From 19c5c34dac5e3f90c02aee65b99ac2c11d8d349a Mon Sep 17 00:00:00 2001
From: Allen Byrne <50328838+byrnHDF@users.noreply.github.com>
Date: Thu, 15 Aug 2024 15:53:00 -0500
Subject: [PATCH] Use latest osx binaries for building (#311)
* Use latest osx binaries for building
* Add msi signing and mac latest binaries
* Add check for signing capability
---
.github/workflows/ant-app.yml | 133 ++++++++++++++++-----------
.github/workflows/ant.yml | 138 ++++++++++++++++------------
.github/workflows/daily-build.yml | 12 +++
.github/workflows/release-files.yml | 4 +-
build.xml | 46 +++++-----
5 files changed, 197 insertions(+), 136 deletions(-)
diff --git a/.github/workflows/ant-app.yml b/.github/workflows/ant-app.yml
index 104086df..a01a2243 100644
--- a/.github/workflows/ant-app.yml
+++ b/.github/workflows/ant-app.yml
@@ -37,16 +37,51 @@ on:
required: true
KEYCHAIN_PASSWD:
required: true
+ AZURE_TENANT_ID:
+ required: true
+ AZURE_CLIENT_ID:
+ required: true
+ AZURE_CLIENT_SECRET:
+ required: true
+ AZURE_ENDPOINT:
+ required: true
+ AZURE_CODE_SIGNING_NAME:
+ required: true
+ AZURE_CERT_PROFILE_NAME:
+ required: true
permissions:
contents: read
jobs:
+ check-secret:
+ name: Check Secrets exists
+ runs-on: ubuntu-latest
+ outputs:
+ sign-state: ${{ steps.set-signing-state.outputs.BINSIGN }}
+ steps:
+ - name: Identify Signing Status
+ id: set-signing-state
+ env:
+ signing_secret: ${{ secrets.AZURE_ENDPOINT }}
+ run: |
+ if [[ '${{ env.signing_secret }}' == '' ]]
+ then
+ SIGN_VAL=$(echo 'notexists')
+ else
+ SIGN_VAL=$(echo 'exists')
+ fi
+ echo "BINSIGN=$SIGN_VAL" >> $GITHUB_OUTPUT
+ shell: bash
+
+ - run: echo "signing is ${{ steps.set-signing-state.outputs.BINSIGN }}."
+
build_and_test_win:
# Windows w/ MSVC + CMake
#
name: "Windows MSVC CTest"
runs-on: windows-latest
+ needs: [check-secret]
steps:
- uses: actions/checkout@v4
@@ -174,8 +209,8 @@ jobs:
- name: Get zip-tarball (Windows)
uses: actions/download-artifact@c850b930e6ba138125429b7e5c93fc707a7f8427 # v4.1.4
with:
- name: zip-tarball
- path: ${{ github.workspace }}
+ name: zip-tarball
+ path: ${{ github.workspace }}
- name: using powershell
shell: pwsh
@@ -183,8 +218,8 @@ jobs:
- name: List files for the space (Windows)
run: |
- Get-ChildItem -Path ${{ github.workspace }}
- Get-ChildItem -Path ${{ runner.workspace }}
+ Get-ChildItem -Path ${{ github.workspace }}
+ Get-ChildItem -Path ${{ runner.workspace }}
shell: pwsh
- name: Uncompress source (Windows)
@@ -192,10 +227,34 @@ jobs:
run: 7z x ${{ steps.set-file-base.outputs.FILE_BASE }}.zip
shell: bash
