Run PyPI deployment only if password is given #534

Workflow file for this run

.github/workflows/package.yml at 3b20cb2

	name: Package and release

	on:
	push:
	paths:
	- '.github/workflows/package.yml'
	- '.github/workflows/pypi-release.yml'
	- 'installer/**'
	- 'picard/**'
	- 'po/**.po'
	- 'resources/win10/**'
	- 'scripts/package/*'
	- 'scripts/pyinstaller/*'
	- 'test/**'
	- 'appxmanifest.xml.in'
	- 'picard.icns'
	- 'picard.ico'
	- 'picard.spec'
	- 'requirements*.txt'
	- 'setup.py'
	- 'tagger.py.in'
	- 'win.version-info.txt.in'
	pull_request:

	jobs:
	package-macos:
	runs-on: macos-11
	strategy:
	matrix:
	setup:
	- macos-deployment-version: 10.12
	python-version: 3.9.12-macosx10.9
	python-sha256sum: 7888174c6fe441b00448c7ab3e9cbf0e6c3c7dea0750577baf09e1383fc44656
	- macos-deployment-version: 10.14
	python-version: 3.11.1-macos11
	python-sha256sum: f4de33ad3ef09c3e31196b296aec761eabab4564fc8c25e50ea99edd01969819
	env:
	DISCID_VERSION: 0.6.3
	DISCID_SHA256SUM: 8bca27e2f621c7813a6a9951fd573b31754a6fb51551a373c1acea1aa188adeb
	FPCALC_VERSION: 1.5.1
	FPCALC_SHA256SUM: d4d8faff4b5f7c558d9be053da47804f9501eaa6c2f87906a9f040f38d61c860
	PYTHON_VERSION: ${{ matrix.setup.python-version }}
	PYTHON_SHA256SUM: ${{ matrix.setup.python-sha256sum }}
	MACOSX_DEPLOYMENT_TARGET: ${{ matrix.setup.macos-deployment-version }}
	CODESIGN: 0
	steps:
	- uses: actions/checkout@v3
	with:
	fetch-depth: 0 # Fetch entire history, needed for setting the build number
	- run: git fetch --depth=1 origin +refs/tags/release-:refs/tags/release-
	- name: Setup macOS build environment
	run: \|
	./scripts/package/macos-setup.sh
	PYTHON_BASE_VERSION=$(echo $PYTHON_VERSION \| sed -e "s/\.[0-9]\{1,\}$//")
	echo "/Library/Frameworks/Python.framework/Versions/$PYTHON_BASE_VERSION/bin" >> $GITHUB_PATH
	echo "/usr/local/opt/gettext/bin" >> $GITHUB_PATH
	RELEASE_TAG=$(git describe --match "release-*" --abbrev=0 --always HEAD)
	BUILD_NUMBER=$(git rev-list --count $RELEASE_TAG..HEAD)
	echo "BUILD_NUMBER=$BUILD_NUMBER" >> $GITHUB_ENV
	mkdir artifacts
	python3 -m pip install --upgrade pip setuptools wheel
	- name: Patch build version
	if: startsWith(github.ref, 'refs/tags/') != true
	run: \|
	python3 setup.py patch_version --platform=$BUILD_NUMBER.$(git rev-parse --short HEAD)
	- name: Compile and install PyInstaller
	run: \|
	git clone --depth 1 --branch "$PYINSTALLER_VERSION" https://github.com/pyinstaller/pyinstaller.git pyinstaller
	cd pyinstaller/bootloader
	python3 ./waf --verbose all
	cd ..
	pip3 install .
	env:
	PYINSTALLER_VERSION: v5.12.0
	CFLAGS: -mmacosx-version-min=${{ matrix.setup.macos-deployment-version }}
	CPPFLAGS: -mmacosx-version-min=${{ matrix.setup.macos-deployment-version }}
	LDFLAGS: -mmacosx-version-min=${{ matrix.setup.macos-deployment-version }}
	LINKFLAGS: -mmacosx-version-min=${{ matrix.setup.macos-deployment-version }}
	- name: Install patched mutagen
	run: \|
	mkdir -p build
	cd build
	git clone -b release-1.46-picard --single-branch --depth 1 https://github.com/phw/mutagen.git
	cd mutagen
	pip3 install .
	- name: Install dependencies
	run: \|
	pip3 install -r requirements-build.txt
	pip3 install -r requirements-macos-${MACOSX_DEPLOYMENT_TARGET}.txt
	- name: Run tests
	timeout-minutes: 30
	run: \|
	python3 setup.py test
	- name: Prepare code signing certificate
	run: \|
	if [ -n "$CODESIGN_MACOS_P12_URL" ] && [ -n "$AWS_ACCESS_KEY_ID" ]; then
	pip3 install awscli
	aws s3 cp "$CODESIGN_MACOS_P12_URL" ./scripts/package/appledev.p12
	else
	echo "::warning::No code signing certificate available, skipping code signing."
	fi
	env:
	AWS_DEFAULT_REGION: eu-central-1
	AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
	AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
	CODESIGN_MACOS_P12_URL: ${{ secrets.CODESIGN_MACOS_P12_URL }}
	- name: Build macOS app
	run: \|
	./scripts/package/macos-package-app.sh
	rm -f ./scripts/package/appledev.p12
	mv dist/*.dmg artifacts/
	env:
	APPLE_ID_USER: ${{ secrets.APPLE_ID_USER }}
	APPLE_ID_TEAM: ${{ secrets.APPLE_ID_TEAM }}
	APPLE_ID_PASSWORD: ${{ secrets.APPLE_ID_PASSWORD }}
	CODESIGN_MACOS_P12_PASSWORD: ${{ secrets.CODESIGN_MACOS_P12_PASSWORD }}
	- name: Archive production artifacts
	uses: actions/upload-artifact@v3
	with:
	name: macos-app-${{ matrix.setup.macos-deployment-version }}
	path: artifacts/

	package-windows:
	runs-on: windows-2019
	strategy:
	matrix:
	type:
	- store-app
	- signed-app
	- installer
	- portable
	fail-fast: false
	env:
	CODESIGN: 0
	steps:
	- uses: actions/checkout@v3
	with:
	fetch-depth: 0 # Fetch entire history, needed for setting the build number
	- run: git fetch --depth=1 origin +refs/tags/release-:refs/tags/release-
	- name: Set up Python 3.8
	uses: actions/setup-python@v4
	with:
	python-version: 3.8
	- name: Setup Windows build environment
	run: \|
	& .\scripts\package\win-setup.ps1 `
	-DiscidVersion $Env:DISCID_VERSION -DiscidSha256Sum $Env:DISCID_SHA256SUM `
	-FpcalcVersion $Env:FPCALC_VERSION -FpcalcSha256Sum $Env:FPCALC_SHA256SUM
	Write-Output "C:\Program Files (x86)\Windows Kits\10\bin\10.0.18362.0\x64" \| Out-File -FilePath $env:GITHUB_PATH -Encoding utf8
	$ReleaseTag = $(git describe --match "release-*" --abbrev=0 --always HEAD)
	$BuildNumber = $(git rev-list --count "$ReleaseTag..HEAD")
	Write-Output "BUILD_NUMBER=$BuildNumber" \| Out-File -FilePath $env:GITHUB_ENV -Encoding utf8
	New-Item -Name .\artifacts -ItemType Directory
	env:
	DISCID_VERSION: 0.6.3
	DISCID_SHA256SUM: c9486ece9796584a5ce5cf49efe88ada4454c24fa6f028c8bde1aaef28e99853
	FPCALC_VERSION: 1.5.1
	FPCALC_SHA256SUM: 36b478e16aa69f757f376645db0d436073a42c0097b6bb2677109e7835b59bbc
	- name: Install patched mutagen
	run: \|
	New-Item -Name .\build -ItemType Directory -Force
	cd build
	git clone -b release-1.46-picard --single-branch --depth 1 https://github.com/phw/mutagen.git
	cd mutagen
	pip install .
	- name: Install dependencies
	run: \|
	python -m pip install --upgrade pip
	pip install -r requirements-build.txt
	pip install -r requirements-win.txt
	- name: Patch build version
	if: startsWith(github.ref, 'refs/tags/') != true
	run: \|
	python setup.py patch_version --platform=$Env:BUILD_NUMBER.$(git rev-parse --short HEAD)
	- name: Run tests
	timeout-minutes: 30
	run: python setup.py test
	- name: Prepare code signing certificate
	if: matrix.type != 'store-app'
	run: \|
	If ($Env:CODESIGN_P12_URL -And $Env:AWS_ACCESS_KEY_ID) {
	pip install awscli
	aws s3 cp "$Env:CODESIGN_P12_URL" .\codesign.pfx
	Write-Output "CODESIGN=1" \| Out-File -FilePath $env:GITHUB_ENV -Encoding utf8
	} Else {
	Write-Output "::warning::No code signing certificate available, skipping code signing."
	}
	env:
	AWS_DEFAULT_REGION: eu-central-1
	AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
	AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
	CODESIGN_P12_URL: ${{ secrets.CODESIGN_P12_URL }}
	- name: Build Windows 10 store app package
	if: matrix.type == 'store-app'
	run: \|
	& .\scripts\package\win-package-appx.ps1 -BuildNumber $Env:BUILD_NUMBER
	Move-Item .\dist\*.msix .\artifacts
	env:
	PICARD_APPX_PUBLISHER: CN=0A9169B7-05A3-4ED9-8876-830F17846709
	- name: Build Windows 10 signed app package
	if: matrix.type == 'signed-app' && env.CODESIGN == '1'
	run: \|
	$CertPassword = ConvertTo-SecureString -String $Env:CODESIGN_P12_PASSWORD -Force -AsPlainText
	& .\scripts\package\win-package-appx.ps1 -BuildNumber $Env:BUILD_NUMBER -CertificateFile .\codesign.pfx -CertificatePassword $CertPassword
	Move-Item .\dist\*.msix .\artifacts
	env:
	CODESIGN_P12_PASSWORD: ${{ secrets.CODESIGN_P12_PASSWORD }}
	- name: Build Windows installer
	if: matrix.type == 'installer'
	run: \|
	# choco install nsis
	If ($Env:CODESIGN) {
	$CertPassword = ConvertTo-SecureString -String $Env:CODESIGN_P12_PASSWORD -Force -AsPlainText
	$Certificate = Get-PfxCertificate -FilePath .\codesign.pfx -Password $CertPassword
	} Else {
	$Certificate = $null
	}
	& .\scripts\package\win-package-installer.ps1 -BuildNumber $Env:BUILD_NUMBER -Certificate $Certificate
	Move-Item .\installer\*.exe .\artifacts
	dist\picard\fpcalc -version
	env:
	CODESIGN_P12_PASSWORD: ${{ secrets.CODESIGN_P12_PASSWORD }}
	- name: Build Windows portable app
	if: matrix.type == 'portable'
	run: \|
	If ($Env:CODESIGN) {
	$CertPassword = ConvertTo-SecureString -String $Env:CODESIGN_P12_PASSWORD -Force -AsPlainText
	$Certificate = Get-PfxCertificate -FilePath .\codesign.pfx -Password $CertPassword
	} Else {
	$Certificate = $null
	}
	& .\scripts\package\win-package-portable.ps1 -BuildNumber $Env:BUILD_NUMBER -Certificate $Certificate
	Move-Item .\dist\*.exe .\artifacts
	env:
	CODESIGN_P12_PASSWORD: ${{ secrets.CODESIGN_P12_PASSWORD }}
	- name: Cleanup
	if: env.CODESIGN == '1'
	run: Remove-Item .\codesign.pfx
	- name: Archive production artifacts
	uses: actions/upload-artifact@v3
	if: matrix.type != 'signed-app' \|\| env.CODESIGN == '1'
	with:
	name: windows-${{ matrix.type }}
	path: artifacts/

