qt-creator: Retry windows signing. #296
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: 'CI' | |
on: | |
push: | |
tags: | |
- 'v*.*.*' | |
branches: | |
- master | |
pull_request: | |
branches: | |
- master | |
jobs: | |
build: | |
runs-on: ${{ matrix.map.os }} | |
strategy: | |
matrix: | |
map: [{os: windows-2019, host: windows, suffix: exe}, | |
{os: windows-2019, host: windows-factory, suffix: exe}, | |
{os: ubuntu-20.04, host: linux, suffix: run}, | |
{os: macos-12, host: mac, suffix: dmg}, | |
{os: ubuntu-20.04, host: linux-rpi, suffix: tar.gz}] | |
fail-fast: false | |
steps: | |
- name: '❖ Fix default line endings on Windows' | |
if: matrix.map.host == 'windows' || matrix.map.host == 'windows-factory' | |
run: git config --global core.autocrlf input | |
- name: '⏳ Checkout repository' | |
uses: actions/checkout@v3 | |
with: | |
submodules: recursive | |
- name: '❖ Install Windows Certificates (1/3)' | |
if: matrix.map.host == 'windows' || matrix.map.host == 'windows-factory' | |
env: | |
SM_CLIENT_CERT_FILE_B64: ${{ secrets.SM_CLIENT_CERT_FILE_B64 }} | |
run: | | |
CERTIFICATE_PATH=$RUNNER_TEMP/certificate.p12 | |
echo "$SM_CLIENT_CERT_FILE_B64" | base64 --decode > $CERTIFICATE_PATH | |
echo "SM_CLIENT_CERT_FILE=$CERTIFICATE_PATH" >> "$GITHUB_ENV" | |
echo "C:\Program Files (x86)\Windows Kits\10\App Certification Kit" >> $GITHUB_PATH | |
echo "C:\Program Files\DigiCert\DigiCert One Signing Manager Tools" >> $GITHUB_PATH | |
shell: bash | |
- name: '❖ Install Windows Certificates (2/3)' | |
if: matrix.map.host == 'windows' || matrix.map.host == 'windows-factory' | |
uses: digicert/[email protected] | |
- name: '❖ Install Windows Certificates (3/3)' | |
if: matrix.map.host == 'windows' || matrix.map.host == 'windows-factory' | |
env: | |
SM_API_KEY: ${{ secrets.SM_API_KEY }} | |
run: smksp_cert_sync | |
- name: '🍏 Install Apple Certificates' | |
if: matrix.map.host == 'mac' | |
env: | |
APPLICATION_CERTIFICATE_BASE64: ${{ secrets.MAC_APPLICATION_CER }} | |
APPLICATION_P12_PASSWORD: ${{ secrets.MAC_APPLICATION_CER_PASSWORD }} | |
INSTALLER_CERTIFICATE_BASE64: ${{ secrets.MAC_INSTALLER_CER }} | |
INSTALLER_P12_PASSWORD: ${{ secrets.MAC_INSTALLER_CER_PASSWORD }} | |
KEYCHAIN_PASSWORD: ${{ secrets.MAC_KEYCHAIN_PASSWORD }} | |
APPLE_ID: ${{ secrets.MAC_APPLE_ID }} | |
TEAM_ID: ${{ secrets.MAC_TEAM_ID }} | |
NOTARYTOOL_PASSWORD: ${{ secrets.MAC_2FA_PASSWORD }} | |
run: | | |
KEYCHAIN_PATH=$RUNNER_TEMP/app-signing.keychain-db | |
APPLICATION_CERTIFICATE_PATH=$RUNNER_TEMP/application_certificate.p12 | |
INSTALLER_CERTIFICATE_PATH=$RUNNER_TEMP/installer_certificate.p12 | |
echo -n "$APPLICATION_CERTIFICATE_BASE64" | base64 --decode -o $APPLICATION_CERTIFICATE_PATH | |
echo -n "$INSTALLER_CERTIFICATE_BASE64" | base64 --decode -o $INSTALLER_CERTIFICATE_PATH | |
security create-keychain -p "$KEYCHAIN_PASSWORD" $KEYCHAIN_PATH | |
security set-keychain-settings -lut 21600 $KEYCHAIN_PATH | |
security unlock-keychain -p "$KEYCHAIN_PASSWORD" $KEYCHAIN_PATH | |
