1 files changed, 181 insertions, 0 deletions

diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
new file mode 100644
index 000000000..2fefe5bd9
--- /dev/null
+++ b/.github/workflows/release.yml
@@ -0,0 +1,181 @@
+name: Release
+
+on:
+  push:
+    # Also run on pushes to the main branch so that we can keep the llvm and sccache
+    # caches filled in a scope available to everyone
+    branches:
+      - master
+    tags:
+      - 'v*'
+
+jobs:
+  release:
+    strategy:
+      matrix:
+        os: [linux, macos, windows]
+        config: [release]
+        platform: [x86_64, aarch64]
+        test-category: [smoke]
+        include:
+          - {os: linux, runs-on: ubuntu-20.04, compiler: gcc}
+          - {os: windows, runs-on: windows-latest, compiler: cl}
+          - {os: macos, runs-on: macos-latest, compiler: clang}
+
+          - {build-slang-llvm: false}
+          - {os: linux, platform: x86_64, build-slang-llvm: true}
+          - {os: windows, platform: x86_64, build-slang-llvm: true}
+          - {os: macos, platform: aarch64, build-slang-llvm: true}
+      fail-fast: false
+    runs-on: ${{ matrix.runs-on }}
+    container: ${{ matrix.image || '' }}
+
+    defaults:
+      run:
+        shell: bash
+
+    steps:
+      - uses: actions/checkout@v3
+        with:
+          submodules: 'true'
+          fetch-depth: '0'
+      - name: Setup
+        uses: ./.github/actions/common-setup
+        with:
+          os: ${{matrix.os}}
+          compiler: ${{matrix.compiler}}
+          platform: ${{matrix.platform}}
+          config: ${{matrix.config}}
+          build-llvm: ${{matrix.build-slang-llvm}}
+
+      - name: Build slang generators
+        run: |
+          cmake --workflow --preset generators --fresh
+          mkdir build-platform-generators
+          cmake --install build --config Release --component generators --prefix build-platform-generators
+
+      - name: Change dev tools to host arch (windows)
+        uses: ilammy/msvc-dev-cmd@v1
+        with:
+          arch: ${{matrix.platform == 'aarch64' && 'amd64_arm64' || 'amd64'}}
+          sdk: "10.0.19041.0"
+
+      - name: Change dev tools to host arch (linux and macos)
+        run: |
+          if [[ "${{inputs.os}}" == linux* && "${{inputs.platform}}" == "aarch64" && "$(uname -m)" != "aarch64" ]]; then
+            export CC=aarch64-linux-gnu-gcc
+            export CXX=aarch64-linux-gnu-g++
+          fi
+          CMAKE_OSX_ARCHITECTURES="${{matrix.platform}}"
+          CMAKE_OSX_ARCHITECTURES=${CMAKE_OSX_ARCHITECTURES//aarch64/arm64}
+
+          echo "CC=$CC" >> "$GITHUB_ENV"
+          echo "CXX=$CXX" >> "$GITHUB_ENV"
+          echo "CMAKE_OSX_ARCHITECTURES=$CMAKE_OSX_ARCHITECTURES" >> "$GITHUB_ENV"
+
+      - name: Build Slang
+        run: |
+          if [[ "${{ matrix.os }}" == "windows" && "${{ matrix.config }}" != "release" ]]; then
+              echo "Please see ci.yml for the steps to make debug builds work on Windows" >&2
+              exit 1
+          fi
+
+          cmake --preset default --fresh \
+            -DSLANG_GENERATORS_PATH=build-platform-generators/bin \
+            -DSLANG_ENABLE_EXAMPLES=OFF \
+            -DSLANG_EMBED_STDLIB=ON \
+            -DSLANG_SLANG_LLVM_FLAVOR=$(
+              [[ "${{matrix.build-slang-llvm}}" = "true" ]] && echo "USE_SYSTEM_LLVM" || echo "DISABLE")
+
+          cmake --build --preset "${{matrix.config}}"
+
+      - name: Sign and notarize binaries
+        if: matrix.os == 'macos' && startsWith(github.ref, 'refs/tags/v')
+        id: notarize
+        env:
+          BUILD_CERTIFICATE_BASE64: ${{ secrets.BUILD_CERTIFICATE_BASE64 }}
+          P12_PASSWORD: ${{ secrets.P12_PASSWORD }}
