WIP start figuring out component placement #556
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Valentine | |
on: | |
workflow_dispatch: # lets you run a build from the UI | |
push: | |
# When pushing new commits, cancel any running builds on that branch | |
concurrency: | |
group: ${{ github.ref }} | |
cancel-in-progress: true | |
env: | |
PROJECT_NAME: Valentine | |
BUILD_TYPE: Release | |
BUILD_DIR: Builds | |
SCRIPTS_DIR: scripts | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
DISPLAY: :0 # linux pluginval needs this | |
CMAKE_BUILD_PARALLEL_LEVEL: 3 # Use up to 3 cpus to build juceaide, etc | |
HOMEBREW_NO_INSTALL_CLEANUP: 1 | |
# jobs are run in paralell on different machines | |
# all steps run in series | |
jobs: | |
build_and_test: | |
name: ${{ matrix.name }} | |
runs-on: ${{ matrix.os }} | |
strategy: | |
fail-fast: false # show all errors for each platform (vs. cancel jobs on error) | |
matrix: | |
include: | |
- name: Linux | |
os: ubuntu-22.04 | |
pluginval-binary: ./pluginval | |
pluginval-strictness: 10 | |
- name: macOS | |
os: macos-12 | |
pluginval-binary: pluginval.app/Contents/MacOS/pluginval | |
pluginval-strictness: 10 | |
- name: windows | |
os: windows-latest | |
pluginval-binary: ./pluginval.exe | |
pluginval-strictness: 10 | |
steps: | |
- name: Set up Clang | |
if: ${{ matrix.name != 'macOS' }} | |
uses: egor-tensin/setup-clang@v1.4 | |
- name: Install JUCE's Linux Deps | |
if: runner.os == 'Linux' | |
# Thanks to McMartin & co https://forum.juce.com/t/list-of-juce-dependencies-under-linux/15121/44 | |
run: | | |
sudo apt-get update && sudo apt install libasound2-dev libx11-dev libxinerama-dev libxext-dev libfreetype6-dev libwebkit2gtk-4.0-dev libglu1-mesa-dev xvfb fluxbox ninja-build | |
# downgrade gcc to workaround 22.04 and C++20 issue | |
# see: https://github.com/actions/runner-images/issues/8659 | |
sudo apt-get install -y --allow-downgrades libc6=2.35-0ubuntu3.4 libc6-dev=2.35-0ubuntu3.4 libstdc++6=12.3.0-1ubuntu1~22.04 libgcc-s1=12.3.0-1ubuntu1~22.04 | |
sudo /usr/bin/Xvfb $DISPLAY & | |
# This lets us use sscache on Windows | |
# We need to install ccache here for Windows to grab the right version | |
- name: Install Ninja (Windows) | |
if: runner.os == 'Windows' | |
shell: bash | |
run: choco install ninja ccache | |
- name: Install macOS Deps | |
if: ${{ matrix.name == 'macOS' }} | |
run: brew install ninja osxutils | |
- name: Checkout | |
uses: actions/checkout@v3.3.0 | |
with: | |
submodules: true # Gotta get JUCE populated | |
- name: Setup Environment Variables | |
shell: bash | |
run: | | |
VERSION=$(cat VERSION) | |
echo "ARTIFACTS_PATH=${{ env.BUILD_DIR }}/${{ env.PROJECT_NAME }}_artefacts/${{ env.BUILD_TYPE }}" >> $GITHUB_ENV | |
echo "VST3_PATH=${{ env.PROJECT_NAME }}_artefacts/${{ env.BUILD_TYPE }}/VST3/${{ env.PROJECT_NAME }}.vst3" >> $GITHUB_ENV | |
echo "AU_PATH=${{ env.PROJECT_NAME }}_artefacts/${{ env.BUILD_TYPE }}/AU/${{ env.PROJECT_NAME }}.component" >> $GITHUB_ENV | |
echo "AUV3_PATH=${{ env.PROJECT_NAME }}_artefacts/${{ env.BUILD_TYPE }}/AUv3/${{ env.PROJECT_NAME }}.appex" >> $GITHUB_ENV | |
PRODUCTFILE=`echo ${{ env.PROJECT_NAME }} | tr ' ' '-' | tr '[:upper:]' '[:lower:]'` | |
echo "OUTPUT_FILENAME=$PRODUCTFILE-$VERSION-${{ matrix.name }}" >> $GITHUB_ENV | |
echo "VERSION_NUMBER=$VERSION" >> $GITHUB_ENV | |
- name: Ccache for gh actions | |
uses: hendrikmuhs/ccache-action@v1.2.8 | |
with: | |
key: v2-${{ matrix.os }}-${{ matrix.type }} | |
- name: Setup Keychain and Import Signing Certificates | |
