generated from sudara/pamplejuce
-
-
Notifications
You must be signed in to change notification settings - Fork 8
261 lines (220 loc) · 10.7 KB
/
cmake_ctest.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
name: Valentine
on:
workflow_dispatch: # lets you run a build from the UI
push:
# When pushing new commits, cancel any running builds on that branch
concurrency:
group: ${{ github.ref }}
cancel-in-progress: true
env:
PROJECT_NAME: Valentine
BUILD_TYPE: Release
BUILD_DIR: Builds
SCRIPTS_DIR: scripts
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
DISPLAY: :0 # linux pluginval needs this
CMAKE_BUILD_PARALLEL_LEVEL: 3 # Use up to 3 cpus to build juceaide, etc
HOMEBREW_NO_INSTALL_CLEANUP: 1
# jobs are run in paralell on different machines
# all steps run in series
jobs:
build_and_test:
name: ${{ matrix.name }}
runs-on: ${{ matrix.os }}
strategy:
fail-fast: false # show all errors for each platform (vs. cancel jobs on error)
matrix:
include:
- name: Linux
os: ubuntu-22.04
pluginval-binary: ./pluginval
pluginval-strictness: 10
- name: macOS
os: macos-12
pluginval-binary: pluginval.app/Contents/MacOS/pluginval
pluginval-strictness: 10
- name: windows
os: windows-latest
pluginval-binary: ./pluginval.exe
pluginval-strictness: 10
steps:
- name: Set up Clang
if: ${{ matrix.name != 'macOS' }}
uses: egor-tensin/setup-clang@v1.4
- name: Install JUCE's Linux Deps
if: runner.os == 'Linux'
# Thanks to McMartin & co https://forum.juce.com/t/list-of-juce-dependencies-under-linux/15121/44
run: |
sudo apt-get update && sudo apt install libasound2-dev libx11-dev libxinerama-dev libxext-dev libfreetype6-dev libwebkit2gtk-4.0-dev libglu1-mesa-dev xvfb fluxbox ninja-build
sudo /usr/bin/Xvfb $DISPLAY &
# This lets us use sscache on Windows
# We need to install ccache here for Windows to grab the right version
- name: Install Ninja (Windows)
if: runner.os == 'Windows'
shell: bash
run: choco install ninja ccache
- name: Install macOS Deps
if: ${{ matrix.name == 'macOS' }}
run: brew install ninja osxutils
- name: Checkout
uses: actions/checkout@v3.3.0
with:
submodules: true # Gotta get JUCE populated
- name: Setup Environment Variables
shell: bash
run: |
VERSION=$(cat VERSION)
echo "ARTIFACTS_PATH=${{ env.BUILD_DIR }}/${{ env.PROJECT_NAME }}_artefacts/${{ env.BUILD_TYPE }}" >> $GITHUB_ENV
echo "VST3_PATH=${{ env.PROJECT_NAME }}_artefacts/${{ env.BUILD_TYPE }}/VST3/${{ env.PROJECT_NAME }}.vst3" >> $GITHUB_ENV
echo "AU_PATH=${{ env.PROJECT_NAME }}_artefacts/${{ env.BUILD_TYPE }}/AU/${{ env.PROJECT_NAME }}.component" >> $GITHUB_ENV
echo "AUV3_PATH=${{ env.PROJECT_NAME }}_artefacts/${{ env.BUILD_TYPE }}/AUv3/${{ env.PROJECT_NAME }}.appex" >> $GITHUB_ENV
PRODUCTFILE=`echo ${{ env.PROJECT_NAME }} | tr ' ' '-' | tr '[:upper:]' '[:lower:]'`
echo "OUTPUT_FILENAME=$PRODUCTFILE-$VERSION-${{ matrix.name }}" >> $GITHUB_ENV
echo "VERSION_NUMBER=$VERSION" >> $GITHUB_ENV
- name: Ccache for gh actions
uses: hendrikmuhs/ccache-action@v1.2.8
with:
key: v2-${{ matrix.os }}-${{ matrix.type }}
- name: Setup Keychain and Import Signing Certificates
if: ${{ matrix.name == 'macOS' }}
shell: bash
env:
TEAM_ID: ${{ secrets.TEAM_ID }}
APP_SPECIFIC_PWD: ${{ secrets.NOTARIZATION_PASSWORD }}
APP_CERT_PWD: ${{ secrets.DEV_ID_APP_PASSWORD }}
