65fd80754a
* Bump prefix-dev/setup-pixi from 0.8.8 to 0.8.10
Bumps [prefix-dev/setup-pixi](https://github.com/prefix-dev/setup-pixi) from 0.8.8 to 0.8.10.
- [Release notes](https://github.com/prefix-dev/setup-pixi/releases)
- [Commits](19eac09b39...14c8aabd75)
---
updated-dependencies:
- dependency-name: prefix-dev/setup-pixi
dependency-version: 0.8.10
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
* Update pixi-version as well
Co-authored-by: Jackson Oursland <jacob.oursland@gmail.com>
---------
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Chris Hennes <chennes@pioneerlibrarysystem.org>
Co-authored-by: Jackson Oursland <jacob.oursland@gmail.com>
171 lines
6.7 KiB
YAML
171 lines
6.7 KiB
YAML
name: Weekly Build
|
|
on:
|
|
schedule:
|
|
- cron: "42 18 * * 1"
|
|
workflow_dispatch:
|
|
|
|
permissions:
|
|
contents: write
|
|
|
|
jobs:
|
|
tag_build:
|
|
runs-on: ubuntu-latest
|
|
outputs:
|
|
build_tag: ${{ steps.tag_build.outputs.build_tag }}
|
|
steps:
|
|
- name: Harden the runner (Audit all outbound calls)
|
|
uses: step-security/harden-runner@0634a2670c59f64b4a01f0f96f84700a4088b9f0 # v2.12.0
|
|
with:
|
|
egress-policy: audit
|
|
|
|
- name: Checkout Source
|
|
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
|
|
with:
|
|
fetch-depth: 2
|
|
fetch-tags: true
|
|
submodules: 'recursive'
|
|
|
|
- name: Tag Build
|
|
id: tag_build
|
|
shell: bash -l {0}
|
|
env:
|
|
GH_TOKEN: ${{ github.token }}
|
|
run: |
|
|
export BUILD_TAG=weekly-$(date "+%Y.%m.%d")
|
|
echo "BUILD_TAG=${BUILD_TAG}" >> "$GITHUB_ENV"
|
|
echo "build_tag=${BUILD_TAG}" >> "$GITHUB_OUTPUT"
|
|
gh release create ${BUILD_TAG} --title "Development Build ${BUILD_TAG}" -F .github/workflows/weekly-build-notes.md --prerelease || true
|
|
|
|
- name: Upload Source
|
|
id: upload_source
|
|
shell: bash -l {0}
|
|
env:
|
|
GH_TOKEN: ${{ github.token }}
|
|
run: |
|
|
python3 package/rattler-build/scripts/make_version_file.py ../freecad_version.txt
|
|
git config user.email '41898282+github-actions[bot]@users.noreply.github.com'
|
|
git config user.name 'github-actions[bot]'
|
|
git apply package/rattler-build/scripts/disable_git_info.patch
|
|
git commit -a -m "Disable git info write to Version.h"
|
|
git archive HEAD -o freecad_source_${BUILD_TAG}.tar
|
|
git submodule foreach --recursive \
|
|
"git archive HEAD --prefix=\$path/ -o \$sha1.tar && \
|
|
tar -A -f \$toplevel/freecad_source_${BUILD_TAG}.tar \$sha1.tar && \
|
|
rm \$sha1.tar"
|
|
gzip freecad_source_${BUILD_TAG}.tar
|
|
sha256sum freecad_source_${BUILD_TAG}.tar.gz > freecad_source_${BUILD_TAG}.tar.gz-SHA256.txt
|
|
gh release upload --clobber ${BUILD_TAG} "freecad_source_${BUILD_TAG}.tar.gz" "freecad_source_${BUILD_TAG}.tar.gz-SHA256.txt"
|
|
|
|
build:
|
|
needs: tag_build
|
|
strategy:
|
|
matrix:
|
|
include:
|
|
- { target: linux-64, os: ubuntu-22.04 }
|
|
- { target: linux-arm64, os: ubuntu-22.04-arm }
|
|
- { target: osx-64, os: macos-13 }
|
|
- { target: osx-arm64, os: macos-latest }
|
|
- { target: win-64, os: windows-latest }
|
|
fail-fast: false
|
|
|
|
runs-on: ${{ matrix.os }}
|
|
environment: weekly-build
|
|
steps:
|
|
- name: Harden the runner (Audit all outbound calls)
|
|
uses: step-security/harden-runner@0634a2670c59f64b4a01f0f96f84700a4088b9f0 # v2.12.0
|
|
with:
|
|
egress-policy: audit
|
|
|
|
# prevent running out of disk space on Ubuntu runners.
|
|
- name: Maximize build space
|
|
if: runner.os == 'Linux'
|
|
uses: AdityaGarg8/remove-unwanted-software@90e01b21170618765a73370fcc3abbd1684a7793 # v5
|
|
with:
|
|
verbose: 'true'
|
|
remove-android: 'true' # (frees ~9 GB)
|
|
remove-cached-tools: 'true' # (frees ~8.3 GB)
|
|
|
|
- name: Set Platform Environment Variables
|
|
shell: bash -l {0}
|
|
env:
|
|
BUILD_TAG: ${{ needs.tag_build.outputs.build_tag }}
|
|
OPERATING_SYSTEM: ${{ runner.os }}
|
|
run: |
|
|
echo "BUILD_TAG=${BUILD_TAG}" >> "$GITHUB_ENV"
|
|
if [[ $OPERATING_SYSTEM == 'Windows' ]]; then
|
|
echo 'PIXI_CACHE_DIR=D:\rattler' >> "$GITHUB_ENV"
|
|
echo 'RATTLER_CACHE_DIR=D:\rattler' >> "$GITHUB_ENV"
|
|
fi
|
|
|
|
- name: Checkout Source
|
|
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
|
|
with:
|
|
fetch-depth: 2
|
|
fetch-tags: true
|
|
submodules: 'recursive'
|
|
|
|
- uses: prefix-dev/setup-pixi@14c8aabd75893f83f4ab30c03e7cf853c8208961 # v0.8.10
|
|
with:
|
|
pixi-version: v0.48.1
|
|
cache: false
|
|
|
|
- name: Install the Apple certificate and provisioning profile
|
|
if: runner.os == 'macOS'
|
|
env:
|
|
APP_SPECIFIC_PASSWORD: ${{ secrets.APP_SPECIFIC_PASSWORD }}
|
|
APPLE_ID: ${{ secrets.APPLE_ID }}
|
|
BUILD_CERTIFICATE_BASE64: ${{ secrets.BUILD_CERTIFICATE_BASE64 }}
|
|
BUILD_PROVISION_PROFILE_BASE64: ${{ secrets.BUILD_PROVISION_PROFILE_BASE64 }}
|
|
DEVELOPER_TEAM_ID: ${{ secrets.DEVELOPER_TEAM_ID }}
|
|
KEYCHAIN_PASSWORD: ${{ secrets.KEYCHAIN_PASSWORD }}
|
|
P12_PASSWORD: ${{ secrets.P12_PASSWORD }}
|
|
run: |
|
|
# create variables
|
|
CERTIFICATE_PATH=$RUNNER_TEMP/build_certificate.p12
|
|
PP_PATH=$RUNNER_TEMP/FreeCAD_Weekly.provisionprofile
|
|
KEYCHAIN_PATH=$RUNNER_TEMP/app-signing.keychain-db
|
|
|
|
export KEYCHAIN_PASSWORD=$(openssl rand -base64 8)
|
|
|
|
# import certificate and provisioning profile from secrets
|
|
echo -n "$BUILD_CERTIFICATE_BASE64" | base64 --decode -o $CERTIFICATE_PATH
|
|
echo -n "$BUILD_PROVISION_PROFILE_BASE64" | base64 --decode -o $PP_PATH
|
|
|
|
# create temporary keychain
|
|
security create-keychain -p "$KEYCHAIN_PASSWORD" $KEYCHAIN_PATH
|
|
security set-keychain-settings -lut 21600 $KEYCHAIN_PATH
|
|
security unlock-keychain -p "$KEYCHAIN_PASSWORD" $KEYCHAIN_PATH
|
|
|
|
# import certificate to keychain
|
|
security import $CERTIFICATE_PATH -P "$P12_PASSWORD" -A -t cert -f pkcs12 -k $KEYCHAIN_PATH
|
|
security set-key-partition-list -S apple-tool:,apple: -k "$KEYCHAIN_PASSWORD" $KEYCHAIN_PATH
|
|
security list-keychain -d user -s $KEYCHAIN_PATH
|
|
|
|
# apply provisioning profile
|
|
mkdir -p ~/Library/Provisioning\ Profiles
|
|
cp $PP_PATH ~/Library/Provisioning\ Profiles
|
|
|
|
xcrun notarytool store-credentials "FreeCAD" --keychain "$KEYCHAIN_PATH" --apple-id "${APPLE_ID}" --password "${APP_SPECIFIC_PASSWORD}" --team-id "${DEVELOPER_TEAM_ID}"
|
|
|
|
- name: Build and Release Packages
|
|
shell: bash
|
|
env:
|
|
GH_TOKEN: ${{ github.token }}
|
|
SIGNING_KEY_ID: ${{ secrets.SIGNING_KEY_ID }}
|
|
SIGN_RELEASE: "true"
|
|
TARGET_PLATFORM: ${{ matrix.target }}
|
|
UPLOAD_RELEASE: "true"
|
|
run: |
|
|
python3 package/rattler-build/scripts/make_version_file.py ../freecad_version.txt
|
|
git apply package/rattler-build/scripts/disable_git_info.patch
|
|
cd package/rattler-build
|
|
pixi install
|
|
pixi run -e package create_bundle
|
|
|
|
## Needed if running on a self-hosted runner:
|
|
# - name: Clean up keychain and provisioning profile
|
|
# if: ${{ always() }}
|
|
# run: |
|
|
# security delete-keychain $RUNNER_TEMP/app-signing.keychain-db
|
|
# rm ~/Library/MobileDevice/Provisioning\ Profiles/build_pp.mobileprovision
|