From c7539c92fb04ef7b090603fc798badbba8ae9361 Mon Sep 17 00:00:00 2001 From: Marek Sobolak Date: Fri, 6 Oct 2023 15:48:14 +0200 Subject: [PATCH] DIOS-2498 Fix access token generation --- .github/workflows/main.yml | 822 ++++++++++++++++++------------------- 1 file changed, 411 insertions(+), 411 deletions(-) diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index 921a1ae52..141384cab 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -42,338 +42,338 @@ env: VENDOR: "Millicast" jobs: - # macos_build_x86_64: - # name: 'MacOS-x86_64' - # runs-on: [macos-12] - # env: - # MACOSX_DEPLOYMENT_TARGET_X86_64: '10.15' - # SPARKLE_VERSION: '1.26.0' - # SPARKLE_HASH: '8312cbf7528297a49f1b97692c33cb8d33254c396dc51be394e9484e4b6833a0' - # BLOCKED_FORMULAS: 'speexdsp curl php composer' - # CODESIGN_IDENT: ${{ secrets.CODESIGN_IDENT }} - # TARGET_ARCH: 'x86_64' - # defaults: - # run: - # shell: bash - # steps: - # - name: 'Checkout' - # uses: actions/checkout@v4 - # with: - # submodules: 'recursive' - # fetch-depth: 0 - # - name: 'Generate access token' - # id: accessToken - # uses: dolby-io-internal/gh-access@v0.0.3-macos-linux - # with: - # gh_app_priv_key: ${{ secrets.GH_APP_RELEASECREATOR_PRIV_KEY }} - # gh_app_id: ${{ secrets.GH_APP_ID }} - # gh_app_installation_id: ${{ secrets.GH_APP_INSTALLATION_ID }} - # - name: 'Download libWebRTC' - # uses: ./.github/actions/download_libwebrtc - # with: - # access_token: ${{ steps.accessToken.outputs.token }} - # release_tag: ${{ env.LIBWEBRTC_RELEASE_TAG }} - # asset_pattern: "^libWebRTC-${{ env.LIBWEBRTC_VERSION }}-x64-Release-H264-OpenSSL_1_1_1.*.dmg.*" - # - # - name: 'Setup additional build environment variables' - # id: setup - # run: | - # echo "CACHE_DATE=$(date +"%Y-%m-%d")" >> $GITHUB_ENV - # - # REMOVE_FORMULAS="" - # for FORMULA in ${{ env.BLOCKED_FORMULAS }}; do - # if [ -d "/usr/local/opt/${FORMULA}" ]; then - # REMOVE_FORMULAS="${REMOVE_FORMULAS}${FORMULA} " - # fi - # done - # - # if [ -n "${REMOVE_FORMULAS}" ]; then - # brew uninstall ${REMOVE_FORMULAS} - # fi - # - # echo "commitHash=$(git rev-parse --short=9 HEAD)" >> $GITHUB_OUTPUT - # - # if test -n "$(curl -H "Authorization: Bearer ${{ secrets.GITHUB_TOKEN }}" -s "${{ github.event.pull_request.url }}" | jq -e '.labels[] | select(.name == "Seeking Testers")')"; then - # echo "SEEKING_TESTERS=1" >> $GITHUB_ENV - # else - # echo "SEEKING_TESTERS=0" >> $GITHUB_ENV - # fi - # - # echo "DEPS_BUILD_DIR_=$(dirname ${{ github.workspace }})/obs-build-dependencies_${{ env.TARGET_ARCH }}" >> $GITHUB_ENV - # - # - name: 'Restore Chromium Embedded Framework from cache' - # id: cef-cache - # uses: actions/cache@v3 - # env: - # CACHE_NAME: 'cef-cache' - # with: - # path: ${{ env.DEPS_BUILD_DIR_ }}/cef_binary_${{ env.CEF_BUILD_VERSION_MAC }}_macos_${{ env.TARGET_ARCH}} - # key: ${{ runner.os }}-pr-${{ env.CACHE_NAME }}-${{ env.CEF_BUILD_VERSION_MAC }}-${{ env.TARGET_ARCH }}-${{ env.CACHE_REVISION }} - # - # - name: 'Restore VLC dependency from cache' - # id: vlc-cache - # uses: actions/cache@v3 - # env: - # CACHE_NAME: 'vlc-cache' - # with: - # path: ${{ env.DEPS_BUILD_DIR_ }}/vlc-${{ env.VLC_VERSION_MAC }} - # key: ${{ runner.os }}-pr-${{ env.CACHE_NAME }}-${{ env.VLC_VERSION_MAC }}-${{ env.CACHE_REVISION }} - # - # - name: 'Restore Sparkle dependency from cache' - # id: sparkle-cache - # uses: actions/cache@v3 - # env: - # CACHE_NAME: 'sparkle-cache' - # with: - # path: ${{ env.DEPS_BUILD_DIR_ }}/obs-deps/lib/Sparkle.framework - # key: ${{ runner.os }}-pr-${{ env.CACHE_NAME }}-${{ env.SPARKLE_VERSION }}-${{ env.CACHE_REVISION }} - # - # - name: 'Install dependencies' - # env: - # RESTORED_VLC: ${{ steps.vlc-cache.outputs.cache-hit }} - # RESTORED_SPARKLE: ${{ steps.sparkle-cache.outputs.cache-hit }} - # RESTORED_CEF: ${{ steps.cef-cache.outputs.cache-hit }} - # DEPS_BUILD_DIR: ${{ env.DEPS_BUILD_DIR_ }} - # run: CI/macos/01_install_dependencies.sh --architecture ${{ env.TARGET_ARCH }} - # - # - name: 'Setup plugins' - # run: | - # git stash - # rm -rf ${{ github.workspace }}/plugins/obs-ndi - # rm -rf ${{ github.workspace }}/plugins/obs-browser - # git submodule update --init --recursive - # - # - name: 'Install MacOS cert and