+ - name: Install TrustedSigning (Windows)
+ run: |
+ Invoke-WebRequest -Uri https://dist.nuget.org/win-x86-commandline/latest/nuget.exe -OutFile .\nuget.exe
+ .\nuget.exe install Microsoft.Windows.SDK.BuildTools -Version 10.0.22621.3233 -x
+ .\nuget.exe install Microsoft.Trusted.Signing.Client -Version 1.0.53 -x
+ Install-Module -Name TrustedSigning -RequiredVersion 0.3.8
+ shell: pwsh
+ if: ${{ needs.check-secret.outputs.sign-state == 'exists' }}
+
+ - name: create-json
+ id: create-json
+ uses: jsdaniell/create-json@v1.2.3
+ with:
+ name: "credentials.json"
+ json: '{"Endpoint": "${{ secrets.AZURE_ENDPOINT }}","CodeSigningAccountName": "${{ secrets.AZURE_CODE_SIGNING_NAME }}","CertificateProfileName": "${{ secrets.AZURE_CERT_PROFILE_NAME }}"}'
+ if: ${{ needs.check-secret.outputs.sign-state == 'exists' }}
+
- name: Build with Ant
env:
HDFLIBS: ${{ steps.set-hdflib-name.outputs.HDFLIB_ENV }}
HDF5LIBS: ${{ steps.set-hdf5lib-name.outputs.HDF5LIB_ENV }}
+ BINSIGN: ${{ steps.set-signing-state.outputs.BINSIGN }}
+ AZURE_TENANT_ID: ${{ secrets.AZURE_TENANT_ID }}
+ AZURE_CLIENT_ID: ${{ secrets.AZURE_CLIENT_ID }}
+ AZURE_CLIENT_SECRET: ${{ secrets.AZURE_CLIENT_SECRET }}
+ AZURE_ENDPOINT: ${{ secrets.AZURE_ENDPOINT }}
+ AZURE_CODE_SIGNING_NAME: ${{ secrets.AZURE_CODE_SIGNING_NAME }}
+ AZURE_CERT_PROFILE_NAME: ${{ secrets.AZURE_CERT_PROFILE_NAME }}
run: |
ant -noinput -buildfile build.xml binaryAppPackage
shell: bash
@@ -251,6 +310,7 @@ jobs:
#
name: "Ubuntu gcc CMake"
runs-on: ubuntu-latest
+ needs: [check-secret]
steps:
- uses: actions/checkout@v4
@@ -304,7 +364,7 @@ jobs:
version: 'tags/${{ inputs.use_hdf5 }}'
file: '${{ inputs.name_hdf5 }}-ubuntu-2204_gcc.tar.gz'
- - name: Get hdf5 release
+ - name: Get hdf5 snapshot
if: ${{ (inputs.use_environ == 'snapshots') }}
uses: dsaltares/fetch-gh-release-asset@master
with:
@@ -419,7 +479,8 @@ jobs:
# mac (osx) w/ clang + ant
#
name: "mac clang CMake"
- runs-on: macos-13
+ runs-on: macos-latest
+ needs: [check-secret]
steps:
- uses: actions/checkout@v4
@@ -443,6 +504,7 @@ jobs:
# import certificate to keychain
security -v import $CERTIFICATE_PATH -P $P12_PASSWORD -A -t cert -f pkcs12 -k $KEYCHAIN_FILE
security -v set-key-partition-list -S apple-tool:,codesign:,apple: -k $KEYCHAIN_PASSWD $KEYCHAIN_FILE
+ if: ${{ needs.check-secret.outputs.sign-state == 'exists' }}
- name: Set up JDK 21
uses: actions/setup-java@v4
@@ -451,40 +513,20 @@ jobs:
distribution: 'temurin'
- name: Get hdf4 release
- continue-on-error: true
- if: ${{ (inputs.use_environ == 'release') }}
