From 7d7c94cd917a66121e6b1714b7ef990626e02e03 Mon Sep 17 00:00:00 2001 From: Mykola Grymalyuk Date: Sat, 22 Apr 2023 08:17:57 -0600 Subject: [PATCH 1/8] Spin up test runner --- .github/workflows/build-app-wxpython.yml | 2 +- .github/workflows/validate.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/build-app-wxpython.yml b/.github/workflows/build-app-wxpython.yml index 000198293..974b08efa 100644 --- a/.github/workflows/build-app-wxpython.yml +++ b/.github/workflows/build-app-wxpython.yml @@ -9,7 +9,7 @@ on: jobs: build: name: Build wxPython - runs-on: x86_64_mojave + runs-on: x86_64_test_monterey if: github.repository_owner == 'dortania' env: diff --git a/.github/workflows/validate.yml b/.github/workflows/validate.yml index 52496e234..4f3be47e8 100644 --- a/.github/workflows/validate.yml +++ b/.github/workflows/validate.yml @@ -9,7 +9,7 @@ on: jobs: build: name: Validate - runs-on: x86_64_mojave + runs-on: x86_64_test_monterey if: github.repository_owner == 'dortania' env: branch: ${{ github.ref }} From f2f81f52392eb96eb4f95744ef40a4be1493bb00 Mon Sep 17 00:00:00 2001 From: Mykola Grymalyuk Date: Sat, 22 Apr 2023 16:09:41 -0600 Subject: [PATCH 2/8] CI: Import cert --- .github/workflows/build-app-wxpython.yml | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/.github/workflows/build-app-wxpython.yml b/.github/workflows/build-app-wxpython.yml index 974b08efa..5af09d63a 100644 --- a/.github/workflows/build-app-wxpython.yml +++ b/.github/workflows/build-app-wxpython.yml @@ -16,6 +16,8 @@ jobs: branch: ${{ github.ref }} commiturl: ${{ github.event.head_commit.url }}${{ github.event.release.html_url }} commitdate: ${{ github.event.head_commit.timestamp }}${{ github.event.release.published_at }} + MAC_CODESIGN_IDENTITY: ${{ secrets.MAC_CODESIGN_IDENTITY }} + MAC_CODESIGN_CERT: ${{ secrets.MAC_CODESIGN_CERT }} MAC_NOTARIZATION_USERNAME: ${{ secrets.MAC_NOTARIZATION_USERNAME }} MAC_NOTARIZATION_PASSWORD: ${{ secrets.MAC_NOTARIZATION_PASSWORD }} ANALYTICS_KEY: ${{ secrets.ANALYTICS_KEY }} @@ -24,7 +26,14 @@ jobs: steps: - uses: actions/checkout@v3 - run: /Library/Frameworks/Python.framework/Versions/3.10/bin/python3 Build-Binary.command --reset_binaries --branch "${{ env.branch }}" --commit "${{ env.commiturl }}" --commit_date "${{ env.commitdate }}" --key "${{ env.ANALYTICS_KEY }}" --site "${{ env.ANALYTICS_SITE }}" - - run: 'codesign -s "Developer ID Application: Mykola Grymalyuk (S74BDJXQMD)" -v --force --deep --timestamp --entitlements ./payloads/entitlements.plist -o runtime "dist/OpenCore-Patcher.app"' + + - name: Import Certificate + uses: apple-actions/import-codesign-certs@v1 + with: + p12-file-base64: ${{ secrets.MAC_CODESIGN_CERT }} + p12-password: ${{ secrets.MAC_NOTARIZATION_PASSWORD }} + + - run: 'codesign -s "${{ env.MAC_CODESIGN_IDENTITY }}" -v --force --deep --timestamp --entitlements ./payloads/entitlements.plist -o runtime "dist/OpenCore-Patcher.app"' - run: cd dist; ditto -c -k --sequesterRsrc --keepParent OpenCore-Patcher.app ../OpenCore-Patcher-wxPython.app.zip - run: xcrun altool --notarize-app --primary-bundle-id "com.dortania.opencore-legacy-patcher" --username "${{ env.MAC_NOTARIZATION_USERNAME }}" --password "${{ env.MAC_NOTARIZATION_PASSWORD }}" --file OpenCore-Patcher-wxPython.app.zip - run: packagesbuild ./payloads/InstallPackage/AutoPkg-Assets-Setup.pkgproj