[build] Pin `pyinstaller` version for MacOS

[yt-dlp.git] / .github / workflows / build.yml

diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
index 2183903ea4be95c1600f57617676d46da79d7721..aa11c619411943094946f42d11c33a8b1523b2d8 100644 (file)
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -30,6 +30,9 @@ on:
       meta_files:
         default: true
         type: boolean
+    secrets:
+      GPG_SIGNING_KEY:
+        required: false
 
   workflow_dispatch:
     inputs:
@@ -97,8 +100,13 @@ jobs:
           python -m pip install -U pip setuptools wheel
           python -m pip install -U Pyinstaller -r requirements.txt
           reqs=$(mktemp)
-          echo -e 'python=3.10.*\npyinstaller' >$reqs
-          sed 's/^brotli.*/brotli-python/' <requirements.txt >>$reqs
+          cat > $reqs << EOF
+          python=3.10.*
+          pyinstaller
+          cffi
+          brotli-python
+          EOF
+          sed '/^brotli.*/d' requirements.txt >> $reqs
           mamba create -n build --file $reqs
 
       - name: Prepare
@@ -184,7 +192,7 @@ jobs:
       - name: Install Requirements
         run: |
           brew install coreutils
-          /usr/bin/python3 -m pip install -U --user pip Pyinstaller -r requirements.txt
+          /usr/bin/python3 -m pip install -U --user pip Pyinstaller==5.8 -r requirements.txt
 
       - name: Prepare
         run: |
@@ -330,6 +338,16 @@ jobs:
           lock 2022.08.18.36 .+ Python 3.6
           EOF
 
+      - name: Sign checksum files
+        env:
+          GPG_SIGNING_KEY: ${{ secrets.GPG_SIGNING_KEY }}
+        if: env.GPG_SIGNING_KEY != ''
+        run: |
+          gpg --batch --import <<< "${{ secrets.GPG_SIGNING_KEY }}"
+          for signfile in ./SHA*SUMS; do
+            gpg --batch --detach-sign "$signfile"
+          done
+
       - name: Upload artifacts
         uses: actions/upload-artifact@v3
         with: