Merge pull request #8 from Atlinx/feat/_add-github-actions

Add Github Actions build workflow

Author: Portponky

.github/actions/build/action.yml

@@ -0,0 +1,120 @@
+name: GDExtension Build
+description: Build GDExtension
+
+inputs:
+  platform:
+    required: true
+    description: Target platform.
+  arch:
+    required: true
+    description: Target architecture.
+  float-precision:
+    default: 'single'
+    description: Float precision (single or double).
+  build-target-type:
+    default: 'template_debug'
+    description: Build type (template_debug or template_release).
+  scons-cache:
+    default: .scons-cache/
+    description: Scons cache location.
+  em_version:
+    default: 3.1.39
+    description: Emscripten version.
+  em_cache_folder:
+    default: emsdk-cache
+    description: Emscripten cache folder.
+
+runs:
+  using: composite
+  steps:
+# Android only
+    - name: Android - Set up Java 17
+      uses: actions/setup-java@v4
+      if: ${{ inputs.platform == 'android' }}
+      with:
+        distribution: temurin
+        java-version: 17
+
+    - name: Android - Remove existing Android SDK, and set up ENV vars
+      if: ${{ inputs.platform == 'android' }}
+      shell: sh
+      run: |
+        sudo rm -r /usr/local/lib/android/sdk/**
+        export ANDROID_HOME=/usr/local/lib/android/sdk
+        export ANDROID_SDK_ROOT=$ANDROID_HOME
+        export ANDROID_NDK_VERSION=23.2.8568313
+        export ANDROID_NDK_ROOT=${ANDROID_SDK_ROOT}/ndk/${ANDROID_NDK_VERSION}
+        echo "ANDROID_HOME=$ANDROID_HOME" >> "$GITHUB_ENV"
+        echo "ANDROID_SDK_ROOT=$ANDROID_SDK_ROOT" >> "$GITHUB_ENV"
+        echo "ANDROID_NDK_VERSION=$ANDROID_NDK_VERSION" >> "$GITHUB_ENV"
+        echo "ANDROID_NDK_ROOT=$ANDROID_NDK_ROOT" >> "$GITHUB_ENV"
+
+    - name: Android - Set up Android SDK
+      if: ${{ inputs.platform == 'android' }}
+      uses: android-actions/setup-android@v3
+      with:
+        packages: "ndk;${{ env.ANDROID_NDK_VERSION }} cmdline-tools;latest build-tools;34.0.0 platforms;android-34 cmake;3.22.1"
+# Linux only
+    - name: Linux - dependencies
+      if: ${{ inputs.platform == 'linux' }}
+      shell: sh
+      run: |
+        sudo apt-get update -qq
+        sudo apt-get install -qqq build-essential pkg-config
+# Web only
+    - name: Web - Set up Emscripten latest
+      if: ${{ inputs.platform == 'web' }}
+      uses: mymindstorm/setup-emsdk@v13
+      with:
+        version: ${{ inputs.em_version }}
+        actions-cache-folder: ${{ inputs.em_cache_folder }}.${{ inputs.float-precision }}.${{ inputs.build-target-type }}
+    - name: Web - Verify Emscripten setup
+      if: ${{ inputs.platform == 'web' }}
+      shell: sh
+      run: |
+        emcc -v
+# Windows only
+    - name: Windows - Setup MinGW for Windows/MinGW build
+      uses: egor-tensin/setup-mingw@v2
+      if: ${{ inputs.platform == 'windows' }}
+      with:
+        version: 12.2.0
+# Dependencies of godot
+    # Use python 3.x release (works cross platform)
+    - name: Set up Python 3.x
+      uses: actions/setup-python@v5
+      with:
+        # Semantic version range syntax or exact version of a Python version
+        python-version: "3.x"
+        # Optional - x64 or x86 architecture, defaults to x64
+        architecture: "x64"
+    - name: Setup scons
+      shell: bash
+      run: |
+        python -c "import sys; print(sys.version)"
+        python -m pip install scons==4.4.0
+        scons --version
+# Build
+    - name: Cache .scons_cache
+      uses: actions/cache@v4
+      with:
+        path: |
+          ${{ github.workspace }}/${{ inputs.gdextension-location }}/${{ inputs.scons-cache }}/
+          ${{ github.workspace }}/${{ inputs.godot-cpp }}/${{ inputs.scons-cache }}/
+        key: ${{ inputs.platform }}_${{ inputs.arch }}_${{ inputs.float-precision }}_${{ inputs.build-target-type }}_cache
+# Build godot-cpp
+    - name: Build godot-cpp Debug Build
+      shell: sh
+      env:
+        SCONS_CACHE: ${{ github.workspace }}/${{ inputs.godot-cpp }}/${{ inputs.scons-cache }}/
+      run: |
+        scons target=${{ inputs.build-target-type }} platform=${{ inputs.platform }} arch=${{ inputs.arch }} generate_bindings=yes precision=${{ inputs.float-precision }}
+      working-directory: ${{ inputs.godot-cpp }}
+# Build gdextension
+    - name: Build GDExtension Debug Build
+      shell: sh
+      env:
+        SCONS_CACHE: ${{ github.workspace }}/${{ inputs.gdextension-location }}/${{ inputs.scons-cache }}/
+      run: |
+        scons target=${{ inputs.build-target-type }} platform=${{ inputs.platform }} arch=${{ inputs.arch }} precision=${{ inputs.float-precision }} production=yes
+      working-directory: ${{ inputs.gdextension-location }}