if: ${{ matrix.name == 'macOS' }} | |
shell: bash | |
env: | |
TEAM_ID: ${{ secrets.TEAM_ID }} | |
APP_SPECIFIC_PWD: ${{ secrets.NOTARIZATION_PASSWORD }} | |
APP_CERT_PWD: ${{ secrets.DEV_ID_APP_PASSWORD }} | |
APP_CERT_BASE64: ${{ secrets.DEV_ID_APP_CERT}} | |
APP_CERT_PATH: ${{ runner.temp }}/app_certificate.p12 | |
INSTALL_CERT_PWD: ${{ secrets. DEV_ID_INSTALL_PASSWORD }} | |
INSTALL_CERT_BASE64: ${{ secrets.DEV_ID_INSTALL_CERT }} | |
INSTALL_CERT_PATH: ${{ runner.temp }}/install_certificate.p12 | |
KEYCHAINPWD: ${{ secrets.MACOS_CI_KEYCHAIN_PWD }} | |
KEYCHAINPATH: ${{ runner.temp }}/app-signing.keychain-db | |
# create and setup a temporary keychain, then decode the certificate and setup creditials for codesigning and notarization | |
run: | | |
security create-keychain -p "$KEYCHAINPWD" "$KEYCHAINPATH" | |
# lock the keychain after a 6 hour timeout | |
security set-keychain-settings -lut 21600 "$KEYCHAINPATH" | |
# prevent keychain access from prompting for password when importing our certificate | |
security unlock-keychain -p "$KEYCHAINPWD" "$KEYCHAINPATH" | |
# certificates need to be decoded before use | |
echo -n "$APP_CERT_BASE64" | base64 --decode --output $APP_CERT_PATH | |
echo -n "$INSTALL_CERT_BASE64" | base64 --decode --output $INSTALL_CERT_PATH | |
# import certificates into the temp keychain | |
security import "$APP_CERT_PATH" -P "$APP_CERT_PWD" -t cert -f pkcs12 -k "$KEYCHAINPATH" -A -T /usr/bin/codesign -T /usr/bin/security | |
security import "$INSTALL_CERT_PATH" -P "$INSTALL_CERT_PWD" -t cert -f pkcs12 -k "$KEYCHAINPATH" -A -T /usr/bin/codesign -T /usr/bin/security | |
# allow codesign to access keychain without password prompt | |
security set-key-partition-list -S apple-tool:,apple:, -k "$KEYCHAINPWD" "$KEYCHAINPATH" | |
# Update the keychain list with our newly created temp keychain | |
security list-keychains -d user -s "$KEYCHAINPATH" login.keychain | |
- name: Configure | |
shell: bash | |
run: cmake -B ${{ env.BUILD_DIR }} -G Ninja -DCMAKE_BUILD_TYPE=${{ env.BUILD_TYPE}} -DCMAKE_C_COMPILER_LAUNCHER=ccache -DCMAKE_CXX_COMPILER_LAUNCHER=ccache -DCMAKE_OSX_ARCHITECTURES="arm64;x86_64" . | |
- name: Build | |
shell: bash | |
run: cmake --build ${{ env.BUILD_DIR }} --config ${{ env.BUILD_TYPE }} --parallel 4 | |
- name: Test | |
working-directory: ${{ env.BUILD_DIR }} | |
run: ctest --output-on-failure -j4 | |
- name: Pluginval | |
working-directory: ${{ env.BUILD_DIR }} | |
shell: bash | |
run: | | |
curl -LO "https://github.com/Tracktion/pluginval/releases/download/v1.0.3/pluginval_${{ matrix.name }}.zip" | |
7z x pluginval_${{ matrix.name }}.zip | |
${{ matrix.pluginval-binary }} --strictness-level ${{ matrix.pluginval-strictness }} --verbose --validate "${{ env.VST3_PATH }}" | |
- name: Codesign (macOS) | |
working-directory: ${{ env.BUILD_DIR }} | |
if: ${{ matrix.name == 'macOS' }} | |
run: | | |
# Each plugin must be code signed | |
codesign --force -s "${{ secrets.DEVELOPER_ID_APPLICATION}}" -v ${{ env.VST3_PATH }} --deep --strict --options=runtime --timestamp | |
codesign --force -s "${{ secrets.DEVELOPER_ID_APPLICATION}}" -v ${{ env.AU_PATH }} --deep --strict --options=runtime --timestamp | |
- name: Create Installer Package (macOS) | |
if: ${{ matrix.name == 'macOS' }} | |
shell: bash | |
env: | |
INSTALLER_DIR: "${{env.SCRIPTS_DIR}}/installer_mac" | |
PRODUCT: ${{ env.PROJECT_NAME }} | |
INPUT_DIR: ${{ env.ARTIFACTS_PATH }} | |
RESOURCES_DIR: "${{env.SCRIPTS_DIR}}/installer_mac/resources" | |
OUTPUT_DIR: "${{ runner.temp }}/mac_installer_output" | |
