[CI] MacOS codesignging + notarization #1263
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: ci | |
on: | |
push: | |
branches: [main] | |
paths-ignore: | |
- '**.md' | |
- 'setup-action/**' | |
- '.github/workflows/codeql.yml' | |
- '.github/workflows/benchmarks.yml' | |
- 'scripts/ci-run-benchmarks.sh' | |
pull_request: | |
branches: [main] | |
paths-ignore: | |
- '**.md' | |
- 'setup-action/**' | |
- '.github/workflows/codeql.yml' | |
- '.github/workflows/benchmarks.yml' | |
- 'scripts/ci-run-benchmarks.sh' | |
release: | |
types: [published] | |
# permissions: | |
# contents: write | |
# id-token: write | |
# attestations: write | |
defaults: | |
run: | |
shell: bash | |
# env: | |
# AMD64_LINUX_GCC: amd64-linux-gcc | |
# AMD64_LINUX_CLANG: amd64-linux-clang | |
# AMD64_LINUX_MUSL: amd64-linux-musl | |
# AMD64_WINDOWS_MINGW: amd64-windows-mingw | |
# AMD64_LINUX_WASM: amd64-linux-wasm | |
# AMD64_MACOSX_GCC: amd64-macosx-gcc | |
# ARM64_MACOSX_GCC: arm64-macosx-gcc | |
# AMD64_FREEBSD_GCC: amd64-freebsd-gcc | |
# ARTIFACT_DIR: .artifacts | |
# ARTIFACT_RETENTION_DAYS: 5 | |
# GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
jobs: | |
# tag: | |
# runs-on: ubuntu-22.04 | |
# outputs: | |
# TAG: ${{ steps.tag.outputs.TAG }} | |
# steps: | |
# - name: Checkout | |
# uses: actions/checkout@v4 | |
# with: | |
# sparse-checkout: | | |
# scripts/ci-set-tag-output-parameter.sh | |
# - name: Set TAG output parameter | |
# id: tag | |
# env: | |
# TAG: ${{ startsWith(github.ref, 'refs/tags/v') && github.ref_name || '' }} | |
# run: ./scripts/ci-set-tag-output-parameter.sh | |
# clang-format: | |
# runs-on: ubuntu-22.04 | |
# steps: | |
# - name: Checkout | |
# uses: actions/checkout@v4 | |
# - name: Run clang-format | |
# run: | | |
# sudo ln -sf /usr/bin/clang-format-15 /usr/bin/clang-format | |
# ./scripts/ci-run-clang-format.sh | |
# cppcheck: | |
# runs-on: ubuntu-22.04 | |
# steps: | |
# - name: Checkout | |
# uses: actions/checkout@v4 | |
# - name: Install cppcheck | |
# run: | | |
# sudo apt update | |
# sudo apt install -y cppcheck | |
# cppcheck --version | |
# - name: Run cppcheck | |
# run: ./scripts/ci-run-cppcheck.sh | |
# - name: Upload (${{ env.CPPCHECK_XML_ARTIFACT_NAME }}) | |
# uses: actions/upload-artifact@v4 | |
# with: | |
# name: ${{ env.CPPCHECK_XML_ARTIFACT_NAME }} | |
# path: ${{ env.CPPCHECK_XML_ARTIFACT_NAME }} | |
# retention-days: ${{ env.ARTIFACT_RETENTION_DAYS }} | |
# if-no-files-found: error | |
# - name: Upload (${{ env.CPPCHECK_HTML_ARTIFACT_NAME }}) | |
# uses: actions/upload-artifact@v4 | |
# with: | |
# name: ${{ env.CPPCHECK_HTML_ARTIFACT_NAME }} | |
# path: ${{ env.CPPCHECK_HTML_ARTIFACT_NAME }} | |
# retention-days: ${{ env.ARTIFACT_RETENTION_DAYS }} | |
# if-no-files-found: error | |
# shellcheck: | |
# runs-on: ubuntu-22.04 | |
# steps: | |
# - name: Checkout | |
# uses: actions/checkout@v4 | |
# - name: Run shellcheck | |
# run: ./scripts/ci-run-shellcheck.sh | |
# ci: | |
# needs: [tag, clang-format, cppcheck, shellcheck] | |
# strategy: | |
# matrix: | |
# os: [ubuntu-22.04, macos-13, macos-14] | |
# runs-on: ${{ matrix.os }} | |
# timeout-minutes: 15 | |
# env: | |
# TAG: ${{ needs.tag.outputs.TAG }} | |
# steps: | |
