LuckyRobots/LuckyWorld
14
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects 1 Releases 13 Wiki Activity
LuckyWorld/.gitea/workflows/test-macos-build.yml
Ozgur Ersoy 574a17e357
All checks were successful
Test macOS Build Action / test-macos-build (push) Successful in 46m3s
Details
fix(actions): enhance macOS notarization script with verification steps and DMG package creation
2025-04-14 23:43:42 +02:00

227 lines
9.8 KiB
YAML
Raw Blame History

name: Test macOS Build Action
on:
workflow_dispatch: # Manual trigger only for testing
push:
branches: [ozgur/build]
jobs:
test-macos-build:
runs-on: macos
steps:
- name: Checkout repository
uses: actions/checkout@v3
with:
lfs: true
fetch-depth: 0
# Setup environment for build
- name: Setup environment
run: |
# Get the working directory path for absolute paths
WORKSPACE_DIR="$(pwd)"
echo "WORKSPACE_DIR=$WORKSPACE_DIR" >> "$GITHUB_ENV"
echo "ENTITLEMENTS_FILE=LuckyWorld.entitlements" >> "$GITHUB_ENV"
# Set CI environment variable to true for build script
echo "CI=true" >> "$GITHUB_ENV"
# Create directories for builds
mkdir -p Builds/Mac
mkdir -p PackagedReleases
echo "Environment setup complete"
shell: bash
# Set correct bundle identifier before build
- name: Set bundle identifier
run: |
# Set the correct bundle identifier in DefaultGame.ini if it exists
CONFIG_FILE="Config/DefaultGame.ini"
if [ -f "$CONFIG_FILE" ]; then
# Check if section exists or add it
if grep -q "\[/Script/MacTargetPlatform\.MacTargetSettings\]" "$CONFIG_FILE"; then
# Section exists, update the setting
sed -i '' 's/BundleIdentifier=.*/BundleIdentifier=com.luckyrobots.luckyworld/g' "$CONFIG_FILE"
else
# Section doesn't exist, add it
echo "" >> "$CONFIG_FILE"
echo "[/Script/MacTargetPlatform.MacTargetSettings]" >> "$CONFIG_FILE"
echo "BundleIdentifier=com.luckyrobots.luckyworld" >> "$CONFIG_FILE"
fi
echo "Updated bundle ID in project config"
fi
# Set the constant bundle ID for the workflow
echo "BUNDLE_ID=com.luckyrobots.luckyworld" >> "$GITHUB_ENV"
shell: bash
# Build for macOS - use your own build script or create a test app if needed
- name: Build for macOS
run: |
if [ -f "./scripts/mac_build.sh" ]; then
chmod +x ./scripts/mac_build.sh
# Set CI environment variable explicitly before running
export CI=true
./scripts/mac_build.sh
else
echo "ERROR: Build script not found at ./scripts/mac_build.sh"
exit 1
fi
shell: bash
# Find the app bundle
- name: Find app bundle
run: |
# First check Saved/StagedBuilds directory - where Unreal often places built apps
echo "Checking Saved/StagedBuilds directory..."
APP_PATHS=$(find ./Saved/StagedBuilds -type d -name "*.app" 2>/dev/null)
# If not found, check Builds directory
if [ -z "$APP_PATHS" ]; then
echo "Checking Builds directory..."
APP_PATHS=$(find ./Builds -type d -name "*.app" 2>/dev/null)
fi
# If still not found, check the whole workspace
if [ -z "$APP_PATHS" ]; then
echo "Checking entire workspace..."
APP_PATHS=$(find . -type d -name "*.app" -not -path "*/\.*" 2>/dev/null)
fi
if [ -z "$APP_PATHS" ]; then
echo "ERROR: Could not find any app bundles!"
echo "Listing all directories to help debug:"
find . -type d -maxdepth 3 | sort
exit 1
fi
echo "Found potential app bundles:"
echo "$APP_PATHS"
# Use the first app path found (preferably the main app, not a child app)
MAIN_APP_PATH=$(echo "$APP_PATHS" | grep -v "CrashReportClient" | head -1 || echo "$APP_PATHS" | head -1)
echo "Using app bundle: $MAIN_APP_PATH"
echo "APP_PATH=$MAIN_APP_PATH" >> "$GITHUB_ENV"
# Make sure app exists - using local variable
if [ ! -d "$MAIN_APP_PATH" ]; then
echo "ERROR: App bundle not found at $MAIN_APP_PATH!"
exit 1
fi
# Export APP_PATH for next steps to use
echo "APP_PATH=$MAIN_APP_PATH" >> "$GITHUB_ENV"
# Fix bundle ID in Info.plist before signing
if [ -f "$MAIN_APP_PATH/Contents/Info.plist" ]; then
echo "Setting bundle identifier to $BUNDLE_ID"
/usr/libexec/PlistBuddy -c "Set :CFBundleIdentifier $BUNDLE_ID" "$MAIN_APP_PATH/Contents/Info.plist"
echo "Updated bundle ID in Info.plist: $(/usr/libexec/PlistBuddy -c "Print :CFBundleIdentifier" "$MAIN_APP_PATH/Contents/Info.plist")"
else
echo "WARNING: Could not find Info.plist in app bundle."