- uses: dsaltares/fetch-gh-release-asset@master
- with:
- repo: 'HDFGroup/hdf4'
- version: 'tags/${{ inputs.use_hdf }}'
- file: '${{ inputs.use_hdf }}-osx.tar.gz'
-
- - name: Get hdf4 release osx12
- continue-on-error: true
if: ${{ (inputs.use_environ == 'release') }}
uses: dsaltares/fetch-gh-release-asset@master
with:
repo: 'HDFGroup/hdf4'
version: 'tags/${{ inputs.use_hdf }}'
- file: '${{ inputs.use_hdf }}-osx12.tar.gz'
-
- - name: Get hdf4 release
- continue-on-error: true
- if: ${{ (inputs.use_environ == 'snapshots') }}
- uses: dsaltares/fetch-gh-release-asset@master
- with:
- repo: 'HDFGroup/hdf4'
- version: 'tags/snapshot'
- file: '${{ inputs.use_hdf }}-osx.tar.gz'
+ file: '${{ inputs.use_hdf }}-macos14_clang.tar.gz'
- - name: Get hdf4 snapshot osx12
- continue-on-error: true
+ - name: Get hdf4 snapshot
if: ${{ (inputs.use_environ == 'snapshots') }}
uses: dsaltares/fetch-gh-release-asset@master
with:
repo: 'HDFGroup/hdf4'
version: 'tags/snapshot'
- file: '${{ inputs.use_hdf }}-osx12.tar.gz'
+ file: '${{ inputs.use_hdf }}-macos14_clang.tar.gz'
- name: List files for the space (mac)
run: |
@@ -492,7 +534,7 @@ jobs:
ls ${{ runner.workspace }}
- name: Uncompress gh binary (mac)
- run: tar -zxvf ${{ github.workspace }}/${{ inputs.use_hdf }}-osx*.tar.gz
+ run: tar -zxvf ${{ github.workspace }}/${{ inputs.use_hdf }}-macos14_clang*.tar.gz
- name: Uncompress hdf4 binary (mac)
run: |
@@ -507,40 +549,20 @@ jobs:
echo "HDFLIB_ENV=$HDFDIR$FILE_NAME_HDF" >> $GITHUB_OUTPUT
- name: Get hdf5 release
- continue-on-error: true
if: ${{ (inputs.use_environ == 'release') }}
uses: dsaltares/fetch-gh-release-asset@master
with:
repo: 'HDFGroup/hdf5'
version: 'tags/${{ inputs.use_hdf5 }}'
- file: '${{ inputs.name_hdf5 }}-osx.tar.gz'
-
- - name: Get hdf5 release osx12
- continue-on-error: true
- if: ${{ (inputs.use_environ == 'release') }}
- uses: dsaltares/fetch-gh-release-asset@master
- with:
- repo: 'HDFGroup/hdf5'
- version: 'tags/${{ inputs.use_hdf5 }}'
- file: '${{ inputs.name_hdf5 }}-osx12.tar.gz'
+ file: '${{ inputs.name_hdf5 }}-macos14_clang.tar.gz'
- name: Get hdf5 snapshot
- continue-on-error: true
- if: ${{ (inputs.use_environ == 'snapshots') }}
- uses: dsaltares/fetch-gh-release-asset@master
- with:
- repo: 'HDFGroup/hdf5'
- version: 'tags/snapshot'
- file: '${{ inputs.name_hdf5 }}-osx.tar.gz'
-
- - name: Get hdf5 snapshot osx12
- continue-on-error: true
if: ${{ (inputs.use_environ == 'snapshots') }}
uses: dsaltares/fetch-gh-release-asset@master
with:
repo: 'HDFGroup/hdf5'
version: 'tags/snapshot'
- file: '${{ inputs.name_hdf5 }}-osx12.tar.gz'
