macos-arm64 and codesign #116

Workflow file for this run

	env:
	CMAKE_XCODE_ATTRIBUTE_DEVELOPMENT_TEAM: ${{ secrets.CMAKE_XCODE_ATTRIBUTE_DEVELOPMENT_TEAM }}
	MACOS_CERTIFICATE_BASE64: ${{ secrets.MACOS_CERTIFICATE_BASE64 }}
	MACOS_CERTIFICATE_PASSWORD: ${{ secrets.MACOS_CERTIFICATE_PASSWORD }}
	P12_PASSWORD: ${{ secrets.P12_PASSWORD }}
	KEYCHAIN_PASSWORD: ${{ secrets.KEYCHAIN_PASSWORD }}
	NOTARIZATION_TEAM_ID: ${{ secrets.NOTARIZATION_TEAM_ID }}
	NOTARIZATION_USERNAME: ${{ secrets.NOTARIZATION_USERNAME }}
	NOTARIZATION_PASSWORD: ${{ secrets.NOTARIZATION_PASSWORD }}

	name: Compile
	on:
	pull_request: {}
	push:
	tags:
	- '*'
	jobs:

	build-windows:
	runs-on: windows-latest
	strategy:
	matrix:
	include:
	- { name: "win64", os: "windows-2022", python-version: "3.9", python-major: "39"}
	- { name: "win64", os: "windows-2022", python-version: "3.11", python-major: "311"}
	steps:
	- uses: actions/checkout@v4
	with:
	submodules: true

	- name: Setup Python
	uses: actions/setup-python@v5
	with:
	python-version: ${{ matrix.python-version }}

	- name: Add msbuild to PATH
	uses: microsoft/setup-msbuild@v2

	- name: Get CMake
	uses: lukka/get-cmake@latest

	- name: Build Windows (Release)
	run: \|
	mkdir build
	cmake . -DCMAKE_BUILD_TYPE=Release -Bbuild -DPython_ROOT_DIR=$pythonLocation
	cd build
	msbuild ChucKDesignerCHOP.sln /property:Configuration=Release

	- name: Make distribution
	run: \|
	mkdir ChucKDesigner-${{ matrix.name }}-Python${{ matrix.python-major }}
	move ${{ github.workspace }}/Plugins/ChucK*.dll ChucKDesigner-${{ matrix.name }}-Python${{ matrix.python-major }}
	7z a ChucKDesigner-${{ matrix.name }}-Python${{ matrix.python-major }}.zip ./ChucKDesigner-${{ matrix.name }}-Python${{ matrix.python-major }}/* -r

	- name: Upload artifact
	uses: actions/upload-artifact@v4
	with:
	name: ChucKDesigner-${{ matrix.name }}-Python${{ matrix.python-major }}
	path: ChucKDesigner-${{ matrix.name }}-Python${{ matrix.python-major }}.zip
	if-no-files-found: error

	build-macos:
	strategy:
	fail-fast: false
	matrix:
	include:
	- name: macos-x86_64
	arch: x86_64
	os: macos-12
	python-version: "3.11"
	python-major: "311"
	- name: macos-arm64
	arch: arm64
	os: macos-12
	python-version: "3.11"
	python-major: "311"

	runs-on: macos-12
	env:
	DEST_DIR: ChucKDesigner-${{ matrix.name }}-Python${{ matrix.python-major }}
	steps:
	- uses: actions/checkout@v4
	with:
	submodules: true

	- name: Install Certificate
	# https://docs.github.com/en/actions/deployment/deploying-xcode-applications/installing-an-apple-certificate-on-macos-runners-for-xcode-development
	run: \|
	# create variables
	CERTIFICATE_PATH=$RUNNER_TEMP/build_certificate.p12
	KEYCHAIN_PATH=$RUNNER_TEMP/app-signing.keychain-db

	# import certificate and provisioning profile from secrets
	echo -n "$MACOS_CERTIFICATE_BASE64" \| base64 --decode -o $CERTIFICATE_PATH

	# create temporary keychain
	security create-keychain -p "$MACOS_CERTIFICATE_PASSWORD" $KEYCHAIN_PATH
	security set-keychain-settings -lut 21600 $KEYCHAIN_PATH
	security unlock-keychain -p "$MACOS_CERTIFICATE_PASSWORD" $KEYCHAIN_PATH

	# import certificate to keychain
	security import $CERTIFICATE_PATH -P "$P12_PASSWORD" -A -t cert -f pkcs12 -k $KEYCHAIN_PATH
	security set-key-partition-list -S apple-tool:,apple: -k "$MACOS_CERTIFICATE_PASSWORD" $KEYCHAIN_PATH
	echo "list-keychain:\n"
	security list-keychain -d user -s $KEYCHAIN_PATH
	echo "find-identity:\n"
	security find-identity -v
	echo "find-identity codesigning:\n"
	security find-identity -p codesigning -v

	- name: Setup Python
	uses: actions/setup-python@v5
	with:
	python-version: ${{ matrix.python-version }}

