Skip to content

Merge pull request #1816 from ghutchis/find-signed-artifact #2386

Merge pull request #1816 from ghutchis/find-signed-artifact

Merge pull request #1816 from ghutchis/find-signed-artifact #2386

Workflow file for this run

name: CMake Self-Hosted
on: [push, pull_request, workflow_dispatch]
env:
# this is different from MACOSX_DEPLOYMENT_TARGET to prevent build problems
# we set MACOSX_DEPLOYMENT_TARGET later
MACOS_TARGET: 10.12
FEATURES: -DUSE_VTK=ON -DBUILD_GPL_PLUGINS=ON -DBUILD_MOLEQUEUE=OFF -DWITH_COORDGEN=OFF -DUSE_3DCONNEXION=ON
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
jobs:
build:
name: ${{ matrix.config.name }}
runs-on: ${{ matrix.config.os }}
strategy:
fail-fast: false
matrix:
config:
- {
name: "macOS ARM", artifact: "macOS-arm64.dmg",
os: [self-hosted, macOS],
cc: "clang", cxx: "clang++",
build_type: "Release",
cmake_flags: "-G Ninja -DCMAKE_PREFIX_PATH=/opt/homebrew/Cellar/qt@5/5.15.5_1/lib/cmake/Qt5",
cpack_flags: "-G DragNDrop",
}
steps:
- name: Install Dependencies (macOS)
if: runner.os == 'macOS'
run: |
if uname -p | grep -q "arm" ; then
export PATH=/opt/homebrew/bin:$PATH
else # not self-hosted runner
brew install ninja eigen glew
fi
- name: Checkout openchemistry
uses: actions/checkout@v4
with:
repository: openchemistry/openchemistry
submodules: recursive
- name: Checkout avogadroapp
uses: actions/checkout@v4
with:
repository: openchemistry/avogadroapp
path: avogadroapp
- name: Checkout molecules
uses: actions/checkout@v4
with:
repository: openchemistry/molecules
path: molecules
- name: Checkout fragments
uses: actions/checkout@v4
with:
repository: openchemistry/fragments
path: fragments
- name: Checkout crystals
uses: actions/checkout@v4
with:
repository: openchemistry/crystals
path: crystals
- name: Checkout avogadrolibs
uses: actions/checkout@v4
with:
path: avogadrolibs
- name: Checkout i18n
uses: actions/checkout@v4
with:
repository: openchemistry/avogadro-i18n
path: avogadro-i18n
- name: Configure
run: |
if [ ! -d "${{ runner.workspace }}/build" ]; then mkdir "${{ runner.workspace }}/build"; fi
cd "${{ runner.workspace }}/build"
echo "MACOSX_DEPLOYMENT_TARGET=${{ env.MACOS_TARGET }}" >> $GITHUB_ENV
CC=${{matrix.config.cc}} CXX=${{matrix.config.cxx}} cmake $GITHUB_WORKSPACE ${{env.FEATURES}} -DCMAKE_BUILD_TYPE=${{matrix.config.build_type}} ${{matrix.config.cmake_flags}}
shell: bash
- name: Build
run: |
CC=${{matrix.config.cc}} CXX=${{matrix.config.cxx}} cmake --build . --config ${{matrix.config.build_type}} ${{matrix.config.build_flags}}
shell: bash
working-directory: ${{ runner.workspace }}/build
- name: Fix Mac plugins
if: runner.os == 'macOS'
working-directory: ${{ runner.workspace }}/build/prefix/lib/openbabel
run: |
for plugin in *.so; do
for libpath in `otool -L ${plugin} | grep '/Users/runner' | awk '{print $1}'`; do
export lib=`echo $libpath | cut -d '/' -f 10`;
echo "Fixing $plugin $lib $libpath"
install_name_tool -change $libpath @executable_path/../Frameworks/$lib $plugin
done
done
cd .. # build/prefix/lib
for plugin in libinchi.?.?.?.dylib; do
for libpath in `otool -L ${plugin} | grep '/Users/runner' | awk '{print $1}'`; do
export lib=`echo $libpath | cut -d '/' -f 10`;
echo "Fixing $plugin $lib $libpath"
install_name_tool -change $libpath @executable_path/../Frameworks/$lib $plugin
done
done
otool -L libinchi.?.?.?.dylib
