metabrainz · phw · Dec 6, 2024 · Dec 6, 2024 · Dec 6, 2024
diff --git a/.github/workflows/package-macos.yml b/.github/workflows/package-macos.yml
@@ -0,0 +1,99 @@
+name: Package and release
+
+on: [workflow_call]
+
+permissions: {}
+
+jobs:
+  package-macos:
+    runs-on: macos-13
+    strategy:
+      matrix:
+        setup:
+        - macos-deployment-version: 10.12
+          python-version: 3.9.12-macosx10.9
+          python-sha256sum: 7888174c6fe441b00448c7ab3e9cbf0e6c3c7dea0750577baf09e1383fc44656
+          disable-webp: 1
+        - macos-deployment-version: 10.14
+          python-version: 3.11.5-macos11
+          python-sha256sum: c6cd76659bfb364c2ac63bc57f6b10c1e131a20170359c5d65e2d41fdc674a4f
+          disable-webp: 0
+    env:
+      DISCID_VERSION: 0.6.4
+      DISCID_SHA256SUM: 829133dd38acbdaa2b989de59e256c8d139ac34cb4dd4b8fd3c9d55a97c824f3
+      FPCALC_VERSION: 1.5.1
+      FPCALC_SHA256SUM: d4d8faff4b5f7c558d9be053da47804f9501eaa6c2f87906a9f040f38d61c860
+      PYTHON_VERSION: ${{ matrix.setup.python-version }}
+      PYTHON_SHA256SUM: ${{ matrix.setup.python-sha256sum }}
+      MACOSX_DEPLOYMENT_TARGET: ${{ matrix.setup.macos-deployment-version }}
+      CODESIGN: 0
+    steps:
+    - uses: actions/checkout@v4
+      with:
+        fetch-depth: 0  # Fetch entire history, needed for setting the build number
+    - run: git fetch --depth=1 origin +refs/tags/release-*:refs/tags/release-*
+    - name: Setup macOS build environment
+      run: |
+        ./scripts/package/macos-setup.sh
+        PYTHON_BASE_VERSION=$(echo $PYTHON_VERSION | sed -e "s/\.[0-9]\{1,\}$//")
+        echo "/Library/Frameworks/Python.framework/Versions/$PYTHON_BASE_VERSION/bin" >> $GITHUB_PATH
+        echo "/usr/local/opt/gettext/bin" >> $GITHUB_PATH
+        RELEASE_TAG=$(git describe --match "release-*" --abbrev=0 --always HEAD)
+        BUILD_NUMBER=$(git rev-list --count $RELEASE_TAG..HEAD)
+        echo "BUILD_NUMBER=$BUILD_NUMBER" >> $GITHUB_ENV
+        mkdir artifacts
+        python3 -m pip install --upgrade pip setuptools wheel
+    - name: Patch build version
+      if: startsWith(github.ref, 'refs/tags/') != true
+      run: |
+        python3 setup.py patch_version --platform=$BUILD_NUMBER.$(git rev-parse --short HEAD)
+    - name: Compile and install PyInstaller
+      run: |
+        git clone --depth 1 --branch "$PYINSTALLER_VERSION" https://github.com/pyinstaller/pyinstaller.git pyinstaller
+        cd pyinstaller/bootloader
+        python3 ./waf --verbose all
+        cd ..
+        pip3 install .
+      env:
+        PYINSTALLER_VERSION: v5.13.2
+        CFLAGS: -mmacosx-version-min=${{ matrix.setup.macos-deployment-version }}
+        CPPFLAGS: -mmacosx-version-min=${{ matrix.setup.macos-deployment-version }}
+        LDFLAGS: -mmacosx-version-min=${{ matrix.setup.macos-deployment-version }}
+        LINKFLAGS: -mmacosx-version-min=${{ matrix.setup.macos-deployment-version }}
+    - name: Install dependencies
+      run: |
+        pip3 install -r requirements-build.txt
+        pip3 install -r requirements-macos-${MACOSX_DEPLOYMENT_TARGET}.txt
+    - name: Run tests
+      timeout-minutes: 30
+      run: |
+        python3 setup.py test
+    - name: Prepare code signing certificate
+      run: |
+        if [ -n "$CODESIGN_MACOS_P12_URL" ] && [ -n "$AWS_ACCESS_KEY_ID" ]; then
+          pip3 install awscli
+          aws s3 cp "$CODESIGN_MACOS_P12_URL" ./scripts/package/appledev.p12
+        else
+          echo "::warning::No code signing certificate available, skipping code signing."
