-
Notifications
You must be signed in to change notification settings - Fork 4
96 lines (84 loc) · 4.06 KB
/
build-macos.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
name: macOS All Build
# macOS runners are time consuming - limit when we run workflows on them to
# pushes or version tags
on:
push:
branches: [ 'main' ]
tags: ['v*']
paths:
- "**"
- "!.github/**"
- ".github/workflows/build-macos.yml"
pull_request:
paths: [ ".github/workflows/build-macos.yml" ]
env:
# Customize the CMake build type here (Release, Debug, RelWithDebInfo, etc.)
BUILD_TYPE: Release
jobs:
build:
# Includes SDK 10.15 and Clang 13 which should provide full coverage/support for
# the desired builds (Universal M1/x64 + Catalina Support)
runs-on: macos-11
steps:
- name: Checkout Repository
uses: actions/checkout@v3
- name: Setup Certification Keychain
# Codesign and submit the binary for notorization before packaging for release
# Reference: https://docs.github.com/en/actions/deployment/deploying-xcode-applications/installing-an-apple-certificate-on-macos-runners-for-xcode-development
env:
BUILD_CERTIFICATE_BASE64: ${{secrets.APPLE_BUILD_CERTIFICATE_BASE64}}
CERT_PASSWORD: ${{secrets.APPLE_BUILD_CERT_P12_PASSWORD}}
KEYCHAIN_PASSWORD: ${{secrets.APPLE_LOCAL_KEYCHAIN_PASSWORD}}
run: |
CERTIFICATE_PATH=$RUNNER_TEMP/build_certificate.p12
KEYCHAIN_PATH=$RUNNER_TEMP/app-signing.keychain-db
# import certificate and provisioning profile from secrets
echo -n "$BUILD_CERTIFICATE_BASE64" | base64 --decode -o $CERTIFICATE_PATH
# create temporary keychain
security create-keychain -p "$KEYCHAIN_PASSWORD" $KEYCHAIN_PATH
security set-keychain-settings -lut 21600 $KEYCHAIN_PATH
security unlock-keychain -p "$KEYCHAIN_PASSWORD" $KEYCHAIN_PATH
# import certificate to keychain
security import $CERTIFICATE_PATH -P "$CERT_PASSWORD" -A -t cert -f pkcs12 -k $KEYCHAIN_PATH
security set-key-partition-list -S apple-tool:,apple:,codesign: -s -k "$KEYCHAIN_PASSWORD" $KEYCHAIN_PATH
security list-keychain -d user -s $KEYCHAIN_PATH
- name: Configure CMake
# Configure CMake in a 'build' subdirectory. `CMAKE_BUILD_TYPE` is only required if you are using a single-configuration generator such as make.
# See https://cmake.org/cmake/help/latest/variable/CMAKE_BUILD_TYPE.html?highlight=cmake_build_type
run: cmake -B ${{github.workspace}}/build -DCMAKE_BUILD_TYPE=${{env.BUILD_TYPE}} -DCMAKE_OSX_DEPLOYMENT_TARGET=10.15 -DCMAKE_OSX_ARCHITECTURES="arm64;x86_64"
- name: Build
# Build your program with the given configuration
run: cmake --build ${{github.workspace}}/build --config ${{env.BUILD_TYPE}}
# - name: Test
# working-directory: ${{github.workspace}}/build
# run: ctest -C ${{env.BUILD_TYPE}}
- name: Codesign Application
env:
IDENTITY_ID: ${{secrets.APPLE_KEYCHAIN_IDENTITY_ID}}
run: |
cd ${{github.workspace}}/build
xattr -c ./host/Clemens\ IIGS.app
codesign --force --verify --verbose --timestamp --sign "$IDENTITY_ID" --options runtime ./host/Clemens\ IIGS.app
codesign -dv -r- ./host/Clemens\ IIGS.app
codesign -vv ./host/Clemens\ IIGS.app
- name: Create Package
# if: ${{ github.ref_type == 'tag'}}
run: |
cd ${{github.workspace}}/build
cpack --config CPackConfig.cmake
- name: Notorize Package
# if: ${{ github.ref_type == 'tag'}}
run: |
cd ${{github.workspace}}/build
PACKAGE_FILE=$(find ./out/*.dmg -print -quit)
echo "Notorizing $PACKAGE_FILE ..."
xcrun notarytool submit --apple-id ${{secrets.APPLE_DEVELOPER_ID}} --password "${{secrets.APPLE_CLEMENS_APP_PASSWORD}}" --team-id ${{secrets.APPLE_DEVELOPER_TEAM_ID}} --wait $PACKAGE_FILE
xcrun stapler staple -v $PACKAGE_FILE
- name: Archive production artifacts
#if: ${{ github.ref_type == 'tag'}}
uses: actions/upload-artifact@v3
with:
name: clemens_iigs-${{github.ref_name}}-${{runner.os}}
path: |
${{github.workspace}}/build/out/*.dmg
${{github.workspace}}/build/out/*.sha256