From 02a557e9b7b68c420422784bcb58363735e717ee Mon Sep 17 00:00:00 2001 From: Christian Hoffmann Date: Sun, 13 Mar 2022 22:53:28 +0100 Subject: [PATCH] Autobuild: Combine and simplify Mac build scripts Related: #2503 - Move all autobuild/mac/* scripts to a single .github/autobuild/mac.sh script which is called for the different stages (setup/build/get-artifacts). - Condense redundant parameter parsing into a single step - Create functions with proper names for larger steps - Inline Github artifact output definition as it's shorter that way - Make shellcheck-clean --- .github/autobuild/mac.sh | 87 +++++++++++++++++++++ .github/workflows/autobuild.yml | 12 +-- autobuild/mac/autobuild_mac_1_prepare.sh | 35 --------- autobuild/mac/autobuild_mac_2_build.sh | 50 ------------ autobuild/mac/autobuild_mac_3_copy_files.sh | 48 ------------ 5 files changed, 93 insertions(+), 139 deletions(-) create mode 100755 .github/autobuild/mac.sh delete mode 100755 autobuild/mac/autobuild_mac_1_prepare.sh delete mode 100755 autobuild/mac/autobuild_mac_2_build.sh delete mode 100755 autobuild/mac/autobuild_mac_3_copy_files.sh diff --git a/.github/autobuild/mac.sh b/.github/autobuild/mac.sh new file mode 100755 index 0000000000..b1c9955f86 --- /dev/null +++ b/.github/autobuild/mac.sh @@ -0,0 +1,87 @@ +#!/bin/bash +set -eu + +QT_DIR=/usr/local/opt/qt +AQTINSTALL_VERSION=2.0.6 + +if [[ ! ${QT_VERSION:-} =~ [0-9]+\.[0-9]+\..* ]]; then + echo "Environment variable QT_VERSION must be set to a valid Qt version" + exit 1 +fi +if [[ ! ${jamulus_buildversionstring:-} =~ [0-9]+\.[0-9]+\.[0-9]+ ]]; then + echo "Environment variable jamulus_buildversionstring has to be set to a valid version string" + exit 1 +fi + +setup() { + if [[ -d "${QT_DIR}" ]]; then + echo "Using Qt installation from previous run (actions/cache)" + else + echo "Install dependencies..." + python3 -m pip install "aqtinstall==${AQTINSTALL_VERSION}" + python3 -m aqt install-qt --outputdir "${QT_DIR}" mac desktop "${QT_VERSION}" --archives qtbase qttools qttranslations qtmacextras + fi + + # Add the qt binaries to the PATH. + # The clang_64 entry can be dropped when Qt <6.2 compatibility is no longer needed. + export PATH="${QT_DIR}/${QT_VERSION}/macos/bin:${QT_DIR}/${QT_VERSION}/clang_64/bin:${PATH}" + echo "::set-env name=PATH::${PATH}" +} + +prepare_signing() { + [[ "${SIGN_IF_POSSIBLE:-0}" == "1" ]] || return 1 + + # Signing was requested, now check all prerequisites: + [[ -n "${MACOS_CERTIFICATE:-}" ]] || return 1 + [[ -n "${MACOS_CERTIFICATE_ID:-}" ]] || return 1 + [[ -n "${MACOS_CERTIFICATE_PWD:-}" ]] || return 1 + [[ -n "${NOTARIZATION_PASSWORD:-}" ]] || return 1 + [[ -n "${KEYCHAIN_PASSWORD:-}" ]] || return 1 + + echo "Signing was requested and all dependencies are satisfied" + + # Put the cert to a file + echo "${MACOS_CERTIFICATE}" | base64 --decode > certificate.p12 + + # Set up a keychain for the build: + security create-keychain -p "${KEYCHAIN_PASSWORD}" build.keychain + security default-keychain -s build.keychain + security unlock-keychain -p "${KEYCHAIN_PASSWORD}" build.keychain + security import certificate.p12 -k build.keychain -P "${MACOS_CERTIFICATE_PWD}" -T /usr/bin/codesign + security set-key-partition-list -S apple-tool:,apple:,codesign: -s -k "${KEYCHAIN_PASSWORD}" build.keychain + + # Tell Github Workflow that we need notarization & stapling: + echo "::set-output name=macos_signed::true" + return 0 +} + +build_app_as_dmg_installer() { + # Mac's bash version considers BUILD_ARGS unset without at least one entry: + BUILD_ARGS=("") + if prepare_signing; then + BUILD_ARGS=("-s" "${MACOS_CERTIFICATE_ID}") + fi + ./mac/deploy_mac.sh "${BUILD_ARGS[@]}" +} + +pass_artifact_to_job() { + artifact_deploy_filename="jamulus_${jamulus_buildversionstring}_mac${ARTIFACT_SUFFIX:-}.dmg" + echo "Moving build artifact to deploy/${artifact_deploy_filename}" + mv ./deploy/Jamulus-*installer-mac.dmg "./deploy/${artifact_deploy_filename}" + echo "::set-output name=artifact_1::${artifact_deploy_filename}" +} + +case "${1:-}" in + setup) + setup + ;; + build) + build_app_as_dmg_installer + ;; + get-artifacts) + pass_artifact_to_job + ;; + *) + echo "Unknown stage '${1:-}'" + exit 1 +esac diff --git a/.github/workflows/autobuild.yml b/.github/workflows/autobuild.yml index f440a9041a..f4850541c0 100644 --- a/.github/workflows/autobuild.yml +++ b/.github/workflows/autobuild.yml @@ -106,18 +106,18 @@ jobs: target_os: macos # Stay on 10.15 as long as we use dmgbuild which does not work with 11's hdiutil (?): building_on_os: macos-10.15 - cmd1_prebuild: "./autobuild/mac/autobuild_mac_1_prepare.sh 5.15.2" - cmd2_build: "./autobuild/mac/autobuild_mac_2_build.sh sign_if_possible" - cmd3_postbuild: "./autobuild/mac/autobuild_mac_3_copy_files.sh" + cmd1_prebuild: "QT_VERSION=5.15.2 SIGN_IF_POSSIBLE=1 ./.github/autobuild/mac.sh setup" + cmd2_build: "QT_VERSION=5.15.2 SIGN_IF_POSSIBLE=1 ./.github/autobuild/mac.sh build" + cmd3_postbuild: "QT_VERSION=5.15.2 SIGN_IF_POSSIBLE=1 ./.github/autobuild/mac.sh get-artifacts" run_codeql: true xcode_version: 12.1.1 - config_name: MacOS Legacy (artifacts) target_os: macos building_on_os: macos-10.15 - cmd1_prebuild: "./autobuild/mac/autobuild_mac_1_prepare.sh 5.9.9" - cmd2_build: "./autobuild/mac/autobuild_mac_2_build.sh do_not_sign" - cmd3_postbuild: "./autobuild/mac/autobuild_mac_3_copy_files.sh legacy" + cmd1_prebuild: "QT_VERSION=5.9.9 SIGN_IF_POSSIBLE=0 ARTIFACT_SUFFIX=_legacy ./.github/autobuild/mac.sh setup" + cmd2_build: "QT_VERSION=5.9.9 SIGN_IF_POSSIBLE=0 ARTIFACT_SUFFIX=_legacy ./.github/autobuild/mac.sh build" + cmd3_postbuild: "QT_VERSION=5.9.9 SIGN_IF_POSSIBLE=0 ARTIFACT_SUFFIX=_legacy ./.github/autobuild/mac.sh get-artifacts" run_codeql: false # For Qt5 on Mac, we need to ensure SDK 10.15 is used, and not SDK 11.x. # Xcode 12.1 is the most-recent release which still ships SDK 10.15: diff --git a/autobuild/mac/autobuild_mac_1_prepare.sh b/autobuild/mac/autobuild_mac_1_prepare.sh deleted file mode 100755 index 8e18460b2b..0000000000 --- a/autobuild/mac/autobuild_mac_1_prepare.sh +++ /dev/null @@ -1,35 +0,0 @@ -#!/bin/bash -e - -# autobuild_1_prepare: set up environment, install Qt & dependencies - -if [ "$#" -ne "1" ]; then - echo "need to specify Qt version" - exit 1 -fi - -QT_DIR=/usr/local/opt/qt -QT_VER=$1 -AQTINSTALL_VERSION=2.0.6 - -################### -### PROCEDURE ### -################### - -if [[ -d "${QT_DIR}" ]]; then - echo "Using Qt installation from previous run (actions/cache)" -else - echo "Install dependencies..." - python3 -m pip install "aqtinstall==${AQTINSTALL_VERSION}" - python3 -m aqt install-qt --outputdir "${QT_DIR}" mac desktop "${QT_VER}" --archives qtbase qttools qttranslations qtmacextras -fi - -# Add the qt