create keychain' - # run: | - # echo -n ${MACOS_SIGNING_CERT} | base64 --decode -o ${CERTIFACTE_PATH} - # security create-keychain -p "${KEYCHAIN_PASSWORD}" ${KEYCHAIN_PATH} - # security set-keychain-settings -lut 3600 $KEYCHAIN_PATH - # security unlock-keychain -p "${KEYCHAIN_PASSWORD}" ${KEYCHAIN_PATH} - # security import ${CERTIFACTE_PATH} -P ${MACOS_SIGNING_CERT_PASSWORD} -A -t cert -f pkcs12 -k ${KEYCHAIN_PATH} - # security list-keychain -d user -s ${KEYCHAIN_PATH} - # - # env: - # MACOS_SIGNING_CERT: ${{ secrets.MACOS_SIGNING_CERT }} - # MACOS_SIGNING_CERT_PASSWORD: ${{ secrets.MACOS_SIGNING_CERT_PASSWORD }} - # KEYCHAIN_PASSWORD: ${{ secrets.MACOS_KEYCHAIN_PASSWORD }} - # KEYCHAIN_PATH: ${{ github.workspace }}/app-signing.keychain-db - # CERTIFACTE_PATH: ${{ github.workspace }}/app-signing-cert.p12 - # - # # Geneate OBS without obs-ndi plugin - # - name: 'Build OBS - no NDI' - # run: CI/macos/02_build_obs.sh --codesign --architecture ${{ env.TARGET_ARCH }} --vendor ${{ env.VENDOR }} - # env: - # CODESIGN_IDENT: ${{ secrets.CODESIGN_IDENT }} - # CODESIGN_TEAM_ID: ${{ secrets.CODESIGN_TEAM_ID }} - # CODESIGN_IDENT_USER: ${{ secrets.CODESIGN_IDENT_USER }} - # NOTARIZE_APP_SPECIFIC_PASSWORD: ${{ secrets.NOTARIZE_APP_SPECIFIC_PASSWORD }} - # - # - name: 'Create build artifact' - # run: | - # CI/macos/03_package_obs.sh --codesign --notarize --architecture ${{ env.TARGET_ARCH }} --vendor ${{ env.VENDOR }} - # ARTIFACT_NAME=$(basename $(find build/. -name "obs-webrtc*.dmg")) - # echo "FILE_NAME=${ARTIFACT_NAME}" >> $GITHUB_ENV - # echo "ARTIFACT READY: ${ARTIFACT_NAME}" - # env: - # CODESIGN_IDENT: ${{ secrets.CODESIGN_IDENT }} - # CODESIGN_TEAM_ID: ${{ secrets.CODESIGN_TEAM_ID }} - # CODESIGN_IDENT_USER: ${{ secrets.CODESIGN_IDENT_USER }} - # NOTARIZE_APP_SPECIFIC_PASSWORD: ${{ secrets.NOTARIZE_APP_SPECIFIC_PASSWORD }} - # - # - name: 'Upload build Artifact' - # uses: actions/upload-artifact@v3 - # with: - # name: 'obs-studio-macos-${{ env.TARGET_ARCH }}-${{ steps.setup.outputs.commitHash }}' - # path: '${{ github.workspace }}/build/${{ env.FILE_NAME }}' - # - # # Geneate OBS with obs-ndi plugin - # - name: 'Build OBS - with NDI' - # run: CI/macos/02_build_obs.sh --codesign --architecture ${{ env.TARGET_ARCH }} --ndi - # env: - # CODESIGN_IDENT: ${{ secrets.CODESIGN_IDENT }} - # CODESIGN_TEAM_ID: ${{ secrets.CODESIGN_TEAM_ID }} - # CODESIGN_IDENT_USER: ${{ secrets.CODESIGN_IDENT_USER }} - # NOTARIZE_APP_SPECIFIC_PASSWORD: ${{ secrets.NOTARIZE_APP_SPECIFIC_PASSWORD }} - # - # - name: 'Create build artifact' - # run: | - # CI/macos/03_package_obs.sh --codesign --notarize --architecture ${{ env.TARGET_ARCH }} --ndi - # ARTIFACT_NAME=$(basename $(find build/. -name "obs-webrtc-ndi*.dmg")) - # echo "FILE_NAME=${ARTIFACT_NAME}" >> $GITHUB_ENV - # echo "ARTIFACT READY: ${ARTIFACT_NAME}" - # env: - # CODESIGN_IDENT: ${{ secrets.CODESIGN_IDENT }} - # CODESIGN_TEAM_ID: ${{ secrets.CODESIGN_TEAM_ID }} - # CODESIGN_IDENT_USER: ${{ secrets.CODESIGN_IDENT_USER }} - # NOTARIZE_APP_SPECIFIC_PASSWORD: ${{ secrets.NOTARIZE_APP_SPECIFIC_PASSWORD }} - # - # - name: 'Upload build Artifact' - # uses: actions/upload-artifact@v3 - # with: - # name: 'obs-studio-macos-${{ env.TARGET_ARCH }}-${{ steps.setup.outputs.commitHash }}-ndi' - # path: '${{ github.workspace }}/build/${{ env.FILE_NAME }}' - # - # macos_build_arm64: - # name: 'MacOS-arm64' - # runs-on: ['self-hosted', 'macOS', 'ARM64'] - # env: - # MACOSX_DEPLOYMENT_TARGET_ARM64: '11.0' - # SPARKLE_VERSION: '1.26.0' - # SPARKLE_HASH: '8312cbf7528297a49f1b97692c33cb8d33254c396dc51be394e9484e4b6833a0' - # BLOCKED_FORMULAS: 'speexdsp curl php composer' - # CODESIGN_IDENT: ${{ secrets.CODESIGN_IDENT }} - # TARGET_ARCH: 'arm64' - # defaults: - # run: - # shell: bash - # steps: - # - name: 'Checkout' - # uses: actions/checkout@v4 - # with: - # submodules: 'recursive' - # fetch-depth: 0 - # - name: 'Generate access token' - # id: accessToken - # uses: dolby-io-internal/gh-access@v0.0.3-macos-linux - # with: - # gh_app_priv_key: ${{ secrets.GH_APP_RELEASECREATOR_PRIV_KEY }} - # gh_app_id: ${{ secrets.GH_APP_ID }} - # gh_app_installation_id: ${{ secrets.GH_APP_INSTALLATION_ID }} - # - name: 'Download libWebRTC' - # uses: ./.github/actions/download_libwebrtc - # with: - # access_token: ${{ steps.accessToken.outputs.token }} - # release_tag: ${{ env.LIBWEBRTC_RELEASE_TAG }} - # asset_pattern: "^libWebRTC-${{ env.LIBWEBRTC_VERSION }}-arm64-Release-H264-OpenSSL_1_1_1.