Skip to content

Clean up & sign release artifacts #422

Clean up & sign release artifacts

Clean up & sign release artifacts #422

Workflow file for this run

name: Build OpenFX libs and examples
permissions:
id-token: write
contents: write
actions: write
on:
push:
pull_request:
workflow_dispatch:
release:
types:
- published
jobs:
build:
name: '${{ matrix.name_prefix }} <config=${{ matrix.buildtype }}>'
# Avoid duplicated checks when a pull_request is opened from a local branch.
if: |
github.event_name == 'push' ||
github.event.pull_request.head.repo.full_name != github.repository
runs-on: ${{ matrix.os }}
container: ${{ matrix.container }}
env:
ACTIONS_ALLOW_USE_UNSECURE_NODE_VERSION: 'true'
ACTIONS_RUNNER_FORCE_ACTIONS_NODE_VERSION: node16
strategy:
fail-fast: false
matrix:
include:
# Github removed support for these older CentOS versions
# Nov 2024 by removing node16; all actions use node20 now
# which doesn't run on CentOS 7 due to too-old GLIBC.
# - name_prefix: Linux CentOS 7 VFX CY2021
# release_prefix: linux-vfx2021
# ostype: linux
# aswfdockerbuild: true
# os: ubuntu-latest
# container: aswf/ci-base:2021
# vfx-cy: 2021
# has_cmake_presets: false
# buildtype: Release
# conan_version: 2.1.0
# cxx-standard: 17
# cxx-compiler: clang++
# cc-compiler: clang
# compiler-desc: Clang
# checkout_version: 3
# cuda: false
# opencl: true
# - name_prefix: Linux CentOS 7 VFX CY2022
# release_prefix: linux-vfx2022
# ostype: linux
# aswfdockerbuild: true
# os: ubuntu-latest
# container: aswf/ci-base:2022
# vfx-cy: 2022
# has_cmake_presets: false
# buildtype: Release
# conan_version: 2.1.0
# cxx-standard: 17
# cxx-compiler: clang++
# cc-compiler: clang
# compiler-desc: Clang
# checkout_version: 3
# cuda: false
# opencl: true
- name_prefix: Linux Rocky 8 VFX CY2023
release_prefix: linux-vfx2023
ostype: linux
aswfdockerbuild: true
os: ubuntu-latest
container: aswf/ci-base:2023
vfx-cy: 2023
has_cmake_presets: false
buildtype: Release
conan_version: 2.1.0
cxx-standard: 17
cxx-compiler: clang++
cc-compiler: clang
compiler-desc: Clang
checkout_version: 4
cuda: false
opencl: true
- name_prefix: Linux Rocky 8 VFX CY2023 No OpenGL
release_prefix: linux-vfx2023-no-ogl
ostype: linux
aswfdockerbuild: true
os: ubuntu-latest
container: aswf/ci-base:2023
vfx-cy: 2023
has_cmake_presets: false
buildtype: Release
conan_version: 2.1.0
cxx-standard: 17
cxx-compiler: clang++
cc-compiler: clang
compiler-desc: Clang
checkout_version: 4
opengl: false
- name_prefix: Linux Ubuntu
release_prefix: linux-ubuntu
ostype: linux
aswfdockerbuild: false
os: ubuntu-latest
has_cmake_presets: true
buildtype: Release
conan_version: 2.1.0
cxx-standard: 17
cxx-compiler: clang++
cc-compiler: clang
compiler-desc: Clang
checkout_version: 4
cuda: true
opencl: true
- name_prefix: MacOS
release_prefix: mac
ostype: mac
os: macos-latest
has_cmake_presets: true
buildtype: Release
conan_version: 2.1.0
cxx-standard: 17
cxx-compiler: clang++
cc-compiler: clang
compiler-desc: Clang
checkout_version: 4
cuda: false
opencl: true
- name_prefix: Windows
release_prefix: windows
ostype: windows
os: windows-latest
has_cmake_presets: true
buildtype: Release
conan_version: 2.1.0
cxx-standard: 17
cxx-compiler: clang++
cc-compiler: clang
compiler-desc: Clang
checkout_version: 4
cuda: true
opencl: true
- name_prefix: Windows no CUDA
release_prefix: windows-no-cuda
