name: Test macOS Build Action on: workflow_dispatch: # Manual trigger only for testing push: branches: [ozgur/build] jobs: test-macos-build: runs-on: macos steps: - name: Checkout repository uses: actions/checkout@v3 with: lfs: true fetch-depth: 0 - name: Check entitlements file run: | # Check if entitlements files exist if [ -f "LuckyWorld.entitlements" ]; then echo "Using existing LuckyWorld.entitlements file" ENTITLEMENTS_FILE="LuckyWorld.entitlements" elif [ -f "LuckyRobots.entitlements" ]; then echo "Using existing LuckyRobots.entitlements file" ENTITLEMENTS_FILE="LuckyRobots.entitlements" else echo "Creating default entitlements file as LuckyWorld.entitlements" # Create entitlements file line by line instead of heredoc echo '' > LuckyWorld.entitlements echo '' >> LuckyWorld.entitlements echo '' >> LuckyWorld.entitlements echo '' >> LuckyWorld.entitlements echo ' com.apple.security.cs.allow-jit' >> LuckyWorld.entitlements echo ' ' >> LuckyWorld.entitlements echo ' com.apple.security.cs.allow-unsigned-executable-memory' >> LuckyWorld.entitlements echo ' ' >> LuckyWorld.entitlements echo ' com.apple.security.cs.disable-library-validation' >> LuckyWorld.entitlements echo ' ' >> LuckyWorld.entitlements echo ' com.apple.security.cs.allow-dyld-environment-variables' >> LuckyWorld.entitlements echo ' ' >> LuckyWorld.entitlements echo ' com.apple.security.device.audio-input' >> LuckyWorld.entitlements echo ' ' >> LuckyWorld.entitlements echo ' com.apple.security.device.camera' >> LuckyWorld.entitlements echo ' ' >> LuckyWorld.entitlements echo '' >> LuckyWorld.entitlements echo '' >> LuckyWorld.entitlements ENTITLEMENTS_FILE="LuckyWorld.entitlements" fi echo "Using entitlements file: $ENTITLEMENTS_FILE" echo "ENTITLEMENTS_FILE=$ENTITLEMENTS_FILE" >> "$GITHUB_ENV" shell: bash # Step 1: Setup environment - name: Setup environment run: | # Use the correct path where Unreal Engine is installed UE_PATH="/Users/Shared/Epic Games/UE_5.5" if [ ! -d "$UE_PATH" ]; then echo "Warning: Unreal Engine is not installed in the expected location" echo "This is expected in CI environment - continuing anyway" fi # Create directories for builds mkdir -p Builds/Mac mkdir -p PackagedReleases echo "Using Unreal Engine 5.5" # Get the working directory path for absolute paths WORKSPACE_DIR="$(pwd)" echo "WORKSPACE_DIR=$WORKSPACE_DIR" >> "$GITHUB_ENV" shell: bash # Step 2: Build for macOS - name: Build for macOS run: | if [ -f "./scripts/mac_build.sh" ]; then chmod +x ./scripts/mac_build.sh ./scripts/mac_build.sh else echo "Build script not found, skipping this step" fi shell: bash # Step 3: Try both certificate & Ad-Hoc signing - name: Prepare certificate or use Ad-Hoc signing env: CERTIFICATE_BASE64: ${{ secrets.MACOS_CERTIFICATE }} CERTIFICATE_PASSWORD: ${{ secrets.MACOS_CERTIFICATE_PWD }} APPLE_TEAM_ID: ${{ secrets.APPLE_TEAM_ID }} run: | # Debug: Print working directory and available resources echo "Current working directory: $(pwd)" # Find the app bundle to sign APP_PATHS=$(find ./Saved/StagedBuilds -type d -name "*.app" 2>/dev/null) if [ -z "$APP_PATHS" ]; then APP_PATHS=$(find ./Builds -type d -name "*.app" 2>/dev/null) fi if [ -z "$APP_PATHS" ]; then echo "ERROR: No .app bundle found to sign!" exit 1 fi # Use the first app path found (preferably the main app, not a child app) MAIN_APP_PATH=$(echo "$APP_PATHS" | grep -v "CrashReportClient" | head -1 || echo "$APP_PATHS" | head -1) APP_NAME=$(basename "$MAIN_APP_PATH") echo "Using app bundle: $MAIN_APP_PATH" echo "APP_PATH=$MAIN_APP_PATH" >> "$GITHUB_ENV" echo "APP_NAME=$APP_NAME" >> "$GITHUB_ENV" # Create a simple keychain KEYCHAIN_PASSWORD="temp$(date +%s)" KEYCHAIN_PATH="$HOME/Library/Keychains/build-temp.keychain-db" # First, try to use the provided certificate echo "Attempting to use provided certificate..." if [ -n "$CERTIFICATE_BASE64" ] && [ -n "$CERTIFICATE_PASSWORD" ]; then echo "Certificate data