+ file: '${{ inputs.name_hdf5 }}-macos14_clang.tar.gz'
- name: List files for the space (mac)
run: |
@@ -548,7 +570,7 @@ jobs:
ls ${{ runner.workspace }}
- name: Uncompress gh binary (mac)
- run: tar -zxvf ${{ github.workspace }}/${{ inputs.name_hdf5 }}-osx*.tar.gz
+ run: tar -zxvf ${{ github.workspace }}/${{ inputs.name_hdf5 }}-macos14_clang*.tar.gz
- name: Uncompress hdf5 binary (mac)
run: |
@@ -599,6 +621,7 @@ jobs:
env:
HDFLIBS: ${{ steps.set-hdflib-name.outputs.HDFLIB_ENV }}
HDF5LIBS: ${{ steps.set-hdf5lib-name.outputs.HDF5LIB_ENV }}
+ BINSIGN: ${{ steps.set-signing-state.outputs.BINSIGN }}
KEYCHAIN_PASSWD: ${{ secrets.KEYCHAIN_PASSWD }}
KEYCHAIN_NAME: ${{ vars.KEYCHAIN_NAME }}
SIGNER: ${{ vars.SIGNER }}
@@ -631,7 +654,7 @@ jobs:
- name: Save published snapshot-app binary (mac)
uses: actions/upload-artifact@v4
with:
- name: tgz-osx-app-binary
+ name: tgz-macos14_clang-app-binary
path: ${{ github.workspace }}/build/dist/${{ steps.set-file-base.outputs.FILE_BASE }}App-Darwin.tar.gz
if-no-files-found: error # 'warn' or 'ignore' are also available, defaults to `warn`
if: ${{ (inputs.use_environ == 'snapshots') }}
@@ -640,7 +663,7 @@ jobs:
- name: Save published release-app binary (mac)
uses: actions/upload-artifact@v4
with:
- name: tgz-osx-app-binary
+ name: tgz-macos14_clang-app-binary
path: ${{ github.workspace }}/build/dist/${{ inputs.snap_name }}App-Darwin.tar.gz
if-no-files-found: error # 'warn' or 'ignore' are also available, defaults to `warn`
if: ${{ (inputs.use_environ == 'release') }}
diff --git a/.github/workflows/ant.yml b/.github/workflows/ant.yml
index 6f0cdd60..f4c021a0 100644
--- a/.github/workflows/ant.yml
+++ b/.github/workflows/ant.yml
@@ -37,16 +37,51 @@ on:
required: true
KEYCHAIN_PASSWD:
required: true
+ AZURE_TENANT_ID:
+ required: true
+ AZURE_CLIENT_ID:
+ required: true
+ AZURE_CLIENT_SECRET:
+ required: true
+ AZURE_ENDPOINT:
+ required: true
+ AZURE_CODE_SIGNING_NAME:
+ required: true
+ AZURE_CERT_PROFILE_NAME:
+ required: true
permissions:
contents: read
jobs:
+ check-secret:
+ name: Check Secrets exists
+ runs-on: ubuntu-latest
+ outputs:
+ sign-state: ${{ steps.set-signing-state.outputs.BINSIGN }}
+ steps:
+ - name: Identify Signing Status
+ id: set-signing-state
+ env:
+ signing_secret: ${{ secrets.AZURE_ENDPOINT }}
+ run: |
+ if [[ '${{ env.signing_secret }}' == '' ]]
+ then
+ SIGN_VAL=$(echo 'notexists')
+ else
+ SIGN_VAL=$(echo 'exists')
+ fi
+ echo "BINSIGN=$SIGN_VAL" >> $GITHUB_OUTPUT
+ shell: bash
+
+ - run: echo "signing is ${{ steps.set-signing-state.outputs.BINSIGN }}."