ostype: windows
os: windows-latest
has_cmake_presets: true
buildtype: Release
conan_version: 2.0.16
cxx-standard: 17
cxx-compiler: clang++
cc-compiler: clang
compiler-desc: Clang
checkout_version: 4
cuda: false
opencl: false
defaults:
run:
shell: bash
steps:
- name: Checkout code (v4)
uses: actions/checkout@v4
if: matrix.checkout_version == 4
with:
clean: true
fetch-depth: 0
- name: Checkout code (v3)
uses: actions/checkout@v3
if: matrix.checkout_version == 3
with:
clean: true
fetch-depth: 0
- name: setup env vars
run: |
git config --global --add safe.directory $PWD # needed for checkout v3, doesn't hurt anyway
BUILDTYPE_LC=$(echo '${{ matrix.buildtype }}'|tr [:upper:] [:lower:])
echo "BUILDTYPE_LC=$BUILDTYPE_LC" >> $GITHUB_ENV
echo "OSNAME=$(echo '${{ matrix.os }}'|sed 's/-.*//')" >> $GITHUB_ENV
echo "GIT_COMMIT_ID=$(git rev-parse --short HEAD)" >> $GITHUB_ENV
echo "CONAN_PRESET=conan-$BUILDTYPE_LC" >> $GITHUB_ENV
echo "BUILD_DIR=build/${{ matrix.buildtype }}" >> $GITHUB_ENV
- name: Set RELEASE_NAME
# this looks like "linux-vfx2022-1.5[-no-opengl]"; used in filenames
run: |
RELEASE_PREFIX=${{ matrix.release_prefix }}
OPENGL_BUILD=${{ env.OPENGL_BUILD }}
if [ "${{ github.ref_type }}" == "tag" ]; then
REF_SUFFIX=$(echo "${{ github.ref_name }}" | sed 's/OFX_Release_//')
else
REF_SUFFIX=$(echo ${{ github.sha }} | cut -c1-8)
fi
echo "RELEASE_NAME=${RELEASE_PREFIX}-${REF_SUFFIX}${OPENGL_BUILD}" >> $GITHUB_ENV
- name: Set up python 3.11
uses: actions/setup-python@v5
if: matrix.ostype == 'mac'
with:
python-version: '3.11'
# Q: should we use uv everywhere?
# Unfortunately astral-sh/setup-uv action doesn't work on CentOS 7, its GLIBC is too old.
# BUT this CI build doesn't work on CentOS 7 anyway, due to recent github changes.
# Keep this uv code in case we'd like to install python and conan with uv, but for now
# it is not used.
- name: Set up uv manually
if: matrix.release_prefix == 'linux-vfx2021'
run: |
curl -LsSf https://astral.sh/uv/install.sh | sh
source ~/.local/bin/env
echo After sourcing uv env: "$PATH"
uv python install --preview 3.11
# Add symlinks for python3 and python
(cd ~/.local/bin; ln -sf python3.11 python3; ln -sf python3.11 python)
# Save updated path
echo "PATH=$PATH" >> $GITHUB_ENV
- name: Check python, uv paths
run: |
echo $PATH
echo -n 'which python: ' && which python
echo -n 'which python3: ' && which python3
echo -n 'python version: ' && python --version
echo -n 'python3 version: ' python3 --version
which uv || echo "No python uv; continuing"
- name: Install Conan
id: conan
uses: turtlebrowser/get-conan@main
with:
version: ${{ matrix.conan_version }}
- name: Set up conan
run: |
which conan
conan --version
conan profile detect
- name: Install system dependencies if needed
uses: ConorMacBride/install-package@v1
if: ${{ matrix.aswfdockerbuild == false }}
with:
apt: libgl-dev libgl1-mesa-dev
- name: Install gh cli if needed
if: ${{ matrix.aswfdockerbuild == true }}
run: |
dnf -y install 'dnf-command(config-manager)'
dnf -y config-manager --add-repo https://cli.github.com/packages/rpm/gh-cli.repo
dnf -y install gh --repo gh-cli
gh --version
- name: Setup MSVC
if: startsWith(matrix.os, 'windows')
uses: ilammy/msvc-dev-cmd@v1.13.0 # use cl, not msbuild
