Skip to content

Commit

Permalink
ci(macOS): Use self hosted runner
Browse files Browse the repository at this point in the history
  • Loading branch information
@lucydodo
lucydodo committed Sep 16, 2023
1 parent 7748dae commit 07a9f95
Show file tree
Hide file tree
Showing 2 changed files with 70 additions and 113 deletions.
48 changes: 15 additions & 33 deletions .github/actions/notarize-macos/action.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,9 +7,7 @@ inputs:
required: true
DEV_ID:
required: true
P12:
required: true
P12_PW:
KEYCHAIN_PATH:
required: true
KEYCHAIN_PW:
required: true
Expand All @@ -23,39 +21,28 @@ runs:
using: 'composite'

steps:
- name: Install the Apple certificate
- name: Unlock keychain
env:
P12: ${{ inputs.P12 }}
P12_PW: ${{ inputs.P12_PW }}
KEYCHAIN_PATH: ${{ inputs.KEYCHAIN_PATH }}
KEYCHAIN_PW: ${{ inputs.KEYCHAIN_PW }}
shell: bash
run: |
CERTIFICATE_PATH=$RUNNER_TEMP/build_certificate.p12
KEYCHAIN_PATH=$RUNNER_TEMP/app-signing.keychain-db
echo -n "$P12" | base64 --decode -o $CERTIFICATE_PATH
security create-keychain -p "$KEYCHAIN_PW" $KEYCHAIN_PATH
security set-keychain-settings -lut 21600 $KEYCHAIN_PATH
security unlock-keychain -p "$KEYCHAIN_PW" $KEYCHAIN_PATH
security import "$CERTIFICATE_PATH" -P "$P12_PW" -A -t cert -f pkcs12 -k "$KEYCHAIN_PATH"
security list-keychain -d user -s $KEYCHAIN_PATH
security unlock-keychain -p "$KEYCHAIN_PW" "$KEYCHAIN_PATH"
security list-keychain -d user -s "$KEYCHAIN_PATH"
- name: Include the dependencies in the app bundle
env:
DEV_ID: ${{ inputs.DEV_ID }}
shell: bash
run: find build -name "DB Browser for SQL*.app" -exec /usr/local/opt/qt@5/bin/macdeployqt {} -sign-for-notarization="$DEV_ID" \;
run: find build -name "DB Browser for SQL*.app" -exec /opt/homebrew/opt/db4subqt@5/bin/macdeployqt {} -sign-for-notarization="$DEV_ID" \;

