Skip to content

Update Azure codesigning action #871

Update Azure codesigning action

Update Azure codesigning action #871

Workflow file for this run

name: Build
on: [pull_request, push]
permissions:
contents: read # Fetch code (actions/checkout)
packages: write # Upload and publish packages to GitHub Packages
jobs:
build:
strategy:
fail-fast: false
matrix:
include:
- os: windows-2019
vcpkg_path: C:\mixxx-vcpkg
vcpkg_bootstrap: .\bootstrap-vcpkg.bat
vcpkg_triplet: x64-windows
vcpkg_host_triplet: x64-windows
check_disk_space: Get-PSDrive
- os: macos-11
vcpkg_path: /Users/runner/mixxx-vcpkg
vcpkg_bootstrap: ./bootstrap-vcpkg.sh
vcpkg_triplet: x64-osx-min1100
vcpkg_host_triplet: x64-osx-min1100
check_disk_space: df -h
- os: macos-11
vcpkg_path: /Users/runner/mixxx-vcpkg
vcpkg_bootstrap: ./bootstrap-vcpkg.sh
vcpkg_triplet: arm64-osx-min1100-release
vcpkg_host_triplet: x64-osx-min1100-release
check_disk_space: df -h
env:
VCPKG_DEFAULT_TRIPLET: ${{ matrix.vcpkg_triplet }}
VCPKG_DEFAULT_HOST_TRIPLET: ${{ matrix.vcpkg_host_triplet }}
DEPS_BASE_NAME: mixxx-deps
DEVELOPER_DIR: /Applications/Xcode_12.4.app/Contents/Developer
MIXXX_VERSION: 2.5
name: ${{ matrix.vcpkg_triplet }}
runs-on: ${{ matrix.os }}
steps:
- name: Check out git repository
uses: actions/checkout@v3
with:
path: mixxx-vcpkg
# Workaround for issues https://github.com/microsoft/vcpkg/issues/8272
# and https://github.com/actions/checkout/issues/197
# to keep the build path short and work around size limits on the windows runner D: drive
- name: Move checkout
run: cmake -E copy_directory ${{ github.workspace }}/mixxx-vcpkg ${{ matrix.vcpkg_path }}
- name: "Authenticate to GitHub Packages (readwrite)"
if: runner.os != 'Linux' && github.event_name == 'push' && github.repository_owner == 'mixxxdj'
shell: bash
run: |
nuget sources add -Name "mixxx-github-packages" -Source "https://nuget.pkg.github.com/mixxxdj/index.json" -UserName "${{ github.repository_owner }}" -Password "${{ secrets.GITHUB_TOKEN }}" -StorePasswordInClearText
nuget setapikey "${{ secrets.GITHUB_TOKEN }}" -Source "mixxx-github-packages"
echo "VCPKG_BINARY_SOURCES=clear;nuget,mixxx-github-packages,readwrite;" >> "${GITHUB_ENV}"
- name: "Authenticate to GitHub Packages (read only)"
if: runner.os != 'Linux' && (github.event_name == 'pull_request' || github.repository_owner != 'mixxxdj')
shell: bash
run: |
nuget sources add -Name "mixxx-github-packages" -Source "https://nuget.pkg.github.com/mixxxdj/index.json" -UserName "${{ github.repository_owner }}" -Password "${{ secrets.GITHUB_TOKEN }}" -StorePasswordInClearText
nuget setapikey "${{ secrets.GITHUB_TOKEN }}" -Source "mixxx-github-packages"
echo "VCPKG_BINARY_SOURCES=clear;nuget,mixxx-github-packages,read;" >> "${GITHUB_ENV}"
- name: Read sha_short
id: vars
shell: bash
run: echo "sha_short=$(git rev-parse --short HEAD)" >> $GITHUB_OUTPUT
working-directory: ${{ matrix.vcpkg_path }}
# update cmake to 2.29.2 to work around https://github.com/microsoft/vcpkg/issues/37968
- name: "[macOS] Set up cmake"
uses: jwlawson/[email protected]
with:
cmake-version: "3.29.2"
- name: Bootstrap vcpkg
run: ${{ matrix.vcpkg_bootstrap }}
working-directory: ${{ matrix.vcpkg_path }}
- name: "[macOS] Bootstrap vcpkg"
if: runner.os == 'macOS'
run: |
brew update && brew install nasm autoconf-archive
/bin/bash -c "sudo xcode-select --switch /Applications/Xcode_12.4.app/Contents/Developer"
xcrun --show-sdk-version
- name: Check available disk space
run: ${{ matrix.check_disk_space }}
- name: Build packages
run: ./vcpkg install --vcpkg-root=${{ matrix.vcpkg_path }} --clean-after-build --recurse --feature-flags="-compilertracking,manifests,registries,versions" --x-abi-tools-use-exact-versions
working-directory: ${{ matrix.vcpkg_path }}
- name: "[Windows] Sign release DLLs"
env:
AZURE_TENANT_ID: ${{ secrets.AZURE_TENANT_ID }}
if: runner.os == 'Windows' && env.AZURE_TENANT_ID
uses: azure/[email protected]
with:
azure-tenant-id: ${{ secrets.AZURE_TENANT_ID }}
azure-client-id: ${{ secrets.AZURE_CLIENT_ID }}
azure-client-secret: ${{ secrets.AZURE_CLIENT_SECRET }}
endpoint: https://weu.codesigning.azure.net/
code-signing-account-name: mixxx
certificate-profile-name: mixxx
files-folder: ${{ matrix.vcpkg_path }}/vcpkg_installed/${{ matrix.vcpkg_triplet }}/bin
files-folder-filter: dll
file-digest: SHA256
timestamp-rfc3161: http://timestamp.acs.microsoft.com
timestamp-digest: SHA256
timeout: 600
- name: "[Windows] Sign release plugins"
env:
AZURE_TENANT_ID: ${{ secrets.AZURE_TENANT_ID }}
if: runner.os == 'Windows' && env.AZURE_TENANT_ID
uses: azure/[email protected]
with:
azure-tenant-id: ${{ secrets.AZURE_TENANT_ID }}
azure-client-id: ${{ secrets.AZURE_CLIENT_ID }}
azure-client-secret: ${{ secrets.AZURE_CLIENT_SECRET }}
endpoint: https://weu.codesigning.azure.net/
code-signing-account-name: mixxx
certificate-profile-name: mixxx
files-folder: ${{ matrix.vcpkg_path }}/vcpkg_installed/${{ matrix.vcpkg_triplet }}/Qt6/plugins
files-folder-filter: dll
files-folder-recurse: true
file-digest: SHA256
timestamp-rfc3161: http://timestamp.acs.microsoft.com
timestamp-digest: SHA256
timeout: 600
- name: "[Windows] Sign qml DLLs"
env:
AZURE_TENANT_ID: ${{ secrets.AZURE_TENANT_ID }}
if: runner.os == 'Windows' && env.AZURE_TENANT_ID
uses: azure/[email protected]
with:
azure-tenant-id: ${{ secrets.AZURE_TENANT_ID }}
azure-client-id: ${{ secrets.AZURE_CLIENT_ID }}
azure-client-secret: ${{ secrets.AZURE_CLIENT_SECRET }}
endpoint: https://weu.codesigning.azure.net/
code-signing-account-name: mixxx
certificate-profile-name: mixxx
files-folder: ${{ matrix.vcpkg_path }}/vcpkg_installed/${{ matrix.vcpkg_triplet }}/Qt6/qml
files-folder-filter: dll
files-folder-recurse: true
file-digest: SHA256
timestamp-rfc3161: http://timestamp.acs.microsoft.com
timestamp-digest: SHA256
timeout: 600
- name: Upload GitHub Actions artifacts of build logs
if: always()
uses: actions/upload-artifact@v3
with:
name: logs-${{ matrix.vcpkg_triplet }}
path: ${{ matrix.vcpkg_path }}/buildtrees/**/*.log
- name: Create buildenv archive
run: ./vcpkg export --vcpkg-root=${{ matrix.vcpkg_path }} --x-all-installed --zip --output=${{ env.DEPS_BASE_NAME }}-${{ env.MIXXX_VERSION }}-${{ matrix.vcpkg_triplet }}-${{ steps.vars.outputs.sha_short }} --output-dir=${{ matrix.vcpkg_path }}
working-directory: ${{ matrix.vcpkg_path }}
- name: "[Windows] Install additional tools"
if: runner.os == 'Windows' && env.SSH_PASSWORD != null
env:
SSH_PASSWORD: ${{ secrets.DOWNLOADS_HOSTGATOR_DOT_MIXXX_DOT_ORG_KEY_PASSWORD }}
run: |
$Env:PATH="C:\msys64\usr\bin;$Env:PATH"
pacman -S --noconfirm coreutils bash rsync openssh
Add-Content -Path "$Env:GITHUB_ENV" -Value "PATH=$Env:PATH"
- name: "Upload build to downloads.mixxx.org"
if: github.event_name == 'push' && env.SSH_PASSWORD != null
run: bash .github/deploy.sh ${{ env.DEPS_BASE_NAME }}-${{ env.MIXXX_VERSION }}-${{ matrix.vcpkg_triplet }}-${{ steps.vars.outputs.sha_short }}.zip
working-directory: ${{ matrix.vcpkg_path }}
env:
DESTDIR: public_html/downloads/dependencies
OS: ${{ runner.os }}
SSH_AUTH_SOCK: /tmp/ssh_agent.sock
SSH_HOST: downloads-hostgator.mixxx.org
SSH_KEY: ${{ secrets.DOWNLOADS_HOSTGATOR_DOT_MIXXX_DOT_ORG_KEY }}
SSH_PASSWORD: ${{ secrets.DOWNLOADS_HOSTGATOR_DOT_MIXXX_DOT_ORG_KEY_PASSWORD }}
SSH_USER: mixxx
UPLOAD_ID: ${{ github.run_id }}
- name: Upload GitHub Actions artifacts
uses: actions/upload-artifact@v3
with:
name: ${{ env.DEPS_BASE_NAME }}-${{ env.MIXXX_VERSION }}-${{ matrix.vcpkg_triplet }}-${{ steps.vars.outputs.sha_short }}
path: ${{ matrix.vcpkg_path }}/${{ env.DEPS_BASE_NAME }}-${{ env.MIXXX_VERSION }}-${{ matrix.vcpkg_triplet }}-${{ steps.vars.outputs.sha_short }}.zip
# Workaround for https://github.com/actions/cache/issues/531
- name: Use system tar & zstd from Chocolatey for caching
shell: bash
run: |
echo "C:/Windows/System32;C:/ProgramData/Chocolatey/bin" >> $GITHUB_PATH