-
Notifications
You must be signed in to change notification settings - Fork 12
187 lines (167 loc) · 9.75 KB
/
build_test_artifacts.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
name: Scyclone
on:
workflow_dispatch: # lets you run a build from github.com
# Runs the workflow on push events but only for the develop branch
push:
branches: [ develop ]
# When pushing new commits, cancel any running builds on that branch
concurrency:
group: ${{ github.ref }}
cancel-in-progress: true
env:
PROJECT_NAME: Scyclone
# Customize the CMake build type here (Release, Debug, RelWithDebInfo, etc.)
BUILD_TYPE: Release
# Use up to 4 cpus to build juceaide, etc
CMAKE_BUILD_PARALLEL_LEVEL: 4
# Name of the build directory
BUILD_DIR: build
# jobs are run in paralell on different machines
# all steps run in series
jobs:
build_and_test:
name: ${{ matrix.name }}
runs-on: ${{ matrix.os }}
strategy:
fail-fast: false # show all errors for each platform (vs. cancel jobs on error)
# generate a matrix of jobs for different platforms
matrix:
include:
- name: macOS
os: macos-latest
ccache: ccache
- name: Windows
os: windows-latest
ccache: sccache
steps:
# We need the osxutils to get the codesign and notorization tools
- name: install macOS deps
if: ${{ matrix.name == 'macOS' }}
run: brew install osxutils
# This lets us use sscache on Windows
# We need to install ccache here for Windows to grab the right version
- name: install Windows deps
if: runner.os == 'Windows'
run: choco install ccache
# The uses keyword tells the job to retrieve the action named actions/checkout. This is an action that checks out your repository and downloads it to the runner, allowing you to run actions against your code (such as testing tools). You must use the checkout action any time your workflow will run against the repository's code or you are using an action defined in the repository.
# The uses keyword retrieves the action from the actions/checkout repository
# With this we checkout to our repo
- name: get repo and submodules
uses: actions/checkout@v3
# Here we get the submodules like juce
with:
submodules: true
# Setting up the environment variables for the paths so we can use them later
- name: setup environment variables (macOS)
if: ${{ matrix.name == 'macOS' }}
run: |
echo "ARTEFACTS_PATH=${{ env.BUILD_DIR }}/${{ env.PROJECT_NAME }}_artefacts/${{ env.BUILD_TYPE }}" >> $GITHUB_ENV
echo "VST3_PATH=${{ env.BUILD_DIR }}/${{ env.PROJECT_NAME }}_artefacts/${{ env.BUILD_TYPE }}/VST3/${{ env.PROJECT_NAME }}.vst3" >> $GITHUB_ENV
echo "AU_PATH=${{ env.BUILD_DIR }}/${{ env.PROJECT_NAME }}_artefacts/${{ env.BUILD_TYPE }}/AU/${{ env.PROJECT_NAME }}.component" >> $GITHUB_ENV
echo "STANDALONE_PATH=${{ env.BUILD_DIR }}/${{ env.PROJECT_NAME }}_artefacts/${{ env.BUILD_TYPE }}/Standalone/${{ env.PROJECT_NAME }}.app" >> $GITHUB_ENV
echo "PRODUCT_NAME=${{ env.PROJECT_NAME }}-${{ matrix.name }}" >> $GITHUB_ENV
- name: setup environment variables (Windows)
if: ${{ matrix.name == 'Windows' }}
shell: bash
run: |
echo "ARTEFACTS_PATH=${{ env.BUILD_DIR }}/${{ env.PROJECT_NAME }}_artefacts/${{ env.BUILD_TYPE }}" >> $GITHUB_ENV
echo "VST3_PATH=${{ env.BUILD_DIR }}/${{ env.PROJECT_NAME }}_artefacts/${{ env.BUILD_TYPE }}/VST3/${{ env.PROJECT_NAME }}.vst3" >> $GITHUB_ENV
echo "STANDALONE_PATH=${{ env.BUILD_DIR }}/${{ env.PROJECT_NAME }}_artefacts/${{ env.BUILD_TYPE }}/Standalone/${{ env.PROJECT_NAME }}.exe" >> $GITHUB_ENV
echo "PRODUCT_NAME=${{ env.PROJECT_NAME }}-${{ matrix.name }}" >> $GITHUB_ENV
echo "INSTALLER_PATH=${{ env.BUILD_DIR }}/installer/${{ env.PROJECT_NAME }}Installer_artefacts/Release/Scyclone Installer.exe" >> $GITHUB_ENV
# Simple printout to get some info
- name: printout
run: |
echo "os: ${{ matrix.os }}"
echo "ccache: ${{ matrix.ccache }}"
echo "BUILD_TYPE: ${{ env.BUILD_TYPE }}"
echo "VST3_PATH: ${{ env.VST3_PATH }}"
# Using the ccache action to store the build cache and speed up the next builds
- name: ccache
uses: hendrikmuhs/ccache-action@main
with:
key: v3-${{ matrix.os }}-${{ env.BUILD_TYPE }}
variant: ${{ matrix.ccache }}
# Typical cmake configuration with default generator
# With DCMAKE_OSX_ARCHITECTURES="arm64;x86_64" we can build universal binaries for apple computers
- name: cmake configure
run: cmake -B build -DCMAKE_BUILD_TYPE=${{ env.BUILD_TYPE }} -DCMAKE_C_COMPILER_LAUNCHER=${{ matrix.ccache }} -DCMAKE_CXX_COMPILER_LAUNCHER=${{ matrix.ccache }} -DCMAKE_OSX_ARCHITECTURES="arm64;x86_64"
