From 65e48cd98b7f89a446ed733f728e8686d37fb7a1 Mon Sep 17 00:00:00 2001 From: Hien To Date: Fri, 6 Dec 2024 13:42:08 +0700 Subject: [PATCH] feat: add codesign for macos --- .github/workflows/python-package.yml | 124 +++++++++++++++------------ 1 file changed, 68 insertions(+), 56 deletions(-) diff --git a/.github/workflows/python-package.yml b/.github/workflows/python-package.yml index 646de4b17..6968efc5e 100644 --- a/.github/workflows/python-package.yml +++ b/.github/workflows/python-package.yml @@ -2,7 +2,7 @@ name: Build and Package Python Library on: push: - branches: [ feat/python-package-ci ] + branches: [ feat/codesign-python-package ] workflow_dispatch: inputs: model_dir: @@ -25,9 +25,9 @@ jobs: fail-fast: false matrix: include: - - os: "linux" - name: "amd64" - runs-on: "ubuntu-20-04-cuda-12-0" + # - os: "linux" + # name: "amd64" + # runs-on: "ubuntu-20-04-cuda-12-0" - os: "mac" name: "amd64" runs-on: "macos-selfhosted-12" @@ -46,72 +46,47 @@ jobs: repository: janhq/models ref: "feat/ci-python-models" - # - name: Install Miniconda on Linux - # if: runner.os == 'Linux' - # run: | - # wget https://repo.anaconda.com/miniconda/Miniconda3-latest-Linux-x86_64.sh -O miniconda.sh - # bash miniconda.sh -b -p $HOME/miniconda - # echo "$HOME/miniconda/bin" >> $GITHUB_PATH - - # - name: Install Miniconda on macOS - # if: runner.os == 'macOS' - # run: | - # if [ "$(uname -m)" = "arm64" ]; then - # echo "Running on macOS ARM" - # MINICONDA_URL="https://repo.anaconda.com/miniconda/Miniconda3-latest-MacOSX-arm64.sh" - # else - # echo "Running on macOS Intel" - # MINICONDA_URL="https://repo.anaconda.com/miniconda/Miniconda3-latest-MacOSX-x86_64.sh" - # fi - # echo "Downloading Miniconda from $MINICONDA_URL" - # curl -L $MINICONDA_URL -o miniconda.sh - # bash miniconda.sh -b -p $HOME/miniconda - # echo "$HOME/miniconda/bin" >> $GITHUB_PATH - - # - name: Install Miniconda on Windows - # if: runner.os == 'Windows' - # shell: pwsh - # run: | - # $minicondaUrl = 'https://repo.anaconda.com/miniconda/Miniconda3-latest-Windows-x86_64.exe' - # Invoke-WebRequest -Uri $minicondaUrl -OutFile miniconda.exe - # Start-Process -FilePath miniconda.exe -ArgumentList '/InstallationType=JustMe', '/AddToPath=1', '/RegisterPython=0', '/S', ('/D=Miniconda3') -Wait - # echo "$env:USERPROFILE\\Miniconda3" >> $GITHUB_PATH + - uses: conda-incubator/setup-miniconda@v3 + with: + auto-update-conda: true + python-version: 3.11 + - name: Install dependencies Windows if: runner.os == 'windows' run: | - Miniconda\_conda.exe init - conda create -y -n ${{env.MODEL_NAME}} python=3.11 - - conda activate ${{env.MODEL_NAME}} - python -m pip install --upgrade pip - python -m pip install -r ${{env.MODEL_DIR}}/requirements.cuda.txt + conda create -y -n ${{env.MODEL_NAME}} python=3.11 + source $HOME/miniconda/bin/activate base + conda init + conda activate ${{env.MODEL_NAME}} + python -m pip install --upgrade pip + python -m pip install -r ${{env.MODEL_DIR}}/requirements.cuda.txt - name: Install dependencies Linux if: runner.os == 'linux' run: | - export PATH=$PATH:$HOME/miniconda/bin/ - conda init - conda create -y -n ${{env.MODEL_NAME}} python=3.11 - source $HOME/miniconda/bin/activate base - conda activate ${{env.MODEL_NAME}} - python -m pip install --upgrade pip - python -m pip install -r ${{env.MODEL_DIR}}/requirements.cuda.txt + conda create -y -n ${{env.MODEL_NAME}} python=3.11 + source $HOME/miniconda/bin/activate base + conda init + conda activate ${{env.MODEL_NAME}} + python -m pip install --upgrade pip + python -m pip install -r ${{env.MODEL_DIR}}/requirements.cuda.txt - name: Install dependencies Mac if: runner.os == 'macOS' run: | - export PATH=$PATH:$HOME/miniconda/bin/ - conda init - conda create -y -n ${{env.MODEL_NAME}} python=3.11 - source $HOME/miniconda/bin/activate base - conda activate ${{env.MODEL_NAME}} - python -m pip install --upgrade pip - python -m pip install -r ${{env.MODEL_DIR}}/requirements.txt + conda create -y -n ${{env.MODEL_NAME}} python=3.11 + source $HOME/miniconda/bin/activate base + conda init + conda activate ${{env.MODEL_NAME}} + python -m pip install --upgrade pip + python -m pip install -r ${{env.MODEL_DIR}}/requirements.txt - name: prepare python package windows if : runner.os == 'windows' shell: cmd run: | + source $HOME/miniconda/bin/activate base + conda init conda activate ${{env.MODEL_NAME}} for /f "delims=" %%a in ('where python') do set "PYTHON_PATH=%%a" echo %PYTHON_PATH% @@ -119,8 +94,8 @@ jobs: - name: prepare python package unix if : runner.os != 'windows' run: | - export PATH=$PATH:$HOME/miniconda/bin/ source $HOME/miniconda/bin/activate base + conda init conda activate ${{env.MODEL_NAME}} PYTHON_PATH=$(which python) echo $PYTHON_PATH @@ -133,4 +108,41 @@ jobs: uses: actions/upload-artifact@v4 with: name: ${{env.MODEL_NAME}}-${{ matrix.os }}-${{ matrix.name }} - path: ${{env.PYTHON_FOLDER}} \ No newline at end of file + path: ${{env.PYTHON_FOLDER}} + + codesign: + runs-on: macos-latest + needs: build-and-test + steps: + - name: checkout + uses: actions/checkout@v3 + - uses: apple-actions/import-codesign-certs@v2 + continue-on-error: true + with: + p12-file-base64: ${{ secrets.CODE_SIGN_P12_BASE64 }} + p12-password: ${{ secrets.CODE_SIGN_P12_PASSWORD }} + - name: Download Artifact + uses: actions/download-artifact@v4 + with: + name: ${{env.MODEL_NAME}}-mac-amd64 + path: ${{env.MODEL_NAME}}-mac-amd64 + - name: Download Artifact + uses: actions/download-artifact@v4 + with: + name: ${{env.MODEL_NAME}}-mac-arm64 + path: ${{env.MODEL_NAME}}-mac-arm64 + + - run: | + find "${{env.MODEL_NAME}}-mac-amd64" \( -type f \) -exec codesign --force --entitlements="./engine/templates/macos/entitlements.plist" -s "${{ secrets.DEVELOPER_ID }}" --options=runtime {} \; + find "${{env.MODEL_NAME}}-mac-arm64" \( -type f \) -exec codesign --force --entitlements="./engine/templates/macos/entitlements.plist" -s "${{ secrets.DEVELOPER_ID }}" --options=runtime {} \; + + - name: Upload Artifact + uses: actions/upload-artifact@v4 + with: + name: ${{env.MODEL_NAME}}-mac-amd64-signed + path: ${{env.MODEL_NAME}}-mac-amd64 + - name: Upload Artifact + uses: actions/upload-artifact@v4 + with: + name: ${{env.MODEL_NAME}}-mac-arm64-signed + path: ${{env.MODEL_NAME}}-mac-arm64