Skip to content

ci: log shasum of notarization key #258

ci: log shasum of notarization key

ci: log shasum of notarization key #258

Workflow file for this run

name: Build Launcher
on:
pull_request:
push:
branches:
- "main"
workflow_dispatch:
jobs:
build:
# both Windows and Linux builds run on Ubuntu
runs-on: ${{ matrix.build == 'macos' && 'macos' || 'ubuntu' }}-latest
strategy:
fail-fast: false
matrix:
build: [macos, windows, linux]
include:
- build: linux
godot-bin: 'godot.linuxbsd.editor.x86_64.mono'
godot-template-bins: 'godot.linuxbsd.template_*'
godot-templates-dir: '/home/runner/.local/share/godot/export_templates/4.2.2.stable.mono'
- build: macos
godot-bin: 'godot.macos.editor.universal'
godot-template-bins: 'godot.macos.template_*'
godot-templates-dir: '/Users/runner/Library/Application Support/Godot/export_templates/4.2.2.stable'
# Windows build runs on Ubuntu
- build: windows
godot-bin: 'godot.linuxbsd.editor.x86_64.mono'
godot-template-bins: 'godot.windows.template_*'
godot-templates-dir: '/home/runner/.local/share/godot/export_templates/4.2.2.stable.mono'
steps:
- uses: actions/checkout@v3
- uses: chickensoft-games/setup-godot@v1
with:
version: 4.2.2
# When running on Linux, we have to use the .NET build, as this is
# the only custom build available from the CI
use-dotnet: ${{ matrix.build == 'linux' || matrix.build == 'windows' }}
include-templates: true
- name: Download Godot w/Bitcoin module
uses: robinraju/release-downloader@v1.11
with:
repository: LayerTwo-Labs/godot-bitcoin-module
tag: v4.2.2-bitcoin
filename: ${{ matrix.godot-bin }}
- name: Download Godot templates w/Bitcoin module
uses: robinraju/release-downloader@v1.11
with:
repository: LayerTwo-Labs/godot-bitcoin-module
tag: v4.2.2-bitcoin
filename: ${{ matrix.godot-template-bins }}
# FIXME: remove
- name: show files (linux / windows)
if: ${{ matrix.build == 'linux' || matrix.build == 'windows' }}
run: |
ls
echo 'TEMPLATES'
ls ${{ matrix.godot-templates-dir }}
echo 'VERSION TXT'
cat "${{ matrix.godot-templates-dir }}/version.txt"
echo $GODOT
# FIXME: remove
- name: show files (macos)
if: ${{ matrix.build == 'macos' }}
run: |
ls
#echo 'TEMPLATES'
#ls '/Users/runner/Library/Application Support/Godot/export_templates/4.2.2.stable'
#echo 'MACOS TEMPLATES'
#zipinfo -1 '/Users/runner/Library/Application Support/Godot/export_templates/4.2.2.stable/macos.zip'
#echo 'VERSION TXT'
#cat '/Users/runner/Library/Application Support/Godot/export_templates/4.2.2.stable/version.txt'
echo $GODOT
- name: Replace default templates with custom templates (linux)
if: ${{ matrix.build == 'linux' }}
run: |
rm "${{ matrix.godot-templates-dir }}/linux_debug.x86_64"
mv godot.linuxbsd.template_debug.x86_64.mono "${{ matrix.godot-templates-dir }}/linux_debug.x86_64"
rm "${{ matrix.godot-templates-dir }}/linux_release.x86_64"
mv godot.linuxbsd.template_release.x86_64.mono "${{ matrix.godot-templates-dir }}/linux_release.x86_64"
- name: Replace default templates with custom templates (macos)
if: ${{ matrix.build == 'macos' }}
run: |
# Temporary directory used to construct the zip file
TMP_ZIP_DIR=$(mktemp -d)
mkdir -p "${TMP_ZIP_DIR}/macos_template.app/Contents/MacOS"
mv "godot.macos.template_debug.universal" "${TMP_ZIP_DIR}/macos_template.app/Contents/MacOS/godot_macos_debug.universal"
mv "godot.macos.template_release.universal" "${TMP_ZIP_DIR}/macos_template.app/Contents/MacOS/godot_macos_release.universal"
zip --delete "${{ matrix.godot-templates-dir }}/macos.zip" "macos_template.app/Contents/MacOS/godot_macos_debug.universal"
zip --delete "${{ matrix.godot-templates-dir }}/macos.zip" "macos_template.app/Contents/MacOS/godot_macos_release.universal"
pushd "${TMP_ZIP_DIR}"
zip "${{ matrix.godot-templates-dir }}/macos.zip" "macos_template.app/Contents/MacOS/godot_macos_debug.universal"
zip "${{ matrix.godot-templates-dir }}/macos.zip" "macos_template.app/Contents/MacOS/godot_macos_release.universal"
popd
- name: Replace default templates with custom templates (windows)
if: ${{ matrix.build == 'windows' }}
run: |
rm "${{ matrix.godot-templates-dir }}/windows_debug_x86_64.exe"
mv "godot.windows.template_debug.x86_64.exe" "${{ matrix.godot-templates-dir }}/windows_debug_x86_64.exe"
rm "${{ matrix.godot-templates-dir }}/windows_debug_x86_64_console.exe"
