build_cmake.yml

name: CMake Build Matrix
# Many thanks to Cristian Adam for examples
# e.g. https://github.com/cristianadam/HelloWorld/blob/master/.github/workflows/build_cmake.yml
# https://cristianadam.eu/20191222/using-github-actions-with-c-plus-plus-and-cmake/


on: [push, pull_request, workflow_dispatch]

env:
  QT_VERSION: 5.15.2
  # this is different from MACOSX_DEPLOYMENT_TARGET to prevent build problems
  # we set MACOSX_DEPLOYMENT_TARGET later
  MACOS_TARGET: 10.12
  FEATURES: -DBUILD_GPL_PLUGINS=ON -DWITH_COORDGEN=OFF -DUSE_VTK=ON -DUSE_3DCONNEXION=ON
  CACHE: -DCMAKE_C_COMPILER_LAUNCHER=sccache -DCMAKE_CXX_COMPILER_LAUNCHER=sccache
  SCCACHE_GHA_ENABLED: "true"

concurrency:
  group: ${{ github.workflow }}-${{ github.ref }}
  cancel-in-progress: true

jobs:
  build:
    name: ${{ matrix.config.name }}
    runs-on: ${{ matrix.config.os }}
    strategy:
      fail-fast: false
      matrix:
        config:
        - {
            name: "Ubuntu GCC", artifact: "Ubuntu-Latest.tar.gz",
            os: ubuntu-latest,
            cc: "gcc", cxx: "g++",
            build_type: "Release",
            cmake_flags: "-G Ninja -DENABLE_TESTING=ON -DTEST_QTGL=OFF -USE_SYSTEM_ZLIB=ON",
            cpack: "",
          }
        - {
            name: "Ubuntu AppImage", artifact: "Avogadro2.AppImage",
            os: ubuntu-22.04,
            cc: "gcc", cxx: "g++",
            build_type: "Release",
            cmake_flags: "-G Ninja -DBUILD_MOLEQUEUE=OFF -DINSTALL_BUNDLE_FILES=ON -USE_SYSTEM_ZLIB=ON",
            cpack: "",
          }
        - {
            name: "macOS Clang", artifact: "macOS.dmg",
            os: macos-13,
            cc: "clang", cxx: "clang++",
            build_type: "Release",
            cmake_flags: "-G Ninja -DBUILD_MOLEQUEUE=OFF",
            cpack_flags: "-G DragNDrop",
          }
        - {
            name: "Ubuntu Address Sanitizer", artifact: "",
            os: ubuntu-20.04,
            cc: "gcc", cxx: "g++",
            build_type: "asan",
            cmake_flags: "-G Ninja -DENABLE_TESTING=ON -DTEST_QTGL=OFF -USE_SYSTEM_ZLIB=ON",
            cpack: "",
          }
        - {
            name: "Ubuntu Undefined Behavior Sanitizer", artifact: "",
            os: ubuntu-20.04,
            cc: "gcc", cxx: "g++",
            build_type: "ubsan",
            cmake_flags: "-G Ninja -DENABLE_TESTING=ON -DTEST_QTGL=OFF -USE_SYSTEM_ZLIB=ON",
            cpack: "",
          }

    steps:

    - name: Install Dependencies (Linux)
      if: runner.os == 'Linux'
      run: |
        sudo add-apt-repository -y universe
        sudo apt-get -qq update
        sudo apt-get -qq install ninja-build libeigen3-dev libboost-all-dev libglew-dev libxml2-dev
        sudo apt-get -qq install qtbase5-dev qtchooser qt5-qmake qtbase5-dev-tools libqt5x11extras5-dev libqt5svg5-dev
        sudo apt-get -qq install libgcc-10-dev libgcc-9-dev
        sudo apt install libfuse2
    - name: Install Dependencies (macOS)
      if: runner.os == 'macOS'
      run: |
        if uname -p | grep -q "arm" ; then
           export PATH=/opt/homebrew/bin:$PATH
        else # not self-hosted runner
          brew install ninja eigen glew
        fi
    - name: Install Dependencies (Windows)
      if: runner.os == 'Windows'
      run: choco install ninja

