Skip to content

Initial attempt to swap to Apple's notarytool utility (#405) #1674

Initial attempt to swap to Apple's notarytool utility (#405)

Initial attempt to swap to Apple's notarytool utility (#405) #1674

Workflow file for this run

name: Builds
on:
push:
branches:
- "**"
paths-ignore:
- "**.md"
pull_request:
branches:
- slippi
paths-ignore:
- "**.md"
jobs:
skip_duplicates:
name: Skip Duplicate Runs
runs-on: ubuntu-latest
outputs:
should_skip: ${{ steps.skip_check.outputs.should_skip }}
steps:
- id: skip_check
uses: fkirc/skip-duplicate-actions@master
with:
concurrent_skipping: "same_content"
do_not_skip: '["push", "workflow_dispatch", "schedule"]'
# goal is to prevent merges when the commit is not from the main branch, builds should still succeed
check_rust_commit:
needs: [skip_duplicates]
if: ${{ needs.skip_duplicates.outputs.should_skip != 'true' }}
name: Verify SlippiRustExtensions Commit is in Main
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- name: Main Branch Check
shell: bash
run: |
git submodule update --init Externals/SlippiRustExtensions
cd Externals/SlippiRustExtensions
commit_id=$(git rev-parse HEAD)
git branch --contains $commit_id | grep main
windows:
needs: [skip_duplicates]
if: ${{ needs.skip_duplicates.outputs.should_skip != 'true' }}
strategy:
fail-fast: false
matrix:
build_type: [Netplay, Playback]
include:
- build_type: Netplay
artifact_name: windows-netplay
build_config: Release
- build_type: Playback
artifact_name: windows-playback
build_config: ReleasePlayback
env:
DXSDK_DIR: "C:\\Program Files (x86)\\Microsoft DirectX SDK (June 2010)\\"
ES_USERNAME: ${{ secrets.ES_USERNAME }}
name: "Windows ${{ matrix.build_type }}"
runs-on: windows-2019
steps:
- name: "Checkout"
uses: actions/checkout@v3
with:
submodules: recursive
- id: rust_ver
name: Grab Rust Version
shell: bash
run: echo "rust_ver=$(sed -rn 's/^channel = "(.*)"/\1/p' ./Externals/SlippiRustExtensions/rust-toolchain.toml)" >> "$GITHUB_OUTPUT"
- name: "Install Rust"
uses: actions-rust-lang/setup-rust-toolchain@v1
with:
toolchain: ${{ steps.rust_ver.outputs.rust_ver }} # Pin to our specific Rust version.
rustflags: "" # Disable default injection of warnings = errors.
- name: "(SlippiRustExtensions) Run cargo test"
run: cargo test --all --all-features --manifest-path=Externals/SlippiRustExtensions/Cargo.toml
- name: "Remove Redistributable"
shell: cmd
run: |
MsiExec.exe /passive /X{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}
MsiExec.exe /passive /X{1D8E6291-B0D5-35EC-8441-6616F567A0F7}
mkdir .\Tools\DX
- name: "Setup MSBuild"
uses: microsoft/setup-msbuild@v1
- name: Cache Utils
uses: actions/cache@v3
with:
path: |
./Tools/DX/
./CodeSignTool/
key: ${{ runner.os }}-${{ secrets.CACHE_CONTROL }}
- name: "Download DirectX SDK"
working-directory: ${{ github.workspace }}
shell: powershell
run: |
if (!(Test-Path ".\Tools\DX\DXSDK_Jun10.exe" -PathType Leaf)) { Invoke-WebRequest -Uri https://github.com/project-slippi/Ishiiruka/releases/download/v2.2.5/DXSDK_Jun10.exe -UseBasicParsing -OutFile ".\Tools\DX\DXSDK_Jun10.exe" }
- name: "Install DirectX SDK"
working-directory: ${{ github.workspace }}
shell: cmd
run: |
.\Tools\DX\DXSDK_Jun10.exe /U /F
- name: 'Fetch Git Tags'
shell: bash
if: success()
run: |
git fetch --prune --unshallow
echo "GIT_BRANCH=$(git rev-parse --abbrev-ref HEAD)" >> $GITHUB_ENV
echo "GIT_HASH=$(git rev-parse --short HEAD)" >> $GITHUB_ENV
echo "GIT_TAG=$(git describe --tags --abbrev=0)" >> $GITHUB_ENV
echo "CURR_DATE=$(date +%Y-%m-%d)" >> $GITHUB_ENV
- name: "Build ${{ matrix.build_type }} Dolphin"
shell: cmd
run: |
msbuild /p:Configuration=${{ matrix.build_config }} /p:Platform=x64 ${{ github.workspace }}\Source\Dolphin.sln
- name: "Prepare ${{ matrix.build_type }} Artifact"