+        fi
+      env:
+        AWS_DEFAULT_REGION: eu-central-1
+        AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
+        AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
+        CODESIGN_MACOS_P12_URL: ${{ secrets.CODESIGN_MACOS_P12_URL }}
+    - name: Build macOS app
+      run: |
+        ./scripts/package/macos-package-app.sh
+        rm -f ./scripts/package/appledev.p12
+        mv dist/*.dmg artifacts/
+      env:
+        APPLE_ID_USER: ${{ secrets.APPLE_ID_USER }}
+        APPLE_ID_TEAM: ${{ secrets.APPLE_ID_TEAM }}
+        APPLE_ID_PASSWORD: ${{ secrets.APPLE_ID_PASSWORD }}
+        CODESIGN_MACOS_P12_PASSWORD: ${{ secrets.CODESIGN_MACOS_P12_PASSWORD }}
+        DISABLE_WEBP: ${{ matrix.setup.disable-webp }}
+    - name: Archive production artifacts
+      uses: actions/upload-artifact@v4
+      with:
+        name: macos-app-${{ matrix.setup.macos-deployment-version }}
+        path: artifacts/
diff --git a/.github/workflows/package-windows.yml b/.github/workflows/package-windows.yml
@@ -0,0 +1,127 @@
+name: Package and release
+
+on: [workflow_call]
+
+permissions: {}
+
+jobs:
+  package-windows:
+    runs-on: windows-2019
+    strategy:
+      matrix:
+        setup:
+          - type: installer
+          - type: portable
+            build-portable: 1
+          - type: store-app
+            disable-autoupdate: 1
+      fail-fast: false
+    env:
+      CODESIGN: ${{ !!secrets.AZURE_CERT_PROFILE_NAME }}
+    steps:
+    - uses: actions/checkout@v4
+      with:
+        fetch-depth: 0  # Fetch entire history, needed for setting the build number
+    - run: git fetch --depth=1 origin +refs/tags/release-*:refs/tags/release-*
+    - name: Set up Python 3.8
+      uses: actions/setup-python@v5
+      with:
+        python-version: 3.8
+    - name: Setup Windows build environment
+      run: |
+        & .\scripts\package\win-setup.ps1 `
+          -DiscidVersion $Env:DISCID_VERSION -DiscidSha256Sum $Env:DISCID_SHA256SUM `
+          -FpcalcVersion $Env:FPCALC_VERSION -FpcalcSha256Sum $Env:FPCALC_SHA256SUM
+        Add-Content $env:GITHUB_PATH "C:\Program Files (x86)\Windows Kits\10\bin\10.0.18362.0\x64"
+        New-Item -Name .\artifacts -ItemType Directory
+      env:
+        DISCID_VERSION: 0.6.4
+        DISCID_SHA256SUM: 330199495d71f71251e91eb0b4e3103b6c663fea09ffc9fd3e5108d48e0452c8
+        FPCALC_VERSION: 1.5.1
+        FPCALC_SHA256SUM: 36b478e16aa69f757f376645db0d436073a42c0097b6bb2677109e7835b59bbc
+    - name: Install gettext
+      run: |
+        & .\scripts\package\win-setup-gettext.ps1 `
+          -GettextVersion $Env:GETTEXT_VERSION -GettextSha256Sum $Env:GETTEXT_SHA256SUM
+        Add-Content $env:GITHUB_PATH (Join-Path -Path (Resolve-Path .) -ChildPath gettext\bin)
+      env:
+        GETTEXT_VERSION: 0.22.4
+        GETTEXT_SHA256SUM: 220068ac0b9e7aedda03534a3088e584640ac1e639800b3a0baa9410aa6d012a
+    - name: Install dependencies
+      run: |
+        python -m pip install --upgrade pip
+        pip install -r requirements-build.txt
+        pip install -r requirements-win.txt
+    - name: Patch build version
+      if: startsWith(github.ref, 'refs/tags/') != true
+      run: |
