macOS All Build #77
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: macOS All Build | |
# macOS runners are time consuming - limit when we run workflows on them to | |
# pushes or version tags | |
on: | |
workflow_dispatch: | |
push: | |
branches: [ 'main' ] | |
tags: | |
- 'v*' | |
paths: | |
- "**" | |
- "!.github/**" | |
- ".github/workflows/build-macos.yml" | |
pull_request: | |
paths: [ ".github/workflows/build-macos.yml" ] | |
env: | |
# Customize the CMake build type here (Release, Debug, RelWithDebInfo, etc.) | |
BUILD_TYPE: Release | |
jobs: | |
build: | |
# Includes SDK 10.15 and Clang 13 which should provide full coverage/support for | |
# the desired builds (Universal M1/x64 + Catalina Support) | |
runs-on: macos-11 | |
steps: | |
- name: Checkout Repository | |
uses: actions/checkout@v3 | |
- name: Setup Certification Keychain | |
# Codesign and submit the binary for notarization before packaging for release | |
# Reference: https://docs.github.com/en/actions/deployment/deploying-xcode-applications/installing-an-apple-certificate-on-macos-runners-for-xcode-development | |
env: | |
BUILD_CERTIFICATE_BASE64: ${{secrets.APPLE_BUILD_CERTIFICATE_BASE64}} | |
CERT_PASSWORD: ${{secrets.APPLE_BUILD_CERT_P12_PASSWORD}} | |
KEYCHAIN_PASSWORD: ${{secrets.APPLE_LOCAL_KEYCHAIN_PASSWORD}} | |
run: | | |
CERTIFICATE_PATH=$RUNNER_TEMP/build_certificate.p12 | |
KEYCHAIN_PATH=$RUNNER_TEMP/app-signing.keychain-db | |
# import certificate and provisioning profile from secrets | |
echo -n "$BUILD_CERTIFICATE_BASE64" | base64 --decode -o $CERTIFICATE_PATH | |
# create temporary keychain | |
security create-keychain -p "$KEYCHAIN_PASSWORD" $KEYCHAIN_PATH | |
security set-keychain-settings -lut 21600 $KEYCHAIN_PATH | |
security unlock-keychain -p "$KEYCHAIN_PASSWORD" $KEYCHAIN_PATH | |
# import certificate to keychain | |
security import $CERTIFICATE_PATH -P "$CERT_PASSWORD" -A -t cert -f pkcs12 -k $KEYCHAIN_PATH | |
security set-key-partition-list -S apple-tool:,apple:,codesign: -s -k "$KEYCHAIN_PASSWORD" $KEYCHAIN_PATH | |
security list-keychain -d user -s $KEYCHAIN_PATH | |
- name: Configure CMake | |
# Configure CMake in a 'build' subdirectory. `CMAKE_BUILD_TYPE` is only required if you are using a single-configuration generator such as make. | |
# See https://cmake.org/cmake/help/latest/variable/CMAKE_BUILD_TYPE.html?highlight=cmake_build_type | |
run: cmake -B ${{github.workspace}}/build -DCMAKE_BUILD_TYPE=${{env.BUILD_TYPE}} -DCMAKE_OSX_DEPLOYMENT_TARGET=10.15 -DCMAKE_OSX_ARCHITECTURES="arm64;x86_64" | |
- name: Build | |
# Build your program with the given configuration | |
run: cmake --build ${{github.workspace}}/build --config ${{env.BUILD_TYPE}} | |
# - name: Test | |
# working-directory: ${{github.workspace}}/build | |
# run: ctest -C ${{env.BUILD_TYPE}} | |
- name: Codesign Application | |
env: | |
IDENTITY_ID: ${{secrets.APPLE_KEYCHAIN_IDENTITY_ID}} | |
run: | | |
cd ${{github.workspace}}/build | |
xattr -c ./host/Clemens\ IIGS.app | |
codesign --force --verify --verbose --timestamp --sign "$IDENTITY_ID" --options runtime ./host/Clemens\ IIGS.app | |
codesign -dv -r- ./host/Clemens\ IIGS.app | |
codesign -vv ./host/Clemens\ IIGS.app | |
- name: Create Package | |
if: ${{ github.event_name == 'workflow_dispatch' || (github.event_name == 'push' && github.ref_type == 'tag')}} | |
run: | | |
cd ${{github.workspace}}/build | |
cpack --config CPackConfig.cmake | |
- name: Notarize Package | |
if: ${{ github.event_name == 'workflow_dispatch' || (github.event_name == 'push' && github.ref_type == 'tag')}} | |
run: | | |
cd ${{github.workspace}}/build | |
PACKAGE_FILE=$(find ./out/*.dmg -print -quit) | |
echo "Notarizing $PACKAGE_FILE ..." | |
xcrun notarytool submit --apple-id ${{secrets.APPLE_DEVELOPER_ID}} --password "${{secrets.APPLE_CLEMENS_APP_PASSWORD}}" --team-id ${{secrets.APPLE_DEVELOPER_TEAM_ID}} --wait $PACKAGE_FILE | |
xcrun stapler staple $PACKAGE_FILE | |
- name: Archive production artifacts | |
if: ${{ github.event_name == 'workflow_dispatch' || (github.event_name == 'push' && github.ref_type == 'tag')}} | |
uses: actions/upload-artifact@v3 | |
with: | |
name: clemens_iigs-${{github.ref_name}}-${{runner.os}} | |
path: | | |
${{github.workspace}}/build/out/*.dmg | |
${{github.workspace}}/build/out/*.sha256 |