- name: Add the extension to the app bundle
shell: bash
run: |
for TARGET in $(find build -name "DB Browser for SQL*.app" | sed -e 's/ /_/g'); do
TARGET=$(echo $TARGET | sed -e 's/_/ /g')
mkdir "$TARGET/Contents/Extensions"
clang -I /usr/local/opt/sqlitefts5/include -L /usr/local/opt/sqlitefts5/lib -fno-common -dynamiclib src/extensions/extension-formats.c -o "$TARGET/Contents/Extensions/formats.dylib"
clang -I /usr/local/opt/sqlitefts5/include -L /usr/local/opt/sqlitefts5/lib -fno-common -dynamiclib src/extensions/extension-functions.c -o "$TARGET/Contents/Extensions/math.dylib"
clang -I /opt/homebrew/opt/db4subsqlitefts@5/include -L /opt/homebrew/opt/db4subsqlitefts@5/lib -fno-common -dynamiclib src/extensions/extension-formats.c -o "$TARGET/Contents/Extensions/formats.dylib"
clang -I /opt/homebrew/opt/db4subsqlitefts@5/include -L /opt/homebrew/opt/db4subsqlitefts@5/lib -fno-common -dynamiclib src/extensions/extension-functions.c -o "$TARGET/Contents/Extensions/math.dylib"
if [ -f "$TARGET/Contents/Extensions/formats.dylib" ]; then
install_name_tool -id "@executable_path/../Extensions/formats.dylib" "$TARGET/Contents/Extensions/formats.dylib"
Expand All @@ -69,7 +56,7 @@ runs:
curl -L -o src/extensions/fileio.c 'https://sqlite.org/src/raw?filename=ext/misc/fileio.c&ci=trunk'
curl -L -o src/extensions/test_windirect.c 'https://sqlite.org/src/raw?filename=src/test_windirent.c&ci=trunk'
curl -L -o src/extensions/test_windirect.h 'https://sqlite.org/src/raw?filename=src/test_windirent.h&ci=trunk'
clang -I /usr/local/opt/sqlitfts5/include -L /usr/local/opt/sqlitefts5/lib -fno-common -dynamiclib src/extensions/fileio.c src/extensions/test_windirect.c -o "$TARGET/Contents/Extensions/fileio.dylib"
clang -I /opt/homebrew/opt/db4subsqlitefts@5/include -L /opt/homebrew/opt/db4subsqlitefts@5/lib -fno-common -dynamiclib src/extensions/fileio.c src/extensions/test_windirect.c -o "$TARGET/Contents/Extensions/fileio.dylib"
if [ -f "$TARGET/Contents/Extensions/fileio.dylib" ]; then
install_name_tool -id "@executable_path/../Extensions/fileio.dylib" "$TARGET/Contents/Extensions/fileio.dylib"
Expand All @@ -93,11 +80,11 @@ runs:
TARGET=$(echo $TARGET | sed -e 's/_/ /g')
mkdir "$TARGET/Contents/translations"
for i in ar cs de en es fr it ko pl pt pt_BR ru uk zh_CN zh_TW; do
find /usr/local/opt/qt@5/translations -name "qt_${i}.qm" 2> /dev/null -exec cp -v {} "$TARGET/Contents/translations/" \;
find /usr/local/opt/qt@5/translations -name "qtbase_${i}.qm" 2> /dev/null -exec cp -v {} "$TARGET/Contents/translations/" \;
find /usr/local/opt/qt@5/translations -name "qtmultimedia_${i}.qm" 2> /dev/null -exec cp -v {} "$TARGET/Contents/translations/" \;
find /usr/local/opt/qt@5/translations -name "qtscript_${i}.qm" 2> /dev/null -exec cp -v {} "$TARGET/Contents/translations/" \;
find /usr/local/opt/qt@5/translations -name "qtxmlpatterns_${i}.qm" 2> /dev/null -exec cp -v {} "$TARGET/Contents/translations/" \;
find /opt/homebrew/opt/db4subqt@5/translations -name "qt_${i}.qm" 2> /dev/null -exec cp -v {} "$TARGET/Contents/translations/" \;
find /opt/homebrew/opt/db4subqt@5/translations -name "qtbase_${i}.qm" 2> /dev/null -exec cp -v {} "$TARGET/Contents/translations/" \;
find /opt/homebrew/opt/db4subqt@5/translations -name "qtmultimedia_${i}.qm" 2> /dev/null -exec cp -v {} "$TARGET/Contents/translations/" \;
find /opt/homebrew/opt/db4subqt@5/translations -name "qtscript_${i}.qm" 2> /dev/null -exec cp -v {} "$TARGET/Contents/translations/" \;
find /opt/homebrew/opt/db4subqt@5/translations -name "qtxmlpatterns_${i}.qm" 2> /dev/null -exec cp -v {} "$TARGET/Contents/translations/" \;
done
done
Expand Down Expand Up @@ -164,9 +151,4 @@ runs:
for TARGET in $(find . -name "DB Browser for SQL*.dmg" | sed -e 's/ /_/g'); do
TARGET=$(echo $TARGET | sed -e 's/_/ /g')
xcrun stapler staple "$TARGET"
done
- name: Clear keychain
if: always()
shell: bash
run: security delete-keychain $RUNNER_TEMP/app-signing.keychain-db
done
135 changes: 55 additions & 80 deletions .github/workflows/build-macos.yml
View file
Original file line number Diff line number Diff line change
@@ -1,93 +1,68 @@
name: Build - macOS

