From d2e8757535c9d8527c2e29d448620ab4799c01ab Mon Sep 17 00:00:00 2001 From: Ozgur Ersoy Date: Sun, 13 Apr 2025 02:35:09 +0200 Subject: [PATCH] refactor(workflows): merge individual build workflows into a unified workflow with platform-specific steps for Windows, Linux, and macOS --- .gitea/actions/linux-build/action.yml | 46 +++++++ .gitea/actions/macos-build/action.yml | 154 ++++++++++++++++++++++++ .gitea/actions/windows-build/action.yml | 42 +++++++ .gitea/workflows/build.yml | 44 ++++++- .gitea/workflows/linux-build.yml | 53 -------- .gitea/workflows/macos-build.yml | 141 ---------------------- .gitea/workflows/windows-build.yml | 49 -------- 7 files changed, 281 insertions(+), 248 deletions(-) create mode 100644 .gitea/actions/linux-build/action.yml create mode 100644 .gitea/actions/macos-build/action.yml create mode 100644 .gitea/actions/windows-build/action.yml delete mode 100644 .gitea/workflows/linux-build.yml delete mode 100644 .gitea/workflows/macos-build.yml delete mode 100644 .gitea/workflows/windows-build.yml diff --git a/.gitea/actions/linux-build/action.yml b/.gitea/actions/linux-build/action.yml new file mode 100644 index 00000000..f9cf4604 --- /dev/null +++ b/.gitea/actions/linux-build/action.yml @@ -0,0 +1,46 @@ +name: 'Linux Build Steps' +description: 'Build Linux application' + +runs: + using: "composite" + steps: + - name: Setup environment + run: | + # Set environment variables for Unreal Engine + echo "UE_ROOT=E:/Games/UE_5.5" >> $GITHUB_ENV + + # Set environment variables for Linux toolchain (needed for cross-compilation) + $env:LINUX_MULTIARCH_ROOT="C:/UnrealToolchains/v23_clang-18.1.0-rockylinux8" + echo "LINUX_MULTIARCH_ROOT=${LINUX_MULTIARCH_ROOT}" >> $GITHUB_ENV + + # Create directories for builds + if (!(Test-Path "Builds/Linux")) { New-Item -ItemType Directory -Path "Builds/Linux" -Force } + if (!(Test-Path "PackagedReleases")) { New-Item -ItemType Directory -Path "PackagedReleases" -Force } + shell: pwsh + + - name: Build for Linux + run: | + # Chmod command doesn't exist in Windows, use PowerShell to run the bash script + & 'C:\Program Files\Git\bin\bash.exe' -c "./scripts/linux_build.sh" + shell: pwsh + + - name: Package Linux build + run: | + echo "Packaging Linux build..." + if [ -d "Builds/Linux" ]; then + cd Builds/Linux + zip -r ../../PackagedReleases/LuckyRobots-Linux.zip . + cd ../.. + fi + + echo "=== Packaged Linux release ===" + ls -la PackagedReleases/ + shell: bash + + - name: Upload Linux Build Artifact + uses: actions/upload-artifact@v3 + if: success() && hashFiles('PackagedReleases/LuckyRobots-Linux.zip') != '' + with: + name: LuckyRobots-Linux + path: PackagedReleases/LuckyRobots-Linux.zip + retention-days: 365 \ No newline at end of file diff --git a/.gitea/actions/macos-build/action.yml b/.gitea/actions/macos-build/action.yml new file mode 100644 index 00000000..75a6351e --- /dev/null +++ b/.gitea/actions/macos-build/action.yml @@ -0,0 +1,154 @@ +name: 'macOS Build Steps' +description: 'Build, sign and notarize macOS application' + +inputs: + apple_team_id: + description: 'Apple Team ID for signing' + required: true + apple_certificate_base64: + description: 