LuckyRobots/LuckyWorld
14
0
Fork 0
Code Issues Pull Requests 1 Actions 1 Packages Projects 1 Releases 13 Wiki Activity

WIP: feat(workflows): add new build workflows for Windows, Linux, and macOS, and remove obsolete build scripts #17

Draft
m wants to merge 115 commits from ozgur/build into main
pull from: ozgur/build
merge into: LuckyRobots:main
Conversation 0 Commits 115 Files Changed 21 +130 -247
3 changed files with 130 additions and 247 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files
Showing only changes of commit 7769dfcea2 - Show all commits

4
.gitea/workflows/build.yml
View File

@ -2,8 +2,8 @@ name: Unreal Engine Build
on:
workflow_dispatch:
push:
branches: [ozgur/build]
# push:
# branches: [ozgur/build]
jobs:
windows-build:

128
.gitea/workflows/test-macos-build.yml Normal file
View File

@ -0,0 +1,128 @@
name: Test macOS Build Action
on:
workflow_dispatch: # Manual trigger only for testing
push:
branches: [ozgur/build]
jobs:
test-macos-build:
runs-on: macos
steps:
- name: Checkout repository
uses: actions/checkout@v3
with:
lfs: true
fetch-depth: 0
# Step 1: Setup environment
- name: Setup environment
run: |
# Use the correct path where Unreal Engine is installed
UE_PATH="/Users/Shared/Epic Games/UE_5.5"
if [ ! -d "$UE_PATH" ]; then
echo "Error: Unreal Engine is not installed in the expected location"
echo "Please ensure Unreal Engine is installed at $UE_PATH"
exit 1
fi
# Create directories for builds
mkdir -p Builds/Mac
mkdir -p PackagedReleases
echo "Using Unreal Engine 5.5"
shell: bash
# Step 2: Build for macOS
- name: Build for macOS
run: |
chmod +x ./scripts/mac_build.sh
./scripts/mac_build.sh
shell: bash
# Step 3: Setup for Signing
- name: Setup for Signing
id: setup-signing
env:
API_KEY_PATH: ${{ secrets.NOTARY_API_KEY_PATH }}
run: |
# Create output directory
mkdir -p PackagedReleases
# Decode the API key from Base64 secret
echo "$API_KEY_PATH" | base64 --decode > api_key.p8
echo "api_key_file=$(pwd)/api_key.p8" >> $GITEA_OUTPUT
# Find app bundle
APP_PATH=$(find Builds -type d -name "*.app" | head -1)
if [ -z "$APP_PATH" ]; then
# Look for a directory that might be a bundle but not named .app
APP_PATH=$(find Builds -mindepth 1 -maxdepth 1 -type d | head -1)
if [ -z "$APP_PATH" ]; then
echo "No build directory found, cannot continue"
exit 1
fi
fi
echo "Found app path: $APP_PATH"
echo "app_path=$APP_PATH" >> $GITEA_OUTPUT
shell: bash
# Step 4: Sign macOS App
- name: Sign macOS App
uses: lando/code-sign-action@v3
id: sign-app
with:
file: ${{ steps.setup-signing.outputs.app_path }}
certificate-data: ${{ secrets.MACOS_CERTIFICATE }}
certificate-password: ${{ secrets.MACOS_CERTIFICATE_PWD }}
certificate-id: ${{ secrets.APPLE_TEAM_ID }}
options: --force --options runtime --deep --timestamp --entitlements ./LuckyRobots.entitlements
# Step 5: Notarize macOS App
- name: Notarize macOS App
run: |
# Create a temporary file for notarization
APP_PATH="${{ steps.setup-signing.outputs.app_path }}"
NOTARIZE_APP_PATH="./LuckyRobots-notarize.zip"
ditto -c -k --keepParent "$APP_PATH" "$NOTARIZE_APP_PATH"
API_KEY_FILE="${{ steps.setup-signing.outputs.api_key_file }}"
# Submit for notarization using API key
echo "Submitting for notarization with API key..."
xcrun notarytool submit "$NOTARIZE_APP_PATH" --key "$API_KEY_FILE" --key-id "${{ secrets.NOTARY_API_KEY_ID }}" --issuer "${{ secrets.NOTARY_API_KEY_ISSUER_ID }}" --wait
# Staple the ticket to the application
xcrun stapler staple "$APP_PATH"
# Clean up the API key file
rm -f "$API_KEY_FILE"
rm -f "$NOTARIZE_APP_PATH"
shell: bash
# Step 6: Package macOS App
- name: Package macOS App
run: |
# Package the signed and notarized app
APP_PATH="${{ steps.setup-signing.outputs.app_path }}"
APP_NAME=$(basename "$APP_PATH")
DIR_PATH=$(dirname "$APP_PATH")
echo "Creating final package..."
(cd "$DIR_PATH" && zip -r "../../PackagedReleases/LuckyRobots-macOS.zip" "$APP_NAME")
echo "Created packaged release: PackagedReleases/LuckyRobots-macOS.zip"
echo "Packaged releases:"
ls -la PackagedReleases/
shell: bash
# Step 7: Upload macOS Build Artifact
- name: Upload macOS Build Artifact
uses: actions/upload-artifact@v3
if: success()
with:
name: LuckyRobots-macOS
path: PackagedReleases/LuckyRobots-macOS.zip
retention-days: 365

