Skip to content

Commit

Permalink
Codesign and notarize macOS build
Browse files Browse the repository at this point in the history
  • Loading branch information
@drhelius
drhelius committed Sep 4, 2024
1 parent 9d75e4e commit 6ad3a5b
Show file tree
Hide file tree
Showing 4 changed files with 106 additions and 34 deletions.
66 changes: 62 additions & 4 deletions .github/workflows/gearsystem.yml
View file
Original file line number Diff line number Diff line change
@@ -1,10 +1,13 @@
name: Main Workflow
name: Build and Release

on:
workflow_dispatch:
push:
paths-ignore:
- '**.md'
- '.github/**'
- '.vscode/**'
- '.devcontainer/**'
pull_request:
schedule:
- cron: '0 0 * * 0'
Expand Down Expand Up @@ -49,6 +52,28 @@ jobs:
with:
name: ${{ env.NAME_UPPER }}-${{ env.BUILD_NUMBER }}-${{ matrix.os }}
path: artifact/*
linux-clang:
name: Linux (Clang/LLVM)
runs-on: ubuntu-latest
permissions:
contents: read
steps:
- name: Checkout
uses: actions/checkout@v4
with:
fetch-depth: 0
- name: Update OS
run: sudo apt-get update -qq
- name: Install dependencies
run: sudo apt-get install -y libsdl2-dev libglew-dev libgtk-3-dev
- name: Get build number
run: |
echo "BUILD_NUMBER=$(git describe --abbrev=7 --dirty --always --tags)" >> $GITHUB_ENV
- name: make
run: make
working-directory: platforms/linux
env:
USE_CLANG: 1
libretro:
name: Libretro (ubuntu)
runs-on: ubuntu-latest
Expand Down Expand Up @@ -98,12 +123,45 @@ jobs:
- name: make
run: make dist
working-directory: platforms/macos
- name: Codesign app bundle
env:
MACOS_CERTIFICATE: ${{ secrets.PROD_MACOS_CERTIFICATE }}
MACOS_CERTIFICATE_PWD: ${{ secrets.PROD_MACOS_CERTIFICATE_PWD }}
MACOS_CERTIFICATE_NAME: ${{ secrets.PROD_MACOS_CERTIFICATE_NAME }}
MACOS_CI_KEYCHAIN_PWD: ${{ secrets.PROD_MACOS_CI_KEYCHAIN_PWD }}
run: |
echo $MACOS_CERTIFICATE | base64 --decode > certificate.p12
security create-keychain -p "$MACOS_CI_KEYCHAIN_PWD" build.keychain
security default-keychain -s build.keychain
security unlock-keychain -p "$MACOS_CI_KEYCHAIN_PWD" build.keychain
security import certificate.p12 -k build.keychain -P "$MACOS_CERTIFICATE_PWD" -T /usr/bin/codesign
security set-key-partition-list -S apple-tool:,apple:,codesign: -s -k "$MACOS_CI_KEYCHAIN_PWD" build.keychain
codesign -v -f -o runtime --sign "$MACOS_CERTIFICATE_NAME" ${{ env.NAME_UPPER }}.app/Contents/MacOS/gamecontrollerdb.txt
codesign -v -f -o runtime --entitlements "app.entitlements" --sign "$MACOS_CERTIFICATE_NAME" ${{ env.NAME_UPPER }}.app/Contents/MacOS/${{ env.NAME_LOWER }}
codesign -v -f -o runtime --sign "$MACOS_CERTIFICATE_NAME" ${{ env.NAME_UPPER }}.app
codesign -v -vvv --deep "${{ env.NAME_UPPER }}.app"
working-directory: platforms/macos
- name: Notarize app bundle
env:
PROD_MACOS_NOTARIZATION_APPLE_ID: ${{ secrets.PROD_MACOS_NOTARIZATION_APPLE_ID }}
PROD_MACOS_NOTARIZATION_TEAM_ID: ${{ secrets.PROD_MACOS_NOTARIZATION_TEAM_ID }}
PROD_MACOS_NOTARIZATION_PWD: ${{ secrets.PROD_MACOS_NOTARIZATION_PWD }}
run: |
xcrun notarytool store-credentials "notarytool-profile" --apple-id "$PROD_MACOS_NOTARIZATION_APPLE_ID" --team-id "$PROD_MACOS_NOTARIZATION_TEAM_ID" --password "$PROD_MACOS_NOTARIZATION_PWD"
ditto -c -k --keepParent "${{ env.NAME_UPPER }}.app" "notarization.zip"
xcrun notarytool submit "notarization.zip" --keychain-profile "notarytool-profile" --wait
xcrun stapler staple "${{ env.NAME_UPPER }}.app"
spctl -a -vvv -t install "${{ env.NAME_UPPER }}.app"
ditto -c -k --keepParent "${{ env.NAME_UPPER }}.app" "${{ env.NAME_UPPER }}.app.zip"
working-directory: platforms/macos
- name: Prepare artifact directory
run: |
mkdir -p artifact
cp platforms/README.txt artifact
cp platforms/gamecontrollerdb.txt artifact
cp -R platforms/macos/${{ env.NAME_UPPER }}.app artifact
cp platforms/README.txt artifact/
mv platforms/macos/${{ env.NAME_UPPER }}.app.zip artifact/
- name: Archive binary
uses: actions/upload-artifact@v4
with:
Expand Down
55 changes: 36 additions & 19 deletions platforms/desktop-shared/Makefile.common
View file
Original file line number Diff line number Diff line change
@@ -1,7 +1,16 @@
CXX = g++
CC = gcc
#CXX = clang++
#CC = clang
define HEADER
____ _
/ ___| ___ __ _ _ __ ___ _ _ ___| |_ ___ _ __ ___
| | _ / _ \\/ _` | '__/ __| | | / __| __/ _ \\ '_ ` _ \\
| |_| | __/ (_| | | \\__ \\ |_| \\__ \\ || __/ | | | | |
\\____|\\___|\\__,_|_| |___/\\__, |___/\\__\\___|_| |_| |_|
|___/

