From 22d5c1caf36838e452a9fecd1c7a6a6e1dd08396 Mon Sep 17 00:00:00 2001 From: Georg Sieber Date: Thu, 25 Apr 2024 19:27:27 +0200 Subject: [PATCH] add github action --- .github/workflows/build_packages.yml | 168 +++++++++++++++++++++++++++ installer/macos/build.sh | 20 +++- 2 files changed, 186 insertions(+), 2 deletions(-) create mode 100644 .github/workflows/build_packages.yml diff --git a/.github/workflows/build_packages.yml b/.github/workflows/build_packages.yml new file mode 100644 index 0000000..b90601a --- /dev/null +++ b/.github/workflows/build_packages.yml @@ -0,0 +1,168 @@ +name: Release with packages + +on: + workflow_dispatch: # allow manual execution + push: + tags: + - 'v*' + +jobs: + create_release_deb: # used to identify the output in other jobs + name: Create Release with Debian package + runs-on: ubuntu-latest + + permissions: + contents: write + + outputs: + upload_url: ${{ steps.create_release.outputs.upload_url }} + + steps: + - name: Checkout code + uses: actions/checkout@v3 + + - name: Install dependencies + run: | + sudo apt install -y qttools5-dev-tools qtchooser $(cat installer/deb/laps4linux-client/DEBIAN/control | grep 'Depends' | cut -d: -f2 | sed -e 's/,/ /g' | sed -r 's/\([<>=.0-9]+\)//g') $(cat installer/deb/laps4linux-runner/DEBIAN/control | grep 'Depends' | cut -d: -f2 | sed -e 's/,/ /g' | sed -r 's/\([<>=.0-9]+\)//g') + + - name: Get version name for Github release title + run: cd laps-client && echo "VERSION=Version $(python3 -c 'import laps_client; print(laps_client.__version__)')" >> $GITHUB_ENV && cd .. + + - name: Execute build + run: cd installer/deb/ && ./build.sh + + - id: create_release + name: Create Github release + uses: actions/create-release@v1 + env: + # this token is provided automatically by Actions with permissions declared above + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + with: + draft: true # create a release draft - only the master of disaster is allowed to publish it + prerelease: false + release_name: ${{ env.VERSION }} + tag_name: ${{ github.ref }} + + - name: Upload artifact + uses: actions/upload-release-asset@v1 + env: + GITHUB_TOKEN: ${{ github.token }} + with: + upload_url: ${{ steps.create_release.outputs.upload_url }} + asset_path: installer/deb/laps4linux-client.deb + asset_name: laps4linux-client.deb + asset_content_type: application/vnd.debian.binary-package + - name: Upload artifact + uses: actions/upload-release-asset@v1 + env: + GITHUB_TOKEN: ${{ github.token }} + with: + upload_url: ${{ steps.create_release.outputs.upload_url }} + asset_path: installer/deb/laps4linux-runner.deb + asset_name: laps4linux-runner.deb + asset_content_type: application/vnd.debian.binary-package + + create_pkg: + name: Create macOS package + runs-on: macos-13 + needs: create_release_deb + + permissions: + contents: write + + steps: + - name: Checkout code + uses: actions/checkout@v3 + + - name: Install Python + uses: actions/setup-python@v5 + with: + python-version: '3.8' + + - name: Importing signing certificates + run: | + # create and unlock temporary keychain + KEYCHAIN_NAME=$RUNNER_TEMP/build.keychain + KEYCHAIN_PASS=$(head -c 8 /dev/urandom | od -An -tu8 | awk '{$1=$1};1') + security create-keychain -p $KEYCHAIN_PASS $KEYCHAIN_NAME + security default-keychain -s $KEYCHAIN_NAME + security set-keychain-settings -lut 21600 $KEYCHAIN_NAME + security unlock-keychain -p $KEYCHAIN_PASS $KEYCHAIN_NAME + + # add certificate to keychain + CERT_FILE=build.p12 + echo "${{ secrets.DEVELOPER_ID_APPLICATION_CERT_BASE64 }}" | base64 --decode > $CERT_FILE + security import $CERT_FILE -k $KEYCHAIN_NAME -P "${{ secrets.DEVELOPER_ID_APPLICATION_CERT_PASSWORD }}" -T /usr/bin/codesign >/dev/null 2>&1 + rm -fr $CERT_FILE + #security find-identity -v #-p codesigning + + # enable codesigning from a non user interactive shell + security set-key-partition-list -S apple-tool:,apple: -s -k $KEYCHAIN_PASS $KEYCHAIN_NAME >/dev/null 2>&1 + + - name: Create venv, install