+
build_and_test_win:
# Windows w/ MSVC + CMake
#
name: "Windows MSVC CTest"
runs-on: windows-latest
+ needs: [check-secret]
steps:
- uses: actions/checkout@v4
@@ -59,7 +94,7 @@ jobs:
- name: Enable Developer Command Prompt
uses: ilammy/msvc-dev-cmd@v1.13.0
- - name: Get hdf4 snapshot
+ - name: Get hdf4 release
if: ${{ (inputs.use_environ == 'release') }}
uses: dsaltares/fetch-gh-release-asset@master
with:
@@ -105,7 +140,7 @@ jobs:
echo "HDFLIB_ENV=$HDFDIR" >> $GITHUB_OUTPUT
shell: bash
- - name: Get hdf5 snapshot
+ - name: Get hdf5 release
if: ${{ (inputs.use_environ == 'release') }}
uses: dsaltares/fetch-gh-release-asset@master
with:
@@ -174,8 +209,8 @@ jobs:
- name: Get zip-tarball (Windows)
uses: actions/download-artifact@c850b930e6ba138125429b7e5c93fc707a7f8427 # v4.1.4
with:
- name: zip-tarball
- path: ${{ github.workspace }}
+ name: zip-tarball
+ path: ${{ github.workspace }}
- name: using powershell
shell: pwsh
@@ -183,8 +218,8 @@ jobs:
- name: List files for the space (Windows)
run: |
- Get-ChildItem -Path ${{ github.workspace }}
- Get-ChildItem -Path ${{ runner.workspace }}
+ Get-ChildItem -Path ${{ github.workspace }}
+ Get-ChildItem -Path ${{ runner.workspace }}
shell: pwsh
- name: Uncompress source (Windows)
@@ -192,10 +227,35 @@ jobs:
run: 7z x ${{ steps.set-file-base.outputs.FILE_BASE }}.zip
shell: bash
+ - name: Install TrustedSigning (Windows)
+ run: |
+ Invoke-WebRequest -Uri https://dist.nuget.org/win-x86-commandline/latest/nuget.exe -OutFile .\nuget.exe
+ .\nuget.exe install Microsoft.Windows.SDK.BuildTools -Version 10.0.22621.3233 -x
+ .\nuget.exe install Microsoft.Trusted.Signing.Client -Version 1.0.53 -x
+ Install-Module -Name TrustedSigning -RequiredVersion 0.3.8
+ shell: pwsh
+ if: ${{ needs.check-secret.outputs.sign-state == 'exists' }}
+
+ - name: create-json
+ id: create-json
+ uses: jsdaniell/create-json@v1.2.3
+ with:
+ name: "credentials.json"
+ json: '{"Endpoint": "${{ secrets.AZURE_ENDPOINT }}","CodeSigningAccountName": "${{ secrets.AZURE_CODE_SIGNING_NAME }}","CertificateProfileName": "${{ secrets.AZURE_CERT_PROFILE_NAME }}"}'
+ if: ${{ needs.check-secret.outputs.sign-state == 'exists' }}
+
- name: Build with Ant
env:
HDFLIBS: ${{ steps.set-hdflib-name.outputs.HDFLIB_ENV }}
HDF5LIBS: ${{ steps.set-hdf5lib-name.outputs.HDF5LIB_ENV }}
+ BINSIGN: ${{ steps.set-signing-state.outputs.BINSIGN }}
+ AZURE_TENANT_ID: ${{ secrets.AZURE_TENANT_ID }}
+ AZURE_CLIENT_ID: ${{ secrets.AZURE_CLIENT_ID }}
+ AZURE_CLIENT_SECRET: ${{ secrets.AZURE_CLIENT_SECRET }}
+ AZURE_ENDPOINT: ${{ secrets.AZURE_ENDPOINT }}
+ AZURE_CODE_SIGNING_NAME: ${{ secrets.AZURE_CODE_SIGNING_NAME }}
+ AZURE_CERT_PROFILE_NAME: ${{ secrets.AZURE_CERT_PROFILE_NAME }}
+ SIGNTOOLDIR: ${{ runner.workspace }}/Microsoft.Windows.SDK.BuildTools.10.0.22621.3233/tools/sign
