Skip to content

Add codesign step

Add codesign step #322

Workflow file for this run

name: build
on: [push, pull_request]
env:
CACHE_VERSION_LINUX: 24
CACHE_VERSION_MACOS: 20
CACHE_VERSION_WIN64: 19
DEBIAN_FRONTEND: noninteractive
PAWPAW_FAST_MATH: 1
PAWPAW_SKIP_LTO: 1
PAWPAW_SKIP_TESTS: 1
RELEASE_OS_LINUX: ubuntu:18.04
RELEASE_OS_MAC: macos-11
RELEASE_OS_WIN64: ubuntu:22.04
jobs:
# NOTE cannot use actions @v4, incompatible with ubuntu:18.04
# see https://github.com/actions/checkout/issues/1590
linux-x86_64:
strategy:
matrix:
include:
- container: debian:11
#- container: debian:12
- container: ubuntu:18.04
- container: ubuntu:20.04
- container: ubuntu:22.04
#- container: ubuntu:23.10
runs-on: ubuntu-latest
container:
image: ${{ matrix.container }}
steps:
- name: Install git
run: |
apt-get update -qq && apt-get install -yqq --no-install-recommends ca-certificates git openssl
case "${{ matrix.container }}" in
"ubuntu:18.04")
apt-get install -yqq --no-install-recommends curl libpcre2-8-0
curl -sLO https://launchpad.net/~kxstudio-debian/+archive/ubuntu/toolchain/+files/git_2.34.1-1ubuntu1~bpo18.04.1~ppa1_amd64.deb
curl -sLO https://launchpad.net/~kxstudio-debian/+archive/ubuntu/toolchain/+files/git-man_2.34.1-1ubuntu1~bpo18.04.1~ppa1_all.deb
dpkg -i *.deb
rm *.deb
;;
"ubuntu:20.04")
apt-get install -yqq --no-install-recommends curl
curl -sLO https://launchpad.net/~kxstudio-debian/+archive/ubuntu/toolchain/+files/git_2.34.1-1ubuntu1~bpo20.04.1~ppa1_amd64.deb
curl -sLO https://launchpad.net/~kxstudio-debian/+archive/ubuntu/toolchain/+files/git-man_2.34.1-1ubuntu1~bpo20.04.1~ppa1_all.deb
dpkg -i *.deb
rm *.deb
;;
esac
- uses: actions/checkout@v3
with:
submodules: recursive
- name: Set up dependencies
run: |
./src/PawPaw/.github/workflows/bootstrap-deps.sh linux-x86_64
if [ "${{ matrix.container }}" = "ubuntu:18.04" ]; then
freetypepkgname="libfreetype6-dev"
else
freetypepkgname="libfreetype-dev"
fi
apt-get install -yqq ${freetypepkgname} p7zip-full unzip wget xdg-user-dirs zip
- name: Set up cache
id: cache
uses: actions/cache@v3
with:
path: |
~/PawPawBuilds
key: linux-x86_64-${{ env.PAWPAW_PACK_NAME }}-v${{ env.CACHE_VERSION_LINUX }}
- name: Build dependencies
run: |
./src/PawPaw/bootstrap-mod.sh linux-x86_64 && ./src/PawPaw/.cleanup.sh linux-x86_64
- name: Build
if: false
#if: steps.cache.outputs.cache-hit == 'true'
run: |
make
- name: Validate plugins
if: false
#if: steps.cache.outputs.cache-hit == 'true'
run: |
./utils/plugin-builder/validate-plugins.sh
# FIXME dirty carla leaves temp folders around
rm -rf *.tmp
- name: Set version tag for release
if: ${{ startsWith(github.ref, 'refs/tags/') }}
run: |
echo "VERSION_TAG=$(cat VERSION)" >> $GITHUB_ENV
- name: Set version tag for non-release
if: ${{ ! startsWith(github.ref, 'refs/tags/') }}
run: |
echo "VERSION_TAG=$(echo ${{ github.event.pull_request.number || github.sha }} | cut -c1-8)" >> $GITHUB_ENV
- name: Pack
if: false
#if: steps.cache.outputs.cache-hit == 'true'
run: |
./utils/linux/linux-tar.sh
if [ "${{ env.VERSION_TAG }}" != "$(cat VERSION)" ]; then
mv mod-desktop-*.tar.xz mod-desktop-${{ env.VERSION_TAG }}-linux-x86_64.tar.xz
fi
- uses: actions/upload-artifact@v3
if: ${{ matrix.container == env.RELEASE_OS_LINUX }}
with:
name: mod-desktop-${{ env.VERSION_TAG }}-linux-x86_64
path: |
*.tar.xz
- uses: softprops/action-gh-release@v1
if: ${{ matrix.container == env.RELEASE_OS_LINUX && startsWith(github.ref, 'refs/tags/') }}
with:
tag_name: ${{ github.ref_name }}
name: ${{ github.ref_name }}
draft: false
prerelease: false
files: |
*.tar.xz
# NOTE cannot use actions @v4, incompatible with ubuntu:18.04
# see https://github.com/actions/checkout/issues/1590
linux-x86_64-debug:
strategy:
matrix:
include:
- container: ubuntu:18.04
runs-on: ubuntu-latest
container:
image: ${{ matrix.container }}
env:
PAWPAW_DEBUG: 1
steps:
- name: Install git
run: |
apt-get update -qq && apt-get install -yqq --no-install-recommends ca-certificates git openssl
case "${{ matrix.container }}" in
"ubuntu:18.04")
apt-get install -yqq --no-install-recommends curl libpcre2-8-0
curl -sLO https://launchpad.net/~kxstudio-debian/+archive/ubuntu/toolchain/+files/git_2.34.1-1ubuntu1~bpo18.04.1~ppa1_amd64.deb
curl -sLO https://launchpad.net/~kxstudio-debian/+archive/ubuntu/toolchain/+files/git-man_2.34.1-1ubuntu1~bpo18.04.1~ppa1_all.deb
dpkg -i *.deb
rm *.deb
;;
"ubuntu:20.04")
apt-get install -yqq --no-install-recommends curl
curl -sLO https://launchpad.net/~kxstudio-debian/+archive/ubuntu/toolchain/+files/git_2.34.1-1ubuntu1~bpo20.04.1~ppa1_amd64.deb
curl -sLO https://launchpad.net/~kxstudio-debian/+archive/ubuntu/toolchain/+files/git-man_2.34.1-1ubuntu1~bpo20.04.1~ppa1_all.deb
dpkg -i *.deb
rm *.deb
;;
esac
- uses: actions/checkout@v3
with:
submodules: recursive
- name: Set up dependencies
run: |
./src/PawPaw/.github/workflows/bootstrap-deps.sh linux-x86_64
if [ "${{ matrix.container }}" = "ubuntu:18.04" ]; then
freetypepkgname="libfreetype6-dev"
else
freetypepkgname="libfreetype-dev"
fi
apt-get install -yqq ${freetypepkgname} p7zip-full unzip wget xdg-user-dirs zip
- name: Set up cache
id: cache
uses: actions/cache@v3
with:
path: |
~/PawPawBuilds
key: linux-x86_64-${{ env.PAWPAW_PACK_NAME }}-v${{ env.CACHE_VERSION_LINUX }}-debug
- name: Build dependencies
run: |
./src/PawPaw/bootstrap-mod.sh linux-x86_64 && ./src/PawPaw/.cleanup.sh linux-x86_64
- name: Build
if: false
#if: steps.cache.outputs.cache-hit == 'true'
run: |
make DEBUG=1
- name: Validate plugins
if: false
#if: steps.cache.outputs.cache-hit == 'true'
run: |
./utils/plugin-builder/validate-plugins.sh
# FIXME dirty carla leaves temp folders around
rm -rf *.tmp