APP_CERT_BASE64: ${{ secrets.DEV_ID_APP_CERT}}
APP_CERT_PATH: ${{ runner.temp }}/app_certificate.p12
INSTALL_CERT_PWD: ${{ secrets. DEV_ID_INSTALL_PASSWORD }}
INSTALL_CERT_BASE64: ${{ secrets.DEV_ID_INSTALL_CERT }}
INSTALL_CERT_PATH: ${{ runner.temp }}/install_certificate.p12
KEYCHAINPWD: ${{ secrets.MACOS_CI_KEYCHAIN_PWD }}
KEYCHAINPATH: ${{ runner.temp }}/app-signing.keychain-db
# create and setup a temporary keychain, then decode the certificate and setup creditials for codesigning and notarization
run: |
security create-keychain -p "$KEYCHAINPWD" "$KEYCHAINPATH"
# lock the keychain after a 6 hour timeout
security set-keychain-settings -lut 21600 "$KEYCHAINPATH"
# prevent keychain access from prompting for password when importing our certificate
security unlock-keychain -p "$KEYCHAINPWD" "$KEYCHAINPATH"
# certificates need to be decoded before use
echo -n "$APP_CERT_BASE64" | base64 --decode --output $APP_CERT_PATH
echo -n "$INSTALL_CERT_BASE64" | base64 --decode --output $INSTALL_CERT_PATH
# import certificates into the temp keychain
security import "$APP_CERT_PATH" -P "$APP_CERT_PWD" -t cert -f pkcs12 -k "$KEYCHAINPATH" -A -T /usr/bin/codesign -T /usr/bin/security
security import "$INSTALL_CERT_PATH" -P "$INSTALL_CERT_PWD" -t cert -f pkcs12 -k "$KEYCHAINPATH" -A -T /usr/bin/codesign -T /usr/bin/security
# allow codesign to access keychain without password prompt
security set-key-partition-list -S apple-tool:,apple:, -k "$KEYCHAINPWD" "$KEYCHAINPATH"
# Update the keychain list with our newly created temp keychain
security list-keychains -d user -s "$KEYCHAINPATH" login.keychain
- name: Configure
shell: bash
run: cmake -B ${{ env.BUILD_DIR }} -G Ninja -DCMAKE_BUILD_TYPE=${{ env.BUILD_TYPE}} -DCMAKE_C_COMPILER_LAUNCHER=ccache -DCMAKE_CXX_COMPILER_LAUNCHER=ccache -DCMAKE_OSX_ARCHITECTURES="arm64;x86_64" .
- name: Build
shell: bash
run: cmake --build ${{ env.BUILD_DIR }} --config ${{ env.BUILD_TYPE }} --parallel 4
- name: Test
working-directory: ${{ env.BUILD_DIR }}
run: ctest --output-on-failure -j4
- name: Pluginval
working-directory: ${{ env.BUILD_DIR }}
shell: bash
run: |
curl -LO "https://github.com/Tracktion/pluginval/releases/download/v1.0.3/pluginval_${{ matrix.name }}.zip"
7z x pluginval_${{ matrix.name }}.zip
${{ matrix.pluginval-binary }} --strictness-level ${{ matrix.pluginval-strictness }} --verbose --validate "${{ env.VST3_PATH }}"
- name: Codesign (macOS)
working-directory: ${{ env.BUILD_DIR }}
if: ${{ matrix.name == 'macOS' }}
run: |
# Each plugin must be code signed
codesign --force -s "${{ secrets.DEVELOPER_ID_APPLICATION}}" -v ${{ env.VST3_PATH }} --deep --strict --options=runtime --timestamp
codesign --force -s "${{ secrets.DEVELOPER_ID_APPLICATION}}" -v ${{ env.AU_PATH }} --deep --strict --options=runtime --timestamp
- name: Create Installer Package (macOS)
if: ${{ matrix.name == 'macOS' }}
shell: bash
env:
INSTALLER_DIR: "${{env.SCRIPTS_DIR}}/installer_mac"
PRODUCT: ${{ env.PROJECT_NAME }}
INPUT_DIR: ${{ env.ARTIFACTS_PATH }}
RESOURCES_DIR: "${{env.SCRIPTS_DIR}}/installer_mac/resources"
OUTPUT_DIR: "${{ runner.temp }}/mac_installer_output"
VERSION: ${{ env.VERSION_NUMBER }}
SIGNING_ID: ${{ secrets.DEVELOPER_ID_INSTALLER}}
run: |
mkdir -p "$OUTPUT_DIR"
