Keep only macos arm build #7
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Build | |
| true: | |
| pull_request: null | |
| push: null | |
| permissions: | |
| contents: read | |
| jobs: | |
| build: | |
| container: ${{ matrix.container }} | |
| env: | |
| APPLE_CODESIGN_IDENTITY: 2C2B5D3EDCE82BA55E22E9A67F16F8D03E390870 | |
| MACOS_CODESIGN_CERTIFICATE_PASSWORD: ${{ secrets.MACOS_CODESIGN_CERTIFICATE_PASSWORD | |
| }} | |
| MACOS_CODESIGN_OPENSSL_PASSWORD: ${{ secrets.MACOS_CODESIGN_OPENSSL_PASSWORD | |
| }} | |
| SCCACHE_VERSION: 0.3.0 | |
| name: ${{ matrix.name }} | |
| outputs: | |
| artifact-macos-macosarm: ${{ steps.prepare_deploy.outputs.artifact-macos-macosarm | |
| }} | |
| artifact-macos-macosintel: ${{ steps.prepare_deploy.outputs.artifact-macos-macosintel | |
| }} | |
| artifact-windows-win64: ${{ steps.prepare_deploy.outputs.artifact-windows-win64 | |
| }} | |
| runs-on: ${{ matrix.os }} | |
| steps: | |
| - id: sccache-build-cache | |
| if: runner.os == 'Windows' | |
| name: '[Windows] Set up Cargo cache' | |
| uses: actions/cache@v3 | |
| with: | |
| key: sccache-${{ env.SCCACHE_VERSION }} | |
| path: C:\Users\runneradmin\.cargo | |
| - if: runner.os == 'Windows' && steps.sccache-build-cache.outputs.cache-hit != | |
| 'true' | |
| name: '[Windows] Build and install sccache' | |
| run: cargo install --version "${{ env.SCCACHE_VERSION }}" sccache | |
| shell: bash | |
| - name: Check out repository | |
| uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: 0 | |
| - if: matrix.container != null | |
| name: '[Arch Linux] Workaround for the ''unsafe repository'' issue caused by | |
| CVE-2022-24765' | |
| run: git config --global --add safe.directory "$GITHUB_WORKSPACE" | |
| - name: Ensure that all tags are fetched | |
| run: git fetch origin --force --tags | |
| - if: runner.os == 'macOS' | |
| name: '[macOS] Set up cmake' | |
| uses: jwlawson/[email protected] | |
| with: | |
| cmake-version: 3.21.x | |
| - if: runner.os == 'Windows' | |
| name: '[Windows] Set up MSVC Developer Command Prompt' | |
| uses: seanmiddleditch/gha-setup-vsdevenv@v4 | |
| - if: runner.os == 'macOS' | |
| name: '[macOS] install ccache and make' | |
| run: 'brew install ccache ninja | |
| ' | |
| - id: buildenv_name | |
| if: runner.os != 'Linux' | |
| name: '[macOS/Windows] Get build environment name' | |
| run: ${{ matrix.buildenv_script }} name | |
| - if: runner.os != 'Linux' | |
| name: '[macOS/Windows] Set up build environment cache' | |
| uses: actions/cache@v3 | |
| with: | |
| key: ${{ runner.os }}-buildenv-${{ env.BUILDENV_NAME }} | |
| path: ${{ matrix.buildenv_basepath }} | |
| - id: apple_codesign | |
| if: runner.os == 'macOS' && env.MACOS_CODESIGN_OPENSSL_PASSWORD != null && env.MACOS_CODESIGN_CERTIFICATE_PASSWORD | |