# - name: Checkout | |
# uses: actions/checkout@v4 | |
# - name: Set up Linux | |
# if: runner.os == 'Linux' | |
# run: | | |
# sudo apt update | |
# sudo apt install -y rpm alien tmux | |
# sudo apt remove -y jq | |
# - name: Set up macOS (AMD64 and ARM64) | |
# if: runner.os == 'macOS' | |
# run: | | |
# brew install --quiet coreutils tree autoconf automake libtool tmux sqlite3 | |
# brew uninstall jq | |
# # --- Build --- | |
# - name: Build on Linux (${{ env.AMD64_LINUX_GCC }}) | |
# if: runner.os == 'Linux' | |
# env: | |
# PREFIX: ${{ env.AMD64_LINUX_GCC }} | |
# CC: gcc | |
# MAKE: make | |
# RUN_TESTS: true | |
# run: | | |
# ./scripts/ci-build.sh | |
# ./scripts/ci-create-debian-package.sh | |
# ./scripts/ci-create-rpm-package.sh | |
# - name: Build on Linux (${{ env.AMD64_LINUX_CLANG }}) | |
# if: runner.os == 'Linux' | |
# env: | |
# PREFIX: ${{ env.AMD64_LINUX_CLANG }} | |
# CC: clang | |
# MAKE: make | |
# RUN_TESTS: true | |
# run: | | |
# ./scripts/ci-build.sh | |
# ./scripts/ci-create-debian-package.sh | |
# ./scripts/ci-create-rpm-package.sh | |
# - name: Build on macOS (${{ env.AMD64_MACOSX_GCC }}) | |
# if: matrix.os == 'macos-13' | |
# env: | |
# PREFIX: ${{ env.AMD64_MACOSX_GCC }} | |
# CC: gcc-13 | |
# MAKE: make | |
# RUN_TESTS: true | |
# run: ./scripts/ci-build.sh | |
# - name: Build on macOS (${{ env.ARM64_MACOSX_GCC }}) | |
# if: matrix.os == 'macos-14' | |
# env: | |
# PREFIX: ${{ env.ARM64_MACOSX_GCC }} | |
# CC: gcc-13 | |
# MAKE: make | |
# RUN_TESTS: true | |
# run: ./scripts/ci-build.sh | |
# # --- Upload build artifacts --- | |
# - name: Prepare build artifacts for upload | |
# run: ./scripts/ci-prepare-artifacts-for-upload.sh | |
# - name: Attest build artifacts for release | |
# if: startsWith(github.ref, 'refs/tags/v') | |
# uses: actions/attest-build-provenance@v2 | |
# with: | |
# subject-path: ${{ env.ARTIFACT_DIR }}/* | |
# - name: Verify attestations of release artifacts | |
# if: startsWith(github.ref, 'refs/tags/v') | |
# run: ./scripts/ci-verify-attestations.sh | |
# - name: Upload (zsv-${{ env.TAG }}-${{ env.AMD64_LINUX_GCC }}.zip) | |
# if: runner.os == 'Linux' | |
# uses: actions/upload-artifact@v4 | |
# env: | |
# ARTIFACT_NAME: zsv-${{ env.TAG }}-${{ env.AMD64_LINUX_GCC }}.zip | |
# with: | |
# name: ${{ env.ARTIFACT_NAME }} | |
# path: ${{ env.ARTIFACT_DIR }}/${{ env.ARTIFACT_NAME }} | |
# retention-days: ${{ env.ARTIFACT_RETENTION_DAYS }} | |
# if-no-files-found: error | |
# - name: Upload (zsv-${{ env.TAG }}-${{ env.AMD64_LINUX_CLANG }}.zip) | |
# if: runner.os == 'Linux' | |
# uses: actions/upload-artifact@v4 | |
# env: | |
# ARTIFACT_NAME: zsv-${{ env.TAG }}-${{ env.AMD64_LINUX_CLANG }}.zip | |
# with: | |
# name: ${{ env.ARTIFACT_NAME }} | |
# path: ${{ env.ARTIFACT_DIR }}/${{ env.ARTIFACT_NAME }} | |
# retention-days: ${{ env.ARTIFACT_RETENTION_DAYS }} | |
# if-no-files-found: error | |
# - name: Upload (zsv-${{ env.TAG }}-${{ env.AMD64_LINUX_GCC }}.deb) | |
# if: runner.os == 'Linux' | |
# uses: actions/upload-artifact@v4 | |
# env: | |
# ARTIFACT_NAME: zsv-${{ env.TAG }}-${{ env.AMD64_LINUX_GCC }}.deb | |
# with: | |
# name: ${{ env.ARTIFACT_NAME }} | |
# path: ${{ env.ARTIFACT_DIR }}/${{ env.ARTIFACT_NAME }} | |
