diff --git a/.github/workflows/autobuild.yml b/.github/workflows/autobuild.yml index 0457d6ae31..c9cb430352 100644 --- a/.github/workflows/autobuild.yml +++ b/.github/workflows/autobuild.yml @@ -21,7 +21,7 @@ on: inputs: build_all_targets: type: boolean - description: 'Build all targets (instead of just the main platforms)' + description: "Build all targets (instead of just the main platforms)" push: tags: - "r*" @@ -32,63 +32,63 @@ on: # We also need main here to trigger builds on PR merge to main and manual pushes (e.g. as part of the release process): - "main" paths-ignore: - - '**README.md' - - 'docs/**' - - 'SECURITY.md' - - 'CONTRIBUTING.md' - - 'COMPILING.md' - - 'COPYING' - - 'APPLEAPPSTORE.LICENCE.WAIVER' - - '.github/ISSUE_TEMPLATE/*' - - '.github/pull_request_template.md' + - "**README.md" + - "docs/**" + - "SECURITY.md" + - "CONTRIBUTING.md" + - "COMPILING.md" + - "COPYING" + - "APPLEAPPSTORE.LICENCE.WAIVER" + - ".github/ISSUE_TEMPLATE/*" + - ".github/pull_request_template.md" pull_request: branches: - main paths-ignore: - - '**README.md' - - 'docs/**' - - 'SECURITY.md' - - 'CONTRIBUTING.md' - - 'COMPILING.md' - - 'COPYING' - - 'APPLEAPPSTORE.LICENCE.WAIVER' - - '.github/ISSUE_TEMPLATE/*' - - '.github/pull_request_template.md' - -name: Auto-Build -permissions: {} + - "**README.md" + - "docs/**" + - "SECURITY.md" + - "CONTRIBUTING.md" + - "COMPILING.md" + - "COPYING" + - "APPLEAPPSTORE.LICENCE.WAIVER" + - ".github/ISSUE_TEMPLATE/*" + - ".github/pull_request_template.md" + +name: Auto-Build +permissions: {} jobs: create_release: # Check if we are doing a release or just a normal build. # This must be done before actually building the app to find out where to upload the binaries and if we need to create a Github release. - name: Build vars & Github release (if required) - runs-on: ubuntu-24.04-arm + name: Build vars & Github release (if required) + runs-on: ubuntu-24.04-arm outputs: - publish_to_release: ${{ steps.get-build-vars.outputs.PUBLISH_TO_RELEASE }} - tag_name: ${{ steps.get-build-vars.outputs.RELEASE_TAG }} - build_version: ${{ steps.get-build-vars.outputs.BUILD_VERSION }} - build_all_targets: ${{ steps.decide-build-targets.outputs.build_all_targets }} + publish_to_release: ${{ steps.get-build-vars.outputs.PUBLISH_TO_RELEASE }} + tag_name: ${{ steps.get-build-vars.outputs.RELEASE_TAG }} + build_version: ${{ steps.get-build-vars.outputs.BUILD_VERSION }} + build_all_targets: ${{ steps.decide-build-targets.outputs.build_all_targets }} env: - release_changelog_path: ./.github_release_changelog.md + release_changelog_path: ./.github_release_changelog.md # Set permissions. We need write permissions to content for creating/removing the release permissions: - contents: write + contents: write steps: - - name: Checkout code - uses: actions/checkout@v6 + - name: Checkout code + uses: actions/checkout@v6 - - name: Determine release version, type and prerelease variables - run: ./.github/autobuild/get_build_vars.py - id: get-build-vars + - name: Determine release version, type and prerelease variables + run: ./.github/autobuild/get_build_vars.py + id: get-build-vars - - name: Extract Changelog for the Github release body - if: steps.get-build-vars.outputs.PUBLISH_TO_RELEASE == 'true' - run: ./.github/autobuild/extractVersionChangelog.pl ChangeLog ${{ steps.get-build-vars.outputs.JAMULUS_PRO_VERSION }} > ${{ env.release_changelog_path }} + - name: Extract Changelog for the Github release body + if: steps.get-build-vars.outputs.PUBLISH_TO_RELEASE == 'true' + run: ./.github/autobuild/extractVersionChangelog.pl ChangeLog ${{ steps.get-build-vars.outputs.JAMULUS_PRO_VERSION }} > ${{ env.release_changelog_path }} - - name: Create/Recreate Release ${{steps.get-build-vars.outputs.RELEASE_TAG}} ${{steps.get-build-vars.outputs.RELEASE_TITLE}} - if: steps.get-build-vars.outputs.PUBLISH_TO_RELEASE == 'true' - id: create-release - run: | + - name: Create/Recreate Release ${{steps.get-build-vars.outputs.RELEASE_TAG}} ${{steps.get-build-vars.outputs.RELEASE_TITLE}} + if: steps.get-build-vars.outputs.PUBLISH_TO_RELEASE == 'true' + id: create-release + run: | set -eu # delete release if existing @@ -102,21 +102,21 @@ jobs: gh release create "${tag_name}" --title "${release_name}" --notes-file "${body_path}" ${RELEASE_PRERELEASE_ARG} env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - tag_name: ${{ steps.get-build-vars.outputs.RELEASE_TAG }} - release_name: ${{ steps.get-build-vars.outputs.RELEASE_TITLE }} - body_path: ${{ env.release_changelog_path }} - prerelease: ${{ steps.get-build-vars.outputs.IS_PRERELEASE }} - - - name: Decide which targets to build for - id: decide-build-targets + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + tag_name: ${{ steps.get-build-vars.outputs.RELEASE_TAG }} + release_name: ${{ steps.get-build-vars.outputs.RELEASE_TITLE }} + body_path: ${{ env.release_changelog_path }} + prerelease: ${{ steps.get-build-vars.outputs.IS_PRERELEASE }} + + - name: Decide which targets to build for + id: decide-build-targets env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - INPUT_BUILD_ALL_TARGETS: ${{ github.event.inputs.build_all_targets }} - PR_NUMBER: ${{ github.event.number }} - PR_BASE: ${{ github.event.pull_request.base.sha }} - PR_HEAD: ${{ github.event.pull_request.head.sha }} - run: | + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + INPUT_BUILD_ALL_TARGETS: ${{ github.event.inputs.build_all_targets }} + PR_NUMBER: ${{ github.event.number }} + PR_BASE: ${{ github.event.pull_request.base.sha }} + PR_HEAD: ${{ github.event.pull_request.head.sha }} + run: | set -eu build_all_targets() { echo "build_all_targets=${1}" >> $GITHUB_OUTPUT @@ -178,96 +178,95 @@ jobs: echo 'default case, not building all targets' build_all_targets 'false' - release_assets: - name: Build for ${{ matrix.config.config_name }} - needs: create_release + name: Build for ${{ matrix.config.config_name }} + needs: create_release # Set permissions to allow uploading artifact, uploading to release and allowing CodeQl to set security events permissions: - checks: write - contents: write - security-events: write + checks: write + contents: write + security-events: write strategy: - fail-fast: false + fail-fast: false matrix: # Think of this like a foreach loop. Basically runs the steps with every combination of # the contents of this. config: - - config_name: Android .apk (artifact+codeQL) - target_os: android - building_on_os: ubuntu-22.04 - base_command: ./.github/autobuild/android.sh - run_codeql: true - is_main_build_target: true + - config_name: Android .apk (artifact+codeQL) + target_os: android + building_on_os: ubuntu-22.04 + base_command: ./.github/autobuild/android.sh + run_codeql: true + is_main_build_target: true # Jamulus.pro needs to count git history length for android versioning: - checkout_fetch_depth: '0' - - - config_name: Linux .deb amd64 (artifacts+codeQL) - target_os: linux - building_on_os: ubuntu-22.04 - building_container: ubuntu:20.04 - base_command: ./.github/autobuild/linux_deb.sh - run_codeql: true - is_main_build_target: true - - - config_name: Linux .deb armhf (artifacts) - target_os: linux - building_on_os: ubuntu-22.04-arm - building_container: ubuntu:20.04 - base_command: TARGET_ARCH=armhf ./.github/autobuild/linux_deb.sh - run_codeql: false - - - config_name: Linux .deb arm64 (artifacts) - target_os: linux - building_on_os: ubuntu-22.04-arm - building_container: ubuntu:20.04 - base_command: TARGET_ARCH=arm64 ./.github/autobuild/linux_deb.sh - run_codeql: false - - - config_name: MacOS (artifacts) - target_os: macos - building_on_os: macos-15 - base_command: QT_VERSION=6.10.1 SIGN_IF_POSSIBLE=1 TARGET_ARCHS="x86_64 arm64" ./.github/autobuild/mac.sh + checkout_fetch_depth: "0" + + - config_name: Linux .deb amd64 (artifacts+codeQL) + target_os: linux + building_on_os: ubuntu-22.04 + building_container: ubuntu:20.04 + base_command: ./.github/autobuild/linux_deb.sh + run_codeql: true + is_main_build_target: true + + - config_name: Linux .deb armhf (artifacts) + target_os: linux + building_on_os: ubuntu-22.04-arm + building_container: ubuntu:20.04 + base_command: TARGET_ARCH=armhf ./.github/autobuild/linux_deb.sh + run_codeql: false + + - config_name: Linux .deb arm64 (artifacts) + target_os: linux + building_on_os: ubuntu-22.04-arm + building_container: ubuntu:20.04 + base_command: TARGET_ARCH=arm64 ./.github/autobuild/linux_deb.sh + run_codeql: false + + - config_name: MacOS (artifacts) + target_os: macos + building_on_os: macos-15 + base_command: QT_VERSION=6.10.1 SIGN_IF_POSSIBLE=1 TARGET_ARCHS="x86_64 arm64" ./.github/autobuild/mac.sh # Disable CodeQL on mac as it interferes with signing the binaries (signing hangs, see #2563 and #2564) - run_codeql: false - xcode_version: 16.3.0 - is_main_build_target: true + run_codeql: false + xcode_version: 16.3.0 + is_main_build_target: true # Reminder: If Legacy is removed, be sure to add a dedicated job for CodeQL again. - - config_name: MacOS Legacy (artifacts+CodeQL) - target_os: macos - building_on_os: macos-15-intel - base_command: QT_VERSION=5.15.2 SIGN_IF_POSSIBLE=0 ARTIFACT_SUFFIX=_legacy ./.github/autobuild/mac.sh + - config_name: MacOS Legacy (artifacts+CodeQL) + target_os: macos + building_on_os: macos-15-intel + base_command: QT_VERSION=5.15.2 SIGN_IF_POSSIBLE=0 ARTIFACT_SUFFIX=_legacy ./.github/autobuild/mac.sh # Enable CodeQL on mac legacy as this version does not get signed - run_codeql: true + run_codeql: true # macos-15-intel ships with Xcode 16.x; while Qt5 is older, Xcode 16 still supports building it # https://developer.apple.com/support/xcode/ # https://xcodereleases.com/ - xcode_version: 16.3.0 - is_main_build_target: true + xcode_version: 16.3.0 + is_main_build_target: true - - config_name: iOS (artifacts) - target_os: ios - building_on_os: macos-15 - base_command: QT_VERSION=6.7.3 ./.github/autobuild/ios.sh + - config_name: iOS (artifacts) + target_os: ios + building_on_os: macos-15 + base_command: QT_VERSION=5.15.2 ./.github/autobuild/ios.sh # Build failed with CodeQL enabled when last tested 03/2022 (#2490). # There are no hints that iOS is supposed to be supported by CodeQL. # Therefore, disable it: - run_codeql: false - xcode_version: 16.3.0 - - - config_name: Windows (artifact+codeQL) - target_os: windows - building_on_os: windows-2022 - base_command: powershell .\.github\autobuild\windows.ps1 -Stage - run_codeql: true - is_main_build_target: true - - - config_name: Windows JACK (artifact) - target_os: windows - building_on_os: windows-2022 - base_command: powershell .\.github\autobuild\windows.ps1 -BuildOption jackonwindows -Stage - run_codeql: false + run_codeql: false + xcode_version: 16.3.0 + + - config_name: Windows (artifact+codeQL) + target_os: windows + building_on_os: windows-2022 + base_command: powershell .\.github\autobuild\windows.ps1 -Stage + run_codeql: true + is_main_build_target: true + + - config_name: Windows JACK (artifact) + target_os: windows + building_on_os: windows-2022 + base_command: powershell .\.github\autobuild\windows.ps1 -BuildOption jackonwindows -Stage + run_codeql: false # This injects the build_all_targets information into each matrix output: build_all_targets: @@ -275,22 +274,22 @@ jobs: # Exclude all non-main build targets if we are not building for all targets: exclude: - - build_all_targets: 'false' # This is based on a script output and is therefore a string + - build_all_targets: "false" # This is based on a script output and is therefore a string config: is_main_build_target: null - runs-on: ${{ matrix.config.building_on_os }} - container: ${{ matrix.config.building_container }} + runs-on: ${{ matrix.config.building_on_os }} + container: ${{ matrix.config.building_container }} steps: - - name: Select Xcode version for Mac - if: matrix.config.target_os == 'macos' || matrix.config.target_os == 'ios' - uses: maxim-lobanov/setup-xcode@60606e260d2fc5762a71e64e74b2174e8ea3c8bd + - name: Select Xcode version for Mac + if: matrix.config.target_os == 'macos' || matrix.config.target_os == 'ios' + uses: maxim-lobanov/setup-xcode@60606e260d2fc5762a71e64e74b2174e8ea3c8bd with: - xcode-version: ${{ matrix.config.xcode_version }} + xcode-version: ${{ matrix.config.xcode_version }} - - name: Set up base dependencies in container environment - if: matrix.config.building_container == 'ubuntu:20.04' - run: | + - name: Set up base dependencies in container environment + if: matrix.config.building_container == 'ubuntu:20.04' + run: | set -eu apt-get -qq update apt-get install -y software-properties-common sudo curl @@ -307,25 +306,25 @@ jobs: # https://github.com/actions/checkout/issues/766 git config --global --add safe.directory "${GITHUB_WORKSPACE}" - - name: Checkout code - uses: actions/checkout@v6 + - name: Checkout code + uses: actions/checkout@v6 with: # only Android needs the oboe submodule, so don't fetch it for other builds - submodules: ${{ matrix.config.target_os == 'android' }} - fetch-depth: ${{ matrix.config.checkout_fetch_depth || '1' }} + submodules: ${{ matrix.config.target_os == 'android' }} + fetch-depth: ${{ matrix.config.checkout_fetch_depth || '1' }} - - name: Cache Mac dependencies - if: matrix.config.target_os == 'macos' - uses: actions/cache@v5 + - name: Cache Mac dependencies + if: matrix.config.target_os == 'macos' + uses: actions/cache@v5 with: path: | ~/qt ~/Library/Cache/jamulus-dependencies - key: ${{ matrix.config.target_os }}-${{ hashFiles('.github/workflows/autobuild.yml', '.github/autobuild/mac.sh', 'mac/deploy_mac.sh') }}-${{ matrix.config.base_command }} + key: ${{ matrix.config.target_os }}-${{ hashFiles('.github/workflows/autobuild.yml', '.github/autobuild/mac.sh', 'mac/deploy_mac.sh') }}-${{ matrix.config.base_command }} - - name: Cache Windows dependencies - if: matrix.config.target_os == 'windows' - uses: actions/cache@v5 + - name: Cache Windows dependencies + if: matrix.config.target_os == 'windows' + uses: actions/cache@v5 with: path: | C:\Qt @@ -333,129 +332,129 @@ jobs: C:\AutobuildCache ${{ github.workspace }}\libs\NSIS\NSIS-source ${{ github.workspace }}\libs\ASIOSDK2 - key: ${{ matrix.config.target_os }}-${{ hashFiles('.github/workflows/autobuild.yml', '.github/autobuild/windows.ps1', 'windows/deploy_windows.ps1') }}-${{ matrix.config.base_command }} + key: ${{ matrix.config.target_os }}-${{ hashFiles('.github/workflows/autobuild.yml', '.github/autobuild/windows.ps1', 'windows/deploy_windows.ps1') }}-${{ matrix.config.base_command }} - - name: Cache Android dependencies - if: matrix.config.target_os == 'android' - uses: actions/cache@v5 + - name: Cache Android dependencies + if: matrix.config.target_os == 'android' + uses: actions/cache@v5 with: path: | /opt/Qt /opt/android/android-sdk /opt/android/android-ndk - key: ${{ matrix.config.target_os }}-${{ hashFiles('.github/workflows/autobuild.yml', '.github/autobuild/android.sh') }}-${{ matrix.config.base_command }} + key: ${{ matrix.config.target_os }}-${{ hashFiles('.github/workflows/autobuild.yml', '.github/autobuild/android.sh') }}-${{ matrix.config.base_command }} - - name: Set up build dependencies for ${{ matrix.config.config_name }} - run: ${{ matrix.config.base_command }} setup + - name: Set up build dependencies for ${{ matrix.config.config_name }} + run: ${{ matrix.config.base_command }} setup env: - JAMULUS_BUILD_VERSION: ${{ needs.create_release.outputs.build_version }} + JAMULUS_BUILD_VERSION: ${{ needs.create_release.outputs.build_version }} - - name: Initialize CodeQL - if: matrix.config.run_codeql - uses: github/codeql-action/init@v4 + - name: Initialize CodeQL + if: matrix.config.run_codeql + uses: github/codeql-action/init@v4 with: - languages: 'cpp' + languages: "cpp" - - name: Build for ${{ matrix.config.config_name }} - id: build - run: ${{ matrix.config.base_command }} build + - name: Build for ${{ matrix.config.config_name }} + id: build + run: ${{ matrix.config.base_command }} build env: - JAMULUS_BUILD_VERSION: ${{ needs.create_release.outputs.build_version }} - MACOS_CERTIFICATE: ${{ secrets.MACOS_CERT }} # Base64 encoded Developer ID Application certificate. See https://help.apple.com/xcode/mac/current/#/dev154b28f09 - MACOS_CERTIFICATE_PWD: ${{ secrets.MACOS_CERT_PWD }} # Password protecting secrets.MACOS_CERTIFICATE - MACOS_CERTIFICATE_ID: ${{ secrets.MACOS_CERT_ID }} # Certificate ID of secrets.MACOS_CERTIFICATE. If unknown, import secrets.MACOS_CERT into keychain and get the hash via "security find-identity -v" - MAC_STORE_APP_CERT: ${{ secrets.MACAPP_CERT }} # Base64 encoded Mac App Distribution certificate - MAC_STORE_APP_CERT_PWD: ${{ secrets.MACAPP_CERT_PWD }} - MAC_STORE_APP_CERT_ID: ${{ secrets.MACAPP_CERT_ID }} - MAC_STORE_INST_CERT: ${{ secrets.MACAPP_INST_CERT }} # Base64 encoded Mac Installer Distribution certificate - MAC_STORE_INST_CERT_PWD: ${{ secrets.MACAPP_INST_CERT_PWD }} - MAC_STORE_INST_CERT_ID: ${{ secrets.MACAPP_INST_CERT_ID }} - NOTARIZATION_PASSWORD: ${{ secrets.NOTARIZATION_PASSWORD }} - KEYCHAIN_PASSWORD: ${{ secrets.KEYCHAIN_PASSWORD }} - MACOS_CA_PUBLICKEY: ${{ secrets.MACOS_CA_PUBKEY }} - - name: Post-Build for ${{ matrix.config.config_name }} - id: get-artifacts - run: ${{ matrix.config.base_command }} get-artifacts + JAMULUS_BUILD_VERSION: ${{ needs.create_release.outputs.build_version }} + MACOS_CERTIFICATE: ${{ secrets.MACOS_CERT }} # Base64 encoded Developer ID Application certificate. See https://help.apple.com/xcode/mac/current/#/dev154b28f09 + MACOS_CERTIFICATE_PWD: ${{ secrets.MACOS_CERT_PWD }} # Password protecting secrets.MACOS_CERTIFICATE + MACOS_CERTIFICATE_ID: ${{ secrets.MACOS_CERT_ID }} # Certificate ID of secrets.MACOS_CERTIFICATE. If unknown, import secrets.MACOS_CERT into keychain and get the hash via "security find-identity -v" + MAC_STORE_APP_CERT: ${{ secrets.MACAPP_CERT }} # Base64 encoded Mac App Distribution certificate + MAC_STORE_APP_CERT_PWD: ${{ secrets.MACAPP_CERT_PWD }} + MAC_STORE_APP_CERT_ID: ${{ secrets.MACAPP_CERT_ID }} + MAC_STORE_INST_CERT: ${{ secrets.MACAPP_INST_CERT }} # Base64 encoded Mac Installer Distribution certificate + MAC_STORE_INST_CERT_PWD: ${{ secrets.MACAPP_INST_CERT_PWD }} + MAC_STORE_INST_CERT_ID: ${{ secrets.MACAPP_INST_CERT_ID }} + NOTARIZATION_PASSWORD: ${{ secrets.NOTARIZATION_PASSWORD }} + KEYCHAIN_PASSWORD: ${{ secrets.KEYCHAIN_PASSWORD }} + MACOS_CA_PUBLICKEY: ${{ secrets.MACOS_CA_PUBKEY }} + - name: Post-Build for ${{ matrix.config.config_name }} + id: get-artifacts + run: ${{ matrix.config.base_command }} get-artifacts env: - JAMULUS_BUILD_VERSION: ${{ needs.create_release.outputs.build_version }} + JAMULUS_BUILD_VERSION: ${{ needs.create_release.outputs.build_version }} - - name: Upload Artifact 1 to Job + - name: Upload Artifact 1 to Job # Every build job has at least one artifact. Therefore, no `if` here. # If the artifact is missing, this should fail. - uses: actions/upload-artifact@v6 + uses: actions/upload-artifact@v6 with: - name: ${{ steps.get-artifacts.outputs.artifact_1 }} - path: deploy/${{ steps.get-artifacts.outputs.artifact_1 }} - retention-days: 31 - if-no-files-found: error - - - name: Upload Artifact 2 to Job - if: steps.get-artifacts.outputs.artifact_2 - uses: actions/upload-artifact@v6 + name: ${{ steps.get-artifacts.outputs.artifact_1 }} + path: deploy/${{ steps.get-artifacts.outputs.artifact_1 }} + retention-days: 31 + if-no-files-found: error + + - name: Upload Artifact 2 to Job + if: steps.get-artifacts.outputs.artifact_2 + uses: actions/upload-artifact@v6 with: - name: ${{ steps.get-artifacts.outputs.artifact_2 }} - path: deploy/${{ steps.get-artifacts.outputs.artifact_2 }} - retention-days: 31 - if-no-files-found: error - - - name: Notarize macOS Release Build - if: >- - steps.build.outputs.macos_signed == 'true' && - needs.create_release.outputs.publish_to_release == 'true' && - steps.build.outputs.macos_notarize == 'true' - id: notarize-macOS-app - run: ${{ matrix.config.base_command }} notarize + name: ${{ steps.get-artifacts.outputs.artifact_2 }} + path: deploy/${{ steps.get-artifacts.outputs.artifact_2 }} + retention-days: 31 + if-no-files-found: error + + - name: Notarize macOS Release Build + if: >- + steps.build.outputs.macos_signed == 'true' && + needs.create_release.outputs.publish_to_release == 'true' && + steps.build.outputs.macos_notarize == 'true' + id: notarize-macOS-app + run: ${{ matrix.config.base_command }} notarize env: - JAMULUS_BUILD_VERSION: ${{ needs.create_release.outputs.build_version }} - ARTIFACT_PATH: deploy/${{ steps.get-artifacts.outputs.artifact_1 }} - NOTARIZATION_USERNAME: ${{ secrets.NOTARIZATION_USERNAME }} # Apple ID for notarization - NOTARIZATION_PASSWORD: ${{ secrets.NOTARIZATION_PASSWORD }} # App specific password for Apple ID - APPLE_TEAM_ID: ${{ secrets.NOTARIZATION_TEAM_ID }} # Team ID from App Store Connect - - - name: Staple macOS Release Build - if: >- - steps.build.outputs.macos_signed == 'true' && - needs.create_release.outputs.publish_to_release == 'true' && - steps.build.outputs.macos_notarize == 'true' - id: staple-macOS-app - run: ${{ matrix.config.base_command }} staple + JAMULUS_BUILD_VERSION: ${{ needs.create_release.outputs.build_version }} + ARTIFACT_PATH: deploy/${{ steps.get-artifacts.outputs.artifact_1 }} + NOTARIZATION_USERNAME: ${{ secrets.NOTARIZATION_USERNAME }} # Apple ID for notarization + NOTARIZATION_PASSWORD: ${{ secrets.NOTARIZATION_PASSWORD }} # App specific password for Apple ID + APPLE_TEAM_ID: ${{ secrets.NOTARIZATION_TEAM_ID }} # Team ID from App Store Connect + + - name: Staple macOS Release Build + if: >- + steps.build.outputs.macos_signed == 'true' && + needs.create_release.outputs.publish_to_release == 'true' && + steps.build.outputs.macos_notarize == 'true' + id: staple-macOS-app + run: ${{ matrix.config.base_command }} staple env: - JAMULUS_BUILD_VERSION: ${{ needs.create_release.outputs.build_version }} - ARTIFACT_PATH: deploy/${{ steps.get-artifacts.outputs.artifact_1 }} + JAMULUS_BUILD_VERSION: ${{ needs.create_release.outputs.build_version }} + ARTIFACT_PATH: deploy/${{ steps.get-artifacts.outputs.artifact_1 }} - - name: Deploy Artifact 1 to Release - if: needs.create_release.outputs.publish_to_release == 'true' - id: upload-release-asset1 - run: > + - name: Deploy Artifact 1 to Release + if: needs.create_release.outputs.publish_to_release == 'true' + id: upload-release-asset1 + run: > gh release upload "${{ needs.create_release.outputs.tag_name }}" "deploy/${{ steps.get-artifacts.outputs.artifact_1 }}" --clobber env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - - name: Deploy Artifact 2 to Release - if: needs.create_release.outputs.publish_to_release == 'true' && - steps.get-artifacts.outputs.artifact_2 - id: upload-release-asset2 - run: > + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + - name: Deploy Artifact 2 to Release + if: needs.create_release.outputs.publish_to_release == 'true' && + steps.get-artifacts.outputs.artifact_2 + id: upload-release-asset2 + run: > gh release upload "${{ needs.create_release.outputs.tag_name }}" "deploy/${{ steps.get-artifacts.outputs.artifact_2 }}" --clobber env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - - name: Perform CodeQL Analysis - if: matrix.config.run_codeql - uses: github/codeql-action/analyze@v4 + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + - name: Perform