working-directory: ${{ github.workspace }}
run: |
Xcopy /Y /E /I .\Data\Sys .\Binary\x64\Sys
cd .\Binary\x64\
fsutil file createnew FIX-VCRUNTIME140-ERROR.txt 0
echo "Download and install this: https://aka.ms/vs/16/release/vc_redist.x64.exe" > .\FIX-VCRUNTIME140-ERROR.txt
- name: "Add Playback codes"
working-directory: ${{ github.workspace }}
if: matrix.build_type == 'Playback'
run: |
Xcopy /Y /E /I .\Data\Sys .\Binary\x64\Sys
Xcopy /Y /E /I .\Data\PlaybackGeckoCodes\* .\Binary\x64\Sys\GameSettings\
- name: "Codesign ${{ matrix.build_type }} Dolphin"
working-directory: ${{ github.workspace }}
shell: powershell
env:
SLIPPI_BUILD_TYPE: ${{ matrix.build_type }}
if: env.ES_USERNAME != null
run: |
$msg = git log -1 --no-merges --pretty=%B
$build_type = $env:SLIPPI_BUILD_TYPE.ToLower()
if ($msg -notmatch "^release:.*" -And $msg -notmatch "^release\($build_type\):.*") {
echo "not release, skipping code signing"
exit 0;
}
mkdir CodeSignTool
cd .\CodeSignTool
if (!(Test-Path ".\CodeSignTool\CodeSignTool.bat" -PathType Leaf)) {
Invoke-WebRequest -Uri https://www.ssl.com/download/codesigntool-for-windows/ -UseBasicParsing -OutFile ".\CodeSignTool.zip"
7z x CodeSignTool.zip
Remove-Item CodeSignTool.zip
}
./CodeSignTool.bat sign -credential_id="${{ secrets.ES_CREDENTIAL_ID }}" -username="${{ secrets.ES_USERNAME }}" -password="${{ secrets.ES_PASSWORD }}" -totp_secret="${{ secrets.ES_TOTP_SECRET }}" -input_file_path="${{ github.workspace }}\Binary\x64\Slippi Dolphin.exe" -override="true"
- name: "Package ${{ matrix.build_type }} Dolphin"
working-directory: ${{ github.workspace }}
run: |
$FILE_NAME="${{ env.CURR_DATE }}-${{ env.GIT_HASH }}-${{ env.GIT_TAG }}-${{ matrix.artifact_name }}.zip"
mkdir artifact
cd .\Binary\x64\
attrib +r Sys\*.* /s
fsutil file createnew portable.txt 0
7z a $FILE_NAME .\*
move $FILE_NAME ..\..\artifact\
- name: "Publish"
if: success()
uses: actions/upload-artifact@v3
with:
name: ${{ matrix.artifact_name }}
path: "./artifact/"
linux:
needs: [skip_duplicates]
if: ${{ needs.skip_duplicates.outputs.should_skip != 'true' }}
strategy:
fail-fast: false
matrix:
build_type: [Netplay, Playback]
include:
- build_type: Netplay
artifact_name: linux-netplay
build_config: netplay
- build_type: Playback
artifact_name: linux-playback
build_config: playback
name: "Ubuntu ${{ matrix.build_type }}"
runs-on: ubuntu-20.04
steps:
- name: "Checkout"
uses: actions/checkout@v3
with:
submodules: recursive
- name: 'Fetch Git Tags'
if: success()
run: |
git fetch --prune --unshallow
echo "GIT_BRANCH=$(git rev-parse --abbrev-ref HEAD)" >> $GITHUB_ENV
echo "GIT_HASH=$(git rev-parse --short HEAD)" >> $GITHUB_ENV
echo "GIT_TAG=$(git describe --tags --abbrev=0)" >> $GITHUB_ENV
echo "CURR_DATE=$(date +%Y-%m-%d)" >> $GITHUB_ENV
- name: "Install prerequisites"
if: success()
shell: bash
run: |
sudo dpkg --add-architecture amd64
sudo apt update
sudo apt install \
cmake \
pkg-config \
git \
wget \
libao-dev \
libasound2-dev \
libavcodec-dev \
libavformat-dev \
libbluetooth-dev \
libenet-dev \
libgtk2.0-dev \
liblzo2-dev \
libminiupnpc-dev \
libopenal-dev \
libpulse-dev \
libreadline-dev \
libsfml-dev \
libsoil-dev \
libsoundtouch-dev \
libswscale-dev \
libusb-1.0-0-dev \
libwebkit2gtk-4.0-dev \
libxext-dev \
libxrandr-dev \
portaudio19-dev \
zlib1g-dev \
libudev-dev \
libevdev-dev \
libmbedtls-dev \
libcurl4-openssl-dev \
libegl1-mesa-dev \
libpng-dev \
qtbase5-private-dev \
libxxf86vm-dev \
x11proto-xinerama-dev
- id: rust_ver
name: Grab Rust Version
shell: bash
run: echo "rust_ver=$(sed -rn 's/^channel = "(.*)"/\1/p' ./Externals/SlippiRustExtensions/rust-toolchain.toml)" >> "$GITHUB_OUTPUT"
- name: "Install Rust"
uses: actions-rust-lang/setup-rust-toolchain@v1
with:
toolchain: ${{ steps.rust_ver.outputs.rust_ver }} # Pin to our specific Rust version.
