build Ubuntu and Debian deb packages in CI #149

Workflow file for this run

	# Modified from (GPL):
	# https://github.com/travisgoodspeed/maskromtool/blob/master/.github/workflows/build.yml

	name: Build app

	on:
	push:
	branches:
	- '**'
	tags:
	- '*'
	paths-ignore:
	- '**.md'

	permissions:
	contents: write
	id-token: write
	attestations: write

	jobs:
	build-windows:
	name: Build (Windows)
	if: \|
	startsWith(github.ref, 'refs/tags/') \|\|
	!startsWith(github.event.head_commit.message, 'release')
	runs-on: windows-latest
	steps:
	- uses: actions/checkout@v4
	- uses: AllanChain/[email protected]
	- uses: ilammy/msvc-dev-cmd@v1

	- name: Build Project
	run: \|
	mkdir build
	cd build
	qt-cmake -DCMAKE_BUILD_TYPE=MinSizeRel ..
	cmake --build . --parallel --config Release

	- name: Packing
	run: \|
	mkdir release
	mv build\Release\sane-break.exe .
	7z a release/sane-break-windows.zip sane-break.exe LICENSE

	- name: Attestation
	uses: actions/attest-build-provenance@v2
	with:
	subject-path: ./release/*

	- name: Create Artifact
	uses: actions/upload-artifact@v4
	with:
	name: "sane-break (windows)"
	path: ./release/*

	build-macos:
	name: Build (macOS)
	if: \|
	startsWith(github.ref, 'refs/tags/') \|\|
	!startsWith(github.event.head_commit.message, 'release')
	runs-on: macos-15
	steps:
	- uses: actions/checkout@v4
	- uses: AllanChain/[email protected]

	- name: Build Project
	run: \|
	mkdir build
	cd build
	qt-cmake -DCMAKE_BUILD_TYPE=MinSizeRel -DCMAKE_OSX_ARCHITECTURES="x86_64;arm64" ..
	cmake --build . --parallel

	# https://federicoterzi.com/blog/automatic-code-signing-and-notarization-for-macos-apps-using-github-actions/
	- name: Codesign app
	if: startsWith(github.ref, 'refs/tags/') \|\| github.ref == 'refs/heads/main'
	env:
	MACOS_CERTIFICATE: ${{ secrets.PROD_MACOS_CERTIFICATE }}
	MACOS_CERTIFICATE_PWD: ${{ secrets.PROD_MACOS_CERTIFICATE_PWD }}
	MACOS_CERTIFICATE_NAME: ${{ secrets.PROD_MACOS_CERTIFICATE_NAME }}
	MACOS_CI_KEYCHAIN_PWD: ${{ secrets.PROD_MACOS_CI_KEYCHAIN_PWD }}
	run: \|
	echo $MACOS_CERTIFICATE \| base64 --decode > certificate.p12
	security create-keychain -p "$MACOS_CI_KEYCHAIN_PWD" build.keychain
	security default-keychain -s build.keychain
	security unlock-keychain -p "$MACOS_CI_KEYCHAIN_PWD" build.keychain
	security import certificate.p12 -k build.keychain -P "$MACOS_CERTIFICATE_PWD" -T /usr/bin/codesign
	security set-key-partition-list -S apple-tool:,apple:,codesign: -s -k "$MACOS_CI_KEYCHAIN_PWD" build.keychain

	/usr/bin/codesign --force -s "$MACOS_CERTIFICATE_NAME" --options runtime "build/sane-break.app" -v

	- name: Notarize app
	if: startsWith(github.ref, 'refs/tags/') \|\| github.ref == 'refs/heads/main'
	env:
	PROD_MACOS_NOTARIZATION_APPLE_ID: ${{ secrets.PROD_MACOS_NOTARIZATION_APPLE_ID }}
	PROD_MACOS_NOTARIZATION_TEAM_ID: ${{ secrets.PROD_MACOS_NOTARIZATION_TEAM_ID }}
	PROD_MACOS_NOTARIZATION_PWD: ${{ secrets.PROD_MACOS_NOTARIZATION_PWD }}
	run: \|
	echo "Create keychain profile"
	xcrun notarytool store-credentials "notarytool-profile" --apple-id "$PROD_MACOS_NOTARIZATION_APPLE_ID" --team-id "$PROD_MACOS_NOTARIZATION_TEAM_ID" --password "$PROD_MACOS_NOTARIZATION_PWD"

	echo "Creating temp notarization archive"
	ditto -c -k --keepParent "build/sane-break.app" "notarization.zip"

	echo "Notarize app"
	xcrun notarytool submit "notarization.zip" --keychain-profile "notarytool-profile" --wait

	echo "Attach staple"
	xcrun stapler staple "build/sane-break.app"

	- name: Packing
	run: \|
	mv build/sane-break.app "build/Sane Break.app"
	mkdir release
	brew install create-dmg
	create-dmg \
	--volname "Sane Break" \
	--hide-extension "Sane Break.app" \
	--window-size 600 450 \
	--icon-size 94 \
	--icon "Sane Break" 141 249 \
	--app-drop-link 458 249 \
	--eula LICENSE \
	"release/sane-break-macos.dmg" \
	"build/Sane Break.app"

	- name: Attestation
	uses: actions/attest-build-provenance@v2
	with:
	subject-path: ./release/*

	- name: Create Artifact
	uses: actions/upload-artifact@v4
	with:
	name: "sane-break (macOS)"
	path: ./release/*

	build-deb:
	name: Build (${{ matrix.distro }})
	if: \|
	startsWith(github.ref, 'refs/tags/') \|\|
	!startsWith(github.event.head_commit.message, 'release')
	strategy:
	fail-fast: false # continue other jobs if one failed
	matrix:
	distro: [ubuntu, debian]
	include:
	- distro: debian
	tag: trixie
	- distro: ubuntu
	tag: oracular
	runs-on: ubuntu-latest
	container:
	image: ${{ matrix.distro }}:${{ matrix.tag }}
	steps:
	- name: Checkout code
	uses: actions/checkout@v4

	- name: Install dependencies
	run: \|
	apt-get update
	apt-get install -y nodejs g++ cmake qt6-base-dev qt6-multimedia-dev qt6-wayland-dev

	- name: Install additional dependencies
	if: matrix.tag == 'trixie'
	run: apt-get install -y layer-shell-qt

	- name: Build Project
	run: \|
	mkdir build
	cd build
	cmake -DCMAKE_BUILD_TYPE=MinSizeRel -DSANE_MAKE_DEB=1 ..
	cmake --build . --parallel

	- name: Packing
	run: \|
	mkdir release
	cd build
	cpack
	mv sane-break.deb ../release/sane-break-${{ matrix.distro }}.deb

	- name: Attestation
	uses: actions/attest-build-provenance@v2
	with:
	subject-path: ./release/*

	- name: Create Artifact
	uses: actions/upload-artifact@v4
	with:
	name: "sane-break (${{ matrix.distro }})"
	path: ./release/*

	release:
	runs-on: ubuntu-latest
	needs: [build-macos, build-windows, build-deb]
	if: startsWith(github.ref, 'refs/tags/')
	steps:
	- uses: actions/checkout@v4
	with:
	fetch-depth: 0
	- uses: actions/download-artifact@v4
	with:
	path: release
	merge-multiple: true
	- uses: softprops/action-gh-release@v2
	with:
	files: release/*

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

build Ubuntu and Debian deb packages in CI #149

Workflow file

build Ubuntu and Debian deb packages in CI #149

Jobs

Run details

Workflow file for this run