Skip to content
MacOS - Build GUI Executable

Fix testing and deployment CI/CD + Remove macOS pipeline #162

Sign in to view logs

Fix testing and deployment CI/CD + Remove macOS pipeline

Fix testing and deployment CI/CD + Remove macOS pipeline #162

Workflow file for this run

.github/workflows/macos-build-gui-executable.yml at 95a6928
name: MacOS - Build GUI Executable
on:
push:
branches: [ master ]
pull_request:
branches: [ master ]
jobs:
build:
runs-on: macos-latest
# https://github.com/actions/virtual-environments/blob/main/images/macos/macos-10.15-Readme.md
# macos-10.15 already has python 3.7.8, no need to install, refer to this version as python3.7
env:
BUILD_CERTIFICATE_BASE64: ${{ secrets.MACOS_BUILD_CERTIFICATE_BASE64 }}
P12_PASSWORD: ${{ secrets.MACOS_BUILD_P12_PASSWORD }}
KEYCHAIN_PASSWORD: this-password-is-temporary-so-you-can-use-anything
CERTIFICATE_PATH: ./certificate.p12
KEYCHAIN_PATH: ./app-signing.keychain-db
steps:
- uses: actions/checkout@v2
- uses: actions/setup-python@v2
with:
python-version: '3.7.8' # this sets python to use the correct version
- name: Install pipenv
run: |
python -m pip install pipenv
- name: Install geos (Shapely Dependency)
run: |
brew install geos
- name: Install dependencies via pipenv
# Sometimes macOS 10.15 pipenv thinks it's already running in a virtual environment
# when it is actually not. PIPENV_IGNORE_VIRTUALENVS=1 forces pipenv to create a new
# virtual environment anyway.
# Shapely has bugs that occurs when it cannot link with the geos package properly.
# Forcing pip to install this with no binary PIP_NO_BINARY="shapely" fixes this problem.
# see https://github.com/ssantichaivekin/empress/issues/172
run: |
export PIPENV_IGNORE_VIRTUALENVS=1
export PIP_NO_BINARY="shapely"
python -m pipenv lock
python -m pipenv install --dev
- name: Create macos app
run: |
pipenv run pyinstaller pyinstaller_spec/empress_gui_app.spec
- name: Import codesign certificate to keychain
# Codesign and notarize app so that we don't have to go to Security and Privacy to
# allow the app to run.
# see https://docs.github.com/en/actions/guides/installing-an-apple-certificate-on-macos-runners-for-xcode-development
# see https://localazy.com/blog/how-to-automatically-sign-macos-apps-using-github-actions
# see https://haim.dev/posts/2020-08-08-python-macos-app/
run: |
echo "import certificate from secrets"
echo -n "$BUILD_CERTIFICATE_BASE64" | base64 --decode --output $CERTIFICATE_PATH
echo "create temporary keychain with 600 seconds timeout"
security create-keychain -p $KEYCHAIN_PASSWORD $KEYCHAIN_PATH
security set-keychain-settings -lut 600 $KEYCHAIN_PATH
security unlock-keychain -p $KEYCHAIN_PASSWORD $KEYCHAIN_PATH
echo "import certificate to keychain"
security import $CERTIFICATE_PATH -P $P12_PASSWORD -A -t cert -f pkcs12 -k $KEYCHAIN_PATH
security list-keychain -d user -s $KEYCHAIN_PATH
- name: Codesign macOS app
run: |
echo "turn off prompts for codesign and xcrun"
security set-key-partition-list -S apple-tool:,apple:,codesign: -s -k $KEYCHAIN_PASSWORD $KEYCHAIN_PATH
echo "sign the application"
codesign -s Developer -v --deep --timestamp --entitlements ./pyinstaller_spec/macos_entitlements.plist -o runtime ./dist/empress.app
- name: Compress macos app
run: |
ditto -c -k --keepParent ./dist/empress.app ./dist/macos_empress_app.zip
- name: Send macOS app to Apple's notarizatation service
env:
APPLE_USERNAME: ${{ secrets.APPLE_USERNAME }}
APPLE_APP_SPECIFIC_PASSWORD: ${{ secrets.APPLE_APP_SPECIFIC_PASSWORD }}
run: |
xcrun altool --notarize-app -t osx -f ./dist/macos_empress_app.zip -u $APPLE_USERNAME -p $APPLE_APP_SPECIFIC_PASSWORD --primary-bundle-id edu.hmc.cs.empress
- name: Upload executable
uses: actions/upload-artifact@v4
with:
name: macos_empress_app
path: ./dist/macos_empress_app.zip