Build Launcher #31
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Build Launcher | |
on: | |
pull_request: | |
push: | |
branches: | |
- "master" | |
workflow_dispatch: | |
jobs: | |
build: | |
# both Windows and Linux builds run on Ubuntu | |
runs-on: ${{ matrix.build == 'macos' && 'macos' || 'ubuntu' }}-latest | |
strategy: | |
fail-fast: false | |
matrix: | |
build: [macos, windows, linux] | |
include: | |
- build: linux | |
host-triple: x86_64-unknown-linux-gnu | |
rustflags: "" | |
target-bin: 'cusf_launcher.x86_64' | |
target-triple: x86_64-unknown-linux-gnu | |
- build: macos | |
host-triple: x86_64-apple-darwin | |
rustflags: "" | |
target-bin: 'cusf_launcher.dmg' | |
target-triple: x86_64-apple-darwin | |
- build: windows | |
host-triple: x86_64-unknown-linux-gnu | |
rustflags: "-C linker=/usr/bin/x86_64-w64-mingw32-gcc" | |
target-bin: 'cusf_launcher.exe' | |
target-triple: x86_64-pc-windows-gnu | |
steps: | |
- uses: actions/checkout@v3 | |
- uses: chickensoft-games/setup-godot@v1 | |
with: | |
version: 4.3.0 | |
use-dotnet: false | |
include-templates: true | |
- name: Verify Setup | |
run: godot --version | |
- name: Install latest stable Rust toolchain | |
uses: dtolnay/rust-toolchain@master | |
with: | |
toolchain: stable | |
target: ${{ matrix.target-triple }} | |
- name: Install mingw-w64 | |
run: sudo apt install mingw-w64 | |
if: ${{ matrix.target-triple == 'x86_64-pc-windows-gnu' }} | |
- name: Import certificate to Keychain | |
if: ${{ matrix.build == 'macos' }} | |
run: | | |
echo "${{ secrets.MACOS_CERTIFICATE }}" | base64 --decode > certificate.p12 | |
KEYCHAIN_PASSWORD=$(uuidgen) | |
security create-keychain -p "$KEYCHAIN_PASSWORD" build.keychain | |
security default-keychain -s build.keychain | |
security unlock-keychain -p "$KEYCHAIN_PASSWORD" build.keychain | |
security import ./certificate.p12 -k ~/Library/Keychains/build.keychain -P ${{ secrets.MACOS_CERTIFICATE_PASSWORD }} -T /usr/bin/codesign | |
security set-key-partition-list -S apple-tool:,apple: -s -k "$KEYCHAIN_PASSWORD" ~/Library/Keychains/build.keychain | |
env: | |
MACOS_CERTIFICATE_PASSWORD: ${{ secrets.MACOS_CERTIFICATE_PASSWORD }} | |
- name: Setup notarization credentials | |
if: ${{ matrix.build == 'macos' }} | |
# important: the --path argument passed to the godot build command | |
# below causes the signing to happen with this as the working directory | |
# that means we have to make sure the notarization key is placed here, | |
# in order to not fail with a "file not found". | |
working-directory: cusf_launcher | |
run: | | |
echo ${{ secrets.GODOT_MACOS_NOTARIZATION_API_KEY }} | base64 --decode > notarization_api_key.p8 | |
# MUST be run before build | |
- name: Initialize godot cache | |
run: python3 .github/scripts/godot_ci_cache.py | |
- name: Build rust extensions | |
run: | | |
pushd cusf_launcher_crypto | |
cargo build --target ${{ matrix.host-triple }} | |
cargo build --target ${{ matrix.target-triple }} --release | |
popd | |
env: | |
RUSTFLAGS: ${{ matrix.rustflags }} | |
- name: Export build | |
run: | | |
name="${{fromJSON('{"windows": "Windows", "macos": "Mac", "linux": "Linux"}')[matrix.build] }}" | |
godot --path "./cusf_launcher/" --headless --export-release "$name" "${{ matrix.target-bin }}" --verbose 2>&1 | tee build.log | |
env: | |
GODOT_MACOS_NOTARIZATION_API_KEY_ID: | |
${{ secrets.GODOT_MACOS_NOTARIZATION_API_KEY_ID }} | |
GODOT_MACOS_NOTARIZATION_API_KEY: ./notarization_api_key.p8 | |
GODOT_MACOS_NOTARIZATION_API_UUID: | |
${{ secrets.GODOT_MACOS_NOTARIZATION_API_UUID }} | |
- name: Upload build | |
uses: actions/upload-artifact@v4 | |
with: | |
name: cusf_launcher_${{ matrix.build }} | |
if-no-files-found: error | |
path: cusf_launcher/${{ matrix.target-bin }} | |
- name: Wait for notarization to finish | |
if: ${{ matrix.build == 'macos' }} | |
run: | | |
request_id=$(grep 'Notarization request UUID' build.log | rev | cut -d ' ' -f 1 | rev | tr -d '"') | |
xcrun notarytool wait $request_id \ | |
--issuer ${{ secrets.GODOT_MACOS_NOTARIZATION_API_UUID }} \ | |
--key-id ${{ secrets.GODOT_MACOS_NOTARIZATION_API_KEY_ID }} \ | |
--key ./cusf_launcher/notarization_api_key.p8 | |
upload-artifacts-to-releases-drivechain-info: | |
name: Upload artifacts to releases.drivechain.info | |
runs-on: ubuntu-latest | |
needs: [build] | |
# avoid uploading on PRs! | |
if: github.event_name == 'push' && github.repository_owner == 'LayerTwo-Labs' | |
steps: | |
- name: Download artifacts | |
uses: actions/download-artifact@v4 | |
- name: Create zip files for releases.drivechain.info | |
run: | | |
mv cusf_launcher_linux cusf-launcher-latest-x86_64-unknown-linux-gnu | |
zip -r cusf-launcher-latest-x86_64-unknown-linux-gnu.zip cusf-launcher-latest-x86_64-unknown-linux-gnu/* | |
mv cusf_launcher_macos cusf-launcher-latest-x86_64-apple-darwin | |
zip -r cusf-launcher-latest-x86_64-apple-darwin.zip cusf-launcher-latest-x86_64-apple-darwin/* | |
mv cusf_launcher_windows cusf-launcher-latest-x86_64-w64 | |
zip -r cusf-launcher-latest-x86_64-w64.zip cusf-launcher-latest-x86_64-w64/* | |
- name: Upload release assets to releases.drivechain.info | |
uses: cross-the-world/ssh-scp-ssh-pipelines@latest | |
with: | |
host: 45.33.96.47 | |
user: root | |
pass: ${{ secrets.RELEASES_SERVER_PW }} | |
port: 22 | |
scp: | | |
'cusf-launcher-latest-*.zip' => '/var/www/html/' |