release #19
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: release | |
on: | |
workflow_dispatch: | |
jobs: | |
mac: | |
runs-on: macos-latest | |
outputs: | |
version: ${{ steps.get-version.outputs.version }} | |
steps: | |
- uses: actions/checkout@v3 | |
with: | |
submodules: "recursive" | |
- uses: flucoma/actions/env@main | |
- name: Update flucoma-cli submodule | |
run: | | |
git submodule update --init --recursive --remote | |
- name: Setup Python | |
uses: actions/setup-python@v2 | |
with: | |
python-version: "3.9" | |
- name: install fd | |
run: brew install fd | |
- name: Build FluCoMa CLI | |
run: | | |
cd flucoma-cli | |
mkdir build && cd build | |
cmake -GNinja -DDOCS=ON -DFLUID_BRANCH=production -DPython_ROOT_DIR=${{ env.pythonLocation }} .. | |
pip install -r _deps/flucoma-docs-src/requirements.txt | |
ninja fluid-ampslice | |
- name: Copy binaries | |
run: | | |
mkdir -p flucoma-cli-brew | |
ls -r | |
cd bin | |
fd -t x -I -x cp {} ../flucoma-cli-brew | |
- name: Sign and notarize binaries | |
run: | | |
# create variables | |
CERTPATH=$RUNNER_TEMP/flucoma.p12 | |
KEYCHAINPWD=foobarbazbob | |
KEYCHAINPATH=$RUNNER_TEMP/app-signing.keychain-db | |
# Decode the certificate | |
echo -n "${{ secrets.CERT }}" | base64 --decode --output $CERTPATH | |
# create temporary keychain | |
security create-keychain -p "$KEYCHAINPWD" "$KEYCHAINPATH" | |
# append temp keychain to the user domain | |
security list-keychain -d user -s "$KEYCHAINPATH" | |
security set-keychain-settings "$KEYCHAINPATH" | |
security unlock-keychain -p "$KEYCHAINPWD" "$KEYCHAINPATH" | |
# import p12 to keychain | |
security import "$CERTPATH" -P "${{ secrets.CERTPWD }}" -A -t cert -f pkcs12 -k "$KEYCHAINPATH" -T /usr/bin/codesign | |
security set-key-partition-list -S apple-tool:,apple:, -s -k "$KEYCHAINPATH" -D "${{ secrets.CERT }}" -t private "$KEYCHAINPATH" | |
xcrun notarytool store-credentials "ACPASS" --apple-id ${{ secrets.APPSTORECONNECTUSERNAME }} --team-id ${{ secrets.WWDRTEAMID }} --password ${{ secrets.APPSTORECONNECTPWD }} | |
cd flucoma-cli-brew | |
# sign every binary in the binary directory | |
fd fluid- -t x -I -x codesign --options=runtime -s "Developer ID Application" {} | |
# Create a zip for notarization | |
zip -r ../flucoma-cli-brew.zip . | |
# Submit for notarization | |
xcrun notarytool submit ../flucoma-cli-brew.zip --keychain-profile "ACPASS" --wait | |
# Unzip the notarized files | |
unzip -o ../flucoma-cli-brew.zip -d . | |
# Staple the binaries | |
fd fluid- -t x -I -x xcrun stapler staple {} | |
- name: make tarball | |
run: tar -czf flucoma-cli-brew.tar.gz flucoma-cli-brew | |
- uses: actions/upload-artifact@v3 | |
with: | |
name: macbuild | |
path: flucoma-cli-brew.tar.gz | |
- id: get-version | |
run: echo "version=$(cat flucoma.version.rc)" >> $GITHUB_OUTPUT | |
working-directory: flucoma-cli/build/_deps/flucoma-core-src | |
release: | |
runs-on: ubuntu-20.04 | |
needs: [mac] | |
steps: | |
- uses: actions/download-artifact@v2 | |
with: | |
name: macbuild | |
- name: delete pre-existing release | |
uses: dev-drprasad/[email protected] | |
with: | |
delete_release: true | |
tag_name: ${{ needs.mac.outputs.version }} | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
- name: package and upload | |
uses: softprops/action-gh-release@v1 | |
with: | |
name: ${{ needs.mac.outputs.version }} | |
body: "This is a release build of the FluCoMa CLI tools for homebrew on Mac. The build hash is ${{ github.sha }}" | |
files: flucoma-cli-brew.tar.gz | |
prerelease: true | |
tag_name: ${{ needs.mac.outputs.version }} | |
target_commitish: ${{ github.sha }} | |
draft: false |