From 78ceb604f9d10a75562e0c8fc735601c31e5d347 Mon Sep 17 00:00:00 2001 From: Armin Schrenk Date: Wed, 27 Nov 2024 16:47:42 +0100 Subject: [PATCH] only use macos intel runner on releases --- .github/workflows/mac-dmg-x64.yml | 264 ++++++++++++++++++++++++++++++ .github/workflows/mac-dmg.yml | 8 +- 2 files changed, 265 insertions(+), 7 deletions(-) create mode 100644 .github/workflows/mac-dmg-x64.yml diff --git a/.github/workflows/mac-dmg-x64.yml b/.github/workflows/mac-dmg-x64.yml new file mode 100644 index 000000000..c90b721db --- /dev/null +++ b/.github/workflows/mac-dmg-x64.yml @@ -0,0 +1,264 @@ +name: Build macOS .dmg for x64 + +####################################### +# STOP! DO NOT EDIT THIS FILE! +# +# It is a copy of mac-dmg.yml with tiny adjustements (mainly lines 42 to 47) +# It was made necessary, since Github does not offer free macos intel runners for macos 15 and above. +# This workflow can only be triggered by a release. +# +####################################### + +on: + release: + types: [published] + +env: + JAVA_DIST: 'zulu' + JAVA_VERSION: '22.0.2+9' + +jobs: + get-version: + uses: ./.github/workflows/get-version.yml + with: + version: ${{ inputs.version }} + + build-arm: + name: Build Cryptomator.app for ${{ matrix.output-suffix }} + runs-on: ${{ matrix.os }} + needs: [get-version] + strategy: + fail-fast: false + matrix: + include: + - os: macos-15-large + architecture: x64 + output-suffix: x64 + fuse-lib: macFUSE + openjfx-url: 'https://download2.gluonhq.com/openjfx/22.0.2/openjfx-22.0.2_osx-x64_bin-jmods.zip' + openjfx-sha: '115cb08bb59d880cfff6e51e0bf0dcc45785ed9d456b8b8425597b04da6ab3d4' + steps: + - uses: actions/checkout@v4 + - name: Setup Java + uses: actions/setup-java@v4 + with: + distribution: ${{ env.JAVA_DIST }} + java-version: ${{ env.JAVA_VERSION }} + architecture: ${{ matrix.architecture }} + check-latest: true + cache: 'maven' + - name: Download OpenJFX jmods + id: download-jmods + run: | + curl -L ${{ matrix.openjfx-url }} -o openjfx-jmods.zip + echo "${{ matrix.openjfx-sha }} *openjfx-jmods.zip" | shasum -a256 --check + mkdir -p openjfx-jmods/ + unzip -jo openjfx-jmods.zip \*/javafx.base.jmod \*/javafx.controls.jmod \*/javafx.fxml.jmod \*/javafx.graphics.jmod -d openjfx-jmods + - name: Ensure major jfx version in pom and in jmods is the same + run: | + JMOD_VERSION=$(jmod describe openjfx-jmods/javafx.base.jmod | head -1) + JMOD_VERSION=${JMOD_VERSION#*@} + JMOD_VERSION=${JMOD_VERSION%%.*} + POM_JFX_VERSION=$(mvn help:evaluate "-Dexpression=javafx.version" -q -DforceStdout) + POM_JFX_VERSION=${POM_JFX_VERSION#*@} + POM_JFX_VERSION=${POM_JFX_VERSION%%.