security import $APPLICATION_CERTIFICATE_PATH -P "$APPLICATION_P12_PASSWORD" -A -t cert -f pkcs12 -k $KEYCHAIN_PATH | |
security import $INSTALLER_CERTIFICATE_PATH -P "$INSTALLER_P12_PASSWORD" -A -t cert -f pkcs12 -k $KEYCHAIN_PATH | |
security list-keychain -d user -s $KEYCHAIN_PATH | |
xcrun notarytool store-credentials "AC_PASSWORD" --apple-id "$APPLE_ID" --team-id "$TEAM_ID" --password "$NOTARYTOOL_PASSWORD" | |
- name: '⬇ Install Qt on Windows' | |
if: matrix.map.host == 'windows' || matrix.map.host == 'windows-factory' | |
uses: jurplel/install-qt-action@v3 | |
with: | |
aqtversion: '==3.1.*' | |
version: '6.5.1' | |
host: 'windows' | |
target: 'desktop' | |
arch: 'win64_mingw' | |
dir: 'C:\Users\runneradmin' | |
modules: 'qtimageformats qtserialport qt5compat' | |
cache: true | |
tools: 'tools_cmake tools_ifw tools_ninja tools_mingw90' | |
- name: '⬇ Install Qt on Linux' | |
if: matrix.map.host == 'linux' | |
uses: jurplel/install-qt-action@v3 | |
with: | |
aqtversion: '==3.1.*' | |
version: '6.5.1' | |
host: 'linux' | |
target: 'desktop' | |
arch: 'gcc_64' | |
dir: '/home/runner' | |
modules: 'qtimageformats qtserialport qt5compat' | |
cache: true | |
tools: 'tools_cmake tools_ifw tools_ninja' | |
- name: '⬇ Install Qt on Mac' | |
if: matrix.map.host == 'mac' | |
uses: jurplel/install-qt-action@v3 | |
with: | |
aqtversion: '==3.1.*' | |
version: '6.5.1' | |
host: 'mac' | |
target: 'desktop' | |
arch: 'clang_64' | |
dir: '/Users/runner' | |
modules: 'qtimageformats qtserialport qt5compat' | |
cache: true | |
tools: 'tools_cmake tools_ninja' | |
- name: '⬇ Install Qt Cross-Compile for Raspberry Pi' | |
if: matrix.map.host == 'linux-rpi' | |
run: | | |
sudo apt-mark hold grub-efi-amd64-signed | |
sudo apt update --fix-missing -y | |
sudo apt upgrade -y | |
sudo apt-get install -y make | |
sudo apt-get install -y build-essential | |
sudo apt-get install -y libclang-dev | |
sudo apt-get install -y ninja-build | |
sudo apt-get install -y gcc | |
sudo apt-get install -y git | |
sudo apt-get install -y bison | |
sudo apt-get install -y python3 | |
sudo apt-get install -y gperf | |
sudo apt-get install -y pkg-config | |
sudo apt-get install -y libfontconfig1-dev | |
sudo apt-get install -y libfreetype6-dev | |
sudo apt-get install -y libx11-dev | |
sudo apt-get install -y libx11-xcb-dev | |
sudo apt-get install -y libxext-dev | |
sudo apt-get install -y libxfixes-dev | |
sudo apt-get install -y libxi-dev | |
sudo apt-get install -y libxrender-dev | |
sudo apt-get install -y libxcb1-dev | |
sudo apt-get install -y libxcb-glx0-dev | |
sudo apt-get install -y libxcb-keysyms1-dev | |
sudo apt-get install -y libxcb-image0-dev | |
sudo apt-get install -y libxcb-shm0-dev | |
sudo apt-get install -y libxcb-icccm4-dev | |
sudo apt-get install -y libxcb-sync-dev | |
sudo apt-get install -y libxcb-xfixes0-dev | |
sudo apt-get install -y libxcb-shape0-dev | |
sudo apt-get install -y libxcb-randr0-dev | |
sudo apt-get install -y libxcb-render-util0-dev | |
sudo apt-get install -y libxcb-util-dev | |
sudo apt-get install -y libxcb-xinerama0-dev | |
sudo apt-get install -y libxcb-xkb-dev | |
sudo apt-get install -y libxkbcommon-dev | |
sudo apt-get install -y libxkbcommon-x11-dev | |
sudo apt-get install -y libatspi2.0-dev | |
sudo apt-get install -y libgl1-mesa-dev | |
sudo apt-get install -y libglu1-mesa-dev | |
sudo apt-get install -y freeglut3-dev | |
sudo apt-get install -y gcc-aarch64-linux-gnu | |
sudo apt-get install -y g++-aarch64-linux-gnu | |
sudo apt-get install -y libclang-11-dev | |
sudo add-apt-repository -y ppa:ubuntu-toolchain-r/test | |
sudo apt-get update -y | |
sudo apt-get upgrade -y libstdc++6 | |
strings /usr/lib/x86_64-linux-gnu/libstdc++.so.6 | grep GLIBCXX | |
sudo cp cross-compile-ldd /usr/bin/aarch64-linux-gnu-ldd | |
cd ~ | |
wget https://github.com/openmv/qt-raspi/releases/download/v6.5.1/qt-raspi.tar.gz | |
tar -xzvf qt-raspi.tar.gz | |
- name: '🏗 Build IDE on Windows' | |
if: matrix.map.host == 'windows' | |
env: | |
SM_HOST: ${{ secrets.SM_HOST }} | |
SM_API_KEY: ${{ secrets.SM_API_KEY }} | |
SM_CLIENT_CERT_PASSWORD: ${{ secrets.SM_CLIENT_CERT_PASSWORD }} | |
SM_CODE_SIGNING_CERT_SHA1_HASH: ${{ secrets.SM_CODE_SIGNING_CERT_SHA1_HASH }} | |
run: | | |
python make.py | |
python make.py --no-build-installer | |
- name: '🏗 Build IDE on Windows' | |
if: matrix.map.host == 'windows-factory' | |
env: | |
SM_HOST: ${{ secrets.SM_HOST }} | |
SM_API_KEY: ${{ secrets.SM_API_KEY }} | |
SM_CLIENT_CERT_PASSWORD: ${{ secrets.SM_CLIENT_CERT_PASSWORD }} | |
SM_CODE_SIGNING_CERT_SHA1_HASH: ${{ secrets.SM_CODE_SIGNING_CERT_SHA1_HASH }} | |
run: | | |
python make.py --factory | |
python make.py --factory --no-build-installer | |
- name: '🏗 Build IDE on Linux' | |
if: matrix.map.host == 'linux' | |
env: | |
MAKE_ARGS: ${{ matrix.map.make_args }} | |
run: | | |
sudo apt-get install -y chrpath | |
python make.py | |
python make.py --no-build-installer | |
version=$(ls build | grep -oP 'openmv-ide-linux-x86_64-\K[0-9]+\.[0-9]+\.[0-9]+(?=\.run)') | |
cd qt-creator/share/qtcreator | |
zip -r ../../../build/openmv-ide-resources-${version}.zip examples firmware html models | |
- name: '🏗 Build IDE on Mac' | |
if: matrix.map.host == 'mac' | |
run: python make.py | |
- name: '🏗 Build IDE on Linux for Raspberry Pi' | |
if: matrix.map.host == 'linux-rpi' | |
run: python make.py --rpi ~/qt-raspi | |
- name: '⬆ Upload artifacts' | |
if: github.event_name != 'pull_request' | |
uses: actions/upload-artifact@v4 | |
with: | |
name: artifact-${{ matrix.map.os }}-${{ matrix.map.host }}-${{ matrix.map.suffix }} | |
path: 'build/openmv-*.${{ matrix.map.suffix }}' | |
if-no-files-found: error | |
- name: '⬆ Upload zip' | |
if: github.event_name != 'pull_request' && (matrix.map.host == 'windows' || matrix.map.host == 'windows-factory') | |
uses: actions/upload-artifact@v4 | |
with: | |
name: artifact-${{ matrix.map.os }}-${{ matrix.map.host }}-${{ matrix.map.suffix }}-zip | |
path: 'build/openmv-*.zip' | |
if-no-files-found: error | |
- name: '⬆ Upload resources (1/2)' | |
if: github.event_name != 'pull_request' && matrix.map.host == 'linux' | |
