-
Notifications
You must be signed in to change notification settings - Fork 4
222 lines (192 loc) · 8.26 KB
/
build.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
name: Cross-Platform Build with PyInstaller
on:
pull_request:
branches: [ main ]
workflow_call:
jobs:
check-format:
name: Check Formatting 🔍
uses: ./.github/workflows/check-format.yaml
permissions:
contents: read
build:
needs: check-format
strategy:
matrix:
os: [ubuntu-latest, macos-x86, macos-arm64, windows-latest]
include:
- os: macos-x86
python-version: '3.11'
target: macos-x86
runs-on: macos-13
- os: macos-arm64
python-version: '3.11'
target: macos-arm64
runs-on: macos-latest
- os: ubuntu-latest
python-version: '3.11'
target: linux
runs-on: ubuntu-latest
- os: windows-latest
python-version: '3.11'
target: windows
runs-on: windows-latest
runs-on: ${{ matrix.runs-on }}
steps:
- uses: actions/checkout@v4
- name: Set up Python
uses: actions/setup-python@v5
with:
python-version: ${{ matrix.python-version }}
- name: Install tesserocr for Windows
if: matrix.os == 'windows-latest'
run: |
Invoke-WebRequest -Uri https://github.com/simonflueckiger/tesserocr-windows_build/releases/download/tesserocr-v2.7.0-tesseract-5.3.4/tesserocr-2.7.0-cp311-cp311-win_amd64.whl -OutFile tesserocr-2.7.0-cp311-cp311-win_amd64.whl
python -m pip install tesserocr-2.7.0-cp311-cp311-win_amd64.whl
- name: Install tesserocr for MacOS arm64
if: matrix.os == 'macos-arm64'
run: |
brew install tesseract
pip install --no-binary tesserocr tesserocr
- name: Install pyinstaller for Windows
if: matrix.os == 'windows-latest'
run: |
Invoke-WebRequest -Uri https://github.com/pyinstaller/pyinstaller/archive/refs/tags/v6.8.0.zip -OutFile pyinstaller-6.8.0.zip
Expand-Archive -Path pyinstaller-6.8.0.zip -DestinationPath .
cd pyinstaller-6.8.0
python -m pip install .
cd ..
Remove-Item -Recurse -Force pyinstaller-6.8.0
Remove-Item -Force pyinstaller-6.8.0.zip
- name: Install dependencies
run: |
python -m pip install -r requirements.txt
- name: Install MacOS dependencies
if: matrix.os == 'macos-x86' || matrix.os == 'macos-arm64'
run: |
pip install -r requirements-mac.txt
- name: Install Windows dependencies
if: matrix.os == 'windows-latest'
run: |
python -m pip install -r requirements-win.txt
- name: Import Apple Certificate
if: matrix.os == 'macos-x86' || matrix.os == 'macos-arm64'
run: |
if security list-keychains | grep -q "github_build.keychain"; then
security delete-keychain github_build.keychain
fi
security create-keychain -p "" github_build.keychain
security default-keychain -s github_build.keychain
security set-keychain-settings -lut 21600 github_build.keychain
echo "${{ secrets.APPLE_CERTIFICATE }}" | base64 --decode > apple_certificate.p12
security import apple_certificate.p12 -k github_build.keychain -P "${{ secrets.APPLE_CERTIFICATE_PASSWORD }}" \
-t cert -f pkcs12 -T /usr/bin/codesign -T /usr/bin/security -T /usr/bin/xcrun
security unlock-keychain -p "" github_build.keychain
security set-key-partition-list -S 'apple-tool:,apple:' -s -k "" github_build.keychain
security list-keychain -d user -s github_build.keychain 'login-keychain'
env:
APPLE_CERTIFICATE: ${{ secrets.APPLE_CERTIFICATE }}
APPLE_CERTIFICATE_PASSWORD: ${{ secrets.APPLE_CERTIFICATE_PASSWORD }}
- name: Unlock keychain on Mac
if: matrix.os == 'macos-x86' || matrix.os == 'macos-arm64'
run: |
security unlock-keychain -p "" github_build.keychain
security set-key-partition-list -S apple-tool:,apple: -k "" -D "Developer" -t private github_build.keychain
- name: List available signing identities
if: matrix.os == 'macos-x86' || matrix.os == 'macos-arm64'
run: |
security find-identity -v -p codesigning
# write a .env file with the secrets
- name: Write .env file Mac & Linux
if: matrix.os != 'windows-latest'
run: |
echo "LOCAL_RELEASE_TAG=${GITHUB_REF_NAME}" >> .env
echo "LOCAL_RELEASE_DATE=$(date -u +"%Y-%m-%dT%H:%M:%SZ")" >> .env
- name: Write .env file Windows
if: matrix.os == 'windows-latest'
run: |
@"
LOCAL_RELEASE_TAG=$env:GITHUB_REF_NAME
LOCAL_RELEASE_DATE=$(Get-Date -Format 'yyyy-MM-ddTHH:mm:ssZ')
"@ | Out-File -FilePath .env -Encoding ASCII
shell: pwsh
- name: Build device enumeration module on Windows
if: matrix.os == 'windows-latest'
run: |
cd src/win32DeviceEnum
python setup.py build_ext --inplace
cd ../..