# retention-days: ${{ env.ARTIFACT_RETENTION_DAYS }} | |
# if-no-files-found: error | |
# - name: Upload (zsv-${{ env.TAG }}-${{ env.AMD64_LINUX_CLANG }}.deb) | |
# if: runner.os == 'Linux' | |
# uses: actions/upload-artifact@v4 | |
# env: | |
# ARTIFACT_NAME: zsv-${{ env.TAG }}-${{ env.AMD64_LINUX_CLANG }}.deb | |
# with: | |
# name: ${{ env.ARTIFACT_NAME }} | |
# path: ${{ env.ARTIFACT_DIR }}/${{ env.ARTIFACT_NAME }} | |
# retention-days: ${{ env.ARTIFACT_RETENTION_DAYS }} | |
# if-no-files-found: error | |
# - name: Upload (zsv-${{ env.TAG }}-${{ env.AMD64_LINUX_GCC }}.rpm) | |
# if: runner.os == 'Linux' | |
# uses: actions/upload-artifact@v4 | |
# env: | |
# ARTIFACT_NAME: zsv-${{ env.TAG }}-${{ env.AMD64_LINUX_GCC }}.rpm | |
# with: | |
# name: ${{ env.ARTIFACT_NAME }} | |
# path: ${{ env.ARTIFACT_DIR }}/${{ env.ARTIFACT_NAME }} | |
# retention-days: ${{ env.ARTIFACT_RETENTION_DAYS }} | |
# if-no-files-found: error | |
# - name: Upload (zsv-${{ env.TAG }}-${{ env.AMD64_LINUX_CLANG }}.rpm) | |
# if: runner.os == 'Linux' | |
# uses: actions/upload-artifact@v4 | |
# env: | |
# ARTIFACT_NAME: zsv-${{ env.TAG }}-${{ env.AMD64_LINUX_CLANG }}.rpm | |
# with: | |
# name: ${{ env.ARTIFACT_NAME }} | |
# path: ${{ env.ARTIFACT_DIR }}/${{ env.ARTIFACT_NAME }} | |
# retention-days: ${{ env.ARTIFACT_RETENTION_DAYS }} | |
# if-no-files-found: error | |
# - name: Upload (zsv-${{ env.TAG }}-${{ env.AMD64_MACOSX_GCC }}.zip) | |
# if: matrix.os == 'macos-13' | |
# uses: actions/upload-artifact@v4 | |
# env: | |
# ARTIFACT_NAME: zsv-${{ env.TAG }}-${{ env.AMD64_MACOSX_GCC }}.zip | |
# with: | |
# name: ${{ env.ARTIFACT_NAME }} | |
# path: ${{ env.ARTIFACT_DIR }}/${{ env.ARTIFACT_NAME }} | |
# retention-days: ${{ env.ARTIFACT_RETENTION_DAYS }} | |
# if-no-files-found: error | |
# - name: Upload (zsv-${{ env.TAG }}-${{ env.ARM64_MACOSX_GCC }}.zip) | |
# if: matrix.os == 'macos-14' | |
# uses: actions/upload-artifact@v4 | |
# env: | |
# ARTIFACT_NAME: zsv-${{ env.TAG }}-${{ env.ARM64_MACOSX_GCC }}.zip | |
# with: | |
# name: ${{ env.ARTIFACT_NAME }} | |
# path: ${{ env.ARTIFACT_DIR }}/${{ env.ARTIFACT_NAME }} | |
# retention-days: ${{ env.ARTIFACT_RETENTION_DAYS }} | |
# if-no-files-found: error | |
# - name: Upload (zsv-${{ env.TAG }}-${{ env.AMD64_LINUX_GCC }}.tar.gz) | |
# if: runner.os == 'Linux' | |
# uses: actions/upload-artifact@v4 | |
# env: | |
# ARTIFACT_NAME: zsv-${{ env.TAG }}-${{ env.AMD64_LINUX_GCC }}.tar.gz | |
# with: | |
# name: ${{ env.ARTIFACT_NAME }} | |
# path: ${{ env.ARTIFACT_DIR }}/${{ env.ARTIFACT_NAME }} | |
# retention-days: ${{ env.ARTIFACT_RETENTION_DAYS }} | |
# if-no-files-found: error | |
# - name: Upload (zsv-${{ env.TAG }}-${{ env.AMD64_LINUX_CLANG }}.tar.gz) | |
# if: runner.os == 'Linux' | |
# uses: actions/upload-artifact@v4 | |
# env: | |
# ARTIFACT_NAME: zsv-${{ env.TAG }}-${{ env.AMD64_LINUX_CLANG }}.tar.gz | |
# with: | |
# name: ${{ env.ARTIFACT_NAME }} | |
# path: ${{ env.ARTIFACT_DIR }}/${{ env.ARTIFACT_NAME }} | |
# retention-days: ${{ env.ARTIFACT_RETENTION_DAYS }} | |
# if-no-files-found: error | |
# - name: Upload (zsv-${{ env.TAG }}-${{ env.AMD64_MACOSX_GCC }}.tar.gz) | |
# if: matrix.os == 'macos-13' | |
# uses: actions/upload-artifact@v4 | |
# env: | |
# ARTIFACT_NAME: zsv-${{ env.TAG }}-${{ env.AMD64_MACOSX_GCC }}.tar.gz | |
# with: | |
# name: ${{ env.ARTIFACT_NAME }} | |
# path: ${{ env.ARTIFACT_DIR }}/${{ env.ARTIFACT_NAME }} | |
# retention-days: ${{ env.ARTIFACT_RETENTION_DAYS }} | |
# if-no-files-found: error | |
# - name: Upload (zsv-${{ env.TAG }}-${{ env.ARM64_MACOSX_GCC }}.tar.gz) | |
# if: matrix.os == 'macos-14' | |
# uses: actions/upload-artifact@v4 | |
# env: | |
# ARTIFACT_NAME: zsv-${{ env.TAG }}-${{ env.ARM64_MACOSX_GCC }}.tar.gz | |
# with: | |
# name: ${{ env.ARTIFACT_NAME }} | |
# path: ${{ env.ARTIFACT_DIR }}/${{ env.ARTIFACT_NAME }} | |
# retention-days: ${{ env.ARTIFACT_RETENTION_DAYS }} | |
# if-no-files-found: error | |
# - name: Upload release artifacts | |
# if: startsWith(github.ref, 'refs/tags/v') | |
# run: ./scripts/ci-upload-release-artifacts.sh | |
# - name: Update homebrew tap (liquidaty/homebrew-zsv) | |
# if: ${{ startsWith(github.ref, 'refs/tags/v') && matrix.os == 'macos-13' }} | |
# env: | |
# HOMEBREW_TAP_DEPLOY_KEY: ${{ secrets.HOMEBREW_TAP_DEPLOY_KEY }} | |
# TAG: ${{ env.TAG }} | |
# TRIPLET: ${{ env.AMD64_MACOSX_GCC }} | |
# run: ./scripts/ci-update-homebrew-tap.sh | |
# ci-bsd: | |
# needs: [tag, clang-format, cppcheck, shellcheck] | |
# runs-on: ubuntu-22.04 | |
# timeout-minutes: 15 | |
# env: | |
# TAG: ${{ needs.tag.outputs.TAG }} | |
# steps: | |
# - name: Checkout | |
# uses: actions/checkout@v4 | |
# - name: Build (${{ env.AMD64_FREEBSD_GCC }}) | |
# uses: cross-platform-actions/action@v0.26.0 | |
# env: | |
# PREFIX: ${{ env.AMD64_FREEBSD_GCC }} | |
# CC: gcc | |
# MAKE: gmake | |
# RUN_TESTS: true | |
# with: | |
# operating_system: freebsd | |
# version: '13.2' | |
# environment_variables: 'PREFIX CC MAKE RUN_TESTS ARTIFACT_DIR' | |
# shell: sh | |
# run: | | |
# ./scripts/ci-freebsd-setup.sh | |
# ./scripts/ci-build.sh | |
# - name: Prepare build artifacts for upload | |
# run: ./scripts/ci-prepare-artifacts-for-upload.sh | |
# - name: Attest build artifacts for release | |
# if: startsWith(github.ref, 'refs/tags/v') | |
# uses: actions/attest-build-provenance@v2 | |
# with: | |
# subject-path: ${{ env.ARTIFACT_DIR }}/* | |
# - name: Verify attestations of release artifacts | |
# if: startsWith(github.ref, 'refs/tags/v') | |
# run: ./scripts/ci-verify-attestations.sh | |
# - name: Upload (zsv-${{ env.TAG }}-${{ env.AMD64_FREEBSD_GCC }}.zip) | |
# uses: actions/upload-artifact@v4 | |
# env: | |
# ARTIFACT_NAME: zsv-${{ env.TAG }}-${{ env.AMD64_FREEBSD_GCC }}.zip | |
# with: | |
# name: ${{ env.ARTIFACT_NAME }} | |
# path: ${{ env.ARTIFACT_DIR }}/${{ env.ARTIFACT_NAME }} | |
# retention-days: ${{ env.ARTIFACT_RETENTION_DAYS }} | |
# if-no-files-found: error | |
# - name: Upload (zsv-${{ env.TAG }}-${{ env.AMD64_FREEBSD_GCC }}.tar.gz) | |
# uses: actions/upload-artifact@v4 | |
# env: | |
# ARTIFACT_NAME: zsv-${{ env.TAG }}-${{ env.AMD64_FREEBSD_GCC }}.tar.gz | |
# with: | |
# name: ${{ env.ARTIFACT_NAME }} | |
# path: ${{ env.ARTIFACT_DIR }}/${{ env.ARTIFACT_NAME }} | |
# retention-days: ${{ env.ARTIFACT_RETENTION_DAYS }} | |
# if-no-files-found: error | |
# - name: Upload release artifacts | |
# if: startsWith(github.ref, 'refs/tags/v') | |
# run: ./scripts/ci-upload-release-artifacts.sh | |
# ci-mingw: | |
# needs: [tag, clang-format, cppcheck, shellcheck] | |
# runs-on: ubuntu-22.04 | |
# timeout-minutes: 15 | |
# env: | |
# TAG: ${{ needs.tag.outputs.TAG }} | |
# steps: | |
# - name: Set up apt dependencies | |
# run: | | |
# sudo apt update | |
# sudo apt install -y mingw-w64 nuget | |
# sudo apt remove -y jq | |
# - name: Set VCPKG_MINGW_INSTALL_ROOT env var | |
# run: echo "VCPKG_MINGW_INSTALL_ROOT=$VCPKG_INSTALLATION_ROOT/installed/x64-mingw-static" >>"$GITHUB_ENV" | |
# - name: Cache ncurses | |
# uses: actions/cache@v4 | |
# id: cache-ncurses | |
# with: | |
# key: ncurses:x64-mingw-static | |
# path: ${{ env.VCPKG_MINGW_INSTALL_ROOT }} | |
# - name: Install ncurses with wide character support using vcpkg | |
# if: ${{ steps.cache-ncurses.outputs.cache-hit != 'true' }} | |
# run: | | |
# NCURSES_PORTFILE="$VCPKG_INSTALLATION_ROOT/ports/ncurses/portfile.cmake" | |
# cd "$VCPKG_INSTALLATION_ROOT" | |
# if ! grep -- "--enable-widec" "$NCURSES_PORTFILE" >/dev/null; then | |
# sed 's|--enable-pc-files|--enable-pc-files --enable-widec|' -i "$NCURSES_PORTFILE" | |
# fi | |
# ./vcpkg install ncurses:x64-mingw-static | |
# tree ./installed/x64-mingw-static | |
# - name: Checkout | |
# uses: actions/checkout@v4 | |
# - name: Build (${{ env.AMD64_WINDOWS_MINGW }}) | |
# env: | |
# PREFIX: ${{ env.AMD64_WINDOWS_MINGW }} | |
# CC: x86_64-w64-mingw32-gcc | |
# MAKE: make | |
# RUN_TESTS: false | |
# CXX: x86_64-w64-mingw32-g++ | |
# CPP: x86_64-w64-mingw32-cpp | |
# RANLIB: x86_64-w64-mingw32-gcc-ranlib | |
# AR: x86_64-w64-mingw32-gcc-ar | |
# NM: x86_64-w64-mingw32-gcc-nm | |
# WINDRES: x86_64-w64-mingw32-windres | |
# CFLAGS: -I${{ env.VCPKG_MINGW_INSTALL_ROOT }}/include | |
# LDFLAGS: -L${{ env.VCPKG_MINGW_INSTALL_ROOT }}/lib | |
# run: | | |
# ./scripts/ci-build.sh | |
# ./scripts/ci-create-nuget-package.sh | |
# - name: Prepare build artifacts for upload | |
# run: ./scripts/ci-prepare-artifacts-for-upload.sh | |
# - name: Attest build artifacts for release | |
# if: startsWith(github.ref, 'refs/tags/v') | |
# uses: actions/attest-build-provenance@v2 | |
# with: | |
# subject-path: ${{ env.ARTIFACT_DIR }}/* | |
# - name: Verify attestations of release artifacts | |
# if: startsWith(github.ref, 'refs/tags/v') | |
# run: ./scripts/ci-verify-attestations.sh | |
# - name: Upload (zsv-${{ env.TAG }}-${{ env.AMD64_WINDOWS_MINGW }}.zip) | |
# uses: actions/upload-artifact@v4 | |
# env: | |
# ARTIFACT_NAME: zsv-${{ env.TAG }}-${{ env.AMD64_WINDOWS_MINGW }}.zip | |
# with: | |
# name: ${{ env.ARTIFACT_NAME }} | |
# path: ${{ env.ARTIFACT_DIR }}/${{ env.ARTIFACT_NAME }} | |
# retention-days: ${{ env.ARTIFACT_RETENTION_DAYS }} | |
# if-no-files-found: error | |
# - name: Upload (zsv-${{ env.TAG }}-${{ env.AMD64_WINDOWS_MINGW }}.tar.gz) | |
# uses: actions/upload-artifact@v4 | |
# env: | |
# ARTIFACT_NAME: zsv-${{ env.TAG }}-${{ env.AMD64_WINDOWS_MINGW }}.tar.gz | |
# with: | |
# name: ${{ env.ARTIFACT_NAME }} | |
# path: ${{ env.ARTIFACT_DIR }}/${{ env.ARTIFACT_NAME }} | |
# retention-days: ${{ env.ARTIFACT_RETENTION_DAYS }} | |
# if-no-files-found: error | |
# - name: Upload (zsv-${{ env.TAG }}-${{ env.AMD64_WINDOWS_MINGW }}.nupkg) | |
# uses: actions/upload-artifact@v4 | |
# env: | |
# ARTIFACT_NAME: zsv-${{ env.TAG }}-${{ env.AMD64_WINDOWS_MINGW }}.nupkg | |
# with: | |
# name: ${{ env.ARTIFACT_NAME }} | |
# path: ${{ env.ARTIFACT_DIR }}/${{ env.ARTIFACT_NAME }} | |
# retention-days: ${{ env.ARTIFACT_RETENTION_DAYS }} | |
# if-no-files-found: error | |
# - name: Upload release artifacts | |
# if: startsWith(github.ref, 'refs/tags/v') | |
# run: ./scripts/ci-upload-release-artifacts.sh | |
# ci-musl: | |
# needs: [tag, clang-format, cppcheck, shellcheck] | |
# runs-on: ubuntu-22.04 | |
# container: alpine:latest | |
# timeout-minutes: 15 | |
# outputs: | |
# TAG: ${{ needs.tag.outputs.TAG }} | |
# env: | |
# TAG: ${{ needs.tag.outputs.TAG }} | |
# steps: | |
# - name: Set up dependencies | |
# shell: sh | |
# run: apk add bash gcc make musl-dev perl ncurses-dev ncurses-static tmux file sqlite curl zip wget tar | |
# - name: Checkout | |
# uses: actions/checkout@v4 | |
# - name: Build (${{ env.AMD64_LINUX_MUSL }}) | |
# env: | |
# PREFIX: ${{ env.AMD64_LINUX_MUSL }} | |
# CC: gcc | |
# MAKE: make | |
# RUN_TESTS: true | |
# STATIC_BUILD: "1" | |
# run: ./scripts/ci-build.sh | |
# - name: Prepare build artifacts for upload | |
# run: ./scripts/ci-prepare-artifacts-for-upload.sh | |
# - name: Attest build artifacts for release | |
# if: startsWith(github.ref, 'refs/tags/v') | |
# uses: actions/attest-build-provenance@v2 | |
# with: | |
# subject-path: ${{ env.ARTIFACT_DIR }}/* | |
# - name: Set up GitHub CLI | |
# if: startsWith(github.ref, 'refs/tags/v') | |
# run: | | |
# wget https://github.com/cli/cli/releases/download/v2.63.2/gh_2.63.2_linux_amd64.tar.gz | |
# tar xvf gh_2.63.2_linux_amd64.tar.gz | |
# cp gh_2.63.2_linux_amd64/bin/gh /usr/bin | |
# rm -rf gh_2.63.2_linux_amd64 | |
# - name: Verify attestations of release artifacts | |
# if: startsWith(github.ref, 'refs/tags/v') | |
# run: ./scripts/ci-verify-attestations.sh | |
# - name: Upload (zsv-${{ env.TAG }}-${{ env.AMD64_LINUX_MUSL }}.zip) | |
# uses: actions/upload-artifact@v4 | |
# env: | |
# ARTIFACT_NAME: zsv-${{ env.TAG }}-${{ env.AMD64_LINUX_MUSL }}.zip | |
# with: | |
# name: ${{ env.ARTIFACT_NAME }} | |
# path: ${{ env.ARTIFACT_DIR }}/${{ env.ARTIFACT_NAME }} | |
# retention-days: ${{ env.ARTIFACT_RETENTION_DAYS }} | |
# if-no-files-found: error | |
# - name: Upload (zsv-${{ env.TAG }}-${{ env.AMD64_LINUX_MUSL }}.tar.gz) | |
# uses: actions/upload-artifact@v4 | |
# env: | |
# ARTIFACT_NAME: zsv-${{ env.TAG }}-${{ env.AMD64_LINUX_MUSL }}.tar.gz | |
# with: | |
# name: ${{ env.ARTIFACT_NAME }} | |
# path: ${{ env.ARTIFACT_DIR }}/${{ env.ARTIFACT_NAME }} | |
# retention-days: ${{ env.ARTIFACT_RETENTION_DAYS }} | |
# if-no-files-found: error | |
# - name: Upload release artifacts | |
# if: startsWith(github.ref, 'refs/tags/v') | |
# run: ./scripts/ci-upload-release-artifacts.sh | |
# ghcr: | |
# needs: ci-musl | |
# runs-on: ubuntu-22.04 | |
# permissions: | |
# packages: write | |
# env: | |
# TAG: ${{ needs.ci-musl.outputs.TAG }} | |
# steps: | |
# - name: Checkout | |
# uses: actions/checkout@v4 | |
# with: | |
# sparse-checkout: | | |
# Dockerfile.ci | |
# - name: Download (zsv-${{ env.TAG }}-${{ env.AMD64_LINUX_MUSL }}.zip) | |