uses: actions/upload-artifact@v4 | |
with: | |
name: artifact-${{ matrix.map.os }}-${{ matrix.map.host }}-${{ matrix.map.suffix }}-tar-gz | |
path: 'build/openmv-*.tar.gz' | |
if-no-files-found: error | |
- name: '⬆ Upload resources (2/2)' | |
if: github.event_name != 'pull_request' && matrix.map.host == 'linux' | |
uses: actions/upload-artifact@v4 | |
with: | |
name: artifact-${{ matrix.map.os }}-${{ matrix.map.host }}-${{ matrix.map.suffix }}-zip | |
path: 'build/openmv-*.zip' | |
if-no-files-found: error | |
- name: '❖ Remove Windows Certificates' | |
if: matrix.map.host == 'windows' || matrix.map.host == 'windows-factory' | |
run: rm $SM_CLIENT_CERT_FILE | |
shell: bash | |
- name: '🍏 Remove Apple Certificates' | |
if: matrix.map.host == 'mac' | |
run: security delete-keychain $RUNNER_TEMP/app-signing.keychain-db | |
stable-release: | |
needs: build | |
runs-on: ubuntu-latest | |
if: github.event_name == 'push' && startsWith(github.ref, 'refs/tags/v') | |
steps: | |
- name: '🤌 Download artifacts' | |
uses: actions/download-artifact@v4 | |
with: | |
path: artifact | |
pattern: artifact-* | |
merge-multiple: true | |
- name: "✏️ Generate release changelog" | |
id: changelog | |
uses: mikepenz/release-changelog-builder-action@v3 | |
with: | |
toTag: ${{ github.sha }} | |
configuration: '.github/workflows/changelog.json' | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
- name: '🔥 Create stable release' | |
uses: softprops/action-gh-release@v1 | |
with: | |
draft: true | |
files: artifact/* | |
body: ${{steps.changelog.outputs.changelog}} | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
- name: '🧹 Remove artifacts' | |
uses: geekyeggo/delete-artifact@v2 | |
with: | |
name: 'openmv-*' | |
failOnError: false | |
development-release: | |
needs: build | |
runs-on: ubuntu-latest | |
if: github.event_name == 'push' && startsWith(github.ref, 'refs/tags/v') == false | |
permissions: | |
contents: write | |
steps: | |
- name: '🤌 Download artifacts' | |
uses: actions/download-artifact@v4 | |
with: | |
path: artifact | |
pattern: artifact-* | |
merge-multiple: true | |
- name: '🧹 Delete old release' | |
uses: dev-drprasad/[email protected] | |
with: | |
delete_release: true | |
tag_name: development | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
- name: "✏️ Generate release changelog" | |
id: changelog | |
uses: mikepenz/release-changelog-builder-action@v3 | |
with: | |
toTag: ${{ github.sha }} | |
configuration: '.github/workflows/changelog.json' | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
- name: '🔥 Create development release' | |
uses: softprops/action-gh-release@v1 | |
with: | |
draft: false | |
name: Development Release | |
tag_name: development | |
body: | | |
**⚠️ This is a development release, and it may be unstable.** | |
${{steps.changelog.outputs.changelog}} | |
files: artifact/* | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
- name: '🧹 Remove artifacts' | |
uses: geekyeggo/delete-artifact@v2 | |
with: | |
name: 'openmv-*' | |
failOnError: false |