| != null | |
| name: '[macOS] Import Apple code signing identity' | |
| run: "# Decrypt the certificate\nopenssl enc -aes-256-cbc -d -md sha512 \\\n\ | |
| \ -k \"${MACOS_CODESIGN_OPENSSL_PASSWORD}\" \\\n -in /Users/runner/work/mixxx/mixxx/packaging/certificates/macos_developer_id_codesign_certificate.p12.enc\ | |
| \ \\\n -out ~/certificate.p12\n\n# Create a temporary keychain for the certificate\ | |
| \ and import it.\nsecurity create-keychain -p mixxx Mixxx.keychain\nsecurity\ | |
| \ unlock-keychain -p mixxx Mixxx.keychain\nsecurity import ~/certificate.p12\ | |
| \ -k Mixxx.keychain \\\n -P \"${MACOS_CODESIGN_CERTIFICATE_PASSWORD}\" -A\n\ | |
| security set-key-partition-list -S \"apple-tool:,apple:\" -k mixxx Mixxx.keychain\n\ | |
| # Add keychain to search list\nsecurity list-keychains -s Mixxx.keychain\n\ | |
| # Prevent keychain access from timing out\nsecurity set-keychain-settings\ | |
| \ Mixxx.keychain\necho \"CMAKE_ARGS_EXTRA=${CMAKE_ARGS_EXTRA} -DAPPLE_CODESIGN_IDENTITY=${APPLE_CODESIGN_IDENTITY}\"\ | |
| \ >> \"${GITHUB_ENV}\"\n" | |
| - env: | |
| WINDOWS_CODESIGN_CERTIFICATE_PASSWORD: ${{ secrets.WINDOWS_CODESIGN_CERTIFICATE_PASSWORD | |
| }} | |
| WINDOWS_CODESIGN_CERTIFICATE_PATH: ${{ github.workspace }}\packaging\certificates\windows_sectigo_codesign_certificate.pfx | |
| WINDOWS_CODESIGN_SECURE_FILE_SALT: ${{ secrets.WINDOWS_CODESIGN_SECURE_FILE_SALT | |
| }} | |
| WINDOWS_CODESIGN_SECURE_FILE_SECRET: ${{ secrets.WINDOWS_CODESIGN_SECURE_FILE_SECRET | |
| }} | |
| if: runner.os == 'Windows' && env.WINDOWS_CODESIGN_SECURE_FILE_SALT != null | |
| && env.WINDOWS_CODESIGN_SECURE_FILE_SECRET != null | |
| name: '[Windows] Set up Windows code signing' | |
| run: 'iex ((New-Object Net.WebClient).DownloadString(''https://raw.githubusercontent.com/appveyor/secure-file/master/install.ps1'')) | |
| appveyor-tools/secure-file -decrypt "$Env:WINDOWS_CODESIGN_CERTIFICATE_PATH.enc" | |
| -secret "$Env:WINDOWS_CODESIGN_SECURE_FILE_SECRET" -salt "$Env:WINDOWS_CODESIGN_SECURE_FILE_SALT" | |
| Add-Content -Path "$Env:GITHUB_ENV" -Value "WINDOWS_CODESIGN_CERTIFICATE_PATH=$Env:WINDOWS_CODESIGN_CERTIFICATE_PATH" | |
| Add-Content -Path "$Env:GITHUB_ENV" -Value "WINDOWS_CODESIGN_CERTIFICATE_PASSWORD=$Env:WINDOWS_CODESIGN_CERTIFICATE_PASSWORD" | |
| Add-Content -Path "$Env:GITHUB_ENV" -Value "CMAKE_ARGS_EXTRA=-DWINDOWS_CODESIGN=ON" | |
| ' | |
| - env: | |
| BUILDENV_BASEPATH: ${{ matrix.buildenv_basepath }} | |
| id: buildenv | |
| if: matrix.buildenv_script != null | |
| name: Set up build environment | |
| run: ${{ matrix.buildenv_script }} setup | |
| - if: runner.os != 'windows' | |
| name: '[Ubuntu/macOS] Set compiler cache size limit' | |
| run: ${{ matrix.compiler_cache }} -M 524288 | |
| - name: Set up compiler cache | |
| uses: actions/cache@v3 | |
| with: | |
| key: ${{ matrix.os }}-${{ matrix.compiler_cache }}-${{ github.head_ref }}-${{ | |
| github.run_number }} | |
| path: ${{ matrix.compiler_cache_path }} | |
| restore-keys: '${{ matrix.os }}-${{ matrix.compiler_cache }}-${{ github.head_ref | |
| }} | |
| ${{ matrix.os }}-${{ matrix.compiler_cache }} | |
| ' | |
| - name: Create build directory | |
| run: mkdir build | |
| - env: | |
| CC: ${{ matrix.cc }} | |
| CXX: ${{ matrix.cxx }} | |
| name: Configure | |
| run: cmake ${{ matrix.cmake_args }} ${{ env.CMAKE_ARGS_EXTRA }} -DCMAKE_BUILD_TYPE=RelWithDebInfo | |
| -DCMAKE_PREFIX_PATH="${{ env.CMAKE_PREFIX_PATH }}" -DWARNINGS_FATAL=ON -DDEBUG_ASSERTIONS_FATAL=OFF | |
| -DBATTERY=ON -DBROADCAST=ON -DDOWNLOAD_MANUAL=ON -DHID=ON -DKEYFINDER=ON -DLILV=ON | |
| -DOPUS=ON -DQTKEYCHAIN=ON -DVINYLCONTROL=ON -DCMAKE_VERBOSE_MAKEFILE=OFF -L | |
| .. | |
| working-directory: build | |
| - if: runner.os != 'Windows' | |
| name: '[Ubuntu/macOS] Set up gcc/clang problem matcher' | |
| uses: ammaraskar/gcc-problem-matcher@master | |
| - if: runner.os == 'Windows' | |
| name: '[Windows] Set up MSVC problem matcher' | |
| uses: ammaraskar/msvc-problem-matcher@master | |
| - env: | |
| CC: ${{ matrix.cc }} | |
| CCACHE_NOCOMPRESS: true | |
| CMAKE_BUILD_PARALLEL_LEVEL: 2 | |
| CXX: ${{ matrix.cxx }} | |
| SCCACHE_CACHE_SIZE: 2G | |
| name: Build | |
| run: cmake --build . --config RelWithDebInfo | |
| working-directory: build | |
| - name: Print compiler cache stats | |
| run: ${{ matrix.compiler_cache }} -s | |
| - env: | |
| CTEST_OUTPUT_ON_FAILURE: 1 | |
| CTEST_PARALLEL_LEVEL: 1 | |
| GTEST_COLOR: 1 | |
| QT_QPA_PLATFORM: ${{ matrix.qt_qpa_platform }} | |
| if: matrix.crosscompile != true | |
| name: Test | |
| run: ctest --timeout 45 ${{ matrix.ctest_args }} | |
| working-directory: build | |
| - env: | |
| QT_QPA_PLATFORM: ${{ matrix.qt_qpa_platform }} | |
| if: matrix.crosscompile != true | |
| name: Benchmark | |
| run: cmake --build . --target mixxx-benchmark --config RelWithDebInfo | |
| working-directory: build | |
| - if: matrix.cpack_generator != null | |
| name: Package | |
| run: cpack -G ${{ matrix.cpack_generator }} -V | |
| working-directory: build | |
| - env: | |
| RRYAN_AT_MIXXX_DOT_ORG_GPG_PRIVATE_KEY: ${{ secrets.RRYAN_AT_MIXXX_DOT_ORG_GPG_PRIVATE_KEY | |
| }} | |
| if: startsWith(matrix.os, 'ubuntu') && env.RRYAN_AT_MIXXX_DOT_ORG_GPG_PRIVATE_KEY | |
| != null | |
| name: '[Ubuntu] Import PPA GPG key' | |
| run: gpg --import <(echo "${{ secrets.RRYAN_AT_MIXXX_DOT_ORG_GPG_PRIVATE_KEY | |
| }}") | |
| - if: matrix.name == 'Ubuntu 22.04 (gcc)' | |
| name: Package for PPA | |
