|
| 1 | +name: CI/CD with Lazarus IDE on multiple operating systems. |
| 2 | + |
| 3 | +permissions: |
| 4 | + contents: write |
| 5 | + |
| 6 | +on: |
| 7 | + push: |
| 8 | + pull_request: |
| 9 | + workflow_dispatch: |
| 10 | + # Automatic cron build every 6 months to check if everything still works. |
| 11 | + schedule: |
| 12 | + - cron: "0 0 1 1/6 *" |
| 13 | + |
| 14 | +jobs: |
| 15 | + build: |
| 16 | + runs-on: ${{ matrix.os }} |
| 17 | + |
| 18 | + strategy: |
| 19 | + # Set fail-fast to false to ensure that feedback is delivered for all matrix combinations. Consider changing this to true when your workflow is stable. |
| 20 | + fail-fast: false |
| 21 | + |
| 22 | + # Set up an array to perform the following three build configurations. |
| 23 | + matrix: |
| 24 | + os: [ubuntu-latest, windows-latest, macos-latest] |
| 25 | + include: |
| 26 | + - os: windows-latest |
| 27 | + LAZBUILD_WITH_PATH: c:/lazarus/lazbuild |
| 28 | + RELEASE_ZIP_FILE: trackereditor_windows_amd64.zip |
| 29 | + LAZ_OPT: |
| 30 | + - os: ubuntu-latest |
| 31 | + LAZBUILD_WITH_PATH: lazbuild |
| 32 | + RELEASE_ZIP_FILE: trackereditor_linux_amd64.zip |
| 33 | + LAZ_OPT: |
| 34 | + - os: macos-latest |
| 35 | + LAZBUILD_WITH_PATH: /Applications/Lazarus/lazbuild |
| 36 | + RELEASE_ZIP_FILE: trackereditor_macOS_amd64.zip |
| 37 | + LAZ_OPT: --widgetset=cocoa |
| 38 | + |
| 39 | + steps: |
| 40 | + - uses: actions/checkout@v4 |
| 41 | + |
| 42 | + - name: Install Lazarus IDE |
| 43 | + run: | |
| 44 | + if [ "$RUNNER_OS" == "Linux" ]; then |
| 45 | + sudo apt install -y lazarus zip xvfb |
| 46 | + elif [ "$RUNNER_OS" == "Windows" ]; then |
| 47 | + choco install lazarus zip |
| 48 | + # https://wiki.overbyte.eu/wiki/index.php/ICS_Download#Download_OpenSSL_Binaries |
| 49 | + curl -L -O --output-dir enduser https://github.com/GerryFerdinandus/bittorrent-tracker-editor/releases/download/V1.32.0/libssl-3-x64.dll |
| 50 | + curl -L -O --output-dir enduser https://github.com/GerryFerdinandus/bittorrent-tracker-editor/releases/download/V1.32.0/libcrypto-3-x64.dll |
| 51 | + elif [ "$RUNNER_OS" == "macOS" ]; then |
| 52 | + brew install --cask lazarus |
| 53 | + else |
| 54 | + echo "$RUNNER_OS not supported" |
| 55 | + exit 1 |
| 56 | + fi |
| 57 | + shell: bash |
| 58 | + |
| 59 | + - name: Build Release version |
| 60 | + # Build trackereditor project (Release mode) |
| 61 | + run: ${{ matrix.LAZBUILD_WITH_PATH }} --build-mode=Release ${{ matrix.LAZ_OPT }} source/project/tracker_editor/trackereditor.lpi |
| 62 | + shell: bash |
| 63 | + |
| 64 | + - name: Build Unit Test on Windows |
| 65 | + if: matrix.os == 'windows-latest' |
| 66 | + # Build unit test project (Debug mode) |
| 67 | + run: ${{ matrix.LAZBUILD_WITH_PATH }} --build-mode=Debug ${{ matrix.LAZ_OPT }} source/project/unit_test/tracker_editor_test.lpi |
| 68 | + shell: bash |
| 69 | + |
| 70 | + - name: Run Unit Test on Windows |
| 71 | + if: matrix.os == 'windows-latest' |
| 72 | + # Also remove all the extra file created by test. |
| 73 | + # We do not what it in the ZIP release files. |
| 74 | + # Undo all changes made by testing. |
| 75 | + run: | |
| 76 | + set -e |
| 77 | + enduser/test_trackereditor -a --format=plain |
| 78 | + set +e |
| 79 | +
|
| 80 | + # remove file created by unit test |
| 81 | + rm -f enduser/console_log.txt |
| 82 | + rm -f enduser/export_trackers.txt |