*.dmg.*" - # - # - name: 'Setup additional build environment variables' - # id: setup - # run: | - # echo "CACHE_DATE=$(date +"%Y-%m-%d")" >> $GITHUB_ENV - # - # REMOVE_FORMULAS="" - # for FORMULA in ${{ env.BLOCKED_FORMULAS }}; do - # if [ -d "/usr/local/opt/${FORMULA}" ]; then - # REMOVE_FORMULAS="${REMOVE_FORMULAS}${FORMULA} " - # fi - # done - # - # if [ -n "${REMOVE_FORMULAS}" ]; then - # brew uninstall ${REMOVE_FORMULAS} - # fi - # - # echo "commitHash=$(git rev-parse --short=9 HEAD)" >> $GITHUB_OUTPUT - # - # if test -n "$(curl -H "Authorization: Bearer ${{ secrets.GITHUB_TOKEN }}" -s "${{ github.event.pull_request.url }}" | jq -e '.labels[] | select(.name == "Seeking Testers")')"; then - # echo "SEEKING_TESTERS=1" >> $GITHUB_ENV - # else - # echo "SEEKING_TESTERS=0" >> $GITHUB_ENV - # fi - # - # echo "DEPS_BUILD_DIR_=$(dirname ${{ github.workspace }})/obs-build-dependencies_${{ env.TARGET_ARCH }}" >> $GITHUB_ENV - # - # - name: 'Restore Chromium Embedded Framework from cache' - # id: cef-cache - # uses: actions/cache@v3 - # env: - # CACHE_NAME: 'cef-cache' - # with: - # path: ${{ env.DEPS_BUILD_DIR_ }}/cef_binary_${{ env.CEF_BUILD_VERSION_MAC }}_macos_${{ env.TARGET_ARCH}} - # key: ${{ runner.os }}-pr-${{ env.CACHE_NAME }}-${{ env.CEF_BUILD_VERSION_MAC }}-${{ env.TARGET_ARCH }}-${{ env.CACHE_REVISION }} - # - # - name: 'Restore VLC dependency from cache' - # id: vlc-cache - # uses: actions/cache@v3 - # env: - # CACHE_NAME: 'vlc-cache' - # with: - # path: ${{ env.DEPS_BUILD_DIR_ }}/vlc-${{ env.VLC_VERSION_MAC }} - # key: ${{ runner.os }}-pr-${{ env.CACHE_NAME }}-${{ env.VLC_VERSION_MAC }}-${{ env.CACHE_REVISION }} - # - # - name: 'Restore Sparkle dependency from cache' - # id: sparkle-cache - # uses: actions/cache@v3 - # env: - # CACHE_NAME: 'sparkle-cache' - # with: - # path: ${{ env.DEPS_BUILD_DIR_ }}/obs-deps/lib/Sparkle.framework - # key: ${{ runner.os }}-pr-${{ env.CACHE_NAME }}-${{ env.SPARKLE_VERSION }}-${{ env.CACHE_REVISION }} - # - # - name: 'Install dependencies' - # env: - # RESTORED_VLC: ${{ steps.vlc-cache.outputs.cache-hit }} - # RESTORED_SPARKLE: ${{ steps.sparkle-cache.outputs.cache-hit }} - # RESTORED_CEF: ${{ steps.cef-cache.outputs.cache-hit }} - # DEPS_BUILD_DIR: ${{ env.DEPS_BUILD_DIR_ }} - # run: CI/macos/01_install_dependencies.sh --architecture ${{ env.TARGET_ARCH }} - # - # - name: 'Setup plugins' - # run: | - # git stash - # rm -rf ${{ github.workspace }}/plugins/obs-ndi - # rm -rf ${{ github.workspace }}/plugins/obs-browser - # git submodule update --init --recursive - # - # - name: 'Unlock keychain' - # run: | - # security -v unlock-keychain -p ${MACOS_KEYCHAIN_PASSWORD} ${MACOS_KEYCHAIN_PATH} && echo "Keychain is unlocked" || exit 1 - # env: - # MACOS_KEYCHAIN_PASSWORD: ${{ secrets.MACOS_KEYCHAIN_PASSWORD }} - # MACOS_KEYCHAIN_PATH: /Users/dolbyvoice/Library/Keychains/cosmosoftware.keychain-db - # - # # Geneate OBS without obs-ndi plugin - # - name: 'Build OBS - no NDI' - # run: CI/macos/02_build_obs.sh --codesign --architecture ${{ env.TARGET_ARCH }} - # env: - # CODESIGN_IDENT: ${{ secrets.CODESIGN_IDENT }} - # CODESIGN_TEAM_ID: ${{ secrets.CODESIGN_TEAM_ID }} - # CODESIGN_IDENT_USER: ${{ secrets.CODESIGN_IDENT_USER }} - # NOTARIZE_APP_SPECIFIC_PASSWORD: ${{ secrets.NOTARIZE_APP_SPECIFIC_PASSWORD }} - # - # - name: 'Create build artifact' - # run: | - # CI/macos/03_package_obs.sh --codesign --notarize --architecture ${{ env.TARGET_ARCH }} - # ARTIFACT_NAME=$(basename $(find build/. -name "obs-webrtc*.dmg")) - # echo "FILE_NAME=${ARTIFACT_NAME}" >> $GITHUB_ENV - # echo "ARTIFACT READY: ${ARTIFACT_NAME}" - # env: - # CODESIGN_IDENT: ${{ secrets.CODESIGN_IDENT }} - # CODESIGN_TEAM_ID: ${{ secrets.CODESIGN_TEAM_ID }} - # CODESIGN_IDENT_USER: ${{ secrets.CODESIGN_IDENT_USER }} - # NOTARIZE_APP_SPECIFIC_PASSWORD: ${{ secrets.NOTARIZE_APP_SPECIFIC_PASSWORD }} - # - # - name: 'Upload build Artifact' - # uses: actions/upload-artifact@v3 - # with: - # name: 'obs-studio-macos-${{ env.TARGET_ARCH }}-${{ steps.setup.outputs.commitHash }}' - # path: '${{ github.workspace }}/build/${{ env.FILE_NAME }}' - # - # # Geneate OBS with obs-ndi plugin - # - name: 'Build OBS - with NDI' - # run: CI/macos/02_build_obs.sh --codesign --architecture ${{ env.TARGET_ARCH }} --ndi - # env: - # CODESIGN_IDENT: ${{ secrets.CODESIGN_IDENT }} - # CODESIGN_TEAM_ID: ${{ secrets.CODESIGN_TEAM_ID }} - # CODESIGN_IDENT_USER: ${{ secrets.CODESIGN_IDENT_USER }} - # NOTARIZE_APP_SPECIFIC_PASSWORD: ${{ secrets.NOTARIZE_APP_SPECIFIC_PASSWORD }} - # - # - name: 'Create build artifact' - # run: | - # CI/macos/03_package_obs.sh --codesign --notarize --architecture ${{ env.TARGET_ARCH }} --ndi - # ARTIFACT_NAME=$(basename $(find build/. -name "obs-webrtc-ndi*.dmg")) - # echo "FILE_NAME=${ARTIFACT_NAME}" >> $GITHUB_ENV - # echo "ARTIFACT READY: ${ARTIFACT_NAME}" - # env: - # CODESIGN_IDENT: ${{ secrets.CODESIGN_IDENT }} - # CODESIGN_TEAM_ID: ${{ secrets.CODESIGN_TEAM_ID }} - # CODESIGN_IDENT_USER: ${{ secrets.CODESIGN_IDENT_USER }} - # NOTARIZE_APP_SPECIFIC_PASSWORD: ${{ secrets.NOTARIZE_APP_SPECIFIC_PASSWORD }} - # - # - name: 'Upload build Artifact' - # uses: actions/upload-artifact@v3 - # with: - # name: 'obs-studio-macos-${{ env.TARGET_ARCH }}-${{ steps.setup.outputs.commitHash }}-ndi' - # path: '${{ github.workspace }}/build/${{ env.FILE_NAME }}' + macos_build_x86_64: + name: 'MacOS-x86_64' + runs-on: [macos-12] + env: + MACOSX_DEPLOYMENT_TARGET_X86_64: '10.15' + SPARKLE_VERSION: '1.26.0' + SPARKLE_HASH: '8312cbf7528297a49f1b97692c33cb8d33254c396dc51be394e9484e4b6833a0' + BLOCKED_FORMULAS: 'speexdsp curl php composer' + CODESIGN_IDENT: ${{ secrets.CODESIGN_IDENT }} + TARGET_ARCH: 'x86_64' + defaults: + run: + shell: bash + steps: + - name: 'Checkout' + uses: actions/checkout@v4 + with: + submodules: 'recursive' + fetch-depth: 0 + - name: 'Generate access token' + id: accessToken + uses: dolby-io-internal/gh-access@v0.0.3-macos-linux + with: + gh_app_priv_key: ${{ secrets.GH_APP_RELEASECREATOR_PRIV_KEY }} + gh_app_id: ${{ secrets.GH_APP_ID }} + gh_app_installation_id: ${{ secrets.GH_APP_INSTALLATION_ID }} + - name: 'Download libWebRTC' + uses: ./.github/actions/download_libwebrtc + with: + access_token: ${{ steps.accessToken.outputs.token }} + release_tag: ${{ env.LIBWEBRTC_RELEASE_TAG }} + asset_pattern: "^libWebRTC-${{ env.LIBWEBRTC_VERSION }}-x64-Release-H264-OpenSSL_1_1_1.*.dmg.*" + + - name: 'Setup additional build environment variables' + id: setup + run: | + echo "CACHE_DATE=$(date +"%Y-%m-%d")" >> $GITHUB_ENV + + REMOVE_FORMULAS="" + for FORMULA in ${{ env.BLOCKED_FORMULAS }}; do + if [ -d "/usr/local/opt/${FORMULA}" ]; then + REMOVE_FORMULAS="${REMOVE_FORMULAS}${FORMULA} " + fi + done + + if [ -n "${REMOVE_FORMULAS}" ]; then + brew uninstall ${REMOVE_FORMULAS} + fi + + echo "commitHash=$(git rev-parse --short=9 HEAD)" >> $GITHUB_OUTPUT + + if test -n "$(curl -H "Authorization: Bearer ${{ secrets.GITHUB_TOKEN }}" -s "${{ github.event.pull_request.url }}" | jq -e '.labels[] | select(.name == "Seeking Testers")')"; then + echo "SEEKING_TESTERS=1" >> $GITHUB_ENV + else + echo "SEEKING_TESTERS=0" >> $GITHUB_ENV + fi + + echo "DEPS_BUILD_DIR_=$(dirname ${{ github.workspace }})/obs-build-dependencies_${{ env.TARGET_ARCH }}" >> $GITHUB_ENV + + - name: 'Restore Chromium Embedded Framework from cache' + id: cef-cache + uses: actions/cache@v3 + env: + CACHE_NAME: 'cef-cache' + with: + path: ${{ env.DEPS_BUILD_DIR_ }}/cef_binary_${{ env.CEF_BUILD_VERSION_MAC }}_macos_${{ env.TARGET_ARCH}} + key: ${{ runner.os }}-pr-${{ env.CACHE_NAME }}-${{ env.CEF_BUILD_VERSION_MAC }}-${{ env.TARGET_ARCH }}-${{ env.CACHE_REVISION }} + + - name: 'Restore VLC dependency from cache' + id: vlc-cache + uses: actions/cache@v3 + env: + CACHE_NAME: 'vlc-cache' + with: + path: ${{ env.DEPS_BUILD_DIR_ }}/vlc-${{ env.VLC_VERSION_MAC }} + key: ${{ runner.os }}-pr-${{ env.CACHE_NAME }}-${{ env.VLC_VERSION_MAC }}-${{ env.CACHE_REVISION }} + + - name: 'Restore Sparkle dependency from cache' + id: sparkle-cache + uses: actions/cache@v3 + env: + CACHE_NAME: 'sparkle-cache' + with: + path: ${{ env.DEPS_BUILD_DIR_ }}/obs-deps/lib/Sparkle.framework + key: ${{ runner.os }}-pr-${{ env.CACHE_NAME }}-${{ env.SPARKLE_VERSION }}-${{ env.CACHE_REVISION }} + + - name: 'Install dependencies' + env: + RESTORED_VLC: ${{ steps.vlc-cache.outputs.cache-hit }} + RESTORED_SPARKLE: ${{ steps.sparkle-cache.outputs.cache-hit }} + RESTORED_CEF: ${{ steps.cef-cache.outputs.cache-hit }} + DEPS_BUILD_DIR: ${{ env.DEPS_BUILD_DIR_ }} + run: CI/macos/01_install_dependencies.sh --architecture ${{ env.TARGET_ARCH }} + + - name: 'Setup plugins' + run: | + git stash + rm -rf ${{ github.workspace }}/plugins/obs-ndi + rm -rf ${{ github.workspace }}/plugins/obs-browser + git submodule update --init --recursive + + - name: 'Install MacOS cert and create keychain' + run: | + echo -n ${MACOS_SIGNING_CERT} | base64 --decode -o ${CERTIFACTE_PATH} + security create-keychain -p "${KEYCHAIN_PASSWORD}" ${KEYCHAIN_PATH} + security set-keychain-settings -lut 3600 $KEYCHAIN_PATH + security unlock-keychain -p "${KEYCHAIN_PASSWORD}" ${KEYCHAIN_PATH} + security import ${CERTIFACTE_PATH} -P ${MACOS_SIGNING_CERT_PASSWORD} -A -t cert -f pkcs12 -k ${KEYCHAIN_PATH} + security list-keychain -d user -s ${KEYCHAIN_PATH} + + env: + MACOS_SIGNING_CERT: ${{ secrets.MACOS_SIGNING_CERT }} + MACOS_SIGNING_CERT_PASSWORD: ${{ secrets.MACOS_SIGNING_CERT_PASSWORD }} + KEYCHAIN_PASSWORD: ${{ secrets.MACOS_KEYCHAIN_PASSWORD }} + KEYCHAIN_PATH: ${{ github.workspace }}/app-signing.keychain-db + CERTIFACTE_PATH: ${{ github.workspace }}/app-signing-cert.p12 + + # Geneate OBS without obs-ndi plugin + - name: 'Build OBS - no NDI' + run: CI/macos/02_build_obs.sh --codesign --architecture ${{ env.TARGET_ARCH }} --vendor ${{ env.VENDOR }} + env: + CODESIGN_IDENT: ${{ secrets.CODESIGN_IDENT }} + CODESIGN_TEAM_ID: ${{ secrets.CODESIGN_TEAM_ID }} + CODESIGN_IDENT_USER: ${{ secrets.CODESIGN_IDENT_USER }} + NOTARIZE_APP_SPECIFIC_PASSWORD: ${{ secrets.NOTARIZE_APP_SPECIFIC_PASSWORD }} + + - name: 'Create build artifact' + run: | + CI/macos/03_package_obs.sh --codesign --notarize --architecture ${{ env.TARGET_ARCH }} --vendor ${{ env.VENDOR }} + ARTIFACT_NAME=$(basename $(find build/. -name "obs-webrtc*.dmg")) + echo "FILE_NAME=${ARTIFACT_NAME}" >> $GITHUB_ENV + echo "ARTIFACT READY: ${ARTIFACT_NAME}" + env: + CODESIGN_IDENT: ${{ secrets.CODESIGN_IDENT }} + CODESIGN_TEAM_ID: ${{ secrets.CODESIGN_TEAM_ID }} + CODESIGN_IDENT_USER: ${{ secrets.CODESIGN_IDENT_USER }} + NOTARIZE_APP_SPECIFIC_PASSWORD: ${{ secrets.NOTARIZE_APP_SPECIFIC_PASSWORD }} + + - name: 'Upload build Artifact' + uses: actions/upload-artifact@v3 + with: + name: 'obs-studio-macos-${{ env.TARGET_ARCH }}-${{ steps.setup.outputs.commitHash }}' + path: '${{ github.workspace }}/build/${{ env.FILE_NAME }}' + + # Geneate OBS with obs-ndi plugin + - name: 'Build OBS - with NDI' + run: CI/macos/02_build_obs.sh --codesign --architecture ${{ env.TARGET_ARCH }} --ndi + env: + CODESIGN_IDENT: ${{ secrets.CODESIGN_IDENT }} + CODESIGN_TEAM_ID: ${{ secrets.CODESIGN_TEAM_ID }} + CODESIGN_IDENT_USER: ${{ secrets.CODESIGN_IDENT_USER }} + NOTARIZE_APP_SPECIFIC_PASSWORD: ${{ secrets.NOTARIZE_APP_SPECIFIC_PASSWORD }} + + - name: 'Create build artifact' + run: | + CI/macos/03_package_obs.sh --codesign --notarize --architecture ${{ env.TARGET_ARCH }} --ndi + ARTIFACT_NAME=$(basename $(find build/. -name "obs-webrtc-ndi*.dmg")) + echo "FILE_NAME=${ARTIFACT_NAME}" >> $GITHUB_ENV + echo "ARTIFACT READY: ${ARTIFACT_NAME}" + env: + CODESIGN_IDENT: ${{ secrets.CODESIGN_IDENT }} + CODESIGN_TEAM_ID: ${{ secrets.CODESIGN_TEAM_ID }} + CODESIGN_IDENT_USER: ${{ secrets.CODESIGN_IDENT_USER }} + NOTARIZE_APP_SPECIFIC_PASSWORD: ${{ secrets.NOTARIZE_APP_SPECIFIC_PASSWORD }} + + - name: 'Upload build Artifact' + uses: actions/upload-artifact@v3 + with: + name: 'obs-studio-macos-${{ env.TARGET_ARCH }}-${{ steps.setup.outputs.commitHash }}-ndi' + path: '${{ github.workspace }}/build/${{ env.FILE_NAME }}' + + macos_build_arm64: + name: 'MacOS-arm64' + runs-on: ['self-hosted', 'macOS', 'ARM64'] + env: + MACOSX_DEPLOYMENT_TARGET_ARM64: '11.0' + SPARKLE_VERSION: '1.26.0' + SPARKLE_HASH: '8312cbf7528297a49f1b97692c33cb8d33254c396dc51be394e9484e4b6833a0' + BLOCKED_FORMULAS: 'speexdsp curl php composer' + CODESIGN_IDENT: ${{ secrets.CODESIGN_IDENT }} + TARGET_ARCH: 'arm64' + defaults: + run: + shell: bash + steps: + - name: 'Checkout' + uses: actions/checkout@v4 + with: + submodules: 'recursive' + fetch-depth: 0 + - name: 'Generate access token' + id: accessToken + uses: dolby-io-internal/gh-access@v0.0.3-macos-linux + with: + gh_app_priv_key: ${{ secrets.GH_APP_RELEASECREATOR_PRIV_KEY }} + gh_app_id: ${{ secrets.GH_APP_ID }} + gh_app_installation_id: ${{ secrets.GH_APP_INSTALLATION_ID }} + - name: 'Download libWebRTC' + uses: ./.github/actions/download_libwebrtc + with: + access_token: ${{ steps.accessToken.outputs.token }} + release_tag: ${{ env.LIBWEBRTC_RELEASE_TAG }} + asset_pattern: "^libWebRTC-${{ env.LIBWEBRTC_VERSION }}-arm64-Release-H264-OpenSSL_1_1_1.*.dmg.*" + + - name: 'Setup additional build environment variables' + id: setup + run: | + echo "CACHE_DATE=$(date +"%Y-%m-%d")" >> $GITHUB_ENV + + REMOVE_FORMULAS="" + for FORMULA in ${{ env.BLOCKED_FORMULAS }}; do + if [ -d "/usr/local/opt/${FORMULA}" ]; then + REMOVE_FORMULAS="${REMOVE_FORMULAS}${FORMULA} " + fi + done + + if [ -n "${REMOVE_FORMULAS}" ]; then + brew uninstall ${REMOVE_FORMULAS} + fi + + echo "commitHash=$(git rev-parse --short=9 HEAD)" >> $GITHUB_OUTPUT + + if test -n "$(curl -H "Authorization: Bearer ${{ secrets.GITHUB_TOKEN }}" -s "${{ github.event.pull_request.url }}" | jq -e '.labels[] | select(.name == "Seeking Testers")')"; then + echo "SEEKING_TESTERS=1" >> $GITHUB_ENV + else + echo "SEEKING_TESTERS=0" >> $GITHUB_ENV + fi + + echo "DEPS_BUILD_DIR_=$(dirname ${{ github.workspace }})/obs-build-dependencies_${{ env.TARGET_ARCH }}" >> $GITHUB_ENV + + - name: 'Restore Chromium Embedded Framework from cache' + id: cef-cache + uses: actions/cache@v3 + env: + CACHE_NAME: 'cef-cache' + with: + path: ${{ env.DEPS_BUILD_DIR_ }}/cef_binary_${{ env.CEF_BUILD_VERSION_MAC }}_macos_${{ env.TARGET_ARCH}} + key: ${{ runner.os }}-pr-${{ env.CACHE_NAME }}-${{ env.CEF_BUILD_VERSION_MAC }}-${{ env.TARGET_ARCH }}-${{ env.CACHE_REVISION }} + + - name: 'Restore VLC dependency from cache' + id: vlc-cache + uses: actions/cache@v3 + env: + CACHE_NAME: 'vlc-cache' + with: + path: ${{ env.DEPS_BUILD_DIR_ }}/vlc-${{ env.VLC_VERSION_MAC }} + key: ${{ runner.os }}-pr-${{ env.CACHE_NAME }}-${{ env.VLC_VERSION_MAC }}-${{ env.CACHE_REVISION }} + + - name: 'Restore Sparkle dependency from cache' + id: sparkle-cache + uses: actions/cache@v3 + env: + CACHE_NAME: 'sparkle-cache' + with: + path: ${{ env.DEPS_BUILD_DIR_ }}/obs-deps/lib/Sparkle.framework + key: ${{ runner.os }}-pr-${{ env.CACHE_NAME }}-${{ env.SPARKLE_VERSION }}-${{ env.CACHE_REVISION }} + + - name: 'Install dependencies' + env: + RESTORED_VLC: ${{ steps.vlc-cache.outputs.cache-hit }} + RESTORED_SPARKLE: ${{ steps.sparkle-cache.outputs.cache-hit }} + RESTORED_CEF: ${{ steps.cef-cache.outputs.cache-hit }} + DEPS_BUILD_DIR: ${{ env.DEPS_BUILD_DIR_ }} + run: CI/macos/01_install_dependencies.sh --architecture ${{ env.TARGET_ARCH }} + + - name: 'Setup plugins' + run: | + git stash + rm -rf ${{ github.workspace }}/plugins/obs-ndi + rm -rf ${{ github.workspace }}/plugins/obs-browser + git submodule update --init --recursive + + - name: 'Unlock keychain' + run: | + security -v unlock-keychain -p ${MACOS_KEYCHAIN_PASSWORD} ${MACOS_KEYCHAIN_PATH} && echo "Keychain is unlocked" || exit 1 + env: + MACOS_KEYCHAIN_PASSWORD: ${{ secrets.MACOS_KEYCHAIN_PASSWORD }} + MACOS_KEYCHAIN_PATH: /Users/dolbyvoice/Library/Keychains/cosmosoftware.keychain-db + + # Geneate OBS without obs-ndi plugin + - name: 'Build OBS - no NDI' + run: CI/macos/02_build_obs.sh --codesign --architecture ${{ env.TARGET_ARCH }} + env: + CODESIGN_IDENT: ${{ secrets.CODESIGN_IDENT }} + CODESIGN_TEAM_ID: ${{ secrets.CODESIGN_TEAM_ID }} + CODESIGN_IDENT_USER: ${{ secrets.CODESIGN_IDENT_USER }} + NOTARIZE_APP_SPECIFIC_PASSWORD: ${{ secrets.NOTARIZE_APP_SPECIFIC_PASSWORD }} + + - name: 'Create build artifact' + run: | + CI/macos/03_package_obs.sh --codesign --notarize --architecture ${{ env.TARGET_ARCH }} + ARTIFACT_NAME=$(basename $(find build/. -name "obs-webrtc*.dmg")) + echo "FILE_NAME=${ARTIFACT_NAME}" >> $GITHUB_ENV + echo "ARTIFACT READY: ${ARTIFACT_NAME}" + env: + CODESIGN_IDENT: ${{ secrets.CODESIGN_IDENT }} + CODESIGN_TEAM_ID: ${{ secrets.CODESIGN_TEAM_ID }} + CODESIGN_IDENT_USER: ${{ secrets.CODESIGN_IDENT_USER }} + NOTARIZE_APP_SPECIFIC_PASSWORD: ${{ secrets.NOTARIZE_APP_SPECIFIC_PASSWORD }} + + - name: 'Upload build Artifact' + uses: actions/upload-artifact@v3 + with: + name: 'obs-studio-macos-${{ env.TARGET_ARCH }}-${{ steps.setup.outputs.commitHash }}' + path: '${{ github.workspace }}/build/${{ env.FILE_NAME }}' + + # Geneate OBS with obs-ndi plugin + - name: 'Build OBS - with NDI' + run: CI/macos/02_build_obs.sh --codesign --architecture ${{ env.TARGET_ARCH }} --ndi + env: + CODESIGN_IDENT: ${{ secrets.CODESIGN_IDENT }} + CODESIGN_TEAM_ID: ${{ secrets.CODESIGN_TEAM_ID }} + CODESIGN_IDENT_USER: ${{ secrets.CODESIGN_IDENT_USER }} + NOTARIZE_APP_SPECIFIC_PASSWORD: ${{ secrets.NOTARIZE_APP_SPECIFIC_PASSWORD }} + + - name: 'Create build artifact' + run: | + CI/macos/03_package_obs.sh --codesign --notarize --architecture ${{ env.TARGET_ARCH }} --ndi + ARTIFACT_NAME=$(basename $(find build/. -name "obs-webrtc-ndi*.dmg")) + echo "FILE_NAME=${ARTIFACT_NAME}" >> $GITHUB_ENV + echo "ARTIFACT READY: ${ARTIFACT_NAME}" + env: + CODESIGN_IDENT: ${{ secrets.CODESIGN_IDENT }} + CODESIGN_TEAM_ID: ${{ secrets.CODESIGN_TEAM_ID }} + CODESIGN_IDENT_USER: ${{ secrets.CODESIGN_IDENT_USER }} + NOTARIZE_APP_SPECIFIC_PASSWORD: ${{ secrets.NOTARIZE_APP_SPECIFIC_PASSWORD }} + + - name: 'Upload build Artifact' + uses: actions/upload-artifact@v3 + with: + name: 'obs-studio-macos-${{ env.TARGET_ARCH }}-${{ steps.setup.outputs.commitHash }}-ndi' + path: '${{ github.workspace }}/build/${{ env.FILE_NAME }}' linux_build: name: 'Linux' @@ -469,82 +469,82 @@ jobs: with: name: 'obs-studio-${{ matrix.ubuntu }}-${{ steps.setup.outputs.commitHash }}' path: '${{ github.workspace }}/build/${{ env.FILE_NAME }}' - # - # windows_build: - # name: 'Windows_x64' - # runs-on: [windows-2022] - # env: - # CMAKE_GENERATOR: 'Visual Studio 17 2022' - # CMAKE_SYSTEM_VERSION: '10.0.18363.657' - # VIRTUALCAM-GUID: 'A3FCE0F5-3493-419F-958A-ABA1250EC20B' - # TARGET_ARCH: 'x64' - # steps: - # - name: 'Checkout' - # uses: actions/checkout@v4 - # with: - # submodules: 'recursive' - # fetch-depth: 0 - # - name: 'Generate access token' - # id: accessToken - # uses: dolby-io-internal/gh-access@v0.0.3-windows - # with: - # gh_app_priv_key: ${{ secrets.GH_APP_RELEASECREATOR_PRIV_KEY }} - # gh_app_id: ${{ secrets.GH_APP_ID }} - # gh_app_installation_id: ${{ secrets.GH_APP_INSTALLATION_ID }} - # - name: 'Download libWebRTC' - # uses: ./.github/actions/download_libwebrtc/win - # with: - # access_token: ${{ steps.accessToken.outputs.token }} - # release_tag: ${{ env.LIBWEBRTC_RELEASE_TAG }} - # asset_pattern: "^libWebRTC-${{ env.LIBWEBRTC_VERSION }}-x64-Mt-Release-.*.exe.*" - # - # - name: 'Add msbuild to PATH' - # uses: microsoft/setup-msbuild@v1.1 - # - # - name: 'Setup additional build environment variables' - # id: setup - # run: | - # $LabelFound = try { (Invoke-RestMethod -Authentication 'Bearer' -Token (ConvertTo-SecureString '${{ secrets.GITHUB_TOKEN }}' -AsPlainText) -Uri "${{ github.event.pull_request.url }}" -UseBasicParsing).labels.name.contains("Seeking Testers") } catch { $false } - # Write-Output "SEEKING_TESTERS=$(if( $LabelFound -eq $true ) { 1 } else { 0 })" | Out-File -FilePath $Env:GITHUB_ENV -Encoding utf8 -Append - # $CommitHash = git rev-parse --short=9 HEAD - # "commitHash=${CommitHash}" >> $env:GITHUB_OUTPUT - # - # - name: 'Restore VLC dependency from cache' - # id: vlc-cache - # uses: actions/cache@v3 - # env: - # CACHE_NAME: 'vlc-cache' - # with: - # path: ${{ github.workspace }}/obs-build-dependencies/vlc-${{ env.VLC_VERSION_WIN }} - # key: ${{ runner.os }}-pr-${{ env.CACHE_NAME }}-${{ env.VLC_VERSION_WIN }}-${{ env.CACHE_REVISION }} - # - # - name: 'Install dependencies' - # env: - # RESTORED_VLC: ${{ steps.vlc-cache.outputs.cache-hit }} - # RESTORED_CEF: ${{ steps.cef-cache.outputs.cache-hit }} - # run: CI/windows/01_install_dependencies.ps1 -BuildArch ${{ env.TARGET_ARCH }} - # - # - name: 'Setup plugings' - # run: | - # git stash - # Remove-Item ${{ github.workspace }}\\plugins\\obs-ndi -Recurse -Force - # Remove-Item ${{ github.workspace }}\\plugins\\obs-browser -Recurse -Force - # git submodule update --init --recursive - # - # - name: 'Build OBS' - # run: CI/windows/02_build_obs.ps1 -BuildArch ${{ env.TARGET_ARCH }} - # - # - name: 'Create build artifact' - # if: ${{ success() && (github.event_name != 'pull_request' || env.SEEKING_TESTERS == '1') }} - # run: | - # CI/windows/03_package_obs.ps1 -BuildArch ${{ env.TARGET_ARCH }} -Package - # $ArtifactName = Get-ChildItem -filter "obs-webrtc-*-windows-${{ env.TARGET_ARCH }}.zip" -File -Recurse - # Write-Output "FILE_NAME=${ArtifactName}" | Out-File -FilePath $Env:GITHUB_ENV -Encoding utf8 -Append - # Write-Host $env:FILE_NAME - # - # - name: 'Upload build artifact' - # if: ${{ success() && (github.event_name != 'pull_request' || env.SEEKING_TESTERS == '1') }} - # uses: actions/upload-artifact@v3 - # with: - # name: 'obs-studio-windows-${{ env.TARGET_ARCH }}-${{ steps.setup.outputs.commitHash }}' - # path: '${{ env.FILE_NAME }}' + + windows_build: + name: 'Windows_x64' + runs-on: [windows-2022] + env: + CMAKE_GENERATOR: 'Visual Studio 17 2022' + CMAKE_SYSTEM_VERSION: '10.0.18363.657' + VIRTUALCAM-GUID: 'A3FCE0F5-3493-419F-958A-ABA1250EC20B' + TARGET_ARCH: 'x64' + steps: + - name: 'Checkout' + uses: actions/checkout@v4 + with: + submodules: 'recursive' + fetch-depth: 0 + - name: 'Generate access token' + id: accessToken + uses: dolby-io-internal/gh-access@v0.0.3-windows + with: + gh_app_priv_key: ${{ secrets.GH_APP_RELEASECREATOR_PRIV_KEY }} + gh_app_id: ${{ secrets.GH_APP_ID }} + gh_app_installation_id: ${{ secrets.GH_APP_INSTALLATION_ID }} + - name: 'Download libWebRTC' + uses: ./.github/actions/download_libwebrtc/win + with: + access_token: ${{ steps.accessToken.outputs.token }} + release_tag: ${{ env.LIBWEBRTC_RELEASE_TAG }} + asset_pattern: "^libWebRTC-${{ env.LIBWEBRTC_VERSION }}-x64-Mt-Release-.*.exe.*" + + - name: 'Add msbuild to PATH' + uses: microsoft/setup-msbuild@v1.1 + + - name: 'Setup additional build environment variables' + id: setup + run: | + $LabelFound = try { (Invoke-RestMethod -Authentication 'Bearer' -Token (ConvertTo-SecureString '${{ secrets.GITHUB_TOKEN }}' -AsPlainText) -Uri "${{ github.event.pull_request.url }}" -UseBasicParsing).labels.name.contains("Seeking Testers") } catch { $false } + Write-Output "SEEKING_TESTERS=$(if( $LabelFound -eq $true ) { 1 } else { 0 })" | Out-File -FilePath $Env:GITHUB_ENV -Encoding utf8 -Append + $CommitHash = git rev-parse --short=9 HEAD + "commitHash=${CommitHash}" >> $env:GITHUB_OUTPUT + + - name: 'Restore VLC dependency from cache' + id: vlc-cache + uses: actions/cache@v3 + env: + CACHE_NAME: 'vlc-cache' + with: + path: ${{ github.workspace }}/obs-build-dependencies/vlc-${{ env.VLC_VERSION_WIN }} + key: ${{ runner.os }}-pr-${{ env.CACHE_NAME }}-${{ env.VLC_VERSION_WIN }}-${{ env.CACHE_REVISION }} + + - name: 'Install dependencies' + env: + RESTORED_VLC: ${{ steps.vlc-cache.outputs.cache-hit }} + RESTORED_CEF: ${{ steps.cef-cache.outputs.cache-hit }} + run: CI/windows/01_install_dependencies.ps1 -BuildArch ${{ env.TARGET_ARCH }} + + - name: 'Setup plugings' + run: | + git stash + Remove-Item ${{ github.workspace }}\\plugins\\obs-ndi -Recurse -Force + Remove-Item ${{ github.workspace }}\\plugins\\obs-browser -Recurse -Force + git submodule update --init --recursive + + - name: 'Build OBS' + run: CI/windows/02_build_obs.ps1 -BuildArch ${{ env.TARGET_ARCH }} + + - name: 'Create build artifact' + if: ${{ success() && (github.event_name != 'pull_request' || env.SEEKING_TESTERS == '1') }} + run: | + CI/windows/03_package_obs.ps1 -BuildArch ${{ env.TARGET_ARCH }} -Package + $ArtifactName = Get-ChildItem -filter "obs-webrtc-*-windows-${{ env.TARGET_ARCH }}.zip" -File -Recurse + Write-Output "FILE_NAME=${ArtifactName}" | Out-File -FilePath $Env:GITHUB_ENV -Encoding utf8 -Append + Write-Host $env:FILE_NAME + + - name: 'Upload build artifact' + if: ${{ success() && (github.event_name != 'pull_request' || env.SEEKING_TESTERS == '1') }} + uses: actions/upload-artifact@v3 + with: + name: 'obs-studio-windows-${{ env.TARGET_ARCH }}-${{ steps.setup.outputs.commitHash }}' + path: '${{ env.FILE_NAME }}'