| run: "if [[ \"${{ github.ref }}\" == \"refs/heads/main\" ]] && [[ \"${{ github.repository\ | |
| \ }}\" == \"mixxxdj/mixxx\" ]]; then\n CPACK_ARGS=\"-D DEB_UPLOAD_PPA=ppa:mixxx/nightlies\"\ | |
| \nelif [[ \"${{ github.ref }}\" == \"refs/heads/2.4\" ]] && [[ \"${{ github.repository\ | |
| \ }}\" == \"mixxxdj/mixxx\" ]]; then\n CPACK_ARGS=\"-D DEB_UPLOAD_PPA=ppa:mixxx/mixxxbetas\"\ | |
| \nelif [[ \"${{ github.ref }}\" =~ ^refs/tags/[0-9]+\\.[0-9]+\\.[0-9]+$ ]]\ | |
| \ && [[ \"${{ github.repository }}\" == \"mixxxdj/mixxx\" ]]; then\n CPACK_ARGS=\"\ | |
| -D DEB_UPLOAD_PPA=ppa:mixxx/mixxx\"\nelse\n # only build the source DEB,\ | |
| \ do not upload\n CPACK_ARGS=\"-D DEB_SOURCEPKG=ON\"\nfi\ncpack -G External\ | |
| \ $CPACK_ARGS\n" | |
| working-directory: build | |
| - env: | |
| APPLE_APP_SPECIFIC_PASSWORD: ${{ secrets.MACOS_NOTARIZATION_APP_SPECIFIC_PASSWORD | |
| }} | |
| APPLE_BUNDLE_ID: org.mixxx.mixxx | |
| APPLE_ID_USERNAME: [email protected] | |
| ASC_PROVIDER: FLYL4D545V | |
| if: runner.os == 'macOS' && env.MACOS_CODESIGN_OPENSSL_PASSWORD != null && env.MACOS_CODESIGN_CERTIFICATE_PASSWORD | |
| != null && env.APPLE_APP_SPECIFIC_PASSWORD != null | |
| name: '[macOS] Sign, Notarize, and Staple Package' | |
| run: packaging/macos/sign_notarize_staple.sh build/*.dmg | |
| - if: runner.os == 'Windows' && env.WINDOWS_CODESIGN_CERTIFICATE_PATH != null | |
| && env.WINDOWS_CODESIGN_CERTIFICATE_PASSWORD != null | |
| name: '[Windows] Sign Package' | |
| run: signtool sign /tr http://timestamp.sectigo.com /td sha256 /fd sha256 /f | |
| $Env:WINDOWS_CODESIGN_CERTIFICATE_PATH /p $Env:WINDOWS_CODESIGN_CERTIFICATE_PASSWORD | |
| *.msi | |
| working-directory: build | |
| - id: prepare_deploy | |
| if: github.event_name == 'push' && matrix.artifacts_path != null | |
| name: Prepare for deployment | |
| run: "if [[ \"${GITHUB_REF}\" =~ ^refs/tags/.* ]]; then\n export DEPLOY_PATH='releases/{git_describe}/mixxx-{git_describe}-{package_slug}{ext}';\n\ | |
| else\n export DEPLOY_PATH='snapshots/{git_branch}/mixxx-{git_describe}-{package_slug}{ext}';\n\ | |
| fi; python3 tools/deploy.py prepare-deployment --slug '${{ matrix.artifacts_slug\ | |
| \ }}' --output-dir 'deploy/' --dest-path \"${DEPLOY_PATH}\" --dest-url 'https://downloads.mixxx.org'\ | |
| \ ${{ matrix.artifacts_path }}\n" | |
| shell: bash | |
| - env: | |
| SSH_PRIVATE_KEY: ${{ secrets.DOWNLOADS_HOSTGATOR_DOT_MIXXX_DOT_ORG_KEY }} | |
| if: runner.os == 'Windows' && github.event_name == 'push' && env.SSH_PRIVATE_KEY | |
| != null | |
| name: '[Windows] Install rsync and openssh' | |
| run: '$Env:PATH="c:\msys64\usr\bin;$Env:PATH" | |
| pacman -S --noconfirm coreutils bash rsync openssh | |
| # Unfortunately, mixing executables from msys64 and mingw (i.e. Git | |