| 83 | + git reset --hard |
| 84 | + shell: bash |
| 85 | + |
| 86 | + - name: Test OpenSSL works on Linux CI |
| 87 | + if: matrix.os == 'ubuntu-latest' |
| 88 | + run: xvfb-run --auto-servernum enduser/trackereditor -TEST_SSL |
| 89 | + |
| 90 | + - name: Create a zip file for Linux release. |
| 91 | + if: matrix.os == 'ubuntu-latest' |
| 92 | + run: zip -j ${{ matrix.RELEASE_ZIP_FILE }} enduser/*.txt enduser/trackereditor |
| 93 | + shell: bash |
| 94 | + |
| 95 | + - name: Create a zip file for Windows release. |
| 96 | + if: matrix.os == 'windows-latest' |
| 97 | + run: | |
| 98 | + zip -j ${{ matrix.RELEASE_ZIP_FILE }} enduser/*.txt enduser/trackereditor.exe enduser/*.dll |
| 99 | + shell: bash |
| 100 | + |
| 101 | + - name: Move file into macOS .app |
| 102 | + if: matrix.os == 'macos-latest' |
| 103 | + run: | |
| 104 | + # copy everything into enduser/macos/app folder |
| 105 | + # |
| 106 | + # Move the executable to the application bundle |
| 107 | + mv enduser/trackereditor enduser/macos/app/trackereditor.app/Contents/MacOS |
| 108 | +
|
| 109 | + # Move the trackers list to application bundle |
| 110 | + mv enduser/add_trackers.txt enduser/macos/app/trackereditor.app/Contents/MacOS |
| 111 | + mv enduser/remove_trackers.txt enduser/macos/app/trackereditor.app/Contents/MacOS |
| 112 | +
|
| 113 | + # move all the *.txt file |
| 114 | + mv enduser/*.txt enduser/macos/app |
| 115 | +
|
| 116 | + # zip only the app folder with extra text file. |
| 117 | + # /usr/bin/ditto -c -k "enduser/macos/app" "${{ matrix.RELEASE_ZIP_FILE }}" |
| 118 | + shell: bash |
| 119 | + |
| 120 | + - name: Codesign macOS app bundle |
| 121 | + # This macOS Codesign step is copied from: |
| 122 | + # https://federicoterzi.com/blog/automatic-code-signing-and-notarization-for-macos-apps-using-github-actions/ |
| 123 | + # This is a bit different from the previous version for Travis-CI build system to build bittorrent tracker editor |
| 124 | + if: matrix.os == 'macos-latest' |
| 125 | + env: |
| 126 | + MACOS_CERTIFICATE: ${{ secrets.PROD_MACOS_CERTIFICATE }} |
| 127 | + MACOS_CERTIFICATE_PWD: ${{ secrets.PROD_MACOS_CERTIFICATE_PWD }} |
| 128 | + MACOS_CERTIFICATE_NAME: ${{ secrets.PROD_MACOS_CERTIFICATE_NAME }} |
| 129 | + MACOS_CI_KEYCHAIN_PWD: ${{ secrets.PROD_MACOS_CI_KEYCHAIN_PWD }} |
| 130 | + run: | |
| 131 | + # Turn our base64-encoded certificate back to a regular .p12 file |
| 132 | + echo $MACOS_CERTIFICATE | base64 --decode > certificate.p12 |
| 133 | +
|
| 134 | + # We need to create a new keychain, otherwise using the certificate will prompt |
| 135 | + # with a UI dialog asking for the certificate password, which we can't |
| 136 | + # use in a headless CI environment |
| 137 | +
|
| 138 | + security create-keychain -p "$MACOS_CI_KEYCHAIN_PWD" build.keychain |
| 139 | + security default-keychain -s build.keychain |
| 140 | + security unlock-keychain -p "$MACOS_CI_KEYCHAIN_PWD" build.keychain |
| 141 | + security import certificate.p12 -k build.keychain -P "$MACOS_CERTIFICATE_PWD" -T /usr/bin/codesign |
| 142 | + security set-key-partition-list -S apple-tool:,apple:,codesign: -s -k "$MACOS_CI_KEYCHAIN_PWD" build.keychain |
| 143 | +
|
| 144 | + # We finally codesign our app bundle, specifying the Hardened runtime option. |
| 145 | + #/usr/bin/codesign --force -s "$MACOS_CERTIFICATE_NAME" --options runtime enduser/macos/app/trackereditor.app -v |
