Fix code signing script for MacOS builds #298
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ############################################################################## | |
| # Copyright 2022-2024 Leon Lynch | |
| # | |
| # This file is licensed under the terms of the LGPL v2.1 license. | |
| # See LICENSE file. | |
| ############################################################################## | |
| name: MacOS build | |
| on: [push] | |
| env: | |
| TR31_VERSION: 0.6.1 | |
| jobs: | |
| build-macos-debug: | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| include: | |
| - { name: "MacOS 13", os: macos-13, osx_arch: "x86_64;arm64", build_type: "Release", lib_type: "shared", shared_libs: "YES", deps: "none", fetch_deps: YES, build_dukpt_ui: NO } | |
| - { name: "MacOS 13", os: macos-13, osx_arch: "x86_64;arm64", build_type: "Debug", lib_type: "static", shared_libs: "NO", deps: "tr31", fetch_deps: YES, build_dukpt_ui: NO } | |
| - { name: "MacOS 13", os: macos-13, osx_arch: "x86_64", build_type: "Debug", lib_type: "shared", shared_libs: "YES", deps: "tr31/qt5", fetch_deps: NO, build_dukpt_ui: YES } | |
| - { name: "MacOS 13", os: macos-13, osx_arch: "x86_64", build_type: "Release", lib_type: "static", shared_libs: "NO", deps: "tr31/qt6", fetch_deps: NO, build_dukpt_ui: YES } | |
| - { name: "MacOS 14", os: macos-14, osx_arch: "arm64", build_type: "Release", lib_type: "shared", shared_libs: "YES", deps: "tr31", fetch_deps: NO, build_dukpt_ui: NO } | |
| - { name: "MacOS 14", os: macos-14, osx_arch: "arm64", build_type: "Debug", lib_type: "static", shared_libs: "NO", deps: "tr31/qt5", fetch_deps: YES, build_dukpt_ui: YES } | |
| - { name: "MacOS 14", os: macos-14, osx_arch: "arm64", build_type: "Debug", lib_type: "shared", shared_libs: "YES", deps: "tr31/qt6", fetch_deps: YES, build_dukpt_ui: YES } | |
| name: ${{ matrix.name }} (${{ matrix.osx_arch }}) build (${{ matrix.lib_type }}/${{ matrix.build_type }}/${{ matrix.deps }}) | |
| runs-on: ${{ matrix.os }} | |
| steps: | |
| - name: Install MbedTLS and argp-standalone using brew | |
| # Homebrew doesn't support universal binaries so only install dependencies for arch-specific builds | |
| if: ${{ matrix.fetch_deps == 'NO' }} | |
| run: | | |
| brew install mbedtls | |
| brew install argp-standalone | |
| echo "CMAKE_REQUIRE_FIND_PACKAGE_MbedTLS=YES" >> $GITHUB_ENV | |
| - name: Install TR-31 using brew | |
| if: ${{ contains(matrix.deps, 'tr31') && matrix.fetch_deps == 'NO' }} | |
| run: | | |
| brew install openemv/tap/tr31 | |
| echo "CMAKE_REQUIRE_FIND_PACKAGE_tr31=YES" >> $GITHUB_ENV | |
| - name: Install Qt5 using brew | |
| # Homebrew doesn't support universal binaries so only install Qt for arch-specific builds | |
| if: contains(matrix.deps, 'qt5') | |
| run: | | |
| brew install qt@5 | |
| echo "QT_DIR=$(brew --prefix qt@5)/lib/cmake/Qt5" >> $GITHUB_ENV | |
| - name: Install Qt6 using brew | |
| # Homebrew doesn't support universal binaries so only install Qt for arch-specific builds | |
| if: contains(matrix.deps, 'qt6') | |
| run: | | |
| brew install qt@6 | |
| echo "QT_DIR=$(brew --prefix qt@6)/lib/cmake/Qt6" >> $GITHUB_ENV | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| with: | |
| submodules: recursive | |
| - name: Build TR-31 from source | |
| # This step must be after the checkout action step to avoid being overwritten | |
| if: ${{ contains(matrix.deps, 'tr31') && matrix.fetch_deps == 'YES' }} | |
| run: | | |
| gh release download --repo openemv/tr31 ${{ env.TR31_VERSION }} | |
| tar xvfz tr31-${{ env.TR31_VERSION }}-src.tar.gz | |
| cd tr31-${{ env.TR31_VERSION }} | |
