WIP: feat(workflows): add new build workflows for Windows, Linux, and macOS, and remove obsolete build scripts #17
@ -23,6 +23,9 @@ jobs:
|
||||
echo "WORKSPACE_DIR=$WORKSPACE_DIR" >> "$GITHUB_ENV"
|
||||
echo "ENTITLEMENTS_FILE=LuckyWorld.entitlements" >> "$GITHUB_ENV"
|
||||
|
||||
# Set CI environment variable to true for build script
|
||||
echo "CI=true" >> "$GITHUB_ENV"
|
||||
|
||||
# Create directories for builds
|
||||
mkdir -p Builds/Mac
|
||||
mkdir -p PackagedReleases
|
||||
@ -58,6 +61,8 @@ jobs:
|
||||
run: |
|
||||
if [ -f "./scripts/mac_build.sh" ]; then
|
||||
chmod +x ./scripts/mac_build.sh
|
||||
# Set CI environment variable explicitly before running
|
||||
export CI=true
|
||||
./scripts/mac_build.sh
|
||||
else
|
||||
echo "ERROR: Build script not found at ./scripts/mac_build.sh"
|
||||
|
||||
@ -13,9 +13,20 @@ PROJECT_ROOT="$(pwd)"
|
||||
PROJECT_FILE="$PROJECT_ROOT/LuckyWorld.uproject"
|
||||
ARCHIVE_DIR="$PROJECT_ROOT/Builds"
|
||||
|
||||
# Check if running in CI environment
|
||||
if [ -n "$GITHUB_ACTIONS" ] || [ -n "$CI" ]; then
|
||||
# Skip certificate check in CI environment
|
||||
echo "🔄 Running in CI environment, skipping certificate checks"
|
||||
RUNNING_IN_CI=true
|
||||
else
|
||||
RUNNING_IN_CI=false
|
||||
fi
|
||||
|
||||
# Check for Developer ID certificate
|
||||
CERTIFICATE_NAME=""
|
||||
if [ -z "$CERTIFICATE_NAME" ]; then
|
||||
if [ "$RUNNING_IN_CI" = "false" ]; then
|
||||
# Only check for certificate in non-CI environments
|
||||
if [ -z "$CERTIFICATE_NAME" ]; then
|
||||
# Try to find a Developer ID Application certificate
|
||||
CERTIFICATE_NAME=$(security find-identity -v -p codesigning | grep "Developer ID Application" | head -1 | sed -E 's/.*"(Developer ID Application.*)"$/\1/')
|
||||
|
||||
@ -23,10 +34,13 @@ if [ -z "$CERTIFICATE_NAME" ]; then
|
||||
echo "⚠️ No Developer ID Application certificate found. Please specify a valid certificate name."
|
||||
echo "Available certificates:"
|
||||
security find-identity -v -p codesigning
|
||||
exit 1
|
||||
echo "Continuing build without signing..."
|
||||
else
|
||||
echo "🔑 Found Developer ID certificate: $CERTIFICATE_NAME"
|
||||
fi
|
||||
fi
|
||||
else
|
||||
echo "🔄 Skipping local certificate check - signing will be handled in CI pipeline"
|
||||
fi
|
||||
|
||||
# Check for entitlements file
|
||||
@ -44,7 +58,11 @@ echo "Project root: $PROJECT_ROOT"
|
||||
echo "Project file: $PROJECT_FILE"
|
||||
echo "Archive directory: $ARCHIVE_DIR"
|
||||
echo "Entitlements file: $ENTITLEMENTS_FILE"
|
||||
echo "Signing with certificate: $CERTIFICATE_NAME"
|
||||
if [ "$RUNNING_IN_CI" = "false" ] && [ -n "$CERTIFICATE_NAME" ]; then
|
||||
echo "Signing with certificate: $CERTIFICATE_NAME"
|
||||
else
|
||||
echo "Not signing locally - will be handled in CI"
|
||||
fi
|
||||
|
||||
# Clean up previous build artifacts
|
||||
rm -rf DerivedDataCache Intermediate Binaries Saved
|
||||
@ -146,8 +164,10 @@ if [ -n "$APP_PATH" ]; then
|
||||
fi
|
||||
fi
|
||||
|
||||
# Recursive signing function - signs all binary files
|
||||
function sign_recursively() {
|
||||
# Only perform signing if not in CI and certificate is available
|
||||
if [ "$RUNNING_IN_CI" = "false" ] && [ -n "$CERTIFICATE_NAME" ] && [ -n "$ENTITLEMENTS_FILE" ]; then
|
||||
# Recursive signing function - signs all binary files
|
||||
function sign_recursively() {
|
||||
local app_path="$1"
|
||||
local entitlements_file="$2"
|
||||
local certificate="$3"
|
||||
@ -250,12 +270,12 @@ function sign_recursively() {
|
||||
echo "Checking CrashReportClient specifically:"
|
||||
codesign -d --entitlements - "$crash_reporter" | grep -i "runtime\|hardened\|security"
|
||||
fi
|
||||
}
|
||||
}
|
||||
|
||||
# Check libraries and perform post-processing if needed
|
||||
echo ""
|
||||
echo "🔍 Performing comprehensive signing and hardening of all binaries..."
|
||||
|
||||
# Check libraries and perform post-processing if needed
|
||||
echo ""
|
||||
echo "🔍 Performing comprehensive signing and hardening of all binaries..."
|
||||
if [ -n "$APP_PATH" ] && [ -n "$ENTITLEMENTS_FILE" ]; then
|
||||
# Sign all binary files recursively
|
||||
sign_recursively "$APP_PATH" "$ENTITLEMENTS_FILE" "$CERTIFICATE_NAME"
|
||||
|
||||
@ -280,9 +300,15 @@ if [ -n "$APP_PATH" ] && [ -n "$ENTITLEMENTS_FILE" ]; then
|
||||
echo "xcrun notarytool submit \"$ZIP_PATH\" --apple-id \"YOUR_APPLE_ID\" --password \"APP_SPECIFIC_PASSWORD\" --team-id \"YOUR_TEAM_ID\" --wait"
|
||||
echo ""
|
||||
else
|
||||
echo "❌ App path or entitlements file not found, cannot perform comprehensive signing"
|
||||
# Skip signing locally - CI will handle it
|
||||
if [ "$RUNNING_IN_CI" = "true" ]; then
|
||||
echo "Skipping local signing - CI pipeline will handle signing and notarization"
|
||||
else
|
||||
echo "❌ Local signing skipped - certificate or entitlements file not available"
|
||||
echo "App path: $APP_PATH"
|
||||
echo "Entitlements file: $ENTITLEMENTS_FILE"
|
||||
echo "Certificate: $CERTIFICATE_NAME"
|
||||
fi
|
||||
fi
|
||||
|
||||
echo ""
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user