Merge pull request #1950 from ghutchis/harden-file-readers #2861
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: CMake Self-Hosted | |
on: [push, pull_request, workflow_dispatch] | |
env: | |
# this is different from MACOSX_DEPLOYMENT_TARGET to prevent build problems | |
# we set MACOSX_DEPLOYMENT_TARGET later | |
MACOS_TARGET: 10.12 | |
FEATURES: -DUSE_VTK=ON -DBUILD_GPL_PLUGINS=ON -DBUILD_MOLEQUEUE=OFF -DWITH_COORDGEN=OFF -DUSE_3DCONNEXION=ON | |
concurrency: | |
group: ${{ github.workflow }}-${{ github.ref }} | |
cancel-in-progress: true | |
jobs: | |
build: | |
name: ${{ matrix.config.name }} | |
runs-on: ${{ matrix.config.os }} | |
strategy: | |
fail-fast: false | |
matrix: | |
config: | |
- { | |
name: "macOS ARM", artifact: "macOS-arm64.dmg", | |
os: [self-hosted, macOS], | |
cc: "clang", cxx: "clang++", | |
build_type: "Release", | |
cmake_flags: "-G Ninja -DCMAKE_PREFIX_PATH=/opt/homebrew/Cellar/qt@5/5.15.5_1/lib/cmake/Qt5", | |
cpack_flags: "-G DragNDrop", | |
} | |
steps: | |
- name: Install Dependencies (macOS) | |
if: runner.os == 'macOS' | |
run: | | |
if uname -p | grep -q "arm" ; then | |
export PATH=/opt/homebrew/bin:$PATH | |
else # not self-hosted runner | |
brew install ninja eigen glew | |
fi | |
- name: Checkout openchemistry | |
uses: actions/checkout@v4 | |
with: | |
repository: openchemistry/openchemistry | |
submodules: recursive | |
- name: Checkout avogadroapp | |
uses: actions/checkout@v4 | |
with: | |
repository: openchemistry/avogadroapp | |
path: avogadroapp | |
- name: Checkout molecules | |
uses: actions/checkout@v4 | |
with: | |
repository: openchemistry/molecules | |
path: molecules | |
- name: Checkout fragments | |
uses: actions/checkout@v4 | |
with: | |
repository: openchemistry/fragments | |
path: fragments | |
- name: Checkout crystals | |
uses: actions/checkout@v4 | |
with: | |
repository: openchemistry/crystals | |
path: crystals | |
- name: Checkout avogadrolibs | |
uses: actions/checkout@v4 | |
with: | |
path: avogadrolibs | |
- name: Checkout i18n | |
uses: actions/checkout@v4 | |
with: | |
repository: openchemistry/avogadro-i18n | |
path: avogadro-i18n | |
- name: Configure | |
run: | | |
if [ ! -d "${{ runner.workspace }}/build" ]; then mkdir "${{ runner.workspace }}/build"; fi | |
cd "${{ runner.workspace }}/build" | |
echo "MACOSX_DEPLOYMENT_TARGET=${{ env.MACOS_TARGET }}" >> $GITHUB_ENV | |
CC=${{matrix.config.cc}} CXX=${{matrix.config.cxx}} cmake $GITHUB_WORKSPACE ${{env.FEATURES}} -DCMAKE_BUILD_TYPE=${{matrix.config.build_type}} ${{matrix.config.cmake_flags}} | |
shell: bash | |
- name: Build | |
run: | | |
CC=${{matrix.config.cc}} CXX=${{matrix.config.cxx}} cmake --build . --config ${{matrix.config.build_type}} ${{matrix.config.build_flags}} | |
shell: bash | |
working-directory: ${{ runner.workspace }}/build | |
- name: Fix Mac plugins | |
if: runner.os == 'macOS' | |
working-directory: ${{ runner.workspace }}/build/prefix/lib/openbabel | |
run: | | |
for plugin in *.so; do | |
for libpath in `otool -L ${plugin} | grep '/Users/runner' | awk '{print $1}'`; do | |
export lib=`echo $libpath | cut -d '/' -f 10`; | |
echo "Fixing $plugin $lib $libpath" | |
install_name_tool -change $libpath @executable_path/../Frameworks/$lib $plugin | |
done | |
done | |
cd .. # build/prefix/lib | |
for plugin in libinchi.?.?.?.dylib; do | |
for libpath in `otool -L ${plugin} | grep '/Users/runner' | awk '{print $1}'`; do | |
export lib=`echo $libpath | cut -d '/' -f 10`; | |
echo "Fixing $plugin $lib $libpath" | |
install_name_tool -change $libpath @executable_path/../Frameworks/$lib $plugin | |
done | |
done | |
otool -L libinchi.?.?.?.dylib | |
cp -p libinchi* ../Avogadro2.app/Contents/Frameworks/ | |