- name: Set version tag for release
if: ${{ startsWith(github.ref, 'refs/tags/') }}
run: |
echo "VERSION_TAG=$(cat VERSION)" >> $GITHUB_ENV
- name: Set version tag for non-release
if: ${{ ! startsWith(github.ref, 'refs/tags/') }}
run: |
echo "VERSION_TAG=$(echo ${{ github.event.pull_request.number || github.sha }} | cut -c1-8)" >> $GITHUB_ENV
- name: Pack
if: false
#if: steps.cache.outputs.cache-hit == 'true'
run: |
./utils/linux/linux-tar.sh
if [ "${{ env.VERSION_TAG }}" != "$(cat VERSION)" ]; then
mv mod-desktop-*.tar.xz mod-desktop-${{ env.VERSION_TAG }}-linux-x86_64-debug.tar.xz
fi
- uses: actions/upload-artifact@v3
if: ${{ matrix.container == env.RELEASE_OS_LINUX }}
with:
name: mod-desktop-${{ env.VERSION_TAG }}-linux-x86_64-debug
path: |
*.tar.xz
macos:
strategy:
matrix:
include:
- os: macos-12
target: macos-10.15
- os: macos-12
target: macos-universal-10.15
# - os: macos-13
# target: macos-10.15
# - os: macos-13
# target: macos-universal-10.15
runs-on: ${{ matrix.os }}
steps:
- uses: actions/checkout@v4
with:
submodules: recursive
- name: Set up dependencies
run: |
rm -f /usr/local/bin/2to3-3.11
brew uninstall azure-cli
./src/PawPaw/.github/workflows/bootstrap-deps.sh ${{ matrix.target }}
brew install p7zip wget
- name: Set up cache
id: cache
uses: actions/cache@v4
with:
path: |
~/PawPawBuilds
key: macos-${{ env.PAWPAW_PACK_NAME }}-v${{ env.CACHE_VERSION_MACOS }}
- name: Build dependencies
run: |
./src/PawPaw/bootstrap-mod.sh ${{ matrix.target }} && ./src/PawPaw/.cleanup.sh ${{ matrix.target }}
- name: Build
if: false
#if: steps.cache.outputs.cache-hit == 'true'
run: |
make PAWPAW_TARGET=${{ matrix.target }}
- name: Validate plugins
if: false
#if: steps.cache.outputs.cache-hit == 'true'
run: |
# ./utils/plugin-builder/validate-plugins.sh ${{ matrix.target }}
# FIXME dirty carla leaves temp folders around
rm -rf *.tmp
- name: Set version tag for release
if: ${{ startsWith(github.ref, 'refs/tags/') }}
run: |
echo "VERSION_TAG=$(cat VERSION)" >> $GITHUB_ENV
- name: Set version tag for non-release
if: ${{ ! startsWith(github.ref, 'refs/tags/') }}
run: |
echo "VERSION_TAG=$(echo ${{ github.event.pull_request.number || github.sha }} | cut -c1-8)" >> $GITHUB_ENV
- name: Pack
if: steps.cache.outputs.cache-hit == 'true'
env:
CODESIGN_ACTIVE: ${{ vars.CODESIGN_ACTIVE }}
run: |
if [ -n "${{ env.CODESIGN_ACTIVE }}" ]; then
security create-keychain -p dummypassword build.keychain
security unlock-keychain -p dummypassword build.keychain
echo "${{ secrets.CODESIGN_P12_CONTENTS }}" | base64 -D -o codesign.p12
security import codesign.p12 -f pkcs12 -P "${{ secrets.CODESIGN_P12_PASSWORD }}" -k build.keychain -T /usr/bin/codesign
rm codesign.p12
fi
./utils/macos/macos-pkg.sh ${{ matrix.target }}
if [ "${{ env.VERSION_TAG }}" != "$(cat VERSION)" ]; then