'Base64-encoded certificate file' + required: true + apple_certificate_password: + description: 'Password for certificate file' + required: true + api_key_path: + description: 'Base64-encoded API key file' + required: true + api_key_id: + description: 'API Key ID' + required: true + api_key_issuer_id: + description: 'API Key Issuer ID' + required: true + +runs: + using: "composite" + steps: + - name: Setup environment + run: | + # Use the correct path where Unreal Engine is installed + UE_PATH="/Users/Shared/Epic Games/UE_5.5" + + if [ ! -d "$UE_PATH" ]; then + echo "Error: Unreal Engine is not installed in the expected location" + echo "Please ensure Unreal Engine is installed at $UE_PATH" + exit 1 + fi + + # Create directories for builds + mkdir -p Builds/Mac + mkdir -p PackagedReleases + + echo "Using Unreal Engine 5.5" + shell: bash + + - name: Build for macOS + run: | + chmod +x ./scripts/mac_build.sh + ./scripts/mac_build.sh + shell: bash + + - name: Sign and Notarize macOS App + if: ${{ success() }} + env: + APPLE_TEAM_ID: ${{ inputs.apple_team_id }} + APPLE_CERTIFICATE_BASE64: ${{ inputs.apple_certificate_base64 }} + APPLE_CERTIFICATE_PASSWORD: ${{ inputs.apple_certificate_password }} + API_KEY_PATH: ${{ inputs.api_key_path }} + API_KEY_ID: ${{ inputs.api_key_id }} + API_KEY_ISSUER_ID: ${{ inputs.api_key_issuer_id }} + run: | + # Create output directory + mkdir -p PackagedReleases + + # Decode the base64 certificate + echo "Setting up certificate..." + echo $APPLE_CERTIFICATE_BASE64 | base64 --decode > certificate.p12 + + # Create keychain and import certificate + KEYCHAIN_PATH=$RUNNER_TEMP/app-signing.keychain-db + KEYCHAIN_PASSWORD=temporary + + security create-keychain -p "$KEYCHAIN_PASSWORD" "$KEYCHAIN_PATH" + security set-keychain-settings -lut 21600 "$KEYCHAIN_PATH" + security unlock-keychain -p "$KEYCHAIN_PASSWORD" "$KEYCHAIN_PATH" + security import certificate.p12 -P "$APPLE_CERTIFICATE_PASSWORD" -A -t cert -f pkcs12 -k "$KEYCHAIN_PATH" + security list-keychain -d user -s "$KEYCHAIN_PATH" + + # Find app bundle + APP_PATH=$(find Builds -type d -name "*.app" | head -1) + + if [ -n "$APP_PATH" ]; then + echo "Signing app bundle: $APP_PATH" + + # Sign the application + /usr/bin/codesign --force --options runtime --sign "Developer ID Application: $APPLE_TEAM_ID" --deep --entitlements "./LuckyRobots.entitlements" "$APP_PATH" + + # Create a temporary file for notarization + NOTARIZE_APP_PATH="./LuckyRobots-notarize.zip" + ditto -c -k --keepParent "$APP_PATH" "$NOTARIZE_APP_PATH" + + # Decode the API key from Base64 secret + echo "$API_KEY_PATH" | base64 --decode > api_key.p8 + API_KEY_FILE="api_key.p8" + + # Submit for notarization using API key + echo "Submitting for notarization with API key..." + xcrun notarytool submit "$NOTARIZE_APP_PATH" --key "$API_KEY_FILE" --key-id "$API_KEY_ID" --issuer "$API_KEY_ISSUER_ID" --wait + + # Check notarization result + NOTARIZATION_INFO=$(xcrun notarytool history --key "$API_KEY_FILE" --key-id "$API_KEY_ID" --issuer "$API_KEY_ISSUER_ID" | grep -E '(success|invalid)' | head -1) + + # Clean up the API key file + rm -f "$API_KEY_FILE" + + if echo "$NOTARIZATION_INFO" | grep -q "success"; then + echo "Notarization successful" + + # Staple the ticket to the application + xcrun stapler staple "$APP_PATH" + + # Package the notarized app + echo "Creating final package..." + APP_NAME=$(basename "$APP_PATH") + (cd $(dirname "$APP_PATH") && zip -r "../../PackagedReleases/LuckyRobots-macOS.zip" "$APP_NAME") + echo "Created packaged release: PackagedReleases/LuckyRobots-macOS.zip" + else + echo "Notarization failed: $NOTARIZATION_INFO" + exit 1 + fi + else + echo "No app bundle found for signing and notarization" + + # Look for a directory that might be a bundle but not named .app + MAIN_BUILD_DIR=$(find Builds -mindepth 1 -maxdepth 1 -type d | head -1) + if [ -n "$MAIN_BUILD_DIR" ]; then + echo "Found main build directory: $MAIN_BUILD_DIR" + # Try to sign this directory instead + /usr/bin/codesign --force --options runtime --sign "Developer ID Application: $APPLE_TEAM_ID" --deep --entitlements "./LuckyRobots.entitlements" "$MAIN_BUILD_DIR" + + # Package it + DIR_NAME=$(basename "$MAIN_BUILD_DIR") + (cd $(dirname "$MAIN_BUILD_DIR") && zip -r "../../PackagedReleases/LuckyRobots-macOS.zip" "$DIR_NAME") + echo "Created packaged release: PackagedReleases/LuckyRobots-macOS.zip" + else + echo "No main directory found, cannot sign or package" + exit 1 + fi + fi + + echo "Packaged releases:" + ls -la PackagedReleases/ + + # Clean up + rm -f certificate.p12 + security delete-keychain "$KEYCHAIN_PATH" + shell: bash + + - name: Upload macOS Build Artifact + uses: actions/upload-artifact@v3 + if: success() + with: + name: LuckyRobots-macOS + path: PackagedReleases/LuckyRobots-macOS.zip + retention-days: 365 \ No newline at end of file diff --git a/.gitea/actions/windows-build/action.yml b/.gitea/actions/windows-build/action.yml new file mode 100644 index 00000000..1518429e --- /dev/null +++ b/.gitea/actions/windows-build/action.yml @@ -0,0 +1,42 @@ +name: 'Windows Build Steps' +description: 'Build Windows application' + +runs: + using: "composite" + steps: + - name: Setup environment + run: | + # Set environment variables for Unreal Engine + echo "UE_ROOT=E:/Games/UE_5.5" >> $GITHUB_ENV + + # Create directories for builds + if (!(Test-Path "Builds/Windows")) { New-Item -ItemType Directory -Path "Builds/Windows" -Force } + if (!(Test-Path "PackagedReleases")) { New-Item -ItemType Directory -Path "PackagedReleases" -Force } + shell: pwsh + + - name: Build for Windows + run: | + # Chmod command doesn't exist in Windows, use PowerShell to run the bash script + & 'C:\Program Files\Git\bin\bash.exe' -c "./scripts/win_build.sh" + shell: pwsh + + - name: Package Windows build + run: | + echo "Packaging Windows build..." + if [ -d "Builds/Windows" ]; then + cd Builds/Windows + zip -r ../../PackagedReleases/LuckyRobots-Windows.zip . + cd ../.. + fi + + echo "=== Packaged Windows release ===" + ls -la PackagedReleases/ + shell: bash + + - name: Upload Windows Build Artifact + uses: actions/upload-artifact@v3 + if: success() && hashFiles('PackagedReleases/LuckyRobots-Windows.zip') != '' + with: + name: LuckyRobots-Windows + path: PackagedReleases/LuckyRobots-Windows.zip + retention-days: 365 \ No newline