mv "godot.windows.template_debug.x86_64.console.exe" "${{ matrix.godot-templates-dir }}/windows_debug_x86_64_console.exe"
rm "${{ matrix.godot-templates-dir }}/windows_release_x86_64.exe"
mv "godot.windows.template_release.x86_64.exe" "${{ matrix.godot-templates-dir }}/windows_release_x86_64.exe"
rm "${{ matrix.godot-templates-dir }}/windows_release_x86_64_console.exe"
mv "godot.windows.template_release.x86_64.console.exe" "${{ matrix.godot-templates-dir }}/windows_release_x86_64_console.exe"
# FIXME: remove
- name: show files (linux / windows)
if: ${{ matrix.build == 'linux' || matrix.build == 'windows' }}
run: |
ls
echo 'TEMPLATES'
ls ${{ matrix.godot-templates-dir }}
# FIXME: remove
- name: show files (macos)
if: ${{ matrix.build == 'macos' }}
run: |
ls
echo 'TEMPLATES'
ls '/Users/runner/Library/Application Support/Godot/export_templates/4.2.2.stable'
echo 'MACOS TEMPLATES'
zipinfo -1 '/Users/runner/Library/Application Support/Godot/export_templates/4.2.2.stable/macos.zip'
- name: Verify Setup
run: |
chmod +x ${{ matrix.godot-bin }}
mv ${{ matrix.godot-bin }} $GODOT
godot --version
- name: Import certificate to Keychain
if: ${{ matrix.build == 'macos' }}
run: |
echo "${{ secrets.MACOS_CERTIFICATE }}" | base64 --decode > certificate.p12
KEYCHAIN_PASSWORD=$(uuidgen)
security create-keychain -p "$KEYCHAIN_PASSWORD" build.keychain
security default-keychain -s build.keychain
security unlock-keychain -p "$KEYCHAIN_PASSWORD" build.keychain
security import ./certificate.p12 -k ~/Library/Keychains/build.keychain -P ${{ secrets.MACOS_CERTIFICATE_PASSWORD }} -T /usr/bin/codesign
security set-key-partition-list -S apple-tool:,apple: -s -k "$KEYCHAIN_PASSWORD" ~/Library/Keychains/build.keychain
env:
MACOS_CERTIFICATE_PASSWORD: ${{ secrets.MACOS_CERTIFICATE_PASSWORD }}
- name: Setup notarization credentials
if: ${{ matrix.build == 'macos' }}
run: |
echo ${{ secrets.GODOT_MACOS_NOTARIZATION_API_KEY }} | base64 --decode > notarization_api_key.p8
echo sha256sum: $(shasum -a 256 notarization_api_key.p8)
# MUST be run before build
- name: Initialize godot cache
run: python3 .github/scripts/godot_ci_cache.py
- name: Export build
run: |
name="${{fromJSON('{"windows": "Windows Desktop", "macos": "macOS", "linux": "Linux/X11"}')[matrix.build] }}"
godot --headless --export-debug "$name" --verbose 2>&1 | tee build.log
env:
GODOT_MACOS_NOTARIZATION_API_KEY_ID:
${{ secrets.GODOT_MACOS_NOTARIZATION_API_KEY_ID }}
GODOT_MACOS_NOTARIZATION_API_KEY: ./notarization_api_key.p8
GODOT_MACOS_NOTARIZATION_API_UUID:
${{ secrets.GODOT_MACOS_NOTARIZATION_API_UUID }}
- name: Upload build
uses: actions/upload-artifact@v4
with:
name: drivechain_launcher_${{ matrix.build }}
if-no-files-found: error
path: build/drivechain_launcher-*
- name: Wait for notarization to finish
if: ${{ matrix.build == 'macos' }}
run: |
request_id=$(grep 'Notarization request UUID' build.log | rev | cut -d ' ' -f 1 | rev | tr -d '"')
xcrun notarytool wait $request_id \
--issuer ${{ secrets.GODOT_MACOS_NOTARIZATION_API_UUID }} \
--key-id ${{ secrets.GODOT_MACOS_NOTARIZATION_API_KEY_ID }} \
--key ./notarization_api_key.p8
upload-artifacts-to-releases-drivechain-info:
name: Upload artifacts to releases.drivechain.info
runs-on: ubuntu-latest
needs: [build]
# avoid uploading on PRs!
if: github.event_name == 'push' && github.repository_owner == 'LayerTwo-Labs'
steps:
- name: Download artifacts
uses: actions/download-artifact@v4
- name: Create zip files for releases.drivechain.info
run: |
mv drivechain_launcher_linux drivechain-launcher-latest-x86_64-unknown-linux-gnu
zip -r drivechain-launcher-latest-x86_64-unknown-linux-gnu.zip drivechain-launcher-latest-x86_64-unknown-linux-gnu/*
mv drivechain_launcher_macos drivechain-launcher-latest-x86_64-apple-darwin
zip -r drivechain-launcher-latest-x86_64-apple-darwin.zip drivechain-launcher-latest-x86_64-apple-darwin/*
mv drivechain_launcher_windows drivechain-launcher-latest-x86_64-w64
zip -r drivechain-launcher-latest-x86_64-w64.zip drivechain-launcher-latest-x86_64-w64/*
- name: Upload release assets to releases.drivechain.info
uses: cross-the-world/ssh-scp-ssh-pipelines@latest
with:
host: 45.33.96.47
user: root
pass: ${{ secrets.RELEASES_SERVER_PW }}
port: 22
scp: |
'drivechain-launcher-latest-*.zip' => '/var/www/html/'