| 146 | +
|
| 147 | + # sign the app. -sign is the developer cetificate ID |
| 148 | + # entitlements does not work at this moment |
| 149 | + #codesign --timestamp --entitlements enduser/macos/entitlements.plist --force --options runtime --deep --sign $CERTIFICATE_ID $FILE_APP |
| 150 | +
|
| 151 | + # Please note: this is the same code version used in Travis-CI |
| 152 | + /usr/bin/codesign --timestamp --force --options runtime --deep --sign "$MACOS_CERTIFICATE_NAME" enduser/macos/app/trackereditor.app |
| 153 | + shell: bash |
| 154 | + |
| 155 | + - name: Notarize macOS app bundle |
| 156 | + if: matrix.os == 'macos-latest' |
| 157 | + env: |
| 158 | + PROD_MACOS_NOTARIZATION_APPLE_ID: ${{ secrets.PROD_MACOS_NOTARIZATION_APPLE_ID }} |
| 159 | + PROD_MACOS_NOTARIZATION_TEAM_ID: ${{ secrets.PROD_MACOS_NOTARIZATION_TEAM_ID }} |
| 160 | + PROD_MACOS_NOTARIZATION_PWD: ${{ secrets.PROD_MACOS_NOTARIZATION_PWD }} |
| 161 | + run: | |
| 162 | + # Store the notarization credentials so that we can prevent a UI password dialog |
| 163 | + # from blocking the CI |
| 164 | +
|
| 165 | + echo "Create keychain profile" |
| 166 | + xcrun notarytool store-credentials "notarytool-profile" --apple-id "$PROD_MACOS_NOTARIZATION_APPLE_ID" --team-id "$PROD_MACOS_NOTARIZATION_TEAM_ID" --password "$PROD_MACOS_NOTARIZATION_PWD" |
| 167 | +
|
| 168 | + # We can't notarize an app bundle directly, but we need to compress it as an archive. |
| 169 | + # Therefore, we create a zip file containing our app bundle, so that we can send it to the |
| 170 | + # notarization service |
| 171 | +
|
| 172 | + echo "Creating temp notarization archive" |
| 173 | + ditto -c -k --keepParent "enduser/macos/app/trackereditor.app" "notarization.zip" |
| 174 | +
|
| 175 | + # Here we send the notarization request to the Apple's Notarization service, waiting for the result. |
| 176 | + # This typically takes a few seconds inside a CI environment, but it might take more depending on the App |
| 177 | + # characteristics. Visit the Notarization docs for more information and strategies on how to optimize it if |
| 178 | + # you're curious |
| 179 | +
|
| 180 | + echo "Notarize app" |
| 181 | + xcrun notarytool submit "notarization.zip" --keychain-profile "notarytool-profile" --wait |
| 182 | +
|
| 183 | + # Finally, we need to "attach the staple" to our executable, which will allow our app to be |
| 184 | + # validated by macOS even when an internet connection is not available. |
| 185 | + echo "Attach staple" |
| 186 | + xcrun stapler staple "enduser/macos/app/trackereditor.app" |
| 187 | +
|
| 188 | + # Remove notarization.zip, otherwise it will also be 'released' to the end user |
| 189 | + rm -f "notarization.zip" |
| 190 | +
|
| 191 | + # zip only the app folder with extra text file. |
| 192 | + echo "Zip macOS app file" |
| 193 | + /usr/bin/ditto -c -k "enduser/macos/app" "${{ matrix.RELEASE_ZIP_FILE }}" |
| 194 | + shell: bash |
| 195 | + |
| 196 | + - name: Upload Artifact |
| 197 | + uses: actions/upload-artifact@v3 |
| 198 | + with: |
| 199 | + path: ${{ matrix.RELEASE_ZIP_FILE }} |
| 200 | + if-no-files-found: error |
| 201 | + |
| 202 | + - name: Zip file release to end user |
| 203 | + uses: softprops/action-gh-release@v1 |
| 204 | + if: startsWith(github.ref, 'refs/tags/') |
| 205 | + with: |
| 206 | + files: | |
| 207 | + *.zip |
0 commit comments