ref: 3dd55d91838f71eccaa80e06a7006e5ff5925081
dir: /.github/workflows/build-macos.yml/
name: m8c macOS builds
on:
push:
pull_request:
release:
types: [published]
workflow_dispatch:
jobs:
build-macos:
strategy:
fail-fast: false
matrix:
include:
- name: m8c MacOS build (Intel)
runner: macos-13
build_dir: build-intel
artifact_suffix: intel
cmake_arch: x86_64
- name: m8c MacOS build (Apple Silicon)
runner: macos-latest
build_dir: build-arm64
artifact_suffix: applesilicon
cmake_arch: arm64
name: ${{ matrix.name }}
runs-on: ${{ matrix.runner }}
env:
BUILD_DIR: ${{ matrix.build_dir }}
steps:
- name: Environment info
run: |
uname -m
- name: Install dependencies
run: brew install sdl3 libserialport
- name: Checkout
uses: actions/checkout@v4
- name: Set current date as env variable
run: echo "NOW=$(date +'%Y-%m-%d')" >> $GITHUB_ENV
- name: Create Custom Keychain
id: createCustomKeychain
if: github.event_name == 'release'
env:
KEYCHAIN_PASSWORD: ${{ secrets.KEYCHAIN_PASSWORD }}
run: |
security create-keychain -p "$KEYCHAIN_PASSWORD" build.keychain
security list-keychains -s build.keychain
security default-keychain -s build.keychain
security unlock-keychain -p "$KEYCHAIN_PASSWORD" build.keychain
security set-keychain-settings build.keychain
- name: Import Apple Developer Certificate
id: importAppleCertificate
if: github.event_name == 'release'
env:
CERTIFICATE_PASSWORD: ${{ secrets.CERTIFICATE_PASSWORD }}
KEYCHAIN_PASSWORD: ${{ secrets.KEYCHAIN_PASSWORD }}
run: |
echo "${{ secrets.MACOS_CERTIFICATE }}" | base64 --decode > developer_cert.p12
security import developer_cert.p12 -P "$CERTIFICATE_PASSWORD" -T /usr/bin/codesign
security set-key-partition-list -S apple-tool:,apple: -s -k "$KEYCHAIN_PASSWORD" build.keychain
- name: Configure m8c
id: configureApplication
env:
CODESIGN_CERT_NAME: ${{ secrets.MACOS_CODE_SIGN_IDENTITY }}
run: |
mkdir -p "${{ env.BUILD_DIR }}"
pushd "${{ env.BUILD_DIR }}"
cmake .. -DCMAKE_BUILD_TYPE=Release -DCODESIGN_CERT_NAME="$CODESIGN_CERT_NAME"
popd
- name: Build and package m8c
id: buildApplication
continue-on-error: true
env:
CMAKE_INSTALL_PREFIX: build_output
run: |
pushd "${{ env.BUILD_DIR }}"
cpack -V .
popd
- name: View debug log if compilation fails
if: failure() && steps.buildApplication.outcome == 'failure'
run: |
cat "${{ github.workspace }}/${{ env.BUILD_DIR }}/_CPack_Packages/Darwin/DragNDrop/PreinstallOutput.log" || true
- name: Notarize the App
id: notarizeApp
if: github.event_name == 'release'
env:
APPLE_ID: ${{ secrets.APPLE_ID }}
APPLE_PASSWORD: ${{ secrets.APP_SPECIFIC_PASSWORD }}
TEAM_ID: ${{ secrets.TEAM_ID }}
run: |
pushd "${{ env.BUILD_DIR }}"
APP_PATH=$(find package-output -maxdepth 1 -name "m8c*.dmg" | head -n 1)
xcrun notarytool submit \
--apple-id "$APPLE_ID" \
--team-id "$TEAM_ID" \
--password "$APPLE_PASSWORD" \
--wait \
"$APP_PATH"
xcrun stapler staple "$APP_PATH"
popd
- name: Verify Stapling
id: verifyStapling
if: github.event_name == 'release'
run: |
APP_PATH=$(find "${{ env.BUILD_DIR }}/package-output" -maxdepth 1 -name "m8c*.dmg" | head -n 1)
echo "Verifying stapling on $APP_PATH"
xcrun stapler validate "$APP_PATH"
- name: Delete Custom Keychain
id: deleteCustomKeychain
if: github.event_name == 'release' && steps.createCustomKeychain.outcome == 'success'
run: |
security delete-keychain build.keychain
- name: Copy package
run: |
APP_PATH=$(find "${{ env.BUILD_DIR }}/package-output" -maxdepth 1 -name "m8c*.dmg" | head -n 1)
mv "$APP_PATH" "m8c-${{ env.NOW }}-macos-${{ matrix.artifact_suffix }}.dmg"
- name: Upload DMG package
uses: actions/upload-artifact@v4
with:
name: m8c-${{ env.NOW }}-macos-${{ matrix.artifact_suffix }}
path: m8c-${{ env.NOW }}-macos-${{ matrix.artifact_suffix }}.dmg