** Building for $(PLATFORM) platform **
** Git version: $(GIT_VERSION) **

endef
export HEADER

TARGET_NAME = gearsystem
GIT_VERSION := "$(shell git describe --abbrev=7 --dirty --always --tags)"
Expand All @@ -10,17 +19,28 @@ PLATFORM = "undefined"

OBJECTS += $(SOURCES_C:.c=.o) $(SOURCES_CXX:.cpp=.o)

USE_CLANG ?= 0
ifeq ($(USE_CLANG), 1)
CXX = clang++
CC = clang
else
CXX = g++
CC = gcc
endif

CPPFLAGS += -I../ -I../../
CPPFLAGS += -Wall -Wextra -Wformat -DEMULATOR_BUILD=\"$(GIT_VERSION)\"
CXXFLAGS += -std=c++11
CFLAGS += -std=c99

DEBUG ?= 0
ifeq ($(DEBUG), 1)
BUILD_CONFIG = Debug
CPPFLAGS +=-DDEBUG -g3
else
CPPFLAGS +=-DNDEBUG -O3 -flto
LDFLAGS += -flto
BUILD_CONFIG = Release
CPPFLAGS +=-DNDEBUG -O3 -flto=auto
LDFLAGS += -O3 -flto=auto
endif

SANITIZE ?= 0
Expand All @@ -29,23 +49,17 @@ ifeq ($(SANITIZE), 1)
LDFLAGS += -lasan
endif

ifeq ($(UNAME_S), Linux) #LINUX
ifeq ($(UNAME_S), Linux)
PLATFORM = "Linux"
LDFLAGS += -lGL -lGLEW -ldl `sdl2-config --libs`
CPPFLAGS += `sdl2-config --cflags`
TARGET := $(TARGET_NAME)
else ifeq ($(UNAME_S), Darwin) #APPLE
else ifeq ($(UNAME_S), Darwin)
PLATFORM = "macOS"
LDFLAGS += -framework OpenGL -framework Cocoa -framework IOKit -framework CoreVideo `sdl2-config --libs`
LDFLAGS += -L/usr/local/lib
LDFLAGS += -framework OpenGL `sdl2-config --static-libs`
CPPFLAGS += `sdl2-config --cflags`
CPPFLAGS += -I/usr/local/include -I/opt/local/include
CPPFLAGS += -I/opt/local/include
TARGET := $(TARGET_NAME)
else ifeq ($(findstring MINGW,$(UNAME_S)),MINGW)
PLATFORM = "MinGW"
LDFLAGS += -lgdi32 -lopengl32 -lglew32 -limm32 `pkg-config --static --libs sdl2`
CPPFLAGS += `pkg-config --cflags sdl2`
TARGET := $(TARGET_NAME).exe
else
PLATFORM = "Generic Unix-like/BSD"
LDFLAGS += `sdl2-config --libs` -lSDL2
Expand All @@ -56,8 +70,8 @@ else
TARGET := $(TARGET_NAME)
endif

all: $(TARGET)
@echo Build complete for $(PLATFORM)
all: header $(TARGET)
@echo Build complete for $(PLATFORM) \($(BUILD_CONFIG)\)

$(TARGET): $(OBJECTS)
$(CXX) -o $@ $(OBJECTS) $(LDFLAGS)
Expand All @@ -72,4 +86,7 @@ $(TARGET): $(OBJECTS)
$(CC) $(CPPFLAGS) $(CFLAGS) -c -o $@ $<

clean:
rm -f $(OBJECTS) $(TARGET)
rm -f $(OBJECTS) $(TARGET)

header:
@echo "$$HEADER"
11 changes: 0 additions & 11 deletions platforms/macos/Makefile
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,27 +6,16 @@ LDFLAGS += -framework AppKit -framework UniformTypeIdentifiers

include ../desktop-shared/Makefile.common

# Brew use a different path on Apple Silicon as on Intel
UNAME_P := $(shell uname -m)
ifneq ($(filter arm64%,$(UNAME_P)),)
DYLIB_PATH=/opt/homebrew/lib/
else
DYLIB_PATH=/usr/local/opt/sdl2/lib
endif

SDL_DYLIB=libSDL2-2.0.0.dylib
APP_NAME=Gearsystem

bundle:
rm -rf $(APP_NAME).app
mkdir -p $(APP_NAME).app/Contents/{MacOS,Resources,Frameworks}
sed -e "s/@version@/$(GIT_VERSION)/g" Info.plist > $(APP_NAME).app/Contents/Info.plist
cp $(DYLIB_PATH)/$(SDL_DYLIB) $(APP_NAME).app/Contents/Frameworks/
cp iconfile.icns $(APP_NAME).app/Contents/Resources/
cp $(TARGET) $(APP_NAME).app/Contents/MacOS/
cp run.sh $(APP_NAME).app/Contents/MacOS/
cp ../gamecontrollerdb.txt $(APP_NAME).app/Contents/MacOS/
install_name_tool -change $(DYLIB_PATH)/$(SDL_DYLIB) @$(APP_NAME).app/Contents/MacOS/$(SDL_DYLIB) $(APP_NAME).app/Contents/MacOS/$(APP_NAME)

dist: clean all bundle
@echo Success!!
8 changes: 8 additions & 0 deletions platforms/macos/app.entitlements
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,8 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>com.apple.security.cs.disable-library-validation</key>
<true/>
</dict>
</plist>

0 comments on commit 6ad3a5b

Please sign in to comment.