Fixup both Mac build scripts #309
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: CMake Self-Hosted | |
on: [push, pull_request, workflow_dispatch] | |
env: | |
# this is different from MACOSX_DEPLOYMENT_TARGET to prevent build problems | |
# we set MACOSX_DEPLOYMENT_TARGET later | |
MACOS_TARGET: 10.12 | |
FEATURES: -DUSE_VTK=ON -DBUILD_GPL_PLUGINS=ON -DWITH_COORDGEN=OFF -DUSE_3DCONNEXION=ON | |
jobs: | |
build: | |
name: ${{ matrix.config.name }} | |
runs-on: ${{ matrix.config.os }} | |
strategy: | |
fail-fast: false | |
matrix: | |
config: | |
- { | |
name: "macOS ARM", artifact: "macOS-arm64.dmg", | |
os: [self-hosted, macOS], | |
cc: "clang", cxx: "clang++", | |
build_type: "Release", | |
cmake_flags: "-G Ninja -DCMAKE_PREFIX_PATH=/opt/homebrew/Cellar/qt@5/5.15.5_1/lib/cmake/Qt5", | |
cpack_flags: "-G DragNDrop", | |
} | |
steps: | |
- name: Install Dependencies (macOS) | |
if: runner.os == 'macOS' | |
run: | | |
if uname -p | grep -q "arm" ; then | |
export PATH=/opt/homebrew/bin:$PATH | |
else # not self-hosted runner | |
brew install ninja eigen glew | |
fi | |
- name: Checkout openchemistry | |
uses: actions/checkout@v4 | |
with: | |
repository: openchemistry/openchemistry | |
submodules: recursive | |
- name: Checkout avogadroapp | |
uses: actions/checkout@v4 | |
with: | |
repository: openchemistry/avogadroapp | |
path: avogadroapp | |
- name: Checkout molecules | |
uses: actions/checkout@v4 | |
with: | |
repository: openchemistry/molecules | |
path: molecules | |
- name: Checkout avogadrolibs | |
uses: actions/checkout@v4 | |
with: | |
path: avogadrolibs | |
- name: Checkout i18n | |
uses: actions/checkout@v4 | |
with: | |
repository: openchemistry/avogadro-i18n | |
path: avogadro-i18n | |
- name: Configure | |
run: | | |
if [ ! -d "${{ runner.workspace }}/build" ]; then mkdir "${{ runner.workspace }}/build"; fi | |
cd "${{ runner.workspace }}/build" | |
echo "MACOSX_DEPLOYMENT_TARGET=${{ env.MACOS_TARGET }}" >> $GITHUB_ENV | |
CC=${{matrix.config.cc}} CXX=${{matrix.config.cxx}} cmake $GITHUB_WORKSPACE ${{env.FEATURES}} -DCMAKE_BUILD_TYPE=${{matrix.config.build_type}} ${{matrix.config.cmake_flags}} | |
shell: bash | |
- name: Build | |
run: | | |
CC=${{matrix.config.cc}} CXX=${{matrix.config.cxx}} cmake --build . --config ${{matrix.config.build_type}} ${{matrix.config.build_flags}} | |
shell: bash | |
working-directory: ${{ runner.workspace }}/build | |
- name: Fix Mac plugins | |
if: runner.os == 'macOS' | |
working-directory: ${{ runner.workspace }}/build/prefix/lib/openbabel | |
run: | | |
for plugin in *.so; do | |
for libpath in `otool -L ${plugin} | grep '/Users/runner/work' | awk '{print $1}'`; do | |
export lib=`echo $libpath | cut -d '/' -f 9`; | |
echo "Fixing $plugin $lib $libpath" | |
install_name_tool -change $libpath @executable_path/../Frameworks/$lib $plugin | |
done | |
done | |
cd .. # build/prefix/lib | |
for plugin in libinchi.?.?.?.dylib; do | |
for libpath in `otool -L ${plugin} | grep '/Users/runner/work' | awk '{print $1}'`; do | |
export lib=`echo $libpath | cut -d '/' -f 9`; | |
echo "Fixing $plugin $lib $libpath" | |
install_name_tool -change $libpath @executable_path/../Frameworks/$lib $plugin | |
done | |
done | |
otool -L libinchi.?.?.?.dylib | |
cp -p libinchi* ../Avogadro2.app/Contents/Frameworks/ | |
- name: Install the Apple certificate | |
# From GitHub docs: https://docs.github.com/en/actions/guides/installing-an-apple-certificate-on-macos-runners-for-xcode-development | |
if: runner.os == 'macOS' | |
working-directory: ${{ runner.workspace }}/build | |
env: | |
BUILD_CERTIFICATE_BASE64: ${{ secrets.BUILD_CERTIFICATE_BASE64 }} | |
