CI-CONNECT-RELEASE #368
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# On release creation: | |
# - Build and release connect for all platforms | |
name: CI-CONNECT-RELEASE | |
on: | |
release: | |
types: [created] | |
jobs: | |
# This job checks the tag pattern and decides whether to proceed or halt the workflow | |
check-tag: | |
runs-on: ubuntu-latest | |
steps: | |
- name: Check tag pattern | |
run: | | |
TAG_NAME=$(echo ${{ github.ref }} | sed 's|refs/tags/||') | |
echo "TAG_NAME=${TAG_NAME}" | |
# Check if the tag name starts with "connect/" | |
if [[ "${TAG_NAME}" != connect/* ]]; then | |
echo "Not supported by this CI" | |
exit 1 | |
fi | |
# Set the environment variables for the rest of release workflow | |
set-variables: | |
needs: check-tag | |
runs-on: ubuntu-latest | |
outputs: | |
folder: ${{ env.FOLDER }} | |
package: ${{ env.PACKAGE }} | |
package_version: ${{ env.PACKAGE_VERSION }} | |
tag: ${{ env.TAG }} | |
steps: | |
- uses: actions/checkout@v3 | |
- name: set environments on full release | |
shell: bash | |
run: | | |
echo "PACKAGE=$(echo ${{ github.ref }} | cut -d/ -f 3-3)" >> $GITHUB_ENV | |
echo "PACKAGE_VERSION=$(echo ${{ github.ref }} | cut -d/ -f 4-4)" >> $GITHUB_ENV | |
echo "TAG=$(echo ${{ github.ref }} | cut -d/ -f 3-4)" >> $GITHUB_ENV | |
- name: set apps folder | |
if: ${{ env.PACKAGE == 'connect' }} | |
shell: bash | |
run: | | |
echo "FOLDER=apps/${{ env.PACKAGE }}" >> $GITHUB_ENV | |
- name: debug | |
shell: bash | |
run: | | |
echo 'FOLDER: ${{ env.FOLDER }}' | |
echo 'PACKAGE: ${{ env.PACKAGE }}' | |
echo 'PACKAGE_VERSION: ${{ env.PACKAGE_VERSION }}' | |
echo 'TAG: ${{ env.TAG }}' | |
connect-build: | |
name: Build Connect | |
needs: set-variables | |
runs-on: macos-12 # Temporary setting macos-12 as OS instead of UBUNTU because python 6.6 onward has problems building resources on linux. (6.5 works but increases connect file size to double) | |
outputs: | |
connect_version: ${{ steps.get_version.outputs.connect_version }} | |
steps: | |
- uses: actions/checkout@v3 | |
- uses: actions/setup-python@v5 | |
with: | |
python-version: '3.10' | |
- name: install poetry | |
shell: bash | |
run: | | |
pip install poetry==1.5.1 | |
- name: Build Qt resources | |
shell: bash | |
run: | | |
pip install --no-cache-dir -r tools/requirements-connect.txt | |
python tools/build.py --style_path resource --output_path source/ftrack_connect/ui/resource.py --pyside_version 6 build_qt_resources apps/connect | |
- name: poetry build and export dependencies | |
shell: bash | |
run: | | |
cd ${{ needs.set-variables.outputs.folder }} | |
poetry build | |
- name: Get Connect version | |
id: get_version # This ID is used to reference the output of the step | |
shell: bash | |
run: | | |
cd ${{ needs.set-variables.outputs.folder }} | |
CONNECT_VERSION=$(poetry version -s) | |
echo "Connect version: $CONNECT_VERSION" | |
echo "connect_version=$CONNECT_VERSION" >> $GITHUB_OUTPUT | |
- name: Prepare upload Connect wheel to GitHub Release | |
uses: actions/upload-artifact@v4 | |
with: | |
name: ftrack-connect-whl | |
path: ${{ needs.set-variables.outputs.folder }}/dist/ftrack_connect-${{ steps.get_version.outputs.connect_version }}-py3-none-any.whl | |
- name: Upload Connect wheel to GitHub Release | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
shell: bash | |
run: | | |
echo "Uploading ftrack_connect-${{ needs.connect-build.outputs.connect_version }}-py3-none-any.whl" | |
gh release upload ${{ needs.set-variables.outputs.tag }} ${{ needs.set-variables.outputs.folder }}/dist/ftrack_connect-${{ steps.get_version.outputs.connect_version }}-py3-none-any.whl --clobber | |
installer-windows: | |
name: Build Connect Installer on Windows | |
needs: [ set-variables, connect-build ] | |
runs-on: windows-latest | |
env: | |
CODESIGN: 'True' # Set this to 'True' or 'False' as needed | |
steps: | |
- uses: actions/checkout@v3 | |
- uses: actions/setup-python@v5 | |
with: | |
python-version: '3.10' | |
- name: install poetry | |
shell: bash | |
run: | | |
pip install poetry==1.5.1 | |
- name: Build Qt resources | |
shell: bash | |
run: | | |
pip install -r tools/requirements-connect.txt | |
