godotengine/godot-cpp-template
1
0
Fork 0
mirror of https://github.com/godotengine/godot-cpp-template.git synced 2026-01-03 05:49:10 +03:00
Code Issues Packages Projects Releases Wiki Activity

Remove .framework folders and code signing for macOS and iOS

Browse Source
This commit is contained in:
unvermuthet
2025-02-19 11:52:20 +01:00
parent db25e65728
commit e4e73a26d7
7 changed files with 6 additions and 387 deletions
Download Patch File Download Diff File Expand all files Collapse all files

179
.github/actions/sign/action.yml vendored
View File

@@ -1,179 +0,0 @@
# This file incorporates work covered by the following copyright and permission notice:
#
# Copyright (c) Mikael Hermansson and Godot Jolt contributors.
# Copyright (c) Dragos Daian.
#
# Permission is hereby granted, free of charge, to any person obtaining a copy of
# this software and associated documentation files (the "Software"), to deal in
# the Software without restriction, including without limitation the rights to
# use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of
# the Software, and to permit persons to whom the Software is furnished to do so,
# subject to the following conditions:
#
# The above copyright notice and this permission notice shall be included in all
# copies or substantial portions of the Software.
#
# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS
# FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR
# COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER
# IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
# CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
name: GDExtension Sign
description: Sign Mac GDExtension
inputs:
FRAMEWORK_PATH:
description: The path of the artifact. Eg. bin/addons/my_addon/bin/libmy_addon.macos.template_release.universal.framework
required: true
SIGN_FLAGS:
description: The extra flags to use. Eg. --deep
required: false
APPLE_CERT_BASE64:
required: true
description: Base64 file from p12 certificate.
APPLE_CERT_PASSWORD:
required: true
description: Password set when creating p12 certificate from .cer certificate.
APPLE_DEV_PASSWORD:
required: true
description: Apple App-Specific Password. Eg. abcd-abcd-abcd-abcd
APPLE_DEV_ID:
required: true
description: Email used for Apple Id. Eg. email@provider.com
APPLE_DEV_TEAM_ID:
required: true
description: Apple Team Id. Eg. 1ABCD23EFG
APPLE_DEV_APP_ID:
required: true
description: |
Certificate name from get info -> Common name . Eg. Developer ID Application: Common Name (1ABCD23EFG)
outputs:
zip_path:
value: ${{ steps.sign.outputs.path }}
runs:
using: composite
steps:
- name: Sign
id: sign
shell: pwsh
run: |
#!/usr/bin/env pwsh
# Copyright (c) Mikael Hermansson and Godot Jolt contributors.
# Permission is hereby granted, free of charge, to any person obtaining a copy of
# this software and associated documentation files (the "Software"), to deal in
# the Software without restriction, including without limitation the rights to
# use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of
# the Software, and to permit persons to whom the Software is furnished to do so,
# subject to the following conditions:
# The above copyright notice and this permission notice shall be included in all
# copies or substantial portions of the Software.
# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS
# FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR
# COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER
# IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
# CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
# Taken from https://github.com/godot-jolt/godot-jolt/blob/master/scripts/ci_sign_macos.ps1
Set-StrictMode -Version Latest
$ErrorActionPreference = "Stop"
$CodesignPath = Get-Command codesign | Resolve-Path
$CertificateBase64 = "${{inputs.APPLE_CERT_BASE64}}"
$CertificatePassword = "${{inputs.APPLE_CERT_PASSWORD}}"
$CertificatePath = [IO.Path]::ChangeExtension((New-TemporaryFile), "p12")
$Keychain = "ephemeral.keychain"
$KeychainPassword = (New-Guid).ToString().Replace("-", "")
$DevId = "${{ inputs.APPLE_DEV_ID }}"
$DevTeamId = "${{ inputs.APPLE_DEV_TEAM_ID }}"
$DevPassword = "${{ inputs.APPLE_DEV_PASSWORD }}"
$DeveloperIdApplication = "${{ inputs.APPLE_DEV_APP_ID }}"
if (!$CertificateBase64) { throw "No certificate provided" }
if (!$CertificatePassword) { throw "No certificate password provided" }
if (!$DevId) { throw "No Apple Developer ID provided" }
if (!$DeveloperIdApplication) { throw "No Apple Developer ID Application provided" }
if (!$DevTeamId) { throw "No Apple Team ID provided" }
if (!$DevPassword) { throw "No Apple Developer password provided" }
Write-Output "Decoding certificate..."
$Certificate = [Convert]::FromBase64String($CertificateBase64)
Write-Output "Writing certificate to disk..."
[IO.File]::WriteAllBytes($CertificatePath, $Certificate)
Write-Output "Creating keychain..."
security create-keychain -p $KeychainPassword $Keychain
Write-Output "Setting keychain as default..."
security default-keychain -s $Keychain
Write-Output "Importing certificate into keychain..."
security import $CertificatePath `
-k ~/Library/Keychains/$Keychain `
-P $CertificatePassword `
-T $CodesignPath
Write-Output "Check identities..."
security find-identity
Write-Output "Granting access to keychain..."
security set-key-partition-list -S "apple-tool:,apple:" -s -k $KeychainPassword $Keychain
$Framework = "${{ inputs.FRAMEWORK_PATH }}"
$SignFlags = "${{ inputs.SIGN_FLAGS }}"
$Archive = [IO.Path]::ChangeExtension((New-TemporaryFile), "zip")
Write-Output "Signing '$Framework'..."
& $CodesignPath --verify --timestamp --verbose "$SignFlags" --sign $DeveloperIdApplication "$Framework"
Write-Output "Verifying signing..."
& $CodesignPath --verify -dvvv "$Framework"
Get-ChildItem -Force -Recurse -Path "$Framework"
Write-Output "Archiving framework to '$Archive'..."
ditto -ck -rsrc --sequesterRsrc --keepParent "$Framework" "$Archive"
Write-Output "Submitting archive for notarization..."
$output = xcrun notarytool submit "$Archive" `
--apple-id $DevId `
--team-id $DevTeamId `
--password $DevPassword `
--wait
echo $output
$matches = $output -match '((\d|[a-z])+-(\d|[a-z])+-(\d|[a-z])+-(\d|[a-z])+-(\d|[a-z])+)'
if ($output) {
$id_res = $matches[0].Substring(6)
}
xcrun notarytool log $id_res `
--apple-id $DevId `
--team-id $DevTeamId `
--password $DevPassword `
developer_log.json
get-content developer_log.json
echo "path=$Archive" >> $env:GITHUB_OUTPUT

