MacOS Build #40
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: MacOS Build | |
| env: | |
| OPENBB_LOG_COLLECT: false | |
| OPENBB_USE_PROMPT_TOOLKIT: false | |
| OPENBB_FILE_OVERWRITE: true | |
| PIP_DEFAULT_TIMEOUT: 100 | |
| PYTHONNOUSERSITE: 1 | |
| on: workflow_dispatch | |
| concurrency: | |
| group: ${{ github.workflow }}-${{ github.ref }} | |
| cancel-in-progress: true | |
| jobs: | |
| M1-MacOs-Build: | |
| name: M1 MacOS Build | |
| runs-on: [self-hosted, macos, ARM64] | |
| steps: | |
| # Checkout repository main branch. this allows for the commit hashes to line up | |
| - name: Checkout | |
| uses: actions/checkout@v3 | |
| - name: Git Log | |
| run: git log | |
| # The following commands to clear previous PATHS and restore to defaults since we have to maintain the instance ourselves | |
| - name: Clean Previous Path | |
| run: | | |
| export PATH="" | |
| export PATH="/usr/local/bin:/usr/bin:/bin:/usr/sbin:/sbin" | |
| echo $PATH | |
| # Set up caching for conda env so that the workflow runs quickly after the first time | |
| - name: Setup Conda Caching | |
| uses: actions/cache@v3 | |
| with: | |
| path: ~/conda_pkgs_dir | |
| key: conda-macos-3-9-${{ hashFiles('build/conda/conda-3-9-env.yaml') }} | |
| # Set up miniconda using the environment yaml file within the repo | |
| - name: Setup Miniconda | |
| uses: conda-incubator/[email protected] | |
| with: | |
| miniconda-version: "latest" | |
| auto-update-conda: true | |
| channels: conda-forge,defaults | |
| show-channel-urls: true | |
| channel-priority: flexible | |
| environment-file: build/conda/conda-3-9-env.yaml | |
| activate-environment: obb | |
| auto-activate-base: false | |
| use-only-tar-bz2: true # Needed for caching some reason | |
| - name: Install Dependencies | |
| shell: bash -l {0} | |
| run: | | |
| conda info | |
| pip list | |
| build/conda/cleanup_artifacts.sh | |
| poetry install -E all -E installer | |
| pip uninstall papermill -y | |
| pip install git+https://github.com/nteract/papermill.git@main | |
| pip list | |
| - name: Build Bundle | |
| run: build/pyinstaller/build4mac.sh | |
| shell: bash -l {0} | |
| - name: Creating Application Keychain | |
| env: | |
| MACOS_CERTIFICATE: ${{ secrets.MACOS_CERTIFICATE }} | |
| MACOS_CERTIFICATE_PWD: ${{ secrets.MACOS_CERTIFICATE_PWD }} | |
| MACOS_KEYCHAIN_PWD: ${{ secrets.MACOS_KEYCHAIN_PWD }} | |
| MACOS_CODESIGN_IDENTITY: ${{ secrets.MACOS_CODESIGN_IDENTITY }} | |
| run: | |
| | # when pushing to main, make to generate new cert, and utilize secrets to store new password, and identity | |
| echo "Ensuring Keychain with same name does not exist" | |
| rm -rf /Users/openbb/Library/Keychains/build.keychain-db | |
| echo "Decoding certificate" | |
| echo $MACOS_CERTIFICATE | base64 --decode > certificate.p12 | |
| echo "Creating Keychain" | |
| security create-keychain -p $MACOS_KEYCHAIN_PWD build.keychain | |
| echo "Setting Default Keychain" | |
| security default-keychain -s build.keychain | |
| echo "Unlocking Keychain" | |
| security unlock-keychain -p $MACOS_KEYCHAIN_PWD build.keychain | |
| echo "Importing Keychain" | |
| security import certificate.p12 -k build.keychain -P $MACOS_CERTIFICATE_PWD -T /usr/bin/codesign | |
| echo "Setting Partition List" | |
| security set-key-partition-list -S apple-tool:,apple:,codesign: -s -k $MACOS_KEYCHAIN_PWD build.keychain | |
| - name: Create Signed Package | |
| env: | |
| APPLE_DEVELOPER_CERTIFICATE_ID: ${{ secrets.MACOS_INSTALLER_CODESIGN_IDENTITY }} | |