From 1b8dcd1c1b783f23946acc4a514538cff8592793 Mon Sep 17 00:00:00 2001 From: Mykola Grymalyuk Date: Sat, 22 Apr 2023 16:27:10 -0600 Subject: [PATCH 3/8] CI: adjust formatting --- .github/workflows/build-app-wxpython.yml | 24 ++++++++++++++++++------ .github/workflows/validate.yml | 3 ++- 2 files changed, 20 insertions(+), 7 deletions(-) diff --git a/.github/workflows/build-app-wxpython.yml b/.github/workflows/build-app-wxpython.yml index 5af09d63a..f77943335 100644 --- a/.github/workflows/build-app-wxpython.yml +++ b/.github/workflows/build-app-wxpython.yml @@ -25,7 +25,9 @@ jobs: steps: - uses: actions/checkout@v3 - - run: /Library/Frameworks/Python.framework/Versions/3.10/bin/python3 Build-Binary.command --reset_binaries --branch "${{ env.branch }}" --commit "${{ env.commiturl }}" --commit_date "${{ env.commitdate }}" --key "${{ env.ANALYTICS_KEY }}" --site "${{ env.ANALYTICS_SITE }}" + + - name: Build Binary + run: /Library/Frameworks/Python.framework/Versions/3.10/bin/python3 Build-Binary.command --reset_binaries --branch "${{ env.branch }}" --commit "${{ env.commiturl }}" --commit_date "${{ env.commitdate }}" --key "${{ env.ANALYTICS_KEY }}" --site "${{ env.ANALYTICS_SITE }}" - name: Import Certificate uses: apple-actions/import-codesign-certs@v1 @@ -33,11 +35,21 @@ jobs: p12-file-base64: ${{ secrets.MAC_CODESIGN_CERT }} p12-password: ${{ secrets.MAC_NOTARIZATION_PASSWORD }} - - run: 'codesign -s "${{ env.MAC_CODESIGN_IDENTITY }}" -v --force --deep --timestamp --entitlements ./payloads/entitlements.plist -o runtime "dist/OpenCore-Patcher.app"' - - run: cd dist; ditto -c -k --sequesterRsrc --keepParent OpenCore-Patcher.app ../OpenCore-Patcher-wxPython.app.zip - - run: xcrun altool --notarize-app --primary-bundle-id "com.dortania.opencore-legacy-patcher" --username "${{ env.MAC_NOTARIZATION_USERNAME }}" --password "${{ env.MAC_NOTARIZATION_PASSWORD }}" --file OpenCore-Patcher-wxPython.app.zip - - run: packagesbuild ./payloads/InstallPackage/AutoPkg-Assets-Setup.pkgproj - - run: mv ./OpenCore-Patcher-wxPython.app.zip ./OpenCore-Patcher-GUI.app.zip + - name: Codesign Binary + run: 'codesign -s "${{ env.MAC_CODESIGN_IDENTITY }}" -v --force --deep --timestamp --entitlements ./payloads/entitlements.plist -o runtime "dist/OpenCore-Patcher.app"' + + - name: Package Binary + run: cd dist; ditto -c -k --sequesterRsrc --keepParent OpenCore-Patcher.app ../OpenCore-Patcher-wxPython.app.zip + + - name: Notarize Binary + run: xcrun altool --notarize-app --primary-bundle-id "com.dortania.opencore-legacy-patcher" --username "${{ env.MAC_NOTARIZATION_USERNAME }}" --password "${{ env.MAC_NOTARIZATION_PASSWORD }}" --file OpenCore-Patcher-wxPython.app.zip + + - name: Generate support package + run: packagesbuild ./payloads/InstallPackage/AutoPkg-Assets-Setup.pkgproj + + - name: Prepare App for Upload + run: mv ./OpenCore-Patcher-wxPython.app.zip ./OpenCore-Patcher-GUI.app.zip + - name: Upload App to Artifacts uses: actions/upload-artifact@v3 with: diff --git a/.github/workflows/validate.yml b/.github/workflows/validate.yml index 4f3be47e8..8b57e3240 100644 --- a/.github/workflows/validate.yml +++ b/.github/workflows/validate.yml @@ -17,4 +17,5 @@ jobs: commitdate: ${{ github.event.head_commit.timestamp }}${{ github.event.release.published_at }} steps: - uses: actions/checkout@v3 - - run: /Library/Frameworks/Python.framework/Versions/3.10/bin/python3 OpenCore-Patcher-GUI.command --validate + - name: Validate + run: /Library/Frameworks/Python.framework/Versions/3.10/bin/python3 OpenCore-Patcher-GUI.command --validate From 6bec4ca2d25a86bd5f43f5050d6bcf097b092923 Mon Sep 17 00:00:00 2001 From: Mykola Grymalyuk Date: Sat, 22 Apr 2023 16:34:30 -0600 Subject: [PATCH 4/8] CI: Switch to notarytool --- .github/workflows/build-app-wxpython.