Skip to content

Commit

Permalink
ci: fix codesigning on windows and disable on macOS
Browse files Browse the repository at this point in the history
  • Loading branch information
@NikhilNarayana
NikhilNarayana committed Aug 21, 2023
1 parent ef74cd6 commit 6034206
Showing 1 changed file with 28 additions and 44 deletions.
72 changes: 28 additions & 44 deletions .github/workflows/main.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -58,7 +58,6 @@ jobs:
rustflags: "" # Disable default injection of warnings = errors.
- name: 'Fetch Git Tags'
shell: bash
if: success()
run: |
git fetch --prune --unshallow
echo "GIT_BRANCH=$(git rev-parse --abbrev-ref HEAD)" >> $GITHUB_ENV
Expand All @@ -85,11 +84,13 @@ jobs:
Xcopy /Y /E /I .\Data\PlaybackGeckoCodes\* .\Binary\x64\Sys\GameSettings\
- name: "Codesign ${{ matrix.build_type}} Dolphin"
working-directory: ${{ github.workspace }}
env:
CERTIFICATE_WINDOWS_APPLICATION: ${{ secrets.CERTIFICATE_WINDOWS_APPLICATION }}
if: env.CERTIFICATE_WINDOWS_APPLICATION != null
run: |
echo ${{ secrets.CERTIFICATE_WINDOWS_APPLICATION }} > slippi_llc.b64
echo "${{ secrets.CERTIFICATE_WINDOWS_APPLICATION }}" > slippi_llc.b64
certutil -decode slippi_llc.b64 slippi_llc.p12
signtool sign /f slippi_llc.p12 /p ${{ secrets.CERTIFICATE_WINDOWS_PASSWORD }} /fd SHA256 /tr http://ts.ssl.com /td SHA256 "Binary\x64\Slippi_Dolphin.exe"
signtool sign /f slippi_llc.p12 /p "${{ secrets.CERTIFICATE_WINDOWS_PASSWORD }}" /fd SHA256 /tr http://ts.ssl.com /td SHA256 "Binary\x64\Slippi_Dolphin.exe"
- name: Package Artifact
working-directory: ${{ github.workspace }}
run: |
Expand All @@ -101,7 +102,6 @@ jobs:
7z a $FILE_NAME .\*
move $FILE_NAME ..\..\artifact\
- name: "Publish"
if: success()
uses: actions/upload-artifact@v3
with:
name: ${{ matrix.artifact_name }}
Expand Down Expand Up @@ -137,15 +137,13 @@ jobs:
toolchain: ${{ steps.rust_ver.outputs.rust_ver }} # Pin to our specific Rust version.
rustflags: "" # Disable default injection of warnings = errors.
- name: 'Fetch Git Tags'
if: success()
run: |
git fetch --prune --unshallow
echo "GIT_BRANCH=$(git rev-parse --abbrev-ref HEAD)" >> $GITHUB_ENV
echo "GIT_HASH=$(git rev-parse --short HEAD)" >> $GITHUB_ENV
echo "GIT_TAG=$(git describe --tags --abbrev=0)" >> $GITHUB_ENV
echo "CURR_DATE=$(date +%Y-%m-%d)" >> $GITHUB_ENV
- name: "Install prerequisites"
if: success()
shell: bash
run: |
sudo dpkg --add-architecture amd64
Expand Down Expand Up @@ -188,17 +186,14 @@ jobs:
x11proto-xinerama-dev \
libfuse2
- name: "Build ${{ matrix.build_type }} Dolphin"
if: success()
working-directory: ${{ github.workspace }}
run: |
chmod +x ./build-linux.sh && ./build-linux.sh ${{ matrix.build_config }}
- name: "Build ${{ matrix.build_type }} AppImage"
if: success()
working-directory: ${{ github.workspace }}
run: |
chmod +x ./build-appimage.sh && ./build-appimage.sh ${{ matrix.build_config }}
- name: "Package"
if: success()
working-directory: ${{ github.workspace }}
run: |
mkdir artifact
Expand All @@ -211,7 +206,6 @@ jobs:
popd
mv "${FILE_NAME}" ./artifact/
- name: "Publish"
if: success()
uses: actions/upload-artifact@v3
with:
name: ${{ matrix.artifact_name }}
Expand Down Expand Up @@ -247,15 +241,13 @@ jobs:
toolchain: ${{ steps.rust_ver.outputs.rust_ver }} # Pin to our specific Rust version.
rustflags: "" # Disable default injection of warnings = errors.
- name: 'Fetch Git Tags'
if: success()
run: |
git fetch --prune --unshallow
echo "GIT_BRANCH=$(git rev-parse --abbrev-ref HEAD)" >> $GITHUB_ENV
echo "GIT_HASH=$(git rev-parse --short HEAD)" >> $GITHUB_ENV
echo "GIT_TAG=$(git describe --tags --abbrev=0)" >> $GITHUB_ENV
echo "CURR_DATE=$(date +%Y-%m-%d)" >> $GITHUB_ENV
- name: "Download and Install prerequisites"
if: success()
shell: bash
run: |
rm '/usr/local/bin/2to3' || true