P12_PASSWORD: ${{ secrets.P12_PASSWORD }} | |
KEYCHAIN_PASSWORD: ${{ secrets.KEYCHAIN_PASSWORD }} | |
NOTARIZE_USERNAME: ${{ secrets.AC_USERNAME }} | |
NOTARIZE_PASSWORD: ${{ secrets.AC_PASSWORD }} | |
CODESIGN_IDENTITY: ${{ secrets.CODESIGN_ID }} | |
PRODUCT_BUNDLE_IDENTIFIER: cc.avogadro | |
run: | | |
# create variables | |
if [ -n "${P12_PASSWORD}" ]; then | |
CERTIFICATE_PATH=$RUNNER_TEMP/build_certificate.p12 | |
KEYCHAIN_PATH=$RUNNER_TEMP/app-signing.keychain-db | |
# import certificate and provisioning profile from secrets | |
echo -n "$BUILD_CERTIFICATE_BASE64" | base64 --decode -o $CERTIFICATE_PATH | |
# create temporary keychain if the cert is non-zero | |
if [ -s $CERTIFICATE_PATH ]; then | |
security create-keychain -p "$KEYCHAIN_PASSWORD" $KEYCHAIN_PATH | |
security set-keychain-settings -lut 21600 $KEYCHAIN_PATH | |
security unlock-keychain -p "$KEYCHAIN_PASSWORD" $KEYCHAIN_PATH | |
# import certificate to keychain | |
security import $CERTIFICATE_PATH -P "$P12_PASSWORD" -A -t cert -f pkcs12 -k $KEYCHAIN_PATH | |
security list-keychain -d user -s $KEYCHAIN_PATH | |
# signing occurs via avogadroapp cpack instructions | |
fi # certificate exists | |
fi # password exists | |
- name: Build and Notarize Mac DMG | |
if: runner.os == 'macOS' | |
run: | | |
# check current directory (failing signing) | |
echo `pwd` | |
ls -ld | |
# if possible, sign the app | |
if [ -n "${NOTARIZE_PASSWORD}" ] && [ -n "${NOTARIZE_USERNAME}" ]; then | |
cd prefix | |
codesign --force --deep -s "$CODESIGN_IDENTITY" --timestamp Avogadro2.app | |
ditto -c -k --keepParent Avogadro2.app Avogadro2.zip | |
xcrun notarytool submit Avogadro2.zip --apple-id "$NOTARIZE_USERNAME" --team-id "$NOTARIZE_TEAM" --password "$NOTARIZE_PASSWORD" --verbose --wait | |
xcrun stapler staple -v Avogadro2.app | |
cd .. | |
fi | |
# get the tag or the current date | |
VERSION="" | |
echo ${GITHUB_REF} | |
echo ${GITHUB_REF#refs/*/} | |
# [[ "${GITHUB_REF#refs/*/}" != "merge" ]] && VERSION="${GITHUB_REF#refs/*/}" || VERSION=`date -j "+%d-%m-%y"` | |
VERSION=`date -j "+%d-%m-%y"` | |
# build DMG | |
brew install create-dmg | |
VOL="Avogadro2-$VERSION" | |
DMG="Avogadro2-$VERSION.dmg" | |
echo "VOL: $VOL" | |
create-dmg --volname ${VOL} --icon-size 64 --icon "Avogadro2.app" 10 50 --app-drop-link 180 50 --hide-extension Avogadro2.app --window-size 300 50 --window-pos 200 200 --format UDBZ ${DMG} prefix/Avogadro2.app | |
# check if we have the password and the username | |
if [ -n "${NOTARIZE_PASSWORD}" ] && [ -n "${NOTARIZE_USERNAME}" ]; then | |
codesign -s "$CODESIGN_IDENTITY" --timestamp Avogadro2*.dmg | |
xcrun notarytool submit Avogadro2*.dmg --apple-id "$NOTARIZE_USERNAME" --team-id "$NOTARIZE_TEAM" --password "$NOTARIZE_PASSWORD" --verbose --wait | |
xcrun stapler staple -v Avogadro2*.dmg | |
fi | |
mkdir avogadroapp | |
# move it for upload | |
mv Avogadro2*.dmg avogadroapp | |
working-directory: ${{ runner.workspace }}/build | |
env: | |
NOTARIZE_TEAM: ${{ secrets.AC_TEAM }} | |
NOTARIZE_USERNAME: ${{ secrets.AC_USERNAME }} | |
NOTARIZE_PASSWORD: ${{ secrets.AC_PASSWORD }} | |
CODESIGN_IDENTITY: ${{ secrets.CODESIGN_ID }} | |
continue-on-error: true | |
- name: Upload | |
if: matrix.config.artifact != 0 | |
uses: actions/upload-artifact@v3 | |
with: | |
path: ${{ runner.workspace }}/build/avogadroapp/Avogadro2*.* | |
name: ${{ matrix.config.artifact }} | |
- name: Cleanup | |
if: ${{ always() }} # To ensure this step runs even when earlier steps fail | |
shell: bash | |
run: | | |
ls -la ./ | |
rm -rf ./* || true | |
rm -rf ./.??* || true | |
ls -la ./ |