on:
workflow_call:
workflow_dispatch:
schedule:
- cron: '0 0 * * *' # Every day at midnight (UTC)
workflow_call:
workflow_dispatch:

permissions:
contents: write
contents: write

jobs:
build:
name: ${{ matrix.os }} - SQLCipher ${{ matrix.sqlcipher }}
runs-on: ${{ matrix.os }}
strategy:
fail-fast: true
matrix:
os: [macos-12]
sqlcipher: ["0", "1"]
steps:
- name: Checkout
uses: actions/checkout@v3
build:
name: ${{ matrix.os }} - SQLCipher ${{ matrix.sqlcipher }}
runs-on: ${{ matrix.os }}
strategy:
fail-fast: true
matrix:
os: [macos-13-runner]
sqlcipher: ["0", "1"]
steps:
- name: Checkout
uses: actions/checkout@v3

- name: Cache Homebrew and NPM
id: cache-homebrew-npm
uses: actions/cache@v3
with:
path: |
~/.npm
/usr/local/bin
/usr/local/Cellar
/usr/local/Frameworks
/usr/local/Homebrew
/usr/local/opt
key: ${{ runner.os }}-homebrew
- name: Configure build
run: |
if [ "${{ matrix.sqlcipher }}" = "1" ]; then
sed -i "" 's/"DB Browser for SQLite"/"DB Browser for SQLCipher-dev-'$(git rev-parse --short --verify HEAD)'"/' CMakeLists.txt
else
sed -i "" 's/"DB Browser for SQLite"/"DB Browser for SQLite-dev-'$(git rev-parse --short --verify HEAD)'"/' CMakeLists.txt
fi
mkdir build && cd build
cmake -G Ninja -DCMAKE_OSX_ARCHITECTURES="arm64;x86_64" -DcustomTap=1 -Dsqlcipher=${{ matrix.sqlcipher }} ..
- if: steps.cache-homebrew-npm.outputs.cache-hit == 'true'
name: Link appdmg, SQLCipher and SQLite
run: |
brew link --force sqlcipherdb4s
brew link --force sqlitefts5
npm install -g appdmg
- name: Build
working-directory: ./build
run: ninja

- if: steps.cache-homebrew-npm.outputs.cache-hit != 'true'
name: Install dependencies
run: |
# Avoid Homebrew return non-zero exit code
unset HOMEBREW_NO_INSTALL_FROM_API; brew untap homebrew/core; brew untap homebrew/cask; brew update
brew tap sqlitebrowser/sqlite3; brew install node qt@5 sqlcipherdb4s sqlitefts5
npm install -g appdmg
- name: Build Extension
run: |
clang -I /opt/homebrew/opt/db4subsqlitefts@5/include -L /opt/homebrew/opt/db4subsqlitefts@5/lib -fno-common -dynamiclib src/extensions/extension-formats.c
clang -I /opt/homebrew/opt/db4subsqlitefts@5/include -L /opt/homebrew/opt/db4subsqlitefts@5/lib -fno-common -dynamiclib src/extensions/extension-functions.c
curl -L -o src/extensions/fileio.c 'https://sqlite.org/src/raw?filename=ext/misc/fileio.c&ci=trunk'
curl -L -o src/extensions/test_windirect.c 'https://sqlite.org/src/raw?filename=src/test_windirent.c&ci=trunk'
curl -L -o src/extensions/test_windirect.h 'https://sqlite.org/src/raw?filename=src/test_windirent.h&ci=trunk'
clang -I /opt/homebrew/opt/db4subsqlitefts@5/include -L /opt/homebrew/opt/db4subsqlitefts@5/lib -fno-common -dynamiclib src/extensions/fileio.c src/extensions/test_windirect.c
- name: Configure build
run: |
if [ "${{ matrix.sqlcipher }}" = "1" ]; then
sed -i "" 's/"DB Browser for SQLite"/"DB Browser for SQLCipher-dev-'$(git rev-parse --short --verify HEAD)'"/' CMakeLists.txt
else
sed -i "" 's/"DB Browser for SQLite"/"DB Browser for SQLite-dev-'$(git rev-parse --short --verify HEAD)'"/' CMakeLists.txt
fi
mkdir build && cd build
cmake -DCMAKE_PREFIX_PATH=/usr/local/opt/qt@5 -Dsqlcipher=${{ matrix.sqlcipher }} ..
- if: github.event_name != 'pull_request'
name: Notarize the app
uses: ./.github/actions/notarize-macos
with:
APPLE_ID: ${{ secrets.MACOS_CODESIGN_APPLE_ID }}
APPLE_PW: ${{ secrets.MACOS_CODESIGN_APPLE_PW }}
DEV_ID: ${{ secrets.MACOS_CODESIGN_DEV_ID }}
KEYCHAIN_PATH: ${{ secrets.MACOS_CODESIGN_KEYCHAIN_PATH }}
KEYCHAIN_PW: ${{ secrets.MACOS_CODESIGN_KEYCHAIN_PW }}
SQLCIPHER: ${{ matrix.sqlcipher }}
TEAM_ID: ${{ secrets.MACOS_CODESIGN_TEAM_ID }}

