forked from shader-slang/slang
-
Notifications
You must be signed in to change notification settings - Fork 1
130 lines (122 loc) · 5.63 KB
/
release-macos.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
on:
push:
# Sequence of patterns matched against refs/tags
tags:
- 'v*' # Push events to matching v*, i.e. v1.0, v20.15.10
name: MacOS Release
jobs:
build_with_signing:
name: Upload Release Asset
runs-on: macos-latest
strategy:
matrix:
configuration: ['release'] # 'debug'
compiler: ['clang']
platform: ['x64']
targetPlatform: ['x64', 'aarch64']
steps:
- name: Checkout code
uses: actions/checkout@v3
with:
submodules: 'true'
fetch-depth: '0'
- name: Build release project
id: build
run: |
echo "starting to build..."
export CC=${{matrix.compiler}}
export CONFIGURATION=${{matrix.configuration}}
export ARCH=${{matrix.platform}}
export TARGETARCH=${{matrix.targetPlatform}}
echo "building..."
source ./github_macos_build.sh
- name: "Import signing certificate"
env:
BUILD_CERTIFICATE_BASE64: ${{ secrets.BUILD_CERTIFICATE_BASE64 }}
P12_PASSWORD: ${{ secrets.P12_PASSWORD }}
KEYCHAIN_PASSWORD: ${{ secrets.KEYCHAIN_PASSWORD }}
run: |
# create variables
CERTIFICATE_PATH=$RUNNER_TEMP/build_certificate.p12
KEYCHAIN_PATH=$RUNNER_TEMP/app-signing.keychain-db
# import certificate and provisioning profile from secrets
echo -n "$BUILD_CERTIFICATE_BASE64" | base64 --decode --output $CERTIFICATE_PATH
# create temporary keychain
security create-keychain -p "$KEYCHAIN_PASSWORD" $KEYCHAIN_PATH
security set-keychain-settings -lut 21600 $KEYCHAIN_PATH
security unlock-keychain -p "$KEYCHAIN_PASSWORD" $KEYCHAIN_PATH
# import certificate to keychain
security import $CERTIFICATE_PATH -P "$P12_PASSWORD" -A -t cert -f pkcs12 -k $KEYCHAIN_PATH
security list-keychain -d user -s $KEYCHAIN_PATH
security set-key-partition-list -S apple-tool:,apple:,codesign: -s -k ${KEYCHAIN_PASSWORD} $KEYCHAIN_PATH
- name: Install nortarize tools
run: |
brew install Bearer/tap/gon
security find-identity -v
brew install coreutils
- name: Sign binaries
env:
IDENTITY_ID: d6ada82a113e4204aaad914e1013e9548ffd30d0
run: |
/usr/bin/codesign --force --options runtime -s ${IDENTITY_ID} ./bin/macosx-${{matrix.targetPlatform}}/release/libslang.dylib -v
/usr/bin/codesign --force --options runtime -s ${IDENTITY_ID} ./bin/macosx-${{matrix.targetPlatform}}/release/libslang-glslang.dylib -v
/usr/bin/codesign --force --options runtime -s ${IDENTITY_ID} ./bin/macosx-${{matrix.targetPlatform}}/release/libgfx.dylib -v
/usr/bin/codesign --force --options runtime -s ${IDENTITY_ID} ./bin/macosx-${{matrix.targetPlatform}}/release/slangd -v
/usr/bin/codesign --force --options runtime -s ${IDENTITY_ID} ./bin/macosx-${{matrix.targetPlatform}}/release/slangc -v
- name: Package
id: package
run: |
export SLANG_OS_NAME=macos
export SLANG_ARCH_NAME=${{matrix.targetPlatform}}
export TAG_NAME=`git describe --tags`
export SLANG_TAG=${TAG_NAME#v}
echo "tag:$TAG_NAME"
echo "slang-tag:$SLANG_TAG"
export SLANG_BINARY_ARCHIVE=slang-${SLANG_TAG}-${SLANG_OS_NAME}-${SLANG_ARCH_NAME}.zip
echo "creating zip"
7z a ${SLANG_BINARY_ARCHIVE} slang.h
7z a ${SLANG_BINARY_ARCHIVE} slang-com-helper.h
7z a ${SLANG_BINARY_ARCHIVE} slang-com-ptr.h
7z a ${SLANG_BINARY_ARCHIVE} slang-tag-version.h
7z a ${SLANG_BINARY_ARCHIVE} slang-gfx.h
7z a ${SLANG_BINARY_ARCHIVE} prelude/*.h
7z a ${SLANG_BINARY_ARCHIVE} bin/*/*/libslang.dylib
7z a ${SLANG_BINARY_ARCHIVE} bin/*/*/libslang-glslang.dylib
7z a ${SLANG_BINARY_ARCHIVE} bin/*/*/libgfx.dylib
7z a ${SLANG_BINARY_ARCHIVE} bin/*/*/slangc
7z a ${SLANG_BINARY_ARCHIVE} bin/*/*/slangd
7z a ${SLANG_BINARY_ARCHIVE} docs/*.md
echo "SLANG_BINARY_ARCHIVE=${SLANG_BINARY_ARCHIVE}" >> $GITHUB_OUTPUT
- name: UploadBinary
uses: softprops/action-gh-release@v1
with:
files: |
${{ steps.package.outputs.SLANG_BINARY_ARCHIVE }}
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- name: Notarize
env:
AC_PASSWORD: ${{secrets.APPLE_ID_PASSWORD}}
AC_PROVIDER: ${{secrets.APPLE_ID_PPOVIDER}}
AC_USERNAME: ${{secrets.APPLE_ID_USERNAME}}
run: |
cp ./bin/macosx-${{matrix.targetPlatform}}/release/libslang.dylib libslang.dylib
cp ./bin/macosx-${{matrix.targetPlatform}}/release/libslang-glslang.dylib libslang-glslang.dylib
cp ./bin/macosx-${{matrix.targetPlatform}}/release/libslang.dylib libgfx.dylib
cp ./bin/macosx-${{matrix.targetPlatform}}/release/slangd slangd
cp ./bin/macosx-${{matrix.targetPlatform}}/release/slangc slangc
7z a slang-macos-dist.zip libslang.dylib
7z a slang-macos-dist.zip libslang-glslang.dylib
7z a slang-macos-dist.zip libgfx.dylib
7z a slang-macos-dist.zip slangd
7z a slang-macos-dist.zip slangc
cp slang-macos-dist.zip slang-macos-dist-${{matrix.targetPlatform}}.zip
timeout 1000 gon ./extras/macos-notarize.json
- name: UploadNotarizedBinary
if: always()
uses: softprops/action-gh-release@v1
with:
files: |
slang-macos-dist-${{matrix.targetPlatform}}.zip
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}