| cmake -B build -DCMAKE_OSX_ARCHITECTURES="${{ matrix.osx_arch }}" -DCMAKE_BUILD_TYPE="${{ matrix.build_type }}" -DBUILD_SHARED_LIBS=${{ matrix.shared_libs }} -DFETCH_MBEDTLS=${{ matrix.fetch_deps }} -DCMAKE_REQUIRE_FIND_PACKAGE_MbedTLS=${{ env.CMAKE_REQUIRE_FIND_PACKAGE_MbedTLS }} -DBUILD_TR31_TOOL=NO | |
| cmake --build build | |
| echo "TR31_DIR=$(pwd)/build/cmake/" >> $GITHUB_ENV | |
| echo "CMAKE_REQUIRE_FIND_PACKAGE_tr31=YES" >> $GITHUB_ENV | |
| cd .. | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Configure CMake | |
| run: | | |
| cmake -B build \ | |
| -DCMAKE_OSX_ARCHITECTURES="${{ matrix.osx_arch }}" \ | |
| -DCMAKE_BUILD_TYPE="${{ matrix.build_type }}" \ | |
| -DBUILD_SHARED_LIBS=${{ matrix.shared_libs }} \ | |
| -DFETCH_MBEDTLS=${{ matrix.fetch_deps }} \ | |
| -DCMAKE_REQUIRE_FIND_PACKAGE_MbedTLS=${{ env.CMAKE_REQUIRE_FIND_PACKAGE_MbedTLS }} \ | |
| -DFETCH_ARGP=${{ matrix.fetch_deps }} \ | |
| -Dtr31_DIR=${{ env.TR31_DIR }} \ | |
| -DCMAKE_REQUIRE_FIND_PACKAGE_tr31=${{ env.CMAKE_REQUIRE_FIND_PACKAGE_tr31 }} \ | |
| -DQT_DIR=${{ env.QT_DIR }} \ | |
| -DCMAKE_DISABLE_FIND_PACKAGE_Qt5=${{ !contains(matrix.deps, 'qt5') && 'YES' || 'NO' }} \ | |
| -DCMAKE_DISABLE_FIND_PACKAGE_Qt6=${{ !contains(matrix.deps, 'qt6') && 'YES' || 'NO' }} \ | |
| -DBUILD_DUKPT_UI=${{ matrix.build_dukpt_ui }} | |
| - name: Build | |
| run: cmake --build build | |
| - name: Test | |
| run: ctest --test-dir build --output-on-failure | |
| build-macos-release: | |
| name: MacOS 13 (release) | |
| runs-on: macos-13 | |
| steps: | |
| - name: Install dependencies | |
| run: | | |
| brew install qt@5 | |
| echo "QT_DIR=$(brew --prefix qt@5)/lib/cmake/Qt5" >> $GITHUB_ENV | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: 0 | |
| submodules: recursive | |
| - name: Get version from git tag | |
| run: echo "GIT_DESCRIBE=$(git describe --always --dirty)" >> $GITHUB_ENV | |
| - name: Build TR-31 dependency | |
| run: | | |
| gh release download --repo openemv/tr31 ${{ env.TR31_VERSION }} | |
| tar xvfz tr31-${{ env.TR31_VERSION }}-src.tar.gz | |
| cd tr31-${{ env.TR31_VERSION }} | |
| cmake -B build -DCMAKE_OSX_ARCHITECTURES="x86_64" -DCMAKE_BUILD_TYPE="RelWithDebInfo" -DFETCH_MBEDTLS=YES -DBUILD_TR31_TOOL=NO | |
| cmake --build build | |
| echo "TR31_DIR=$(pwd)/build/cmake/" >> $GITHUB_ENV | |
| cd .. | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Prepare keychain | |
| env: | |
| OPENEMV_MACOS_CERT_BASE64: ${{ secrets.OPENEMV_MACOS_CERT_BASE64 }} | |
| OPENEMV_MACOS_CERT_PWD: ${{ secrets.OPENEMV_MACOS_CERT_PWD }} | |
| KEYCHAIN_PASSWORD: ${{ secrets.KEYCHAIN_PASSWORD }} | |
| run: scripts/prepare_macos_keychain.sh | |
| - name: Configure CMake | |
| run: | | |
| cmake -B build \ | |
| -DCMAKE_OSX_ARCHITECTURES="x86_64" \ | |
| -DCMAKE_BUILD_TYPE="RelWithDebInfo" \ | |
| -DFETCH_MBEDTLS=YES \ | |
| -DFETCH_ARGP=YES \ | |
| -Dtr31_DIR=${{ env.TR31_DIR }} \ | |
| -DQT_DIR=${{ env.QT_DIR }} \ | |
| -DBUILD_DUKPT_UI=YES \ | |
| -DBUILD_MACOSX_BUNDLE=YES \ | |
| -DSIGN_MACOSX_BUNDLE=openemv.org | |
| - name: Build | |
| run: cmake --build build | |
| - name: Test | |
| run: ctest --test-dir build --output-on-failure | |
| - name: Package | |
| run: cmake --build build --target package | |
| - name: Clean up keychain | |
| if: ${{ always() }} | |
| run: scripts/cleanup_macos_keychain.sh | |
| - name: Upload artifact | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: dukpt-${{ env.GIT_DESCRIBE }}-macos | |
| path: | | |
| build/dukpt-*.tar.gz | |
| build/dukpt-*.dmg | |
| if-no-files-found: error | |
| - name: Upload build directory if failed | |
| if: ${{ failure() }} | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: dukpt-${{ env.GIT_DESCRIBE }}-macos-build | |
| path: ./ | |
| if-no-files-found: error |