Try importing in a different way and add extra checks #107
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Build | |
| on: | |
| push: | |
| branches: | |
| - main | |
| - develop | |
| workflow_dispatch: | |
| jobs: | |
| build-linux: | |
| name: Build Linux | |
| runs-on: ubuntu-24.04 | |
| steps: | |
| - name: Fix up git URLs | |
| run: echo -e '[url "https://github.com/"]\n insteadOf = "[email protected]:"' >> ~/.gitconfig | |
| shell: bash | |
| - uses: actions/checkout@v1 | |
| with: | |
| token: ${{ secrets.ACCESS_TOKEN }} | |
| submodules: true | |
| - name: "Run script" | |
| run: | | |
| export OS="linux" | |
| source ./ci/setup-env.sh | |
| source ./ci/test.sh | |
| source ./ci/build.sh | |
| shell: bash | |
| - name: Upload Artifact | |
| uses: actions/upload-artifact@v3 | |
| with: | |
| name: Binaries | |
| path: bin | |
| retention-days: 7 | |
| build-macos: | |
| name: Build macOS | |
| runs-on: macos-latest | |
| steps: | |
| - name: Fix up git URLs | |
| run: echo -e '[url "https://github.com/"]\n insteadOf = "[email protected]:"' >> ~/.gitconfig | |
| shell: bash | |
| - uses: actions/checkout@v1 | |
| with: | |
| token: ${{ secrets.ACCESS_TOKEN }} | |
| submodules: true | |
| - uses: maxim-lobanov/setup-xcode@v1 | |
| with: | |
| xcode-version: latest | |
| - name: Import application certificates | |
| id: import-certificates | |
| if: startsWith(matrix.os, 'mac') | |
| uses: apple-actions/import-codesign-certs@v2 | |
| with: | |
| keychain: oscirender | |
| keychain-password: ${{ secrets.APPLE_KEYCHAIN_PASSWORD }} | |
| p12-file-base64: ${{ secrets.APPLE_APPLICATION_CERTIFICATE }} | |
| p12-password: ${{ secrets.APPLE_APPLICATION_CERTIFICATE_PASSWORD }} | |
| - name: Import installer certificates | |
| id: import-installer-certificates | |
| if: startsWith(matrix.os, 'mac') | |
| uses: apple-actions/import-codesign-certs@v2 | |
| with: | |
| keychain: oscirender | |
| keychain-password: ${{ secrets.APPLE_KEYCHAIN_PASSWORD }} | |
| p12-file-base64: ${{ secrets.APPLE_INSTALLER_CERTIFICATE }} | |
| p12-password: ${{ secrets.APPLE_INSTALLER_CERTIFICATE_PASSWORD }} | |
| create-keychain: false | |
| - name: "Run script" | |
| run: | | |
| export OS="mac" | |
| source ./ci/setup-env.sh | |
| source ./ci/test.sh | |
| source ./ci/build.sh | |
| shell: bash | |
| - name: Codesign AU plugin | |
| working-directory: ${{ github.workspace }}/ci/bin | |
| run: | | |
| codesign -vvv --force -s "${{ secrets.APPLE_DEVELOPER_ID_APPLICATION }}" osci-render.component --timestamp --deep --strict --options=runtime | |
| codesign -vvv --deep --strict osci-render.component | |
| - name: Codesign VST3 plugin | |
| working-directory: ${{ github.workspace }}/ci/bin | |
| run: | | |
| codesign -vvv --force -s "${{ secrets.APPLE_DEVELOPER_ID_APPLICATION }}" osci-render.vst3 --timestamp --deep --strict --options=runtime | |
| codesign -vvv --deep --strict osci-render.vst3 | |
| - name: Codesign Standalone app | |
| working-directory: ${{ github.workspace }}/ci/bin | |
| run: | | |
| codesign -vvv --force -s "${{ secrets.APPLE_DEVELOPER_ID_APPLICATION }}" osci-render.app --timestamp --deep --strict --options=runtime | |
| codesign -vvv --deep --strict osci-render.app | |
| - name: Download Packages installer build tool | |
| run: wget http://s.sudre.free.fr/files/Packages_1211_dev.dmg | |
| - name: Mount Packages image | |
| run: hdiutil attach Packages_1211_dev.dmg | |
| - name: Install Packages | |
| run: sudo installer -pkg /Volumes/Packages\ 1.2.11/Install\ Packages.pkg -target / | |
| - name: Build installer | |
| run: packagesbuild --project "${{ github.workspace }}/packaging/osci-render.pkgproj" | |
| - name: Sign installer | |
| run: | | |
| productsign -s "${{ secrets.APPLE_DEVELOPER_ID_INSTALLER }}" "${{ github.workspace }}/packaging/build/osci-render.pkg" "${{ github.workspace }}/bin/osci-render.pkg" | |
| pkgutil --check-signature "${{ github.workspace }}/bin/osci-render.pkg" | |
| - name: Notarize installer | |
| uses: lando/notarize-action@v2 | |
| with: | |
| product-path: ${{ github.workspace }}/bin/osci-render.pkg | |
| appstore-connect-username: ${{ secrets.APPLE_ID }} | |
| appstore-connect-password: ${{ secrets.APPLE_NOTARIZATION_PASSWORD }} | |
| appstore-connect-team-id: ${{ secrets.APPLE_TEAM_ID }} | |
| primary-bundle-id: com.osci-render.pkg | |
| tool: notarytool | |
| verbose: true | |
| - name: Staple installer | |
| run: xcrun stapler staple "${{ github.workspace }}/bin/osci-render.pkg" | |
| - name: Check installer | |
| run: spctl -a -vvv -t install "${{ github.workspace }}/bin/osci-render.pkg" | |
| - name: Upload Artifact | |
| uses: actions/upload-artifact@v3 | |
| with: | |
| name: Binaries | |
| path: bin | |
| retention-days: 7 | |
| build-windows: | |
| name: Build Windows | |
| runs-on: windows-latest | |
| steps: | |
| - name: Fix up git URLs | |
| run: echo -e '[url "https://github.com/"]\n insteadOf = "[email protected]:"' >> ~/.gitconfig | |
| shell: bash | |
| - uses: actions/checkout@v1 | |
| with: | |
| token: ${{ secrets.ACCESS_TOKEN }} | |
| submodules: true | |
| - name: Setup NuGet.exe for use with actions | |
| uses: NuGet/[email protected] | |
| - name: NuGet Sources | |
| run: nuget sources | |
| - name: "Run script" | |
| run: | | |
| export OS="win" | |
| source ./ci/setup-env.sh | |
| source ./ci/test.sh | |
| source ./ci/build.sh | |
| shell: bash | |
| - name: Upload Artifact | |
| uses: actions/upload-artifact@v3 | |
| with: | |
| name: Binaries | |
| path: bin | |
| retention-days: 7 |