rustflags: "" # Disable default injection of warnings = errors.
- name: "(SlippiRustExtensions) Run cargo test"
run: cargo test --all --all-features --manifest-path=Externals/SlippiRustExtensions/Cargo.toml
- name: "Build ${{ matrix.build_type }} Dolphin"
if: success()
working-directory: ${{ github.workspace }}
run: |
./build-linux.sh ${{ matrix.build_config }}
- name: "Build ${{ matrix.build_type }} AppImage"
if: success()
working-directory: ${{ github.workspace }}
run: |
chmod +x ./build-appimage.sh
./build-appimage.sh ${{ matrix.build_config }}
- name: "Package"
if: success()
working-directory: ${{ github.workspace }}
run: |
mkdir artifact
FILE_NAME=${{ env.CURR_DATE }}-${{ env.GIT_HASH }}-${{ env.GIT_TAG }}-${{ matrix.artifact_name }}.zip
chmod +x ./*.AppImage
zip -r -j "${FILE_NAME}" ./*.AppImage*
pushd ./AppDir/usr/bin/
zip -r -u "../../../${FILE_NAME}" ./Sys
popd
mv "${FILE_NAME}" ./artifact/
- name: "Publish"
if: success()
uses: actions/upload-artifact@v3
with:
name: ${{ matrix.artifact_name }}
path: "./artifact/"
macOS:
needs: [skip_duplicates]
if: ${{ needs.skip_duplicates.outputs.should_skip != 'true' }}
strategy:
fail-fast: false
matrix:
build_type: [Netplay, Playback]
include:
- build_type: Netplay
artifact_name: macOS-netplay
build_config: netplay
- build_type: Playback
artifact_name: macOS-playback
build_config: playback
name: "macOS ${{ matrix.build_type }}"
runs-on: macos-11
steps:
- name: "Checkout"
uses: actions/checkout@v3
with:
submodules: recursive
- name: 'Fetch Git Tags'
if: success()
run: |
git fetch --prune --unshallow
echo "GIT_BRANCH=$(git rev-parse --abbrev-ref HEAD)" >> $GITHUB_ENV
echo "GIT_HASH=$(git rev-parse --short HEAD)" >> $GITHUB_ENV
echo "GIT_TAG=$(git describe --tags --abbrev=0)" >> $GITHUB_ENV
echo "CURR_DATE=$(date +%Y-%m-%d)" >> $GITHUB_ENV
# - name: "Install 10.14 SDK"
# if: success()
# shell: bash
# working-directory: ${{ github.workspace }}
# run: |
# wget https://github.com/phracker/MacOSX-SDKs/releases/download/10.15/MacOSX10.14.sdk.tar.xz
# tar -xf MacOSX10.14.sdk.tar.xz
# rm MacOSX10.14.sdk.tar.xz
# sudo mv MacOSX10.14.sdk /Applications/Xcode.app/Contents/Developer/Platforms/MacOSX.platform/Developer/SDKs/
- name: "Download and Install prerequisites"
if: success()
shell: bash
run: |
rm '/usr/local/bin/2to3' || true
echo "HOMEBREW_NO_AUTO_UPDATE=1" >> $GITHUB_ENV
brew upgrade cmake
brew install \
ffmpeg@2.8 \
libpng \
pkgconfig \
libao \
sound-touch \
hidapi \
python@3.10
- id: rust_ver
name: Grab Rust Version
shell: bash
run: echo "rust_ver=$(sed -rn 's/^channel = "(.*)"/\1/p' ./Externals/SlippiRustExtensions/rust-toolchain.toml)" >> "$GITHUB_OUTPUT"
- name: "Install Rust"
uses: actions-rust-lang/setup-rust-toolchain@v1
with:
toolchain: ${{ steps.rust_ver.outputs.rust_ver }} # Pin to our specific Rust version.
rustflags: "" # Disable default injection of warnings = errors.
