From a2c0d4969aa35067455814d20cc87f9f9486c370 Mon Sep 17 00:00:00 2001 From: Patrick Heyer Date: Thu, 27 Jul 2023 15:26:45 +0200 Subject: [PATCH] CI: Add fixes for tagged release runs and assorted minor issues * Add provisioning profile support for macOS builds * Fix internal variable names in macOS packaging script * Add fallback git reference for validator actions * Add required repository environment to documention deployment jobs * Pass GitHub pull request number to GitHub CLI explicitly * Use shortened commit hash for Steam nightly versions * Ensure that concurrency check for tagged push uses a boolean value * Update disk image creation function to retry ejection on CI * Fix repository checkout in Flatpak publish action * Fix output paths and filenames of generated appcast XML files * Limit notice about notarization password use to non-CI usage * Remove architecture-specific suffix from appcast artifact name --- .github/actions/build-obs/action.yaml | 5 ++++ .github/actions/qt-xml-validator/action.yaml | 2 ++ .github/actions/run-clang-format/action.yaml | 2 ++ .github/actions/run-cmake-format/action.yaml | 2 ++ .github/actions/run-swift-format/action.yaml | 2 ++ .../setup-macos-codesigning/action.yaml | 3 +++ .github/actions/sparkle-appcast/action.yaml | 11 +++++--- .github/actions/steam-upload/action.yaml | 2 +- .github/scripts/.package.zsh | 4 +-- .github/scripts/utils.zsh/create_diskimage | 27 ++++++++++++++++--- .github/scripts/utils.zsh/read_codesign_pass | 5 +++- .github/workflows/build-project.yaml | 3 ++- .github/workflows/dispatch.yaml | 2 ++ .github/workflows/publish.yaml | 4 +-- .github/workflows/push.yaml | 6 +++-- 15 files changed, 65 insertions(+), 15 deletions(-) diff --git a/.github/actions/build-obs/action.yaml b/.github/actions/build-obs/action.yaml index c0d117fad..bda425a32 100644 --- a/.github/actions/build-obs/action.yaml +++ b/.github/actions/build-obs/action.yaml @@ -20,6 +20,10 @@ inputs: description: Team ID for application codesigning (macOS only) required: false default: '' + provisioningProfileUUID: + description: UUID of provisioning profile (macOS only) + required: false + default: '' workingDirectory: description: Working directory for packaging required: false @@ -34,6 +38,7 @@ runs: env: CODESIGN_IDENT: ${{ inputs.codesignIdent }} CODESIGN_TEAM: ${{ inputs.codesignTeam }} + PROVISIONING_PROFILE: ${{ inputs.provisioningProfileUUID }} run: | : Run macOS Build diff --git a/.github/actions/qt-xml-validator/action.yaml b/.github/actions/qt-xml-validator/action.yaml index 0dc0e1b39..1e0da1120 100644 --- a/.github/actions/qt-xml-validator/action.yaml +++ b/.github/actions/qt-xml-validator/action.yaml @@ -46,6 +46,8 @@ runs: shopt -s extglob shopt -s globstar + if (( ! GITHUB_REF_BEFORE )); then GITHUB_REF_BEFORE='4b825dc642cb6eb9a060e54bf8d69288fbee4904'; fi + changes=($(git diff --name-only HEAD~1 HEAD -- UI/forms/**/*.ui)) case "${GITHUB_EVENT_NAME}" in pull_request) changes=($(git diff --name-only origin/"${GITHUB_BASE_REF}" HEAD -- UI/forms/**/*.ui)) ;; diff --git a/.github/actions/run-clang-format/action.yaml b/.github/actions/run-clang-format/action.yaml index 8fa7a79ba..ff7465182 100644 --- a/.github/actions/run-clang-format/action.yaml +++ b/.github/actions/run-clang-format/action.yaml @@ -43,6 +43,8 @@ runs: : Run clang-format 🐉 if (( ${+RUNNER_DEBUG} )) setopt XTRACE + if (( ! GITHUB_REF_BEFORE )) GITHUB_REF_BEFORE='4b825dc642cb6eb9a060e54bf8d69288fbee4904' + local -a changes=($(git diff --name-only HEAD~1 HEAD)) case ${GITHUB_EVENT_NAME} { pull_request) changes=($(git diff --name-only origin/${GITHUB_BASE_REF} HEAD)) ;; diff --git a/.github/actions/run-cmake-format/action.yaml b/.github/actions/run-cmake-format/action.yaml index 835fdb82b..49f34486b 100644 --- a/.github/actions/run-cmake-format/action.yaml +++ b/.github/actions/run-cmake-format/action.yaml @@ -42,6 +42,8 @@ runs: : Run cmake-format 🎛️ if (( ${+RUNNER_DEBUG} )) setopt XTRACE + if (( ! GITHUB_REF_BEFORE )) GITHUB_REF_BEFORE='4b825dc642cb6eb9a060e54bf8d69288fbee4904' + local -a changes=($(git diff --name-only HEAD~1 HEAD)) case ${GITHUB_EVENT_NAME} { pull_request) changes=($(git diff --name-only origin/${GITHUB_BASE_REF} HEAD)) ;; diff --git a/.github/actions/run-swift-format/action.yaml b/.github/actions/run-swift-format/action.yaml index e595c3f30..70c95d6d6 100644 --- a/.github/actions/run-swift-format/action.yaml +++ b/.github/actions/run-swift-format/action.yaml @@ -42,6 +42,8 @@ runs: : Run swift-format 🔥 if (( ${+RUNNER_DEBUG} )) setopt XTRACE + if (( ! GITHUB_REF_BEFORE )) GITHUB_REF_BEFORE='4b825dc642cb6eb9a060e54bf8d69288fbee4904' + local -a changes=($(git diff --name-only HEAD~1 HEAD)) case ${GITHUB_EVENT_NAME} { pull_request) changes=($(git diff --name-only origin/${GITHUB_BASE_REF} HEAD)) ;; diff --git a/.github/actions/setup-macos-codesigning/action.yaml b/.github/actions/setup-macos-codesigning/action.yaml index 69ece6c33..cc325d5fa 100644 --- a/.github/actions/setup-macos-codesigning/action.yaml +++ b/.github/actions/setup-macos-codesigning/action.yaml @@ -28,6 +28,9 @@ outputs: haveProvisioningProfile: description: True if necessary provisioning profile credentials were found value: ${{ steps.provisioning.outputs.haveProvisioningProfile }} + provisioningProfileUUID: + description: UUID of imported provisioning profile + value: ${{ steps.provisioning.outputs.provisioningProfileUUID }} haveNotarizationUser: description: True if necessary notarization credentials were found value: ${{ steps.notarization.outputs.haveNotarizationUser }} diff --git a/.github/actions/sparkle-appcast/action.yaml b/.github/actions/sparkle-appcast/action.yaml index fd45e7b6c..9a56a6d15 100644 --- a/.github/actions/sparkle-appcast/action.yaml +++ b/.github/actions/sparkle-appcast/action.yaml @@ -72,7 +72,6 @@ runs: mkdir builds mkdir -p output/appcasts/stable - mkdir -p output/sparkle_deltas - name: Download Builds 📥 id: builds @@ -152,6 +151,7 @@ runs: print -n '${{ inputs.sparklePrivateKey }}' >> eddsa_private.key local feed_url='${{ steps.builds.outputs.feedUrl }}' + local arch=${${${(s:_:)feed_url:t}[2]}//x86/x86_64} Sparkle/bin/generate_appcast \ --verbose \ @@ -166,7 +166,8 @@ runs: local -a deltas=(builds/*.delta(N)) if (( #deltas )) { - mv ${deltas} output/sparkle_deltas + mkdir -p output/sparkle_deltas/${arch} + mv ${deltas} output/sparkle_deltas/${arch} } mv builds/*.xml output/appcasts @@ -202,12 +203,16 @@ runs: local -a appcasts=(output/appcasts/*_v2.xml) local legacy + local feed_url='${{ steps.builds.outputs.feedUrl }}' + local