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/build-app-wxpython.yml b/.github/workflows/build-app-wxpython.yml index f77943335..a7bf846af 100644 --- a/.github/workflows/build-app-wxpython.yml +++ b/.github/workflows/build-app-wxpython.yml @@ -42,7 +42,7 @@ jobs: run: cd dist; ditto -c -k --sequesterRsrc --keepParent OpenCore-Patcher.app ../OpenCore-Patcher-wxPython.app.zip - name: Notarize Binary - run: xcrun altool --notarize-app --primary-bundle-id "com.dortania.opencore-legacy-patcher" --username "${{ env.MAC_NOTARIZATION_USERNAME }}" --password "${{ env.MAC_NOTARIZATION_PASSWORD }}" --file OpenCore-Patcher-wxPython.app.zip + run: xcrun notarytool submit --apple-id "${{ env.MAC_NOTARIZATION_USERNAME }}" --password "${{ env.MAC_NOTARIZATION_PASSWORD }}" --file OpenCore-Patcher-wxPython.app.zip - name: Generate support package run: packagesbuild ./payloads/InstallPackage/AutoPkg-Assets-Setup.pkgproj From 117e7fa6ff0caf1c4a728bb809ed9095e425f918 Mon Sep 17 00:00:00 2001 From: Mykola Grymalyuk Date: Sat, 22 Apr 2023 16:40:43 -0600 Subject: [PATCH 5/8] CI: Comment out cert handling Action can only be used once on self-hosted runners --- .github/workflows/build-app-wxpython.yml | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/.github/workflows/build-app-wxpython.yml b/.github/workflows/build-app-wxpython.yml index a7bf846af..2b7b03463 100644 --- a/.github/workflows/build-app-wxpython.yml +++ b/.github/workflows/build-app-wxpython.yml @@ -29,11 +29,12 @@ jobs: - name: Build Binary run: /Library/Frameworks/Python.framework/Versions/3.10/bin/python3 Build-Binary.command --reset_binaries --branch "${{ env.branch }}" --commit "${{ env.commiturl }}" --commit_date "${{ env.commitdate }}" --key "${{ env.ANALYTICS_KEY }}" --site "${{ env.ANALYTICS_SITE }}" - - name: Import Certificate - uses: apple-actions/import-codesign-certs@v1 - with: - p12-file-base64: ${{ secrets.MAC_CODESIGN_CERT }} - p12-password: ${{ secrets.MAC_NOTARIZATION_PASSWORD }} + # Uncomment when using Github Runners or first run on self-hosted + # - name: Import Certificate + # uses: apple-actions/import-codesign-certs@v1 + # with: + # p12-file-base64: ${{ secrets.MAC_CODESIGN_CERT }} + # p12-password: ${{ secrets.MAC_NOTARIZATION_PASSWORD }} - name: Codesign Binary run: 'codesign -s "${{ env.MAC_CODESIGN_IDENTITY }}" -v --force --deep --timestamp --entitlements ./payloads/entitlements.plist -o runtime "dist/OpenCore-Patcher.app"' From c9304bdbba4e6dd96bd77b3fd889dcf9f7c1791f Mon Sep 17 00:00:00 2001 From: Mykola Grymalyuk Date: Sat, 22 Apr 2023 17:05:04 -0600 Subject: [PATCH 6/8] CI: Add Team ID argument --- .github/workflows/build-app-wxpython.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/.github/workflows/build-app-wxpython.yml b/.github/workflows/build-app-wxpython.yml index 2b7b03463..cd0c4c9e2 100644 --- a/.github/workflows/build-app-wxpython.yml +++ b/.github/workflows/build-app-wxpython.yml @@ -20,6 +20,7 @@ jobs: MAC_CODESIGN_CERT: ${{ secrets.MAC_CODESIGN_CERT }} MAC_NOTARIZATION_USERNAME: ${{ secrets.MAC_NOTARIZATION_USERNAME }} MAC_NOTARIZATION_PASSWORD: ${{ secrets.MAC_NOTARIZATION_PASSWORD }} + MAC_NOTARIZATION_TEAM_ID: ${{ secrets.MAC_NOTARIZATION_TEAM_ID }} ANALYTICS_KEY: ${{ secrets.ANALYTICS_KEY }} ANALYTICS_SITE: ${{ secrets.ANALYTICS_SITE }} @@ -43,7 +44,7 @@ jobs: run: cd dist; ditto -c -k --sequesterRsrc --keepParent OpenCore-Patcher.app ../OpenCore-Patcher-wxPython.app.zip - name: Notarize Binary - run: xcrun notarytool submit --apple-id "${{ env.MAC_NOTARIZATION_USERNAME }}" --password "${{ env.MAC_NOTARIZATION_PASSWORD }}" --file OpenCore-Patcher-wxPython.app.zip + run: xcrun notarytool submit OpenCore-Patcher-wxPython.app.zip --apple-id "${{ env.MAC_NOTARIZATION_USERNAME }}" --password "${{ env.MAC_NOTARIZATION_PASSWORD }}" --team-id "${{ env.MAC_NOTARIZATION_TEAM_ID }}" --wait - name: Generate support package run: packagesbuild ./payloads/InstallPackage/AutoPkg-Assets-Setup.pkgproj From f2cddcae7c5db08ff1dae15c88aba5e1827f27a2 Mon Sep 17 00:00:00 2001 From: Mykola Grymalyuk Date: Sat, 22 Apr 2023 17:40:24 -0600 Subject: [PATCH 7/8] =?UTF-8?q?CI:=20Don=E2=80=99t=20hold=20for=20submissi?= =?UTF-8?q?on=20status?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .github/workflows/build-app-wxpython.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/build-app-wxpython.yml b/.github/workflows/build-app-wxpython.yml index cd0c4c9e2..2b9b94fe7 100644 --- a/.github/workflows/build-app-wxpython.yml +++ b/.github/workflows/build-app-wxpython.yml @@ -44,7 +44,7 @@ jobs: run: cd dist; ditto -c -k --sequesterRsrc --keepParent OpenCore-Patcher.app ../OpenCore-Patcher-wxPython.app.zip - name: Notarize Binary - run: xcrun notarytool submit OpenCore-Patcher-wxPython.app.zip --apple-id "${{ env.MAC_NOTARIZATION_USERNAME }}" --password "${{ env.MAC_NOTARIZATION_PASSWORD }}" --team-id "${{ env.MAC_NOTARIZATION_TEAM_ID }}" --wait + run: xcrun notarytool submit OpenCore-Patcher-wxPython.app.zip --apple-id "${{ env.MAC_NOTARIZATION_USERNAME }}" --password "${{ env.MAC_NOTARIZATION_PASSWORD }}" --team-id "${{ env.MAC_NOTARIZATION_TEAM_ID }}" - name: Generate support package run: packagesbuild ./payloads/InstallPackage/AutoPkg-Assets-Setup.pkgproj From d7b8f912234c650695e5203999d08f687b6e7411 Mon Sep 17 00:00:00 2001 From: Mykola Grymalyuk Date: Tue, 25 Apr 2023 15:31:19 -0600 Subject: [PATCH 8/8] CI: Switch to upgraded server --- .github/workflows/build-app-wxpython.yml | 2 +- .github/workflows/validate.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/build-app-wxpython.yml b/.github/workflows/build-app-wxpython.yml index 2b9b94fe7..858a32e61 100644 --- a/.github/workflows/build-app-wxpython.yml +++ b/.github/workflows/build-app-wxpython.yml @@ -9,7 +9,7 @@ on: jobs: build: name: Build wxPython - runs-on: x86_64_test_monterey + runs-on: x86_64_monterey if: github.repository_owner == 'dortania' env: diff --git a/.github/workflows/validate.yml b/.github/workflows/validate.yml index 8b57e3240..a02bcc59f 100644 --- a/.github/workflows/validate.yml +++ b/.github/workflows/validate.yml @@ -9,7 +9,7 @@ on: jobs: build: name: Validate - runs-on: x86_64_test_monterey + runs-on: x86_64_monterey if: github.repository_owner == 'dortania' env: branch: ${{ github.ref }}