LuckyRobots/LuckyWorld
15
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects 1 Releases 13 Wiki Activity

WIP: feat(workflows): add new build workflows for Windows, Linux, and macOS, and remove obsolete build scripts #17

Draft
m wants to merge 141 commits from ozgur/build into main
pull from: ozgur/build
merge into: LuckyRobots:main
Conversation 0 Commits 141 Files Changed 24 +56 -34
1 changed files with 56 additions and 34 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files
Showing only changes of commit c98b68281e - Show all commits

90
.gitea/workflows/test-macos-build.yml
View File

@ -90,59 +90,85 @@ jobs:
env: env:
CERTIFICATE_BASE64: ${{ secrets.MACOS_CERTIFICATE }} CERTIFICATE_BASE64: ${{ secrets.MACOS_CERTIFICATE }}
CERTIFICATE_PASSWORD: ${{ secrets.MACOS_CERTIFICATE_PWD }} CERTIFICATE_PASSWORD: ${{ secrets.MACOS_CERTIFICATE_PWD }}
APPLE_TEAM_ID: ${{ secrets.APPLE_TEAM_ID }}
run: | run: |
# Debug: Print working directory # Debug: Print working directory
echo "Current working directory: $(pwd)" echo "Current working directory: $(pwd)"
echo "Contents of Builds directory:" echo "Contents of Builds directory:"
find Builds -type d | sort find Builds -type d | sort
# Create keychain # Check what saved builds we have
KEYCHAIN_PATH="${WORKSPACE_DIR}/build.keychain" echo "Contents of Saved/StagedBuilds directory (if exists):"
KEYCHAIN_PASSWORD="temporary" find ./Saved -type d -name "*.app" 2>/dev/null || echo "No .app bundles found in Saved/"
# Create temporary directory for keychain and certificates
TEMP_DIR=$(mktemp -d)
KEYCHAIN_PATH="$TEMP_DIR/build.keychain"
KEYCHAIN_PASSWORD="temporary$(date +%s)"
echo "Creating keychain at: $KEYCHAIN_PATH"
# Create and configure keychain # Create and configure keychain
security create-keychain -p "$KEYCHAIN_PASSWORD" "$KEYCHAIN_PATH" security create-keychain -p "$KEYCHAIN_PASSWORD" "$KEYCHAIN_PATH"
security set-keychain-settings -lut 21600 "$KEYCHAIN_PATH" security set-keychain-settings -lut 21600 "$KEYCHAIN_PATH"
security unlock-keychain -p "$KEYCHAIN_PASSWORD" "$KEYCHAIN_PATH" security unlock-keychain -p "$KEYCHAIN_PASSWORD" "$KEYCHAIN_PATH"
# Set keychain search list and make it default # Add to keychain list and make it default
security list-keychains -d user -s "$KEYCHAIN_PATH" $(security list-keychains -d user | sed s/\"//g) security list-keychains -d user -s "$KEYCHAIN_PATH" $(security list-keychains -d user | sed s/\"//g)
security default-keychain -s "$KEYCHAIN_PATH" security default-keychain -s "$KEYCHAIN_PATH"
# Decode and import developer certificate # Decode certificate to temporary directory
echo "$CERTIFICATE_BASE64" | base64 --decode > certificate.p12 CERT_PATH="$TEMP_DIR/certificate.p12"
echo "$CERTIFICATE_BASE64" | base64 --decode > "$CERT_PATH"
# Import developer certificate with proper parameters # Import certificate with correct flags for automated use
echo "Importing developer certificate..." security import "$CERT_PATH" -k "$KEYCHAIN_PATH" -P "$CERTIFICATE_PASSWORD" -A -t cert -f pkcs12
security import certificate.p12 -k "$KEYCHAIN_PATH" -P "$CERTIFICATE_PASSWORD" -T /usr/bin/codesign
# Set partition list - important for automated signing without UI prompts # Set partition list - important for automated signing without UI prompts
security set-key-partition-list -S apple-tool:,apple: -s -k "$KEYCHAIN_PASSWORD" "$KEYCHAIN_PATH" security set-key-partition-list -S apple-tool:,apple: -s -k "$KEYCHAIN_PASSWORD" "$KEYCHAIN_PATH"