16
.github/workflows/builds.yml vendored
View File

@@ -83,22 +83,6 @@ jobs:
scons-cache: ${{ github.workspace }}/.scons-cache/
cache-name: ${{ matrix.target.platform }}_${{ matrix.target.arch }}_${{ matrix.float-precision }}_${{ matrix.target-type }}
# Sign the binary (macOS only)
- name: Mac Sign
# Disable sign if secrets are not set
if: ${{ matrix.target.platform == 'macos' && env.APPLE_CERT_BASE64 }}
env:
APPLE_CERT_BASE64: ${{ secrets.APPLE_CERT_BASE64 }}
uses: ./.github/actions/sign
with:
FRAMEWORK_PATH: bin/macos/macos.framework
APPLE_CERT_BASE64: ${{ secrets.APPLE_CERT_BASE64 }}
APPLE_CERT_PASSWORD: ${{ secrets.APPLE_CERT_PASSWORD }}
APPLE_DEV_PASSWORD: ${{ secrets.APPLE_DEV_PASSWORD }}
APPLE_DEV_ID: ${{ secrets.APPLE_DEV_ID }}
APPLE_DEV_TEAM_ID: ${{ secrets.APPLE_DEV_TEAM_ID }}
APPLE_DEV_APP_ID: ${{ secrets.APPLE_DEV_APP_ID }}
# Clean up compilation files
- name: Windows - Delete compilation files
if: ${{ matrix.target.platform == 'windows' }}