LuckyRobots/LuckyWorld
15
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects 1 Releases 13 Wiki Activity

WIP: feat(workflows): add new build workflows for Windows, Linux, and macOS, and remove obsolete build scripts #17

Draft
m wants to merge 141 commits from ozgur/build into main
pull from: ozgur/build
merge into: LuckyRobots:main
Conversation 0 Commits 141 Files Changed 24 +182 -84
1 changed files with 182 additions and 84 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files
Showing only changes of commit a207e10eff - Show all commits

278
.gitea/workflows/test-macos-build.yml
View File

@ -21,6 +21,9 @@ jobs:
if [ -f "LuckyWorld.entitlements" ]; then
echo "Using existing LuckyWorld.entitlements file"
ENTITLEMENTS_FILE="LuckyWorld.entitlements"
elif [ -f "LuckyRobots.entitlements" ]; then
echo "Using existing LuckyRobots.entitlements file"
ENTITLEMENTS_FILE="LuckyRobots.entitlements"
else
echo "Creating default entitlements file as LuckyWorld.entitlements"
# Create entitlements file line by line instead of heredoc
@ -82,122 +85,217 @@ jobs:
fi
shell: bash
# Step 3: Setup API Key
- name: Setup API Key
id: setup-api-key
# Step 3: Create keychain and import certificate
- name: Create keychain and import certificate
env:
API_KEY_PATH: ${{ secrets.NOTARY_API_KEY_PATH }}
CERTIFICATE_BASE64: ${{ secrets.MACOS_CERTIFICATE }}
CERTIFICATE_PASSWORD: ${{ secrets.MACOS_CERTIFICATE_PWD }}
run: |
# Decode the API key from Base64 secret and save it to a file
echo "$API_KEY_PATH" | base64 --decode > api_key.p8
echo "API_KEY_FILE=$(pwd)/api_key.p8" >> "$GITHUB_ENV"
echo "API key setup complete"
shell: bash
# Step 4: Find App Bundle
- name: Find App Bundle
id: find-app-bundle
run: |
# Find app bundle with absolute path
REL_APP_PATH=$(find Builds -type d -name "*.app" | head -1)
if [ -z "$REL_APP_PATH" ]; then
# Look for a directory that might be a bundle but not named .app
REL_APP_PATH=$(find Builds -mindepth 1 -maxdepth 1 -type d | head -1)
if [ -z "$REL_APP_PATH" ]; then
echo "No build directory found, cannot continue"
exit 1
fi
fi
# Convert to absolute path
APP_PATH="${WORKSPACE_DIR}/${REL_APP_PATH}"
echo "Found relative app path: $REL_APP_PATH"
echo "Using absolute app path: $APP_PATH"
# Verify the path exists
if [ ! -d "$APP_PATH" ]; then
echo "WARNING: Path does not exist: $APP_PATH"
echo "Checking if path exists without workspace prefix..."
# Sometimes CI systems already provide absolute paths
if [ -d "/$REL_APP_PATH" ]; then
APP_PATH="/$REL_APP_PATH"
echo "Using path: $APP_PATH"
elif [[ "$REL_APP_PATH" == /* ]] && [ -d "$REL_APP_PATH" ]; then
APP_PATH="$REL_APP_PATH"
echo "Using original absolute path: $APP_PATH"
else
# List files in Builds directory for debugging
# Debug: Print working directory
echo "Current working directory: $(pwd)"
echo "Contents of Builds directory:"
find Builds -type d | sort
# Try to find app anywhere in the workspace
echo "Searching for .app files in the workspace:"
APP_PATHS=$(find . -type d -name "*.app" 2>/dev/null)
if [ -n "$APP_PATHS" ]; then
echo "Found potential app bundles:"
echo "$APP_PATHS"
APP_PATH="$(pwd)/$(echo "$APP_PATHS" | head -1)"
echo "Using first result: $APP_PATH"
else
echo "ERROR: Could not find any .app bundles in the workspace"
exit 1
fi
fi
fi
# Create keychain
KEYCHAIN_PATH="${WORKSPACE_DIR}/build.keychain"
KEYCHAIN_PASSWORD="temporary"
echo "APP_PATH=$APP_PATH" >> "$GITHUB_ENV"
# Create and configure keychain
security create-keychain -p "$KEYCHAIN_PASSWORD" "$KEYCHAIN_PATH"
security set-keychain-settings -lut 21600 "$KEYCHAIN_PATH"
security unlock-keychain -p "$KEYCHAIN_PASSWORD" "$KEYCHAIN_PATH"
