Skip to content

Renmae test power shell action. #3

Renmae test power shell action.

Renmae test power shell action. #3

name: test-code-signing
on:
push:
branches: [code-signing]
jobs:
setup:
if: github.repository == 'not-hsorby/mapclient'
runs-on: ubuntu-latest
outputs:
matrix: ${{ steps.set-matrix.outputs.matrix }}
run-installer: ${{ steps.set-matrix.outputs.run-installer }}
package: ${{ steps.set-matrix.outputs.run-packaging }}
tag: ${{ steps.get-tag.outputs.tag }}
steps:
- name: Get the tag
id: get-tag
shell: bash
run: |
echo "Setting tag as: vX.Y.Z"
echo "tag=vX.Y.Z" >> $GITHUB_OUTPUT
- name: Get the release name
id: get-release-name
shell: bash
run: |
tag=${{ steps.get-tag.outputs.tag }}
bare_tag=${tag/v/}
IFS='.' read -ra bare_tag_parts <<< "$bare_tag"
name="${bare_tag_parts[0]}.${bare_tag_parts[1]}.${bare_tag_parts[2]}"
echo "Setting name as: ${name}"
echo "name=$name" >> $GITHUB_OUTPUT
- name: Determine required assets
id: set-variants
shell: cmake -P {0}
run: |
set(RELEASE_BODY "${{ github.event.release.body }}")
string(REPLACE "\n" ";" _PARTS "${RELEASE_BODY}")
set(VARIANTS standard)
message(STATUS "variants=\"${VARIANTS}\"")
file(APPEND $ENV{GITHUB_OUTPUT} "variants=\"${VARIANTS}\"")
- name: set_matrix
id: set-matrix
shell: bash
run: |
matrixElements=()
variants=${{ steps.set-variants.outputs.variants }}
for v in $variants; do
matrixElements+=('{"os":"windows-2022","variant":"'$v'","tag":"${{ steps.get-tag.outputs.tag }}","release-name":"${{ steps.get-release-name.outputs.name }}","python-version":"3.9"}')
done
if [ "${#matrixElements[@]}" -eq "0" ]; then
echo run-installer=false >> $GITHUB_OUTPUT
echo run-packaging=false >> $GITHUB_OUTPUT
else
echo run-installer=true >> $GITHUB_OUTPUT
echo run-packaging=true >> $GITHUB_OUTPUT
fi
function join_by { local IFS="$1"; shift; echo "$*"; }
content=`join_by , ${matrixElements[@]}`
echo "{\"include\":[$content]}"
echo "matrix={\"include\":[$content]}" >> $GITHUB_OUTPUT
installer:
needs: setup
name: installer
if: needs.setup.outputs.run-installer == 'true'
runs-on: ${{ matrix.os }}
strategy:
matrix: ${{fromJson(needs.setup.outputs.matrix)}}
steps:
- name: Install PowerShell module SignPath (Windows)
if: runner.os == 'Windows'
shell: pwsh
run: |
Install-Module -Name SignPath -MinimumVersion 4.4.1
- name: Set up Python
uses: actions/setup-python@v5
with:
python-version: ${{ matrix.python-version }}
- name: Checkout codebase
uses: actions/checkout@v4
with:
ref: code-signing
path: mapclient
- name: Setup scripts
uses: actions/checkout@v4
with:
repository: hsorby/mapclientreleasescripts
path: scripts
- name: Setup Python virtual environment
id: python-environment
shell: bash
run: |
echo "Creating application asset"
python -m venv venv
if [ "$RUNNER_OS" == "macOS" ]; then
python_exe=$GITHUB_WORKSPACE/venv/bin/python
pip_exe=$GITHUB_WORKSPACE/venv/bin/pip
# source venv/bin/activate
elif [ "$RUNNER_OS" == "Windows" ]; then
python_exe=$GITHUB_WORKSPACE/venv/Scripts/python.exe
pip_exe=$GITHUB_WORKSPACE/venv/Scripts/pip.exe
# source venv/Scripts/activate
else
echo "$RUNNER_OS not supported"
exit 1
fi
cd mapclient
echo "==============================================="
echo "=== setting extensions.worktreeconfig false ==="
echo "====== because Dulwich cannot handle it. ======"
echo "==============================================="
git config extensions.worktreeconfig false
echo "---=---"
git config --list
cd ..
python_exe=${python_exe//\\//}
echo "python_exe=$python_exe"
