Skip to content

Build stable and nightly bundles #354

Build stable and nightly bundles

Build stable and nightly bundles #354

Workflow file for this run

name: Build stable and nightly bundles
on:
push:
branches:
- '*'
tags:
- '*'
schedule:
- cron: '0 3 * * *'
workflow_dispatch:
pull_request:
jobs:
build_applications:
name: ${{ matrix.os }}
runs-on: ${{ matrix.os }}
strategy:
fail-fast: false
matrix:
os: [macos-14, windows-2019]
steps:
- name: Check glue version to build
shell: bash
run: echo ${GITHUB_REF_NAME}
# osx signing based on https://melatonin.dev/blog/how-to-code-sign-and-notarize-macos-audio-plugins-in-ci/
- name: Import Developer ID Application Certificate
if: ${{ matrix.os == 'macos-14' }}
uses: apple-actions/import-codesign-certs@v1
with:
p12-file-base64: ${{ secrets.DEV_ID_APP_CERT }}
p12-password: ${{ secrets.DEV_ID_APP_PASSWORD }}
keychain-password: ${{ secrets.KEYCHAIN_PASSWORD }}
- name: Import Mac Installer Distribution Certificate
if: ${{ matrix.os == 'macos-14' }}
uses: apple-actions/import-codesign-certs@v1
with:
p12-file-base64: ${{ secrets.MAC_INST_DIST_CERT }}
p12-password: ${{ secrets.MAC_INST_DIST_PASSWORD }}
create-keychain: false
keychain-password: ${{ secrets.KEYCHAIN_PASSWORD }}
- name: Checkout code
uses: actions/checkout@v2
- name: Set up Python 3.11
uses: actions/setup-python@v2
with:
python-version: 3.11
- name: Install Python dependencies
run: pip install -r requirements.txt --no-cache-dir
- name: Uninstall debugpy
run: pip uninstall -y debugpy
- name: Uninstall joblib
run: pip uninstall -y joblib
- name: Run pyinstaller
run: pyinstaller glue_app.spec
# Don't do the following for now since it actually breaks the WWT plugin
# - name: Remove nested app
# if: ${{ matrix.os == 'macos-14' }}
# run: rm -rf dist/glue.app/Contents/Frameworks/PyQt5/Qt/lib/QtWebEngineCore.framework/Versions/5/Helpers/QtWebEngineProcess.app
- name: Simple test of MacOS X application
if: ${{ matrix.os == 'macos-14' }}
run: dist/glue.app/Contents/MacOS/start_glue --test
- name: Rename MacOS X application
if: ${{ matrix.os == 'macos-14' }}
run: mv dist/glue.app dist/"glue ${GITHUB_REF_NAME}.app"
- name: Rename Windows application
if: ${{ matrix.os == 'windows-2019' }}
shell: bash
run: mv dist/glue.exe dist/"glue ${GITHUB_REF_NAME}.exe"
# Build signed DMG for direct distribution
- name: Remove start_glue
if: ${{ matrix.os == 'macos-14' }}
run: rm -rf dist/start_glue
- name: Codesign MacOS X application
if: ${{ matrix.os == 'macos-14' }}
run: codesign --entitlements entitlements.plist --force -s "${{ secrets.DEVELOPER_ID_APPLICATION}}" -v dist/"glue ${GITHUB_REF_NAME}.app" --deep --strict --options=runtime --timestamp
- name: Make DMG
if: ${{ matrix.os == 'macos-14' }}
run: hdiutil create -volname "Glue" -srcfolder dist -ov -format UDZO dist/"glue ${GITHUB_REF_NAME}.dmg"
- name: Notarize app
if: ${{ matrix.os == 'macos-14' }}
run: xcrun notarytool submit dist/"glue ${GITHUB_REF_NAME}.dmg" --apple-id ${{ secrets.NOTARIZATION_USERNAME }} --team-id ${{ secrets.TEAM_ID }} --password ${{ secrets.NOTARIZATION_PASSWORD }} --wait
- name: Staple notarization to dmg
if: ${{ matrix.os == 'macos-14' }}
run: xcrun stapler staple dist/"glue ${GITHUB_REF_NAME}.dmg"
# Build signed pkg for potential Mac App Store distribution
- name: Rename MacOS X application
if: ${{ matrix.os == 'macos-14' }}
run: mv dist/"glue ${GITHUB_REF_NAME}.app" dist/glueviz.app
- name: Build MacOS X installer for distribution
if: ${{ matrix.os == 'macos-14' }}
run: productbuild --component dist/glueviz.app /Applications/ dist/"glue ${GITHUB_REF_NAME}_unsigned.pkg"
- name: Sign MacOS X installer for distribution
if: ${{ matrix.os == 'macos-14' }}
run: productsign --sign "${{ secrets.MAC_INSTALLER_DISTRIBUTION}}" dist/"glue ${GITHUB_REF_NAME}_unsigned.pkg" dist/"glue ${GITHUB_REF_NAME}.pkg"
- name: Remove unsigned pkg
if: ${{ matrix.os == 'macos-14' }}
run: rm -rf dist/"glue ${GITHUB_REF_NAME}_unsigned.pkg"
# For now validation fails because the entitlements file is missing the sandbox option - but we are leaving
# it out for now as WWT does not work correctly with it.
#- name: Validate pkg
# if: ${{ matrix.os == 'macos-14' }}
# run: xcrun altool --validate-app -f dist/"glue ${GITHUB_REF_NAME}.pkg" --type osx --username ${{ secrets.NOTARIZATION_USERNAME }} --password ${{ secrets.NOTARIZATION_PASSWORD }} --team-id ${{ secrets.TEAM_ID }}
- name: Remove .app
if: ${{ matrix.os == 'macos-14' }}
run: rm -rf dist/"glueviz.app"
- name: Output list of included packages
if: matrix.os == 'macos-14'
run: pip freeze > included-packages.txt
- name: Install awscli
run: pip install awscli
- name: Upload glue to S3
shell: bash
if: github.event_name != 'pull_request'
run: aws s3 cp dist/ s3://glueviz/installers/${GITHUB_REF_NAME}/ --recursive
env:
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
- name: Upload package list to S3
if: github.event_name != 'pull_request' && matrix.os == 'macos-14'
run: aws s3 cp included-packages.txt s3://glueviz/installers/${GITHUB_REF_NAME}/
env:
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}