run: |
ant -noinput -buildfile build.xml binaryPackage
shell: bash
@@ -243,6 +303,7 @@ jobs:
#
name: "Ubuntu gcc CMake"
runs-on: ubuntu-latest
+ needs: [check-secret]
steps:
- uses: actions/checkout@v4
@@ -252,7 +313,7 @@ jobs:
java-version: '21'
distribution: 'temurin'
- - name: Get hdf4 snapshot
+ - name: Get hdf4 release
if: ${{ (inputs.use_environ == 'release') }}
uses: dsaltares/fetch-gh-release-asset@master
with:
@@ -296,7 +357,7 @@ jobs:
version: 'tags/${{ inputs.use_hdf5 }}'
file: '${{ inputs.name_hdf5 }}-ubuntu-2204_gcc.tar.gz'
- - name: Get hdf5 release
+ - name: Get hdf5 snapshot
if: ${{ (inputs.use_environ == 'snapshots') }}
uses: dsaltares/fetch-gh-release-asset@master
with:
@@ -403,7 +464,8 @@ jobs:
# mac (osx) w/ clang + ant
#
name: "mac clang CMake"
- runs-on: macos-13
+ runs-on: macos-latest
+ needs: [check-secret]
steps:
- uses: actions/checkout@v4
@@ -427,6 +489,7 @@ jobs:
# import certificate to keychain
security -v import $CERTIFICATE_PATH -P $P12_PASSWORD -A -t cert -f pkcs12 -k $KEYCHAIN_FILE
security -v set-key-partition-list -S apple-tool:,codesign:,apple: -k $KEYCHAIN_PASSWD $KEYCHAIN_FILE
+ if: ${{ needs.check-secret.outputs.sign-state == 'exists' }}
- name: Set up JDK 21
uses: actions/setup-java@v4
@@ -435,40 +498,20 @@ jobs:
distribution: 'temurin'
- name: Get hdf4 release
- continue-on-error: true
- if: ${{ (inputs.use_environ == 'release') }}
- uses: dsaltares/fetch-gh-release-asset@master
- with:
- repo: 'HDFGroup/hdf4'
- version: 'tags/${{ inputs.use_hdf }}'
- file: '${{ inputs.use_hdf }}-osx.tar.gz'
-
- - name: Get hdf4 release osx12
- continue-on-error: true
if: ${{ (inputs.use_environ == 'release') }}
uses: dsaltares/fetch-gh-release-asset@master
with:
repo: 'HDFGroup/hdf4'
version: 'tags/${{ inputs.use_hdf }}'
- file: '${{ inputs.use_hdf }}-osx12.tar.gz'
+ file: '${{ inputs.use_hdf }}-macos14_clang.tar.gz'
- name: Get hdf4 snapshot
- continue-on-error: true
- if: ${{ (inputs.use_environ == 'snapshots') }}
- uses: dsaltares/fetch-gh-release-asset@master
- with:
- repo: 'HDFGroup/hdf4'
- version: 'tags/snapshot'
- file: '${{ inputs.use_hdf }}-osx.tar.gz'
-
- - name: Get hdf4 snapshot osx12
- continue-on-error: true
if: ${{ (inputs.use_environ == 'snapshots') }}
uses: dsaltares/fetch-gh-release-asset@master
with:
repo: 'HDFGroup/hdf4'
version: 'tags/snapshot'
- file: '${{ inputs.use_hdf }}-osx12.tar.gz'
+ file: '${{ inputs.use_hdf }}-macos14_clang.tar.gz'
- name: List files for the space (mac)
run: |
@@ -476,7 +519,7 @@ jobs:
ls ${{ runner.workspace }}
- name: Uncompress gh binary (mac)
- run: tar -zxvf ${{ github.workspace }}/${{ inputs.use_hdf }}-osx*.tar.gz
+ run: tar -zxvf ${{ github.workspace }}/${{ inputs.use_hdf }}-macos14_clang*.tar.gz
- name: Uncompress hdf4 binary (mac)