# creates a signed package and outputs it in a disk image, ready for notarization and staple.
$INSTALLER_DIR/make_installer.sh "$PRODUCT" \
"$INPUT_DIR" \
"$RESOURCES_DIR" \
"$OUTPUT_DIR" \
"$VERSION" \
"$SIGNING_ID"
- name: Create Installer dmg (macOS)
if: ${{ matrix.name == 'macOS' }}
run: |
hdiutil create /tmp/tmp.dmg -ov -volname "${{ env.OUTPUT_FILENAME }}" -fs HFS+ -srcfolder "${{ runner.temp }}/mac_installer_output/"
hdiutil convert /tmp/tmp.dmg -format UDZO -o "${{ runner.temp }}/${{ env.OUTPUT_FILENAME }}.dmg"
- name: Notarize and Staple (macOS)
if: ${{ matrix.name == 'macOS' }}
run: |
codesign -s "${{ secrets.DEVELOPER_ID_APPLICATION}}" --timestamp -i com.ToteBagLabs.Valentine --force "${{ runner.temp }}/${{ env.OUTPUT_FILENAME }}.dmg"
xcrun notarytool submit "${{ runner.temp }}/${{ env.OUTPUT_FILENAME }}.dmg" --apple-id ${{ secrets.NOTARIZATION_USERNAME }} --password ${{ secrets.NOTARIZATION_PASSWORD }} --team-id ${{ secrets.TEAM_ID }} --wait
xcrun stapler staple "${{ runner.temp }}/${{ env.OUTPUT_FILENAME }}.dmg"
- name: Cleanup Keychain
if: ${{ matrix.name == 'macOS' }}
shell: bash
env:
KEYCHAINPATH: ${{ runner.temp }}/app-signing.keychain-db
run: |
security delete-keychain "$KEYCHAINPATH"
# default to user login keychain
security list-keychains -d user -s login.keychain
- name: Zip
if: ${{ matrix.name == 'Linux' }}
working-directory: ${{ env.ARTIFACTS_PATH }}
run: 7z a -tzip ${{ env.OUTPUT_FILENAME }}.zip .
- name: Generate Installer (Windows) # and Sign with EV cert on Azure (Windows)
if: ${{ matrix.name == 'Windows' }}
shell: bash
env:
INSTALLER_DIR: "scripts/installer_win"
run: |
iscc "$INSTALLER_DIR/installer.iss"
mv "$INSTALLER_DIR/Output/${{ env.OUTPUT_FILENAME }}.exe" "${{ env.ARTIFACTS_PATH }}/"
# dotnet tool install --global AzureSignTool
# AzureSignTool sign -kvu "${{ secrets.AZURE_KEY_VAULT_URI }}" -kvi "${{ secrets.AZURE_CLIENT_ID }}" -kvt "${{ secrets.AZURE_TENANT_ID }}" -kvs "${{ secrets.AZURE_CLIENT_SECRET }}" -kvc ${{ secrets.AZURE_CERT_NAME }} -tr http://timestamp.digicert.com -v "${{ env.ARTIFACTS_PATH }}/${{ env.OUTPUT_FILENA }}.exe"
- name: Upload Exe (Windows)
if: ${{ matrix.name == 'Windows' }}
uses: actions/upload-artifact@v3
with:
name: ${{ env.OUTPUT_FILENAME }}.exe
path: '${{ env.ARTIFACTS_PATH }}/${{ env.OUTPUT_FILENAME }}.exe'
- name: Upload Zip (Linux)
if: ${{ matrix.name == 'Linux' }}
uses: actions/upload-artifact@v3
with:
name: ${{ env.OUTPUT_FILENAME }}.zip
path: '${{ env.ARTIFACTS_PATH }}/${{ env.OUTPUT_FILENAME }}.zip'
- name: Upload DMG (MacOS)
if: ${{ matrix.name == 'macOS' }}
uses: actions/upload-artifact@v3
with:
name: ${{ env.OUTPUT_FILENAME }}.dmg
path: ${{ runner.temp }}/${{ env.OUTPUT_FILENAME }}.dmg
release:
if: contains(github.ref, 'tags/v')
runs-on: ubuntu-latest
needs: build_and_test
steps:
- name: Get Artifacts
uses: actions/download-artifact@v3
- name: Create Release
uses: softprops/action-gh-release@v0.1.15
with:
prerelease: true
# download-artifact puts these files in their own dirs...
# Using globs sidesteps having to pass the version around
files: |
*/*.exe
*/*.zip
*/*.dmg