Skip to content

Iterating on github actions def sux #336

Iterating on github actions def sux

Iterating on github actions def sux #336

Workflow file for this run

name: Pamplejuce
on:
workflow_dispatch: # lets you run a build from the UI
push:
# When pushing new commits, cancel any running builds on that branch
concurrency:
group: ${{ github.ref }}
cancel-in-progress: true
env:
BUILD_TYPE: Release
BUILD_DIR: Builds
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
DISPLAY: :0 # linux pluginval needs this
CMAKE_BUILD_PARALLEL_LEVEL: 3 # Use up to 3 cpus to build juceaide, etc
HOMEBREW_NO_INSTALL_CLEANUP: 1
# jobs are run in paralell on different machines
# all steps run in series
jobs:
build_and_test:
name: ${{ matrix.name }}
runs-on: ${{ matrix.os }}
strategy:
fail-fast: false # show all errors for each platform (vs. cancel jobs on error)
matrix:
include:
- name: Linux
os: ubuntu-22.04
pluginval-binary: ./pluginval
- name: macOS
os: macos-12
pluginval-binary: pluginval.app/Contents/MacOS/pluginval
- name: Windows
os: windows-latest
pluginval-binary: ./pluginval.exe
steps:
# This is just easier than debugging different compilers on different platforms
- name: Set up Clang
if: ${{ matrix.name != 'macOS' }}
uses: egor-tensin/setup-clang@v1
# This also starts up our "fake" display Xvfb, needed for pluginval
- name: Install JUCE's Linux Deps
if: runner.os == 'Linux'
# Thanks to McMartin & co https://forum.juce.com/t/list-of-juce-dependencies-under-linux/15121/44
run: |
sudo apt-get update && sudo apt install libasound2-dev libx11-dev libxinerama-dev libxext-dev libfreetype6-dev libwebkit2gtk-4.0-dev libglu1-mesa-dev xvfb ninja-build
# downgrade gcc to workaround 22.04 and C++20 issue
# see: https://github.com/actions/runner-images/issues/8659
sudo apt-get install -y --allow-downgrades libc6=2.35-0ubuntu3.5 libc6-dev=2.35-0ubuntu3.5 libstdc++6=12.3.0-1ubuntu1~22.04 libgcc-s1=12.3.0-1ubuntu1~22.04
sudo /usr/bin/Xvfb $DISPLAY &
- name: Cache IPP (Windows)
if: runner.os == 'Windows'
id: cache-ipp
uses: actions/cache@v3
with:
key: ipp-v4
path: C:\Program Files (x86)\Intel
- name: Install IPP (Windows)
if: (runner.os == 'Windows') && (steps.cache-ipp.outputs.cache-hit != 'true')
shell: bash
run: |
curl --output oneapi.exe https://registrationcenter-download.intel.com/akdlm/IRC_NAS/8d158661-ca8f-4e66-b5ea-3e0b3d00836a/w_ipp_oneapi_p_2021.10.1.15_offline.exe
./oneapi.exe -s -x -f oneapi
./oneapi/bootstrapper.exe -s -c --action install --components=intel.oneapi.win.ipp.devel --eula=accept -p=NEED_VS2022_INTEGRATION=1 --log-dir=.
- name: Save IPP cache (even on CI fail)
if: runner.os == 'Windows' && (steps.cache-ipp.outputs.cache-hit != 'true')
uses: actions/cache/save@v3
with:
path: C:\Program Files (x86)\Intel
key: ipp-v4
- name: setvars for CMake
if: runner.os == 'Windows'
shell: bash
run: |
/c/Program\ Files\ \(x86\)/Intel/oneAPI/setvars-vcvarsall.bat
- name: Install Ninja (Windows)
if: runner.os == 'Windows'
