diff options
| author | Yong He <yonghe@outlook.com> | 2022-06-15 21:57:30 -0700 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2022-06-15 21:57:30 -0700 |
| commit | f5c81d869b48f8fa22a4c9b028a7d694d70b7291 (patch) | |
| tree | 4122cb5625760be6f6a260e3ac5bdcc41db7354e /.github | |
| parent | c8dc01436473ff2eb4ab4f219804d474720b02fe (diff) | |
Add signing to Macos release workflow. (#2285)
* Update macos workflow
* Fetch submodule
* fix
Co-authored-by: Yong He <yhe@nvidia.com>
Diffstat (limited to '.github')
| -rw-r--r-- | .github/workflows/macos.yml | 59 | ||||
| -rw-r--r-- | .github/workflows/release-linux.yml | 2 | ||||
| -rw-r--r-- | .github/workflows/release-macos.yml | 47 | ||||
| -rw-r--r-- | .github/workflows/release-windows.yml | 2 | ||||
| -rw-r--r-- | .github/workflows/windows.yml | 2 |
5 files changed, 64 insertions, 48 deletions
diff --git a/.github/workflows/macos.yml b/.github/workflows/macos.yml index d14c25c2f..e9e7a7dbf 100644 --- a/.github/workflows/macos.yml +++ b/.github/workflows/macos.yml @@ -7,9 +7,8 @@ on: branches: [ master ] jobs: - build_with_signing: + build: name: MacOS Build CI - runs-on: macos-latest strategy: @@ -23,51 +22,41 @@ jobs: with: submodules: 'true' fetch-depth: '0' - - name: Install the Apple certificate and provisioning profile - env: - BUILD_CERTIFICATE_BASE64: ${{ secrets.BUILD_CERTIFICATE_BASE64 }} - P12_PASSWORD: ${{ secrets.P12_PASSWORD }} - BUILD_PROVISION_PROFILE_BASE64: ${{ secrets.BUILD_PROVISION_PROFILE_BASE64 }} - KEYCHAIN_PASSWORD: ${{ secrets.KEYCHAIN_PASSWORD }} - run: | - # create variables - CERTIFICATE_PATH=$RUNNER_TEMP/build_certificate.p12 - PP_PATH=$RUNNER_TEMP/build_pp.provisionprofile - KEYCHAIN_PATH=$RUNNER_TEMP/app-signing.keychain-db - - # import certificate and provisioning profile from secrets - echo -n "$BUILD_CERTIFICATE_BASE64" | base64 --decode --output $CERTIFICATE_PATH - echo -n "$BUILD_PROVISION_PROFILE_BASE64" | base64 --decode --output $PP_PATH - - # create temporary keychain - security create-keychain -p "$KEYCHAIN_PASSWORD" $KEYCHAIN_PATH - security set-keychain-settings -lut 21600 $KEYCHAIN_PATH - security unlock-keychain -p "$KEYCHAIN_PASSWORD" $KEYCHAIN_PATH - - # import certificate to keychain - security import $CERTIFICATE_PATH -P "$P12_PASSWORD" -A -t cert -f pkcs12 -k $KEYCHAIN_PATH - security list-keychain -d user -s $KEYCHAIN_PATH - - # apply provisioning profile - mkdir -p ~/Library/MobileDevice/Provisioning\ Profiles - cp $PP_PATH ~/Library/MobileDevice/Provisioning\ Profiles - name: build - run: + run: | CC=${{matrix.compiler}} CONFIGURATION=${{matrix.configuration}} ARCH=${{matrix.platform}} source ./github_macos_build.sh + - name: Package + id: package + run: | + export SLANG_OS_NAME=macos + export SLANG_ARCH_NAME=`uname -p` + export TAG_NAME=`git describe --tags` + export SLANG_TAG=${TAG_NAME#v} + echo "tag:$TAG_NAME" + echo "slang-tag:$SLANG_TAG" + export SLANG_BINARY_ARCHIVE=slang-${SLANG_TAG}-${SLANG_OS_NAME}-${SLANG_ARCH_NAME}.zip + echo "creating zip" + 7z a ${SLANG_BINARY_ARCHIVE} slang.h + 7z a ${SLANG_BINARY_ARCHIVE} slang-com-helper.h + 7z a ${SLANG_BINARY_ARCHIVE} slang-com-ptr.h + 7z a ${SLANG_BINARY_ARCHIVE} slang-tag-version.h + 7z a ${SLANG_BINARY_ARCHIVE} prelude/*.h + 7z a ${SLANG_BINARY_ARCHIVE} bin/*/*/libslang.dylib + 7z a ${SLANG_BINARY_ARCHIVE} bin/*/*/slangc + 7z a ${SLANG_BINARY_ARCHIVE} bin/*/*/slangd + 7z a ${SLANG_BINARY_ARCHIVE} docs/*.md + echo "::set-output name=SLANG_BINARY_ARCHIVE::${SLANG_BINARY_ARCHIVE}" - uses: actions/upload-artifact@v3 with: name: slang-build-${{matrix.configuration}}-${{matrix.platform}}-${{matrix.compiler}} path: | - bin/**/slangc - bin/**/slangd - bin/**/libslang.dylib + ${{ steps.package.outputs.SLANG_BINARY_ARCHIVE }} - name: test run: CONFIGURATION=${{matrix.configuration}} CC=${{matrix.compiler}} ARCH=${{matrix.platform}} source ./github_test.sh - diff --git a/.github/workflows/release-linux.yml b/.github/workflows/release-linux.yml index 3f5feeaef..c3d075d01 100644 --- a/.github/workflows/release-linux.yml +++ b/.github/workflows/release-linux.yml @@ -4,7 +4,7 @@ on: tags: - 'v*' # Push events to matching v*, i.e. v1.0, v20.15.10 -name: Upload Release Asset +name: Linux Release jobs: build: diff --git a/.github/workflows/release-macos.yml b/.github/workflows/release-macos.yml index 2fa5023c4..90201b39e 100644 --- a/.github/workflows/release-macos.yml +++ b/.github/workflows/release-macos.yml @@ -4,10 +4,10 @@ on: tags: - 'v*' # Push events to matching v*, i.e. v1.0, v20.15.10 -name: Upload Release Asset +name: MacOS Release jobs: - build: + build_with_signing: name: Upload Release Asset runs-on: macos-latest strategy: @@ -16,6 +16,17 @@ jobs: compiler: ['clang'] platform: ['x64'] steps: + - name: "Import Certificate" + uses: devbotsxyz/xcode-import-certificate@master + with: + certificate-data: "${{ secrets.BUILD_CERTIFICATE_BASE64 }}" + certificate-passphrase: "${{ secrets.P12_PASSWORD }}" + keychain-password: "${{ secrets.KEYCHAIN_PASSWORD }}" + - name: Install the signing tools + run: | + brew install mitchellh/gon/gon + security find-identity -v + brew install coreutils - name: Checkout code uses: actions/checkout@v2 with: @@ -30,7 +41,14 @@ jobs: export ARCH=${{matrix.platform}} echo "building..." source ./github_macos_build.sh - echo "creating binary archieves..." + - name: Sign binaries + env: + AC_PASSWORD: ${{secrets.APPLE_ID_PASSWORD}} + run: | + gon ./extras/macos-sign.json + - name: Package + id: package + run: | export SLANG_OS_NAME=macos export SLANG_ARCH_NAME=`uname -p` export TAG_NAME=`git describe --tags` @@ -38,18 +56,27 @@ jobs: echo "tag:$TAG_NAME" echo "slang-tag:$SLANG_TAG" export SLANG_BINARY_ARCHIVE=slang-${SLANG_TAG}-${SLANG_OS_NAME}-${SLANG_ARCH_NAME}.zip - export SLANG_BINARY_ARCHIVE_TAR=slang-${SLANG_TAG}-${SLANG_OS_NAME}-${SLANG_ARCH_NAME}.tar.gz echo "creating zip" - zip -r ${SLANG_BINARY_ARCHIVE} bin/*/*/slangc bin/*/*/slangd bin/*/*/libslang.dylib bin/*/*/libslang-glslang.dylib bin/*/*/libgfx.dylib bin/*/*/libslang-llvm.dylib docs/*.md README.md LICENSE slang.h slang-com-helper.h slang-com-ptr.h slang-tag-version.h slang-gfx.h prelude/*.h - echo "creating tar" - tar -czf ${SLANG_BINARY_ARCHIVE_TAR} bin/*/*/slangc bin/*/*/slangd bin/*/*/libslang.dylib bin/*/*/libslang-glslang.dylib bin/*/*/libgfx.dylib bin/*/*/libslang-llvm.dylib docs/*.md README.md LICENSE slang.h slang-com-helper.h slang-com-ptr.h slang-tag-version.h slang-gfx.h prelude/*.h + 7z a ${SLANG_BINARY_ARCHIVE} slang.h + 7z a ${SLANG_BINARY_ARCHIVE} slang-com-helper.h + 7z a ${SLANG_BINARY_ARCHIVE} slang-com-ptr.h + 7z a ${SLANG_BINARY_ARCHIVE} slang-tag-version.h + 7z a ${SLANG_BINARY_ARCHIVE} prelude/*.h + 7z a ${SLANG_BINARY_ARCHIVE} bin/*/*/libslang.dylib + 7z a ${SLANG_BINARY_ARCHIVE} bin/*/*/slangc + 7z a ${SLANG_BINARY_ARCHIVE} bin/*/*/slangd + 7z a ${SLANG_BINARY_ARCHIVE} docs/*.md echo "::set-output name=SLANG_BINARY_ARCHIVE::${SLANG_BINARY_ARCHIVE}" - echo "::set-output name=SLANG_BINARY_ARCHIVE_TAR::${SLANG_BINARY_ARCHIVE_TAR}" - name: UploadBinary uses: softprops/action-gh-release@v1 with: files: | - ${{ steps.build.outputs.SLANG_BINARY_ARCHIVE }} - ${{ steps.build.outputs.SLANG_BINARY_ARCHIVE_TAR }} + ${{ steps.package.outputs.SLANG_BINARY_ARCHIVE }} env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + - name: Notarize + env: + AC_PASSWORD: ${{secrets.APPLE_ID_PASSWORD}} + BINARY_PATH: ${{ steps.package.outputs.SLANG_BINARY_ARCHIVE }} + run: | + timeout 1000 gon ./extras/macos-notarize.json diff --git a/.github/workflows/release-windows.yml b/.github/workflows/release-windows.yml index fdad2d73e..e28cd13cb 100644 --- a/.github/workflows/release-windows.yml +++ b/.github/workflows/release-windows.yml @@ -4,7 +4,7 @@ on: tags: - 'v*' # Push events to matching v*, i.e. v1.0, v20.15.10 -name: Upload Release Asset - Windows +name: Windows Release jobs: build: diff --git a/.github/workflows/windows.yml b/.github/workflows/windows.yml index 2d6b7c413..b5bc8c7ee 100644 --- a/.github/workflows/windows.yml +++ b/.github/workflows/windows.yml @@ -1,6 +1,6 @@ # This is a basic workflow to help you get started with Actions -name: Windows-CI +name: Windows Build CI on: push: |