codesign fixes #149

Workflow file for this run

.github/workflows/apx-gcs-release.yml at fe34f8b

	name: APX GCS CI

	on:
	push:
	tags:
	- "release-*"
	- "test-*"

	env:
	BUILD_DIR: build-release

	jobs:
	build-linux:
	name: Build Linux
	runs-on: ubuntu-latest
	# if: "false"

	container:
	image: uavos/apx-gcs-linux:latest
	options: --privileged

	steps:
	- name: Checkout
	uses: actions/checkout@v4
	with:
	submodules: recursive
	fetch-tags: true
	fetch-depth: 0
	- run: git config --global --add safe.directory `pwd`

	# - name: Setup vscode tunnel # https://code.visualstudio.com/docs/remote/tunnels
	# run: \|
	# curl -Lk 'https://code.visualstudio.com/sha/download?build=stable&os=cli-alpine-x64' --output vscode_cli.tar.gz
	# tar -xf vscode_cli.tar.gz
	# ./code tunnel --accept-server-license-terms

	- name: Build package
	run: make release-package

	- name: Upload artifacts
	uses: actions/upload-artifact@v4
	with:
	path: \|
	${{ env.BUILD_DIR }}/deploy/*.AppImage
	name: apx-gcs-linux
	if-no-files-found: error
	retention-days: 1

	build-macos:
	name: Build MacOS
	runs-on: macos-latest
	env:
	VERSION_QT: 6.8.1
	VERSION_SDL: 2.30.8
	VERSION_GST: 1.22.5

	# we replace system python with brew python
	PYTHONPATH: /Library/Frameworks/Python.framework/Versions/3.12/lib/python3.12/site-packages

	steps:
	- name: Checkout
	uses: actions/checkout@v4
	with:
	submodules: recursive
	fetch-tags: true
	fetch-depth: 0
	- run: git config --global --add safe.directory `pwd`

	# - name: Setup tmate session
	# uses: mxschmitt/action-tmate@v3

	- name: Install Tools (python)
	run: \|
	pip3 install networkx simplejson jinja2 pyyaml dmgbuild aqtinstall --break-system-packages

	- name: Install Qt
	working-directory: /tmp
	run: \|
	aqt install-qt mac desktop $VERSION_QT -m \
	qtshadertools qt5compat qtcharts qtmultimedia \
	qtspeech qtlocation qtpositioning qtserialport
	echo "/tmp/$VERSION_QT/macos/bin" >> $GITHUB_PATH

	- name: Install SDL
	working-directory: /tmp
	run: \|
	curl -L https://github.com/libsdl-org/SDL/releases/download/release-$VERSION_SDL/SDL2-$VERSION_SDL.dmg --output sdl.dmg
	hdiutil attach -noverify sdl.dmg
	sudo cp -a /Volumes/SDL2/SDL2.framework /Library/Frameworks/
	hdiutil detach /Volumes/SDL2
	rm -f sdl.dmg

	- name: Install GST
	working-directory: /tmp
	run: \|
	curl -L https://gstreamer.freedesktop.org/data/pkg/osx/$VERSION_GST/gstreamer-1.0-$VERSION_GST-universal.pkg --output gst.pkg
	curl -L https://gstreamer.freedesktop.org/data/pkg/osx/$VERSION_GST/gstreamer-1.0-devel-$VERSION_GST-universal.pkg --output gst-devel.pkg
	sudo installer -package gst.pkg -target /
	sudo installer -package gst-devel.pkg -target /
	rm -f gst*.pkg

	# - name: Setup tmate session
	# uses: mxschmitt/action-tmate@v3

	- name: Install KEYS
	env:
	KEYCHAIN: default.keychain
	KEYCHAIN_PASSWORD: uavos
	# base64 -i build_certificate.p12 \| pbcopy
	SIGNING_CERTIFICATE_P12_DATA: ${{ secrets.SIGNING_CERTIFICATE_P12_DATA }}
	SIGNING_CERTIFICATE_PASSWORD: ${{ secrets.SIGNING_CERTIFICATE_PASSWORD }}
	CODE_IDENTITY: ${{ secrets.CODE_IDENTITY }}
	run: \|
	security create-keychain -p $KEYCHAIN_PASSWORD $KEYCHAIN
	security default-keychain -s $KEYCHAIN
	security unlock-keychain -p $KEYCHAIN_PASSWORD $KEYCHAIN
	security set-keychain-settings $KEYCHAIN
	security list-keychains -s $KEYCHAIN
	security import <(echo $SIGNING_CERTIFICATE_P12_DATA \| base64 --decode) -f pkcs12 -k $KEYCHAIN -P $SIGNING_CERTIFICATE_PASSWORD -T /usr/bin/codesign
	security set-key-partition-list -S apple-tool:,apple:,codesign: -s -k $KEYCHAIN_PASSWORD $KEYCHAIN
	security unlock-keychain -p $KEYCHAIN_PASSWORD $KEYCHAIN
	security -v find-identity -s $CODE_IDENTITY