# Verify certificates were imported correctly # Get the certificate's Common Name and SHA-1 fingerprint for signing
echo "Listing imported certificates..." echo "Listing available codesigning identities:"
security find-identity -v -p codesigning "$KEYCHAIN_PATH" security find-identity -v -p codesigning "$KEYCHAIN_PATH"
# Export keychain path and password for later use # Get the certificate ID (SHA-1 fingerprint) - this is more reliable than using the name
echo "KEYCHAIN_PATH=$KEYCHAIN_PATH" >> "$GITHUB_ENV" CERT_ID=$(security find-identity -v -p codesigning "$KEYCHAIN_PATH" | grep -o '[0-9A-F]\{40\}' | head -1)
echo "KEYCHAIN_PASSWORD=$KEYCHAIN_PASSWORD" >> "$GITHUB_ENV"
echo "Certificate imported to keychain" if [ -z "$CERT_ID" ]; then
echo "⚠️ No valid signing certificate found in keychain"
exit 1
fi
echo "Using certificate ID: $CERT_ID"
echo "CERT_ID=$CERT_ID" >> "$GITHUB_ENV"
echo "KEYCHAIN_PATH=$KEYCHAIN_PATH" >> "$GITHUB_ENV"
echo "Certificate imported successfully"
shell: bash shell: bash
# Step 4: Find and prep app for signing # Step 4: Find and prep app for signing
- name: Find and prep app for signing - name: Find and prep app for signing
run: | run: |
# Find app bundle - look everywhere # First check Saved/StagedBuilds directory - where Unreal often places built apps
APP_PATHS=$(find . -type d -name "*.app" 2>/dev/null) echo "Checking Saved/StagedBuilds directory..."
APP_PATHS=$(find ./Saved/StagedBuilds -type d -name "*.app" 2>/dev/null)
# If not found, check Builds directory
if [ -z "$APP_PATHS" ]; then if [ -z "$APP_PATHS" ]; then
# No *.app extension found, look in Builds/Mac directory for any directory echo "Checking Builds directory..."
APP_PATHS=$(find ./Builds/Mac -type d -mindepth 1 -maxdepth 1 2>/dev/null) APP_PATHS=$(find ./Builds -type d -name "*.app" 2>/dev/null)
fi
# If still not found, check the whole workspace
if [ -z "$APP_PATHS" ]; then
echo "Checking entire workspace..."
APP_PATHS=$(find . -type d -name "*.app" -not -path "*/\.*" 2>/dev/null)
fi fi
if [ -z "$APP_PATHS" ]; then if [ -z "$APP_PATHS" ]; then
echo "ERROR: Could not find any app bundles!" echo "ERROR: Could not find any app bundles!"
echo "Listing all directories to help debug:"
find . -type d -maxdepth 3 | sort
exit 1 exit 1
fi fi
@ -169,58 +195,54 @@ jobs:
run: | run: |
echo "Signing app bundle: $APP_PATH" echo "Signing app bundle: $APP_PATH"
echo "Using entitlements file: $ENTITLEMENTS_FILE" echo "Using entitlements file: $ENTITLEMENTS_FILE"
echo "Using certificate ID: $CERT_ID"
# First sign PhysX and problematic frameworks specifically (based on forum reports) # Make sure keychain is accessible
echo "🔍 Signing PhysX and special libraries first..." security unlock-keychain -p "$(security find-generic-password -a ${USER} -s login -w)" login.keychain
find "$APP_PATH" -type f -name "*PhysX*" -o -name "*APEX*" | while read SPECIAL_LIB; do security unlock-keychain -p "temporary" "$KEYCHAIN_PATH" || true
if [ -f "$SPECIAL_LIB" ]; then
echo "Signing special library: $SPECIAL_LIB"
/usr/bin/codesign -f -v -s "Developer ID Application: $APPLE_TEAM_ID" --options runtime --timestamp "$SPECIAL_LIB"
fi
done
# Sign all dylib files # Sign all dylib files
echo "🔍 Signing all .dylib files..." echo "🔍 Signing all .dylib files..."