| # Bash) does not work properly and leads to errors like these: | |
| # | |
| # 0 [main] python3 (5248) C:\msys64\usr\bin\python3.exe: *** fatal error | |
| - cygheap base mismatch detected - 0x180347408/0x180352408. | |
| # | |
| # Even when prepending the MSYS2 binary directory to %PATH%, GitHub | |
| # Actions will still pick the Git Bash executable over the MSYS2 one | |
| # when using `shell: bash`. Since it''s not feasible to set `shell` to | |
| # an absolute path in a cross-platform build workflow, we overwrite the | |
| # git bash executable with the MSYS2 one. | |
| # | |
| # Also see related issue: | |
| # https://github.com/actions/virtual-environments/issues/594 | |
| Copy-Item -Path "C:\msys64\usr\bin\bash.exe" -Destination "C:\Program Files\Git\bin\bash.exe" | |
| -Force | |
| # By default, MSYS2 uses an | |
| # /etc/profile file that changes | |
| # the current working directory | |
| # when bash is started. We don''t | |
| # want this behavior,so we just | |
| # delete it. | |
| Remove-Item -Path "C:\msys64\etc\profile" | |
| # Add MSYS2''s tools to %PATH%. | |
| Add-Content -Path "$Env:GITHUB_ENV" -Value "PATH=$Env:PATH" | |
| ' | |
| - env: | |
| SSH_AUTH_SOCK: /tmp/ssh_agent.sock | |
| SSH_HOST: downloads-hostgator.mixxx.org | |
| SSH_PRIVATE_KEY: ${{ secrets.DOWNLOADS_HOSTGATOR_DOT_MIXXX_DOT_ORG_KEY }} | |
| if: github.event_name == 'push' && env.SSH_PRIVATE_KEY != null | |
| name: Set up SSH Agent | |
| run: 'ssh-agent -a $SSH_AUTH_SOCK > /dev/null | |
| ssh-add - <<< "${SSH_PRIVATE_KEY}" | |
| mkdir -p "${HOME}/.ssh" | |
| ssh-keyscan "${SSH_HOST}" >> "${HOME}/.ssh/known_hosts" | |
| echo "SSH_AUTH_SOCK=${SSH_AUTH_SOCK}" >> "${GITHUB_ENV}" | |
| ' | |
| shell: bash | |
| - env: | |
| DESTDIR: public_html/downloads | |
| SSH_HOST: downloads-hostgator.mixxx.org | |
| SSH_USER: mixxx | |
| if: runner.os != 'Linux' && github.event_name == 'push' && env.SSH_AUTH_SOCK | |
| != null | |
| name: '[macOS/Windows] Upload build to downloads.mixxx.org' | |
| run: rsync --verbose --recursive --checksum --times --delay-updates "deploy/" | |
| "${SSH_USER}@${SSH_HOST}:${DESTDIR}/" | |
| shell: bash --login -eo pipefail "{0}" | |
| - if: runner.os == 'Windows' | |
| name: Use system tar & zstd from Chocolatey for caching | |
| run: 'echo "C:/Windows/System32;C:/ProgramData/Chocolatey/bin" >> $GITHUB_PATH | |
| ' | |
| shell: bash | |
| - if: matrix.artifacts_path != null | |
| name: Upload GitHub Actions artifacts | |
| uses: actions/[email protected] | |
| with: | |
| name: ${{ matrix.artifacts_name }} | |
| path: ${{ matrix.artifacts_path }} | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| include: | |
| - artifacts_name: macOS ARM DMG | |
| artifacts_path: build/*.dmg | |
| artifacts_slug: macos-macosarm | |
