name: 'Build: macOS'
on:
pull_request:
workflow_dispatch:
inputs:
build_mode:
description: 'Build mode: devel, nightly, testing, stable'
default: 'devel'
required: true
publish:
description: 'Publish to FTP: on - publish'
default: 'off'
required: false
sentry_project:
description: 'Upload symbols and dumps to Sentry (choose a project): mu4(default for stable build), sandbox'
default: ''
required: false
workflow_call:
inputs:
build_mode:
description: 'Build mode: devel, nightly, testing, stable'
default: 'devel'
type: string
required: true
publish:
description: 'Publish to FTP: on - publish'
default: 'off'
type: string
required: false
sentry_project:
description: 'Upload symbols and dumps to Sentry (choose a project): mu4(default for stable build), sandbox'
default: ''
type: string
required: false
env:
DEVELOPER_DIR: /Applications/Xcode_15.4.app/Contents/Developer
jobs:
macos_universal:
runs-on: macos-latest
steps:
- name: Cancel Previous Runs
uses: styfle/cancel-workflow-action@0.12.1
with:
access_token: ${{ github.token }}
- name: Clone repository
uses: actions/checkout@v4
- name: Configure workflow
env:
pull_request_title: ${{ github.event.pull_request.title }}
SENTRY_SERVER_MU4_KEY: ${{ secrets.SENTRY_SERVER_MU4_KEY }}
SENTRY_SERVER_SANDBOX_KEY: ${{ secrets.SENTRY_SERVER_SANDBOX_KEY }}
SENTRY_PROJECT: ${{ inputs.sentry_project }}
run: |
bash ./buildscripts/ci/tools/make_build_mode_env.sh -e ${{ github.event_name }} -m ${{ inputs.build_mode }}
BUILD_MODE=$(cat ./build.artifacts/env/build_mode.env)
bash ./buildscripts/ci/tools/make_build_number.sh
BUILD_NUMBER=$(cat ./build.artifacts/env/build_number.env)
DO_NOTARIZE='false'
if [ "$BUILD_MODE" != "devel" ]; then
DO_NOTARIZE='true'
if [ -z "${{ secrets.APPLE_USERNAME }}" ]; then
echo "::warning::APPLE_USERNAME is empty; notarization disabled"
DO_NOTARIZE='false'
fi
if [ -z "${{ secrets.APPLE_PASSWORD }}" ]; then
echo "::warning::APPLE_PASSWORD is empty, notarization disabled"
DO_NOTARIZE='false'
fi
fi
DO_UPDATE_TS='false'
if [[ "$BUILD_MODE" == "testing" || "$BUILD_MODE" == "stable" ]]; then
DO_UPDATE_TS='true'
if [ -z "${{ secrets.TRANSIFEX_API_TOKEN }}" ]; then
echo "::warning::TRANSIFEX_API_TOKEN is empty; updating .ts files disabled"
DO_UPDATE_TS='false'
fi
fi
DO_PLACEHOLDER_TRANSLATIONS='false'
if [[ "$BUILD_MODE" == "nightly" || "$BUILD_MODE" == "devel" ]]; then
DO_PLACEHOLDER_TRANSLATIONS='true'
fi
DO_UPLOAD_SYMBOLS='false'
SENTRY_URL=""
if [ "$SENTRY_SERVER_MU4_KEY" != "" ]; then
if [ -z "$SENTRY_PROJECT" ] && [ "$BUILD_MODE" == "stable" ]; then
SENTRY_PROJECT="mu4"
fi
if [ "$SENTRY_PROJECT" == "mu4" ]; then
DO_UPLOAD_SYMBOLS='true'
SENTRY_URL=https://sentry.musescore.org/api/4/minidump/?sentry_key=$SENTRY_SERVER_MU4_KEY
fi
fi
if [ -z "$SENTRY_PROJECT" ] && [ "$BUILD_MODE" == "nightly" ]; then
SENTRY_PROJECT="sandbox"
fi
if [ "$SENTRY_PROJECT" == "sandbox" ] && [ "$SENTRY_SERVER_SANDBOX_KEY" != "" ]; then
DO_UPLOAD_SYMBOLS='true'
SENTRY_URL=https://sentry.musescore.org/api/3/minidump/?sentry_key=$SENTRY_SERVER_SANDBOX_KEY
fi
DO_PUBLISH='false'
if [ "${{ inputs.publish }}" == "on" ]; then
DO_PUBLISH='true'
if [ -z "${{ secrets.OSUOSL_SSH_ENCRYPT_SECRET }}" ]; then
echo "::warning::OSUOSL_SSH_ENCRYPT_SECRET is empty; not publishing to OSUOSL"
DO_PUBLISH='false'
fi
fi
ADD_INFO="_${GITHUB_REF#refs/heads/}"
if [ "${{ github.event_name }}" == "pull_request" ]; then
ADD_INFO="_${{ github.event.pull_request.number }}_${pull_request_title}"
fi
UPLOAD_ARTIFACT_NAME="$(tr '":<>|*?/\\’' '_' <<<"MU4_${BUILD_NUMBER}_Mac${ADD_INFO}")"
echo "github.repository: ${{ github.repository }}"
echo "BUILD_MODE=$BUILD_MODE" | tee -a $GITHUB_ENV
echo "BUILD_NUMBER=$BUILD_NUMBER" | tee -a $GITHUB_ENV
echo "DO_UPDATE_TS=$DO_UPDATE_TS" | tee -a $GITHUB_ENV
echo "DO_PLACEHOLDER_TRANSLATIONS=$DO_PLACEHOLDER_TRANSLATIONS" | tee -a $GITHUB_ENV
echo "DO_NOTARIZE=$DO_NOTARIZE" | tee -a $GITHUB_ENV
echo "DO_UPLOAD_SYMBOLS=$DO_UPLOAD_SYMBOLS" | tee -a $GITHUB_ENV
echo "SENTRY_PROJECT=$SENTRY_PROJECT" | tee -a $GITHUB_ENV
echo "SENTRY_URL=$SENTRY_URL" | tee -a $GITHUB_ENV
echo "DO_PUBLISH=$DO_PUBLISH" | tee -a $GITHUB_ENV
echo "UPLOAD_ARTIFACT_NAME=$UPLOAD_ARTIFACT_NAME" | tee -a $GITHUB_ENV
echo "CCACHE_TIMESTAMP=$(date -u +"%F-%T")" | tee -a $GITHUB_ENV
- name: Restore ccache files
uses: actions/cache@v4
with:
path: ${{ github.workspace }}/.ccache
key: ${{github.workflow}}-ccache-${{ env.CCACHE_TIMESTAMP }}
restore-keys: ${{github.workflow}}-ccache-
- name: Setup ccache
run: |
brew install ccache
bash ./buildscripts/ci/tools/setup_ccache_config.sh
- name: Setup environment
run: |
bash ./buildscripts/ci/macos/setup.sh
- name: Generate _en.ts files
env:
LUPDATE_ARGS: ""
POSTPROCESS_ARGS: "--warn-only ${{ env.DO_PLACEHOLDER_TRANSLATIONS == 'true' && '--generate-placeholder-translations' || '' }}"
run: |
bash ./buildscripts/ci/translation/run_lupdate.sh
- name: Update .ts files
if: env.DO_UPDATE_TS == 'true'
run: |
bash ./buildscripts/ci/translation/tx_install.sh -t ${{ secrets.TRANSIFEX_API_TOKEN }} -s macos
bash ./buildscripts/ci/translation/tx_pull.sh
- name: Build
run: |
C_URL=${SENTRY_URL}; if [ -z "$C_URL" ]; then C_URL="''"; fi
bash ./buildscripts/ci/macos/build.sh -n ${{ env.BUILD_NUMBER }} --crash_log_url $C_URL
echo "============== ccache ==============="
ccache -s
- name: Package
run: |
S_S="${{ secrets.MAC_SIGN_CERTIFICATE_ENCRYPT_SECRET }}"; if [ -z "$S_S" ]; then S_S="''"; fi
S_P="${{ secrets.MAC_SIGN_CERTIFICATE_PASSWORD }}"; if [ -z "$S_P" ]; then S_P="''"; fi
bash ./buildscripts/ci/macos/package.sh --signpass "$S_P" --signsecret "$S_S"
- name: Notarize
if: env.DO_NOTARIZE == 'true'
run: |
USER=${{ secrets.APPLE_USERNAME }}; if [ -z "$USER" ]; then USER=""; fi
PW=${{ secrets.APPLE_PASSWORD }}; if [ -z "$PW" ]; then PW=""; fi
bash ./buildscripts/ci/macos/notarize.sh -u $USER -p $PW
- name: Checksum
run: |
bash ./buildscripts/ci/tools/checksum.sh
- name: Generate and upload dump symbols
if: env.DO_UPLOAD_SYMBOLS == 'true'
run: |
APP_BIN=$(pwd)/applebuild/mscore.app/Contents/MacOS/mscore
GENERATE_ARCHS=("x86_64 arm64")
BUILD_DIR=$(pwd)/applebuild
cmake -DAPP_BIN=${APP_BIN} \
-DGENERATE_ARCHS="${GENERATE_ARCHS}" \
-DBUILD_DIR=${BUILD_DIR} \
-DSENTRY_URL=https://sentry.musescore.org \
-DSENTRY_ORG=musescore \
-DSENTRY_AUTH_TOKEN=${{ secrets.SENTRY_AUTH_TOKEN }} \
-DSENTRY_PROJECT=${SENTRY_PROJECT} \
-P buildscripts/ci/crashdumps/ci_generate_and_upload.cmake
- name: Publish to OSUOSL
if: env.DO_PUBLISH == 'true'
run: |
bash ./buildscripts/ci/tools/osuosl/publish.sh -s ${{ secrets.OSUOSL_SSH_ENCRYPT_SECRET }} --os macos -v 4
- name: Upload artifacts on GitHub
uses: actions/upload-artifact@v4
with:
name: ${{ env.UPLOAD_ARTIFACT_NAME }}
path: ./build.artifacts/