find "$APP_PATH" -type f -name "*.dylib" | while read DYLIB; do find "$APP_PATH" -type f -name "*.dylib" | while read DYLIB; do
echo "Signing dylib: $DYLIB" echo "Signing dylib: $DYLIB"
/usr/bin/codesign -f -v -s "Developer ID Application: $APPLE_TEAM_ID" --options runtime --timestamp "$DYLIB" codesign --force --options runtime --timestamp --sign "$CERT_ID" "$DYLIB"
done done
# Sign all .so files # Sign all .so files
echo "🔍 Signing all .so files..." echo "🔍 Signing all .so files..."
find "$APP_PATH" -type f -name "*.so" | while read SO; do find "$APP_PATH" -type f -name "*.so" | while read SO; do
echo "Signing .so: $SO" echo "Signing .so: $SO"
/usr/bin/codesign -f -v -s "Developer ID Application: $APPLE_TEAM_ID" --options runtime --timestamp "$SO" codesign --force --options runtime --timestamp --sign "$CERT_ID" "$SO"
done done
# Sign all executables in frameworks # Sign all executables in frameworks
echo "🔍 Signing framework executables..." echo "🔍 Signing framework executables..."
find "$APP_PATH" -path "*.framework/*" -type f -perm +111 | while read FMWK_BIN; do find "$APP_PATH" -path "*.framework/*" -type f -perm +111 | while read FMWK_BIN; do
echo "Signing framework binary: $FMWK_BIN" echo "Signing framework binary: $FMWK_BIN"
/usr/bin/codesign -f -v -s "Developer ID Application: $APPLE_TEAM_ID" --options runtime --timestamp "$FMWK_BIN" codesign --force --options runtime --timestamp --sign "$CERT_ID" "$FMWK_BIN"
done done
# Sign all other executables # Sign all other executables
echo "🔍 Signing other executables..." echo "🔍 Signing other executables..."
find "$APP_PATH" -type f -perm +111 -not -path "*.framework/*" -not -name "*.dylib" -not -name "*.so" | while read EXEC; do find "$APP_PATH" -type f -perm +111 -not -path "*.framework/*" -not -name "*.dylib" -not -name "*.so" | while read EXEC; do
echo "Signing executable: $EXEC" echo "Signing executable: $EXEC"
/usr/bin/codesign -f -v -s "Developer ID Application: $APPLE_TEAM_ID" --options runtime --timestamp "$EXEC" codesign --force --options runtime --timestamp --sign "$CERT_ID" "$EXEC"
done done
# Sign all frameworks # Sign all frameworks
echo "🔍 Signing frameworks..." echo "🔍 Signing frameworks..."
find "$APP_PATH" -name "*.framework" -type d | while read FRAMEWORK; do find "$APP_PATH" -name "*.framework" -type d | while read FRAMEWORK; do
echo "Signing framework: $FRAMEWORK" echo "Signing framework: $FRAMEWORK"
/usr/bin/codesign -f -v -s "Developer ID Application: $APPLE_TEAM_ID" --options runtime --timestamp "$FRAMEWORK" codesign --force --options runtime --timestamp --sign "$CERT_ID" "$FRAMEWORK"
done done
# Finally sign the app bundle itself with entitlements # Finally sign the app bundle itself with entitlements
echo "🔍 Signing the main app bundle with entitlements..." echo "🔍 Signing the main app bundle with entitlements..."
/usr/bin/codesign -f -v -s "Developer ID Application: $APPLE_TEAM_ID" --entitlements "$WORKSPACE_DIR/$ENTITLEMENTS_FILE" --options runtime --deep --timestamp "$APP_PATH" codesign --force --options runtime --deep --timestamp --verbose --sign "$CERT_ID" --entitlements "$WORKSPACE_DIR/$ENTITLEMENTS_FILE" "$APP_PATH"
# Verify signature # Verify signature
echo "Verifying signature..." echo "Verifying signature..."
/usr/bin/codesign --verify --verbose "$APP_PATH" codesign --verify --verbose "$APP_PATH"
# Use spctl to check if app is acceptable by Gatekeeper # Use spctl to check if app is acceptable by Gatekeeper
echo "Checking if app will pass Gatekeeper validation..." echo "Checking if app will pass Gatekeeper validation..."