run: |
@@ -491,40 +534,20 @@ jobs:
echo "HDFLIB_ENV=$HDFDIR$FILE_NAME_HDF" >> $GITHUB_OUTPUT
- name: Get hdf5 release
- continue-on-error: true
if: ${{ (inputs.use_environ == 'release') }}
uses: dsaltares/fetch-gh-release-asset@master
with:
repo: 'HDFGroup/hdf5'
version: 'tags/${{ inputs.use_hdf5 }}'
- file: '${{ inputs.name_hdf5 }}-osx.tar.gz'
-
- - name: Get hdf5 release osx12
- continue-on-error: true
- if: ${{ (inputs.use_environ == 'release') }}
- uses: dsaltares/fetch-gh-release-asset@master
- with:
- repo: 'HDFGroup/hdf5'
- version: 'tags/${{ inputs.use_hdf5 }}'
- file: '${{ inputs.name_hdf5 }}-osx12.tar.gz'
+ file: '${{ inputs.name_hdf5 }}-macos14_clang.tar.gz'
- name: Get hdf5 snapshot
- continue-on-error: true
- if: ${{ (inputs.use_environ == 'snapshots') }}
- uses: dsaltares/fetch-gh-release-asset@master
- with:
- repo: 'HDFGroup/hdf5'
- version: 'tags/snapshot'
- file: '${{ inputs.name_hdf5 }}-osx.tar.gz'
-
- - name: Get hdf5 snapshot osx12
- continue-on-error: true
if: ${{ (inputs.use_environ == 'snapshots') }}
uses: dsaltares/fetch-gh-release-asset@master
with:
repo: 'HDFGroup/hdf5'
version: 'tags/snapshot'
- file: '${{ inputs.name_hdf5 }}-osx12.tar.gz'
+ file: '${{ inputs.name_hdf5 }}-macos14_clang.tar.gz'
- name: List files for the space (mac)
run: |
@@ -532,7 +555,7 @@ jobs:
ls ${{ runner.workspace }}
- name: Uncompress gh binary (mac)
- run: tar -zxvf ${{ github.workspace }}/${{ inputs.name_hdf5 }}-osx*.tar.gz
+ run: tar -zxvf ${{ github.workspace }}/${{ inputs.name_hdf5 }}-macos14_clang*.tar.gz
- name: Uncompress hdf5 binary (mac)
run: |
@@ -583,6 +606,7 @@ jobs:
env:
HDFLIBS: ${{ steps.set-hdflib-name.outputs.HDFLIB_ENV }}
HDF5LIBS: ${{ steps.set-hdf5lib-name.outputs.HDF5LIB_ENV }}
+ BINSIGN: ${{ steps.set-signing-state.outputs.BINSIGN }}
KEYCHAIN_PASSWD: ${{ secrets.KEYCHAIN_PASSWD }}
KEYCHAIN_NAME: ${{ vars.KEYCHAIN_NAME }}
SIGNER: ${{ vars.SIGNER }}
@@ -607,7 +631,7 @@ jobs:
- name: Save published snapshot binary (mac)
uses: actions/upload-artifact@v4
with:
- name: tgz-osx-binary
+ name: tgz-macos14_clang-binary
path: ${{ github.workspace }}/build/dist/${{ steps.set-file-base.outputs.FILE_BASE }}-Darwin.tar.gz
if-no-files-found: error # 'warn' or 'ignore' are also available, defaults to `warn`
if: ${{ (inputs.use_environ == 'snapshots') }}
@@ -616,7 +640,7 @@ jobs:
- name: Save published release binary (mac)
uses: actions/upload-artifact@v4
with:
- name: tgz-osx-binary
+ name: tgz-macos14_clang-binary
path: ${{ github.workspace }}/build/dist/${{ inputs.snap_name }}-Darwin.tar.gz
if-no-files-found: error # 'warn' or 'ignore' are also available, defaults to `warn`
if: ${{ (inputs.use_environ == 'release') }}
diff --git a/.github/workflows/daily-build.yml b/.github/workflows/daily-build.yml