CodeQL Analysis + if: matrix.config.run_codeql + uses: github/codeql-action/analyze@v4 create_deb_repo: - name: Create files for .deb repository (if requested) - runs-on: ubuntu-22.04 - needs: [create_release, release_assets] - if: needs.create_release.outputs.publish_to_release == 'true' + name: Create files for .deb repository (if requested) + runs-on: ubuntu-22.04 + needs: [create_release, release_assets] + if: needs.create_release.outputs.publish_to_release == 'true' # Set permissions to allow uploading artifact, uploading to release permissions: - checks: write - contents: write + checks: write + contents: write steps: - - name: Import GPG key + - name: Import GPG key env: - GPG_PRIVATE_KEY: ${{ secrets.GPG_PRIVATE_KEY }} - run: | + GPG_PRIVATE_KEY: ${{ secrets.GPG_PRIVATE_KEY }} + run: | set -eu [[ "${GPG_PRIVATE_KEY:-}" ]] || { @@ -469,14 +468,14 @@ jobs: chmod 700 gpghome echo "${GPG_PRIVATE_KEY}" | gpg --homedir gpghome --import - # Unfortunately download-artifact action doesn't support wild card downloads. Thus downloading all artifacts - - name: Download all artifacts - if: env.GPG_REPO_KEY_MISSING == 'false' - uses: actions/download-artifact@v7 + - name: Download all artifacts + if: env.GPG_REPO_KEY_MISSING == 'false' + uses: actions/download-artifact@v7 with: - path: releasedl/ - - name: Create Debian repository - if: env.GPG_REPO_KEY_MISSING == 'false' - run: | + path: releasedl/ + - name: Create Debian repository + if: env.GPG_REPO_KEY_MISSING == 'false' + run: | set -eu # Create and cd into repo directory @@ -494,10 +493,9 @@ jobs: rm *.deb popd - - name: Upload Debian repository files to release - if: env.GPG_REPO_KEY_MISSING == 'false' + - name: Upload Debian repository files to release + if: env.GPG_REPO_KEY_MISSING == 'false' env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - run: | + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + run: | gh release upload "${{ needs.create_release.outputs.tag_name }}" "repo/InRelease" "repo/key.asc" "repo/Packages" "repo/Release" --clobber -R "${{ github.repository}}" - diff --git a/ios/deploy_ios.sh b/ios/deploy_ios.sh index c5c150b17d..e31a6ffcbb 100755 --- a/ios/deploy_ios.sh +++ b/ios/deploy_ios.sh @@ -4,8 +4,12 @@ set -eu -o pipefail ## Builds an ipa file for iOS. Should be run from the repo-root # Create Xcode file and build -qmake -spec macx-xcode Jamulus.pro -/usr/bin/xcodebuild -project Jamulus.xcodeproj -scheme Jamulus -configuration Release clean archive -archivePath "build/Jamulus.xcarchive" CODE_SIGN_IDENTITY="" CODE_SIGNING_REQUIRED=NO CODE_SIGNING_ALLOWED=NO CODE_SIGN_ENTITLEMENTS="" +qmake -v +qmake Jamulus.pro -spec macx-xcode +#echo "Running preparation scripts..." +make -f Jamulus.xcodeproj/qt_makeqmake.mak +make -f Jamulus.xcodeproj/qt_preprocess.mak +/usr/bin/xcodebuild -destination generic/platform=iOS -project Jamulus.xcodeproj -scheme Jamulus -configuration Release clean archive -archivePath "build/Jamulus.xcarchive" CODE_SIGN_IDENTITY="" CODE_SIGNING_REQUIRED=NO CODE_SIGNING_ALLOWED=NO CODE_SIGN_ENTITLEMENTS="" # Generate ipa by copying the .app file from the xcarchive directory mkdir build/Payload @@ -15,4 +19,4 @@ zip -0 -y -r Jamulus.ipa Payload/ # Make a deploy folder and copy file mkdir ../deploy -mv Jamulus.ipa ../deploy +mv Jamulus.ipa ../deploy \ No newline at end of file