try to fix binding #33
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Build TR2X and the installer (macOS) | |
| on: | |
| workflow_call: | |
| inputs: | |
| target: | |
| type: string | |
| description: "Target to build for" | |
| required: true | |
| let_mac_fail: | |
| type: boolean | |
| description: "Do not require Mac builds to pass" | |
| required: false | |
| default: false | |
| push: | |
| branches: | |
| - macos-tr2 | |
| env: | |
| C_INCLUDE_PATH: /opt/local/include/uthash/:/opt/local/include/ | |
| jobs: | |
| build: | |
| name: Build release assets (mac) | |
| runs-on: macos-14 | |
| continue-on-error: ${{ inputs.let_mac_fail == true || inputs.let_mac_fail == 'true' }} | |
| steps: | |
| - name: Set up signing certificate | |
| env: | |
| MACOS_KEYCHAIN_PWD: ${{ secrets.MACOS_KEYCHAIN_PWD }} | |
| MACOS_CERTIFICATE: ${{ secrets.MACOS_CERTIFICATE }} | |
| MACOS_CERTIFICATE_PWD: ${{ secrets.MACOS_CERTIFICATE_PWD }} | |
| run: | | |
| CERTIFICATE_PATH=$RUNNER_TEMP/build_certificate.p12 | |
| KEYCHAIN_PATH=$RUNNER_TEMP/app-signing.keychain-db | |
| echo -n "$MACOS_CERTIFICATE" | base64 --decode -o $CERTIFICATE_PATH | |
| security create-keychain -p "$MACOS_KEYCHAIN_PWD" $KEYCHAIN_PATH | |
| security set-keychain-settings -lut 21600 $KEYCHAIN_PATH | |
| security unlock-keychain -p "$MACOS_KEYCHAIN_PWD" $KEYCHAIN_PATH | |
| security import $CERTIFICATE_PATH -P "$MACOS_CERTIFICATE_PWD" -A -t cert -f pkcs12 -k $KEYCHAIN_PATH -T /usr/bin/codesign | |
| security list-keychain -d user -s $KEYCHAIN_PATH | |
| security set-key-partition-list -S "apple-tool:,apple:,codesign:" -s -k $MACOS_KEYCHAIN_PWD $KEYCHAIN_PATH | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| with: | |
| submodules: 'true' | |
| fetch-depth: 0 | |
| ref: ${{ github.event.pull_request.head.sha || github.sha }} | |
| - name: Extend PATH for MacPorts | |
| run: | | |
| echo -e "/opt/local/bin" >> $GITHUB_PATH | |
| echo -e "/opt/local/sbin" >> $GITHUB_PATH | |
| - name: "Try restore dependencies from cache" | |
| id: restore-cache | |
| uses: actions/cache/restore@v4 | |
| with: | |
| key: ${{ runner.os }}-tooling-${{ hashFiles('.github/actions/prepare_macos_tooling/action.yml') }} | |
| path: | | |
| /tmp/opt_local/ | |
| - name: "Build MacOS dependencies" | |
| if: steps.restore-cache.outputs.cache-hit != 'true' | |
| uses: ./.github/actions/prepare_macos_tooling | |
| with: | |
| CACHE_DIR: /tmp/opt_local/ | |
| - name: "Prepare cached dependencies for use" | |
| if: steps.restore-cache.outputs.cache-hit == 'true' | |
| shell: bash | |
| run: | | |
| sudo rsync -arvq /tmp/opt_local/ /opt/local/ | |
| - name: Setup CA | |
| run: | | |
| sudo port -N install apple-pki-bundle curl-ca-bundle | |
| - name: Build arm64 and create app bundle | |
| run: | | |
| BUILD_DIR=build-arm64 | |
| BUILD_OPTIONS="src/tr2 --prefix=/tmp/TR2X.app --bindir=Contents/MacOS --buildtype release" | |
| meson setup $BUILD_DIR $BUILD_OPTIONS | |
| meson install -C $BUILD_DIR | |
| - name: Build x86-64 | |
| run: | | |
| BUILD_DIR=build-x86-64 | |
| BUILD_OPTIONS="src/tr2 --prefix=/tmp/TR2X.app --bindir=Contents/MacOS --cross-file tools/shared/mac/x86-64_cross_file.txt --buildtype release" | |
| meson setup $BUILD_DIR $BUILD_OPTIONS | |
| meson compile -C $BUILD_DIR | |
| - name: Fuse universal executable | |
| run: | | |
| BUNDLE_EXEC_DIR=/tmp/TR2X.app/Contents/MacOS | |
| # Fuse executable and move it into the app bundle. | |
| lipo -create build-x86-64/TR2X $BUNDLE_EXEC_DIR/TR2X -output $BUNDLE_EXEC_DIR/TR2X_universal | |
| mv $BUNDLE_EXEC_DIR/TR2X_universal $BUNDLE_EXEC_DIR/TR2X | |
| # Update dynamic library links in the fused executable. | |
| ./tools/shared/mac/bundle_dylibs -a TR2X --links-only | |
| - name: Sign app bundle | |
| run: | | |
| KEYCHAIN_PATH=$RUNNER_TEMP/app-signing.keychain-db | |
| IDENTITY=$(security find-identity -v -p codesigning $KEYCHAIN_PATH | awk -F'"' '{print $2}') | |
| xattr -cr /tmp/TR2X.app | |
| /usr/bin/codesign --force --deep --options runtime -s "${IDENTITY}" --keychain $KEYCHAIN_PATH -v /tmp/TR2X.app | |
| - name: Create, sign and notarize disk image | |
| env: | |
| MACOS_APPLEID: ${{ secrets.MACOS_APPLEID }} | |
| MACOS_APP_PWD: ${{ secrets.MACOS_APP_PWD }} | |
| MACOS_TEAMID: ${{ secrets.MACOS_TEAMID }} | |
| run: | | |
| KEYCHAIN_PATH=$RUNNER_TEMP/app-signing.keychain-db | |
| IDENTITY=$(security find-identity -v -p codesigning $KEYCHAIN_PATH | awk -F'"' '{print $2}') | |
| tools/shared/mac/create_installer -a TR2X -i data/tr2/mac/icon.icns | |
| xattr -cr TR2X-Installer.dmg | |
| /usr/bin/codesign --force --options runtime -s "${IDENTITY}" --keychain $KEYCHAIN_PATH -v TR2X-Installer.dmg | |
| xcrun notarytool submit --wait --apple-id "$MACOS_APPLEID" --password "$MACOS_APP_PWD" --team-id "$MACOS_TEAMID" TR2X-Installer.dmg | |
| xcrun stapler staple -v TR2X-Installer.dmg | |
| mv TR2X-Installer.dmg "TR2X-$(tools/get_version 1)-Installer.dmg" | |
| - id: vars | |
| name: Prepare variables | |
| run: echo "version=$(tools/get_version 1)" >> $GITHUB_OUTPUT | |
| - name: Upload signed+notarized installer image | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: TR2X-${{ steps.vars.outputs.version }}-mac | |
| path: | | |
| *.dmg | |
| compression-level: 0 # .dmg is already compressed. |