From 5e08356abaf394673150749443e8fca13c9c1120 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jean-Micha=C3=ABl=20Celerier?= Date: Wed, 3 Apr 2024 18:31:15 -0400 Subject: [PATCH] [ci] Start refactoring codesigning --- .github/actions/mac-codesign/action.yml | 55 +++++++++++++++++++++++++ .github/workflows/libossia.yml | 47 ++++----------------- 2 files changed, 62 insertions(+), 40 deletions(-) create mode 100644 .github/actions/mac-codesign/action.yml diff --git a/.github/actions/mac-codesign/action.yml b/.github/actions/mac-codesign/action.yml new file mode 100644 index 00000000000..716cfa94710 --- /dev/null +++ b/.github/actions/mac-codesign/action.yml @@ -0,0 +1,55 @@ +name: 'Notarize and codesign' +description: 'Notarize and codesign' + +inputs: + path-to-sign: + description: 'Path containing files to sign' + required: true + default: '' +runs: + using: "composite" + steps: + - name: Code Signing + shell: bash + + env: + MAC_CERT_B64: ${{ secrets.MAC_CERT_B64 }} + MAC_CERT_PASSWORD: ${{ secrets.MAC_CERT_PASSWORD }} + MAC_ALTOOL_PASSWORD: ${{ secrets.MAC_ALTOOL_PASSWORD }} + run: | + # Setup codesigning + # Thanks https://www.update.rocks/blog/osx-signing-with-travis/ + ( + set +x + KEY_CHAIN=build.keychain + echo "$MAC_CERT_B64" | base64 --decode > ossia-cert.p12 + + security create-keychain -p azure $KEY_CHAIN + security default-keychain -s $KEY_CHAIN + security unlock-keychain -p azure $KEY_CHAIN + security import ossia-cert.p12 -k $KEY_CHAIN -P "$MAC_CERT_PASSWORD" -T /usr/bin/codesign; + security set-key-partition-list -S apple-tool:,apple: -s -k azure $KEY_CHAIN + + rm -rf *.p12 + ) + + security unlock-keychain -p azure build.keychain + + ( + cd install + find ${{ inputs.path-to-sign }} \ + \( -name "*.dylib" -o -name "*.a" -o -name "*.so" -o -name "*.mxo" \) \ + -exec echo Signing {} + \ + -exec codesign --force --timestamp --sign "ossia.io" {} + + + ditto -c -k --sequesterRsrc --keepParent ${{ inputs.path-to-sign }} codesign.zip + + xcrun notarytool submit "codesign.zip" \ + --team-id "GRW9MHZ724" \ + --apple-id "jeanmichael.celerier@gmail.com" \ + --password "@env:MAC_ALTOOL_PASSWORD" \ + --progress \ + --wait + + rm codesign.zip + ) diff --git a/.github/workflows/libossia.yml b/.github/workflows/libossia.yml index 109ce16e446..078a6976a0b 100644 --- a/.github/workflows/libossia.yml +++ b/.github/workflows/libossia.yml @@ -32,44 +32,7 @@ jobs: cmake --build build --target test cmake --build build --target install - - name: Code Signing - shell: bash - env: - MAC_CERT_B64: ${{ secrets.MAC_CERT_B64 }} - MAC_CERT_PASSWORD: ${{ secrets.MAC_CERT_PASSWORD }} - MAC_ALTOOL_PASSWORD: ${{ secrets.MAC_ALTOOL_PASSWORD }} - run: | - # Setup codesigning - # Thanks https://www.update.rocks/blog/osx-signing-with-travis/ - ( - set +x - KEY_CHAIN=build.keychain - echo "$MAC_CERT_B64" | base64 --decode > ossia-cert.p12 - - security create-keychain -p azure $KEY_CHAIN - security default-keychain -s $KEY_CHAIN - security unlock-keychain -p azure $KEY_CHAIN - security import ossia-cert.p12 -k $KEY_CHAIN -P "$MAC_CERT_PASSWORD" -T /usr/bin/codesign; - security set-key-partition-list -S apple-tool:,apple: -s -k azure $KEY_CHAIN - - rm -rf *.p12 - ) - - security unlock-keychain -p azure build.keychain - - ( - cd install - find lib \( -name "*.dylib" -o -name "*.a" -o -name "*.so" \) -exec echo Signing {} + -exec codesign --force --timestamp --sign "ossia.io" {} + - - zip -r ossia-shared-release.zip lib/ - xcrun altool \ - --notarize-app \ - -t osx \ - -f "ossia-shared-release.zip" \ - --primary-bundle-id "io.ossia.ossia-shared-release" \ - -u jeanmichael.celerier@gmail.com -p "@env:MAC_ALTOOL_PASSWORD" - rm ossia-shared-release.zip - ) + - uses: ./.github/actions/mac-codesign - name: Archive Package uses: actions/upload-artifact@v2 with: @@ -87,14 +50,18 @@ jobs: - uses: actions/checkout@v4 - name: install deps run: choco install -y ninja + + - name: Set up Visual Studio shell + uses: egor-tensin/vs-shell@v2 + with: + arch: x64 + - name : Build shell: cmd env: STATIC: ${{ matrix.static }} BUILD_TYPE: ${{ matrix.build_type }} run: | - call ci\msvc.bat - cmake -B build -S %GITHUB_WORKSPACE% -GNinja -DOSSIA_PCH=0 -DCMAKE_SYSTEM_VERSION=7 -DCMAKE_INSTALL_PREFIX=install -DCMAKE_BUILD_TYPE=%BUILD_TYPE% -DOSSIA_STATIC=%STATIC% -DOSSIA_CI=1 -DOSSIA_TESTING=1 cmake --build build cmake --build build --target test