name: Wails Release description: Build, sign, notarize and (optionally) upload a Wails macOS app branding: icon: package color: blue inputs: working-directory: { description: "Directory containing wails.json", required: false, default: "." } app-name: { description: "Override the app name (defaults to wails.json `name`)", required: false } version: { description: "Override the version (defaults to tag/SHA logic)", required: false } wails-version: { description: "Override the Wails CLI version (defaults to project go.mod)", required: false } extra-build-flags: { description: "Additional flags appended to `wails build`", required: false } developer-id-cert-base64: { description: "Base64-encoded Developer ID .p12", required: true } developer-id-cert-password: { description: ".p12 password", required: true } notarization-method: { description: "api-key | apple-id | auto", required: false, default: "auto" } notarization-api-key-base64: { description: "Base64-encoded App Store Connect .p8", required: false } notarization-api-key-id: { description: "App Store Connect API key ID", required: false } notarization-api-issuer-id: { description: "App Store Connect issuer ID", required: false } notarization-apple-id: { description: "Apple ID (e.g. user@example.com)", required: false } notarization-apple-password: { description: "App-specific password", required: false } notarization-team-id: { description: "Apple developer Team ID", required: false } s3-bucket: { description: "S3 bucket name. If empty, upload is skipped.", required: false } s3-key: { description: "Object key. Supports {version} and {filename} placeholders.", required: false } s3-endpoint-url: { description: "Custom endpoint for S3-compatible storage (MinIO, R2, etc.)", required: false } s3-region: { description: "AWS region", required: false, default: "us-east-1" } s3-acl: { description: "Canned ACL applied to the uploaded object (e.g. public-read). Empty = no ACL sent.", required: false } outputs: version: { description: "Resolved version string", value: "${{ steps.run.outputs.version }}" } app-name: { description: "Resolved app name", value: "${{ steps.run.outputs.app-name }}" } artifact-path: { description: "Local absolute path to the .app.zip", value: "${{ steps.run.outputs.artifact-path }}" } artifact-filename: { description: "Filename of the .app.zip", value: "${{ steps.run.outputs.artifact-filename }}" } s3-url: { description: "s3://… URL if uploaded, else empty", value: "${{ steps.run.outputs.s3-url }}" } runs: using: composite steps: - id: run shell: bash env: INPUT_WORKING_DIRECTORY: ${{ inputs.working-directory }} INPUT_APP_NAME: ${{ inputs.app-name }} INPUT_VERSION: ${{ inputs.version }} INPUT_WAILS_VERSION: ${{ inputs.wails-version }} INPUT_EXTRA_BUILD_FLAGS: ${{ inputs.extra-build-flags }} INPUT_DEVELOPER_ID_CERT_BASE64: ${{ inputs.developer-id-cert-base64 }} INPUT_DEVELOPER_ID_CERT_PASSWORD: ${{ inputs.developer-id-cert-password }} INPUT_NOTARIZATION_METHOD: ${{ inputs.notarization-method }} INPUT_NOTARIZATION_API_KEY_BASE64: ${{ inputs.notarization-api-key-base64 }} INPUT_NOTARIZATION_API_KEY_ID: ${{ inputs.notarization-api-key-id }} INPUT_NOTARIZATION_API_ISSUER_ID: ${{ inputs.notarization-api-issuer-id }} INPUT_NOTARIZATION_APPLE_ID: ${{ inputs.notarization-apple-id }} INPUT_NOTARIZATION_APPLE_PASSWORD: ${{ inputs.notarization-apple-password }} INPUT_NOTARIZATION_TEAM_ID: ${{ inputs.notarization-team-id }} INPUT_S3_BUCKET: ${{ inputs.s3-bucket }} INPUT_S3_KEY: ${{ inputs.s3-key }} INPUT_S3_ENDPOINT_URL: ${{ inputs.s3-endpoint-url }} INPUT_S3_REGION: ${{ inputs.s3-region }} INPUT_S3_ACL: ${{ inputs.s3-acl }} run: | set -euo pipefail go install "lmika.dev/${{ github.action_repository }}/cmd/wails-release@${{ github.action_ref }}" "$(go env GOPATH)/bin/wails-release"