.github/actions/sign/action.yml

@@ -0,0 +1,177 @@
+# This file incorporates work covered by the following copyright and permission notice:  
+# 
+#     Copyright (c) Mikael Hermansson and Godot Jolt contributors.
+#     Copyright (c) Dragos Daian.
+# 
+#     Permission is hereby granted, free of charge, to any person obtaining a copy of
+#     this software and associated documentation files (the "Software"), to deal in
+#     the Software without restriction, including without limitation the rights to
+#     use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of
+#     the Software, and to permit persons to whom the Software is furnished to do so,
+#     subject to the following conditions:
+# 
+#     The above copyright notice and this permission notice shall be included in all
+#     copies or substantial portions of the Software.
+# 
+#     THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+#     IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS
+#     FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR
+#     COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER
+#     IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
+#     CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+
+name: GDExtension Sign
+description: Sign Mac GDExtension
+
+inputs:
+  FRAMEWORK_PATH:
+    description: The path of the artifact. Eg. bin/addons/my_addon/bin/libmy_addon.macos.template_release.universal.framework
+    required: true
+  SIGN_FLAGS:
+    description: The extra flags to use. Eg. --deep
+    required: false
+  APPLE_CERT_BASE64:
+    required: true
+    description: Base64 file from p12 certificate.
+  APPLE_CERT_PASSWORD:
+    required: true
+    description: Password set when creating p12 certificate from .cer certificate.
+  APPLE_DEV_PASSWORD:
+    required: true
+    description: Apple App-Specific Password. Eg. abcd-abcd-abcd-abcd
+  APPLE_DEV_ID:
+    required: true
+    description: Email used for Apple Id. Eg. email@provider.com
+  APPLE_DEV_TEAM_ID:
+    required: true
+    description: Apple Team Id. Eg. 1ABCD23EFG
+  APPLE_DEV_APP_ID:
+    required: true
+    description: |
+      Certificate name from get info -> Common name . Eg. Developer ID Application: Common Name (1ABCD23EFG)
+outputs:
+  zip_path:
+    value: ${{ steps.sign.outputs.path }}
+
+
+runs:
+  using: composite
+  steps:
+  - name: Sign
+    id: sign
+    shell: pwsh
+    run: |
+      #!/usr/bin/env pwsh
+
+      # Copyright (c) Mikael Hermansson and Godot Jolt contributors.
+
+      # Permission is hereby granted, free of charge, to any person obtaining a copy of
+      # this software and associated documentation files (the "Software"), to deal in
+      # the Software without restriction, including without limitation the rights to
+      # use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of
+      # the Software, and to permit persons to whom the Software is furnished to do so,
+      # subject to the following conditions:
+
+      # The above copyright notice and this permission notice shall be included in all
+      # copies or substantial portions of the Software.
+
+      # THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+      # IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS
+      # FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR
+      # COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER
+      # IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
