diff --git a/.github/workflows/installers/macos.yml b/.github/workflows/installers/macos.yml new file mode 100644 index 0000000000..c9ac1dd159 --- /dev/null +++ b/.github/workflows/installers/macos.yml @@ -0,0 +1,245 @@ +name: Macos Installer +run-name: ${{ inputs.cura_conan_version }} for Macos-${{ inputs.architecture }} by @${{ github.actor }} + +on: + workflow_dispatch: + inputs: + cura_conan_version: + description: 'Cura Conan Version' + default: 'cura/latest@ultimaker/testing' + required: true + type: string + conan_args: + description: 'Conan args: eq.: --require-override' + default: '' + required: false + type: string + enterprise: + description: 'Build Cura as an Enterprise edition' + default: false + required: true + type: boolean + staging: + description: 'Use staging API' + default: false + required: true + type: boolean + architecture: + description: 'Architecture' + required: true + default: 'X64' + type: choice + options: + - X64 + - ARM64 + workflow_call: + inputs: + cura_conan_version: + description: 'Cura Conan Version' + default: 'cura/latest@ultimaker/testing' + required: true + type: string + conan_args: + description: 'Conan args: eq.: --require-override' + default: '' + required: false + type: string + enterprise: + description: 'Build Cura as an Enterprise edition' + default: false + required: true + type: boolean + staging: + description: 'Use staging API' + default: false + required: true + type: boolean + architecture: + description: 'Architecture' + required: true + default: 'x64' + type: choice + options: + - x64 + - arm64 + +env: + CONAN_LOGIN_USERNAME_CURA: ${{ secrets.CONAN_USER }} + CONAN_PASSWORD_CURA: ${{ secrets.CONAN_PASS }} + CODESIGN_IDENTITY: ${{ secrets.CODESIGN_IDENTITY }} + MAC_NOTARIZE_USER: ${{ secrets.MAC_NOTARIZE_USER }} + MAC_NOTARIZE_PASS: ${{ secrets.MAC_NOTARIZE_PASS }} + MACOS_CERT_P12: ${{ secrets.MACOS_CERT_P12 }} + MACOS_CERT_INSTALLER_P12: ${{ secrets.MACOS_CERT_INSTALLER_P12 }} + MACOS_CERT_USER: ${{ secrets.MACOS_CERT_USER }} + MACOS_CERT_PASSPHRASE: ${{ secrets.MACOS_CERT_PASSPHRASE }} + CURA_CONAN_VERSION: ${{ inputs.cura_conan_version }} + ENTERPRISE: ${{ inputs.enterprise }} + STAGING: ${{ inputs.staging }} + +jobs: + cura-installer-create: + runs-on: [ self-hosted, "${{ inputs.architecture }}" ] + + steps: + - name: Checkout + uses: actions/checkout@v3 + + - name: Setup Python and pip + uses: actions/setup-python@v4 + with: + python-version: '3.10.x' + cache: 'pip' + cache-dependency-path: .github/workflows/requirements-conan-package.txt + + - name: Install Python requirements for runner + run: pip install -r .github/workflows/requirements-conan-package.txt + + - name: Install MacOS system requirements + run: brew install cmake autoconf automake ninja create-dmg + + - name: Create the default Conan profile + run: conan profile new default --detect --force + + - name: Remove Macos keychain (Bash) + run: security delete-keychain signing_temp.keychain || true + + - name: Configure Macos keychain Developer Cert(Bash) + id: macos-keychain-developer-cert + uses: apple-actions/import-codesign-certs@v1 + with: + keychain-password: ${{ secrets.MACOS_KEYCHAIN_PASSWORD }} + p12-file-base64: ${{ secrets.MACOS_CERT_P12 }} + p12-password: ${{ secrets.MACOS_CERT_PASSPHRASE }} + + - name: Configure Macos keychain Installer Cert (Bash) + id: macos-keychain-installer-cert + uses: apple-actions/import-codesign-certs@v1 + with: + keychain-password: ${{ secrets.MACOS_KEYCHAIN_PASSWORD }} + create-keychain: false # keychain is created in previous use of action. + p12-file-base64: ${{ secrets.MACOS_CERT_INSTALLER_P12 }} + p12-password: ${{ secrets.MACOS_CERT_PASSPHRASE }} + + - name: Get Conan configuration + run: conan config install https://github.com/Ultimaker/conan-config.git + + - name: + + - name: Set Environment variables for Cura (bash) + run: | + . ./cura_inst/bin/activate_github_actions_env.sh + . ./cura_inst/bin/activate_github_actions_version_env.sh + + - name: Unlock Macos keychain (Bash) + run: security unlock -p $TEMP_KEYCHAIN_PASSWORD signing_temp.keychain + env: + TEMP_KEYCHAIN_PASSWORD: ${{ steps.macos-keychain-developer-cert.outputs.keychain-password }} + + # FIXME: This is a workaround to ensure that we use and pack a shared library for OpenSSL 1.1.1l. We currently compile + # OpenSSL statically for CPython, but our Python Dependenies (such as PyQt6) require a shared library. + # Because Conan won't allow for building the same library with two different options (easily) we need to install it explicitly + # and do a manual copy to the VirtualEnv, such that Pyinstaller can find it. + - name: Install OpenSSL shared + run: conan install openssl/1.1.1l@_/_ --build=missing --update -o openssl:shared=True -g deploy + + - name: Copy OpenSSL shared (Bash) + run: | + cp ./openssl/lib/*.so* ./cura_inst/bin/ || true + cp ./openssl/lib/*.dylib* ./cura_inst/bin/ || true + + - name: Create the Cura dist + run: pyinstaller ./cura_inst/UltiMaker-Cura.spec + + - name: Output the name file name and extension + id: filename + shell: python + run: | + import os + enterprise = "-Enterprise" if "${{ inputs.enterprise }}" == "true" else "" + installer_filename = f"UltiMaker-Cura-{os.getenv('CURA_VERSION_FULL')}{enterprise}-macos-${{ inputs.arch }}" + output_env = os.environ["GITHUB_OUTPUT"] + content = "" + if os.path.exists(output_env): + with open(output_env, "r") as f: + content = f.read() + with open(output_env, "w") as f: + f.write(content) + f.writelines(f"INSTALLER_FILENAME={installer_filename}\n") + + - name: Summarize the used Conan dependencies + shell: python + run: | + import os + import json + from pathlib import Path + + conan_install_info_path = Path("cura_inst/conan_install_info.json") + conan_info = {"installed": []} + if os.path.exists(conan_install_info_path): + with open(conan_install_info_path, "r") as f: + conan_info = json.load(f) + sorted_deps = sorted([dep["recipe"]["id"].replace('#', r' rev: ') for dep in conan_info["installed"]]) + + summary_env = os.environ["GITHUB_STEP_SUMMARY"] + content = "" + if os.path.exists(summary_env): + with open(summary_env, "r") as f: + content = f.read() + + with open(summary_env, "w") as f: + f.write(content) + f.writelines("# ${{ steps.filename.outputs.INSTALLER_FILENAME }}\n") + f.writelines("## Conan packages:\n") + for dep in sorted_deps: + f.writelines(f"`{dep}`\n") + + - name: Summarize the used Python modules + shell: python + run: | + import os + import pkg_resources + summary_env = os.environ["GITHUB_STEP_SUMMARY"] + content = "" + if os.path.exists(summary_env): + with open(summary_env, "r") as f: + content = f.read() + + with open(summary_env, "w") as f: + f.write(content) + f.writelines("## Python modules:\n") + for package in pkg_resources.working_set: + f.writelines(f"`{package.key}/{package.version}`\n") + + - name: Create the Macos dmg and pkg (Bash) + run: python ../cura_inst/packaging/MacOS/build_macos.py --source_path ../cura_inst --dist_path . --cura_conan_version $CURA_CONAN_VERSION --filename "${{ steps.filename.outputs.INSTALLER_FILENAME }}" --build_pkg --build_dmg --app_name "$CURA_APP_NAME" + working-directory: dist + + - name: Upload the pkg + uses: actions/upload-artifact@v3 + with: + name: ${{ steps.filename.outputs.INSTALLER_FILENAME }}-pkg + path: | + dist/${{ steps.filename.outputs.INSTALLER_FILENAME }}.pkg + retention-days: 5 + + - name: Upload the dmg + uses: actions/upload-artifact@v3 + with: + name: ${{ steps.filename.outputs.INSTALLER_FILENAME }}-dmg + path: | + dist/${{ steps.filename.outputs.INSTALLER_FILENAME }}.dmg + retention-days: 5 + + notify-export: + if: ${{ always() }} + needs: [ cura-installer-create ] + + uses: ultimaker/cura/.github/workflows/notify.yml@main + with: + success: ${{ contains(join(needs.*.result, ','), 'success') }} + success_title: "Create the Cura distributions" + success_body: "Installers for ${{ inputs.cura_conan_version }}" + failure_title: "Failed to create the Cura distributions" + failure_body: "Failed to create at least 1 installer for ${{ inputs.cura_conan_version }}" + secrets: inherit