provided, attempting import..." # Decode certificate and check format echo "$CERTIFICATE_BASE64" | base64 --decode > temp-cert.p12 echo "Certificate file info:" file temp-cert.p12 # Create keychain security create-keychain -p "$KEYCHAIN_PASSWORD" "$KEYCHAIN_PATH" security default-keychain -s "$KEYCHAIN_PATH" security unlock-keychain -p "$KEYCHAIN_PASSWORD" "$KEYCHAIN_PATH" # Import with debugging info echo "Importing certificate into keychain..." if security import temp-cert.p12 -k "$KEYCHAIN_PATH" -P "$CERTIFICATE_PASSWORD" -T /usr/bin/codesign; then echo "Certificate imported successfully!" # Set partition list security set-key-partition-list -S apple-tool:,apple: -s -k "$KEYCHAIN_PASSWORD" "$KEYCHAIN_PATH" # Check certificate details echo "Certificate details:" security find-identity -v -p codesigning "$KEYCHAIN_PATH" # If we have a valid identity, use it if security find-identity -v -p codesigning "$KEYCHAIN_PATH" | grep -q "valid identities found"; then IDENTITY=$(security find-identity -v -p codesigning "$KEYCHAIN_PATH" | grep -o '"[^"]*"' | head -1 | sed 's/"//g') echo "Using certificate identity: $IDENTITY" echo "SIGNING_METHOD=certificate" >> "$GITHUB_ENV" echo "SIGNING_IDENTITY=$IDENTITY" >> "$GITHUB_ENV" else echo "No valid identities found in keychain" echo "SIGNING_METHOD=ad-hoc" >> "$GITHUB_ENV" fi else echo "Failed to import certificate, will use ad-hoc signing instead" echo "SIGNING_METHOD=ad-hoc" >> "$GITHUB_ENV" fi # Cleanup certificate file rm -f temp-cert.p12 else echo "Certificate data not provided, will use ad-hoc signing" echo "SIGNING_METHOD=ad-hoc" >> "$GITHUB_ENV" fi echo "KEYCHAIN_PATH=$KEYCHAIN_PATH" >> "$GITHUB_ENV" echo "KEYCHAIN_PASSWORD=$KEYCHAIN_PASSWORD" >> "$GITHUB_ENV" shell: bash # Step 4: Sign application (with certificate or ad-hoc) - name: Sign application run: | # Debug info echo "Signing app bundle: $APP_PATH" echo "Using entitlements file: $ENTITLEMENTS_FILE" echo "Signing method: $SIGNING_METHOD" if [ "$SIGNING_METHOD" = "certificate" ]; then # Certificate signing echo "Using certificate signing with identity: $SIGNING_IDENTITY" # Unlock keychain security unlock-keychain -p "$KEYCHAIN_PASSWORD" "$KEYCHAIN_PATH" # Sign the app if /usr/bin/codesign --force --options runtime --sign "$SIGNING_IDENTITY" --entitlements "$WORKSPACE_DIR/$ENTITLEMENTS_FILE" --deep --verbose "$APP_PATH"; then echo "✅ Code signing with certificate was successful" else echo "⚠️ Certificate signing failed, falling back to ad-hoc signing" /usr/bin/codesign --force --options runtime --sign - --entitlements "$WORKSPACE_DIR/$ENTITLEMENTS_FILE" --deep --verbose "$APP_PATH" fi else # Ad-hoc signing echo "Using ad-hoc signing (for testing only)" /usr/bin/codesign --force --options runtime --sign - --entitlements "$WORKSPACE_DIR/$ENTITLEMENTS_FILE" --deep --verbose "$APP_PATH" fi # Verify signature (ignore errors) echo "Verifying signature..." /usr/bin/codesign --verify --verbose "$APP_PATH" || echo "Verification errors are expected with ad-hoc signing" shell: bash # Step 5: Package macOS App - name: Package macOS App run: | echo "Packaging signed app bundle: $APP_PATH" # Create zip package (cd "$(dirname "$APP_PATH")" && zip -r "${WORKSPACE_DIR}/PackagedReleases/LuckyWorld-macOS.zip" "$(basename "$APP_PATH")") echo "Created packaged release: PackagedReleases/LuckyWorld-macOS.zip" echo "Packaged releases:" ls -la PackagedReleases/ shell: bash # Step 6: Upload macOS Build Artifact - name: Upload macOS Build Artifact uses: actions/upload-artifact@v3 if: success() with: name: LuckyWorld-macOS path: PackagedReleases/LuckyWorld-macOS.zip retention-days: 365 # Step 7: Cleanup - name: Cleanup if: always() run: | # Clean up keychain and certificates if [ -n "$KEYCHAIN_PATH" ]; then security delete-keychain "$KEYCHAIN_PATH" || true fi # Clean up certificate files rm -f certificate.p12 api_key.p8 temp-cert.p12 || true echo "Cleanup complete" shell: bash