Merge pull request #263 from DJ2LS/update_github_action

fixing macOS builds and code signing
2024-05-14 08:04:33 +00:00 · 2023-01-21 14:48:26 +01:00 · 2023-01-21 14:48:26 +01:00 · 679da34ed7
parent 97143f25f6 caa0bb2aac
commit 679da34ed7
6 changed files with 76 additions and 68 deletions
--- a/.github/workflows/build_multiplatform.yml
+++ b/.github/workflows/build_multiplatform.yml
@ -100,9 +100,6 @@ jobs:
          name: libcodec2_${{ matrix.os }}_${{ matrix.platform.name }}_${{ matrix.architecture }}.${{ matrix.platform.file }}
          path: codec2/tempfiles/*

-
-
-
  BUILD_ARM:
    # The host should always be linux
    runs-on: ubuntu-latest
@ -236,7 +233,7 @@ jobs:
      - name: Install Node.js, NPM and Yarn
        uses: actions/setup-node@v3
        with:
-          node-version: 16
+          node-version: 18

      - name: Create tnc/dist
        working-directory: tnc
@ -282,27 +279,25 @@ jobs:
          python -m pip install --upgrade pip
          pip install -r requirements.txt

+      - name: Add MacOS certs
+        if: ${{startsWith(matrix.os, 'macos')}}
+        run: chmod +x add-osx-cert.sh && ./add-osx-cert.sh
+        env:
+          CERTIFICATE_OSX_APPLICATION: ${{ secrets.CERTIFICATE_OSX_APPLICATION }}
+          CERTIFICATE_PASSWORD: ${{ secrets.CERTIFICATE_PASSWORD }}

-      # - name: Install Pyaudio Windows
-      #   if: ${{startsWith(matrix.os, 'windows')}}
-      #   working-directory: tnc/lib/pyaudio/windows
-      #   run: |
-      #     pip install PyAudio-0.2.11-cp39-cp39-win_amd64.whl
+      - name: Build binaries macOS
+        if: ${{startsWith(matrix.os, 'macos')}}
+        working-directory: tnc
+        run: |
+          # now build tnc binaries
+          pyinstaller -y freedata.spec
+          # and to some final cleanup
+          cp -r -f dist/tnc/* dist/
+          rm -r dist/tnc

-      # - name: Display structure of downloaded files
-      #   run: ls -R
-
-      # - name: cleanup codec2
-      #   working-directory: tnc/lib/
-      #   run: |
-      #     mkdir codec2
-      #     cd codec2
-
-      # - uses: actions/download-artifact@v3
-      #   with:
-      #     path: tnc/lib/codec2
-
-      - name: Build binaries
+      - name: Build binaries Linux and Windows
+        if: ${{!startsWith(matrix.os, 'macos')}}
        working-directory: tnc
        run: |
          # pyinstaller freedata.spec
@ -311,8 +306,8 @@ jobs:
          python3 -m nuitka --enable-plugin=numpy --assume-yes-for-downloads --standalone daemon.py
          python3 -m nuitka --enable-plugin=numpy --assume-yes-for-downloads --standalone main.py

-      - name: Copy binaries - Linux and MacOS
-        if: ${{!startsWith(matrix.os, 'windows')}}
+      - name: Copy binaries - Linux
+        if: ${{startsWith(matrix.os, 'ubuntu')}}
        working-directory: tnc
        run: |
          cp -r -f daemon.dist/* dist/tnc
@ -327,6 +322,8 @@ jobs:
          cp -r -Force main.dist/* dist/tnc

      - name: Rename tnc binaries
+        # we don't need renaming for pyinstaller builds as output name is defined
+        if: ${{!startsWith(matrix.os, 'macos')}}
        working-directory: tnc
        run: |
          mv dist/tnc/daemon* dist/tnc/${{ matrix.daemon_binary_name }}
@ -336,6 +333,7 @@ jobs:
        with:
           path: tnc/dist/tnc

+
      - name: LIST ALL FILES
        run: ls -R

@ -347,48 +345,12 @@ jobs:
      - name: LIST ALL FILES
        run: ls -R

-      #- name: Compress TNC
-      #  # if: ${{!startsWith(matrix.os, 'windows') }}
-      #  shell: bash
-      #  run: |
-      #    cd ./tnc/dist
-      #    zip -r ./${{ matrix.zip_name }}.zip *
-
-      ##- name: Copy TNC to GUI
-      ##  run: |
-      ##    # cp -R ./tnc/dist/tnc ./gui/tnc
-      ##    cp -R ./tnc/dist ./gui/tnc
-
-      ##- name: LIST ALL FILES
-      ##  run: ls -R
-
-      ##- name: Compress TNC
-      ##  uses: thedoctor0/zip-release@master
-      ##  with:
-      ##      type: 'zip'
-      ##      filename: '${{ matrix.zip_name }}'
-      ##      # directory: ./tnc/dist/tnc
-      ##      directory: ./tnc/dist/tnc
-      ##      path: .
-      ##      # exclusions: '*.git* /*node_modules/* .editorconfig'
-
-      ##- name: LIST ALL FILES
-      ##  run: ls -R
-
-      ##- name: Upload TNC artifacts
-      ##  uses: actions/upload-artifact@v3
-      ##  with:
-      ##    name: ${{ matrix.zip_name }}.zip
-      ##    # path: ./tnc/dist/tnc/${{ matrix.zip_name }}.zip
-      ##    path: ./tnc/dist/${{ matrix.zip_name }}.zip
-
-
-      ##- name: Release TNC
-      ##  uses: softprops/action-gh-release@v1
-      ##  if: startsWith(github.ref, 'refs/tags/v')
-      ##  with:
-      ##    files: ./tnc/dist/tnc/${{ matrix.zip_name }}.zip
-      ##    #files: ./tnc/dist/${{ matrix.zip_name }}.zip
+      - name: cleanup on macos before code signing
+        if: ${{startsWith(matrix.os, 'macos')}}
+        run: |
+          ls -l
+          # find . -type d -name .git -exec rm -r {} \;
+          find . -type d -o -name ".git" -delete

      - name: Build/release Electron app
        uses: samuelmeuli/action-electron-builder@v1
--- a/.github/workflows/ctest.yml
+++ b/.github/workflows/ctest.yml
@ -21,6 +21,7 @@ jobs:
          - python-version: "3.9"
          - python-version: "3.10"
          - python-version: "3.11"
+          - python-version: "3.12-dev"

    steps:
      - uses: actions/checkout@v3
--- a/add-osx-cert.sh
+++ b/add-osx-cert.sh
@ -0,0 +1,23 @@
+#!/usr/bin/env sh
+
+KEY_CHAIN=build.keychain
+CERTIFICATE_P12=certificate.p12
+
+# Recreate the certificate from the secure environment variable
+echo $CERTIFICATE_OSX_APPLICATION | base64 --decode > $CERTIFICATE_P12
+
+#create a keychain
+security create-keychain -p actions $KEY_CHAIN
+
+# Make the keychain the default so identities are found
+security default-keychain -s $KEY_CHAIN
+
+# Unlock the keychain
+security unlock-keychain -p actions $KEY_CHAIN
+
+security import $CERTIFICATE_P12 -k $KEY_CHAIN -P $CERTIFICATE_PASSWORD -T /usr/bin/codesign;
+
+security set-key-partition-list -S apple-tool:,apple: -s -k actions $KEY_CHAIN
+
+# remove certs
+rm -fr *.p12
--- a/gui/entitlements.plist
+++ b/gui/entitlements.plist
@ -0,0 +1,16 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
+<plist version="1.0">
+  <dict>
+    <key>com.apple.security.cs.allow-jit</key>
+    <true/>
+    <key>com.apple.security.cs.allow-unsigned-executable-memory</key>
+    <true/>
+    <key>com.apple.security.cs.disable-library-validation</key>
+    <true/>
+    <key>com.apple.security.cs.disable-executable-page-protection</key>
+    <true/>
+    <key>com.apple.security.automation.apple-events</key>
+    <true/>
+  </dict>
+</plist>
--- a/gui/package.json
+++ b/gui/package.json
@ -28,6 +28,9 @@
  },
  "homepage": "https://freedata.app",
  "dependencies": {
+    "@electron/asar": "^3.2.3",
+    "@electron/osx-sign": "^1.0.4",
+    "@popperjs/core": "^2.11.6",
    "blob-util": "^2.0.2",
    "bootstrap": "^5.2.1",
    "bootstrap-icons": "^1.9.1",
@ -98,7 +101,8 @@
        "from": "../tnc/dist/tnc/",
        "to": "tnc",
        "filter": [
-          "**/*"
+          "**/*",
+          "!**/.git"
        ]
      }
    ]
--- a/tnc/freedata.spec
+++ b/tnc/freedata.spec
@ -25,6 +25,7 @@ daemon_exe = EXE(daemon_pyz,
          [],
          exclude_binaries=True,
          name='freedata-daemon',
+          bundle_identifier='com.dj2ls.freedata-daemon',
          debug=False,
          bootloader_ignore_signals=False,
          strip=False,
@ -62,6 +63,7 @@ tnc_exe = EXE(tnc_pyz,
          [],
          exclude_binaries=True,
          name='freedata-tnc',
+          bundle_identifier='com.dj2ls.freedata-tnc',
          debug=False,
          bootloader_ignore_signals=False,
          strip=False,