binaries to the PATH. -# The clang_64 entry can be dropped when Qt <6.2 compatibility is no longer needed. -for qt_path in "${QT_DIR}"/${QT_VER}/macos/bin "${QT_DIR}"/${QT_VER}/clang_64/bin; do - if [[ -d $qt_path ]]; then - export -p PATH="${qt_path}:${PATH}" - break - fi -done -echo "::set-env name=PATH::${PATH}" -echo "the path is ${PATH}" diff --git a/autobuild/mac/autobuild_mac_2_build.sh b/autobuild/mac/autobuild_mac_2_build.sh deleted file mode 100755 index 20a82573fd..0000000000 --- a/autobuild/mac/autobuild_mac_2_build.sh +++ /dev/null @@ -1,50 +0,0 @@ -#!/bin/sh -e - -# autobuild_2_build: actual build process - - -#################### -### PARAMETERS ### -#################### - -SIGN=$1 -if [ -n "${SIGN}" ]; then - shift -fi - -source "$(dirname "${BASH_SOURCE[0]}")/../ensure_THIS_JAMULUS_PROJECT_PATH.sh" - -################### -### PROCEDURE ### -################### - -cd "${THIS_JAMULUS_PROJECT_PATH}" - -echo "Run deploy script..." - -# If we have certificate details, then prepare the signing -if [[ "${SIGN}" != "sign_if_possible" || - -z "${MACOS_CERTIFICATE_PWD}" || - -z "${MACOS_CERTIFICATE}" || - -z "${MACOS_CERTIFICATE_ID}" || - -z "${NOTARIZATION_PASSWORD}" || - -z "${KEYCHAIN_PASSWORD}" ]] -then - sh "${THIS_JAMULUS_PROJECT_PATH}"/mac/deploy_mac.sh -else - echo "Setting up signing, as all credentials found" - - # Get the cert to a file - echo ${MACOS_CERTIFICATE} | base64 --decode > certificate.p12 - - # Set up a keychain for the build - security create-keychain -p "${KEYCHAIN_PASSWORD}" build.keychain - security default-keychain -s build.keychain - security unlock-keychain -p "${KEYCHAIN_PASSWORD}" build.keychain - security import certificate.p12 -k build.keychain -P "${MACOS_CERTIFICATE_PWD}" -T /usr/bin/codesign - security set-key-partition-list -S apple-tool:,apple:,codesign: -s -k "${KEYCHAIN_PASSWORD}" build.keychain - - sh "${THIS_JAMULUS_PROJECT_PATH}"/mac/deploy_mac.sh -s "${MACOS_CERTIFICATE_ID}" - # Set up the notarization and staple parts - echo "::set-output name=macos_signed::true" -fi diff --git a/autobuild/mac/autobuild_mac_3_copy_files.sh b/autobuild/mac/autobuild_mac_3_copy_files.sh deleted file mode 100755 index 71aea38683..0000000000 --- a/autobuild/mac/autobuild_mac_3_copy_files.sh +++ /dev/null @@ -1,48 +0,0 @@ -#!/bin/sh -e - -# autobuild_3_copy_files: copy the built files to deploy folder - -if [ "$#" -gt 1 ]; then - BUILD_SUFFIX=_$1 - shift -fi - -#################### -### PARAMETERS ### -#################### - -source "$(dirname "${BASH_SOURCE[0]}")/../ensure_THIS_JAMULUS_PROJECT_PATH.sh" - -################### -### PROCEDURE ### -################### - -cd "${THIS_JAMULUS_PROJECT_PATH}" - -echo "" -echo "" -echo "ls GITROOT/deploy/" -ls "${THIS_JAMULUS_PROJECT_PATH}"/deploy/ -echo "" - -echo "" -echo "" -artifact_deploy_filename=jamulus_${jamulus_buildversionstring}_mac${BUILD_SUFFIX}.dmg -echo "Move/Rename the built file to deploy/${artifact_deploy_filename}" -mv "${THIS_JAMULUS_PROJECT_PATH}"/deploy/Jamulus-*installer-mac.dmg "${THIS_JAMULUS_PROJECT_PATH}"/deploy/"${artifact_deploy_filename}" - - -echo "" -echo "" -echo "ls GITROOT/deploy/" -ls "${THIS_JAMULUS_PROJECT_PATH}"/deploy/ -echo "" - - -github_output_value() -{ - echo "github_output_value() ${1} = ${2}" - echo "::set-output name=${1}::${2}" -} - -github_output_value artifact_1 ${artifact_deploy_filename}