cp -p libinchi* ../Avogadro2.app/Contents/Frameworks/
# finally, fixup the binaries
#cd ../bin
#for exe in obabel obmm eht_bind genXrdPattern; do
# for libpath in `otool -L ${exe} | grep '/Users/runner' | awk '{print $1}'`; do
# export lib=`echo $libpath | cut -d '/' -f 10`;
# echo "Fixing $exe $lib $libpath"
# install_name_tool -change $libpath @executable_path/../Frameworks/$lib $exe
# done
#done
- name: Install the Apple certificate
# From GitHub docs: https://docs.github.com/en/actions/guides/installing-an-apple-certificate-on-macos-runners-for-xcode-development
if: runner.os == 'macOS'
working-directory: ${{ runner.workspace }}/build
env:
BUILD_CERTIFICATE_BASE64: ${{ secrets.BUILD_CERTIFICATE_BASE64 }}
P12_PASSWORD: ${{ secrets.P12_PASSWORD }}
KEYCHAIN_PASSWORD: ${{ secrets.KEYCHAIN_PASSWORD }}
NOTARIZE_USERNAME: ${{ secrets.AC_USERNAME }}
NOTARIZE_PASSWORD: ${{ secrets.AC_PASSWORD }}
CODESIGN_IDENTITY: ${{ secrets.CODESIGN_ID }}
PRODUCT_BUNDLE_IDENTIFIER: cc.avogadro
run: |
# create variables
if [ -n "${P12_PASSWORD}" ]; then
CERTIFICATE_PATH=$RUNNER_TEMP/build_certificate.p12
KEYCHAIN_PATH=$RUNNER_TEMP/app-signing.keychain-db
# import certificate and provisioning profile from secrets
echo -n "$BUILD_CERTIFICATE_BASE64" | base64 --decode -o $CERTIFICATE_PATH
# create temporary keychain if the cert is non-zero
if [ -s $CERTIFICATE_PATH ]; then
security create-keychain -p "$KEYCHAIN_PASSWORD" $KEYCHAIN_PATH
security set-keychain-settings -lut 21600 $KEYCHAIN_PATH
security unlock-keychain -p "$KEYCHAIN_PASSWORD" $KEYCHAIN_PATH
# import certificate to keychain
security import $CERTIFICATE_PATH -P "$P12_PASSWORD" -A -t cert -f pkcs12 -k $KEYCHAIN_PATH
security list-keychain -d user -s $KEYCHAIN_PATH
# signing occurs via avogadroapp cpack instructions
fi # certificate exists
fi # password exists
# remove any previous DMG in case they're still around
rm -f avogadroapp/*.dmg
- name: Create Mac and Windows Packages
shell: bash
run: |
if [ -z "${P12_PASSWORD}" ]; then
unset CODESIGN_IDENTITY # to prevent cpack failing when trying to sign
fi
[[ ! "${GITHUB_REF}" =~ "tags" ]] && export SNAPSHOT_DATE=`date -j "+%d-%m-%y"`
cpack ${{ matrix.config.cpack_flags }}
working-directory: ${{ runner.workspace }}/build/avogadroapp
env:
P12_PASSWORD: ${{ secrets.P12_PASSWORD }}
CODESIGN_IDENTITY: ${{ secrets.CODESIGN_ID }}
- name: Notarize Mac DMG
if: runner.os == 'macOS'
run: |
# check if we have the password and the username
if [ -n "${NOTARIZE_PASSWORD}" ] && [ -n "${NOTARIZE_USERNAME}" ]; then
codesign -s "$CODESIGN_IDENTITY" --timestamp Avogadro2*.dmg
xcrun notarytool submit Avogadro2*.dmg --apple-id "$NOTARIZE_USERNAME" --team-id "$NOTARIZE_TEAM" --password "$NOTARIZE_PASSWORD" --verbose --wait
xcrun stapler staple -v Avogadro2*.dmg
fi
working-directory: ${{ runner.workspace }}/build/avogadroapp
env:
NOTARIZE_TEAM: ${{ secrets.AC_TEAM }}
NOTARIZE_USERNAME: ${{ secrets.AC_USERNAME }}
NOTARIZE_PASSWORD: ${{ secrets.AC_PASSWORD }}
CODESIGN_IDENTITY: ${{ secrets.CODESIGN_ID }}
continue-on-error: true
- name: Upload
if: matrix.config.artifact != 0
uses: actions/upload-artifact@v4
with:
path: ${{ runner.workspace }}/build/avogadroapp/Avogadro2*.*
name: ${{ matrix.config.artifact }}
- name: Cleanup
if: ${{ always() }} # To ensure this step runs even when earlier steps fail
shell: bash
run: |
ls -la ./
rm -rf ./* || true
rm -rf ./.??* || true
ls -la ./