feat: add codesign for macos

hiento09 · hiento09 · commit 65e48cd98b7f · 2024-12-06T15:24:03.000+07:00
diff --git a/.github/workflows/python-package.yml b/.github/workflows/python-package.yml
@@ -2,7 +2,7 @@ name: Build and Package Python Library
 
 on:
   push:
-    branches: [ feat/python-package-ci ]
+    branches: [ feat/codesign-python-package ]
   workflow_dispatch:
     inputs:
       model_dir:
@@ -25,9 +25,9 @@ jobs:
       fail-fast: false
       matrix:
         include:
-          - os: "linux"
-            name: "amd64"
-            runs-on: "ubuntu-20-04-cuda-12-0"
+          # - os: "linux"
+          #   name: "amd64"
+          #   runs-on: "ubuntu-20-04-cuda-12-0"
           - os: "mac"
             name: "amd64"
             runs-on: "macos-selfhosted-12"
@@ -46,81 +46,56 @@ jobs:
           repository: janhq/models
           ref: "feat/ci-python-models"
 
-    #   - name: Install Miniconda on Linux
-    #     if: runner.os == 'Linux'
-    #     run: |
-    #         wget https://repo.anaconda.com/miniconda/Miniconda3-latest-Linux-x86_64.sh -O miniconda.sh
-    #         bash miniconda.sh -b -p $HOME/miniconda
-    #         echo "$HOME/miniconda/bin" >> $GITHUB_PATH
-    
-    #   - name: Install Miniconda on macOS
-    #     if: runner.os == 'macOS'
-    #     run: |
-    #         if [ "$(uname -m)" = "arm64" ]; then
-    #           echo "Running on macOS ARM"
-    #           MINICONDA_URL="https://repo.anaconda.com/miniconda/Miniconda3-latest-MacOSX-arm64.sh"
-    #         else
-    #           echo "Running on macOS Intel"
-    #           MINICONDA_URL="https://repo.anaconda.com/miniconda/Miniconda3-latest-MacOSX-x86_64.sh"
-    #         fi
-    #         echo "Downloading Miniconda from $MINICONDA_URL"
-    #         curl -L $MINICONDA_URL -o miniconda.sh
-    #         bash miniconda.sh -b -p $HOME/miniconda
-    #         echo "$HOME/miniconda/bin" >> $GITHUB_PATH
-    
-    #   - name: Install Miniconda on Windows
-    #     if: runner.os == 'Windows'
-    #     shell: pwsh
-    #     run: |
-    #         $minicondaUrl = 'https://repo.anaconda.com/miniconda/Miniconda3-latest-Windows-x86_64.exe'
-    #         Invoke-WebRequest -Uri $minicondaUrl -OutFile miniconda.exe
-    #         Start-Process -FilePath miniconda.exe -ArgumentList '/InstallationType=JustMe', '/AddToPath=1', '/RegisterPython=0', '/S', ('/D=Miniconda3') -Wait
-    #         echo "$env:USERPROFILE\\Miniconda3" >> $GITHUB_PATH
+      - uses: conda-incubator/setup-miniconda@v3
+        with:
+          auto-update-conda: true
+          python-version: 3.11
+
       - name: Install dependencies Windows
         if: runner.os == 'windows'
         run: |
-                Miniconda\_conda.exe init
-                conda create -y -n ${{env.MODEL_NAME}} python=3.11
-                
-                conda activate ${{env.MODEL_NAME}}
-                python -m pip install --upgrade pip
-                python -m pip install -r ${{env.MODEL_DIR}}/requirements.cuda.txt
+          conda create -y -n ${{env.MODEL_NAME}} python=3.11
+          source $HOME/miniconda/bin/activate base
+          conda init
+          conda activate ${{env.MODEL_NAME}}
+          python -m pip install --upgrade pip
+          python -m pip install -r ${{env.MODEL_DIR}}/requirements.cuda.txt
 