*} + + if [ "${POM_JFX_VERSION}" -ne "${JMOD_VERSION}" ]; then + >&2 echo "Major JavaFX version in pom.xml (${POM_JFX_VERSION}) != jmod version (${JMOD_VERSION})" + exit 1 + fi + - name: Set version + run : mvn versions:set -DnewVersion=${{ needs.get-version.outputs.semVerStr }} + - name: Run maven + run: mvn -B -Djavafx.platform=mac clean package -Pmac -DskipTests + - name: Patch target dir + run: | + cp LICENSE.txt target + cp target/cryptomator-*.jar target/mods + - name: Run jlink + #Remark: no compression is applied for improved build compression later (here dmg) + run: > + ${JAVA_HOME}/bin/jlink + --verbose + --output runtime + --module-path "${JAVA_HOME}/jmods:openjfx-jmods" + --add-modules java.base,java.desktop,java.instrument,java.logging,java.naming,java.net.http,java.scripting,java.sql,java.xml,javafx.base,javafx.graphics,javafx.controls,javafx.fxml,jdk.unsupported,jdk.accessibility,jdk.management.jfr,java.compiler + --strip-native-commands + --no-header-files + --no-man-pages + --strip-debug + --compress zip-0 + - name: Run jpackage + run: > + ${JAVA_HOME}/bin/jpackage + --verbose + --type app-image + --runtime-image runtime + --input target/libs + --module-path target/mods + --module org.cryptomator.desktop/org.cryptomator.launcher.Cryptomator + --dest appdir + --name Cryptomator + --vendor "Skymatic GmbH" + --copyright "(C) 2016 - 2024 Skymatic GmbH" + --app-version "${{ needs.get-version.outputs.semVerNum }}" + --java-options "--enable-preview" + --java-options "--enable-native-access=org.cryptomator.jfuse.mac" + --java-options "-Xss5m" + --java-options "-Xmx256m" + --java-options "-Dfile.encoding=\"utf-8\"" + --java-options "-Djava.net.useSystemProxies=true" + --java-options "-Dapple.awt.enableTemplateImages=true" + --java-options "-Dsun.java2d.metal=true" + --java-options "-Dcryptomator.appVersion=\"${{ needs.get-version.outputs.semVerStr }}\"" + --java-options "-Dcryptomator.logDir=\"@{userhome}/Library/Logs/Cryptomator\"" + --java-options "-Dcryptomator.pluginDir=\"@{userhome}/Library/Application Support/Cryptomator/Plugins\"" + --java-options "-Dcryptomator.settingsPath=\"@{userhome}/Library/Application Support/Cryptomator/settings.json\"" + --java-options "-Dcryptomator.p12Path=\"@{userhome}/Library/Application Support/Cryptomator/key.p12\"" + --java-options "-Dcryptomator.ipcSocketPath=\"@{userhome}/Library/Application Support/Cryptomator/ipc.socket\"" + --java-options "-Dcryptomator.integrationsMac.keychainServiceName=\"Cryptomator\"" + --java-options "-Dcryptomator.mountPointsDir=\"@{userhome}/Library/Application Support/Cryptomator/mnt\"" + --java-options "-Dcryptomator.showTrayIcon=true" + --java-options "-Dcryptomator.buildNumber=\"dmg-${{ needs.get-version.outputs.revNum }}\"" + --mac-package-identifier org.cryptomator + --resource-dir dist/mac/resources + - name: Patch Cryptomator.app + run: | + mv appdir/Cryptomator.app Cryptomator.app + mv dist/mac/resources/Cryptomator-Vault.icns Cryptomator.app/Contents/Resources/ + sed -i '' "s|###BUNDLE_SHORT_VERSION_STRING###|${VERSION_NO}|g" Cryptomator.app/Contents/Info.plist + sed -i '' "s|###BUNDLE_VERSION###|${REVISION_NO}|g" Cryptomator.app/Contents/Info.plist + echo -n "$PROVISIONING_PROFILE_BASE64" | base64 --decode --output Cryptomator.app/Contents/embedded.provisionprofile + env: + VERSION_NO: ${{ needs.get-version.outputs.semVerNum }} + REVISION_NO: ${{ needs.get-version.outputs.revNum }} + PROVISIONING_PROFILE_BASE64: ${{ secrets.MACOS_PROVISIONING_PROFILE_BASE64 }} + - name: Generate license