Code sign macOS binaries #61
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Build | |
on: | |
push: | |
pull_request: | |
jobs: | |
test: | |
runs-on: ${{ matrix.os }} | |
strategy: | |
matrix: | |
os: [macos-latest, ubuntu-latest] | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Build and test | |
run: | | |
mkdir build | |
cd build | |
cmake .. | |
make | |
make check | |
package-source: | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Make source tarball | |
run: | | |
./autogen.sh | |
./configure && make distcheck | |
- name: Archive production artifacts | |
uses: actions/upload-artifact@v4 | |
with: | |
name: libdiscid-source | |
path: libdiscid-*.tar.gz | |
package-windows: | |
runs-on: windows-2019 | |
env: | |
GENERATOR: Visual Studio 16 2019 | |
CODESIGN: ${{ !!secrets.AZURE_CERT_PROFILE_NAME }} | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Prepare package | |
run: | | |
mkdir artifacts | |
cp .\COPYING artifacts | |
cp .\README artifacts | |
cp .\ChangeLog artifacts | |
- name: Build x64 | |
run: | | |
mkdir _build_$env:ARCH | |
cd _build_$env:ARCH | |
cmake -G $env:GENERATOR -A $env:ARCH .. | |
cmake --build . --config Release | |
mkdir ..\artifacts\$env:ARCH | |
cp .\Release\* ..\artifacts\$env:ARCH | |
cp -R .\include ..\artifacts | |
env: | |
ARCH: x64 | |
- name: Build Win32 | |
run: | | |
mkdir _build_$env:ARCH | |
cd _build_$env:ARCH | |
cmake -G $env:GENERATOR -A $env:ARCH .. | |
cmake --build . --config Release | |
mkdir ..\artifacts\$env:ARCH | |
cp .\Release\* ..\artifacts\$env:ARCH | |
env: | |
ARCH: Win32 | |
- name: Code signing binaries | |
uses: azure/[email protected] | |
if: env.CODESIGN == 'true' | |
with: | |
azure-tenant-id: ${{ secrets.AZURE_TENANT_ID }} | |
azure-client-id: ${{ secrets.AZURE_CLIENT_ID }} | |
azure-client-secret: ${{ secrets.AZURE_CLIENT_SECRET }} | |
endpoint: ${{ secrets.AZURE_ENDPOINT }} | |
trusted-signing-account-name: ${{ secrets.AZURE_CODE_SIGNING_NAME }} | |
certificate-profile-name: ${{ secrets.AZURE_CERT_PROFILE_NAME }} | |
files-folder: artifacts | |
files-folder-filter: exe,dll | |
files-folder-recurse: true | |
timestamp-rfc3161: http://timestamp.acs.microsoft.com | |
timestamp-digest: SHA256 | |
- name: Archive production artifacts | |
uses: actions/upload-artifact@v4 | |
with: | |
name: libdiscid-windows | |
path: artifacts/ | |
- name: Test x64 | |
run: | | |
cd _build_x64 | |
cmake --build . --config Release --target test_core test_put test_read test_read_full | |
.\Release\test_core.exe | |
.\Release\test_put.exe | |
- name: Test Win32 | |
run: | | |
cd _build_Win32 | |
cmake --build . --config Release --target test_core test_put test_read test_read_full | |
.\Release\test_core.exe | |
.\Release\test_put.exe | |
package-macos: | |
runs-on: macos-13 | |
env: | |
MACOSX_DEPLOYMENT_TARGET: "10.10" | |
CODESIGN: ${{ !!secrets.CODESIGN_MACOS_P12_URL }} | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Cache apple-codesign | |
uses: actions/cache@v2 | |
with: | |
path: | | |
~/.cargo/bin | |
~/.cargo/git | |
~/.cargo/registry | |
key: ${{ runner.os }}-cargo }} | |
- name: Build | |
run: | | |
mkdir build | |
cd build | |
cmake -DCMAKE_BUILD_TYPE=Release -D "CMAKE_OSX_ARCHITECTURES=arm64;x86_64" .. | |
make | |
lipo libdiscid.0.dylib -verify_arch arm64 x86_64 | |
- name: Package | |
run: | | |
cd build | |
mkdir -p artifacts/universal2 | |
cp -Lv libdiscid.0.dylib artifacts/universal2/ | |
for arch in arm64 x86_64; do | |
mkdir -p "artifacts/${arch}" | |
lipo artifacts/universal2/libdiscid.0.dylib \ | |
-thin $arch \ | |
-output artifacts/${arch}/libdiscid.0.dylib | |
done | |
cp -Rv include artifacts/ | |
cp -v ../COPYING ../README ../ChangeLog artifacts | |
- name: Prepare code signing certificate | |
if: env.CODESIGN == 'true' | |
run: | | |
pip3 install awscli | |
aws s3 cp "$CODESIGN_MACOS_P12_URL" ./appledev.p12 | |
cargo install apple-codesign | |
env: | |
AWS_DEFAULT_REGION: eu-central-1 | |
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
CODESIGN_MACOS_P12_URL: ${{ secrets.CODESIGN_MACOS_P12_URL }} | |
- name: Code signing binaries | |
if: env.CODESIGN == 'true' | |
run: | | |
for arch in arm64 x86_64 universal2; do | |
rcodesign sign \ | |
--p12-file appledev.p12 \ | |
--p12-password "$CODESIGN_MACOS_P12_PASSWORD" \ | |
build/artifacts/${arch}/libdiscid.0.dylib | |
done | |
env: | |
CODESIGN_MACOS_P12_PASSWORD: ${{ secrets.CODESIGN_MACOS_P12_PASSWORD }} | |
- name: Archive production artifacts | |
uses: actions/upload-artifact@v4 | |
with: | |
name: libdiscid-macos | |
path: build/artifacts | |
- name: Code signing cleanup | |
run: rm ./appledev.p12 | |
release: | |
runs-on: ubuntu-latest | |
if: startsWith(github.ref, 'refs/tags/v') | |
needs: | |
- test | |
- package-source | |
- package-macos | |
- package-windows | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Set version | |
run: | | |
TAG=${GITHUB_REF##*/} | |
echo "VERSION=$(echo $TAG | sed 's/^v//')" >> $GITHUB_ENV | |
- uses: actions/download-artifact@v4 | |
with: | |
name: libdiscid-windows | |
path: artifacts/libdiscid-${{ env.VERSION }}-win/ | |
- uses: actions/download-artifact@v4 | |
with: | |
name: libdiscid-macos | |
path: artifacts/libdiscid-${{ env.VERSION }}-mac/ | |
- uses: actions/download-artifact@v4 | |
with: | |
name: libdiscid-source | |
path: artifacts/release/ | |
- name: Make zips | |
run: | | |
cd artifacts/ | |
dirs=$(find . -name 'libdiscid-*' -type d) | |
for dir in $dirs; do | |
name=$(basename $dir) | |
zip -r release/$name.zip $dir/* | |
done | |
- name: Generate checksums | |
run: | | |
cd artifacts/release/ | |
sha256sum * > SHA256SUMS | |
- name: Release | |
uses: softprops/action-gh-release@v2 | |
with: | |
files: artifacts/release/* | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} |