fi
# Find and repair nested app bundles as well (like CrashReportClient.app)
NESTED_APPS=$(find "$MAIN_APP_PATH" -name "*.app" -type d)
if [ -n "$NESTED_APPS" ]; then
echo "Found nested app bundles, fixing their bundle IDs:"
echo "$NESTED_APPS" | while read -r NESTED_APP; do
if [ -f "$NESTED_APP/Contents/Info.plist" ]; then
NESTED_NAME=$(basename "$NESTED_APP" .app)
NESTED_BUNDLE_ID="$BUNDLE_ID.$NESTED_NAME"
echo "Setting nested bundle ID to $NESTED_BUNDLE_ID for $NESTED_APP"
/usr/libexec/PlistBuddy -c "Set :CFBundleIdentifier $NESTED_BUNDLE_ID" "$NESTED_APP/Contents/Info.plist"
fi
done
fi
shell: bash
# Fix common issues that may cause notarization failure
- name: Fix common issues for notarization
run: |
echo "🛠️ Fixing common issues that may cause notarization failure..."
APP_PATH="${{ env.APP_PATH }}"
# Remove get-task-allow entitlement from Info.plist files
echo "Checking for get-task-allow entitlement..."
find "$APP_PATH" -name "*.plist" -exec plutil -convert xml1 {} \; -exec grep -l "get-task-allow" {} \; | while read -r plist_file; do
echo "Removing get-task-allow from $plist_file"
/usr/libexec/PlistBuddy -c "Delete :com.apple.security.get-task-allow" "$plist_file" 2>/dev/null || true
done
# Check for problematic libraries that cause issues
echo "Looking for problematic files..."
PROBLEM_FILES=$(find "$APP_PATH" -type f -name "*.dylib" | grep -i "boost\|tbb\|ogg\|vorbis\|onnx")
if [ -n "$PROBLEM_FILES" ]; then
echo "Found potentially problematic libraries. These will be carefully handled during signing:"
echo "$PROBLEM_FILES" | head -10
if [ $(echo "$PROBLEM_FILES" | wc -l) -gt 10 ]; then
echo "... and $(echo "$PROBLEM_FILES" | wc -l) more"
fi
fi
# Verify CrashReportClient specifically
CRASH_REPORTER=$(find "$APP_PATH" -path "*CrashReportClient.app*" -type d | head -1)
if [ -n "$CRASH_REPORTER" ]; then
echo "Found CrashReportClient at $CRASH_REPORTER"
if [ -f "$CRASH_REPORTER/Contents/Info.plist" ]; then
# Ensure it has the correct bundle ID format
CRASH_BUNDLE_ID="$BUNDLE_ID.CrashReportClient"
echo "Setting CrashReportClient bundle ID to $CRASH_BUNDLE_ID"
/usr/libexec/PlistBuddy -c "Set :CFBundleIdentifier $CRASH_BUNDLE_ID" "$CRASH_REPORTER/Contents/Info.plist"
fi
fi
shell: bash
# Use the macos-notarize action to sign and notarize the app
- name: Sign and Notarize macOS App
uses: ./.gitea/actions/macos-notarize
id: sign-and-notarize
with:
app-path: ${{ env.APP_PATH }}
entitlements-file: ${{ env.ENTITLEMENTS_FILE }}
team-id: ${{ secrets.APPLE_TEAM_ID }}
certificate-base64: ${{ secrets.MACOS_CERTIFICATE }}
certificate-password: ${{ secrets.MACOS_CERTIFICATE_PWD }}
notarization-method: 'api-key'
notary-api-key-id: ${{ secrets.NOTARY_API_KEY_ID }}
notary-api-key-issuer-id: ${{ secrets.NOTARY_API_KEY_ISSUER_ID }}
notary-api-key-path: ${{ secrets.NOTARY_API_KEY_PATH }}
bundle-id: ${{ env.BUNDLE_ID }}
fallback-to-adhoc: 'false'
# Upload signed app if available
- name: Upload Signed App
uses: actions/upload-artifact@v3
if: steps.sign-and-notarize.outputs.signed != 'none'
with:
name: ${{ steps.sign-and-notarize.outputs.notarized == 'true' && 'LuckyWorld-macOS-Signed-Notarized' || 'LuckyWorld-macOS-Signed' }}
path: ${{ steps.sign-and-notarize.outputs.package-path }}
retention-days: 30
# Upload ZIP package if DMG was created (as a backup)
- name: Upload ZIP Package
uses: actions/upload-artifact@v3
if: steps.sign-and-notarize.outputs.signed != 'none' && steps.sign-and-notarize.outputs.zip-package-path != ''
with:
name: ${{ steps.sign-and-notarize.outputs.notarized == 'true' && 'LuckyWorld-macOS-Signed-Notarized-ZIP' || 'LuckyWorld-macOS-Signed-ZIP' }}
path: ${{ steps.sign-and-notarize.outputs.zip-package-path }}
retention-days: 30
# Report results
- name: Report Results
run: |
echo "🔐 App signing: ${{ steps.sign-and-notarize.outputs.signed }}"
echo "🔏 App notarization: ${{ steps.sign-and-notarize.outputs.notarized }}"
if [ "${{ steps.sign-and-notarize.outputs.signed }}" != "none" ]; then
echo "✅ Packaging completed successfully!"
echo "Final package: ${{ steps.sign-and-notarize.outputs.package-path }}"
else
echo "⚠️ App was not signed - check the logs for details"
fi
shell: bash
Reference in New Issue View Git Blame Copy Permalink