- name: Build
working-directory: ./build
run: make -j3
- if: github.event_name != 'pull_request' && github.event_name != 'schedule'
name: Release (Continuous)
uses: softprops/action-gh-release@v1
with:
files: DB\ Browser\ for\ *.dmg
prerelease: true
tag_name: continuous

- name: Build extensions
run: |
clang -I /usr/local/opt/sqlitefts5/include -L /usr/local/opt/sqlitefts5/lib -fno-common -dynamiclib src/extensions/extension-formats.c
clang -I /usr/local/opt/sqlitefts5/include -L /usr/local/opt/sqlitefts5/lib -fno-common -dynamiclib src/extensions/extension-functions.c
curl -L -o src/extensions/fileio.c 'https://sqlite.org/src/raw?filename=ext/misc/fileio.c&ci=trunk'
curl -L -o src/extensions/test_windirect.c 'https://sqlite.org/src/raw?filename=src/test_windirent.c&ci=trunk'
curl -L -o src/extensions/test_windirect.h 'https://sqlite.org/src/raw?filename=src/test_windirent.h&ci=trunk'
clang -I /usr/local/opt/sqlitfts5/include -L /usr/local/opt/sqlitefts5/lib -fno-common -dynamiclib src/extensions/fileio.c src/extensions/test_windirect.c
- if: github.event_name != 'pull_request'
name: Notarize the app
uses: ./.github/actions/notarize-macos
with:
APPLE_ID: ${{ secrets.MACOS_CODESIGN_APPLE_ID }}
APPLE_PW: ${{ secrets.MACOS_CODESIGN_APPLE_PW }}
DEV_ID: ${{ secrets.MACOS_CODESIGN_DEV_ID }}
P12: ${{ secrets.MACOS_CODESIGN_P12 }}
P12_PW: ${{ secrets.MACOS_CODESIGN_P12_PW }}
KEYCHAIN_PW: ${{ secrets.MACOS_CODESIGN_KEYCHAIN_PW }}
SQLCIPHER: ${{ matrix.sqlcipher }}
TEAM_ID: ${{ secrets.MACOS_CODESIGN_TEAM_ID }}

- if: github.event_name != 'pull_request'
name: Release
uses: softprops/action-gh-release@v1
with:
files: DB\ Browser\ for\ *.dmg
prerelease: true
tag_name: continuous
# TODO: - if: github.event_name == 'schedule'

0 comments on commit 07a9f95

Please sign in to comment.