	package-pypi:
	uses: ./.github/workflows/pypi-release.yml
	secrets: inherit

	github-release:
	runs-on: ubuntu-latest
	if: startsWith(github.ref, 'refs/tags/')
	needs:
	- package-macos
	- package-windows
	- package-pypi
	steps:
	- uses: actions/checkout@v3
	- uses: actions/setup-python@v4
	with:
	python-version: 3.9
	- uses: actions/download-artifact@v3
	with:
	name: macos-app-10.12
	path: artifacts/
	- uses: actions/download-artifact@v3
	with:
	name: macos-app-10.14
	path: artifacts/
	- uses: actions/download-artifact@v3
	with:
	name: windows-signed-app
	path: artifacts/
	- uses: actions/download-artifact@v3
	with:
	name: windows-store-app
	path: artifacts/
	- uses: actions/download-artifact@v3
	with:
	name: windows-installer
	path: artifacts/
	- uses: actions/download-artifact@v3
	with:
	name: windows-portable
	path: artifacts/
	- uses: actions/download-artifact@v3
	with:
	name: picard-sdist
	path: artifacts/
	- name: Generate checksums
	run: \|
	cd artifacts
	sha256sum * > SHA256SUMS
	- name: Prepare changelog
	id: changelog
	continue-on-error: true
	run: \|
	PICARD_VERSION=$(python -c "import picard; print(picard.__version__)")
	echo "version=$PICARD_VERSION" >> $GITHUB_OUTPUT
	./scripts/tools/changelog-for-version.py $PICARD_VERSION > changes-$PICARD_VERSION.txt
	- name: Create release
	uses: softprops/action-gh-release@v1
	with:
	name: MusicBrainz Picard ${{ steps.changelog.outputs.version }}
	body_path: changes-${{ steps.changelog.outputs.version }}.txt
	files: artifacts/*
	env:
	GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Run PyPI deployment only if password is given #534

Workflow file

Run PyPI deployment only if password is given #534

Jobs

Run details

Workflow file for this run