| buildenv_basepath: /Users/runner/buildenv | |
| buildenv_script: tools/macos_arm64-cross-release_buildenv.sh | |
| cmake_args: -DBULK=ON -DCOREAUDIO=ON -DHSS1394=ON -DMACOS_BUNDLE=ON -DMODPLUG=ON | |
| -DQT6=ON -DWAVPACK=ON -DVCPKG_TARGET_TRIPLET=arm64-osx-min1100 -DVCPKG_DEFAULT_HOST_TRIPLET=x64-osx-min1015 | |
| compiler_cache: ccache | |
| compiler_cache_path: /Users/runner/Library/Caches/ccache | |
| cpack_generator: DragNDrop | |
| crosscompile: true | |
| name: macOS 11 arm64 | |
| os: macos-11 | |
| qt_qpa_platform: offscreen | |
| update_manifest: | |
| name: Update manifest file on download server | |
| needs: build | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Check out repository | |
| uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: 0 | |
| - name: Ensure that all tags are fetched | |
| run: git fetch origin --force --tags | |
| - env: | |
| JOB_DATA: ${{ toJSON(needs.build) }} | |
| SSH_PASSWORD: ${{ secrets.DOWNLOADS_HOSTGATOR_DOT_MIXXX_DOT_ORG_KEY_PASSWORD | |
| }} | |
| if: github.event_name == 'push' && env.SSH_PASSWORD != null | |
| name: Collect Artifacts Metadata & Write Manifest | |
| run: "if [[ \"${GITHUB_REF}\" =~ ^refs/tags/.* ]]; then\n export DEPLOY_PATH='releases/{git_describe}/manifest.json';\n\ | |
| else\n export DEPLOY_PATH='snapshots/{git_branch}/manifest.json';\nfi; python3\ | |
| \ tools/deploy.py generate-manifest --output-dir 'deploy/' --dest-path \"\ | |
| ${DEPLOY_PATH}\" --dest-url 'https://downloads.mixxx.org'\n" | |
| - env: | |
| SSH_AUTH_SOCK: /tmp/ssh_agent.sock | |
| SSH_HOST: downloads-hostgator.mixxx.org | |
| SSH_PRIVATE_KEY: ${{ secrets.DOWNLOADS_HOSTGATOR_DOT_MIXXX_DOT_ORG_KEY }} | |
| if: github.event_name == 'push' && env.SSH_PRIVATE_KEY != null && env.MANIFEST_DIRTY | |
| != null && env.MANIFEST_DIRTY != '0' | |
| name: Set up SSH Agent | |
| run: 'ssh-agent -a $SSH_AUTH_SOCK > /dev/null | |
| ssh-add - <<< "${SSH_PRIVATE_KEY}" | |
| mkdir -p "${HOME}/.ssh" | |
| ssh-keyscan "${SSH_HOST}" >> "${HOME}/.ssh/known_hosts" | |
| echo "SSH_AUTH_SOCK=${SSH_AUTH_SOCK}" >> "${GITHUB_ENV}" | |
| ' | |
| shell: bash | |
| - env: | |
| DESTDIR: public_html/downloads | |
| SSH_HOST: downloads-hostgator.mixxx.org | |
| SSH_USER: mixxx | |
| if: github.event_name == 'push' && env.SSH_AUTH_SOCK != null | |
| name: Deploy Manifest | |
| run: rsync --verbose --recursive --checksum --times --delay-updates "deploy/" | |
| "${SSH_USER}@${SSH_HOST}:${DESTDIR}/" | |
| shell: bash | |
| - env: | |
| NETLIFY_BUILD_HOOK: ${{ secrets.NETLIFY_BUILD_HOOK }} | |
| if: env.NETLIFY_BUILD_HOOK != null && env.MANIFEST_DIRTY != null && env.MANIFEST_DIRTY | |
| != '0' | |
| name: Trigger Netlify build | |
| run: curl -X POST -d '{}' ${{ env.NETLIFY_BUILD_HOOK }} |