echo "python_exe=$python_exe" >> $GITHUB_OUTPUT
pip_exe=${pip_exe//\\//}
echo "pip_exe=$pip_exe"
echo "pip_exe=$pip_exe" >> $GITHUB_OUTPUT
- name: Create application asset
id: create-application
shell: bash
run: |
echo "Creating application asset"
if [ "${{ matrix.variant }}" == "standard" ]; then
variant=
else
variant="-${{ matrix.variant }}"
fi
cd $GITHUB_WORKSPACE
cd scripts
# ${{ steps.get_tag.outputs.tag }}
# Manually install PyInstaller rather than use the dev install requires from setup.py.
${{ steps.python-environment.outputs.pip_exe }} install pyinstaller
git fetch
git switch ${{ matrix.variant }}
git log -1 --oneline
${{ steps.python-environment.outputs.python_exe }} create_mapclient_application.py -v "${{ matrix.variant }}" -l $GITHUB_WORKSPACE/mapclient ${{ matrix.tag }}
if [ "$RUNNER_OS" == "Windows" ]; then
asset="${GITHUB_WORKSPACE}/mapclient/res/pyinstaller/dist/MAP-Client${variant}/MAP-Client${variant}.exe"
asset=${asset//\\//}
fi
echo "file=$asset" >> $GITHUB_OUTPUT
cat $GITHUB_OUTPUT
- name: Codesign application (Windows)
if: runner.os == 'Windows'
shell: pwsh
run: |
# The user must be a submitter for the given signing policy!
Submit-SigningRequest `
-InputArtifactPath "${{ steps.create-application.outputs.file }}" `
-ApiToken "${{ secrets.SIGNPATH_API_TOKEN }}" `
-OrganizationId "${{ secrets.SIGNPATH_ORGANIZATION_ID }}" `
-ProjectSlug "MAP_Client" `
-SigningPolicySlug "MAP_Client_Release_Candidate_Policy" `
-OutputArtifactPath "${{ steps.create-application.outputs.file }}" `
-WaitForCompletion
- name: Create installer asset
id: create-installer
shell: bash
run: |
echo "Creating installer asset"
if [ "${{ matrix.variant }}" == "standard" ]; then
variant=
else
variant="-${{ matrix.variant }}"
fi
cd $GITHUB_WORKSPACE
cd scripts
${{ steps.python-environment.outputs.python_exe }} create_mapclient_installer.py -v "${{ matrix.variant }}" -l $GITHUB_WORKSPACE/mapclient ${{ matrix.tag }}
if [ "$RUNNER_OS" == "macOS" ]; then
asset=$GITHUB_WORKSPACE/mapclient/res/macos/MAP-Client${variant}-${{ matrix.release-name }}.dmg
elif [ "$RUNNER_OS" == "Windows" ]; then
asset=$GITHUB_WORKSPACE/mapclient/package/MAP-Client${variant}-${{ matrix.release-name }}.exe
asset=${asset//\\//}
else
echo "$RUNNER_OS not supported"
exit 1
fi
echo $asset
echo "file=$asset" >> $GITHUB_OUTPUT
- name: Codesign installer (Windows)
if: runner.os == 'Windows'
shell: pwsh
run: |
# The user must be a submitter for the given signing policy!
Submit-SigningRequest `
-InputArtifactPath "${{ steps.create-installer.outputs.file }}" `
-ApiToken "${{ secrets.SIGNPATH_API_TOKEN }}" `
-OrganizationId "${{ secrets.SIGNPATH_ORGANIZATION_ID }}" `
-ProjectSlug "MAP_Client" `
-SigningPolicySlug "MAP_Client_Release_Candidate_Policy" `
-OutputArtifactPath "${{ steps.create-installer.outputs.file }}" `
-WaitForCompletion
- name: Notarize and Staple installer (macOS)
if: runner.os == 'macOS'
run: |
#codesign -s "${{ secrets.APPLE_DEV_ID_APPLICATION}}" --timestamp --force "${{ steps.create-installer.outputs.file }}"
xcrun notarytool submit "${{ steps.create-installer.outputs.file }}" --apple-id ${{ secrets.APPLE_NOTARIZATION_USERNAME }} --password ${{ secrets.APPLE_NOTARIZATION_PASSWORD }} --team-id ${{ secrets.APPLE_DEV_TEAM_ID }} --wait
xcrun stapler staple "${{ steps.create-installer.outputs.file }}"
- name: Upload asset
uses: softprops/action-gh-release@v2
with:
files: ${{ steps.create-installer.outputs.file }}
tag_name: ${{ matrix.tag }}