Expand All @@ -270,7 +262,6 @@ jobs:
hidapi \
qt@6
- name: "Build ${{ matrix.build_type }} Dolphin"
if: success()
shell: bash
working-directory: ${{ github.workspace }}
env:
Expand All @@ -281,28 +272,22 @@ jobs:
mkdir artifact
FILE_NAME=${{ env.CURR_DATE }}-${{ env.GIT_HASH }}-${{ env.GIT_TAG }}-${{ matrix.artifact_name }}
echo "FILE_NAME=$FILE_NAME" >> $GITHUB_ENV
- name: "Codesign ${{ matrix.build_type}} Dolphin"
if: success() && env.CERTIFICATE_MACOS_APPLICATION != null
shell: bash
working-directory: ${{ github.workspace }}
env:
CERTIFICATE_MACOS_APPLICATION: ${{ secrets.CERTIFICATE_MACOS_APPLICATION }}
CERTIFICATE_MACOS_PASSWORD: ${{ secrets.CERTIFICATE_MACOS_PASSWORD }}
run: |
chmod +x Tools/load-macos-certs-ci.sh && ./Tools/load-macos-certs-ci.sh
mkdir -p ~/private_keys/
echo '${{ secrets.APPLE_CONNECT_API_KEY }}' > ~/private_keys/AuthKey_${{ secrets.APPLE_API_KEY_ID }}.p8
/usr/bin/codesign -f -s "${{ secrets.APPLE_IDENTITY_HASH }}" --deep --options runtime --entitlements Source\Core\DolphinQt\DolphinEmu.entitlements ./build/Binaries/Slippi_Dolphin.app
- name: "Package, Sign and Notarize Netplay Release DMG"
if: success() && env.CERTIFICATE_MACOS_APPLICATION != null
# - name: "Codesign ${{ matrix.build_type}} Dolphin"
# if: env.CERTIFICATE_MACOS_APPLICATION != null
# shell: bash
# working-directory: ${{ github.workspace }}
# env:
# CERTIFICATE_MACOS_APPLICATION: ${{ secrets.CERTIFICATE_MACOS_APPLICATION }}
# CERTIFICATE_MACOS_PASSWORD: ${{ secrets.CERTIFICATE_MACOS_PASSWORD }}
# run: |
# chmod +x Tools/load-macos-certs-ci.sh && ./Tools/load-macos-certs-ci.sh
# mkdir -p ~/private_keys/
# echo '${{ secrets.APPLE_CONNECT_API_KEY }}' > ~/private_keys/AuthKey_${{ secrets.APPLE_API_KEY_ID }}.p8
# /usr/bin/codesign -f -s "${{ secrets.APPLE_IDENTITY_HASH }}" --deep --options runtime --entitlements Source\Core\DolphinQt\DolphinEmu.entitlements ./build/Binaries/Slippi_Dolphin.app
- name: "Package DMG"
shell: bash
working-directory: ${{ github.workspace }}
env:
APPLE_API_KEY: ${{ secrets.APPLE_API_KEY_ID }}
APPLE_ISSUER_ID: ${{ secrets.APPLE_ISSUER_ID }}
CERTIFICATE_MACOS_APPLICATION: ${{ secrets.CERTIFICATE_MACOS_APPLICATION }}
run: |
rm build/Binaries/traversal_server
chmod +x Tools/create-dmg/run.sh
./Tools/create-dmg/run.sh --no-internet-enable \
--volname "Slippi Dolphin Beta Installer" \
Expand All @@ -318,19 +303,18 @@ jobs:
"${{ env.FILE_NAME }}.dmg" \
"./build/Binaries/"
mv "${{ env.FILE_NAME }}.dmg" artifact/
- name: "Sign and Notarize ${{ matrix.build_type }} Release DMG"
if: success() && env.CERTIFICATE_MACOS_APPLICATION != null
shell: bash
working-directory: ${{ github.workspace }}
env:
APPLE_API_KEY: ${{ secrets.APPLE_API_KEY_ID }}
APPLE_ISSUER_ID: ${{ secrets.APPLE_ISSUER_ID }}
CERTIFICATE_MACOS_APPLICATION: ${{ secrets.CERTIFICATE_MACOS_APPLICATION }}
run: |
/usr/bin/codesign -f -s "${{ secrets.APPLE_IDENTITY_HASH }}" --deep --options runtime ./artifact/${{ env.FILE_NAME }}.dmg
chmod +x Tools/notarize_netplay.sh && ./Tools/notarize_netplay.sh ./artifact/${{ env.FILE_NAME }}.dmg
# - name: "Sign and Notarize ${{ matrix.build_type }} Release DMG"
# if: env.CERTIFICATE_MACOS_APPLICATION != null
# shell: bash
# working-directory: ${{ github.workspace }}
# env:
# APPLE_API_KEY: ${{ secrets.APPLE_API_KEY_ID }}
# APPLE_ISSUER_ID: ${{ secrets.APPLE_ISSUER_ID }}
# CERTIFICATE_MACOS_APPLICATION: ${{ secrets.CERTIFICATE_MACOS_APPLICATION }}
# run: |
# /usr/bin/codesign -f -s "${{ secrets.APPLE_IDENTITY_HASH }}" --deep --options runtime ./artifact/${{ env.FILE_NAME }}.dmg
# chmod +x Tools/notarize_netplay.sh && ./Tools/notarize_netplay.sh ./artifact/${{ env.FILE_NAME }}.dmg
- name: "Publish"
if: success()
uses: actions/upload-artifact@v3
with:
name: ${{ matrix.artifact_name }}
Expand Down

0 comments on commit 6034206

Please sign in to comment.