LuckyRobots/LuckyWorld
14
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects 1 Releases 13 Wiki Activity

WIP: feat(workflows): add new build workflows for Windows, Linux, and macOS, and remove obsolete build scripts #17

Draft
m wants to merge 109 commits from ozgur/build into main
pull from: ozgur/build
merge into: LuckyRobots:main
Conversation 0 Commits 109 Files Changed 21 +56 -34
1 changed files with 56 additions and 34 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files
Showing only changes of commit c98b68281e - Show all commits

90
.gitea/workflows/test-macos-build.yml
View File

@ -90,59 +90,85 @@ jobs:
env:
CERTIFICATE_BASE64: ${{ secrets.MACOS_CERTIFICATE }}
CERTIFICATE_PASSWORD: ${{ secrets.MACOS_CERTIFICATE_PWD }}
APPLE_TEAM_ID: ${{ secrets.APPLE_TEAM_ID }}
run: |
# Debug: Print working directory
echo "Current working directory: $(pwd)"
echo "Contents of Builds directory:"
find Builds -type d | sort
# Create keychain
KEYCHAIN_PATH="${WORKSPACE_DIR}/build.keychain"
KEYCHAIN_PASSWORD="temporary"
# Check what saved builds we have
echo "Contents of Saved/StagedBuilds directory (if exists):"
find ./Saved -type d -name "*.app" 2>/dev/null || echo "No .app bundles found in Saved/"
# Create temporary directory for keychain and certificates
TEMP_DIR=$(mktemp -d)
KEYCHAIN_PATH="$TEMP_DIR/build.keychain"
KEYCHAIN_PASSWORD="temporary$(date +%s)"
echo "Creating keychain at: $KEYCHAIN_PATH"
# Create and configure keychain
security create-keychain -p "$KEYCHAIN_PASSWORD" "$KEYCHAIN_PATH"
security set-keychain-settings -lut 21600 "$KEYCHAIN_PATH"
security unlock-keychain -p "$KEYCHAIN_PASSWORD" "$KEYCHAIN_PATH"
# Set keychain search list and make it default
# Add to keychain list and make it default
security list-keychains -d user -s "$KEYCHAIN_PATH" $(security list-keychains -d user | sed s/\"//g)
security default-keychain -s "$KEYCHAIN_PATH"
# Decode and import developer certificate
echo "$CERTIFICATE_BASE64" | base64 --decode > certificate.p12
# Decode certificate to temporary directory
CERT_PATH="$TEMP_DIR/certificate.p12"
echo "$CERTIFICATE_BASE64" | base64 --decode > "$CERT_PATH"
# Import developer certificate with proper parameters
echo "Importing developer certificate..."
security import certificate.p12 -k "$KEYCHAIN_PATH" -P "$CERTIFICATE_PASSWORD" -T /usr/bin/codesign
# Import certificate with correct flags for automated use
security import "$CERT_PATH" -k "$KEYCHAIN_PATH" -P "$CERTIFICATE_PASSWORD" -A -t cert -f pkcs12
# Set partition list - important for automated signing without UI prompts
security set-key-partition-list -S apple-tool:,apple: -s -k "$KEYCHAIN_PASSWORD" "$KEYCHAIN_PATH"
# Verify certificates were imported correctly
echo "Listing imported certificates..."
# Get the certificate's Common Name and SHA-1 fingerprint for signing
echo "Listing available codesigning identities:"
security find-identity -v -p codesigning "$KEYCHAIN_PATH"
# Export keychain path and password for later use
echo "KEYCHAIN_PATH=$KEYCHAIN_PATH" >> "$GITHUB_ENV"
echo "KEYCHAIN_PASSWORD=$KEYCHAIN_PASSWORD" >> "$GITHUB_ENV"
# Get the certificate ID (SHA-1 fingerprint) - this is more reliable than using the name
CERT_ID=$(security find-identity -v -p codesigning "$KEYCHAIN_PATH" | grep -o '[0-9A-F]\{40\}' | head -1)
echo "Certificate imported to keychain"
if [ -z "$CERT_ID" ]; then
echo "⚠️ No valid signing certificate found in keychain"
exit 1
fi
echo "Using certificate ID: $CERT_ID"
echo "CERT_ID=$CERT_ID" >> "$GITHUB_ENV"
echo "KEYCHAIN_PATH=$KEYCHAIN_PATH" >> "$GITHUB_ENV"
echo "Certificate imported successfully"
shell: bash
# Step 4: Find and prep app for signing
- name: Find and prep app for signing
run: |
# Find app bundle - look everywhere
APP_PATHS=$(find . -type d -name "*.app" 2>/dev/null)
# First check Saved/StagedBuilds directory - where Unreal often places built apps
echo "Checking Saved/StagedBuilds directory..."
APP_PATHS=$(find ./Saved/StagedBuilds -type d -name "*.app" 2>/dev/null)
