diff --git a/.github/workflows/package.yml b/.github/workflows/package.yml index dab788552..1b88157d6 100644 --- a/.github/workflows/package.yml +++ b/.github/workflows/package.yml @@ -24,11 +24,14 @@ on: jobs: package-macos: runs-on: macos-10.15 + strategy: + matrix: + macos-deployment-version: [10.12, 10.14] env: DISCID_VERSION: 0.6.2 FPCALC_VERSION: 1.5.0 - PYTHON_VERSION: 3.7.6 - MACOSX_DEPLOYMENT_TARGET: 10.12 + PYTHON_VERSION: 3.9.1 + MACOSX_DEPLOYMENT_TARGET: ${{ matrix.macos-deployment-version }} steps: - uses: actions/checkout@v2 with: @@ -57,7 +60,7 @@ jobs: run: | python3 -m pip install --upgrade pip setuptools wheel pip3 install -r requirements-build.txt - pip3 install -r requirements-macos.txt + pip3 install -r requirements-macos-${MACOSX_DEPLOYMENT_TARGET}.txt - name: Run tests run: | python3 setup.py test @@ -86,7 +89,7 @@ jobs: - name: Archive production artifacts uses: actions/upload-artifact@v1 with: - name: macos-app + name: macos-app-${{ matrix.macos-deployment-version }} path: artifacts/ package-windows: diff --git a/requirements-build.txt b/requirements-build.txt index 2b71063cb..dc6d59ef0 100644 --- a/requirements-build.txt +++ b/requirements-build.txt @@ -1,3 +1,3 @@ Babel==2.6 -PyInstaller==4.0 +PyInstaller==4.1 setuptools<45.0.0 diff --git a/requirements-macos.txt b/requirements-macos-10.12.txt similarity index 100% rename from requirements-macos.txt rename to requirements-macos-10.12.txt diff --git a/requirements-macos-10.14.txt b/requirements-macos-10.14.txt new file mode 100644 index 000000000..c92cd4385 --- /dev/null +++ b/requirements-macos-10.14.txt @@ -0,0 +1,7 @@ +python-dateutil==2.8.1 +discid==1.2.0 +markdown==3.2.2 +mutagen==1.45.1 +pyobjc-core==6.2.2 +pyobjc-framework-Cocoa==6.2.2 +PyQt5==5.15.2 diff --git a/scripts/package/macos-package-app.sh b/scripts/package/macos-package-app.sh index ff564b730..9e5e62d5b 100755 --- a/scripts/package/macos-package-app.sh +++ b/scripts/package/macos-package-app.sh @@ -12,6 +12,7 @@ MACOS_VERSION_MAJOR=${MACOS_VERSION_MAJOR%.*} MACOS_VERSION_MINOR=${MACOS_VERSION#*.} MACOS_VERSION_MINOR=${MACOS_VERSION_MINOR%.*} +echo "Building Picard..." rm -rf dist build locale python3 setup.py clean python3 setup.py build @@ -26,6 +27,7 @@ CERTIFICATE_NAME="MetaBrainz Foundation Inc." CERTIFICATE_FILE=scripts/package/appledev.p12 if [ -f $CERTIFICATE_FILE ] && [ -n "$CODESIGN_MACOS_P12_PASSWORD" ]; then + echo "Preparing code signing certificate..." security create-keychain -p $KEYCHAIN_PASSWORD $KEYCHAIN_PATH security unlock-keychain -p $KEYCHAIN_PASSWORD $KEYCHAIN_PATH security set-keychain-settings $KEYCHAIN_PATH # Ensure keychain stays unlocked @@ -46,43 +48,48 @@ fi cd dist -# Create app bundle -ditto -rsrc --arch x86_64 'MusicBrainz Picard.app' 'MusicBrainz Picard.tmp' -rm -r 'MusicBrainz Picard.app' -mv 'MusicBrainz Picard.tmp' 'MusicBrainz Picard.app' +echo "Create and sign app bundle..." +APP_BUNDLE="MusicBrainz Picard.app" +ditto -rsrc --arch x86_64 "$APP_BUNDLE" "$APP_BUNDLE.tmp" +rm -r "$APP_BUNDLE" +mv "$APP_BUNDLE.tmp" "$APP_BUNDLE" if [ "$CODESIGN" = '1' ]; then # Enable hardened runtime if app will get notarized if [ "$NOTARIZE" = "1" ]; then - codesign --verify --verbose --deep \ + codesign --verbose --deep --force \ --options runtime \ --entitlements ../scripts/package/entitlements.plist \ --keychain "$KEYCHAIN_PATH" --sign "$CERTIFICATE_NAME" \ - "MusicBrainz Picard.app" - ../scripts/package/macos-notarize-app.sh "MusicBrainz Picard.app" + "$APP_BUNDLE" + ../scripts/package/macos-notarize-app.sh "$APP_BUNDLE" + codesign --verbose --deep --verbose --strict=all --check-notarization "$APP_BUNDLE" else - codesign --verify --verbose --deep \ + codesign --verify --verbose --deep --force \ --keychain "$KEYCHAIN_PATH" --sign "$CERTIFICATE_NAME" \ - "MusicBrainz Picard.app" + "$APP_BUNDLE" fi fi -# Verify Picard executable works and required dependencies are bundled -VERSIONS=$("MusicBrainz Picard.app/Contents/MacOS/picard-run" --long-version) -echo "$VERSIONS" -ASTRCMP_REGEX="astrcmp C" -[[ $VERSIONS =~ $ASTRCMP_REGEX ]] || (echo "Failed: Build does not include astrcmp C" && false) -LIBDISCID_REGEX="libdiscid [0-9]+\.[0-9]+\.[0-9]+" -[[ $VERSIONS =~ $LIBDISCID_REGEX ]] || (echo "Failed: Build does not include libdiscid" && false) -"MusicBrainz Picard.app/Contents/MacOS/fpcalc" -version +# Only test the app if it was codesigned, otherwise execution likely fails +if [ "$CODESIGN" = '1' ]; then + echo "Verify Picard executable works and required dependencies are bundled..." + VERSIONS=$("$APP_BUNDLE/Contents/MacOS/picard-run" --long-version) + echo "$VERSIONS" + ASTRCMP_REGEX="astrcmp C" + [[ $VERSIONS =~ $ASTRCMP_REGEX ]] || (echo "Failed: Build does not include astrcmp C" && false) + LIBDISCID_REGEX="libdiscid [0-9]+\.[0-9]+\.[0-9]+" + [[ $VERSIONS =~ $LIBDISCID_REGEX ]] || (echo "Failed: Build does not include libdiscid" && false) + "$APP_BUNDLE/Contents/MacOS/fpcalc" -version +fi -# Package app bundle into DMG image -if [ -n "$TRAVIS_OSX_IMAGE" ]; then - DMG="MusicBrainz-Picard-${VERSION}_macOS-$MACOS_VERSION_MAJOR.$MACOS_VERSION_MINOR.dmg" +echo "Package app bundle into DMG image..." +if [ -n "$MACOSX_DEPLOYMENT_TARGET" ]; then + DMG="MusicBrainz-Picard-${VERSION}-macOS-${MACOSX_DEPLOYMENT_TARGET}.dmg" else - DMG="MusicBrainz-Picard-$VERSION.dmg" + DMG="MusicBrainz-Picard-${VERSION}.dmg" fi mkdir staging -mv "MusicBrainz Picard.app" staging/ +mv "$APP_BUNDLE" staging/ # Offer a link to /Applications for easy installation ln -s /Applications staging/Applications hdiutil create -volname "MusicBrainz Picard $VERSION" \