From 39236a9b66842293a56cd670f95afd9be456feea Mon Sep 17 00:00:00 2001 From: Nikhil Narayana Date: Mon, 21 Aug 2023 15:17:03 -0700 Subject: [PATCH] ci: fix codesigning on windows and disable on macOS and other small adjustments --- .github/workflows/main.yml | 80 ++++++++++++++--------------------- .github/workflows/release.yml | 6 +-- 2 files changed, 35 insertions(+), 51 deletions(-) diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index 83502e2e47..989eb756bc 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -58,7 +58,6 @@ jobs: rustflags: "" # Disable default injection of warnings = errors. - name: 'Fetch Git Tags' shell: bash - if: success() run: | git fetch --prune --unshallow echo "GIT_BRANCH=$(git rev-parse --abbrev-ref HEAD)" >> $GITHUB_ENV @@ -85,11 +84,13 @@ jobs: Xcopy /Y /E /I .\Data\PlaybackGeckoCodes\* .\Binary\x64\Sys\GameSettings\ - name: "Codesign ${{ matrix.build_type}} Dolphin" working-directory: ${{ github.workspace }} + env: + CERTIFICATE_WINDOWS_APPLICATION: ${{ secrets.CERTIFICATE_WINDOWS_APPLICATION }} if: env.CERTIFICATE_WINDOWS_APPLICATION != null run: | - echo ${{ secrets.CERTIFICATE_WINDOWS_APPLICATION }} > slippi_llc.b64 + echo "${{ secrets.CERTIFICATE_WINDOWS_APPLICATION }}" > slippi_llc.b64 certutil -decode slippi_llc.b64 slippi_llc.p12 - signtool sign /f slippi_llc.p12 /p ${{ secrets.CERTIFICATE_WINDOWS_PASSWORD }} /fd SHA256 /tr http://ts.ssl.com /td SHA256 "Binary\x64\Slippi_Dolphin.exe" + signtool sign /f slippi_llc.p12 /p "${{ secrets.CERTIFICATE_WINDOWS_PASSWORD }}" /fd SHA256 /tr http://ts.ssl.com /td SHA256 "Binary\x64\Slippi_Dolphin.exe" - name: Package Artifact working-directory: ${{ github.workspace }} run: | @@ -101,7 +102,6 @@ jobs: 7z a $FILE_NAME .\* move $FILE_NAME ..\..\artifact\ - name: "Publish" - if: success() uses: actions/upload-artifact@v3 with: name: ${{ matrix.artifact_name }} @@ -115,10 +115,10 @@ jobs: build_type: [Netplay, Playback] include: - build_type: Netplay - artifact_name: linux-netplay + artifact_name: mainline-linux-netplay build_config: netplay - build_type: Playback - artifact_name: linux-playback + artifact_name: mainline-linux-playback build_config: playback name: "Linux ${{ matrix.build_type }}" runs-on: ubuntu-22.04 @@ -137,7 +137,6 @@ jobs: toolchain: ${{ steps.rust_ver.outputs.rust_ver }} # Pin to our specific Rust version. rustflags: "" # Disable default injection of warnings = errors. - name: 'Fetch Git Tags' - if: success() run: | git fetch --prune --unshallow echo "GIT_BRANCH=$(git rev-parse --abbrev-ref HEAD)" >> $GITHUB_ENV @@ -145,7 +144,6 @@ jobs: echo "GIT_TAG=$(git describe --tags --abbrev=0)" >> $GITHUB_ENV echo "CURR_DATE=$(date +%Y-%m-%d)" >> $GITHUB_ENV - name: "Install prerequisites" - if: success() shell: bash run: | sudo dpkg --add-architecture amd64 @@ -188,17 +186,14 @@ jobs: x11proto-xinerama-dev \ libfuse2 - name: "Build ${{ matrix.build_type }} Dolphin" - if: success() working-directory: ${{ github.workspace }} run: | chmod +x ./build-linux.sh && ./build-linux.sh ${{ matrix.build_config }} - name: "Build ${{ matrix.build_type }} AppImage" - if: success() working-directory: ${{ github.workspace }} run: | chmod +x ./build-appimage.sh && ./build-appimage.sh ${{ matrix.build_config }} - name: "Package" - if: success() working-directory: ${{ github.workspace }} run: | mkdir artifact @@ -211,7 +206,6 @@ jobs: popd mv "${FILE_NAME}" ./artifact/ - name: "Publish" - if: success() uses: actions/upload-artifact@v3 with: name: ${{ matrix.artifact_name }} @@ -225,10 +219,10 @@ jobs: build_type: [Netplay, Playback] include: - build_type: Netplay - artifact_name: macOS-netplay + artifact_name: mainline-macOS-netplay build_config: netplay - build_type: Playback - artifact_name: macOS-playback + artifact_name: mainline-macOS-playback build_config: playback name: "macOS ${{ matrix.build_type }}" runs-on: macos-11 @@ -247,7 +241,6 @@ jobs: toolchain: ${{ steps.rust_ver.outputs.rust_ver }} # Pin to our specific Rust version. rustflags: "" # Disable default injection of warnings = errors. - name: 'Fetch Git Tags' - if: success() run: | git fetch --prune --unshallow echo "GIT_BRANCH=$(git rev-parse --abbrev-ref HEAD)" >> $GITHUB_ENV @@ -255,7 +248,6 @@ jobs: echo "GIT_TAG=$(git describe --tags --abbrev=0)" >> $GITHUB_ENV echo "CURR_DATE=$(date +%Y-%m-%d)" >> $GITHUB_ENV - name: "Download and Install prerequisites" - if: success() shell: bash run: | rm '/usr/local/bin/2to3' || true @@ -270,7 +262,6 @@ jobs: hidapi \ qt@6 - name: "Build ${{ matrix.build_type }} Dolphin" - if: success() shell: bash working-directory: ${{ github.workspace }} env: @@ -281,28 +272,22 @@ jobs: mkdir artifact FILE_NAME=${{ env.CURR_DATE }}-${{ env.GIT_HASH }}-${{ env.GIT_TAG }}-${{ matrix.artifact_name }} echo "FILE_NAME=$FILE_NAME" >> $GITHUB_ENV - - name: "Codesign ${{ matrix.build_type}} Dolphin" - if: success() && env.CERTIFICATE_MACOS_APPLICATION != null + # - name: "Codesign ${{ matrix.build_type}} Dolphin" + # if: env.CERTIFICATE_MACOS_APPLICATION != null + # shell: bash + # working-directory: ${{ github.workspace }} + # env: + # CERTIFICATE_MACOS_APPLICATION: ${{ secrets.CERTIFICATE_MACOS_APPLICATION }} + # CERTIFICATE_MACOS_PASSWORD: ${{ secrets.CERTIFICATE_MACOS_PASSWORD }} + # run: | + # chmod +x Tools/load-macos-certs-ci.sh && ./Tools/load-macos-certs-ci.sh + # mkdir -p ~/private_keys/ + # echo '${{ secrets.APPLE_CONNECT_API_KEY }}' > ~/private_keys/AuthKey_${{ secrets.APPLE_API_KEY_ID }}.p8 + # /usr/bin/codesign -f -s "${{ secrets.APPLE_IDENTITY_HASH }}" --deep --options runtime --entitlements Source\Core\DolphinQt\DolphinEmu.entitlements ./build/Binaries/Slippi_Dolphin.app + - name: "Package DMG" shell: bash working-directory: ${{ github.workspace }} - env: - CERTIFICATE_MACOS_APPLICATION: ${{ secrets.CERTIFICATE_MACOS_APPLICATION }} - CERTIFICATE_MACOS_PASSWORD: ${{ secrets.CERTIFICATE_MACOS_PASSWORD }} run: | - chmod +x Tools/load-macos-certs-ci.sh && ./Tools/load-macos-certs-ci.sh - mkdir -p ~/private_keys/ - echo '${{ secrets.APPLE_CONNECT_API_KEY }}' > ~/private_keys/AuthKey_${{ secrets.APPLE_API_KEY_ID }}.p8 - /usr/bin/codesign -f -s "${{ secrets.APPLE_IDENTITY_HASH }}" --deep --options runtime --entitlements Source\Core\DolphinQt\DolphinEmu.entitlements ./build/Binaries/Slippi_Dolphin.app - - name: "Package, Sign and Notarize Netplay Release DMG" - if: success() && env.CERTIFICATE_MACOS_APPLICATION != null - shell: bash - working-directory: ${{ github.workspace }} - env: - APPLE_API_KEY: ${{ secrets.APPLE_API_KEY_ID }} - APPLE_ISSUER_ID: ${{ secrets.APPLE_ISSUER_ID }} - CERTIFICATE_MACOS_APPLICATION: ${{ secrets.CERTIFICATE_MACOS_APPLICATION }} - run: | - rm build/Binaries/traversal_server chmod +x Tools/create-dmg/run.sh ./Tools/create-dmg/run.sh --no-internet-enable \ --volname "Slippi Dolphin Beta Installer" \ @@ -318,19 +303,18 @@ jobs: "${{ env.FILE_NAME }}.dmg" \ "./build/Binaries/" mv "${{ env.FILE_NAME }}.dmg" artifact/ - - name: "Sign and Notarize ${{ matrix.build_type }} Release DMG" - if: success() && env.CERTIFICATE_MACOS_APPLICATION != null - shell: bash - working-directory: ${{ github.workspace }} - env: - APPLE_API_KEY: ${{ secrets.APPLE_API_KEY_ID }} - APPLE_ISSUER_ID: ${{ secrets.APPLE_ISSUER_ID }} - CERTIFICATE_MACOS_APPLICATION: ${{ secrets.CERTIFICATE_MACOS_APPLICATION }} - run: | - /usr/bin/codesign -f -s "${{ secrets.APPLE_IDENTITY_HASH }}" --deep --options runtime ./artifact/${{ env.FILE_NAME }}.dmg - chmod +x Tools/notarize_netplay.sh && ./Tools/notarize_netplay.sh ./artifact/${{ env.FILE_NAME }}.dmg + # - name: "Sign and Notarize ${{ matrix.build_type }} Release DMG" + # if: env.CERTIFICATE_MACOS_APPLICATION != null + # shell: bash + # working-directory: ${{ github.workspace }} + # env: + # APPLE_API_KEY: ${{ secrets.APPLE_API_KEY_ID }} + # APPLE_ISSUER_ID: ${{ secrets.APPLE_ISSUER_ID }} + # CERTIFICATE_MACOS_APPLICATION: ${{ secrets.CERTIFICATE_MACOS_APPLICATION }} + # run: | + # /usr/bin/codesign -f -s "${{ secrets.APPLE_IDENTITY_HASH }}" --deep --options runtime ./artifact/${{ env.FILE_NAME }}.dmg + # chmod +x Tools/notarize_netplay.sh && ./Tools/notarize_netplay.sh ./artifact/${{ env.FILE_NAME }}.dmg - name: "Publish" - if: success() uses: actions/upload-artifact@v3 with: name: ${{ matrix.artifact_name }} diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index eb3e5f2d7b..7bc2d90088 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -23,9 +23,9 @@ jobs: rm -rf *playback* find ./ -mindepth 2 -type f -exec mv -t ./ -i '{}' + find . -type d -empty -delete - unzip *linux* && rm -rf Sys && mv *linux* "FM-Slippi-${{ env.VERSION }}-Linux.zip" - mv *.dmg "FM-Slippi-${{ env.VERSION }}-Mac.dmg" - mv *windows* "FM-Slippi-${{ env.VERSION }}-Win.zip" + unzip *linux* && rm -rf Sys && mv *linux* "Mainline-Slippi-${{ env.VERSION }}-Linux.zip" + mv *.dmg "Mainline-Slippi-${{ env.VERSION }}-Mac.dmg" + mv *windows* "Mainline-Slippi-${{ env.VERSION }}-Win.zip" - name: Upload binaries to release uses: svenstaro/upload-release-action@v2 with: