-
Notifications
You must be signed in to change notification settings - Fork 0
132 lines (110 loc) · 4.53 KB
/
build.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
name: build
on:
push:
branches: [ main ]
# on:
# workflow_dispatch:
jobs:
build-win32:
runs-on: windows-2022
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Build
shell: powershell
env:
SPC_B64: ${{ secrets.SPC_B64 }}
POINTER_CC_VERSION: ${{ vars.POINTER_CC_VERSION }}
run: |
$bytes = [System.Convert]::FromBase64String($env:SPC_B64)
Set-Content -Path .\StefanMattingSPC.pfx -Value $bytes -Encoding Byte
Import-PfxCertificate -FilePath .\StefanMattingSPC.pfx -CertStoreLocation 'Cert:\CurrentUser\My'
Remove-Item .\StefanMattingSPC.pfx
choco install python310 > $null
choco install innosetup
Remove-Item -Force -Recurse -ErrorAction SilentlyContinue venv
C:\hostedtoolcache\windows\Python\3.10.11\x64\python.exe --version
C:\hostedtoolcache\windows\Python\3.10.11\x64\python.exe -m venv venv
cd .\venv\Scripts
./Activate.ps1
cd ..\..\
# --no-deps: prevent wxpython from pulling numpy
python -m pip install --no-deps -r requirements.txt
python -m pip install -r requirements-stage2.txt
& .\scripts\build.ps1
$env:PATH = " C:\Program Files (x86)\Windows Kits\10\App Certification Kit;" + $env:PATH
& .\scripts\package-win.ps1
- name: Upload Artifacts
uses: actions/upload-artifact@v4
with:
name: build-result-win32
path: Output/*.exe
build-darwin:
runs-on: macos-11
strategy:
matrix:
# target_arch: [ x86_64, arm64 ]
target_arch: [ arm64 ]
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Import certs
shell: bash
env:
CERTS_P12: ${{ secrets.CERTS_P12 }}
CERTS_P12_PASSWORD: ${{ secrets.CERTS_P12_PASSWORD }}
run: |
set -eo pipefail
# https://github.com/Apple-Actions/import-codesign-certs/blob/master/src/security.ts
CERTS_PATH=$RUNNER_TEMP/bundle.p12
echo -n "$CERTS_P12" | base64 -d -o "$CERTS_PATH"
KEYCHAIN_PATH=$RUNNER_TEMP/app-signing
KEYCHAIN_PASSWORD=foo
# create temporary keychain
security create-keychain -p "$KEYCHAIN_PASSWORD" $KEYCHAIN_PATH
security set-keychain-settings -lut 21600 $KEYCHAIN_PATH
security unlock-keychain -p "$KEYCHAIN_PASSWORD" $KEYCHAIN_PATH
# import and allow all applications to use it
security import "$CERTS_PATH" -k $KEYCHAIN_PATH -f pkcs12 -A -T /usr/bin/codesign -T /usr/bin/security -P "$CERTS_P12_PASSWORD"
# magic incantation that is necessary
security set-key-partition-list -S apple-tool:,apple: -k "$KEYCHAIN_PASSWORD" $KEYCHAIN_PATH
# also necessary, this command actually sets things (even though the name).
security list-keychains -d user -s $KEYCHAIN_PATH login.keychain
# check that we have a valid codesigning cert
security find-identity -vp codesigning $KEYCHAIN_PATH
- name: Set architecture variable
run: |
if [ "${{ matrix.target_arch }}" == "x86_64" ]; then
architecture="x64"
elif [ "${{ matrix.target_arch }}" == "arm64" ]; then
architecture="arm64"
fi
echo "architecture=$architecture" >> "$GITHUB_ENV"
- uses: actions/setup-python@v5
with:
architecture: ${{ env.architecture }}
python-version: '3.10.11'
- shell: bash
env:
POINTER_CC_VERSION: ${{ vars.POINTER_CC_VERSION }}
TARGET_ARCH: ${{ matrix.target_arch }}
run: |
export TARGET_ARCH
python3 --version
python3 -m venv venv
source venv/bin/activate
if [ "$TARGET_ARCH" = "x86_64" ]; then
# --no-deps: prevent wxpython from pulling numpy
pip install --no-deps -r requirements.txt
pip install -r requirements-stage2.txt
else
pip install --platform macosx_11_0_arm64 --no-deps --target venv/lib/python3.10/site-packages -r requirements.txt
pip install --platform macosx_11_0_arm64 --no-deps --target venv/lib/python3.10/site-packages -r requirements-stage2.txt
fi
./scripts/build.sh
./scripts/package-mac.sh
- name: Upload Artifacts
uses: actions/upload-artifact@v4
with:
name: build-result-darwin-${{ matrix.target_arch }}
path: dist/*.dmg