| MACOS_CERTIFICATE_PWD: ${{ secrets.MACOS_CERTIFICATE_PWD }} | |
| MACOS_KEYCHAIN_PWD: ${{ secrets.MACOS_KEYCHAIN_PWD }} | |
| MACOS_INSTALLER_KEYCHAIN_PWD: ${{ secrets.MACOS_INSTALLER_KEYCHAIN_PWD }} | |
| APPLE_SIGNING_IDENTITY: ${{ secrets.MACOS_CODESIGN_IDENTITY }} | |
| run: | | |
| security unlock-keychain -p $MACOS_INSTALLER_KEYCHAIN_PWD install.keychain | |
| build/pyinstaller/macOS/build-macos.sh OpenBBTerminal 0.0.1 | |
| mv build/pyinstaller/macOS/target/pkg/OpenBBTerminalM1.pkg OpenBBTerminal.pkg | |
| shell: bash -l {0} | |
| - name: Deleting Previous Keychain | |
| run: | | |
| echo "Deleting Previous Keychain to Clean Instance" | |
| rm -rf /Users/openbb/Library/Keychains/build.keychain-db | |
| - name: Clean up Build Artifacts | |
| run: | | |
| rm -rf build/terminal | |
| rm -rf dist | |
| rm -rf DMG | |
| - name: Notorize DMG | |
| env: | |
| NOTARIZE_APPLE_ID: ${{ secrets.NOTARIZE_APPLE_ID }} | |
| NOTARIZE_APPLE_PWD: ${{ secrets.NOTARIZE_APPLE_PWD }} | |
| NOTARIZE_APPLE_TEAM_ID: ${{ secrets.NOTARIZE_APPLE_TEAM_ID }} | |
| run: | | |
| xcrun notarytool submit OpenBBTerminal.pkg --apple-id "$NOTARIZE_APPLE_ID" --password "$NOTARIZE_APPLE_PWD" --team-id "$NOTARIZE_APPLE_TEAM_ID" --wait | |
| - name: Staple | |
| run: | | |
| xcrun stapler staple OpenBBTerminal.pkg | |
| - name: Clean up Build Artifacts | |
| run: | | |
| rm -rf build/terminal | |
| rm -rf dist | |
| rm -rf DMG | |
| - name: Save Build Artifact PKG | |
| uses: actions/upload-artifact@v3 | |
| with: | |
| name: OpenBBM1.pkg | |
| path: OpenBBTerminal.pkg | |
| - name: Get contents from PkgUtil | |
| run: | | |
| pkgutil --expand-full OpenBBTerminal.pkg extract/ | |
| rm -rf OpenBBTerminal.pkg | |
| - name: Remove OpenBB Folder | |
| run: | | |
| rm -rf /Users/openbb/Desktop/OpenBB\ Terminal | |
| rm -rf ~/Desktop/OPENBB-exports | |
| rm -rf extract/ | |
| # Job to build the MacOS Intel version of the Terminal=================================== | |
| Intel-MacOs-Build: | |
| name: Intel MacOS Build | |
| runs-on: [self-hosted, macos, x64] | |
| steps: | |
| # Checkout repository main branch. this allows for the commit hashes to line up | |
| - name: Checkout | |
| uses: actions/checkout@v3 | |
| - name: Git Log | |
| run: git log | |
| # The following commands to clear previous PATHS and restore to defaults since we have to maintain the instance ourselves | |
| - name: Clean Previous Path | |
| run: | | |
| export PATH="" | |
| export PATH="/usr/local/bin:/usr/bin:/bin:/usr/sbin:/sbin" | |
| echo $PATH | |
| # Set up caching for conda env so that the workflow runs quickly after the first time | |
| - name: Setup Conda Caching | |
| uses: actions/cache@v3 | |
| with: | |
| path: ~/conda_pkgs_dir | |
| key: conda-macos-3-9-${{ hashFiles('build/conda/conda-3-9-env.yaml') }} | |
| # Set up miniconda using the environment yaml file within the repo | |
| - name: Setup Miniconda | |
| uses: conda-incubator/[email protected] | |
| with: | |
| miniconda-version: "latest" | |
| auto-update-conda: true | |
| channels: conda-forge,defaults | |
| show-channel-urls: true | |
| channel-priority: flexible | |
| environment-file: build/conda/conda-3-9-env.yaml | |
| activate-environment: obb | |
| auto-activate-base: false | |
| use-only-tar-bz2: true # Needed for caching some reason | |
| - name: Install Dependencies | |
| shell: bash -l {0} | |
| run: | | |
| conda info | |
| pip list | |
| build/conda/cleanup_artifacts.sh | |