# uses: actions/download-artifact@v4 | |
# with: | |
# name: zsv-${{ env.TAG }}-${{ env.AMD64_LINUX_MUSL }}.zip | |
# path: ${{ env.AMD64_LINUX_MUSL }} | |
# - name: Unzip | |
# env: | |
# ZIP: zsv-${{ env.TAG }}-${{ env.AMD64_LINUX_MUSL }}.zip | |
# DIR: ${{ env.AMD64_LINUX_MUSL }} | |
# run: | | |
# cd "$DIR" | |
# unzip -o "$ZIP" | |
# cd .. | |
# mkdir -p ./ci | |
# mv ./"$DIR"/bin/zsv ./ci/ | |
# rm -rf ./"$DIR" | |
# - name: Set up QEMU | |
# uses: docker/setup-qemu-action@v3 | |
# - name: Set up Docker Buildx | |
# uses: docker/setup-buildx-action@v3 | |
# - name: Login to GitHub Container Registry | |
# if: ${{ startsWith(github.ref, 'refs/tags/v') }} | |
# uses: docker/login-action@v3 | |
# with: | |
# registry: ghcr.io | |
# username: ${{ github.repository_owner }} | |
# password: ${{ secrets.GITHUB_TOKEN }} | |
# - name: Build and push (on release) | |
# uses: docker/build-push-action@v6 | |
# env: | |
# DOCKER_BUILD_RECORD_UPLOAD: false | |
# with: | |
# no-cache: true | |
# context: . | |
# file: Dockerfile.ci | |
# platforms: linux/amd64 | |
# push: ${{ startsWith(github.ref, 'refs/tags/v') }} | |
# tags: | | |
# ghcr.io/liquidaty/zsv:${{ env.TAG }} | |
# ghcr.io/liquidaty/zsv:latest | |
# ci-wasm: | |
# needs: [tag, clang-format, cppcheck, shellcheck] | |
# runs-on: ubuntu-22.04 | |
# timeout-minutes: 15 | |
# env: | |
# TAG: ${{ needs.tag.outputs.TAG }} | |
# steps: | |
# - name: Set up emsdk | |
# uses: mymindstorm/setup-emsdk@v14 | |
# - name: Checkout | |
# uses: actions/checkout@v4 | |
# - name: Update version in index.html | |
# run: sed "s|__VERSION__|$TAG|g" -i playground/index.html | |
# - name: Build with SIMD (${{ env.AMD64_LINUX_WASM }}) | |
# env: | |
# PREFIX: ${{ env.AMD64_LINUX_WASM }} | |
# CC: emcc | |
# MAKE: make | |
# RUN_TESTS: false | |
# CONFIGFILE: "config.emcc" | |
# CFLAGS: "-msse2 -msimd128" | |
# CROSS_COMPILING: "yes" | |
# NO_THREADING: "1" | |
# STATIC_BUILD: "1" | |
# run: | | |
# emconfigure ./configure --enable-pic --disable-pie | |
# emmake make install NO_STDIN=1 NO_PLAYGROUND=0 | |
# cp "$PREFIX"/bin/cli.em.{js,wasm} playground | |
# - name: Build without SIMD (${{ env.AMD64_LINUX_WASM }}) | |
# env: | |
# PREFIX: ${{ env.AMD64_LINUX_WASM }} | |
# CC: emcc | |
# MAKE: make | |
# RUN_TESTS: false | |
# CONFIGFILE: "config.emcc" | |
# CROSS_COMPILING: "yes" | |
# NO_THREADING: "1" | |
# STATIC_BUILD: "1" | |
# run: | | |
# emconfigure ./configure --enable-pic --disable-pie | |
# emmake make clean install NO_STDIN=1 NO_PLAYGROUND=0 | |
# mkdir -p playground/non-simd | |
# cp "$PREFIX"/bin/cli.em.{js,wasm} playground/non-simd | |
# - name: Upload GitHub Pages artifacts | |
# uses: actions/upload-pages-artifact@v3 | |
# with: | |
# path: playground | |
# deploy-playground: | |
# if: ${{ github.ref_name == 'main' }} | |
# needs: ci-wasm | |
# runs-on: ubuntu-22.04 | |
# permissions: | |
# pages: write | |
# id-token: write | |
# environment: | |
# name: github-pages | |
# url: ${{ steps.deployment.outputs.page_url }} | |
# steps: | |
# - name: Deploy to GitHub Pages | |
# id: deployment | |
# uses: actions/deploy-pages@v4 | |
macos-codesign: | |
strategy: | |
matrix: | |
os: [macos-13, macos-14] | |