arch=${${${(s:_:)feed_url:t}[2]}//x86/x86_64} for appcast (${appcasts}) { legacy="${appcast//.xml/-legacy.xml}" xsltproc \ -o ${legacy} ${GITHUB_ACTION_PATH}/appcast_legacy.xslt ${appcast} - xmllint --format ${legacy} >! output/appcasts/stable/${${appcast:t}//-v2.xml/.xml} + xmllint --format ${legacy} >! output/appcasts/stable/${${appcast:t}//_v2.xml/.xml} + + if [[ ${arch} == x86_64 ]] xmllint --format ${legacy} >! output/appcasts/stable/${${appcast:t}//_x86_64_v2.xml/.xml} rm ${legacy} } diff --git a/.github/actions/steam-upload/action.yaml b/.github/actions/steam-upload/action.yaml index 968d188ff..243821209 100644 --- a/.github/actions/steam-upload/action.yaml +++ b/.github/actions/steam-upload/action.yaml @@ -153,7 +153,7 @@ runs: mv obs-studio-macos-x86_64-${short_hash}/obs-studio-*-macos-intel.dmg \ ${root_dir} - description="g${GITHUB_SHA}" + description="g${GITHUB_SHA:0:9}" is_prerelease='false' ;; } diff --git a/.github/scripts/.package.zsh b/.github/scripts/.package.zsh index 0febfc95c..bd89d270c 100755 --- a/.github/scripts/.package.zsh +++ b/.github/scripts/.package.zsh @@ -134,8 +134,8 @@ ${_usage_host:-}" config=${2} shift 2 ;; - -s|--codesign) CODESIGN=1; shift ;; - -n|--notarize) NOTARIZE=1; shift ;; + -s|--codesign) codesign=1; shift ;; + -n|--notarize) notarize=1; shift ;; -p|--package) typeset -g package=1; shift ;; --skip-deps) typeset -g skip_deps=1; shift ;; -q|--quiet) (( verbosity -= 1 )) || true; shift ;; diff --git a/.github/scripts/utils.zsh/create_diskimage b/.github/scripts/utils.zsh/create_diskimage index 186672127..f5eccb4ea 100644 --- a/.github/scripts/utils.zsh/create_diskimage +++ b/.github/scripts/utils.zsh/create_diskimage @@ -1,4 +1,4 @@ -autoload -Uz log_debug log_error log_info log_status log_group log_output +autoload -Uz log_debug log_error log_info log_status log_group log_output log_warning local -r _usage="Usage: %B${0}%b @@ -19,7 +19,7 @@ log_group "Create macOS disk image" local _hdiutil_flags if (( _loglevel < 1 )) _hdiutil_flags='-quiet' -trap "hdiutil detach ${_hdiutil_flags} /Volumes/${output_name}; rm temp.dmg; log_group return 2" ERR +trap "hdiutil detach ${_hdiutil_flags} /Volumes/${output_name}; rm temp.dmg; log_group; return 2" ERR hdiutil create ${_hdiutil_flags} \ -volname "${volume_name}" \ @@ -47,7 +47,28 @@ chmod -Rf go-w /Volumes/${output_name} SetFile -a C /Volumes/${output_name} rm -rf -- /Volumes/${output_name}/.fseventsd(N) log_info "Converting disk image..." -hdiutil detach ${_hdiutil_flags} /Volumes/${output_name} + +if (( ${+CI} )) { + local _status=0 + for i ({1..5}) { + hdiutil detach ${_hdiutil_flags} /Volumes/${output_name} && _status=0 || _status=1 + + if (( status )) { + log_warning "Unable to eject disk image (attempt #${i}). Retrying." + } else { + break + } + } + + if (( status )) { + log_error "Unable to eject disk image after 5 attempts. Aborting" + log_group + return 2 + } +} else { + hdiutil detach ${_hdiutil_flags} /Volumes/${output_name} +} + hdiutil convert ${_hdiutil_flags} \ -format ULMO \ -ov \ diff --git a/.github/scripts/utils.zsh/read_codesign_pass b/.github/scripts/utils.zsh/read_codesign_pass index f38f26f4d..06c808f1e 100644 --- a/.github/scripts/utils.zsh/read_codesign_pass +++ b/.github/scripts/utils.zsh/read_codesign_pass @@ -15,10 +15,13 @@ if (( ! ${+CODESIGN_IDENT_PASS} )) { print '' log_info 'Setting up notarization keychain...' -log_warning " + +if (( ! ${+CI} )) { + log_warning " + Your Apple ID and an app-specific password is necessary for notarization from CLI + This password will be stored in your macOS keychain under the identifier 'OBS-Codesign-Password' with access Apple's 'altool' only. " +} xcrun notarytool store-credentials 'OBS-Codesign-Password' --apple-id "${CODESIGN_IDENT_USER}" --team-id "${CODESIGN_TEAM}" --password "${CODESIGN_IDENT_PASS}" diff --git a/.github/workflows/build-project.yaml b/.github/workflows/build-project.yaml index bbe352a65..08218b11d 100644 --- a/.github/workflows/build-project.yaml +++ b/.github/workflows/build-project.yaml @@ -29,7 +29,7 @@ jobs: case "${GITHUB_EVENT_NAME}" in pull_request) config_data=('codesign:false' 'notarize:false' 'package:false' 'config:RelWithDebInfo') - if gh pr view --json labels \ + if gh pr view ${{ github.event.number }} --json labels \ | jq -e -r '.labels[] | select(.name == "Seeking Testers")' > /dev/null; then config_data[0]='codesign:true' config_data[2]='package:true' @@ -139,6 +139,7 @@ jobs: codesign: ${{ fromJSON(needs.check-event.outputs.codesign) }} codesignIdent: ${{ steps.codesign.outputs.codesignIdent }} codesignTeam: ${{ steps.codesign.outputs.codesignTeam }} + provisioningProfileUUID: ${{ steps.codesign.outputs.provisioningProfileUUID }} - name: Package OBS Studio 📀 uses: ./.github/actions/package-obs diff --git a/.github/workflows/dispatch.yaml b/.github/workflows/dispatch.yaml index 71c445e54..cc5edfde7 100644 --- a/.github/workflows/dispatch.yaml +++ b/.github/workflows/dispatch.yaml @@ -117,6 +117,8 @@ jobs: defaults: run: shell: bash + environment: + name: cf-pages-deploy steps: - name: Get Commit Information 🆔 id: setup diff --git a/.github/workflows/publish.yaml b/.github/workflows/publish.yaml index 1b4835062..0405a5f2e 100644 --- a/.github/workflows/publish.yaml +++ b/.github/workflows/publish.yaml @@ -61,7 +61,7 @@ jobs: with: submodules: recursive fetch-depth: 0 - set-safe-directory: ${{ github.workspace }} + set-safe-directory: ${{ env.GITHUB_WORKSPACE }} - name: Set Up Environment 🔧 id: setup @@ -88,7 +88,7 @@ jobs: fi echo "cacheKey=${cache_key}" >> $GITHUB_OUTPUT - echo "commitHash=$(git rev-parse --short=9 HEAD)" >> $GITHUB_OUTPUT + echo "commitHash=${GITHUB_SHA:0:9}" >> $GITHUB_OUTPUT - name: Build Flatpak Manifest uses: flatpak/flatpak-github-actions/flatpak-builder@v6.1 diff --git a/.github/workflows/push.yaml b/.github/workflows/push.yaml index dfc75c311..7561ae94f 100644 --- a/.github/workflows/push.yaml +++ b/.github/workflows/push.yaml @@ -13,7 +13,7 @@ permissions: contents: write concurrency: group: '${{ github.workflow }} @ ${{ github.ref }}' - cancel-in-progress: ${{ github.ref_type == 'tag' }} + cancel-in-progress: ${{ fromJSON(github.ref_type == 'tag') }} jobs: check-format: name: Check Formatting 🔍 @@ -133,6 +133,8 @@ jobs: defaults: run: shell: bash + environment: + name: cf-pages-deploy steps: - name: Get Commit Information 🆔 id: setup @@ -216,7 +218,7 @@ jobs: - name: Upload Artifacts 📡 uses: actions/upload-artifact@v3 with: - name: macos-sparkle-update-${{ matrix.target }} + name: macos-sparkle-update path: ${{ github.workspace }}/output create-release: