Build

Code sign macOS binaries #46

Workflow file for this run

	name: Build

	on:
	push:
	pull_request:

	jobs:
	test:
	runs-on: ${{ matrix.os }}
	strategy:
	matrix:
	os: [macos-latest, ubuntu-latest]
	steps:
	- uses: actions/checkout@v4
	- name: Build and test
	run: \|
	mkdir build
	cd build
	cmake ..
	make
	make check

	package-source:
	runs-on: ubuntu-latest
	steps:
	- uses: actions/checkout@v4
	- name: Make source tarball
	run: \|
	./autogen.sh
	./configure && make distcheck
	- name: Archive production artifacts
	uses: actions/upload-artifact@v4
	with:
	name: libdiscid-source
	path: libdiscid-*.tar.gz

	package-windows:
	runs-on: windows-2019
	env:
	GENERATOR: Visual Studio 16 2019
	CODESIGN: ${{ !!secrets.AZURE_CERT_PROFILE_NAME }}
	steps:
	- uses: actions/checkout@v4
	- name: Prepare package
	run: \|
	mkdir artifacts
	cp .\COPYING artifacts
	cp .\README artifacts
	cp .\ChangeLog artifacts
	- name: Build x64
	run: \|
	mkdir _build_$env:ARCH
	cd _build_$env:ARCH
	cmake -G $env:GENERATOR -A $env:ARCH ..
	cmake --build . --config Release
	mkdir ..\artifacts\$env:ARCH
	cp .\Release\* ..\artifacts\$env:ARCH
	cp -R .\include ..\artifacts
	env:
	ARCH: x64
	- name: Build Win32
	run: \|
	mkdir _build_$env:ARCH
	cd _build_$env:ARCH
	cmake -G $env:GENERATOR -A $env:ARCH ..
	cmake --build . --config Release
	mkdir ..\artifacts\$env:ARCH
	cp .\Release\* ..\artifacts\$env:ARCH
	env:
	ARCH: Win32
	- name: Sign generated DLLs
	uses: azure/[email protected]
	if: env.CODESIGN == 'true'
	with:
	azure-tenant-id: ${{ secrets.AZURE_TENANT_ID }}
	azure-client-id: ${{ secrets.AZURE_CLIENT_ID }}
	azure-client-secret: ${{ secrets.AZURE_CLIENT_SECRET }}
	endpoint: ${{ secrets.AZURE_ENDPOINT }}
	trusted-signing-account-name: ${{ secrets.AZURE_CODE_SIGNING_NAME }}
	certificate-profile-name: ${{ secrets.AZURE_CERT_PROFILE_NAME }}
	files-folder: artifacts
	files-folder-filter: exe,dll
	files-folder-recurse: true
	timestamp-rfc3161: http://timestamp.acs.microsoft.com
	timestamp-digest: SHA256
	- name: Archive production artifacts
	uses: actions/upload-artifact@v4
	with:
	name: libdiscid-windows
	path: artifacts/
	- name: Test x64
	run: \|
	cd _build_x64
	cmake --build . --config Release --target test_core test_put test_read test_read_full
	.\Release\test_core.exe
	.\Release\test_put.exe
	- name: Test Win32
	run: \|
	cd _build_Win32
	cmake --build . --config Release --target test_core test_put test_read test_read_full
	.\Release\test_core.exe
	.\Release\test_put.exe

	package-macos:
	runs-on: macos-13
	env:
	MACOSX_DEPLOYMENT_TARGET: "10.10"
	steps:
	- uses: actions/checkout@v4
	- name: Build
	run: \|
	mkdir build
	cd build
	cmake -DCMAKE_BUILD_TYPE=Release -D "CMAKE_OSX_ARCHITECTURES=arm64;x86_64" ..
	make
	lipo libdiscid.0.dylib -verify_arch arm64 x86_64
	- name: Package
	run: \|
	cd build
	mkdir -p artifacts/universal2
	cp -Lv libdiscid.0.dylib artifacts/universal2/
	for arch in arm64 x86_64; do
	mkdir -p "artifacts/${arch}"
	lipo artifacts/universal2/libdiscid.0.dylib \
	-thin $arch \
	-output artifacts/${arch}/libdiscid.0.dylib
	done
	cp -Rv include artifacts/
	cp -v ../COPYING ../README ../ChangeLog artifacts
	- name: Prepare code signing certificate
	run: \|
	if [ -n "$CODESIGN_MACOS_P12_URL" ] && [ -n "$AWS_ACCESS_KEY_ID" ]; then
	pip3 install awscli
	aws s3 cp "$CODESIGN_MACOS_P12_URL" ./appledev.p12
	else
	echo "::warning::No code signing certificate available, skipping code signing."
	fi
	env:
	AWS_DEFAULT_REGION: eu-central-1
	AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
	AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
	CODESIGN_MACOS_P12_URL: ${{ secrets.CODESIGN_MACOS_P12_URL }}
	- name: Sign a Mach-O binary
	uses: indygreg/apple-code-sign-action@v1
	with:
	input_path: artifacts
	p12_file: ./appledev.p12
	p12_password: ${{ secrets.CODESIGN_MACOS_P12_PASSWORD }}
	- name: Archive production artifacts
	uses: actions/upload-artifact@v4
	with:
	name: libdiscid-macos
	path: build/artifacts

	release:
	runs-on: ubuntu-latest
	if: startsWith(github.ref, 'refs/tags/v')
	needs:
	- test
	- package-source
	- package-macos
	- package-windows
	steps:
	- uses: actions/checkout@v4
	- name: Set version
	run: \|
	TAG=${GITHUB_REF##*/}
	echo "VERSION=$(echo $TAG \| sed 's/^v//')" >> $GITHUB_ENV
	- uses: actions/download-artifact@v4
	with:
	name: libdiscid-windows
	path: artifacts/libdiscid-${{ env.VERSION }}-win/
	- uses: actions/download-artifact@v4
	with:
	name: libdiscid-macos
	path: artifacts/libdiscid-${{ env.VERSION }}-mac/
	- uses: actions/download-artifact@v4
	with:
	name: libdiscid-source
	path: artifacts/release/
	- name: Make zips
	run: \|
	cd artifacts/
	dirs=$(find . -name 'libdiscid-*' -type d)
	for dir in $dirs; do
	name=$(basename $dir)
	zip -r release/$name.zip $dir/*
	done
	- name: Generate checksums
	run: \|
	cd artifacts/release/
	sha256sum * > SHA256SUMS
	- name: Release
	uses: softprops/action-gh-release@v2
	with:
	files: artifacts/release/*
	env:
	GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Code sign macOS binaries #46

Workflow file

Code sign macOS binaries #46

Jobs

Run details

Workflow file for this run