.github/workflows/build.yml

name: Build

on:
  push:
  pull_request:

jobs:
  test:
    runs-on: ${{ matrix.os }}
    strategy:
      matrix:
        os: [macos-latest, ubuntu-latest]
    steps:
    - uses: actions/checkout@v4
    - name: Build and test
      run: |
        mkdir build
        cd build
        cmake ..
        make
        make check

  package-source:
    runs-on: ubuntu-latest
    steps:
    - uses: actions/checkout@v4
    - name: Make source tarball
      run: |
        ./autogen.sh
        ./configure && make distcheck
    - name: Archive production artifacts
      uses: actions/upload-artifact@v4
      with:
        name: libdiscid-source
        path: libdiscid-*.tar.gz

  package-windows:
    runs-on: windows-2019
    env:
      GENERATOR: Visual Studio 16 2019
      CODESIGN: ${{ !!secrets.AZURE_CERT_PROFILE_NAME }}
    steps:
    - uses: actions/checkout@v4
    - name: Prepare package
      run: |
        mkdir artifacts
        cp .\COPYING artifacts
        cp .\README artifacts
        cp .\ChangeLog artifacts
    - name: Build x64
      run: |
        mkdir _build_$env:ARCH
        cd _build_$env:ARCH
        cmake -G $env:GENERATOR -A $env:ARCH ..
        cmake --build . --config Release
        mkdir ..\artifacts\$env:ARCH
        cp .\Release\* ..\artifacts\$env:ARCH
        cp -R .\include ..\artifacts
      env:
        ARCH: x64
    - name: Build Win32
      run: |
        mkdir _build_$env:ARCH
        cd _build_$env:ARCH
        cmake -G $env:GENERATOR -A $env:ARCH ..
        cmake --build . --config Release
        mkdir ..\artifacts\$env:ARCH
        cp .\Release\* ..\artifacts\$env:ARCH
      env:
        ARCH: Win32
    - name: Sign generated DLLs
      uses: azure/trusted-signing-action@v0.5.0
      if: env.CODESIGN == 'true'
      with:
        azure-tenant-id: ${{ secrets.AZURE_TENANT_ID }}
        azure-client-id: ${{ secrets.AZURE_CLIENT_ID }}
        azure-client-secret: ${{ secrets.AZURE_CLIENT_SECRET }}
        endpoint: ${{ secrets.AZURE_ENDPOINT }}
        trusted-signing-account-name: ${{ secrets.AZURE_CODE_SIGNING_NAME }}
        certificate-profile-name: ${{ secrets.AZURE_CERT_PROFILE_NAME }}
        files-folder: artifacts
        files-folder-filter: exe,dll
        files-folder-recurse: true
        timestamp-rfc3161: http://timestamp.acs.microsoft.com
        timestamp-digest: SHA256
    - name: Archive production artifacts
      uses: actions/upload-artifact@v4
      with:
        name: libdiscid-windows
        path: artifacts/
    - name: Test x64
      run: |
        cd _build_x64
        cmake --build . --config Release --target test_core test_put test_read test_read_full
        .\Release\test_core.exe
        .\Release\test_put.exe
    - name: Test Win32
      run: |
        cd _build_Win32
        cmake --build . --config Release --target test_core test_put test_read test_read_full
        .\Release\test_core.exe
        .\Release\test_put.exe

  package-macos:
    runs-on: macos-13
    env:
      MACOSX_DEPLOYMENT_TARGET: "10.10"
    steps:
    - uses: actions/checkout@v4
    - name: Build
      run: |
        mkdir build
        cd build
        cmake -DCMAKE_BUILD_TYPE=Release -D "CMAKE_OSX_ARCHITECTURES=arm64;x86_64" ..
        make
        lipo libdiscid.0.dylib -verify_arch arm64 x86_64
    - name: Package
      run: |
        cd build
        mkdir -p artifacts/universal2
        cp -Lv libdiscid.0.dylib artifacts/universal2/
        for arch in arm64 x86_64; do
          mkdir -p "artifacts/${arch}"
          lipo artifacts/universal2/libdiscid.0.dylib \
            -thin $arch \
            -output artifacts/${arch}/libdiscid.0.dylib
        done
        cp -Rv include artifacts/
        cp -v ../COPYING ../README ../ChangeLog artifacts
    - name: Prepare code signing certificate
      run: |
        if [ -n "$CODESIGN_MACOS_P12_URL" ] && [ -n "$AWS_ACCESS_KEY_ID" ]; then
          pip3 install awscli
          aws s3 cp "$CODESIGN_MACOS_P12_URL" ./appledev.p12
        else
          echo "::warning::No code signing certificate available, skipping code signing."
        fi
      env:
        AWS_DEFAULT_REGION: eu-central-1
        AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
        AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
        CODESIGN_MACOS_P12_URL: ${{ secrets.CODESIGN_MACOS_P12_URL }}
    - name: Sign a Mach-O binary
      uses: indygreg/apple-code-sign-action@v1
      with:
        input_path: artifacts
        p12_file: ./appledev.p12
        p12_password: ${{ secrets.CODESIGN_MACOS_P12_PASSWORD }}
    - name: Archive production artifacts
      uses: actions/upload-artifact@v4
      with:
        name: libdiscid-macos
        path: build/artifacts

  release:
    runs-on: ubuntu-latest
    if: startsWith(github.ref, 'refs/tags/v')
    needs:
    - test
    - package-source
    - package-macos
    - package-windows
    steps:
    - uses: actions/checkout@v4
    - name: Set version
      run: |
        TAG=${GITHUB_REF##*/}
        echo "VERSION=$(echo $TAG | sed 's/^v//')" >> $GITHUB_ENV
    - uses: actions/download-artifact@v4
      with:
        name: libdiscid-windows
        path: artifacts/libdiscid-${{ env.VERSION }}-win/
    - uses: actions/download-artifact@v4
      with:
        name: libdiscid-macos
        path: artifacts/libdiscid-${{ env.VERSION }}-mac/
    - uses: actions/download-artifact@v4
      with:
        name: libdiscid-source
        path: artifacts/release/
    - name: Make zips
      run: |
        cd artifacts/
        dirs=$(find . -name 'libdiscid-*' -type d)
        for dir in $dirs; do
          name=$(basename $dir)
          zip -r release/$name.zip $dir/*
        done
    - name: Generate checksums
      run: |
        cd artifacts/release/
        sha256sum * > SHA256SUMS
    - name: Release
      uses: softprops/action-gh-release@v2
      with:
        files: artifacts/release/*
      env:
        GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}