shell: bash
run: choco install ninja
- name: Install macOS Deps
if: ${{ matrix.name == 'macOS' }}
run: brew install ninja osxutils
- name: Checkout code
uses: actions/checkout@v3
with:
submodules: true # Get JUCE populated
- name: Cache the build
uses: mozilla-actions/[email protected]
- name: Import Certificates (macOS)
uses: apple-actions/import-codesign-certs@v2 # only exists as a tag right now
if: ${{ matrix.name == 'macOS' }}
with:
p12-file-base64: ${{ secrets.DEV_ID_APP_CERT }}
p12-password: ${{ secrets.DEV_ID_APP_PASSWORD }}
- name: Configure
shell: bash
run: cmake -B ${{ env.BUILD_DIR }} -G Ninja -DCMAKE_BUILD_TYPE=${{ env.BUILD_TYPE}} -DCMAKE_C_COMPILER_LAUNCHER=${{ matrix.ccache }} -DCMAKE_CXX_COMPILER_LAUNCHER=${{ matrix.ccache }} -DCMAKE_OSX_ARCHITECTURES="arm64;x86_64" .
- name: Build
shell: bash
run: cmake --build ${{ env.BUILD_DIR }} --config ${{ env.BUILD_TYPE }} --parallel 4
- name: Test
working-directory: ${{ env.BUILD_DIR }}
run: ctest --output-on-failure -j4 -VV
- name: Read in .env from CMake # see GitHubENV.cmake
shell: bash
run: |
cat .env # show us the config
cat .env >> $GITHUB_ENV # pull in our PRODUCT_NAME, etc
- name: Set additional env vars for next steps
shell: bash
run: |
ARTIFACTS_PATH=${{ env.BUILD_DIR }}/${{ env.PROJECT_NAME }}_artefacts/${{ env.BUILD_TYPE }}
echo "ARTIFACTS_PATH=$ARTIFACTS_PATH" >> $GITHUB_ENV
echo "VST3_PATH=$ARTIFACTS_PATH/VST3/${{ env.PRODUCT_NAME }}.vst3" >> $GITHUB_ENV
echo "AU_PATH=$ARTIFACTS_PATH/AU/${{ env.PRODUCT_NAME }}.component" >> $GITHUB_ENV
echo "AUV3_PATH=$ARTIFACTS_PATH/AUv3/${{ env.PRODUCT_NAME }}.appex" >> $GITHUB_ENV
echo "STANDALONE_PATH=$ARTIFACTS_PATH/Standalone/${{ env.PRODUCT_NAME }}.app" >> $GITHUB_ENV
echo "ARTIFACT_NAME=${{ env.PRODUCT_NAME }}-${{ env.VERSION }}-${{ matrix.name }}" >> $GITHUB_ENV
- name: Pluginval
shell: bash
run: |
curl -LO "https://github.com/Tracktion/pluginval/releases/download/v1.0.3/pluginval_${{ matrix.name }}.zip"
7z x pluginval_${{ matrix.name }}.zip
${{ matrix.pluginval-binary }} --strictness-level 10 --verbose --validate "${{ env.VST3_PATH }}"
- name: Codesign (macOS)
if: ${{ matrix.name == 'macOS' }}
run: |
# Each plugin must be code signed
codesign --force -s "${{ secrets.DEVELOPER_ID_APPLICATION}}" -v "${{ env.VST3_PATH }}" --deep --strict --options=runtime --timestamp
codesign --force -s "${{ secrets.DEVELOPER_ID_APPLICATION}}" -v "${{ env.AU_PATH }}" --deep --strict --options=runtime --timestamp
codesign --force -s "${{ secrets.DEVELOPER_ID_APPLICATION}}" -v "${{ env.STANDALONE_PATH }}" --deep --strict --options=runtime --timestamp
- name: Add Custom Icons (macOS)
if: ${{ matrix.name == 'macOS' }}
run: |
# add the icns as its own icon resource (meta!)
sips -i packaging/pamplejuce.icns
# Grab the resource, put in tempfile
DeRez -only icns packaging/pamplejuce.icns > /tmp/icons
# Stuff the resource into the strange Icon? file's resource fork
Rez -a /tmp/icons -o "${{ env.VST3_PATH }}/Icon"$'\r'
