From 6295c5db87d28a82ff62458847a3864b02332ce6 Mon Sep 17 00:00:00 2001 From: Pavel Kulik Date: Thu, 14 Nov 2024 14:51:03 -0800 Subject: [PATCH] Update workflows --- .github/workflows/linux.yml | 75 ++++++++++++++++--------------- .github/workflows/mac.yml | 84 ++++++++++++++++++++++++++++++----- .github/workflows/windows.yml | 43 ++++++++++-------- 3 files changed, 137 insertions(+), 65 deletions(-) diff --git a/.github/workflows/linux.yml b/.github/workflows/linux.yml index a75d511..c5d5d06 100644 --- a/.github/workflows/linux.yml +++ b/.github/workflows/linux.yml @@ -13,38 +13,43 @@ jobs: os: [ubuntu-20.04] steps: - - uses: actions/checkout@v3 - - name: setup - run: | - sudo apt update - cd ../.. - git clone https://github.com/open-ephys/plugin-GUI.git --branch main - sudo ./plugin-GUI/Resources/Scripts/install_linux_dependencies.sh - cd plugin-GUI/Build && cmake -G "Unix Makefiles" -DCMAKE_BUILD_TYPE=Release .. - - name: build - run: | - conda env list - cd Build - cmake -G "Unix Makefiles" -DCMAKE_BUILD_TYPE=Release .. - make - # - name: test - # run: cd build && ctest - - name: package - env: - build_dir: "Build" - package: MeanSpikeRate-linux - run: | - plugin_api=$(grep -rnw ../../plugin-GUI/Source -e '#define PLUGIN_API_VER' | grep -Eo "[0-9]*" | tail -1) - tag=$(grep -w Source/OpenEphysLib.cpp -e 'info->libVersion' | grep -Eo "[0-9]+.[0-9]+.[0-9]+") - new_plugin_ver=$tag-API$plugin_api - mkdir plugins - cp -r $build_dir/*.so plugins - zipfile=${package}_${new_plugin_ver}.zip - echo "zipfile=${zipfile}" >> $GITHUB_ENV - zip -r -X $zipfile plugins - - name: deploy - if: github.ref == 'refs/heads/main' - env: - artifactoryApiKey: ${{ secrets.artifactoryApiKey }} - run: | - curl -H "X-JFrog-Art-Api:$artifactoryApiKey" -T ${{ env.zipfile }} "https://openephys.jfrog.io/artifactory/MeanSpikeRate-plugin/linux/${{ env.zipfile }}" \ No newline at end of file + - uses: actions/checkout@v4 + - name: set env vars + run: | + if [ ${{github.ref_name}} == 'juce8' ]; then + echo "GUI_BRANCH=development-juce8" >> "$GITHUB_ENV" + elif [ ${{github.ref_name}} == 'testing-juce8' ]; then + echo "GUI_BRANCH=testing-juce8" >> "$GITHUB_ENV" + else + echo "Invalid branch : ${{github.ref_name}}" + exit 1 + fi + - name: setup + run: | + sudo apt update + cd ../.. + git clone https://github.com/open-ephys/plugin-GUI.git --branch $GUI_BRANCH + sudo ./plugin-GUI/Resources/Scripts/install_linux_dependencies.sh + cd plugin-GUI/Build && cmake -G "Unix Makefiles" -DCMAKE_BUILD_TYPE=Release .. + - name: build + run: | + cd Build + cmake -G "Unix Makefiles" -DCMAKE_BUILD_TYPE=Release .. + make +# - name: test +# run: cd build && ctest + - name: deploy + if: github.ref == 'refs/heads/testing-juce8' + env: + artifactoryApiKey: ${{ secrets.artifactoryApiKey }} + build_dir: "Build" + package: MeanSpikeRate-linux + run: | + plugin_api=$(grep -rnw ../../plugin-GUI/Source -e '#define PLUGIN_API_VER' | grep -Eo "[0-9]*" | tail -1) + tag=$(grep -w Source/OpenEphysLib.cpp -e 'info->libVersion' | grep -Eo "[0-9]+.[0-9]+.[0-9]+") + new_plugin_ver=$tag-API$plugin_api + mkdir plugins + cp -r $build_dir/*.so plugins + zipfile=${package}_${new_plugin_ver}.zip + zip -r -X $zipfile plugins + curl -H "X-JFrog-Art-Api:$artifactoryApiKey" -T $zipfile "https://openephys.jfrog.io/artifactory/MeanSpikeRate-plugin/linux/$zipfile" diff --git a/.github/workflows/mac.yml b/.github/workflows/mac.yml index ec1b715..6fe63e3 100644 --- a/.github/workflows/mac.yml +++ b/.github/workflows/mac.yml @@ -13,12 +13,25 @@ jobs: os: [macos-latest] steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@v4 + - name: set env vars + run: | + if [ ${{github.ref_name}} == 'juce8' ]; then + echo "GUI_BRANCH=development-juce8" >> "$GITHUB_ENV" + elif [ ${{github.ref_name}} == 'testing-juce8' ]; then + echo "GUI_BRANCH=testing-juce8" >> "$GITHUB_ENV" + else + echo "Invalid branch : ${{github.ref_name}}" + exit 1 + fi - name: setup run: | cd ../.. - git clone https://github.com/open-ephys/plugin-GUI.git --branch main + git clone https://github.com/open-ephys/plugin-GUI.git --branch $GUI_BRANCH cd plugin-GUI/Build && cmake -G "Xcode" .. + - uses: maxim-lobanov/setup-xcode@v1 + with: + xcode-version: latest-stable - name: build run: | cd Build @@ -26,22 +39,71 @@ jobs: xcodebuild -configuration Release # - name: test # run: cd build && ctest - - name: package + - name: codesign_deploy + if: github.ref == 'refs/heads/testing-juce8' env: + artifactoryApiKey: ${{ secrets.artifactoryApiKey }} + MACOS_CERTIFICATE: ${{ secrets.BUILD_CERTIFICATE_BASE64 }} + MACOS_CERTIFICATE_PWD: ${{ secrets.BUILD_CERTIFICATE_PWD }} + MACOS_CERTIFICATE_NAME: ${{ secrets.BUILD_CERTIFICATE_NAME }} + MACOS_CI_KEYCHAIN_PWD: ${{ secrets.PROD_MACOS_CI_KEYCHAIN_PWD }} + PROD_MACOS_NOTARIZATION_APPLE_ID: ${{ secrets.PROD_MACOS_NOTARIZATION_APPLE_ID }} + PROD_MACOS_NOTARIZATION_TEAM_ID: ${{ secrets.PROD_MACOS_NOTARIZATION_TEAM_ID }} + PROD_MACOS_NOTARIZATION_PWD: ${{ secrets.PROD_MACOS_NOTARIZATION_PWD }} build_dir: "Build/Release" package: MeanSpikeRate-mac run: | plugin_api=$(grep -rnw ../../plugin-GUI/Source -e '#define PLUGIN_API_VER' | grep -Eo "[0-9]" | tail -1) tag=$(grep -w Source/OpenEphysLib.cpp -e 'info->libVersion' | grep -Eo "[0-9]+.[0-9]+.[0-9]+") new_plugin_ver=$tag-API$plugin_api + mkdir plugins cp -r $build_dir/*.bundle plugins + + # Turn our base64-encoded certificate back to a regular .p12 file + echo $MACOS_CERTIFICATE | base64 --decode > certificate.p12 + + # We need to create a new keychain, otherwise using the certificate will prompt + # with a UI dialog asking for the certificate password, which we can't + # use in a headless CI environment + security create-keychain -p $MACOS_CI_KEYCHAIN_PWD build.keychain + security default-keychain -s build.keychain + security unlock-keychain -p $MACOS_CI_KEYCHAIN_PWD build.keychain + security import certificate.p12 -k build.keychain -P $MACOS_CERTIFICATE_PWD -T /usr/bin/codesign + security set-key-partition-list -S apple-tool:,apple:,codesign: -s -k $MACOS_CI_KEYCHAIN_PWD build.keychain + /usr/bin/codesign --force -s "$MACOS_CERTIFICATE_NAME" -v plugins/mean-spike-rate.bundle --deep --strict --timestamp --options=runtime + + /usr/bin/codesign -dv --verbose=4 plugins/mean-spike-rate.bundle + + # Store the notarization credentials so that we can prevent a UI password dialog from blocking the CI + + echo "Create keychain profile" + xcrun notarytool store-credentials "notarytool-profile" --apple-id "$PROD_MACOS_NOTARIZATION_APPLE_ID" --team-id "$PROD_MACOS_NOTARIZATION_TEAM_ID" --password "$PROD_MACOS_NOTARIZATION_PWD" + + # We can't notarize an app bundle directly, but we need to compress it as an archive. + # Therefore, we create a zip file containing our app bundle, so that we can send it to the + # notarization service + + echo "Creating temp notarization archive" + /usr/bin/ditto -c -k --sequesterRsrc --keepParent plugins/mean-spike-rate.bundle mean-spike-rate.zip + + # Here we send the notarization request to the Apple's Notarization service, waiting for the result. + # This typically takes a few seconds inside a CI environment, but it might take more depending on the App + # characteristics. Visit the Notarization docs for more information and strategies on how to optimize it if + # you're curious + + echo "Notarize app" + xcrun notarytool submit "mean-spike-rate.zip" --keychain-profile "notarytool-profile" --wait + + # Finally, we need to "attach the staple" to our executable, which will allow our app to be + # validated by macOS even when an internet connection is not available. + echo "Attach staple" + rm -r plugins/* + /usr/bin/ditto -x -k mean-spike-rate.zip plugins + xcrun stapler staple plugins/mean-spike-rate.bundle + + spctl -vvv --assess --type exec plugins/mean-spike-rate.bundle + zipfile=${package}_${new_plugin_ver}.zip - echo "zipfile=${zipfile}" >> $GITHUB_ENV - zip -r -X $zipfile plugins - - name: deploy - if: github.ref == 'refs/heads/main' - env: - artifactoryApiKey: ${{ secrets.artifactoryApiKey }} - run: | - curl -H "X-JFrog-Art-Api:$artifactoryApiKey" -T ${{ env.zipfile }} "https://openephys.jfrog.io/artifactory/MeanSpikeRate-plugin/mac/${{ env.zipfile }}" \ No newline at end of file + /usr/bin/ditto -c -k --sequesterRsrc --keepParent plugins $zipfile + curl -H "X-JFrog-Art-Api:$artifactoryApiKey" -T $zipfile "https://openephys.jfrog.io/artifactory/MeanSpikeRate-plugin/mac/$zipfile" diff --git a/.github/workflows/windows.yml b/.github/workflows/windows.yml index 60e68af..30fdd59 100644 --- a/.github/workflows/windows.yml +++ b/.github/workflows/windows.yml @@ -10,30 +10,40 @@ jobs: runs-on: ${{ matrix.os }} strategy: matrix: - os: [windows-2019] + os: [windows-latest] steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@v4 + - name: set env vars + run: | + if [ ${{github.ref_name}} == 'juce8' ]; then + echo "GUI_BRANCH=development-juce8" >> "$GITHUB_ENV" + echo "GUI_LIB_VERSION=v1.0.0-dev" >> "$GITHUB_ENV" + elif [ ${{github.ref_name}} == 'testing-juce8' ]; then + echo "GUI_BRANCH=testing-juce8" >> "$GITHUB_ENV" + echo "GUI_LIB_VERSION=v1.0.0-alpha" >> "$GITHUB_ENV" + else + echo "Invalid branch : ${{github.ref_name}}" + exit 1 + fi + shell: bash - name: setup - env: - repo: open-ephys-gui - package: "open-ephys-lib" run: | cd ../.. - git clone https://github.com/open-ephys/plugin-GUI.git --branch main + git clone https://github.com/open-ephys/plugin-GUI.git --branch $GUI_BRANCH cd plugin-GUI/Build - cmake -G "Visual Studio 16 2019" -A x64 .. + cmake -G "Visual Studio 17 2022" -A x64 .. mkdir Release && cd Release - curl -L https://openephysgui.jfrog.io/artifactory/Libraries/open-ephys-lib-v0.6.0.zip --output open-ephys-lib.zip + curl -L https://openephysgui.jfrog.io/artifactory/Libraries/open-ephys-lib-$GUI_LIB_VERSION.zip --output open-ephys-lib.zip unzip open-ephys-lib.zip shell: bash - name: configure run: | cd Build - cmake -G "Visual Studio 16 2019" -A x64 .. + cmake -G "Visual Studio 17 2022" -A x64 .. shell: bash - name: Add msbuild to PATH - uses: microsoft/setup-msbuild@v1.1 + uses: microsoft/setup-msbuild@v2 - name: build-plugin run: | cd Build @@ -42,8 +52,10 @@ jobs: # TODO: Perform some basic testing before publishing... # - name: test # run: cd build && ctest - - name: package + - name: deploy + if: github.ref == 'refs/heads/testing-juce8' env: + artifactoryApiKey: ${{ secrets.artifactoryApiKey }} build_dir: "Build/Release" package: MeanSpikeRate-windows run: | @@ -53,13 +65,6 @@ jobs: mkdir plugins cp $build_dir/*.dll plugins zipfile=${package}_${new_plugin_ver}.zip - echo "zipfile=${zipfile}" >> $GITHUB_ENV powershell Compress-Archive -Path "plugins" -DestinationPath ${zipfile} - shell: bash - - name: deploy - if: github.ref == 'refs/heads/main' - env: - artifactoryApiKey: ${{ secrets.artifactoryApiKey }} - run: | - curl -H "X-JFrog-Art-Api:$artifactoryApiKey" -T ${{ env.zipfile }} "https://openephys.jfrog.io/artifactory/MeanSpikeRate-plugin/windows/${{ env.zipfile }}" + curl -H "X-JFrog-Art-Api:$artifactoryApiKey" -T $zipfile "https://openephys.jfrog.io/artifactory/MeanSpikeRate-plugin/windows/$zipfile" shell: bash \ No newline at end of file