Use trusted-signing-account-name #875
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Build | |
on: [pull_request, push] | |
permissions: | |
contents: read # Fetch code (actions/checkout) | |
packages: write # Upload and publish packages to GitHub Packages | |
jobs: | |
build: | |
strategy: | |
fail-fast: false | |
matrix: | |
include: | |
- os: windows-2019 | |
vcpkg_path: C:\mixxx-vcpkg | |
vcpkg_bootstrap: .\bootstrap-vcpkg.bat | |
vcpkg_triplet: x64-windows | |
vcpkg_host_triplet: x64-windows | |
check_disk_space: Get-PSDrive | |
- os: macos-11 | |
vcpkg_path: /Users/runner/mixxx-vcpkg | |
vcpkg_bootstrap: ./bootstrap-vcpkg.sh | |
vcpkg_triplet: x64-osx-min1100 | |
vcpkg_host_triplet: x64-osx-min1100 | |
check_disk_space: df -h | |
- os: macos-11 | |
vcpkg_path: /Users/runner/mixxx-vcpkg | |
vcpkg_bootstrap: ./bootstrap-vcpkg.sh | |
vcpkg_triplet: arm64-osx-min1100-release | |
vcpkg_host_triplet: x64-osx-min1100-release | |
check_disk_space: df -h | |
env: | |
VCPKG_DEFAULT_TRIPLET: ${{ matrix.vcpkg_triplet }} | |
VCPKG_DEFAULT_HOST_TRIPLET: ${{ matrix.vcpkg_host_triplet }} | |
DEPS_BASE_NAME: mixxx-deps | |
DEVELOPER_DIR: /Applications/Xcode_12.4.app/Contents/Developer | |
MIXXX_VERSION: 2.5 | |
name: ${{ matrix.vcpkg_triplet }} | |
runs-on: ${{ matrix.os }} | |
steps: | |
- name: Check out git repository | |
uses: actions/checkout@v3 | |
with: | |
path: mixxx-vcpkg | |
# Workaround for issues https://github.com/microsoft/vcpkg/issues/8272 | |
# and https://github.com/actions/checkout/issues/197 | |
# to keep the build path short and work around size limits on the windows runner D: drive | |
- name: Move checkout | |
run: cmake -E copy_directory ${{ github.workspace }}/mixxx-vcpkg ${{ matrix.vcpkg_path }} | |
- name: "Authenticate to GitHub Packages (readwrite)" | |
if: runner.os != 'Linux' && github.event_name == 'push' && github.repository_owner == 'mixxxdj' | |
shell: bash | |
run: | | |
nuget sources add -Name "mixxx-github-packages" -Source "https://nuget.pkg.github.com/mixxxdj/index.json" -UserName "${{ github.repository_owner }}" -Password "${{ secrets.GITHUB_TOKEN }}" -StorePasswordInClearText | |
nuget setapikey "${{ secrets.GITHUB_TOKEN }}" -Source "mixxx-github-packages" | |
echo "VCPKG_BINARY_SOURCES=clear;nuget,mixxx-github-packages,readwrite;" >> "${GITHUB_ENV}" | |
- name: "Authenticate to GitHub Packages (read only)" | |
if: runner.os != 'Linux' && (github.event_name == 'pull_request' || github.repository_owner != 'mixxxdj') | |
shell: bash | |
run: | | |
nuget sources add -Name "mixxx-github-packages" -Source "https://nuget.pkg.github.com/mixxxdj/index.json" -UserName "${{ github.repository_owner }}" -Password "${{ secrets.GITHUB_TOKEN }}" -StorePasswordInClearText | |
nuget setapikey "${{ secrets.GITHUB_TOKEN }}" -Source "mixxx-github-packages" | |