at end of file diff --git a/.gitea/workflows/build.yml b/.gitea/workflows/build.yml index 2c925c46..12a13ab2 100644 --- a/.gitea/workflows/build.yml +++ b/.gitea/workflows/build.yml @@ -7,13 +7,47 @@ on: jobs: windows-build: - uses: ./.gitea/workflows/windows-build.yml - + runs-on: windows + steps: + - name: Checkout repository + uses: actions/checkout@v3 + with: + lfs: true + fetch-depth: 0 + + - name: Build Windows + uses: ./.gitea/actions/windows-build + linux-build: - uses: ./.gitea/workflows/linux-build.yml - + runs-on: windows + steps: + - name: Checkout repository + uses: actions/checkout@v3 + with: + lfs: true + fetch-depth: 0 + + - name: Build Linux + uses: ./.gitea/actions/linux-build + macos-build: - uses: ./.gitea/workflows/macos-build.yml + runs-on: macos + steps: + - name: Checkout repository + uses: actions/checkout@v3 + with: + lfs: true + fetch-depth: 0 + + - name: Build macOS + uses: ./.gitea/actions/macos-build + with: + apple_team_id: ${{ secrets.APPLE_TEAM_ID }} + apple_certificate_base64: ${{ secrets.MACOS_CERTIFICATE }} + apple_certificate_password: ${{ secrets.MACOS_CERTIFICATE_PWD }} + api_key_path: ${{ secrets.NOTARY_API_KEY_PATH }} + api_key_id: ${{ secrets.NOTARY_API_KEY_ID }} + api_key_issuer_id: ${{ secrets.NOTARY_API_KEY_ISSUER_ID }} create-release: needs: [windows-build, linux-build, macos-build] diff --git a/.gitea/workflows/linux-build.yml b/.gitea/workflows/linux-build.yml deleted file mode 100644 index 51117aaf..00000000 --- a/.gitea/workflows/linux-build.yml +++ /dev/null @@ -1,53 +0,0 @@ -name: Linux Build - -on: - workflow_dispatch: - workflow_call: - -jobs: - linux-build: - runs-on: windows - steps: - - name: Checkout repository - uses: actions/checkout@v3 - with: - lfs: true - fetch-depth: 0 - - - name: Setup environment - run: | - # Set environment variables for Unreal Engine - echo "UE_ROOT=E:/Games/UE_5.5" >> $GITHUB_ENV - - # Set environment variables for Linux toolchain (needed for cross-compilation) - $env:LINUX_MULTIARCH_ROOT="C:/UnrealToolchains/v23_clang-18.1.0-rockylinux8" - echo "LINUX_MULTIARCH_ROOT=${LINUX_MULTIARCH_ROOT}" >> $GITHUB_ENV - - # Create directories for builds - if (!(Test-Path "Builds/Linux")) { New-Item -ItemType Directory -Path "Builds/Linux" -Force } - if (!(Test-Path "PackagedReleases")) { New-Item -ItemType Directory -Path "PackagedReleases" -Force } - - - name: Build for Linux - run: | - # Chmod command doesn't exist in Windows, use PowerShell to run the bash script - & 'C:\Program Files\Git\bin\bash.exe' -c "./scripts/linux_build.sh" - - - name: Package Linux build - run: | - echo "Packaging Linux build..." - if [ -d "Builds/Linux" ]; then - cd Builds/Linux - zip -r ../../PackagedReleases/LuckyRobots-Linux.zip . - cd ../.. - fi - - echo "=== Packaged Linux release ===" - ls -la PackagedReleases/ - - - name: Upload Linux Build Artifact - uses: actions/upload-artifact@v3 - if: success() && hashFiles('PackagedReleases/LuckyRobots-Linux.zip') != '' - with: - name: LuckyRobots-Linux - path: PackagedReleases/LuckyRobots-Linux.zip - retention-days: 365 \ No newline at end of file diff --git a/.gitea/workflows/macos-build.yml