- name: Build with PyInstaller (MacOS)
if: matrix.os == 'macos-x86' || matrix.os == 'macos-arm64'
run: |
pyinstaller --clean --noconfirm scoresight.spec -- --mac_osx
env:
APPLE_APP_DEVELOPER_ID: ${{ secrets.APPLE_APP_DEVELOPER_ID }}
- name: Build with PyInstaller (Windows)
if: matrix.os == 'windows-latest'
run: |
if ("${{ github.event_name }}" -eq "pull_request") {
pyinstaller --clean --noconfirm scoresight.spec -- --win --debug
} else {
pyinstaller --clean --noconfirm scoresight.spec -- --win
}
- name: Build with PyInstaller (Linux)
if: matrix.os == 'ubuntu-latest'
run: |
pyinstaller --clean --noconfirm scoresight.spec
- name: Zip Application for Notarization
if: (matrix.os == 'macos-x86' || matrix.os == 'macos-arm64') && github.event_name != 'pull_request'
run: |
ditto -c -k --keepParent dist/scoresight.app scoresight.zip
- name: Notarize and Staple
if: (matrix.os == 'macos-x86' || matrix.os == 'macos-arm64') && github.event_name != 'pull_request'
run: |
xcrun notarytool submit scoresight.zip --apple-id \
"${{ secrets.APPLE_DEVELOPER_ID_USER }}" --password \
"${{ secrets.APPLE_DEVELOPER_ID_PASSWORD }}" --team-id \
"${{ secrets.APPLE_DEVELOPER_ID_TEAM }}" --wait --verbose
chmod 755 dist/scoresight.app
xcrun stapler staple dist/scoresight.app
- name: Verify Notarization
if: (matrix.os == 'macos-x86' || matrix.os == 'macos-arm64') && github.event_name != 'pull_request'
run: |
spctl -a -v dist/scoresight.app
rm scoresight.zip
- name: Add version to .iss file
if: matrix.os == 'windows-latest'
run: |
$version = (Get-Content -Path scoresight.iss -Raw) -replace '@SCORESIGHT_VERSION@', $env:GITHUB_REF_NAME
$version | Out-File -FilePath scoresight.iss -Encoding ASCII
shell: pwsh
- name: Compile .ISS to .EXE Installer
if: matrix.os == 'windows-latest'
uses: Minionguyjpro/[email protected]
with:
path: scoresight.iss
options: /O+
- name: Create tar Linux
if: matrix.os == 'ubuntu-latest'
# strip the folder name from the tar
run: |
chmod a+x dist/scoresight
tar -cvf scoresight.tar -C dist scoresight
- name: Create dmg MacOS
if: matrix.os == 'macos-x86' || matrix.os == 'macos-arm64'
run: |
chmod a+x dist/scoresight.app
hdiutil create -volname "ScoreSight" -srcfolder dist/scoresight.app -ov -format UDRO scoresight-${{ matrix.target }}.dmg
- name: Create zip on Windows
if: matrix.os == 'windows-latest'
run: |
Compress-Archive -Path "dist/scoresight-setup.exe" -DestinationPath "./scoresight.zip"
shell: pwsh
- name: Upload artifact
uses: actions/upload-artifact@v4
with:
name: scoresight-${{ matrix.target }}
# only upload exe on windows, tar on linux, dmg on macos
path: |
scoresight-macos-arm64.dmg
scoresight-macos-x86.dmg
scoresight.tar
scoresight.zip