245
.gitea/workflows/test-signing.yml
View File

@ -1,245 +0,0 @@
name: Test macOS Signing
on:
# push:
# branches: [ozgur/build]
workflow_dispatch: # Manual trigger is also available
jobs:
test-signing:
runs-on: macos
steps:
- name: Create Entitlements File
run: |
# Create entitlements file inline
cat > LuckyRobots.entitlements << EOF
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>com.apple.security.cs.allow-jit</key>
<true/>
<key>com.apple.security.cs.allow-unsigned-executable-memory</key>
<true/>
<key>com.apple.security.cs.disable-library-validation</key>
<true/>
<key>com.apple.security.cs.allow-dyld-environment-variables</key>
<true/>
<key>com.apple.security.device.audio-input</key>
<true/>
<key>com.apple.security.device.camera</key>
<true/>
</dict>
</plist>
EOF
echo "Created entitlements file:"
cat LuckyRobots.entitlements
shell: bash
- name: Download and Extract Artifact
id: extract-artifact
run: |
# Working with absolute paths to eliminate path inconsistencies
WORKSPACE_DIR="$(pwd)"
BUILDS_DIR="$WORKSPACE_DIR/Builds"
EXTRACT_DIR="$WORKSPACE_DIR/temp_extract"
# Create directories
mkdir -p "$BUILDS_DIR/Mac"
mkdir -p "$EXTRACT_DIR"
# Download specific artifact
echo "Downloading build artifact..."
# Use fixed artifact URL
ARTIFACT_URL="https://luckyrobots.com/LuckyRobots/LuckyWorld/actions/runs/84/artifacts/LuckyRobots-macOS"
echo "Using artifact URL: $ARTIFACT_URL"
BUILD_ZIP="$WORKSPACE_DIR/build.zip"
# Download the artifact
curl -L "$ARTIFACT_URL" -o "$BUILD_ZIP"
# First unzip - Outer artifact zip file
echo "Extracting outer zip file..."
unzip -o "$BUILD_ZIP" -d "$EXTRACT_DIR"
# List the contents of temp_extract
echo "Contents of temp_extract:"
ls -la "$EXTRACT_DIR"
# Handle case where the artifact might have different structure
# Try to find any zip files recursively
echo "Searching for zip files in extract directory..."
ZIP_FILES=$(find "$EXTRACT_DIR" -name "*.zip" -type f)
echo "Found ZIP files: $ZIP_FILES"
# Create target directory for Mac app
TARGET_DIR="$BUILDS_DIR/Mac"
mkdir -p "$TARGET_DIR"
# Extract all found zip files
for ZIP_FILE in $ZIP_FILES; do
echo "Extracting: $ZIP_FILE to $TARGET_DIR"
unzip -o "$ZIP_FILE" -d "$TARGET_DIR"
done
# Look for LuckyWorld-Mac-Shipping.app specifically
if [ -d "$TARGET_DIR/LuckyWorld-Mac-Shipping.app" ]; then
APP_PATH="$TARGET_DIR/LuckyWorld-Mac-Shipping.app"
echo "Found specific app: $APP_PATH"
else
# Try to find any .app bundle recursively
echo "Searching for .app bundles in all directories..."
APP_PATH=$(find "$BUILDS_DIR" -name "*.app" -type d | head -1)
if [ -z "$APP_PATH" ]; then
echo "Could not find any .app bundle. Looking in other directories..."
APP_PATH=$(find "$WORKSPACE_DIR" -name "*.app" -type d | head -1)
fi
fi
if [ -z "$APP_PATH" ]; then
echo "ERROR: Could not find any .app bundle"
echo "Contents of Builds directory:"
find "$BUILDS_DIR" -type d | sort
echo "Contents of extracted files:"
find "$EXTRACT_DIR" -type f | sort
exit 1
fi
echo "Found app bundle at: $APP_PATH"
echo "app_path=$APP_PATH" >> $GITHUB_OUTPUT
shell: bash
- name: Setup for Signing
id: setup-signing
env:
APPLE_CERTIFICATE_BASE64: ${{ secrets.MACOS_CERTIFICATE }}
APPLE_CERTIFICATE_PASSWORD: ${{ secrets.MACOS_CERTIFICATE_PWD }}
run: |
# Decode the base64 certificate
echo "$APPLE_CERTIFICATE_BASE64" | base64 --decode > certificate.p12
# Create keychain and import certificate
KEYCHAIN_PATH="signing-keychain.keychain-db"
KEYCHAIN_PASSWORD="temporary"
# Create custom keychain
security create-keychain -p "$KEYCHAIN_PASSWORD" "$KEYCHAIN_PATH"
security set-keychain-settings -lut 21600 "$KEYCHAIN_PATH"
security unlock-keychain -p "$KEYCHAIN_PASSWORD" "$KEYCHAIN_PATH"
