⚗ [CI] Try fix MacOS signing #8
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: "Release Installer" | |
on: | |
push: | |
tags: | |
- "*" | |
env: | |
cmake_configure_args: "" # -D WARNINGS_AS_ERRORS_FOR_COOLLAB_LAUNCHER=ON # TODO(Launcher) Check warnings | |
cmakelists_folder: "." | |
cmake_target: Coollab-Launcher | |
jobs: | |
create-release-executables: | |
name: ${{matrix.config.name}} | |
runs-on: ${{matrix.config.os}} | |
strategy: | |
fail-fast: false | |
matrix: | |
config: | |
- { | |
name: Windows, | |
os: windows-latest, | |
cmake_configure_args: -D CMAKE_C_COMPILER=cl CMAKE_CXX_COMPILER=cl -G Ninja, | |
cpack_generator: NSIS, | |
installer_name: Coollab-Launcher-Windows.exe, | |
} | |
- { | |
name: Linux, | |
os: ubuntu-latest, | |
cmake_configure_args: -D CMAKE_C_COMPILER=clang -D CMAKE_CXX_COMPILER=clang++ -G Ninja, | |
cpack_generator: STGZ, | |
installer_name: Coollab-Launcher-Linux.sh, | |
} | |
- { | |
name: MacOS, | |
os: macos-latest, | |
cmake_configure_args: -D CMAKE_C_COMPILER=clang -D CMAKE_CXX_COMPILER=clang++ -G Ninja -DOPENSSL_ROOT_DIR=/usr/local/opt/openssl -DOPENSSL_LIBRARIES=/usr/local/opt/openssl/lib, | |
cpack_generator: Bundle, | |
installer_name: Coollab-Launcher-MacOS.dmg, | |
} | |
steps: | |
- name: Import signing certificate | |
if: runner.os == 'MacOS' | |
env: | |
MACOS_CERT_P12: ${{ secrets.MACOS_CERT_P12 }} | |
MACOS_CERT_PASSWORD: ${{ secrets.MACOS_CERT_PASSWORD }} | |
MACOS_CERT_KEYCHAIN_PASSWORD: ${{ secrets.MACOS_CERT_KEYCHAIN_PASSWORD }} | |
run: | | |
echo "$MACOS_CERT_P12" | base64 --decode > macos_cert.p12 | |
security create-keychain -p "$MACOS_CERT_KEYCHAIN_PASSWORD" build.keychain | |
security import macos_cert.p12 -k build.keychain -P "$MACOS_CERT_PASSWORD" -T /usr/bin/codesign | |
security list-keychains -s build.keychain | |
security set-keychain-settings -t 3600 -u build.keychain | |
security unlock-keychain -p "$MACOS_CERT_KEYCHAIN_PASSWORD" build.keychain | |
security find-identity -v -p codesigning build.keychain | |
- uses: actions/checkout@v3 | |
with: | |
submodules: recursive | |
- uses: mjp41/workaround8649@c8550b715ccdc17f89c8d5c28d7a48eeff9c94a8 # Temporary workaround for Linux Clang not working atm. See https://github.com/actions/runner-images/issues/8659 | |
with: | |
os: ${{ matrix.config.os }} | |
- name: Set up MSVC # NOTE: required to find cl.exe when using the Ninja generator. And we need to use Ninja in order for ccache to be able to cache stuff with MSVC. | |
if: matrix.config.name == 'Windows' | |
uses: ilammy/[email protected] | |
- name: ccache | |
uses: hendrikmuhs/ccache-action@main | |
with: | |
key: ${{matrix.config.name}} Clang-Release # Key name should match the one used in build_and_run_tests.yml so that we can reuse its cache. | |
- name: Install Linux dependencies | |
if: runner.os == 'Linux' | |
run: | | |
sudo apt-get update -y | |
sudo apt-get install -y libgtk-3-dev | |
- name: Install MacOS dependencies | |
if: runner.os == 'MacOS' | |
run: | | |
brew install openssl | |
- name: Build | |
uses: lukka/run-cmake@v3 | |
with: | |
cmakeListsOrSettingsJson: CMakeListsTxtAdvanced | |
cmakeListsTxtPath: ${{github.workspace}}/${{env.cmakelists_folder}}/CMakeLists.txt | |
cmakeAppendedArgs: ${{env.cmake_configure_args}} -D CPACK_GENERATOR=${{matrix.config.cpack_generator}} -D CMAKE_BUILD_TYPE=Release ${{matrix.config.cmake_configure_args}} -D CMAKE_C_COMPILER_LAUNCHER=ccache -D CMAKE_CXX_COMPILER_LAUNCHER=ccache | |
buildWithCMakeArgs: --config Release --target ${{env.cmake_target}} | |
cmakeBuildType: Release | |
buildDirectory: ${{github.workspace}}/build | |
- name: Sign the application | |
if: runner.os == 'MacOS' | |
env: | |
MACOS_CERT_KEYCHAIN_PASSWORD: ${{ secrets.MACOS_CERT_KEYCHAIN_PASSWORD }} | |
run: | | |
security unlock-keychain -p "$MACOS_CERT_KEYCHAIN_PASSWORD" build.keychain | |
codesign --deep --force --verify --verbose --sign "Jules Fouchy" ${{github.workspace}}/bin/Release/Coollab-Launcher | |
- name: Create Installer | |
run: | | |
cd ${{github.workspace}}/build | |
cpack | |
- name: Release | |
uses: softprops/action-gh-release@v1 | |
with: | |
files: | | |
${{runner.os != 'Windows' && github.workspace || ''}}${{runner.os != 'Windows' && '/' || ''}}build/${{matrix.config.installer_name}} |