# Build the project
- name: cmake build
run: cmake --build build --config ${{ env.BUILD_TYPE }} --parallel ${{ env.CMAKE_BUILD_PARALLEL_LEVEL }}
# Test the project
- name: ctest
working-directory: ${{github.workspace}}/build
run: ctest --verbose
# We need to import the apple developer certificate so that we can codesign our binaries
- name: import certificates (macOS)
uses: apple-actions/import-codesign-certs@v1
if: ${{ matrix.name == 'macOS' }}
with:
# GitHub encrypted secrets
p12-file-base64: ${{ secrets.DEV_ID_APP_CERT }}
p12-password: ${{ secrets.DEV_ID_APP_PWD }}
# Codesigning all the binaries
- name: codesign (macOS)
if: ${{ matrix.name == 'macOS' }}
run: |
codesign --force -s "${{ secrets.DEVELOPER_ID_APPLICATION}}" -v ${{ env.VST3_PATH }} --deep --strict --options=runtime --timestamp
codesign --force -s "${{ secrets.DEVELOPER_ID_APPLICATION}}" -v ${{ env.AU_PATH }} --deep --strict --options=runtime --timestamp
# The standalone needs to have specific entitlements, which we need to add when we codesign the files. Since we have set the entitlements in the CMakeLists.txt we can use the generated file in the location below
codesign --entitlements ${{ env.BUILD_DIR }}/${{ env.PROJECT_NAME }}_artefacts/JuceLibraryCode/Scyclone_Standalone.entitlements --force -s "${{ secrets.DEVELOPER_ID_APPLICATION}}" -v ${{ env.STANDALONE_PATH }} --deep --strict --options=runtime --timestamp
# We can now check the entitlements by creating a xml file with the entitlements
codesign -d --entitlements "${{ env.ARTEFACTS_PATH }}/Standalone/entitlements_after_first_sign.xml" ${{ env.STANDALONE_PATH }}
# Here we check the code signitures
codesign -dv --verbose=4 ${{ env.VST3_PATH }}
codesign -dv --verbose=4 ${{ env.AU_PATH }}
codesign -dv --verbose=4 ${{ env.STANDALONE_PATH }}
# In order to notarize the binaries we need to zip them first
- name: zip artefacts (macOS)
if: ${{ matrix.name == 'macOS' }}
run: |
mkdir -p packaging/${{ env.PRODUCT_NAME }}
# Move the artefacts to the packaging folder
mv ${{ env.VST3_PATH }} packaging/${{ env.PRODUCT_NAME }}
mv ${{ env.AU_PATH }} packaging/${{ env.PRODUCT_NAME }}
mv ${{ env.STANDALONE_PATH }} "packaging/${{ env.PRODUCT_NAME }}"
# Move the entitlements file to the packaging folder if we want to check it
# mv "${{ env.ARTEFACTS_PATH }}/Standalone/entitlements_after_first_sign.xml" packaging/${{ env.PRODUCT_NAME }}
# Create the zip
cd packaging
zip -vr ${{ env.PRODUCT_NAME }}.zip ${{ env.PRODUCT_NAME }}/ -x "*.DS_Store"
# In order to notarize the binaries we need to zip them first
- name: zip artefacts (Windows)
if: ${{ matrix.name == 'Windows' }}
run: |
mkdir packaging/${{ env.PRODUCT_NAME }}
# Move the artefacts to the packaging folder
mv ${{ env.VST3_PATH }} packaging/${{ env.PRODUCT_NAME }}
mv ${{ env.STANDALONE_PATH }} packaging/${{ env.PRODUCT_NAME }}
mv "${{ env.INSTALLER_PATH }}" packaging/${{ env.PRODUCT_NAME }}
# Create the zip
cd packaging
pwsh -command "Compress-Archive -Path '${{ env.PRODUCT_NAME }}' -DestinationPath '${{ env.PRODUCT_NAME }}.zip'"
# tar -a -c -f ${{ env.PRODUCT_NAME }}.zip ${{ env.PRODUCT_NAME }}/
# Let's now notarize the zip file and with it all its contents / binaries
#- name: notarize (macOS)
# working-directory: ${{github.workspace}}/packaging
# if: ${{ matrix.name == 'macOS' }}
# run: |
# # In contrast to dmg files zip files do not need to be codesigned before notarization
# xcrun notarytool submit ${{ env.PRODUCT_NAME }}.zip --apple-id ${{ secrets.APPLE_DEV_ID }} --password ${{ secrets.APPLE_DEV_PWD }} --team-id ${{ secrets.TEAM_ID }} --wait
# # Then we need to unzip it and staple the ticket for the gatekeeper to all binaries
# unzip ${{ env.PRODUCT_NAME }}.zip && rm ${{ env.PRODUCT_NAME }}.zip
# cd ${{ env.PRODUCT_NAME }}
# xcrun stapler staple ${{ env.PROJECT_NAME }}.vst3
# xcrun stapler staple ${{ env.PROJECT_NAME }}.component
# xcrun stapler staple ${{ env.PROJECT_NAME }}.app
# # Create a second entitlements file after the notarization to check the entitlements again it's packaged atomatically since it is generated in the packaging folder
# # codesign -d --entitlements "entitlements_after_second_sign.xml" ${{ env.PROJECT_NAME }}.app
# cd ..
# # And finally zip it again
# zip -vr ${{ env.PRODUCT_NAME }}.zip ${{ env.PRODUCT_NAME }}/ -x "*.DS_Store"
- name: upload artifact
uses: actions/upload-artifact@v3
with:
name: ${{ env.PRODUCT_NAME }}.zip
path: packaging/${{ env.PRODUCT_NAME }}.zip