python tools/build.py --style_path resource --output_path source/ftrack_connect/ui/resource.py --pyside_version 6 build_qt_resources apps/connect | |
- uses: google-github-actions/auth@v2 | |
if: env.CODESIGN == 'True' | |
with: | |
credentials_json: ${{ secrets.GOOGLE_CREDENTIALS }} | |
- uses: google-github-actions/setup-gcloud@v2 | |
- name: Setup Java JDK | |
uses: actions/setup-java@v4 | |
with: | |
java-version: '21' | |
distribution: 'oracle' | |
- name: Install Inno Setup, needed to create the installer | |
run: | | |
choco install innosetup | |
- name: poetry build installer | |
shell: bash | |
run: | | |
cd ${{ needs.set-variables.outputs.folder }} | |
poetry install --with installer --sync | |
poetry run ftrack-connect-installer --codesign ${CODESIGN} | |
- name: Upload EXE installer to GitHub Release | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
shell: bash | |
run: | | |
echo "Listing contents of apps/connect/dist:" | |
ls -l apps/connect/dist | |
echo "Listing contents of apps/connect/build:" | |
ls -l apps/connect/build | |
cd apps/connect/dist | |
version="${{ needs.set-variables.outputs.package_version }}" | |
clean_package_version="${version#v}" # Remove leading 'v' from version | |
echo "Uploading ftrack_connect-${clean_package_version}-win64.exe" | |
gh release upload ${{ needs.set-variables.outputs.tag }} "ftrack_connect-${clean_package_version}-win64.exe" --clobber | |
installer-macos: | |
name: Build Connect Installer on MacOs | |
needs: [ set-variables, connect-build ] | |
runs-on: macos-12 | |
env: | |
CODESIGN: 'True' # A not codesigned dmg will always show damaged app. Please build locally if don't want to codesign and generate a ZIP instead of a dmg. | |
steps: | |
- uses: actions/checkout@v3 | |
- uses: actions/setup-python@v5 | |
with: | |
python-version: '3.10' | |
- name: Install npm dependencies | |
run: npm install -g appdmg | |
- name: Set CPPFLAGS LDFLAGS | |
shell: bash | |
run: | | |
export CPPFLAGS=-I/usr/local/opt/openssl/include | |
export LDFLAGS=-L/usr/local/opt/openssl/lib | |
- name: Checkout code | |
uses: actions/checkout@v2 | |
- name: install poetry | |
shell: bash | |
run: | | |
pip install poetry==1.5.1 | |
- name: Build Qt resources | |
shell: bash | |
run: | | |
pip install -r tools/requirements-connect.txt | |
python tools/build.py --style_path resource --output_path source/ftrack_connect/ui/resource.py --pyside_version 6 build_qt_resources apps/connect | |
- name: Codesign app bundle | |
if: env.CODESIGN == 'True' | |
# Guidance pick from https://federicoterzi.com/blog/automatic-code-signing-and-notarization-for-macos-apps-using-github-actions/ | |
# Extract the secrets we defined earlier as environment variables | |
env: | |
MACOS_CERTIFICATE: ${{ secrets.PROD_MACOS_CERTIFICATE }} | |
MACOS_CERTIFICATE_PWD: ${{ secrets.PROD_MACOS_CERTIFICATE_PWD }} | |
MACOS_CERTIFICATE_NAME: ${{ secrets.PROD_MACOS_CERTIFICATE_NAME }} | |
MACOS_CI_KEYCHAIN_PWD: ${{ secrets.PROD_MACOS_CI_KEYCHAIN_PWD }} | |
PROD_MACOS_NOTARIZATION_APPLE_ID: ${{ secrets.PROD_MACOS_NOTARIZATION_APPLE_ID }} | |
PROD_MACOS_NOTARIZATION_TEAM_ID: ${{ secrets.PROD_MACOS_NOTARIZATION_TEAM_ID }} | |
PROD_MACOS_NOTARIZATION_PWD: ${{ secrets.PROD_MACOS_NOTARIZATION_PWD }} | |
run: | | |
# Turn our base64-encoded certificate back to a regular .p12 file | |
echo $MACOS_CERTIFICATE | base64 --decode > certificate.p12 | |
# We need to create a new keychain, otherwise using the certificate will prompt | |
# with a UI dialog asking for the certificate password, which we can't | |
# use in a headless CI environment | |
security create-keychain -p "$MACOS_CI_KEYCHAIN_PWD" build.keychain | |
security default-keychain -s build.keychain | |
security unlock-keychain -p "$MACOS_CI_KEYCHAIN_PWD" build.keychain | |
security import certificate.p12 -k build.keychain -P "$MACOS_CERTIFICATE_PWD" -T /usr/bin/codesign | |
security set-key-partition-list -S apple-tool:,apple:,codesign: -s -k "$MACOS_CI_KEYCHAIN_PWD" build.keychain | |
# Verify certificate | |
echo "Verify certificate: " | |
security find-identity -v | |
# Create keychain credentials | |
echo "Create keychain profile to notarize" | |