       - name: Install dependencies Linux
         if: runner.os == 'linux'
         run: |
-            export PATH=$PATH:$HOME/miniconda/bin/ 
-            conda init 
-            conda create -y -n ${{env.MODEL_NAME}} python=3.11
-            source $HOME/miniconda/bin/activate base
-            conda activate ${{env.MODEL_NAME}}
-            python -m pip install --upgrade pip
-            python -m pip install -r ${{env.MODEL_DIR}}/requirements.cuda.txt
+          conda create -y -n ${{env.MODEL_NAME}} python=3.11
+          source $HOME/miniconda/bin/activate base
+          conda init
+          conda activate ${{env.MODEL_NAME}}
+          python -m pip install --upgrade pip
+          python -m pip install -r ${{env.MODEL_DIR}}/requirements.cuda.txt
     
       - name: Install dependencies Mac
         if: runner.os == 'macOS'
         run: |
-            export PATH=$PATH:$HOME/miniconda/bin/ 
-            conda init
-            conda create -y -n ${{env.MODEL_NAME}} python=3.11
-            source $HOME/miniconda/bin/activate base
-            conda activate ${{env.MODEL_NAME}}
-            python -m pip install --upgrade pip
-            python -m pip install -r ${{env.MODEL_DIR}}/requirements.txt
+          conda create -y -n ${{env.MODEL_NAME}} python=3.11
+          source $HOME/miniconda/bin/activate base
+          conda init
+          conda activate ${{env.MODEL_NAME}}
+          python -m pip install --upgrade pip
+          python -m pip install -r ${{env.MODEL_DIR}}/requirements.txt
 
       - name: prepare python package windows
         if : runner.os == 'windows'
         shell: cmd
         run: |
+            source $HOME/miniconda/bin/activate base
+            conda init
             conda activate ${{env.MODEL_NAME}}
             for /f "delims=" %%a in ('where python') do set "PYTHON_PATH=%%a"
             echo %PYTHON_PATH%
             
       - name: prepare python package unix
         if : runner.os != 'windows'
         run: |
-            export PATH=$PATH:$HOME/miniconda/bin/ 
             source $HOME/miniconda/bin/activate base
+            conda init
             conda activate ${{env.MODEL_NAME}}
             PYTHON_PATH=$(which python)
             echo $PYTHON_PATH
@@ -133,4 +108,41 @@ jobs:
         uses: actions/upload-artifact@v4
         with:
             name: ${{env.MODEL_NAME}}-${{ matrix.os }}-${{ matrix.name }}
-            path: ${{env.PYTHON_FOLDER}}
+            path: ${{env.PYTHON_FOLDER}}
+
+  codesign:
+    runs-on: macos-latest
+    needs: build-and-test
+    steps:
+      - name: checkout
+        uses: actions/checkout@v3
+      - uses: apple-actions/import-codesign-certs@v2
+        continue-on-error: true
+        with:
+          p12-file-base64: ${{ secrets.CODE_SIGN_P12_BASE64 }}
+          p12-password: ${{ secrets.CODE_SIGN_P12_PASSWORD }}
+      - name: Download Artifact
+        uses: actions/download-artifact@v4
+        with:
+          name: ${{env.MODEL_NAME}}-mac-amd64
+          path: ${{env.MODEL_NAME}}-mac-amd64
+      - name: Download Artifact
+        uses: actions/download-artifact@v4
+        with:
+          name: ${{env.MODEL_NAME}}-mac-arm64
+          path: ${{env.MODEL_NAME}}-mac-arm64
+
+      - run: |
+          find "${{env.MODEL_NAME}}-mac-amd64" \( -type f \) -exec codesign --force --entitlements="./engine/templates/macos/entitlements.plist" -s "${{ secrets.DEVELOPER_ID }}" --options=runtime {} \;
+          find "${{env.MODEL_NAME}}-mac-arm64" \( -type f \) -exec codesign --force --entitlements="./engine/templates/macos/entitlements.plist" -s "${{ secrets.DEVELOPER_ID }}" --options=runtime {} \;
+      
+      - name: Upload Artifact
+        uses: actions/upload-artifact@v4
+        with:
+          name: ${{env.MODEL_NAME}}-mac-amd64-signed
+          path: ${{env.MODEL_NAME}}-mac-amd64
+      - name: Upload Artifact
+        uses: actions/upload-artifact@v4
+        with:
+          name: ${{env.MODEL_NAME}}-mac-arm64-signed
+          path: ${{env.MODEL_NAME}}-mac-arm64
