Skip to content

Commit

Permalink
[ci] Start refactoring codesigning
Browse files Browse the repository at this point in the history
  • Loading branch information
jcelerier committed Apr 3, 2024
1 parent 73fdc57 commit 5e08356
Show file tree
Hide file tree
Showing 2 changed files with 62 additions and 40 deletions.
55 changes: 55 additions & 0 deletions .github/actions/mac-codesign/action.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,55 @@
name: 'Notarize and codesign'
description: 'Notarize and codesign'

inputs:
path-to-sign:
description: 'Path containing files to sign'
required: true
default: ''
runs:
using: "composite"
steps:
- name: Code Signing
shell: bash

env:
MAC_CERT_B64: ${{ secrets.MAC_CERT_B64 }}
MAC_CERT_PASSWORD: ${{ secrets.MAC_CERT_PASSWORD }}
MAC_ALTOOL_PASSWORD: ${{ secrets.MAC_ALTOOL_PASSWORD }}
run: |
# Setup codesigning
# Thanks https://www.update.rocks/blog/osx-signing-with-travis/
(
set +x
KEY_CHAIN=build.keychain
echo "$MAC_CERT_B64" | base64 --decode > ossia-cert.p12
security create-keychain -p azure $KEY_CHAIN
security default-keychain -s $KEY_CHAIN
security unlock-keychain -p azure $KEY_CHAIN
security import ossia-cert.p12 -k $KEY_CHAIN -P "$MAC_CERT_PASSWORD" -T /usr/bin/codesign;
security set-key-partition-list -S apple-tool:,apple: -s -k azure $KEY_CHAIN
rm -rf *.p12
)
security unlock-keychain -p azure build.keychain
(
cd install
find ${{ inputs.path-to-sign }} \
\( -name "*.dylib" -o -name "*.a" -o -name "*.so" -o -name "*.mxo" \) \
-exec echo Signing {} + \
-exec codesign --force --timestamp --sign "ossia.io" {} +
ditto -c -k --sequesterRsrc --keepParent ${{ inputs.path-to-sign }} codesign.zip
xcrun notarytool submit "codesign.zip" \
--team-id "GRW9MHZ724" \
--apple-id "[email protected]" \
--password "@env:MAC_ALTOOL_PASSWORD" \
--progress \
--wait
rm codesign.zip
)
47 changes: 7 additions & 40 deletions .github/workflows/libossia.yml
Original file line number Diff line number Diff line change
Expand Up @@ -32,44 +32,7 @@ jobs:
cmake --build build --target test
cmake --build build --target install
- name: Code Signing
shell: bash
env:
MAC_CERT_B64: ${{ secrets.MAC_CERT_B64 }}
MAC_CERT_PASSWORD: ${{ secrets.MAC_CERT_PASSWORD }}
MAC_ALTOOL_PASSWORD: ${{ secrets.MAC_ALTOOL_PASSWORD }}
run: |
# Setup codesigning
# Thanks https://www.update.rocks/blog/osx-signing-with-travis/
(
set +x
KEY_CHAIN=build.keychain
echo "$MAC_CERT_B64" | base64 --decode > ossia-cert.p12
security create-keychain -p azure $KEY_CHAIN
security default-keychain -s $KEY_CHAIN
security unlock-keychain -p azure $KEY_CHAIN
security import ossia-cert.p12 -k $KEY_CHAIN -P "$MAC_CERT_PASSWORD" -T /usr/bin/codesign;
security set-key-partition-list -S apple-tool:,apple: -s -k azure $KEY_CHAIN
rm -rf *.p12
)
security unlock-keychain -p azure build.keychain
(
cd install
find lib \( -name "*.dylib" -o -name "*.a" -o -name "*.so" \) -exec echo Signing {} + -exec codesign --force --timestamp --sign "ossia.io" {} +
zip -r ossia-shared-release.zip lib/
xcrun altool \
--notarize-app \
-t osx \
-f "ossia-shared-release.zip" \
--primary-bundle-id "io.ossia.ossia-shared-release" \
-u [email protected] -p "@env:MAC_ALTOOL_PASSWORD"
rm ossia-shared-release.zip
)
- uses: ./.github/actions/mac-codesign
- name: Archive Package
uses: actions/upload-artifact@v2
with:
Expand All @@ -87,14 +50,18 @@ jobs:
- uses: actions/checkout@v4
- name: install deps
run: choco install -y ninja

- name: Set up Visual Studio shell
uses: egor-tensin/vs-shell@v2
with:
arch: x64

- name : Build
shell: cmd
env:
STATIC: ${{ matrix.static }}
BUILD_TYPE: ${{ matrix.build_type }}
run: |
call ci\msvc.bat
cmake -B build -S %GITHUB_WORKSPACE% -GNinja -DOSSIA_PCH=0 -DCMAKE_SYSTEM_VERSION=7 -DCMAKE_INSTALL_PREFIX=install -DCMAKE_BUILD_TYPE=%BUILD_TYPE% -DOSSIA_STATIC=%STATIC% -DOSSIA_CI=1 -DOSSIA_TESTING=1
cmake --build build
cmake --build build --target test
Expand Down

0 comments on commit 5e08356

Please sign in to comment.