- name: "(SlippiRustExtensions) Run cargo test"
run: cargo test --all --all-features --manifest-path=Externals/SlippiRustExtensions/Cargo.toml
- name: "Build ${{ matrix.build_type }} Dolphin"
if: success()
shell: bash
working-directory: ${{ github.workspace }}
env:
CERTIFICATE_MACOS_APPLICATION: ${{ secrets.CERTIFICATE_MACOS_APPLICATION }}
run: |
export LIBRARY_PATH=$LIBRARY_PATH:/usr/local/lib
chmod +x ./build-mac.sh && ./build-mac.sh ${{ matrix.build_config }}
mkdir artifact
FILE_NAME=${{ env.CURR_DATE }}-${{ env.GIT_HASH }}-${{ env.GIT_TAG }}-${{ matrix.artifact_name }}
echo "FILE_NAME=$FILE_NAME" >> $GITHUB_ENV
- name: "Codesign ${{ matrix.build_type}} Dolphin"
if: success() && env.CERTIFICATE_MACOS_APPLICATION != null
shell: bash
working-directory: ${{ github.workspace }}
env:
CERTIFICATE_MACOS_APPLICATION: ${{ secrets.CERTIFICATE_MACOS_APPLICATION }}
CERTIFICATE_MACOS_PASSWORD: ${{ secrets.CERTIFICATE_MACOS_PASSWORD }}
run: |
chmod +x Tools/load-macos-certs-ci.sh && ./Tools/load-macos-certs-ci.sh
mkdir -p ~/private_keys/
echo '${{ secrets.APPLE_CONNECT_API_KEY }}' > ~/private_keys/AuthKey_${{ secrets.APPLE_API_KEY_ID }}.p8
/usr/bin/codesign -f -s "${{ secrets.APPLE_IDENTITY_HASH }}" --deep --options runtime --entitlements Source/Core/DolphinWX/Entitlements.plist ./build/Binaries/Slippi\ Dolphin.app
- name: "Package ${{ matrix.build_type }} Release DMG"
if: success()
shell: bash
working-directory: ${{ github.workspace }}
run: |
rm build/Binaries/traversal_server
chmod +x Tools/create-dmg/run.sh
./Tools/create-dmg/run.sh --no-internet-enable \
--volname "Slippi Dolphin Installer" \
--volicon "Data/slippi_dmg_icon.icns" \
--background "Data/slippi_dmg_background.png" \
--text-size 14 \
--window-pos 200 120 \
--window-size 590 610 \
--icon-size 100 \
--app-drop-link 440 196 \
--icon "Slippi Dolphin.app" 140 196 \
--hide-extension "Slippi Dolphin.app" \
"${{ env.FILE_NAME }}.dmg" \
"./build/Binaries/"
mv "${{ env.FILE_NAME }}.dmg" artifact/
- name: "Sign and Notarize ${{ matrix.build_type }} Release DMG"
if: success() && env.CERTIFICATE_MACOS_APPLICATION != null
shell: bash
working-directory: ${{ github.workspace }}
env:
APPLE_API_KEY: ${{ secrets.APPLE_API_KEY_ID }}
APPLE_ISSUER_ID: ${{ secrets.APPLE_ISSUER_ID }}
CERTIFICATE_MACOS_APPLICATION: ${{ secrets.CERTIFICATE_MACOS_APPLICATION }}
run: |
/usr/bin/codesign -f -s "${{ secrets.APPLE_IDENTITY_HASH }}" --deep --options runtime ./artifact/${{ env.FILE_NAME }}.dmg
chmod +x Tools/notarize_netplay.sh && ./Tools/notarize_netplay.sh ./artifact/${{ env.FILE_NAME }}.dmg
- name: "Publish"
if: success()
uses: actions/upload-artifact@v3
with:
name: ${{ matrix.artifact_name }}
path: "./artifact/"
#- name: "Enable Admin Debugging via SSH (if failed)"
# if: failure()
# uses: luchihoratiu/debug-via-ssh@main
# with:
# NGROK_AUTH_TOKEN: ${{ secrets.NGROK_TOKEN }}
# SSH_PASS: ${{ secrets.NGROK_PASS }}