xcrun notarytool store-credentials "notarytool-profile" --apple-id "$PROD_MACOS_NOTARIZATION_APPLE_ID" --team-id "$PROD_MACOS_NOTARIZATION_TEAM_ID" --password "$PROD_MACOS_NOTARIZATION_PWD" | |
# Build the installer and codesign | |
cd ${{ needs.set-variables.outputs.folder }} | |
poetry install --with installer --sync | |
poetry run ftrack-connect-installer --codesign ${CODESIGN} | |
- name: Upload Connect DMG to GitHub Release | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
shell: bash | |
run: | | |
echo "Listing contents of apps/connect/dist:" | |
ls -l apps/connect/dist | |
echo "Listing contents of apps/connect/build:" | |
ls -l apps/connect/build | |
cd apps/connect/dist | |
version="${{ needs.set-variables.outputs.package_version }}" | |
clean_package_version="${version#v}" # Remove leading 'v' from version | |
echo "Uploading ftrack_connect-${clean_package_version}.dmg" | |
gh release upload ${{ needs.set-variables.outputs.tag }} "ftrack_connect-${clean_package_version}-macOS.dmg" --clobber | |
installer-rocky: | |
name: Build Connect Installer on Rocky linux | |
needs: [ set-variables, connect-build ] | |
runs-on: ubuntu-latest | |
strategy: | |
matrix: | |
rocky-version: [ '8', '9' ] | |
container: | |
image: rockylinux/rockylinux:${{ matrix.rocky-version }} | |
steps: | |
- uses: actions/checkout@v3 | |
- name: Install dependencies and pyenv | |
run: | | |
dnf install -y epel-release | |
dnf -y update | |
dnf groupinstall -y "Development Tools" | |
dnf install -y libxcb xcb-util-cursor gcc zlib-devel bzip2 bzip2-devel readline-devel sqlite sqlite-devel openssl-devel tk-devel libffi-devel xz-devel git findutils patch wget tar make libuuid-devel mesa-libGL | |
curl https://pyenv.run | bash | |
echo 'export PATH="$HOME/.pyenv/bin:$PATH"' >> ~/.bashrc | |
echo 'eval "$(pyenv init --path)"' >> ~/.bashrc | |
echo 'eval "$(pyenv virtualenv-init -)"' >> ~/.bashrc | |
source ~/.bashrc | |
- name: Install GitHub CLI | |
run: | | |
dnf install -y dnf-plugins-core | |
dnf config-manager --add-repo https://cli.github.com/packages/rpm/gh-cli.repo | |
dnf install -y gh | |
# Configure Git to allow the current directory | |
git config --global --add safe.directory /__w/integrations/integrations | |
- name: Install Python 3.10 using pyenv | |
run: | | |
source ~/.bashrc | |
pyenv install 3.10 | |
pyenv global 3.10 | |
- name: Verify Python version | |
run: | | |
source ~/.bashrc | |
pyenv versions | |
python --version | |
pyenv exec python -m pip install --upgrade pip | |
- name: Install patchelf using pip | |
run: | | |
source ~/.bashrc | |
pyenv exec pip install patchelf | |
- name: Checkout code | |
uses: actions/checkout@v2 | |
- name: install poetry | |
shell: bash | |
run: | | |
source ~/.bashrc | |
pyenv exec pip install poetry==1.5.1 | |
- name: Build Qt resources | |
shell: bash | |
run: | | |
source ~/.bashrc | |
pyenv exec pip install -r tools/requirements-connect.txt | |
pyenv exec python tools/build.py --style_path resource --output_path source/ftrack_connect/ui/resource.py --pyside_version 6 build_qt_resources apps/connect | |
- name: poetry build installer | |
shell: bash | |
run: | | |
source ~/.bashrc | |
cd ${{ needs.set-variables.outputs.folder }} | |
pyenv exec poetry install --with installer --sync | |
pyenv exec poetry run ftrack-connect-installer --codesign ${CODESIGN} | |
- name: Upload Connect tar.gz and md5 to GitHub Release | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
shell: bash | |
run: | | |
source ~/.bashrc | |
echo "Listing contents of apps/connect/dist:" | |
ls -l apps/connect/dist | |
echo "Listing contents of apps/connect/build:" | |
ls -l apps/connect/build | |
cd apps/connect/dist | |
version="${{ needs.set-variables.outputs.package_version }}" | |
clean_package_version="${version#v}" # Remove leading 'v' from version | |
echo "Uploading ftrack_connect-${clean_package_version}-R${{ matrix.rocky-version }}.tar.gz" | |
gh release upload ${{ needs.set-variables.outputs.tag }} "ftrack_connect-${clean_package_version}-R${{ matrix.rocky-version }}.tar.gz" --clobber | |
gh release upload ${{ needs.set-variables.outputs.tag }} "ftrack_connect-${clean_package_version}-R${{ matrix.rocky-version }}.tar.gz.md5" --clobber |