diff --git a/.github/workflows/pipeline.yml b/.github/workflows/pipeline.yml index 9e6cdbecb..07108ef67 100644 --- a/.github/workflows/pipeline.yml +++ b/.github/workflows/pipeline.yml @@ -172,7 +172,16 @@ jobs: release: if: github.event_name != 'pull_request' - needs: [build, linux-binary-release, linux-arm64-binary-release, macos-binary-release, npm-release, windows-binary-release] + needs: + [ + build, + linux-x64-binary-release, + linux-arm64-binary-release, + macos-intel-binary-release, + macos-arm64-binary-release, + npm-release, + windows-x64-binary-release, + ] name: 'Release' runs-on: ubuntu-latest @@ -184,25 +193,30 @@ jobs: with: name: build - - name: Download MacOS Binary Release + - name: Download MacOS Intel Binary Release uses: actions/download-artifact@v4 with: - name: macos-binary-release + name: macos-intel-binary-release - - name: Download Linux Binary Release + - name: Download MacOS ARM64 Binary Release uses: actions/download-artifact@v4 with: - name: linux-binary-release + name: macos-arm64-binary-release - - name: Download Linux Arm64 Binary Release + - name: Download Linux X64 Binary Release + uses: actions/download-artifact@v4 + with: + name: linux-binary-x64-release + + - name: Download Linux ARM64 Binary Release uses: actions/download-artifact@v4 with: name: linux-arm64-binary-release - - name: Download Windows Binary Release + - name: Download Windows X64 Binary Release uses: actions/download-artifact@v4 with: - name: windows-binary-release + name: windows-x64-binary-release - name: 'Github SHA' id: github-sha @@ -251,16 +265,25 @@ jobs: CHANGELOG.md LICENSE Release.txt - frodo-linux-${{ needs.build.outputs.newVersion }}.zip - frodo-macos-${{ needs.build.outputs.newVersion }}.zip - frodo-win-${{ needs.build.outputs.newVersion }}.zip + frodo-linux-x64-${{ needs.build.outputs.newVersion }}.zip frodo-linux-arm64-${{ needs.build.outputs.newVersion }}.zip + frodo-macos-intel-${{ needs.build.outputs.newVersion }}.zip + frodo-macos-arm64-${{ needs.build.outputs.newVersion }}.zip + frodo-windows-x64-${{ needs.build.outputs.newVersion }}.zip token: ${{ secrets.GITHUB_TOKEN }} npm-release: if: github.event_name != 'pull_request' # npm-release only needs the build job but since it is inconvenient to unpublish an npm we want this job to run last - needs: [build, linux-binary-release, linux-arm64-binary-release, macos-binary-release, windows-binary-release] + needs: + [ + build, + linux-x64-binary-release, + linux-arm64-binary-release, + macos-intel-binary-release, + macos-arm64-binary-release, + windows-x64-binary-release, + ] runs-on: ubuntu-latest steps: - name: Checkout repository @@ -329,11 +352,89 @@ jobs: env: COMMITTER_TOKEN: ${{ secrets.PAT_HOMEBREW_FORMULA_REPO }} - macos-binary-release: + macos-intel-binary-release: + # don't run on PRs, since secrets are not available + if: github.event_name != 'pull_request' + needs: [build, test] + runs-on: macos-13 + timeout-minutes: 15 + steps: + - name: Install the Apple certificate + env: + DEVELOPMENT_CERTIFICATE_DATA: ${{ secrets.DEVELOPMENT_CERTIFICATE_DATA }} + DEVELOPMENT_CERTIFICATE_PASSPHRASE: ${{ secrets.DEVELOPMENT_CERTIFICATE_PASSPHRASE }} + INTERMEDIATE_CERTIFICATE_DATA: ${{ secrets.INTERMEDIATE_CERTIFICATE_DATA }} + KEYCHAIN_PASSWORD: ${{ secrets.KEYCHAIN_PASSWORD }} + run: | + # create variables + CERTIFICATE_PATH=$RUNNER_TEMP/build_certificate.p12 + INTERMEDIATE_CERTIFICATE_PATH=$RUNNER_TEMP/intermediate_certificate.p12 + KEYCHAIN_PATH=$RUNNER_TEMP/app-signing.keychain-db + + # import certificates from secrets + echo -n "$DEVELOPMENT_CERTIFICATE_DATA" | base64 --decode --output $CERTIFICATE_PATH + echo -n "$INTERMEDIATE_CERTIFICATE_DATA" | base64 --decode --output $INTERMEDIATE_CERTIFICATE_PATH + + # create temporary keychain + security create-keychain -p "$KEYCHAIN_PASSWORD" $KEYCHAIN_PATH + security set-keychain-settings -lut 21600 $KEYCHAIN_PATH + security unlock-keychain -p "$KEYCHAIN_PASSWORD" $KEYCHAIN_PATH + + # import certificate to keychain + security import $CERTIFICATE_PATH -P "$DEVELOPMENT_CERTIFICATE_PASSPHRASE" -A -t cert -f pkcs12 -k $KEYCHAIN_PATH + #security import $INTERMEDIATE_CERTIFICATE_PATH -P "$DEVELOPMENT_CERTIFICATE_PASSPHRASE" -A -t cert -f pkcs12 -k $KEYCHAIN_PATH + security list-keychain -d user -s $KEYCHAIN_PATH + + - uses: actions/download-artifact@v4 + with: + name: build + + - uses: actions/setup-node@v4 + with: + node-version: ${{ env.NODE_VERSION }} + cache: 'npm' + + - name: Install dependencies + run: npm ci + + - name: Build + run: npm run dist-pkg + + - name: Sign distribution binary + run: | + cat > entitlements.plist < + com.apple.security.cs.allow-unsigned-executable-memory + + + DELIM + codesign -f -s 'Developer ID Application' --options runtime --entitlements entitlements.plist --timestamp --deep frodo + + # + # Fail early on failing tests. + # + - name: 'Test' + run: | + ./frodo -v + ./frodo journey -h + ./frodo journey export -h + + - name: Create zip file + run: ditto -c -k frodo frodo-macos-intel-${{ needs.build.outputs.newVersion }}.zip + + - name: Notorize + run: xcrun notarytool submit --apple-id ${{ secrets.AC_USERNAME }} --password ${{ secrets.AC_PASSWORD }} --team-id ${{ secrets.AC_TEAM_ID }} --wait frodo-macos-intel-${{ needs.build.outputs.newVersion }}.zip + + - uses: actions/upload-artifact@v4 + with: + name: macos-intel-binary-release + path: frodo-macos-intel-${{ needs.build.outputs.newVersion }}.zip + + macos-arm64-binary-release: # don't run on PRs, since secrets are not available if: github.event_name != 'pull_request' needs: [build, test] - runs-on: macos-latest + runs-on: macos-14 timeout-minutes: 15 steps: - name: Install the Apple certificate @@ -397,20 +498,20 @@ jobs: ./frodo journey export -h - name: Create zip file - run: ditto -c -k frodo frodo-macos-${{ needs.build.outputs.newVersion }}.zip + run: ditto -c -k frodo frodo-macos-arm64-${{ needs.build.outputs.newVersion }}.zip - name: Notorize - run: xcrun notarytool submit --apple-id ${{ secrets.AC_USERNAME }} --password ${{ secrets.AC_PASSWORD }} --team-id ${{ secrets.AC_TEAM_ID }} --wait frodo-macos-${{ needs.build.outputs.newVersion }}.zip + run: xcrun notarytool submit --apple-id ${{ secrets.AC_USERNAME }} --password ${{ secrets.AC_PASSWORD }} --team-id ${{ secrets.AC_TEAM_ID }} --wait frodo-macos-arm64-${{ needs.build.outputs.newVersion }}.zip - uses: actions/upload-artifact@v4 with: - name: macos-binary-release - path: frodo-macos-${{ needs.build.outputs.newVersion }}.zip + name: macos-arm64-binary-release + path: frodo-macos-arm64-${{ needs.build.outputs.newVersion }}.zip - linux-binary-release: + linux-x64-binary-release: # run on PRs for e2e testing binary builds as linux builds do not require secrets. needs: [build, test] - runs-on: ubuntu-latest + runs-on: ubuntu-24.04 steps: - uses: actions/download-artifact@v4 with: @@ -437,18 +538,18 @@ jobs: ./frodo journey export -h - name: Archive distribution binary - run: zip -Z bzip2 frodo-linux-${{ needs.build.outputs.newVersion }}.zip frodo + run: zip -Z bzip2 frodo-linux-x64-${{ needs.build.outputs.newVersion }}.zip frodo - uses: actions/upload-artifact@v4 with: name: linux-binary-release - path: frodo-linux-${{ needs.build.outputs.newVersion }}.zip + path: frodo-linux-x64-${{ needs.build.outputs.newVersion }}.zip linux-arm64-binary-release: # don't run on PRs to speed up the checks if: github.event_name != 'pull_request' needs: [build, test] - runs-on: [self-hosted, ARM64] + runs-on: ubuntu-24.04-arm steps: - uses: actions/download-artifact@v4 with: @@ -483,11 +584,11 @@ jobs: name: linux-arm64-binary-release path: frodo-linux-arm64-${{ needs.build.outputs.newVersion }}.zip - windows-binary-release: + windows-x64-binary-release: # don't run on PRs to speed up the checks if: github.event_name != 'pull_request' needs: [build, test] - runs-on: windows-latest + runs-on: windows-2022 steps: - uses: actions/download-artifact@v4 with: @@ -514,9 +615,9 @@ jobs: ./frodo.exe journey export -h - name: Archive distribution binary - run: 7z a -tzip frodo-win-${{ needs.build.outputs.newVersion }}.zip frodo.exe + run: 7z a -tzip frodo-windows-x64-${{ needs.build.outputs.newVersion }}.zip frodo.exe - uses: actions/upload-artifact@v4 with: name: windows-binary-release - path: frodo-win-${{ needs.build.outputs.newVersion }}.zip + path: frodo-windows-x64-${{ needs.build.outputs.newVersion }}.zip diff --git a/CHANGELOG.md b/CHANGELOG.md index 5a6368d7e..93f15dd80 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -7,6 +7,11 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 ## [Unreleased] +### Fixed + +- \#489: MacOS binaries are now provided for both Intel and ARM64 architectures. +- \#490: Linux ARM64 binary now works on Linux running on ARM64 hardware. + ## [3.0.4-0] - 2025-04-03 ### Changed