VERSION: ${{ env.VERSION_NUMBER }} | |
SIGNING_ID: ${{ secrets.DEVELOPER_ID_INSTALLER}} | |
run: | | |
mkdir -p "$OUTPUT_DIR" | |
# creates a signed package and outputs it in a disk image, ready for notarization and staple. | |
$INSTALLER_DIR/make_installer.sh "$PRODUCT" \ | |
"$INPUT_DIR" \ | |
"$RESOURCES_DIR" \ | |
"$OUTPUT_DIR" \ | |
"$VERSION" \ | |
"$SIGNING_ID" | |
- name: Create Installer dmg (macOS) | |
if: ${{ matrix.name == 'macOS' }} | |
run: | | |
hdiutil create /tmp/tmp.dmg -ov -volname "${{ env.OUTPUT_FILENAME }}" -fs HFS+ -srcfolder "${{ runner.temp }}/mac_installer_output/" | |
hdiutil convert /tmp/tmp.dmg -format UDZO -o "${{ runner.temp }}/${{ env.OUTPUT_FILENAME }}.dmg" | |
- name: Notarize and Staple (macOS) | |
if: ${{ matrix.name == 'macOS' }} | |
run: | | |
codesign -s "${{ secrets.DEVELOPER_ID_APPLICATION}}" --timestamp -i com.ToteBagLabs.Valentine --force "${{ runner.temp }}/${{ env.OUTPUT_FILENAME }}.dmg" | |
xcrun notarytool submit "${{ runner.temp }}/${{ env.OUTPUT_FILENAME }}.dmg" --apple-id ${{ secrets.NOTARIZATION_USERNAME }} --password ${{ secrets.NOTARIZATION_PASSWORD }} --team-id ${{ secrets.TEAM_ID }} --wait | |
xcrun stapler staple "${{ runner.temp }}/${{ env.OUTPUT_FILENAME }}.dmg" | |
- name: Cleanup Keychain | |
if: ${{ matrix.name == 'macOS' }} | |
shell: bash | |
env: | |
KEYCHAINPATH: ${{ runner.temp }}/app-signing.keychain-db | |
run: | | |
security delete-keychain "$KEYCHAINPATH" | |
# default to user login keychain | |
security list-keychains -d user -s login.keychain | |
- name: Zip | |
if: ${{ matrix.name == 'Linux' }} | |
working-directory: ${{ env.ARTIFACTS_PATH }} | |
run: 7z a -tzip ${{ env.OUTPUT_FILENAME }}.zip . | |
- name: Generate Installer (Windows) # and Sign with EV cert on Azure (Windows) | |
if: ${{ matrix.name == 'Windows' }} | |
shell: bash | |
env: | |
INSTALLER_DIR: "scripts/installer_win" | |
run: | | |
iscc "$INSTALLER_DIR/installer.iss" | |
mv "$INSTALLER_DIR/Output/${{ env.OUTPUT_FILENAME }}.exe" "${{ env.ARTIFACTS_PATH }}/" | |
# dotnet tool install --global AzureSignTool | |
# AzureSignTool sign -kvu "${{ secrets.AZURE_KEY_VAULT_URI }}" -kvi "${{ secrets.AZURE_CLIENT_ID }}" -kvt "${{ secrets.AZURE_TENANT_ID }}" -kvs "${{ secrets.AZURE_CLIENT_SECRET }}" -kvc ${{ secrets.AZURE_CERT_NAME }} -tr http://timestamp.digicert.com -v "${{ env.ARTIFACTS_PATH }}/${{ env.OUTPUT_FILENA }}.exe" | |
- name: Upload Exe (Windows) | |
if: ${{ matrix.name == 'Windows' }} | |
uses: actions/upload-artifact@v3 | |
with: | |
name: ${{ env.OUTPUT_FILENAME }}.exe | |
path: '${{ env.ARTIFACTS_PATH }}/${{ env.OUTPUT_FILENAME }}.exe' | |
- name: Upload Zip (Linux) | |
if: ${{ matrix.name == 'Linux' }} | |
uses: actions/upload-artifact@v3 | |
with: | |
name: ${{ env.OUTPUT_FILENAME }}.zip | |
path: '${{ env.ARTIFACTS_PATH }}/${{ env.OUTPUT_FILENAME }}.zip' | |
- name: Upload DMG (MacOS) | |
if: ${{ matrix.name == 'macOS' }} | |
uses: actions/upload-artifact@v3 | |
with: | |
name: ${{ env.OUTPUT_FILENAME }}.dmg | |
path: ${{ runner.temp }}/${{ env.OUTPUT_FILENAME }}.dmg | |
release: | |
if: contains(github.ref, 'tags/v') | |
runs-on: ubuntu-latest | |
needs: build_and_test | |
steps: | |
- name: Get Artifacts | |
uses: actions/download-artifact@v3 | |
- name: Create Release | |
uses: softprops/action-gh-release@v0.1.15 | |
with: | |
prerelease: true | |
# download-artifact puts these files in their own dirs... | |
# Using globs sidesteps having to pass the version around | |
files: | | |
*/*.exe | |
*/*.zip | |
*/*.dmg |