+      # CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+
+      # Taken from https://github.com/godot-jolt/godot-jolt/blob/master/scripts/ci_sign_macos.ps1
+
+      Set-StrictMode -Version Latest
+      $ErrorActionPreference = "Stop"
+
+      $CodesignPath = Get-Command codesign | Resolve-Path
+
+      $CertificateBase64 = "${{inputs.APPLE_CERT_BASE64}}"
+      $CertificatePassword = "${{inputs.APPLE_CERT_PASSWORD}}"
+      $CertificatePath = [IO.Path]::ChangeExtension((New-TemporaryFile), "p12")
+
+      $Keychain = "ephemeral.keychain"
+      $KeychainPassword = (New-Guid).ToString().Replace("-", "")
+
+      $DevId = "${{ inputs.APPLE_DEV_ID }}"
+      $DevTeamId = "${{ inputs.APPLE_DEV_TEAM_ID }}"
+      $DevPassword = "${{ inputs.APPLE_DEV_PASSWORD }}"
+      $DeveloperIdApplication = "${{ inputs.APPLE_DEV_APP_ID }}"
+
+      if (!$CertificateBase64) { throw "No certificate provided" }
+      if (!$CertificatePassword) { throw "No certificate password provided" }
+      if (!$DevId) { throw "No Apple Developer ID provided" }
+      if (!$DeveloperIdApplication) { throw "No Apple Developer ID Application provided" }
+      if (!$DevTeamId) { throw "No Apple Team ID provided" }
+      if (!$DevPassword) { throw "No Apple Developer password provided" }
+
+      Write-Output "Decoding certificate..."
+
+      $Certificate = [Convert]::FromBase64String($CertificateBase64)
+
+      Write-Output "Writing certificate to disk..."
+
+      [IO.File]::WriteAllBytes($CertificatePath, $Certificate)
+
+      Write-Output "Creating keychain..."
+
+      security create-keychain -p $KeychainPassword $Keychain
+
+      Write-Output "Setting keychain as default..."
+
+      security default-keychain -s $Keychain
+
+      Write-Output "Importing certificate into keychain..."
+      security import $CertificatePath `
+        -k ~/Library/Keychains/$Keychain `
+        -P $CertificatePassword `
+        -T $CodesignPath
+      Write-Output "Check identities..."
+
+      security find-identity
+
+      Write-Output "Granting access to keychain..."
+
+      security set-key-partition-list -S "apple-tool:,apple:" -s -k $KeychainPassword $Keychain
+
+      $Framework = "${{ inputs.FRAMEWORK_PATH }}"
+      $SignFlags = "${{ inputs.SIGN_FLAGS }}"
+      $Archive = [IO.Path]::ChangeExtension((New-TemporaryFile), "zip")
+
+      Write-Output "Signing '$Framework'..."
+
+      & $CodesignPath --verify --timestamp --verbose "$SignFlags" --sign $DeveloperIdApplication "$Framework"
+
+      Write-Output "Verifying signing..."
+
+      & $CodesignPath --verify -dvvv "$Framework"
+
+      Get-ChildItem -Force -Recurse -Path "$Framework"
+
+      Write-Output "Archiving framework to '$Archive'..."
+
+      ditto -ck -rsrc --sequesterRsrc --keepParent "$Framework" "$Archive"
+
+      Write-Output "Submitting archive for notarization..."
+
+      $output = xcrun notarytool submit "$Archive" `
+        --apple-id $DevId `
+        --team-id $DevTeamId `
+        --password $DevPassword `
+        --wait
+      echo $output
+      $matches = $output -match '((\d|[a-z])+-(\d|[a-z])+-(\d|[a-z])+-(\d|[a-z])+-(\d|[a-z])+)'
+      if ($output) {
+        $id_res = $matches[0].Substring(6)
+      }
+      xcrun notarytool log $id_res `
+        --apple-id $DevId `
+        --team-id $DevTeamId `
+        --password $DevPassword `
+        developer_log.json
+      get-content developer_log.json
+
+      echo "path=$Archive" >> $env:GITHUB_OUTPUT