    - name: Checkout openchemistry
      uses: actions/checkout@v4
      with:
        repository: openchemistry/openchemistry
        submodules: recursive

    - name: Checkout avogadroapp
      uses: actions/checkout@v4
      with:
        repository: openchemistry/avogadroapp
        path: avogadroapp

    - name: Checkout molecules
      uses: actions/checkout@v4
      with:
        repository: openchemistry/molecules
        path: molecules

    - name: Checkout fragments
      uses: actions/checkout@v4
      with:
        repository: openchemistry/fragments
        path: fragments

    - name: Checkout crystals
      uses: actions/checkout@v4
      with:
        repository: openchemistry/crystals
        path: crystals

    - name: Checkout i18n
      uses: actions/checkout@v4
      with:
        repository: openchemistry/avogadro-i18n
        path: avogadro-i18n

    - name: Checkout avogadrolibs
      uses: actions/checkout@v4
      with:
        path: avogadrolibs

    - name: Install Qt
      uses: jurplel/install-qt-action@v3
      with:
        aqtversion: '==3.1.*'
        cache: true
        version: ${{ env.QT_VERSION }}

    - name: Configure MSVC Command Prompt
      if: runner.os == 'Windows'
      uses: ilammy/msvc-dev-cmd@v1
      with:
        arch: x64

    - name: Grab cache files
      uses: actions/cache@v4
      if: runner.os != 'Windows'
      with:
        path: |
          ${{ runner.workspace }}/build/Downloads
        key: ${{ matrix.config.name }}-downloads

    - name: Run sccache-cache
      uses: mozilla-actions/sccache-action@main

    - name: Configure
      run: |
        if [ ! -d "${{ runner.workspace }}/build" ]; then mkdir "${{ runner.workspace }}/build"; fi
        cd "${{ runner.workspace }}/build"
        # won't have any effect except on Mac
        echo "MACOSX_DEPLOYMENT_TARGET=${{ env.MACOS_TARGET }}" >> $GITHUB_ENV
        CC=${{matrix.config.cc}} CXX=${{matrix.config.cxx}} cmake $GITHUB_WORKSPACE ${{env.FEATURES}} ${{env.CACHE}} -DCMAKE_BUILD_TYPE=${{matrix.config.build_type}} ${{matrix.config.cmake_flags}}
      shell: bash

    - name: Build
      run: |
        CC=${{matrix.config.cc}} CXX=${{matrix.config.cxx}} CMAKE_C_COMPILER_LAUNCHER=sccache CMAKE_CXX_COMPILER_LAUNCHER=sccache cmake --build . --config ${{matrix.config.build_type}} ${{matrix.config.build_flags}}
      shell: bash
      working-directory: ${{ runner.workspace }}/build

    - name: Fix Mac plugins
      if: runner.os == 'macOS'
      working-directory: ${{ runner.workspace }}/build/prefix/lib/openbabel
      run: |
        for plugin in *.so; do
          for libpath in `otool -L ${plugin} | grep '/Users/runner/work' | awk '{print $1}'`; do
            export lib=`echo $libpath | cut -d '/' -f 9`;
            echo "Fixing $plugin $lib $libpath"
            install_name_tool -change $libpath @executable_path/../Frameworks/$lib $plugin
          done
        done
        cd .. # build/prefix/lib
        for plugin in libinchi.?.?.?.dylib libopenbabel.?.?.?.dylib; do
          for libpath in `otool -L ${plugin} | grep '/Users/runner/work' | awk '{print $1}'`; do
            export lib=`echo $libpath | cut -d '/' -f 9`;
            echo "Fixing $plugin $lib $libpath"
            install_name_tool -change $libpath @executable_path/../Frameworks/$lib $plugin
          done
        done
        otool -L libinchi.?.?.?.dylib
        otool -L libopenbabel.?.?.?.dylib
        cp -p libinchi* ../Avogadro2.app/Contents/Frameworks/
        cp -p libopenbabel* ../Avogadro2.app/Contents/Frameworks/
        # finally, fixup the binaries
        cd ../bin
        for exe in obabel obmm eht_bind genXrdPattern; do
          for libpath in `otool -L ${exe} | grep '/Users/runner/work' | awk '{print $1}'`; do
            export lib=`echo $libpath | cut -d '/' -f 9`;
            echo "Fixing $exe $lib $libpath"
            install_name_tool -change $libpath @executable_path/../Frameworks/$lib $exe
          done
        done

    - name: Run tests
      if: matrix.config.os == 'ubuntu-20.04'
      shell: cmake -P {0}
      run: |
        include(ProcessorCount)
        ProcessorCount(N)
        set(ENV{CTEST_OUTPUT_ON_FAILURE} "ON")
        set(ENV{ASAN_OPTIONS} "new_delete_type_mismatch=0")
        execute_process(
          COMMAND ctest -j ${N}
          WORKING_DIRECTORY ${{ runner.workspace }}/build/avogadrolibs
          RESULT_VARIABLE result
        )
        if (NOT result EQUAL 0)
          message(FATAL_ERROR "Running tests failed!")
        endif()

    - name: Install the Apple certificate
      # From GitHub docs: https://docs.github.com/en/actions/guides/installing-an-apple-certificate-on-macos-runners-for-xcode-development
      if: runner.os == 'macOS'
      working-directory: ${{ runner.workspace }}/build
      env:
        BUILD_CERTIFICATE_BASE64: ${{ secrets.BUILD_CERTIFICATE_BASE64 }}
        P12_PASSWORD: ${{ secrets.P12_PASSWORD }}
        KEYCHAIN_PASSWORD: ${{ secrets.KEYCHAIN_PASSWORD }}
        NOTARIZE_USERNAME: ${{ secrets.AC_USERNAME }}
        NOTARIZE_PASSWORD: ${{ secrets.AC_PASSWORD }}
        CODESIGN_IDENTITY: ${{ secrets.CODESIGN_ID }}
        PRODUCT_BUNDLE_IDENTIFIER: cc.avogadro
      run: |
        # be sure the DMG can be created easily
        # https://github.com/actions/runner-images/issues/7522#issuecomment-1556766641
        echo killing...; sudo pkill -9 XProtect >/dev/null || true;
        echo waiting...; while pgrep XProtect; do sleep 3; done;

        # create variables
        if [ -n "${P12_PASSWORD}" ]; then
          CERTIFICATE_PATH=$RUNNER_TEMP/build_certificate.p12
          KEYCHAIN_PATH=$RUNNER_TEMP/app-signing.keychain-db

          # import certificate and provisioning profile from secrets
          echo -n "$BUILD_CERTIFICATE_BASE64" | base64 -d -o $CERTIFICATE_PATH

          # create temporary keychain if the cert is non-zero
          if [ -s $CERTIFICATE_PATH ]; then
            security create-keychain -p "$KEYCHAIN_PASSWORD" $KEYCHAIN_PATH
            security set-keychain-settings -lut 21600 $KEYCHAIN_PATH
            security unlock-keychain -p "$KEYCHAIN_PASSWORD" $KEYCHAIN_PATH

            # import certificate to keychain
            security import $CERTIFICATE_PATH -P "$P12_PASSWORD" -A -t cert -f pkcs12 -k $KEYCHAIN_PATH
            security list-keychain -d user -s $KEYCHAIN_PATH

            # signing occurs via avogadroapp cpack instructions
          fi # certificate exists
        fi # password exists

    - name: Create Mac and Windows Packages
      if: matrix.config.os == 'windows-latest' || runner.os == 'macOS'
      shell: bash
      run: |
        if [ -z "${P12_PASSWORD}" ]; then
          unset CODESIGN_IDENTITY # to prevent cpack failing when trying to sign
        fi
        if [ -z "${OPENSSL_ROOT_DIR}" ]; then
          unset OPENSSL_ROOT_DIR
        fi
        [[ ! "${GITHUB_REF}" =~ "tags" ]] && export SNAPSHOT_DATE=`date -j "+%d-%m-%y"`
        cpack ${{ matrix.config.cpack_flags }}
      working-directory: ${{ runner.workspace }}/build/avogadroapp
      continue-on-error: true
      env:
        P12_PASSWORD: ${{ secrets.P12_PASSWORD }}
        CODESIGN_IDENTITY: ${{ secrets.CODESIGN_ID }}
        OPENSSL_ROOT_DIR: ${{ matrix.config.ssl_env }}

    - name: AppImage
      if: matrix.config.os == 'ubuntu-22.04' && matrix.config.build_type == 'Release'
      shell: bash
      run: |
        mkdir appdir
        mv prefix appdir/usr

        export LD_LIBRARY_PATH=$LD_LIBRARY_PATH:appdir/usr/lib

        wget -c -nv "https://github.com/linuxdeploy/linuxdeploy/releases/download/continuous/linuxdeploy-x86_64.AppImage"
        wget -c -nv "https://github.com/linuxdeploy/linuxdeploy-plugin-qt/releases/download/continuous/linuxdeploy-plugin-qt-x86_64.AppImage"
        wget -c -nv "https://github.com/AppImage/AppImageKit/releases/download/continuous/appimagetool-x86_64.AppImage"
        chmod a+x *.AppImage

        ./linuxdeploy-x86_64.AppImage -d appdir/usr/share/applications/*.desktop --plugin qt --appdir appdir
        # add the custom AppRun
        rm appdir/AppRun
        cp ../avogadrolibs/avogadrolibs/scripts/AppImage.sh appdir/AppRun
        chmod a+x appdir/AppRun
        ./appimagetool-x86_64.AppImage appdir
        mv Avogadro*.AppImage avogadroapp # for upload
      working-directory: ${{ runner.workspace }}/build

    - name: Notarize Mac DMG
      if: runner.os == 'macOS'
      run: |
        # check if we have the password and the username
        if [ -n "${NOTARIZE_PASSWORD}" ] && [ -n "${NOTARIZE_USERNAME}" ]; then
          codesign -s "$CODESIGN_IDENTITY" --timestamp Avogadro2*.dmg
          xcrun notarytool submit Avogadro2*.dmg --apple-id "$NOTARIZE_USERNAME" --team-id "$NOTARIZE_TEAM" --password "$NOTARIZE_PASSWORD" --verbose --wait
          xcrun stapler staple -v Avogadro2*.dmg
        fi
      working-directory: ${{ runner.workspace }}/build/avogadroapp
      env:
        NOTARIZE_TEAM: ${{ secrets.AC_TEAM }}
        NOTARIZE_USERNAME: ${{ secrets.AC_USERNAME }}
        NOTARIZE_PASSWORD: ${{ secrets.AC_PASSWORD }}
        CODESIGN_IDENTITY: ${{ secrets.CODESIGN_ID }}
      continue-on-error: true

    - name: Upload
      if: matrix.config.artifact != 0
      id: upload-artifact
      uses: actions/upload-artifact@v4
      with:
        path: ${{ runner.workspace }}/build/avogadroapp/Avogadro*.*
        name: ${{ matrix.config.artifact }}

    - name: Sign Windows artifact
      if: matrix.config.os == 'windows-latest' && github.ref == 'refs/heads/master'
      uses: signpath/github-action-submit-signing-request@v1
      with:
        api-token: '${{ secrets.SIGNPATH_API_TOKEN }}'
        organization-id: '${{ secrets.SIGNPATH_ORG_ID }}'
        project-slug: 'avogadrolibs'
        signing-policy-slug: 'test-signing'
        github-artifact-id: '${{ steps.upload-artifact.outputs.artifact-id }}'
        wait-for-completion: true
        output-artifact-directory: '${{ runner.workspace }}/build/avogadroapp'

    - name: Notarize Mac DMG
      if: matrix.config.os == 'windows-latest' && github.ref == 'refs/heads/master'
      run: |
        ls -la ./
      working-directory: ${{ runner.workspace }}/build/avogadroapp

    - name: Setup tmate session
      if: failure()
      uses: mxschmitt/action-tmate@v3

    - name: Cleanup
      if: ${{ always() }} # To ensure this step runs even when earlier steps fail
      shell: bash
      run: |
        ls -la ./
        rm -rf ./* || true
        rm -rf ./.??* || true
        ls -la ./