Release #123
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Release | |
on: | |
workflow_dispatch: | |
# When pushing new commits, cancel any running builds on that branch | |
concurrency: | |
group: ${{ github.ref }} | |
cancel-in-progress: true | |
env: | |
BUILD_TYPE: Release | |
BUILD_DIR: Builds | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
DISPLAY: :0 # linux pluginval needs this | |
HOMEBREW_NO_INSTALL_CLEANUP: 1 | |
IPP_DIR: C:\Program Files (x86)\Intel\oneAPI\ipp\latest\lib\cmake\ipp | |
# jobs are run in paralell on different machines | |
# all steps run in series | |
jobs: | |
build_and_test: | |
name: ${{ matrix.name }} | |
runs-on: ${{ matrix.os }} | |
strategy: | |
fail-fast: false # show all errors for each platform (vs. cancel jobs on error) | |
matrix: | |
include: | |
- name: Linux | |
os: ubuntu-22.04 | |
pluginval-binary: ./pluginval | |
boost_platform_version: "22.04" | |
boost_toolset: "gcc" | |
plugin_os_format: "VST3;LV2;Standalone" | |
juce_branch: "juce7" | |
app_suffix: "" | |
cmake_extra_flags: -DCMAKE_C_COMPILER=clang-17 -DCMAKE_CXX_COMPILER=clang++-17 | |
- name: macOS | |
os: macos-15 | |
pluginval-binary: pluginval.app/Contents/MacOS/pluginval | |
boost_platform_version: "11" | |
boost_toolset: "clang" | |
plugin_os_format: "VST3;AU;Standalone" | |
juce_branch: "main" | |
app_suffix: ".app" | |
cmake_extra_flags: -DCMAKE_OSX_ARCHITECTURES="arm64;x86_64" | |
- name: Windows | |
os: windows-latest | |
pluginval-binary: ./pluginval.exe | |
boost_platform_version: "2022" | |
boost_toolset: "msvc" | |
plugin_os_format: "VST3;LV2;Standalone" | |
juce_branch: "main" | |
app_suffix: ".exe" | |
- name: Windows-Software | |
os: windows-latest | |
pluginval-binary: ./pluginval.exe | |
boost_platform_version: "2022" | |
boost_toolset: "msvc" | |
plugin_os_format: "VST3;LV2;Standalone" | |
juce_branch: "juce7" | |
app_suffix: ".exe" | |
cmake_extra_flags: -DCMAKE_C_COMPILER=clang -DCMAKE_CXX_COMPILER=clang++ | |
steps: | |
- name: Set up Clang (Linux) | |
if: runner.os == 'Linux' | |
run: | | |
wget https://apt.llvm.org/llvm.sh | |
chmod +x ./llvm.sh | |
sudo ./llvm.sh 17 | |
# This also starts up our "fake" display Xvfb, needed for pluginval | |
- name: Install JUCE's Linux Deps | |
if: runner.os == 'Linux' | |
# Thanks to McMartin & co https://forum.juce.com/t/list-of-juce-dependencies-under-linux/15121/44 | |
run: | | |
sudo apt-get update && sudo apt install libasound2-dev libx11-dev libxinerama-dev libxext-dev libfreetype-dev libfontconfig1-dev libwebkit2gtk-4.1-dev libglu1-mesa-dev xvfb ninja-build | |
sudo /usr/bin/Xvfb $DISPLAY & | |
- name: Set up Clang (Windows) | |
if: runner.os == 'Windows' | |
uses: KyleMayes/install-llvm-action@v2 | |
with: | |
version: "17.0.6" | |
- name: Cache IPP (Windows) | |
if: runner.os == 'Windows' | |
id: cache-ipp | |
uses: actions/cache@v4 | |
with: | |
key: ipp-v5 | |
path: C:\Program Files (x86)\Intel | |
- name: Install IPP (Windows) | |
if: (runner.os == 'Windows') && (steps.cache-ipp.outputs.cache-hit != 'true') | |
shell: bash | |
run: | | |
curl --output oneapi.exe https://registrationcenter-download.intel.com/akdlm/IRC_NAS/b4adec02-353b-4144-aa21-f2087040f316/w_ipp_oneapi_p_2021.11.0.533_offline.exe | |
./oneapi.exe -s -x -f oneapi | |
./oneapi/bootstrapper.exe -s -c --action install --components=intel.oneapi.win.ipp.devel --eula=accept -p=NEED_VS2022_INTEGRATION=1 --log-dir=. | |
- name: Save IPP cache (even on CI fail) | |
if: runner.os == 'Windows' && (steps.cache-ipp.outputs.cache-hit != 'true') | |
uses: actions/cache/save@v4 | |
with: | |
path: C:\Program Files (x86)\Intel | |
key: ipp-v5 | |
- name: Install Ninja (Windows) | |
if: runner.os == 'Windows' | |
shell: bash | |
run: choco install ninja | |
- name: Install macOS Deps | |
if: ${{ runner.os == 'macOS' }} | |
run: brew install ninja osxutils | |
# This block can be removed once 15.1 is default (JUCE requires it when building on macOS 14) | |
- name: Use latest Xcode on system (macOS) | |
if: ${{ runner.os == 'macOS' }} | |
uses: maxim-lobanov/setup-xcode@v1 | |
with: | |
xcode-version: latest-stable | |
- name: Checkout code | |
uses: actions/checkout@v4 | |
with: | |
submodules: recursive | |
fetch-depth: 0 | |
- name: Import Certificates (macOS) | |
uses: apple-actions/import-codesign-certs@v3 # only exists as a tag right now | |
if: ${{ (runner.os == 'macOS') && (env.p12-file-base64 != '') }} | |
with: | |
p12-file-base64: ${{ secrets.DEV_ID_APP_CERT }} | |
p12-password: ${{ secrets.DEV_ID_APP_PASSWORD }} | |
env: | |
p12-file-base64: ${{ secrets.DEV_ID_APP_CERT }} | |
- name: Configure | |
shell: bash | |
run: cmake -B ${{ env.BUILD_DIR }} -G Ninja -DCMAKE_BUILD_TYPE=${{ env.BUILD_TYPE}} ${{ matrix.cmake_extra_flags }} . | |
env: | |
PLUGIN_OS_FORMAT: ${{ matrix.plugin_os_format }} | |
JUCE_BRANCH: ${{ matrix.juce_branch }} | |
- name: Build | |
shell: bash | |
run: cmake --build ${{ env.BUILD_DIR }} --config ${{ env.BUILD_TYPE }} --parallel 4 | |
- name: Test | |
working-directory: ${{ env.BUILD_DIR }} | |
run: ctest --output-on-failure -j4 -VV | |
- name: Read in .env from CMake # see GitHubENV.cmake | |
shell: bash | |
run: | | |
cat .env # show us the config | |
cat .env >> $GITHUB_ENV # pull in our PRODUCT_NAME, etc | |
- name: Set up custom git config | |
run: git config --global http.postBuffer 1048576000 | |
- name: Download AAX pre-release repo | |
if: ${{ (runner.os != 'Linux') && (matrix.juce_branch != 'juce7') }} | |
uses: actions/checkout@v4 | |
with: | |
repository: "ZL-Audio/ZLEqualizerAAX" | |
path: "aax_releases" | |
ssh-key: ${{ secrets.AAX_RELEASE_DEPLOY_KEY }} | |
- name: Set additional env vars for next steps | |
shell: bash | |
run: | | |
ARTIFACTS_PATH=${{ env.BUILD_DIR }}/${{ env.PROJECT_NAME }}_artefacts/${{ env.BUILD_TYPE }} | |
echo "ARTIFACTS_PATH=$ARTIFACTS_PATH" >> $GITHUB_ENV | |
echo "VST3_PATH=$ARTIFACTS_PATH/VST3/${{ env.PRODUCT_NAME }}.vst3" >> $GITHUB_ENV | |
echo "AU_PATH=$ARTIFACTS_PATH/AU/${{ env.PRODUCT_NAME }}.component" >> $GITHUB_ENV | |
echo "LV2_PATH=$ARTIFACTS_PATH/LV2/${{ env.PRODUCT_NAME }}.lv2" >> $GITHUB_ENV | |
echo "AAX_PATH=aax_releases/${{ matrix.name }}/${{ env.PRODUCT_NAME }}.aaxplugin" >> $GITHUB_ENV | |
echo "Standalone_PATH=$ARTIFACTS_PATH/Standalone/${{ env.PRODUCT_NAME }}${{ matrix.app_suffix }}" >> $GITHUB_ENV | |
echo "ARTIFACT_NAME=${{ env.PRODUCT_NAME }}-${{ env.VERSION }}-${{ matrix.name }}" >> $GITHUB_ENV | |
- name: Pluginval setup | |
shell: bash | |
run: | | |
curl -LO "https://github.com/Tracktion/pluginval/releases/download/v1.0.3/pluginval_${{ runner.os }}.zip" | |
7z x pluginval_${{ runner.os }}.zip | |
echo "PLUGINVAL_DISABLED=Plugin state restoration" >> $GITHUB_ENV | |
- name: Setup Pluginval random seed | |
uses: josStorer/get-current-time@v2 | |
id: current-time | |
with: | |
format: YYYYMMDD | |
- name: Pluginval VST3 validations | |
shell: bash | |
run: | | |
${{ matrix.pluginval-binary }} --verbose --validate "${{ env.VST3_PATH }}" --disabled-tests "${{ env.PLUGINVAL_DISABLED }}" | |
env: | |
STRICTNESS_LEVEL: 10 | |
TIMEOUT_MS: 1440000 | |
REPEAT: 1 | |
RANDOM_SEED: "${{ steps.current-time.outputs.formattedTime }}" | |
- name: Codesign and Create Individual Packages (macOS) | |