# Set keychain search list
security list-keychains -d user -s "$KEYCHAIN_PATH" $(security list-keychains -d user | sed s/\"//g)
# Decode and import certificate
echo "$CERTIFICATE_BASE64" | base64 --decode > certificate.p12
# Download Apple certificates
curl -s -o AppleWWDRCAG3.cer https://www.apple.com/certificateauthority/AppleWWDRCAG3.cer
curl -s -o DeveloperIDG2.cer https://www.apple.com/certificateauthority/DeveloperIDG2.cer
# Import certificates
security import AppleWWDRCAG3.cer -k "$KEYCHAIN_PATH" -T /usr/bin/codesign -f der -A
security import DeveloperIDG2.cer -k "$KEYCHAIN_PATH" -T /usr/bin/codesign -f der -A
security import certificate.p12 -P "$CERTIFICATE_PASSWORD" -A -t cert -f pkcs12 -k "$KEYCHAIN_PATH"
# Set partition list
security set-key-partition-list -S apple-tool:,apple: -s -k "$KEYCHAIN_PASSWORD" "$KEYCHAIN_PATH"
# Export keychain path and password for later use
echo "KEYCHAIN_PATH=$KEYCHAIN_PATH" >> "$GITHUB_ENV"
echo "KEYCHAIN_PASSWORD=$KEYCHAIN_PASSWORD" >> "$GITHUB_ENV"
echo "Certificate imported to keychain"
shell: bash
# Step 5: Sign macOS App using lando/code-sign-action
- name: Sign macOS App
id: sign-app
uses: lando/code-sign-action@v3
with:
file: ${{ env.APP_PATH }}
certificate-data: ${{ secrets.MACOS_CERTIFICATE }}
certificate-password: ${{ secrets.MACOS_CERTIFICATE_PWD }}
apple-team-id: ${{ secrets.APPLE_TEAM_ID }}
options: --options runtime --deep --timestamp --entitlements ${{ env.WORKSPACE_DIR }}/${{ env.ENTITLEMENTS_FILE }}
# API Key Notarization (daha güvenli ve modern)
apple-api-key: ${{ env.API_KEY_FILE }}
apple-api-key-id: ${{ secrets.NOTARY_API_KEY_ID }}
apple-api-issuer: ${{ secrets.NOTARY_API_KEY_ISSUER_ID }}
apple-product-id: dev.luckyrobots.luckyworld
# Step 4: Find and prep app for signing
- name: Find and prep app for signing
run: |
# Find app bundle - look everywhere
APP_PATHS=$(find . -type d -name "*.app" 2>/dev/null)
# Step 6: Package macOS App
if [ -z "$APP_PATHS" ]; then
# No *.app extension found, look in Builds/Mac directory for any directory
APP_PATHS=$(find ./Builds/Mac -type d -mindepth 1 -maxdepth 1 2>/dev/null)
fi
if [ -z "$APP_PATHS" ]; then
echo "ERROR: Could not find any app bundles!"
exit 1
fi
echo "Found potential app bundles:"
echo "$APP_PATHS"
# Use the first app path found
APP_PATH=$(echo "$APP_PATHS" | head -1)
# Get app name for later use
APP_NAME=$(basename "$APP_PATH")
echo "Using app bundle: $APP_PATH"
echo "App name: $APP_NAME"
echo "APP_PATH=$APP_PATH" >> "$GITHUB_ENV"
echo "APP_NAME=$APP_NAME" >> "$GITHUB_ENV"
shell: bash
# Step 5: Sign application with codesign
- name: Sign application
env:
APPLE_TEAM_ID: ${{ secrets.APPLE_TEAM_ID }}
run: |
echo "Signing app bundle: $APP_PATH"
echo "Using entitlements file: $ENTITLEMENTS_FILE"
# First, handle libraries and frameworks
find "$APP_PATH" -type f -name "*.dylib" -o -name "*.framework/Versions/*/Resources" | while read LIB; do
echo "Signing library: $LIB"
/usr/bin/codesign --force --options runtime --timestamp --sign "Developer ID Application: $APPLE_TEAM_ID" "$LIB"
done
# Sign the app bundle itself
/usr/bin/codesign --force --options runtime --deep --timestamp --verbose --sign "Developer ID Application: $APPLE_TEAM_ID" --entitlements "$WORKSPACE_DIR/$ENTITLEMENTS_FILE" "$APP_PATH"
# Verify signature
echo "Verifying signature..."
/usr/bin/codesign --verify --verbose "$APP_PATH"
if [ $? -eq 0 ]; then
echo "✅ Code signing was successful"
else
echo "❌ Code signing failed"
exit 1
fi
shell: bash
# Step 6: Notarize application
- name: Notarize application
env:
API_KEY_PATH: ${{ secrets.NOTARY_API_KEY_PATH }}
API_KEY_ID: ${{ secrets.NOTARY_API_KEY_ID }}
API_KEY_ISSUER_ID: ${{ secrets.NOTARY_API_KEY_ISSUER_ID }}
run: |
echo "Preparing for notarization..."