for dmg + run: > + mvn -B -Djavafx.platform=mac license:add-third-party + -Dlicense.thirdPartyFilename=license.rtf + -Dlicense.outputDirectory=dist/mac/dmg/resources + -Dlicense.fileTemplate=dist/mac/dmg/resources/licenseTemplate.ftl + -Dlicense.includedScopes=compile + -Dlicense.excludedGroups=^org\.cryptomator + -Dlicense.failOnMissing=true + -Dlicense.licenseMergesUrl=file://${{ github.workspace }}/license/merges + - name: Install codesign certificate + run: | + # create variables + CERTIFICATE_PATH=$RUNNER_TEMP/codesign.p12 + KEYCHAIN_PATH=$RUNNER_TEMP/codesign.keychain-db + + # import certificate and provisioning profile from secrets + echo -n "$CODESIGN_P12_BASE64" | base64 --decode --output $CERTIFICATE_PATH + + # create temporary keychain + security create-keychain -p "$CODESIGN_TMP_KEYCHAIN_PW" $KEYCHAIN_PATH + security set-keychain-settings -lut 900 $KEYCHAIN_PATH + security unlock-keychain -p "$CODESIGN_TMP_KEYCHAIN_PW" $KEYCHAIN_PATH + + # import certificate to keychain + security import $CERTIFICATE_PATH -P "$CODESIGN_P12_PW" -A -t cert -f pkcs12 -k $KEYCHAIN_PATH + security list-keychain -d user -s $KEYCHAIN_PATH + env: + CODESIGN_P12_BASE64: ${{ secrets.MACOS_CODESIGN_P12_BASE64 }} + CODESIGN_P12_PW: ${{ secrets.MACOS_CODESIGN_P12_PW }} + CODESIGN_TMP_KEYCHAIN_PW: ${{ secrets.MACOS_CODESIGN_TMP_KEYCHAIN_PW }} + - name: Codesign + run: | + echo "Codesigning jdk files..." + find Cryptomator.app/Contents/runtime/Contents/Home/lib/ -name '*.dylib' -exec codesign --force -s ${CODESIGN_IDENTITY} {} \; + find Cryptomator.app/Contents/runtime/Contents/Home/lib/ \( -name 'jspawnhelper' -o -name 'pauseengine' -o -name 'simengine' \) -exec codesign --force -o runtime -s ${CODESIGN_IDENTITY} {} \; + echo "Codesigning jar contents..." + find Cryptomator.app/Contents/runtime/Contents/MacOS -name '*.dylib' -exec codesign --force -s ${CODESIGN_IDENTITY} {} \; + for JAR_PATH in `find Cryptomator.app -name "*.jar"`; do + if [[ `unzip -l ${JAR_PATH} | grep '.dylib\|.jnilib'` ]]; then + JAR_FILENAME=$(basename ${JAR_PATH}) + OUTPUT_PATH=${JAR_PATH%.*} + echo "Codesigning libs in ${JAR_FILENAME}..." + unzip -q ${JAR_PATH} -d ${OUTPUT_PATH} + find ${OUTPUT_PATH} -name '*.dylib' -exec codesign --force -s ${CODESIGN_IDENTITY} {} \; + find ${OUTPUT_PATH} -name '*.jnilib' -exec codesign --force -s ${CODESIGN_IDENTITY} {} \; + rm ${JAR_PATH} + pushd ${OUTPUT_PATH} > /dev/null + zip -qr ../${JAR_FILENAME} * + popd > /dev/null + rm -r ${OUTPUT_PATH} + fi + done + echo "Codesigning Cryptomator.app..." + sed -i '' "s|###APP_IDENTIFIER_PREFIX###|${TEAM_IDENTIFIER}.|g" dist/mac/Cryptomator.entitlements + sed -i '' "s|###TEAM_IDENTIFIER###|${TEAM_IDENTIFIER}|g" dist/mac/Cryptomator.entitlements + codesign --force --deep --entitlements dist/mac/Cryptomator.entitlements -o runtime -s ${CODESIGN_IDENTITY} Cryptomator.app + env: + CODESIGN_IDENTITY: ${{ secrets.MACOS_CODESIGN_IDENTITY }} + TEAM_IDENTIFIER: ${{ secrets.MACOS_TEAM_IDENTIFIER }} + - name: Prepare .dmg contents + run: | + mkdir dmg + mv Cryptomator.app dmg + cp dist/mac/dmg/resources/${{ matrix.fuse-lib }}.webloc dmg + ls -l dmg + - name: Install create-dmg + run: | + brew install create-dmg + create-dmg --help + - name: Create .dmg + run: > + create-dmg + --volname Cryptomator + --volicon "dist/mac/dmg/resources/Cryptomator-Volume.icns" + --background "dist/mac/dmg/resources/Cryptomator-${{ matrix.fuse-lib }}-background.tiff" + --window-pos 400 100 + --window-size 640 694 + --icon-size 128 + --icon "Cryptomator.app" 128 245 + --hide-extension "Cryptomator.app" + --icon "${{ matrix.fuse-lib }}.webloc" 320 501 + --hide-extension "${{ matrix.fuse-lib }}.webloc" + --app-drop-link 512 245 + --eula "dist/mac/dmg/resources/license.rtf" + --icon ".background" 128 758 + --icon ".VolumeIcon.icns" 512 758 + Cryptomator-${VERSION_NO}-${{ matrix.output-suffix }}.dmg dmg + env: + VERSION_NO: ${{ needs.get-version.outputs.semVerNum }} + - name: Notarize .dmg + if: startsWith(github.ref, 'refs/tags/') || inputs.notarize + uses: cocoalibs/xcode-notarization-action@v1 + with: + app-path: 'Cryptomator-*.dmg' + apple-id: ${{ secrets.MACOS_NOTARIZATION_APPLE_ID }} + password: ${{ secrets.MACOS_NOTARIZATION_PW }} + team-id: ${{ secrets.MACOS_NOTARIZATION_TEAM_ID }} + xcode-path: '/Applications/Xcode_16.app' + - name: Add possible alpha/beta tags to installer name + run: mv Cryptomator-*.dmg Cryptomator-${{ needs.get-version.outputs.semVerStr }}-${{ matrix.output-suffix }}.dmg + - name: Create detached GPG signature with key 615D449FE6E6A235 + run: | + echo "${GPG_PRIVATE_KEY}" | gpg --batch --quiet --import + echo "${GPG_PASSPHRASE}" | gpg --batch --quiet --passphrase-fd 0 --pinentry-mode loopback -u 615D449FE6E6A235 --detach-sign -a Cryptomator-*.dmg + env: + GPG_PRIVATE_KEY: ${{ secrets.RELEASES_GPG_PRIVATE_KEY }} + GPG_PASSPHRASE: ${{ secrets.RELEASES_GPG_PASSPHRASE }} + - name: Clean up codesign certificate + if: ${{ always() }} + run: security delete-keychain $RUNNER_TEMP/codesign.keychain-db + continue-on-error: true + - name: Upload artifacts + uses: actions/upload-artifact@v4 + with: + name: dmg-${{ matrix.output-suffix }} + path: | + Cryptomator-*.dmg + Cryptomator-*.asc + if-no-files-found: error + - name: Publish dmg on GitHub Releases + if: startsWith(github.ref, 'refs/tags/') && github.event.action == 'published' + uses: softprops/action-gh-release@v2 + with: + fail_on_unmatched_files: true + token: ${{ secrets.CRYPTOBOT_RELEASE_TOKEN }} + files: | + Cryptomator-*.dmg + Cryptomator-*.asc diff --git a/.github/workflows/mac-dmg.yml b/.github/workflows/mac-dmg.yml index 8bb6347bc..6bb463b65 100644 --- a/.github/workflows/mac-dmg.yml +++ b/.github/workflows/mac-dmg.yml @@ -1,4 +1,4 @@ -name: Build macOS .dmg +name: Build macOS .dmg for arm64 on: release: @@ -32,12 +32,6 @@ jobs: fail-fast: false matrix: include: - - os: macos-15-large - architecture: x64 - output-suffix: x64 - fuse-lib: macFUSE - openjfx-url: 'https://download2.gluonhq.com/openjfx/22.0.2/openjfx-22.0.2_osx-x64_bin-jmods.zip' - openjfx-sha: '115cb08bb59d880cfff6e51e0bf0dcc45785ed9d456b8b8425597b04da6ab3d4' - os: macos-15 architecture: aarch64 output-suffix: arm64