# finally, fixup the binaries | |
#cd ../bin | |
#for exe in obabel obmm eht_bind genXrdPattern; do | |
# for libpath in `otool -L ${exe} | grep '/Users/runner' | awk '{print $1}'`; do | |
# export lib=`echo $libpath | cut -d '/' -f 10`; | |
# echo "Fixing $exe $lib $libpath" | |
# install_name_tool -change $libpath @executable_path/../Frameworks/$lib $exe | |
# done | |
#done | |
- name: Install the Apple certificate | |
# From GitHub docs: https://docs.github.com/en/actions/guides/installing-an-apple-certificate-on-macos-runners-for-xcode-development | |
if: runner.os == 'macOS' | |
working-directory: ${{ runner.workspace }}/build | |
env: | |
BUILD_CERTIFICATE_BASE64: ${{ secrets.BUILD_CERTIFICATE_BASE64 }} | |
P12_PASSWORD: ${{ secrets.P12_PASSWORD }} | |
KEYCHAIN_PASSWORD: ${{ secrets.KEYCHAIN_PASSWORD }} | |
NOTARIZE_USERNAME: ${{ secrets.AC_USERNAME }} | |
NOTARIZE_PASSWORD: ${{ secrets.AC_PASSWORD }} | |
CODESIGN_IDENTITY: ${{ secrets.CODESIGN_ID }} | |
PRODUCT_BUNDLE_IDENTIFIER: cc.avogadro | |
run: | | |
# create variables | |
if [ -n "${P12_PASSWORD}" ]; then | |
CERTIFICATE_PATH=$RUNNER_TEMP/build_certificate.p12 | |
KEYCHAIN_PATH=$RUNNER_TEMP/app-signing.keychain-db | |
# import certificate and provisioning profile from secrets | |
echo -n "$BUILD_CERTIFICATE_BASE64" | base64 --decode -o $CERTIFICATE_PATH | |
# create temporary keychain if the cert is non-zero | |
if [ -s $CERTIFICATE_PATH ]; then | |
security create-keychain -p "$KEYCHAIN_PASSWORD" $KEYCHAIN_PATH | |
security set-keychain-settings -lut 21600 $KEYCHAIN_PATH | |
security unlock-keychain -p "$KEYCHAIN_PASSWORD" $KEYCHAIN_PATH | |
# import certificate to keychain | |
security import $CERTIFICATE_PATH -P "$P12_PASSWORD" -A -t cert -f pkcs12 -k $KEYCHAIN_PATH | |
security list-keychain -d user -s $KEYCHAIN_PATH | |
# signing occurs via avogadroapp cpack instructions | |
fi # certificate exists | |
fi # password exists | |
# remove any previous DMG in case they're still around | |
rm -f avogadroapp/*.dmg | |
- name: Create Mac and Windows Packages | |
shell: bash | |
run: | | |
if [ -z "${P12_PASSWORD}" ]; then | |
unset CODESIGN_IDENTITY # to prevent cpack failing when trying to sign | |
fi | |
[[ ! "${GITHUB_REF}" =~ "tags" ]] && export SNAPSHOT_DATE=`date -j "+%d-%m-%y"` | |
cpack ${{ matrix.config.cpack_flags }} | |
working-directory: ${{ runner.workspace }}/build/avogadroapp | |
env: | |
P12_PASSWORD: ${{ secrets.P12_PASSWORD }} | |
CODESIGN_IDENTITY: ${{ secrets.CODESIGN_ID }} | |
- name: Notarize Mac DMG | |
if: runner.os == 'macOS' | |
run: | | |
# check if we have the password and the username | |
if [ -n "${NOTARIZE_PASSWORD}" ] && [ -n "${NOTARIZE_USERNAME}" ]; then | |
codesign -s "$CODESIGN_IDENTITY" --timestamp Avogadro2*.dmg | |
xcrun notarytool submit Avogadro2*.dmg --apple-id "$NOTARIZE_USERNAME" --team-id "$NOTARIZE_TEAM" --password "$NOTARIZE_PASSWORD" --verbose --wait | |
xcrun stapler staple -v Avogadro2*.dmg | |
fi | |
working-directory: ${{ runner.workspace }}/build/avogadroapp | |
env: | |
NOTARIZE_TEAM: ${{ secrets.AC_TEAM }} | |
NOTARIZE_USERNAME: ${{ secrets.AC_USERNAME }} | |
NOTARIZE_PASSWORD: ${{ secrets.AC_PASSWORD }} | |
CODESIGN_IDENTITY: ${{ secrets.CODESIGN_ID }} | |
continue-on-error: true | |
- name: Upload | |
if: matrix.config.artifact != 0 | |
uses: actions/upload-artifact@v4 | |
with: | |
path: ${{ runner.workspace }}/build/avogadroapp/Avogadro2*.* | |
name: ${{ matrix.config.artifact }} | |
- name: Cleanup | |
if: ${{ always() }} # To ensure this step runs even when earlier steps fail | |
shell: bash | |
run: | | |
ls -la ./ | |
rm -rf ./* || true | |
rm -rf ./.??* || true | |
ls -la ./ |