	- name: Build package
	env:
	CODE_IDENTITY: ${{ secrets.CODE_IDENTITY }}
	QT_PATH: /tmp/$VERSION_QT/macos
	LD_LIBRARY_PATH: $QT_PATH/lib
	PKG_CONFIG_PATH: $QT_PATH/lib/pkgconfig
	CMAKE_PREFIX_PATH: $QT_PATH/lib/cmake

	run: \|
	make release-package

	- name: Notarize package
	env:
	NOTARIZATION_API_KEY_ID: ${{ secrets.NOTARIZATION_API_KEY_ID }}
	NOTARIZATION_API_KEY: ${{ secrets.NOTARIZATION_API_KEY }}
	NOTARIZATION_API_ISSUER: ${{ secrets.NOTARIZATION_API_ISSUER }}
	run: \|
	echo $NOTARIZATION_API_KEY \| base64 --decode > notarization_api_key
	xcrun notarytool submit ${{ env.BUILD_DIR }}/deploy/*.dmg --key notarization_api_key --key-id $NOTARIZATION_API_KEY_ID --issuer $NOTARIZATION_API_ISSUER --wait
	xcrun stapler staple ${{ env.BUILD_DIR }}/deploy/*.dmg

	- name: Upload artifacts
	uses: actions/upload-artifact@v4
	with:
	path: \|
	${{ env.BUILD_DIR }}/deploy/*.dmg
	name: apx-gcs-macos
	if-no-files-found: error
	retention-days: 1

	publish:
	name: Publish Release
	needs: [build-linux, build-macos]
	runs-on: ubuntu-latest
	if: ${{ !startsWith(github.event.ref, 'refs/tags/test-') }}
	# if: "false"
	steps:
	- uses: actions/checkout@v4
	- uses: actions/download-artifact@v4
	with:
	path: package
	- name: Collecting files
	id: package
	working-directory: package
	run: \|
	find . -mindepth 2 -type f -exec mv -f '{}' . ';'
	ls -la .
	VERSION=${{ github.ref }}
	VERSION=$(echo ${VERSION##*/} \| sed 's/^release-//')
	echo "Version: $VERSION"
	echo "::set-output name=path::$(pwd)"
	echo "::set-output name=version::$VERSION"

	- name: Generate release text
	run: \|
	cp -f docs/releases/release-${{ steps.package.outputs.version }}.md changes.md
	sed -i 's/^#/###/g' changes.md

	- name: Create Release draft
	id: create_release
	uses: actions/create-release@v1
	env:
	GITHUB_TOKEN: ${{ secrets.CI_PAT }}
	with:
	tag_name: release-${{ steps.package.outputs.version }}
	release_name: APX Ground Control ${{ steps.package.outputs.version }}
	body_path: changes.md
	draft: true
	prerelease: true

	- name: Publish release
	uses: actions/github-script@v7
	with:
	github-token: ${{secrets.CI_PAT}}
	script: \|
	const fs = require('fs').promises;

	const { repo: { owner, repo }, sha } = context;

	for (let file of await fs.readdir('package', {withFileTypes:true})) {
	if (!file.isFile())
	continue;
	if (file.name.endsWith('.xml'))
	continue;
	console.log('uploading', file.name);
	await github.repos.uploadReleaseAsset({
	owner, repo,
	release_id: "${{ steps.create_release.outputs.id }}",
	name: file.name,
	data: await fs.readFile(`package/${file.name}`)
	});
	}

	github.repos.updateRelease({
	owner, repo,
	release_id: "${{ steps.create_release.outputs.id }}",
	draft: false
	});

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

codesign fixes #149

Workflow file

codesign fixes #149

Jobs

Run details

Workflow file for this run