# Create API key file
echo "$API_KEY_PATH" | base64 --decode > api_key.p8
API_KEY_FILE="$(pwd)/api_key.p8"
# Create a zip archive for notarization
NOTARIZE_APP_PATH="LuckyWorld-notarize.zip"
echo "Creating archive for notarization: $NOTARIZE_APP_PATH"
# Use ditto to preserve bundle structure
ditto -c -k --keepParent "$APP_PATH" "$NOTARIZE_APP_PATH"
# Check if zip file was created successfully
if [ ! -f "$NOTARIZE_APP_PATH" ]; then
echo "❌ Failed to create notarization archive"
exit 1
fi
echo "Submitting for notarization..."
echo "API Key ID: $API_KEY_ID"
echo "API Key File: $API_KEY_FILE"
# Submit for notarization using API key
NOTARIZE_OUTPUT=$(xcrun notarytool submit "$NOTARIZE_APP_PATH" --key "$API_KEY_FILE" --key-id "$API_KEY_ID" --issuer "$API_KEY_ISSUER_ID" --wait)
echo "Notarization response:"
echo "$NOTARIZE_OUTPUT"
# Check if notarization was successful
if [[ "$NOTARIZE_OUTPUT" =~ "status: Accepted" ]]; then
echo "✅ Notarization successful"
else
echo "⚠️ Notarization may have failed. Checking status..."
# Extract submission ID if available
SUBMISSION_ID=$(echo "$NOTARIZE_OUTPUT" | grep "id:" | awk '{print $2}')
if [ -n "$SUBMISSION_ID" ]; then
echo "Checking submission $SUBMISSION_ID..."
xcrun notarytool info "$SUBMISSION_ID" --key "$API_KEY_FILE" --key-id "$API_KEY_ID" --issuer "$API_KEY_ISSUER_ID"
# Continue even if notarization failed - we'll staple if possible
echo "⚠️ Continuing despite potential notarization issues..."
else
echo "⚠️ No submission ID found. Continuing anyway..."
fi
fi
# Staple the notarization ticket to the app
echo "Stapling notarization ticket to app..."
xcrun stapler staple "$APP_PATH"
if [ $? -eq 0 ]; then
echo "✅ Stapling successful"
else
echo "⚠️ Stapling may have failed. This is sometimes expected for new apps."
echo "⚠️ Continuing with packaging..."
fi
# Clean up
rm -f "$NOTARIZE_APP_PATH" "$API_KEY_FILE"
shell: bash
# Step 7: Package macOS App
- name: Package macOS App
run: |
# Package the signed and notarized app
APP_PATH="${{ steps.sign-app.outputs.file }}"
APP_NAME=$(basename "$APP_PATH")
DIR_PATH=$(dirname "$APP_PATH")
echo "Packaging signed app bundle: $APP_PATH"
echo "Creating final package..."
(cd "$DIR_PATH" && zip -r "${WORKSPACE_DIR}/PackagedReleases/LuckyRobots-macOS.zip" "$APP_NAME")
echo "Created packaged release: PackagedReleases/LuckyRobots-macOS.zip"
# Create zip package
(cd "$(dirname "$APP_PATH")" && zip -r "${WORKSPACE_DIR}/PackagedReleases/LuckyWorld-macOS.zip" "$(basename "$APP_PATH")")
echo "Created packaged release: PackagedReleases/LuckyWorld-macOS.zip"
echo "Packaged releases:"
ls -la PackagedReleases/
shell: bash
# Step 7: Upload macOS Build Artifact
# Step 8: Upload macOS Build Artifact
- name: Upload macOS Build Artifact
uses: actions/upload-artifact@v3
if: success()
with:
name: LuckyRobots-macOS
path: PackagedReleases/LuckyRobots-macOS.zip
name: LuckyWorld-macOS
path: PackagedReleases/LuckyWorld-macOS.zip
retention-days: 365
# Step 8: Cleanup
# Step 9: Cleanup
- name: Cleanup
if: always()
run: |
# Clean up files
# Clean up keychain and certificates
if [ -n "$KEYCHAIN_PATH" ]; then
security delete-keychain "$KEYCHAIN_PATH" || true
fi
# Clean up certificate files
rm -f certificate.p12 AppleWWDRCAG3.cer DeveloperIDG2.cer api_key.p8 || true
echo "Cleanup complete"
shell: bash