echo "VCPKG_BINARY_SOURCES=clear;nuget,mixxx-github-packages,read;" >> "${GITHUB_ENV}" | |
- name: Read sha_short | |
id: vars | |
shell: bash | |
run: echo "sha_short=$(git rev-parse --short HEAD)" >> $GITHUB_OUTPUT | |
working-directory: ${{ matrix.vcpkg_path }} | |
# update cmake to 2.29.2 to work around https://github.com/microsoft/vcpkg/issues/37968 | |
- name: "[macOS] Set up cmake" | |
uses: jwlawson/actions-setup-cmake@v2.0 | |
with: | |
cmake-version: "3.29.2" | |
- name: Bootstrap vcpkg | |
run: ${{ matrix.vcpkg_bootstrap }} | |
working-directory: ${{ matrix.vcpkg_path }} | |
- name: "[macOS] Bootstrap vcpkg" | |
if: runner.os == 'macOS' | |
run: | | |
brew update && brew install nasm autoconf-archive | |
/bin/bash -c "sudo xcode-select --switch /Applications/Xcode_12.4.app/Contents/Developer" | |
xcrun --show-sdk-version | |
- name: Check available disk space | |
run: ${{ matrix.check_disk_space }} | |
- name: Build packages | |
run: ./vcpkg install --vcpkg-root=${{ matrix.vcpkg_path }} --clean-after-build --recurse --feature-flags="-compilertracking,manifests,registries,versions" --x-abi-tools-use-exact-versions | |
working-directory: ${{ matrix.vcpkg_path }} | |
- name: "[Windows] Sign release DLLs" | |
env: | |
AZURE_TENANT_ID: ${{ secrets.AZURE_TENANT_ID }} | |
if: runner.os == 'Windows' && env.AZURE_TENANT_ID | |
uses: azure/trusted-signing-action@v0.4.0 | |
with: | |
azure-tenant-id: ${{ secrets.AZURE_TENANT_ID }} | |
azure-client-id: ${{ secrets.AZURE_CLIENT_ID }} | |
azure-client-secret: ${{ secrets.AZURE_CLIENT_SECRET }} | |
endpoint: https://weu.codesigning.azure.net/ | |
trusted-signing-account-name: mixxx | |
certificate-profile-name: mixxx | |
files-folder: ${{ matrix.vcpkg_path }}/vcpkg_installed/${{ matrix.vcpkg_triplet }}/bin | |
files-folder-filter: dll | |
file-digest: SHA256 | |
timestamp-rfc3161: http://timestamp.acs.microsoft.com | |
timestamp-digest: SHA256 | |
timeout: 600 | |
- name: "[Windows] Sign release plugins" | |
env: | |
AZURE_TENANT_ID: ${{ secrets.AZURE_TENANT_ID }} | |
if: runner.os == 'Windows' && env.AZURE_TENANT_ID | |
uses: azure/trusted-signing-action@v0.4.0 | |
with: | |
azure-tenant-id: ${{ secrets.AZURE_TENANT_ID }} | |
azure-client-id: ${{ secrets.AZURE_CLIENT_ID }} | |
azure-client-secret: ${{ secrets.AZURE_CLIENT_SECRET }} | |
endpoint: https://weu.codesigning.azure.net/ | |
trusted-signing-account-name: mixxx | |
certificate-profile-name: mixxx | |
files-folder: ${{ matrix.vcpkg_path }}/vcpkg_installed/${{ matrix.vcpkg_triplet }}/Qt6/plugins | |
files-folder-filter: dll | |
files-folder-recurse: true | |
file-digest: SHA256 | |
timestamp-rfc3161: http://timestamp.acs.microsoft.com | |
timestamp-digest: SHA256 | |
timeout: 600 | |
- name: "[Windows] Sign qml DLLs" | |
env: | |
AZURE_TENANT_ID: ${{ secrets.AZURE_TENANT_ID }} | |
if: runner.os == 'Windows' && env.AZURE_TENANT_ID | |
