Skip to content

macOS All Build

macOS All Build #77

Workflow file for this run

name: macOS All Build
# macOS runners are time consuming - limit when we run workflows on them to
# pushes or version tags
on:
workflow_dispatch:
push:
branches: [ 'main' ]
tags:
- 'v*'
paths:
- "**"
- "!.github/**"
- ".github/workflows/build-macos.yml"
pull_request:
paths: [ ".github/workflows/build-macos.yml" ]
env:
# Customize the CMake build type here (Release, Debug, RelWithDebInfo, etc.)
BUILD_TYPE: Release
jobs:
build:
# Includes SDK 10.15 and Clang 13 which should provide full coverage/support for
# the desired builds (Universal M1/x64 + Catalina Support)
runs-on: macos-11
steps:
- name: Checkout Repository
uses: actions/checkout@v3
- name: Setup Certification Keychain
# Codesign and submit the binary for notarization before packaging for release
# Reference: https://docs.github.com/en/actions/deployment/deploying-xcode-applications/installing-an-apple-certificate-on-macos-runners-for-xcode-development
env:
BUILD_CERTIFICATE_BASE64: ${{secrets.APPLE_BUILD_CERTIFICATE_BASE64}}
CERT_PASSWORD: ${{secrets.APPLE_BUILD_CERT_P12_PASSWORD}}
KEYCHAIN_PASSWORD: ${{secrets.APPLE_LOCAL_KEYCHAIN_PASSWORD}}
run: |
CERTIFICATE_PATH=$RUNNER_TEMP/build_certificate.p12
KEYCHAIN_PATH=$RUNNER_TEMP/app-signing.keychain-db
# import certificate and provisioning profile from secrets
echo -n "$BUILD_CERTIFICATE_BASE64" | base64 --decode -o $CERTIFICATE_PATH
# create temporary keychain
security create-keychain -p "$KEYCHAIN_PASSWORD" $KEYCHAIN_PATH
security set-keychain-settings -lut 21600 $KEYCHAIN_PATH
security unlock-keychain -p "$KEYCHAIN_PASSWORD" $KEYCHAIN_PATH
# import certificate to keychain
security import $CERTIFICATE_PATH -P "$CERT_PASSWORD" -A -t cert -f pkcs12 -k $KEYCHAIN_PATH
security set-key-partition-list -S apple-tool:,apple:,codesign: -s -k "$KEYCHAIN_PASSWORD" $KEYCHAIN_PATH
security list-keychain -d user -s $KEYCHAIN_PATH
- name: Configure CMake
# Configure CMake in a 'build' subdirectory. `CMAKE_BUILD_TYPE` is only required if you are using a single-configuration generator such as make.
# See https://cmake.org/cmake/help/latest/variable/CMAKE_BUILD_TYPE.html?highlight=cmake_build_type
run: cmake -B ${{github.workspace}}/build -DCMAKE_BUILD_TYPE=${{env.BUILD_TYPE}} -DCMAKE_OSX_DEPLOYMENT_TARGET=10.15 -DCMAKE_OSX_ARCHITECTURES="arm64;x86_64"
- name: Build
# Build your program with the given configuration
run: cmake --build ${{github.workspace}}/build --config ${{env.BUILD_TYPE}}
# - name: Test
# working-directory: ${{github.workspace}}/build
# run: ctest -C ${{env.BUILD_TYPE}}
- name: Codesign Application
env:
IDENTITY_ID: ${{secrets.APPLE_KEYCHAIN_IDENTITY_ID}}
run: |
cd ${{github.workspace}}/build
xattr -c ./host/Clemens\ IIGS.app
codesign --force --verify --verbose --timestamp --sign "$IDENTITY_ID" --options runtime ./host/Clemens\ IIGS.app
codesign -dv -r- ./host/Clemens\ IIGS.app
codesign -vv ./host/Clemens\ IIGS.app
- name: Create Package
if: ${{ github.event_name == 'workflow_dispatch' || (github.event_name == 'push' && github.ref_type == 'tag')}}
run: |
cd ${{github.workspace}}/build
cpack --config CPackConfig.cmake
- name: Notarize Package
if: ${{ github.event_name == 'workflow_dispatch' || (github.event_name == 'push' && github.ref_type == 'tag')}}
run: |
cd ${{github.workspace}}/build
PACKAGE_FILE=$(find ./out/*.dmg -print -quit)
echo "Notarizing $PACKAGE_FILE ..."
xcrun notarytool submit --apple-id ${{secrets.APPLE_DEVELOPER_ID}} --password "${{secrets.APPLE_CLEMENS_APP_PASSWORD}}" --team-id ${{secrets.APPLE_DEVELOPER_TEAM_ID}} --wait $PACKAGE_FILE
xcrun stapler staple $PACKAGE_FILE
- name: Archive production artifacts
if: ${{ github.event_name == 'workflow_dispatch' || (github.event_name == 'push' && github.ref_type == 'tag')}}
uses: actions/upload-artifact@v3
with:
name: clemens_iigs-${{github.ref_name}}-${{runner.os}}
path: |
${{github.workspace}}/build/out/*.dmg
${{github.workspace}}/build/out/*.sha256