VERSION = $Env:INPUT_TAG_VERSION
+          } elseif ($Env:GITHUB_REF_TYPE -eq "tag") {
               $TAG_VERSION = $Env:GITHUB_REF_NAME -replace '^v', ''
           } else {
               Write-Output "Not a tag build. Defaulting version to 0.0.0"
               $TAG_VERSION = "0.0.0"
           }
-          
           # Add `.0` to the end of the version
           $TAG_VERSION = "$TAG_VERSION.0"
           
@@ -188,7 +196,6 @@ jobs:
   release:
     name: Create GitHub Release
     if: ${{ github.event_name == 'push' || (github.event_name == 'workflow_dispatch' && github.event.inputs.do_github_release == 'true') }}
-
     runs-on: ubuntu-latest
     needs: [ build-windows, build-macos, create-pkg ]
     steps:
@@ -223,12 +230,10 @@ jobs:
             artifacts/macos/aplang
             artifacts/macos/aplang.pkg
 
-
   cargo-publish:
     name: Publish to Crates.io
     runs-on: ubuntu-latest
     if: ${{ startsWith(github.ref, 'refs/tags/v') || (github.event_name == 'workflow_dispatch' && github.event.inputs.do_crates_release == 'true') }}
-
     steps:
       - name: Checkout Repository
         uses: actions/checkout@v4
@@ -241,9 +246,12 @@ jobs:
           field: package.version
 
       - name: Ensure Cargo.toml version matches tag
-        if: startsWith(github.ref, 'refs/tags/v')
         run: |
-          TAG_VERSION="${GITHUB_REF_NAME#v}"
+          if [ "$GITHUB_EVENT_NAME" = "workflow_dispatch" ]; then
+            TAG_VERSION="${{ github.event.inputs.tag_version }}"
+          else
+            TAG_VERSION="${GITHUB_REF_NAME#v}"
+          fi
           CARGO_VERSION="${{ steps.cargo_toml_version.outputs.value }}"
           if [ "$TAG_VERSION" != "$CARGO_VERSION" ]; then
             echo "Error: Tag version ($TAG_VERSION) does not match Cargo.toml version ($CARGO_VERSION)"
@@ -253,5 +261,4 @@ jobs:
       - name: Publish to crates.io
         env:
           CARGO_REGISTRY_TOKEN: ${{ secrets.CARGO_REGISTRY_TOKEN }}
-        # allow dirty is to make sure the Cargo.lock is always submited
         run: cargo publish --allow-dirty