+          KEYCHAIN_PASSWORD: ${{ secrets.KEYCHAIN_PASSWORD }}
+          IDENTITY_ID: d6ada82a113e4204aaad914e1013e9548ffd30d0
+          AC_PASSWORD: ${{secrets.APPLE_ID_PASSWORD}}
+          AC_PROVIDER: ${{secrets.APPLE_ID_PPOVIDER}}
+          AC_USERNAME: ${{secrets.APPLE_ID_USERNAME}}
+        run: |
+          brew install Bearer/tap/gon
+          security find-identity -v
+          brew install coreutils
+
+          # create variables
+          CERTIFICATE_PATH=$RUNNER_TEMP/build_certificate.p12
+          KEYCHAIN_PATH=$RUNNER_TEMP/app-signing.keychain-db
+
+          # import certificate and provisioning profile from secrets
+          echo -n "$BUILD_CERTIFICATE_BASE64" | base64 --decode --output $CERTIFICATE_PATH
+
+          # create temporary keychain
+          security create-keychain -p "$KEYCHAIN_PASSWORD" $KEYCHAIN_PATH
+          security set-keychain-settings -lut 21600 $KEYCHAIN_PATH
+          security unlock-keychain -p "$KEYCHAIN_PASSWORD" $KEYCHAIN_PATH
+
+          # import certificate to keychain
+          security import $CERTIFICATE_PATH -P "$P12_PASSWORD" -A -t cert -f pkcs12 -k $KEYCHAIN_PATH
+          security list-keychain -d user -s $KEYCHAIN_PATH
+
+          security set-key-partition-list -S apple-tool:,apple:,codesign: -s -k ${KEYCHAIN_PASSWORD} $KEYCHAIN_PATH
+
+          signedFiles
+          find "${bin_dir}" "${lib_dir}" -type f -perm +111 \
+            | xargs codesign --force --options runtime -s "${IDENTITY_ID}" -v
+
+          binaries=(
+            "${lib_dir}/libslang.dylib"
+            "${lib_dir}/libslang-rt.dylib"
+            "${lib_dir}/libslang-glslang.dylib"
+            "${lib_dir}/libslang-llvm.dylib"
+            "${lib_dir}/libgfx.dylib"
+            "${bin_dir}/slangd"
+            "${bin_dir}/slangc"
+          )
+          for b in "${binaries[@]}"; do
+            if [[ -f "$b" ]]; then
+              7z a "slang-macos-dist.zip" "${existing_files[@]}"
+            fi
+          done
+
+          timeout 1000 gon ./extras/macos-notarize.json
+
+          cp slang-macos-dist.zip "slang-macos-dist-${{matrix.platform}}.zip"
+          echo "SLANG_NOTARIZED_DIST=slang-macos-dist-${{matrix.platform}}.zip" >> $GITHUB_OUTPUT
+
+      - name: Package Slang
+        id: package
+        run: |
+          # For the release, also generate a tar.gz file
+          cpack --preset "$config" -G ZIP
+          cpack --preset "$config" -G TGZ
+          triggering_ref=${{ github.ref_name }}
+          base=$(pwd)/slang-${triggering_ref#v}-${{matrix.os}}-${{matrix.platform}}
+          mv "$(pwd)/build/dist-${config}/slang.zip" "${base}.zip"
+          echo "SLANG_BINARY_ARCHIVE_ZIP=${base}.zip" >> $GITHUB_OUTPUT
+          mv "$(pwd)/build/dist-${config}/slang.tar.gz" "${base}.tar.gz"
+          echo "SLANG_BINARY_ARCHIVE_TAR=${base}.tar.gz" >> $GITHUB_OUTPUT
+
+      - name: File check
+        run: |
+          find "build/dist-$config" ! -iname '*.md' ! -iname '*.h' -type f | xargs file
+          if [ "${{matrix.os}}" = "macos" ]; then
+            find "build/dist-$config" ! -iname '*.md' ! -iname '*.h' -type f |
+              xargs codesign --verify --verbose=2 ||
+              echo "code signing failed"
+          fi
+
+      - name: UploadBinary
+        uses: softprops/action-gh-release@v1
+        if: startsWith(github.ref, 'refs/tags/v')
+        with:
+          files: |
+            ${{ steps.package.outputs.SLANG_BINARY_ARCHIVE_ZIP }}
+            ${{ steps.package.outputs.SLANG_BINARY_ARCHIVE_TAR }}
+            ${{ steps.notarize.outputs.SLANG_NOTARIZED_DIST }}
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}