Skip to content

Fix code signing of targets for MacOS release builds #315

Fix code signing of targets for MacOS release builds

Fix code signing of targets for MacOS release builds #315

Workflow file for this run

##############################################################################
# Copyright 2022-2024 Leon Lynch
#
# This file is licensed under the terms of the LGPL v2.1 license.
# See LICENSE file.
##############################################################################
name: MacOS build
on: [push]
env:
TR31_VERSION: 0.6.1
jobs:
build-macos-debug:
strategy:
fail-fast: false
matrix:
include:
- { name: "MacOS 13", os: macos-13, osx_arch: "x86_64;arm64", build_type: "Release", lib_type: "shared", shared_libs: "YES", deps: "none", fetch_deps: YES, build_dukpt_ui: NO }
- { name: "MacOS 13", os: macos-13, osx_arch: "x86_64;arm64", build_type: "Debug", lib_type: "static", shared_libs: "NO", deps: "tr31", fetch_deps: YES, build_dukpt_ui: NO }
- { name: "MacOS 13", os: macos-13, osx_arch: "x86_64", build_type: "Debug", lib_type: "shared", shared_libs: "YES", deps: "tr31/qt5", fetch_deps: NO, build_dukpt_ui: YES }
- { name: "MacOS 13", os: macos-13, osx_arch: "x86_64", build_type: "Release", lib_type: "static", shared_libs: "NO", deps: "tr31/qt6", fetch_deps: NO, build_dukpt_ui: YES }
- { name: "MacOS 14", os: macos-14, osx_arch: "arm64", build_type: "Release", lib_type: "shared", shared_libs: "YES", deps: "tr31", fetch_deps: NO, build_dukpt_ui: NO }
- { name: "MacOS 14", os: macos-14, osx_arch: "arm64", build_type: "Debug", lib_type: "static", shared_libs: "NO", deps: "tr31/qt5", fetch_deps: YES, build_dukpt_ui: YES }
- { name: "MacOS 14", os: macos-14, osx_arch: "arm64", build_type: "Debug", lib_type: "shared", shared_libs: "YES", deps: "tr31/qt6", fetch_deps: YES, build_dukpt_ui: YES }
name: ${{ matrix.name }} (${{ matrix.osx_arch }}) build (${{ matrix.lib_type }}/${{ matrix.build_type }}/${{ matrix.deps }})
runs-on: ${{ matrix.os }}
steps:
- name: Install MbedTLS and argp-standalone using brew
# Homebrew doesn't support universal binaries so only install dependencies for arch-specific builds
if: ${{ matrix.fetch_deps == 'NO' }}
run: |
brew install mbedtls
brew install argp-standalone
echo "CMAKE_REQUIRE_FIND_PACKAGE_MbedTLS=YES" >> $GITHUB_ENV
- name: Install TR-31 using brew
if: ${{ contains(matrix.deps, 'tr31') && matrix.fetch_deps == 'NO' }}
run: |
brew install openemv/tap/tr31
echo "CMAKE_REQUIRE_FIND_PACKAGE_tr31=YES" >> $GITHUB_ENV
- name: Install Qt5 using brew
# Homebrew doesn't support universal binaries so only install Qt for arch-specific builds
if: contains(matrix.deps, 'qt5')
run: |
brew install qt@5
echo "QT_DIR=$(brew --prefix qt@5)/lib/cmake/Qt5" >> $GITHUB_ENV
- name: Install Qt6 using brew
# Homebrew doesn't support universal binaries so only install Qt for arch-specific builds
if: contains(matrix.deps, 'qt6')
run: |
brew install qt@6
echo "QT_DIR=$(brew --prefix qt@6)/lib/cmake/Qt6" >> $GITHUB_ENV
- name: Checkout
uses: actions/checkout@v4
with:
submodules: recursive
- name: Build TR-31 from source
# This step must be after the checkout action step to avoid being overwritten
if: ${{ contains(matrix.deps, 'tr31') && matrix.fetch_deps == 'YES' }}
run: |
gh release download --repo openemv/tr31 ${{ env.TR31_VERSION }}
tar xvfz tr31-${{ env.TR31_VERSION }}-src.tar.gz
cd tr31-${{ env.TR31_VERSION }}