	- name: Brew install requirements (arm64)
	if: ${{ endsWith( matrix.name, 'macos-arm64') }}
	run: \|
	brew update
	PACKAGES=(flac libogg libtool libvorbis opus mpg123 lame)
	DEPS=($(brew deps --union --topological $(echo $PACKAGES) \| tr '\n' ' '))
	PACKAGES=("${DEPS[@]}" "${PACKAGES[@]}")
	export HOMEBREW_NO_INSTALL_CLEANUP=1
	export HOMEBREW_NO_INSTALL_UPGRADE=1
	export HOMEBREW_NO_INSTALLED_DEPENDENTS_CHECK=1
	for PACKAGE in "${PACKAGES[@]}"
	do
	echo "Fetching bottle: $PACKAGE"
	response=$(brew fetch --bottle-tag=arm64_monterey $PACKAGE 2>&1)
	package_path=$(echo $response \| sed -n 's/.\:\ $.\.tar\.gz$.*/\1/p')
	package_path=$(echo "$package_path" \| xargs)
	echo "Package Path: $package_path"
	brew reinstall --verbose --force-bottle "$package_path" \|\| true
	done

	brew uninstall --ignore-dependencies curl git \|\| true

	- name: Install dependencies macOS
	if: ${{ endsWith( matrix.name, 'macos-x86_64') }}
	run: \|
	brew install autoconf autogen automake flac libogg libtool libvorbis opus mpg123 pkg-config

	- name: Some Setup
	run: \|
	cd thirdparty/chuck/src/core
	bison -dv -b chuck chuck.y
	flex -ochuck.yy.c chuck.lex

	- name: Build MacOS (Release)
	run: \|
	cmake -Bbuild -G "Xcode" -DCMAKE_OSX_ARCHITECTURES=${{matrix.arch}} -DCMAKE_OSX_DEPLOYMENT_TARGET=12.0 -DPYTHONVER="${{matrix.python-version}}" -DPython_ROOT_DIR=$pythonLocation
	cmake --build build --config Release
	codesign --entitlements "mac/miniAudicle.entitlements" --force --deep --timestamp --verify --verbose=2 --options=runtime --sign "Developer ID Application: David Braun (${{secrets.CMAKE_XCODE_ATTRIBUTE_DEVELOPMENT_TEAM}})" build/Release/ChucKDesignerCHOP.plugin
	codesign --entitlements "mac/miniAudicle.entitlements" --force --deep --timestamp --verify --verbose=2 --options=runtime --sign "Developer ID Application: David Braun (${{secrets.CMAKE_XCODE_ATTRIBUTE_DEVELOPMENT_TEAM}})" build/Release/ChucKListenerCHOP.plugin
	codesign --entitlements "mac/miniAudicle.entitlements" --force --deep --timestamp --verify --verbose=2 --options=runtime --sign "Developer ID Application: David Braun (${{secrets.CMAKE_XCODE_ATTRIBUTE_DEVELOPMENT_TEAM}})" build/Release/libChucKDesignerShared.dylib
	codesign --verify --deep --strict --verbose=2 build/Release/ChucKDesignerCHOP.plugin
	codesign --verify --deep --strict --verbose=2 build/Release/ChucKListenerCHOP.plugin
	codesign --verify --deep --strict --verbose=2 build/libChucKDesignerShared.dylib

	- name: Make distribution
	run: \|
	mkdir $DEST_DIR
	cp ${{ github.workspace }}/build/Release/libChucKDesignerShared.dylib $DEST_DIR
	mv ${{ github.workspace }}/build/Release/ChucKDesignerCHOP.plugin $DEST_DIR
	mv ${{ github.workspace }}/build/Release/ChucKListenerCHOP.plugin $DEST_DIR
	zip -r $DEST_DIR.zip $DEST_DIR

	- name: Notarize
	run: \|
	xcrun notarytool submit "$DEST_DIR.zip" \
	--team-id "$NOTARIZATION_TEAM_ID" \
	--apple-id "$NOTARIZATION_USERNAME" \
	--password "$NOTARIZATION_PASSWORD" \
	--wait

	- name: Staple
	# While you can notarize a ZIP archive, you can’t staple to it directly.
	# Instead, run stapler against each item that you added to the archive.
	# Then create a new ZIP file containing the stapled items for distribution.
	# Although tickets are created for standalone binaries, it’s not currently possible to staple tickets to them.
	run: \|
	xcrun stapler staple $DEST_DIR/ChucKDesignerCHOP.plugin
	xcrun stapler staple $DEST_DIR/ChucKListenerCHOP.plugin

	- name: Make stapled distribution
	run: \|
	rm $DEST_DIR.zip
	zip -r $DEST_DIR.zip $DEST_DIR

	- name: Upload artifact
	uses: actions/upload-artifact@v4
	with:
	name: ChucKDesigner-${{ matrix.name }}-Python${{ matrix.python-major }}
	path: ChucKDesigner-${{ matrix.name }}-Python${{ matrix.python-major }}.zip
	if-no-files-found: error

	create-release:
	if: startsWith(github.ref, 'refs/tags/v')
	needs: [build-windows, build-macos]
	runs-on: ubuntu-latest
	name: "Create Release on GitHub"
	steps:
	- uses: actions/download-artifact@v4
	with:
	path: "dist"

	- uses: ncipollo/release-action@v1
	with:
	artifacts: "dist//"
	token: ${{ secrets.GITHUB_TOKEN }}
	draft: true

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

macos-arm64 and codesign #116

Workflow file

macos-arm64 and codesign #116

Jobs

Run details

Workflow file for this run