# If not found, check Builds directory
if [ -z "$APP_PATHS" ]; then
# No *.app extension found, look in Builds/Mac directory for any directory
APP_PATHS=$(find ./Builds/Mac -type d -mindepth 1 -maxdepth 1 2>/dev/null)
echo "Checking Builds directory..."
APP_PATHS=$(find ./Builds -type d -name "*.app" 2>/dev/null)
fi
# If still not found, check the whole workspace
if [ -z "$APP_PATHS" ]; then
echo "Checking entire workspace..."
APP_PATHS=$(find . -type d -name "*.app" -not -path "*/\.*" 2>/dev/null)
fi
if [ -z "$APP_PATHS" ]; then
echo "ERROR: Could not find any app bundles!"
echo "Listing all directories to help debug:"
find . -type d -maxdepth 3 | sort
exit 1
fi
@ -169,58 +195,54 @@ jobs:
run: |
echo "Signing app bundle: $APP_PATH"
echo "Using entitlements file: $ENTITLEMENTS_FILE"
echo "Using certificate ID: $CERT_ID"
# First sign PhysX and problematic frameworks specifically (based on forum reports)
echo "🔍 Signing PhysX and special libraries first..."
find "$APP_PATH" -type f -name "*PhysX*" -o -name "*APEX*" | while read SPECIAL_LIB; do
if [ -f "$SPECIAL_LIB" ]; then
echo "Signing special library: $SPECIAL_LIB"
/usr/bin/codesign -f -v -s "Developer ID Application: $APPLE_TEAM_ID" --options runtime --timestamp "$SPECIAL_LIB"
fi
done
# Make sure keychain is accessible
security unlock-keychain -p "$(security find-generic-password -a ${USER} -s login -w)" login.keychain
security unlock-keychain -p "temporary" "$KEYCHAIN_PATH" || true
# Sign all dylib files
echo "🔍 Signing all .dylib files..."
find "$APP_PATH" -type f -name "*.dylib" | while read DYLIB; do
echo "Signing dylib: $DYLIB"
/usr/bin/codesign -f -v -s "Developer ID Application: $APPLE_TEAM_ID" --options runtime --timestamp "$DYLIB"
codesign --force --options runtime --timestamp --sign "$CERT_ID" "$DYLIB"
done
# Sign all .so files
echo "🔍 Signing all .so files..."
find "$APP_PATH" -type f -name "*.so" | while read SO; do
echo "Signing .so: $SO"
/usr/bin/codesign -f -v -s "Developer ID Application: $APPLE_TEAM_ID" --options runtime --timestamp "$SO"
codesign --force --options runtime --timestamp --sign "$CERT_ID" "$SO"
done
# Sign all executables in frameworks
echo "🔍 Signing framework executables..."
find "$APP_PATH" -path "*.framework/*" -type f -perm +111 | while read FMWK_BIN; do
echo "Signing framework binary: $FMWK_BIN"
/usr/bin/codesign -f -v -s "Developer ID Application: $APPLE_TEAM_ID" --options runtime --timestamp "$FMWK_BIN"
codesign --force --options runtime --timestamp --sign "$CERT_ID" "$FMWK_BIN"
done
# Sign all other executables
echo "🔍 Signing other executables..."
find "$APP_PATH" -type f -perm +111 -not -path "*.framework/*" -not -name "*.dylib" -not -name "*.so" | while read EXEC; do
echo "Signing executable: $EXEC"
/usr/bin/codesign -f -v -s "Developer ID Application: $APPLE_TEAM_ID" --options runtime --timestamp "$EXEC"
codesign --force --options runtime --timestamp --sign "$CERT_ID" "$EXEC"
done
# Sign all frameworks
echo "🔍 Signing frameworks..."
find "$APP_PATH" -name "*.framework" -type d | while read FRAMEWORK; do
echo "Signing framework: $FRAMEWORK"
/usr/bin/codesign -f -v -s "Developer ID Application: $APPLE_TEAM_ID" --options runtime --timestamp "$FRAMEWORK"
codesign --force --options runtime --timestamp --sign "$CERT_ID" "$FRAMEWORK"
done
# Finally sign the app bundle itself with entitlements
echo "🔍 Signing the main app bundle with entitlements..."
/usr/bin/codesign -f -v -s "Developer ID Application: $APPLE_TEAM_ID" --entitlements "$WORKSPACE_DIR/$ENTITLEMENTS_FILE" --options runtime --deep --timestamp "$APP_PATH"
codesign --force --options runtime --deep --timestamp --verbose --sign "$CERT_ID" --entitlements "$WORKSPACE_DIR/$ENTITLEMENTS_FILE" "$APP_PATH"
# Verify signature
echo "Verifying signature..."
/usr/bin/codesign --verify --verbose "$APP_PATH"
codesign --verify --verbose "$APP_PATH"
# Use spctl to check if app is acceptable by Gatekeeper
echo "Checking if app will pass Gatekeeper validation..."