# Download Apple root certificates
echo "Downloading Apple Developer certificates..."
curl -s -o AppleWWDRCAG3.cer https://www.apple.com/certificateauthority/AppleWWDRCAG3.cer
curl -s -o DeveloperIDG2.cer https://www.apple.com/certificateauthority/DeveloperIDG2.cer
# Import all certificates to our custom keychain
security import AppleWWDRCAG3.cer -k "$KEYCHAIN_PATH" -T /usr/bin/codesign -f der -A
security import DeveloperIDG2.cer -k "$KEYCHAIN_PATH" -T /usr/bin/codesign -f der -A
security import certificate.p12 -P "$APPLE_CERTIFICATE_PASSWORD" -A -t cert -f pkcs12 -k "$KEYCHAIN_PATH"
# Set keychain for signing
security list-keychain -d user -s "$KEYCHAIN_PATH"
security default-keychain -s "$KEYCHAIN_PATH"
# Always trust our certificates
security set-key-partition-list -S apple-tool:,apple: -s -k "$KEYCHAIN_PASSWORD" "$KEYCHAIN_PATH"
# Setup API key
echo "${{ secrets.NOTARY_API_KEY_PATH }}" | base64 --decode > api_key.p8
echo "keychain_path=$KEYCHAIN_PATH" >> $GITHUB_OUTPUT
echo "keychain_password=$KEYCHAIN_PASSWORD" >> $GITHUB_OUTPUT
echo "api_key_path=$(pwd)/api_key.p8" >> $GITHUB_OUTPUT
shell: bash
- name: Sign macOS App
id: sign-app
env:
APPLE_TEAM_ID: ${{ secrets.APPLE_TEAM_ID }}
run: |
APP_PATH="${{ steps.extract-artifact.outputs.app_path }}"
echo "Signing app bundle: $APP_PATH"
# First, handle problematic libraries separately
find "$APP_PATH" -name "*.dylib" | while read DYLIB; do
echo "Signing library: $DYLIB"
codesign --force --options runtime --timestamp --sign "Developer ID Application: $APPLE_TEAM_ID" "$DYLIB"
done
# Now sign the application itself
echo "Signing main application bundle..."
/usr/bin/codesign --force --options runtime --deep --timestamp --sign "Developer ID Application: $APPLE_TEAM_ID" --entitlements ./LuckyRobots.entitlements "$APP_PATH"
# Verify signature
echo "Verifying signature..."
codesign --verify --verbose "$APP_PATH"
echo "App signing completed successfully"
echo "app_path=$APP_PATH" >> $GITHUB_OUTPUT
shell: bash
- name: Notarize macOS App
run: |
# Create a temporary file for notarization
APP_PATH="${{ steps.sign-app.outputs.app_path }}"
NOTARIZE_APP_PATH="./LuckyRobots-notarize.zip"
ditto -c -k --keepParent "$APP_PATH" "$NOTARIZE_APP_PATH"
# Get API key path from previous step
API_KEY_PATH="${{ steps.setup-signing.outputs.api_key_path }}"
# Submit for notarization using API key
echo "Submitting for notarization with API key..."
xcrun notarytool submit "$NOTARIZE_APP_PATH" --key "$API_KEY_PATH" --key-id "${{ secrets.NOTARY_API_KEY_ID }}" --issuer "${{ secrets.NOTARY_API_KEY_ISSUER_ID }}" --wait
# Staple the ticket to the application
xcrun stapler staple "$APP_PATH"
# Clean up the API key file
rm -f "$API_KEY_PATH"
rm -f "$NOTARIZE_APP_PATH"
shell: bash
- name: Package macOS App
run: |
# Package the signed and notarized app
APP_PATH="${{ steps.sign-app.outputs.app_path }}"
APP_NAME=$(basename "$APP_PATH")
WORKSPACE_DIR="$(pwd)"
OUTPUT_DIR="$WORKSPACE_DIR/TestSignedApps"
# Create test output directory
mkdir -p "$OUTPUT_DIR"
echo "Creating test package..."
ditto -c -k --keepParent "$APP_PATH" "$OUTPUT_DIR/Test-$APP_NAME.zip"
echo "Created test package: $OUTPUT_DIR/Test-$APP_NAME.zip"
echo "Test packaged apps:"
ls -la "$OUTPUT_DIR"
shell: bash
- name: Upload Test Signed App
uses: actions/upload-artifact@v3
if: success()
with:
name: TestSigned-macOS-App
path: TestSignedApps/Test-*.zip
retention-days: 7
- name: Cleanup
if: always()
run: |
# Clean up keychain
KEYCHAIN_PATH="${{ steps.setup-signing.outputs.keychain_path }}"
if [ -n "$KEYCHAIN_PATH" ]; then
security delete-keychain "$KEYCHAIN_PATH" || true
fi
# Clean up temp files
rm -f certificate.p12 AppleWWDRCAG3.cer DeveloperIDG2.cer || true
shell: bash