uses: azure/trusted-signing-action@v0.4.0 | |
with: | |
azure-tenant-id: ${{ secrets.AZURE_TENANT_ID }} | |
azure-client-id: ${{ secrets.AZURE_CLIENT_ID }} | |
azure-client-secret: ${{ secrets.AZURE_CLIENT_SECRET }} | |
endpoint: https://weu.codesigning.azure.net/ | |
trusted-signing-account-name: mixxx | |
certificate-profile-name: mixxx | |
files-folder: ${{ matrix.vcpkg_path }}/vcpkg_installed/${{ matrix.vcpkg_triplet }}/Qt6/qml | |
files-folder-filter: dll | |
files-folder-recurse: true | |
file-digest: SHA256 | |
timestamp-rfc3161: http://timestamp.acs.microsoft.com | |
timestamp-digest: SHA256 | |
timeout: 600 | |
- name: Upload GitHub Actions artifacts of build logs | |
if: always() | |
uses: actions/upload-artifact@v3 | |
with: | |
name: logs-${{ matrix.vcpkg_triplet }} | |
path: ${{ matrix.vcpkg_path }}/buildtrees/**/*.log | |
- name: Create buildenv archive | |
run: ./vcpkg export --vcpkg-root=${{ matrix.vcpkg_path }} --x-all-installed --zip --output=${{ env.DEPS_BASE_NAME }}-${{ env.MIXXX_VERSION }}-${{ matrix.vcpkg_triplet }}-${{ steps.vars.outputs.sha_short }} --output-dir=${{ matrix.vcpkg_path }} | |
working-directory: ${{ matrix.vcpkg_path }} | |
- name: "[Windows] Install additional tools" | |
if: runner.os == 'Windows' && env.SSH_PASSWORD != null | |
env: | |
SSH_PASSWORD: ${{ secrets.DOWNLOADS_HOSTGATOR_DOT_MIXXX_DOT_ORG_KEY_PASSWORD }} | |
run: | | |
$Env:PATH="C:\msys64\usr\bin;$Env:PATH" | |
pacman -S --noconfirm coreutils bash rsync openssh | |
Add-Content -Path "$Env:GITHUB_ENV" -Value "PATH=$Env:PATH" | |
- name: "Upload build to downloads.mixxx.org" | |
if: github.event_name == 'push' && env.SSH_PASSWORD != null | |
run: bash .github/deploy.sh ${{ env.DEPS_BASE_NAME }}-${{ env.MIXXX_VERSION }}-${{ matrix.vcpkg_triplet }}-${{ steps.vars.outputs.sha_short }}.zip | |
working-directory: ${{ matrix.vcpkg_path }} | |
env: | |
DESTDIR: public_html/downloads/dependencies | |
OS: ${{ runner.os }} | |
SSH_AUTH_SOCK: /tmp/ssh_agent.sock | |
SSH_HOST: downloads-hostgator.mixxx.org | |
SSH_KEY: ${{ secrets.DOWNLOADS_HOSTGATOR_DOT_MIXXX_DOT_ORG_KEY }} | |
SSH_PASSWORD: ${{ secrets.DOWNLOADS_HOSTGATOR_DOT_MIXXX_DOT_ORG_KEY_PASSWORD }} | |
SSH_USER: mixxx | |
UPLOAD_ID: ${{ github.run_id }} | |
- name: Upload GitHub Actions artifacts | |
uses: actions/upload-artifact@v3 | |
with: | |
name: ${{ env.DEPS_BASE_NAME }}-${{ env.MIXXX_VERSION }}-${{ matrix.vcpkg_triplet }}-${{ steps.vars.outputs.sha_short }} | |
path: ${{ matrix.vcpkg_path }}/${{ env.DEPS_BASE_NAME }}-${{ env.MIXXX_VERSION }}-${{ matrix.vcpkg_triplet }}-${{ steps.vars.outputs.sha_short }}.zip | |
# Workaround for https://github.com/actions/cache/issues/531 | |
- name: Use system tar & zstd from Chocolatey for caching | |
shell: bash | |
run: | | |
echo "C:/Windows/System32;C:/ProgramData/Chocolatey/bin" >> $GITHUB_PATH |