+        $ReleaseTag = $(git describe --match "release-*" --abbrev=0 --always HEAD)
+        $BuildNumber = $(git rev-list --count "$ReleaseTag..HEAD")
+        python setup.py patch_version --platform=$Env:BUILD_NUMBER.$(git rev-parse --short HEAD)
+    - name: Run tests
+      timeout-minutes: 30
+      run: python setup.py test
+    - name: Prepare clean build environment
+      run: |
+        Remove-Item -Path build,dist/picard,locale -Recurse -ErrorAction Ignore
+        python setup.py clean
+    - name: Build
+      run: |
+        python setup.py build --build-number=$BuildNumber
+        python setup.py build_ext
+        pyinstaller --noconfirm --clean picard.spec
+        If ($env:PICARD_BUILD_PORTABLE -ne "1") {
+          dist\picard\fpcalc -version
+        }
+      env:
+        PICARD_APPX_PUBLISHER: CN=0A9169B7-05A3-4ED9-8876-830F17846709
+        PICARD_BUILD_PORTABLE: ${{ matrix.setup.build-portable }}
+        PICARD_DISABLE_AUTOUPDATE: ${{ matrix.setup.disable-autoupdate }}
+    - name: Sign picard.exe
+      uses: azure/trusted-signing-action@v0.5.0
+      if: matrix.setup.type != 'portable' && env.CODESIGN == 'true'
+      with:
+        azure-tenant-id: ${{ secrets.AZURE_TENANT_ID }}
+        azure-client-id: ${{ secrets.AZURE_CLIENT_ID }}
+        azure-client-secret: ${{ secrets.AZURE_CLIENT_SECRET }}
+        endpoint: ${{ secrets.AZURE_ENDPOINT }}
+        trusted-signing-account-name: ${{ secrets.AZURE_CODE_SIGNING_NAME }}
+        certificate-profile-name: ${{ secrets.AZURE_CERT_PROFILE_NAME }}
+        files-folder: dist\picard
+        files-folder-filter: exe
+        files-folder-recurse: true
+        timestamp-rfc3161: http://timestamp.acs.microsoft.com
+        timestamp-digest: SHA256
+    - name: Build Windows installer
+      if: matrix.setup.type == 'installer'
+      run: |
+        makensis.exe /INPUTCHARSET UTF8 installer\picard-setup.nsi
+        Move-Item .\installer\*.exe .\artifacts
+    - name: Build Windows portable app
+      if: matrix.setup.type == 'portable'
+      run: |
+        Move-Item .\dist\*.exe .\artifacts
+    - name: Build Windows 10 store app package
+      if: matrix.setup.type == 'store-app'
+      run: |
+        & .\scripts\package\win-package-appx.ps1 dist\picard
+        Move-Item .\dist\*.msix .\artifacts
+    - name: Sign final executable
+      uses: azure/trusted-signing-action@v0.5.0
+      if: matrix.setup.type != 'store-app' && env.CODESIGN == 'true'
+      with:
+        azure-tenant-id: ${{ secrets.AZURE_TENANT_ID }}
+        azure-client-id: ${{ secrets.AZURE_CLIENT_ID }}
+        azure-client-secret: ${{ secrets.AZURE_CLIENT_SECRET }}
+        endpoint: ${{ secrets.AZURE_ENDPOINT }}
+        trusted-signing-account-name: ${{ secrets.AZURE_CODE_SIGNING_NAME }}
+        certificate-profile-name: ${{ secrets.AZURE_CERT_PROFILE_NAME }}
+        files-folder: artifacts
+        files-folder-filter: exe
+        timestamp-rfc3161: http://timestamp.acs.microsoft.com
+        timestamp-digest: SHA256
+    - name: Archive production artifacts
+      uses: actions/upload-artifact@v4
+      with:
+        name: windows-${{ matrix.setup.type }}
+        path: artifacts/