cmake -B build -DCMAKE_OSX_ARCHITECTURES="${{ matrix.osx_arch }}" -DCMAKE_BUILD_TYPE="${{ matrix.build_type }}" -DBUILD_SHARED_LIBS=${{ matrix.shared_libs }} -DFETCH_MBEDTLS=${{ matrix.fetch_deps }} -DCMAKE_REQUIRE_FIND_PACKAGE_MbedTLS=${{ env.CMAKE_REQUIRE_FIND_PACKAGE_MbedTLS }} -DBUILD_TR31_TOOL=NO
cmake --build build
echo "TR31_DIR=$(pwd)/build/cmake/" >> $GITHUB_ENV
echo "CMAKE_REQUIRE_FIND_PACKAGE_tr31=YES" >> $GITHUB_ENV
cd ..
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- name: Configure CMake
run: |
cmake -B build \
-DCMAKE_OSX_ARCHITECTURES="${{ matrix.osx_arch }}" \
-DCMAKE_BUILD_TYPE="${{ matrix.build_type }}" \
-DBUILD_SHARED_LIBS=${{ matrix.shared_libs }} \
-DFETCH_MBEDTLS=${{ matrix.fetch_deps }} \
-DCMAKE_REQUIRE_FIND_PACKAGE_MbedTLS=${{ env.CMAKE_REQUIRE_FIND_PACKAGE_MbedTLS }} \
-DFETCH_ARGP=${{ matrix.fetch_deps }} \
-Dtr31_DIR=${{ env.TR31_DIR }} \
-DCMAKE_REQUIRE_FIND_PACKAGE_tr31=${{ env.CMAKE_REQUIRE_FIND_PACKAGE_tr31 }} \
-DQT_DIR=${{ env.QT_DIR }} \
-DCMAKE_DISABLE_FIND_PACKAGE_Qt5=${{ !contains(matrix.deps, 'qt5') && 'YES' || 'NO' }} \
-DCMAKE_DISABLE_FIND_PACKAGE_Qt6=${{ !contains(matrix.deps, 'qt6') && 'YES' || 'NO' }} \
-DBUILD_DUKPT_UI=${{ matrix.build_dukpt_ui }}
- name: Build
run: cmake --build build
- name: Test
run: ctest --test-dir build --output-on-failure
build-macos-release:
name: MacOS 13 (release)
runs-on: macos-13
steps:
- name: Install dependencies
run: |
brew install qt@5
echo "QT_DIR=$(brew --prefix qt@5)/lib/cmake/Qt5" >> $GITHUB_ENV
- name: Checkout
uses: actions/checkout@v4
with:
fetch-depth: 0
submodules: recursive
- name: Get version from git tag
run: echo "GIT_DESCRIBE=$(git describe --always --dirty)" >> $GITHUB_ENV
- name: Build TR-31 dependency
run: |
gh release download --repo openemv/tr31 ${{ env.TR31_VERSION }}
tar xvfz tr31-${{ env.TR31_VERSION }}-src.tar.gz
cd tr31-${{ env.TR31_VERSION }}
cmake -B build -DCMAKE_OSX_ARCHITECTURES="x86_64" -DCMAKE_BUILD_TYPE="RelWithDebInfo" -DFETCH_MBEDTLS=YES -DBUILD_TR31_TOOL=NO
cmake --build build
echo "TR31_DIR=$(pwd)/build/cmake/" >> $GITHUB_ENV
cd ..
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- name: Prepare keychain
env:
OPENEMV_MACOS_CERT_BASE64: ${{ secrets.OPENEMV_MACOS_CERT_BASE64 }}
OPENEMV_MACOS_CERT_PWD: ${{ secrets.OPENEMV_MACOS_CERT_PWD }}
KEYCHAIN_PASSWORD: ${{ secrets.KEYCHAIN_PASSWORD }}
run: scripts/prepare_macos_keychain.sh
- name: Configure CMake
run: |
cmake -B build \
-DCMAKE_OSX_ARCHITECTURES="x86_64" \
-DCMAKE_BUILD_TYPE="RelWithDebInfo" \
-DFETCH_MBEDTLS=YES \
-DFETCH_ARGP=YES \
-Dtr31_DIR=${{ env.TR31_DIR }} \
-DQT_DIR=${{ env.QT_DIR }} \
-DBUILD_DUKPT_UI=YES \
-DBUILD_MACOSX_BUNDLE=YES \
-DCPACK_COMMAND_HDIUTIL="/usr/bin/sudo /usr/bin/hdiutil" \
-DSIGN_MACOSX_BUNDLE=openemv.org
- name: Build
run: cmake --build build
- name: Test
run: ctest --test-dir build --output-on-failure
- name: Package
run: cmake --build build --target package
- name: Clean up keychain
if: ${{ always() }}
run: scripts/cleanup_macos_keychain.sh
- name: Upload artifact
uses: actions/upload-artifact@v4
with:
name: dukpt-${{ env.GIT_DESCRIBE }}-macos
path: |
build/dukpt-*.tar.gz
build/dukpt-*.dmg
if-no-files-found: error
- name: Upload build directory if failed
if: ${{ failure() }}
uses: actions/upload-artifact@v4
with:
name: dukpt-${{ env.GIT_DESCRIBE }}-macos-build
path: ./
if-no-files-found: error