Python packages, compile binaries + run: | + cd laps-client + python -m venv venv + venv/bin/pip3 install pyinstaller . + venv/bin/pyinstaller laps-client.macos.spec + cd .. + + - name: Execute package build + run: cd installer/macos/ && ./build.sh + env: + DEVELOPER_ACCOUNT_USERNAME: ${{ secrets.DEVELOPER_ACCOUNT_USERNAME }} + DEVELOPER_ACCOUNT_PASSWORD: ${{ secrets.DEVELOPER_ACCOUNT_PASSWORD }} + DEVELOPER_ACCOUNT_TEAM: ${{ secrets.DEVELOPER_ACCOUNT_TEAM }} + + - name: Purging signing keychain + run: | + security delete-keychain $RUNNER_TEMP/build.keychain + + - name: Upload artifact + uses: actions/upload-release-asset@v1 + env: + GITHUB_TOKEN: ${{ github.token }} + with: + upload_url: ${{ needs.create_release_deb.outputs.upload_url }} + asset_path: installer/macos/laps4linux-client.dmg + asset_name: laps4linux-client.dmg + asset_content_type: application/octet-stream + + create_exe: + name: Create Windows package + runs-on: windows-2022 + needs: create_release_deb + + permissions: + contents: write + + steps: + - name: Checkout code + uses: actions/checkout@v3 + + - name: Install Python + uses: actions/setup-python@v5 + with: + python-version: '3.8' + + - name: Create venv, install Python packages, compile binaries + run: | + cd laps-client + python -m venv venv + venv/Scripts/pip.exe install pyinstaller==5.13.2 . + venv/Scripts/pyinstaller.exe laps-client.windows.spec + cd .. + + - name: Execute package build + shell: cmd + run: cd installer\windows\ && "%programfiles(x86)%\Inno Setup 6\iscc.exe" "setup.iss" + + - name: Upload artifact + uses: actions/upload-release-asset@v1 + env: + GITHUB_TOKEN: ${{ github.token }} + with: + upload_url: ${{ needs.create_release_deb.outputs.upload_url }} + asset_path: installer/windows/laps4linux-client.exe + asset_name: laps4linux-client.exe + asset_content_type: application/vnd.microsoft.portable-executable diff --git a/installer/macos/build.sh b/installer/macos/build.sh index ce13db7..143de70 100755 --- a/installer/macos/build.sh +++ b/installer/macos/build.sh @@ -6,27 +6,35 @@ SRC_DIR="../../laps-client/dist" DMG_FILE_TMP_MOUNT="/Volumes/LAPS4LINUX" DMG_FILE_TMP="laps4linux-rw.dmg" DMG_FILE="laps4linux-client.dmg" +#DEVELOPER_ACCOUNT_USERNAME="" +#DEVELOPER_ACCOUNT_PASSWORD="" +#DEVELOPER_ACCOUNT_TEAM="" + # remove temp build folder rm -r "$SRC_DIR/LAPS4LINUX" + # check if mount point is free if [ -d "$DMG_FILE_TMP_MOUNT" ]; then echo "ERROR: $DMG_FILE_TMP_MOUNT already mounted" exit 1 fi + # create DMG with .app directory and /Applications link rm "$SRC_DIR/.DS_Store" hdiutil create -srcfolder "$SRC_DIR" -volname "LAPS4LINUX" -fs HFS+ -fsargs "-c c=64,a=16,e=16" -format UDRW "$DMG_FILE_TMP" hdiutil attach -readwrite -noverify -noautoopen "$DMG_FILE_TMP" ln -s "/Applications" "$DMG_FILE_TMP_MOUNT/Applications" + # set volume icon cp "../../assets/setup.icns" "$DMG_FILE_TMP_MOUNT/.VolumeIcon.icns" SetFile -c icnC "$DMG_FILE_TMP_MOUNT/.VolumeIcon.icns" SetFile -a C "$DMG_FILE_TMP_MOUNT" + # create final DMG sleep 1 rm -rf "$DMG_FILE_TMP_MOUNT/.fseventsd" @@ -35,10 +43,18 @@ sleep 1 hdiutil convert "$DMG_FILE_TMP" -format UDZO -o "$DMG_FILE" rm "$DMG_FILE_TMP" + # notarize (only possible with valid signature) -# preparation for this step: -# xcrun notarytool store-credentials "notarytool-password" --apple-id "..." --team-id ... +if [ "$DEVELOPER_ACCOUNT_USERNAME" != "" ] && [ "$DEVELOPER_ACCOUNT_PASSWORD" != "" ] && [ "$DEVELOPER_ACCOUNT_TEAM" != "" ]; then + echo "Store credentials for notarization ..." + xcrun notarytool store-credentials "notarytool-password" --apple-id "$DEVELOPER_ACCOUNT_USERNAME" --password "$DEVELOPER_ACCOUNT_PASSWORD" --team-id "$DEVELOPER_ACCOUNT_TEAM" +fi + echo "Notarize package ..." xcrun notarytool submit "$DMG_FILE" --wait --keychain-profile "notarytool-password" + # get logfile with additional information: # xcrun notarytool log --keychain-profile "notarytool-password" xxx-xxx-xxx-xxx developer_log.json + + +echo "Build finished"