b/.gitea/workflows/macos-build.yml deleted file mode 100644 index e57b3498..00000000 --- a/.gitea/workflows/macos-build.yml +++ /dev/null @@ -1,141 +0,0 @@ -name: macOS Build - -on: - workflow_dispatch: - workflow_call: - -jobs: - macos-build: - runs-on: macos - steps: - - name: Checkout repository - uses: actions/checkout@v3 - with: - lfs: true - fetch-depth: 0 - - - name: Setup environment - run: | - # Use the correct path where Unreal Engine is installed - UE_PATH="/Users/Shared/Epic Games/UE_5.5" - - if [ ! -d "$UE_PATH" ]; then - echo "Error: Unreal Engine is not installed in the expected location" - echo "Please ensure Unreal Engine is installed at $UE_PATH" - exit 1 - fi - - # Create directories for builds - mkdir -p Builds/Mac - mkdir -p PackagedReleases - - echo "Using Unreal Engine 5.5" - - - name: Build for macOS - run: | - chmod +x ./scripts/mac_build.sh - ./scripts/mac_build.sh - - - name: Sign and Notarize macOS App - if: ${{ success() }} - env: - APPLE_TEAM_ID: ${{ secrets.APPLE_TEAM_ID }} - APPLE_CERTIFICATE_BASE64: ${{ secrets.MACOS_CERTIFICATE }} - APPLE_CERTIFICATE_PASSWORD: ${{ secrets.MACOS_CERTIFICATE_PWD }} - API_KEY_PATH: ${{ secrets.NOTARY_API_KEY_PATH }} - API_KEY_ID: ${{ secrets.NOTARY_API_KEY_ID }} - API_KEY_ISSUER_ID: ${{ secrets.NOTARY_API_KEY_ISSUER_ID }} - run: | - # Create output directory - mkdir -p PackagedReleases - - # Decode the base64 certificate - echo "Setting up certificate..." - echo $APPLE_CERTIFICATE_BASE64 | base64 --decode > certificate.p12 - - # Create keychain and import certificate - KEYCHAIN_PATH=$RUNNER_TEMP/app-signing.keychain-db - KEYCHAIN_PASSWORD=temporary - - security create-keychain -p "$KEYCHAIN_PASSWORD" "$KEYCHAIN_PATH" - security set-keychain-settings -lut 21600 "$KEYCHAIN_PATH" - security unlock-keychain -p "$KEYCHAIN_PASSWORD" "$KEYCHAIN_PATH" - security import certificate.p12 -P "$APPLE_CERTIFICATE_PASSWORD" -A -t cert -f pkcs12 -k "$KEYCHAIN_PATH" - security list-keychain -d user -s "$KEYCHAIN_PATH" - - # Find app bundle - APP_PATH=$(find Builds -type d -name "*.app" | head -1) - - if [ -n "$APP_PATH" ]; then - echo "Signing app bundle: $APP_PATH" - - # Sign the application - /usr/bin/codesign --force --options runtime --sign "Developer ID Application: $APPLE_TEAM_ID" --deep --entitlements "./LuckyRobots.entitlements" "$APP_PATH" - - # Create a temporary file for notarization - NOTARIZE_APP_PATH="./LuckyRobots-notarize.zip" - ditto -c -k --keepParent "$APP_PATH" "$NOTARIZE_APP_PATH" - - # Decode the API key from Base64 secret - echo "$API_KEY_PATH" | base64 --decode > api_key.p8 - API_KEY_FILE="api_key.p8" - - # Submit for notarization using API key - echo "Submitting for notarization with API key..." - xcrun notarytool submit "$NOTARIZE_APP_PATH" --key "$API_KEY_FILE" --key-id "$API_KEY_ID" --issuer "$API_KEY_ISSUER_ID" --wait - - # Check notarization result - NOTARIZATION_INFO=$(xcrun notarytool history --key "$API_KEY_FILE" --key-id "$API_KEY_ID" --issuer "$API_KEY_ISSUER_ID" | grep -E '(success|invalid)' | head -1) - - # Clean up the API key file - rm -f "$API_KEY_FILE" - - if echo "$NOTARIZATION_INFO" | grep -q "success"; then - echo "Notarization