mv mod-desktop-*.pkg mod-desktop-${{ env.VERSION_TAG }}-macOS.pkg
fi
if [ -n "${{ env.CODESIGN_ACTIVE }}" ]; then
security delete-keychain build.keychain
fi
- uses: actions/upload-artifact@v4
if: ${{ matrix.os == env.RELEASE_OS_MAC && matrix.target == 'macos-universal-10.15' }}
with:
name: mod-desktop-${{ env.VERSION_TAG }}-macOS
path: |
*.pkg
- uses: softprops/action-gh-release@v1
if: ${{ matrix.os == env.RELEASE_OS_MAC && matrix.target == 'macos-universal-10.15' && startsWith(github.ref, 'refs/tags/') }}
with:
tag_name: ${{ github.ref_name }}
name: ${{ github.ref_name }}
draft: false
prerelease: false
files: |
*.pkg
win64:
strategy:
matrix:
include:
# FIXME enable and use debian:12 for releases
#- container: debian:12
- container: ubuntu:22.04
#- container: ubuntu:23.10
runs-on: ubuntu-latest
container:
image: ${{ matrix.container }}
steps:
- name: Update git
run: |
apt-get update -qq && apt-get install -yqq git
- uses: actions/checkout@v4
with:
submodules: recursive
- name: Set up dependencies
run: |
./src/PawPaw/.github/workflows/bootstrap-deps.sh win64
apt-get install -yqq libfreetype-dev libx11-dev libxcursor-dev libxext-dev libxrandr-dev libxrender-dev p7zip-full unzip wget xdg-user-dirs xvfb zip
- name: Set up cache
id: cache
uses: actions/cache@v4
with:
path: |
~/PawPawBuilds
key: win64-${{ env.PAWPAW_PACK_NAME }}-v${{ env.CACHE_VERSION_WIN64 }}
- name: Build dependencies
run: |
./src/PawPaw/bootstrap-mod.sh win64 && ./src/PawPaw/.cleanup.sh win64
- name: Build
if: false
#if: steps.cache.outputs.cache-hit == 'true'
run: |
make win64
- name: Validate plugins
if: false
#if: steps.cache.outputs.cache-hit == 'true'
run: |
./utils/plugin-builder/validate-plugins.sh
# FIXME dirty carla leaves temp folders around
rm -rf *.tmp
- name: Set version tag for release
if: ${{ startsWith(github.ref, 'refs/tags/') }}
run: |
echo "VERSION_TAG=$(cat VERSION)" >> $GITHUB_ENV
- name: Set version tag for non-release
if: ${{ ! startsWith(github.ref, 'refs/tags/') }}
run: |
echo "VERSION_TAG=$(echo ${{ github.event.pull_request.number || github.sha }} | cut -c1-8)" >> $GITHUB_ENV
- name: Pack
if: false
#if: steps.cache.outputs.cache-hit == 'true'
run: |
xvfb-run ./utils/win64/win64-installer.sh
./utils/win64/win64-zip.sh
if [ "${{ env.VERSION_TAG }}" != "$(cat VERSION)" ]; then
mv mod-desktop-*.exe mod-desktop-${{ env.VERSION_TAG }}-win64.exe
mv mod-desktop-*.zip mod-desktop-${{ env.VERSION_TAG }}-win64.zip
fi
- uses: actions/upload-artifact@v4
if: ${{ matrix.container == env.RELEASE_OS_WIN64 }}
with:
name: mod-desktop-${{ env.VERSION_TAG }}-win64
path: |
*.exe
*.zip
- uses: softprops/action-gh-release@v1
if: ${{ matrix.container == env.RELEASE_OS_WIN64 && startsWith(github.ref, 'refs/tags/') }}
with:
tag_name: ${{ github.ref_name }}
name: ${{ github.ref_name }}
draft: false
prerelease: false
files: |
*.exe