Rez -a /tmp/icons -o "${{ env.AU_PATH }}/Icon"$'\r'
# Set custom icon attribute
SetFile -a C "${{ env.VST3_PATH }}"
SetFile -a C "${{ env.AU_PATH }}"
- name: Create DMG, Notarize and Staple (macOS)
if: ${{ matrix.name == 'macOS' }}
run: |
# workaround for https://github.com/LinusU/node-appdmg/issues/234
python3 -m pip install setuptools
npm install -g appdmg
mkdir -p packaging/dmg
# Create directories for the dmg symlinks
sudo mkdir -m 755 -p /Library/Audio/Plug-Ins/Components && sudo mkdir -m 755 -p /Library/Audio/Plug-Ins/VST3
ln -s /Library/Audio/Plug-Ins/Components "packaging/dmg/Your Mac's Component folder"
ln -s /Library/Audio/Plug-Ins/VST3 "packaging/dmg/Your Mac's VST3 folder"
mv "${{ env.VST3_PATH }}" packaging/dmg
mv "${{ env.AU_PATH }}" packaging/dmg
mv "${{ env.STANDALONE_PATH }}" packaging/dmg
# Run appdmg to create the .dmg
cd packaging && appdmg dmg.json "${{ env.ARTIFACT_NAME}}.dmg"
codesign -s "${{ secrets.DEVELOPER_ID_APPLICATION}}" --timestamp -i ${{ env.BUNDLE_ID }} --force "${{ env.ARTIFACT_NAME }}.dmg"
xcrun notarytool submit "${{ env.ARTIFACT_NAME }}.dmg" --apple-id ${{ secrets.NOTARIZATION_USERNAME }} --password ${{ secrets.NOTARIZATION_PASSWORD }} --team-id ${{ secrets.TEAM_ID }} --wait
xcrun stapler staple "${{ env.ARTIFACT_NAME }}.dmg"
- name: Zip
if: ${{ matrix.name == 'Linux' }}
working-directory: ${{ env.ARTIFACTS_PATH }}
run: 7z a -tzip "${{ env.ARTIFACT_NAME }}.zip" .
- name: Generate Installer and Sign with EV cert on Azure (Windows)
if: ${{ matrix.name == 'Windows' }}
shell: bash
run: |
iscc "packaging\installer.iss"
mv "packaging/Output/${{ env.ARTIFACT_NAME }}.exe" "${{ env.ARTIFACTS_PATH }}/"
dotnet tool install --global AzureSignTool
AzureSignTool sign -kvu "${{ secrets.AZURE_KEY_VAULT_URI }}" -kvi "${{ secrets.AZURE_CLIENT_ID }}" -kvt "${{ secrets.AZURE_TENANT_ID }}" -kvs "${{ secrets.AZURE_CLIENT_SECRET }}" -kvc ${{ secrets.AZURE_CERT_NAME }} -tr http://timestamp.digicert.com -v "${{ env.ARTIFACTS_PATH }}/${{ env.ARTIFACT_NAME }}.exe"
- name: Upload Exe (Windows)
if: ${{ matrix.name == 'Windows' }}
uses: actions/upload-artifact@v3
with:
name: ${{ env.ARTIFACT_NAME }}.exe
path: '${{ env.ARTIFACTS_PATH }}/${{ env.ARTIFACT_NAME }}.exe'
- name: Upload Zip (Linux)
if: ${{ matrix.name == 'Linux' }}
uses: actions/upload-artifact@v3
with:
name: ${{ env.ARTIFACT_NAME }}.zip
path: '${{ env.ARTIFACTS_PATH }}/${{ env.ARTIFACT_NAME }}.zip'
- name: Upload DMG (MacOS)
if: ${{ matrix.name == 'macOS' }}
uses: actions/upload-artifact@v3
with:
name: ${{ env.ARTIFACT_NAME }}.dmg
path: packaging/${{ env.ARTIFACT_NAME }}.dmg
release:
if: contains(github.ref, 'tags/v')
runs-on: ubuntu-latest
needs: build_and_test
steps:
- name: Get Artifacts
uses: actions/download-artifact@v3
- name: Create Release
uses: softprops/action-gh-release@v1
with:
prerelease: true
# download-artifact puts these files in their own dirs...
# Using globs sidesteps having to pass the version around
files: |
*/*.exe
*/*.zip
*/*.dmg