successful" - - # Staple the ticket to the application - xcrun stapler staple "$APP_PATH" - - # Package the notarized app - echo "Creating final package..." - APP_NAME=$(basename "$APP_PATH") - (cd $(dirname "$APP_PATH") && zip -r "../../PackagedReleases/LuckyRobots-macOS.zip" "$APP_NAME") - echo "Created packaged release: PackagedReleases/LuckyRobots-macOS.zip" - else - echo "Notarization failed: $NOTARIZATION_INFO" - exit 1 - fi - else - echo "No app bundle found for signing and notarization" - - # Look for a directory that might be a bundle but not named .app - MAIN_BUILD_DIR=$(find Builds -mindepth 1 -maxdepth 1 -type d | head -1) - if [ -n "$MAIN_BUILD_DIR" ]; then - echo "Found main build directory: $MAIN_BUILD_DIR" - # Try to sign this directory instead - /usr/bin/codesign --force --options runtime --sign "Developer ID Application: $APPLE_TEAM_ID" --deep --entitlements "./LuckyRobots.entitlements" "$MAIN_BUILD_DIR" - - # Package it - DIR_NAME=$(basename "$MAIN_BUILD_DIR") - (cd $(dirname "$MAIN_BUILD_DIR") && zip -r "../../PackagedReleases/LuckyRobots-macOS.zip" "$DIR_NAME") - echo "Created packaged release: PackagedReleases/LuckyRobots-macOS.zip" - else - echo "No main directory found, cannot sign or package" - exit 1 - fi - fi - - echo "Packaged releases:" - ls -la PackagedReleases/ - - # Clean up - rm -f certificate.p12 - security delete-keychain "$KEYCHAIN_PATH" - - - name: Upload macOS Build Artifact - uses: actions/upload-artifact@v3 - if: success() - with: - name: LuckyRobots-macOS - path: PackagedReleases/LuckyRobots-macOS.zip - retention-days: 365 \ No newline at end of file diff --git a/.gitea/workflows/windows-build.yml b/.gitea/workflows/windows-build.yml deleted file mode 100644 index 220e6d3d..00000000 --- a/.gitea/workflows/windows-build.yml +++ /dev/null @@ -1,49 +0,0 @@ -name: Windows Build - -on: - workflow_dispatch: - workflow_call: - -jobs: - windows-build: - runs-on: windows - steps: - - name: Checkout repository - uses: actions/checkout@v3 - with: - lfs: true - fetch-depth: 0 - - - name: Setup environment - run: | - # Set environment variables for Unreal Engine - echo "UE_ROOT=E:/Games/UE_5.5" >> $GITHUB_ENV - - # Create directories for builds - if (!(Test-Path "Builds/Windows")) { New-Item -ItemType Directory -Path "Builds/Windows" -Force } - if (!(Test-Path "PackagedReleases")) { New-Item -ItemType Directory -Path "PackagedReleases" -Force } - - - name: Build for Windows - run: | - # Chmod command doesn't exist in Windows, use PowerShell to run the bash script - & 'C:\Program Files\Git\bin\bash.exe' -c "./scripts/win_build.sh" - - - name: Package Windows build - run: | - echo "Packaging Windows build..." - if [ -d "Builds/Windows" ]; then - cd Builds/Windows - zip -r ../../PackagedReleases/LuckyRobots-Windows.zip . - cd ../.. - fi - - echo "=== Packaged Windows release ===" - ls -la PackagedReleases/ - - - name: Upload Windows Build Artifact - uses: actions/upload-artifact@v3 - if: success() && hashFiles('PackagedReleases/LuckyRobots-Windows.zip') != '' - with: - name: LuckyRobots-Windows - path: PackagedReleases/LuckyRobots-Windows.zip - retention-days: 365 \ No newline at end of file