index b9d9d007..0a95a13c 100644
--- a/.github/workflows/daily-build.yml
+++ b/.github/workflows/daily-build.yml
@@ -99,6 +99,12 @@ jobs:
APPLE_CERTS_BASE64: ${{ secrets.APPLE_CERTS_BASE64 }}
APPLE_CERTS_BASE64_PASSWD: ${{ secrets.APPLE_CERTS_BASE64_PASSWD }}
KEYCHAIN_PASSWD: ${{ secrets.KEYCHAIN_PASSWD }}
+ AZURE_TENANT_ID: ${{ secrets.AZURE_TENANT_ID }}
+ AZURE_CLIENT_ID: ${{ secrets.AZURE_CLIENT_ID }}
+ AZURE_CLIENT_SECRET: ${{ secrets.AZURE_CLIENT_SECRET }}
+ AZURE_ENDPOINT: ${{ secrets.AZURE_ENDPOINT }}
+ AZURE_CODE_SIGNING_NAME: ${{ secrets.AZURE_CODE_SIGNING_NAME }}
+ AZURE_CERT_PROFILE_NAME: ${{ secrets.AZURE_CERT_PROFILE_NAME }}
call-workflow-ant-app:
needs: [get-base-names, call-workflow-tarball]
@@ -113,6 +119,12 @@ jobs:
APPLE_CERTS_BASE64: ${{ secrets.APPLE_CERTS_BASE64 }}
APPLE_CERTS_BASE64_PASSWD: ${{ secrets.APPLE_CERTS_BASE64_PASSWD }}
KEYCHAIN_PASSWD: ${{ secrets.KEYCHAIN_PASSWD }}
+ AZURE_TENANT_ID: ${{ secrets.AZURE_TENANT_ID }}
+ AZURE_CLIENT_ID: ${{ secrets.AZURE_CLIENT_ID }}
+ AZURE_CLIENT_SECRET: ${{ secrets.AZURE_CLIENT_SECRET }}
+ AZURE_ENDPOINT: ${{ secrets.AZURE_ENDPOINT }}
+ AZURE_CODE_SIGNING_NAME: ${{ secrets.AZURE_CODE_SIGNING_NAME }}
+ AZURE_CERT_PROFILE_NAME: ${{ secrets.AZURE_CERT_PROFILE_NAME }}
call-workflow-release:
needs: [get-base-names, call-workflow-tarball, call-workflow-ant, call-workflow-ant-app]
diff --git a/.github/workflows/release-files.yml b/.github/workflows/release-files.yml
index 5ff551d2..858fbba5 100644
--- a/.github/workflows/release-files.yml
+++ b/.github/workflows/release-files.yml
@@ -94,7 +94,7 @@ jobs:
- name: Get published binary (MacOS)
uses: actions/download-artifact@65a9edc5881444af0b9093a5e628f2fe47ea3b2e # v4.1.7
with:
- name: tgz-osx-binary
+ name: tgz-macos14_clang-binary
path: ${{ github.workspace }}
- name: Get published binary (Linux)
@@ -113,7 +113,7 @@ jobs:
- name: Get published app binary (MacOS)
uses: actions/download-artifact@65a9edc5881444af0b9093a5e628f2fe47ea3b2e # v4.1.7
with:
- name: tgz-osx-app-binary
+ name: tgz-macos14_clang-app-binary
path: ${{ github.workspace }}
- name: Get published app binary (Linux)
diff --git a/build.xml b/build.xml
index 799ae62d..99d82c7b 100644
--- a/build.xml
+++ b/build.xml
@@ -15,9 +15,9 @@
-
+
-
+
@@ -1456,10 +1456,8 @@
-
-
-
-
+
+
@@ -1468,17 +1466,22 @@
+
+
+
+
-
-
-
-
-
-
-
+
+
+
+
+
+
+
+
@@ -1824,9 +1827,8 @@
-
-
+
+
@@ -1834,7 +1836,7 @@
MAC NOTARY FOR JXPACKAGE
================================================================= -->
-
+
@@ -1864,7 +1866,7 @@
*** notarize-zip-app:${zipUUID} ***
-
+
@@ -1885,7 +1887,7 @@
-
+
@@ -2237,7 +2239,7 @@
MAC NOTARY FOR JPACKAGE
================================================================= -->
-
+
@@ -2267,7 +2269,7 @@
*** notarize-app:${retUUID} ***
-
+
@@ -2288,7 +2290,7 @@
-
+