# os: [macos-13] | |
runs-on: ${{ matrix.os }} | |
timeout-minutes: 15 | |
continue-on-error: true | |
steps: | |
- name: Set up zsv+lib | |
id: zsv | |
uses: liquidaty/zsv/setup-action@main | |
- name: List and set ZSV_ROOT env var | |
env: | |
ZSV_INSTALL_PATH: ${{ steps.zsv.outputs.install-path }} | |
run: | | |
ls -hl "$ZSV_INSTALL_PATH"/{bin,include,lib} | |
cp -r $"ZSV_INSTALL_PATH" . | |
echo "ZSV_ROOT=$PWD/zsv" >>"$GITHUB_ENV" | |
- name: Codesign using thirdparty action | |
uses: lando/code-sign-action@v2 | |
with: | |
file: ./zsv/bin/zsv | |
certificate-data: ${{ secrets.MACOS_CERT_P12 }} | |
certificate-password: ${{ secrets.MACOS_CERT_PASSWORD }} | |
apple-notary-user: matt@liquidaty.com | |
apple-notary-password: ${{ secrets.APPLE_APP_SPECIFIC_PASSWORD }} | |
apple-team-id: HXK8Y6Q9K2 | |
apple-product-id: dev.liquidty.zsv | |
options: --options runtime | |
# - name: Install Developer Certificate | |
# env: | |
# MACOS_CERT_P12: ${{ secrets.MACOS_CERT_P12 }} | |
# MACOS_CERT_PASSWORD: ${{ secrets.MACOS_CERT_PASSWORD }} | |
# run: | | |
# echo "$MACOS_CERT_P12" | base64 --decode > cert.p12 | |
# security create-keychain -p actions build.keychain | |
# security default-keychain -s build.keychain | |
# security unlock-keychain -p actions build.keychain | |
# security set-keychain-settings -t 3600 -u build.keychain | |
# if ! security import cert.p12 -k build.keychain -P "$MACOS_CERT_PASSWORD" -A -t cert -f pkcs12 -T /usr/bin/codesign; then | |
# openssl pkcs12 -in cert.p12 -nocerts -out "codesign.key" -nodes -password pass:"$MACOS_CERT_PASSWORD" | |
# openssl pkcs12 -in cert.p12 -clcerts -nokeys -out "codesign.crt" -password pass:"$MACOS_CERT_PASSWORD" | |
# ls -hl codesign.{key,crt} | |
# security import "codesign.key" -k build.keychain -P "" -A -T /usr/bin/codesign | |
# security import "codesign.crt" -k build.keychain -P "" -A -T /usr/bin/codesign | |
# fi | |
# security set-key-partition-list -S apple-tool:,apple: -s -k actions build.keychain | |
# security find-identity -v build.keychain | |
# - name: Codesign | |
# env: | |
# AC: 'Developer ID Application: matt wong (HXK8Y6Q9K2)' | |
# AI: 'dev.liquidaty.zsv' | |
# run: | | |
# find "$ZSV_ROOT" -type f -exec \ | |
# codesign --verbose --deep --force --verify --options=runtime --timestamp \ | |
# --sign "$AC" --identifier "$AI" "$ZSV_ROOT" {} + | |
# codesign --verbose --deep --force --verify --options=runtime --timestamp \ | |
# --identifier "$AI" --sign "$AC" "$ZSV_ROOT" | |
# - name: Notarize | |
# env: | |
# AID: matt@liquidaty.com | |
# ASP: ${{ secrets.APPLE_APP_SPECIFIC_PASSWORD }} | |
# TID: HXK8Y6Q9K2 | |
# ZIP: zsv.zip | |
# run: | | |
# echo "ZIP=$ZIP" >>"$GITHUB_ENV" | |
# cd "$ZSV_ROOT" | |
# zip -r "$ZIP" . | |
# mv "$ZIP" ../ | |
# cd .. | |
# xcrun notarytool submit "$ZIP" \ | |
# --apple-id "$AID" \ | |
# --password "$ASP" \ | |
# --team-id "$TID" \ | |
# --wait | |
- name: Staple | |
run: | | |
xcrun stapler staple -v "$ZIP" | |
xcrun stapler validate "$ZIP" | |
- name: Cleanup | |
run: security delete-keychain build.keychain | |
- name: Upload (${{ env.ZIP }}) | |
uses: actions/upload-artifact@v4 | |
with: | |
name: ${{ env.ZIP }} | |
path: ${{ env.ZIP }} | |
retention-days: 7 | |
if-no-files-found: error |