if: ${{ runner.os == 'macOS' }} | |
run: | | |
python3 -u packaging/packager_macOS.py | |
env: | |
DEVELOPER_ID_APPLICATION: ${{ secrets.DEVELOPER_ID_APPLICATION }} | |
- name: Sign Final Package (macOS) | |
if: ${{ (runner.os == 'macOS') && (env.APPLE_INSTALLER_DEV != '') }} | |
run: productsign --sign "${{ secrets.APPLE_INSTALLER_DEV }}" "${{ env.ARTIFACT_NAME }}_unsigned.pkg" "${{ env.ARTIFACT_NAME }}.pkg" | |
env: | |
APPLE_INSTALLER_DEV: ${{ secrets.APPLE_INSTALLER_DEV }} | |
- name: Rename Final Package (macOS) | |
if: ${{ (runner.os == 'macOS') && (env.APPLE_INSTALLER_DEV == '') }} | |
run: mv "${{ env.ARTIFACT_NAME }}_unsigned.pkg" "${{ env.ARTIFACT_NAME }}.pkg" | |
env: | |
APPLE_INSTALLER_DEV: ${{ secrets.APPLE_INSTALLER_DEV }} | |
- name: Notarize and Staple PKG (macOS) | |
if: ${{ (runner.os == 'macOS') && (env.NOTARIZATION_USERNAME != '')}} | |
run: | | |
xcrun notarytool submit "${{ env.ARTIFACT_NAME }}.pkg" --apple-id ${{ secrets.NOTARIZATION_USERNAME }} --password ${{ secrets.NOTARIZATION_PASSWORD }} --team-id ${{ secrets.TEAM_ID }} --wait | |
xcrun stapler staple "${{ env.ARTIFACT_NAME }}.pkg" | |
env: | |
NOTARIZATION_USERNAME: ${{ secrets.NOTARIZATION_USERNAME }} | |
- name: Create DMG (macOS) | |
if: ${{ runner.os == 'macOS' }} | |
run: | | |
mkdir "${{ env.ARTIFACTS_PATH }}/dmgtmp" | |
mv "${{ env.ARTIFACT_NAME }}.pkg" "${{ env.ARTIFACTS_PATH }}/dmgtmp" | |
hdiutil create "${{ env.ARTIFACTS_PATH }}/tmp.dmg" -ov -volname "${{ env.ARTIFACT_NAME }}" -fs HFS+ -srcfolder "${{ env.ARTIFACTS_PATH }}/dmgtmp" | |
hdiutil convert "${{ env.ARTIFACTS_PATH }}/tmp.dmg" -format UDZO -o "${{ env.ARTIFACT_NAME }}.dmg" | |
- name: Upload DMG (macOS) | |
if: ${{ runner.os == 'macOS' }} | |
uses: actions/upload-artifact@v4 | |
with: | |
name: ${{ env.ARTIFACT_NAME }}.dmg | |
path: "${{ env.ARTIFACT_NAME }}.dmg" | |
- name: Generate InnoScript (Windows) | |
if: ${{ runner.os == 'Windows' }} | |
shell: bash | |
run: | | |
python3 -u packaging/packager_Windows.py | |
cat "packaging\installer.iss" | |
- name: Generate Installer (Windows) | |
if: ${{ runner.os == 'Windows' }} | |
shell: bash | |
run: | | |
iscc "packaging\installer.iss" | |
mv "packaging/Output/${{ env.ARTIFACT_NAME }}.exe" "${{ env.ARTIFACTS_PATH }}/" | |
- name: Upload Exe (Windows) | |
if: ${{ runner.os == 'Windows' }} | |
uses: actions/upload-artifact@v4 | |
with: | |
name: ${{ env.ARTIFACT_NAME }}.exe | |
path: "${{ env.ARTIFACTS_PATH }}/${{ env.ARTIFACT_NAME }}.exe" | |
- name: Generate Zip (Linux) | |
if: ${{ runner.os == 'Linux' }} | |
working-directory: ${{ env.ARTIFACTS_PATH }} | |
run: 7z a -tzip "${{ env.ARTIFACT_NAME }}.zip" "-xr!lib${{ env.PRODUCT_NAME }}_SharedCode.a" . | |
- name: Upload Zip (Linux) | |
if: ${{ runner.os == 'Linux' }} | |
uses: actions/upload-artifact@v4 | |
with: | |
name: ${{ env.ARTIFACT_NAME }}.zip | |
path: "${{ env.ARTIFACTS_PATH }}/${{ env.ARTIFACT_NAME }}.zip" | |
release: | |
if: contains(github.ref, 'tags/') | |
runs-on: ubuntu-latest | |
needs: build_and_test | |
permissions: | |
contents: write | |
id-token: write | |
attestations: write | |
steps: | |
- name: Get Artifacts | |
uses: actions/download-artifact@v4 | |
- name: Generate Signed Build Provenance Attestations | |
uses: actions/attest-build-provenance@v1 | |
with: | |
subject-path: | | |
*/*.exe | |
*/*.zip | |
*/*.dmg | |
- name: Create Release | |
uses: softprops/action-gh-release@v2 | |
with: | |
prerelease: true | |
# download-artifact puts these files in their own dirs... | |
# Using globs sidesteps having to pass the version around | |
files: | | |
*/*.exe | |
*/*.zip | |
*/*.dmg |