| poetry install -E all -E installer | |
| pip uninstall papermill -y | |
| pip install git+https://github.com/nteract/papermill.git@main | |
| pip list | |
| - name: Build Bundle | |
| run: build/pyinstaller/build4mac.sh | |
| shell: bash -l {0} | |
| - name: Creating Application Keychain | |
| env: | |
| MACOS_CERTIFICATE: ${{ secrets.MACOS_CERTIFICATE }} | |
| MACOS_CERTIFICATE_PWD: ${{ secrets.MACOS_CERTIFICATE_PWD }} | |
| MACOS_KEYCHAIN_PWD: ${{ secrets.MACOS_KEYCHAIN_PWD }} | |
| MACOS_CODESIGN_IDENTITY: ${{ secrets.MACOS_CODESIGN_IDENTITY }} | |
| run: | |
| | # when pushing to main, make to generate new cert, and utilize secrets to store new password, and identity | |
| echo "Ensuring Keychain with same name does not exist" | |
| rm -rf /Users/openbb/Library/Keychains/build.keychain-db | |
| echo "Decoding certificate" | |
| echo $MACOS_CERTIFICATE | base64 --decode > certificate.p12 | |
| echo "Creating Keychain" | |
| security create-keychain -p $MACOS_KEYCHAIN_PWD build.keychain | |
| echo "Setting Default Keychain" | |
| security default-keychain -s build.keychain | |
| echo "Unlocking Keychain" | |
| security unlock-keychain -p $MACOS_KEYCHAIN_PWD build.keychain | |
| echo "Importing Keychain" | |
| security import certificate.p12 -k build.keychain -P $MACOS_CERTIFICATE_PWD -T /usr/bin/codesign | |
| echo "Setting Partition List" | |
| security set-key-partition-list -S apple-tool:,apple:,codesign: -s -k $MACOS_KEYCHAIN_PWD build.keychain | |
| - name: Create Signed Package | |
| env: | |
| APPLE_DEVELOPER_CERTIFICATE_ID: ${{ secrets.MACOS_INSTALLER_CODESIGN_IDENTITY }} | |
| MACOS_CERTIFICATE_PWD: ${{ secrets.MACOS_CERTIFICATE_PWD }} | |
| MACOS_KEYCHAIN_PWD: ${{ secrets.MACOS_KEYCHAIN_PWD }} | |
| MACOS_INSTALLER_KEYCHAIN_PWD: ${{ secrets.MACOS_INSTALLER_KEYCHAIN_PWD }} | |
| APPLE_SIGNING_IDENTITY: ${{ secrets.MACOS_CODESIGN_IDENTITY }} | |
| run: | | |
| security unlock-keychain -p $MACOS_INSTALLER_KEYCHAIN_PWD install.keychain | |
| build/pyinstaller/macOS/build-macos.sh OpenBBTerminal 0.0.1 | |
| mv build/pyinstaller/macOS/target/pkg/OpenBBTerminalM1.pkg OpenBBTerminal.pkg | |
| shell: bash -l {0} | |
| - name: Deleting Previous Keychain | |
| run: | | |
| echo "Deleting Previous Keychain to Clean Instance" | |
| rm -rf /Users/openbb/Library/Keychains/build.keychain-db | |
| - name: Clean up Build Artifacts | |
| run: | | |
| rm -rf build/terminal | |
| rm -rf dist | |
| rm -rf DMG | |
| - name: Notorize DMG | |
| env: | |
| NOTARIZE_APPLE_ID: ${{ secrets.NOTARIZE_APPLE_ID }} | |
| NOTARIZE_APPLE_PWD: ${{ secrets.NOTARIZE_APPLE_PWD }} | |
| NOTARIZE_APPLE_TEAM_ID: ${{ secrets.NOTARIZE_APPLE_TEAM_ID }} | |
| run: | | |
| xcrun notarytool submit OpenBBTerminal.pkg --apple-id "$NOTARIZE_APPLE_ID" --password "$NOTARIZE_APPLE_PWD" --team-id "$NOTARIZE_APPLE_TEAM_ID" --wait | |
| - name: Staple | |
| run: | | |
| xcrun stapler staple OpenBBTerminal.pkg | |
| - name: Clean up Build Artifacts | |
| run: | | |
| rm -rf build/terminal | |
| rm -rf dist | |
| rm -rf DMG | |
| - name: Save Build Artifact PKG | |
| uses: actions/upload-artifact@v3 | |
| with: | |
| name: OpenBBIntel.pkg | |
| path: OpenBBTerminal.pkg | |
| - name: Get contents from PkgUtil | |
| run: | | |
| pkgutil --expand-full OpenBBTerminal.pkg extract/ | |
| rm -rf OpenBBTerminal.pkg | |
| - name: Remove OpenBB Folder | |
| run: | | |
| rm -rf /Users/openbb/Desktop/OpenBB\ Terminal | |
| rm -rf ~/Desktop/OPENBB-exports | |
| rm -rf extract/ |