# We use cl.exe because it can find CUDA without the CUDA visual studio integration,
# which is extremely slow to install (see Jimver/cuda-toolkit below)
# See comments at https://github.com/Jimver/cuda-toolkit/issues/253
- name: Setup Ninja
uses: seanmiddleditch/gha-setup-ninja@v4
- name: Install CUDA Toolkit
uses: Jimver/cuda-toolkit@v0.2.11
id: cuda-toolkit-linux
if: matrix.ostype == 'linux' && matrix.cuda == true
with:
cuda: '12.1.0'
method: 'network'
sub-packages: '["nvcc", "cudart"]'
linux-local-args: '["--toolkit"]'
- name: Install CUDA Toolkit
uses: Jimver/cuda-toolkit@v0.2.16
id: cuda-toolkit-win
if: matrix.ostype == 'windows' && matrix.cuda == true
with:
# Need CUDA >= 12.4 to support recent VS2022 (17.10 and later, MSVC 19.40)
cuda: '12.4.1'
method: 'network'
sub-packages: '["nvcc", "cudart"]'
# - name: Install system dependencies (CentOS)
# run: |
# rpm install libglvnd-devel
- name: Install dependencies
run: |
[[ "${{ matrix.opengl }}" != false && "${{ matrix.opencl }}" = true ]] && USE_OPENCL="-o use_opencl=True"
conan install -s build_type=${{ matrix.buildtype }} -pr:b=default --build=missing . -c tools.cmake.cmaketoolchain:generator=Ninja $USE_OPENCL
- name: Configure project with cmake
run: |
CMAKE_DEFINES=(-DBUILD_EXAMPLE_PLUGINS=TRUE \
-DPLUGIN_INSTALLDIR=$(pwd)/build/Install)
if [[ "${{ matrix.opengl }}" != false ]] ; then
echo "OPENGL_BUILD=" >> $GITHUB_ENV
CMAKE_DEFINES+=(-DOFX_SUPPORTS_OPENGLRENDER=TRUE)
[[ "${{ matrix.opencl }}" = true ]] && CMAKE_DEFINES+=(-DOFX_SUPPORTS_OPENCLRENDER=TRUE)
[[ "${{ matrix.cuda }}" = true ]] && CMAKE_DEFINES+=(-DOFX_SUPPORTS_CUDARENDER=TRUE)
else
echo "OPENGL_BUILD=-no-ogl" >> $GITHUB_ENV
fi
CMAKE_GENERATOR=(-G Ninja)
if [[ ${{ matrix.has_cmake_presets }} = true ]]; then
# Sets up to build in e.g. build/Release
cmake --preset $CONAN_PRESET ${CMAKE_GENERATOR[@]} ${CMAKE_DEFINES[@]} .
else
# VFX ref platforms 2022 & earlier have only cmake 3.19.
# Older cmake (<3.23) does not support presets, so invoke with explicit args.
cmake -S . -B $BUILD_DIR -G "Unix Makefiles" \
-DCMAKE_TOOLCHAIN_FILE=$(pwd)/$BUILD_DIR/generators/conan_toolchain.cmake \
-DCMAKE_POLICY_DEFAULT_CMP0091=NEW \
-DCMAKE_BUILD_TYPE=Release \
${CMAKE_DEFINES[@]}
fi
- name: Build with cmake
run: |
if [[ ${{ matrix.ostype }} = windows ]]; then
cmake --build $BUILD_DIR --target install --config Release --parallel
else
cmake --build $BUILD_DIR --target install --parallel
fi
- name: Install with cmake
run: |
if [[ ${{ matrix.ostype }} = windows ]]; then
cmake --install $BUILD_DIR --config Release
else
cmake --install $BUILD_DIR
fi
# This isn't used for release; just checks that makefiles still work.
- name: Build old stuff with make
run: |
if [[ ${{ matrix.ostype }} = windows ]]; then
echo No Windows nmake build yet
else
(cd Examples; make -j)
# should build Support/Plugins too, but those need work
fi
############################################################
# Installation: produce release artifacts
############################################################
- name: Copy includes and libs into release folder for installation
# Dir structure:
# Install/OpenFX
# lib
# *.a or *.lib
# include/
# openfx/*.h
# Support/*.h
# HostSupport/*.h
# so e.g `#include <openfx/Support/foo.h>` works with `-I.../OpenFX/include`
run: |
mkdir -p Install/OpenFX/include/openfx
tar -C include \
--exclude='*.png' --exclude='*.doxy' --exclude='*.dtd' \
--exclude='DocSrc' \
-cf - . \
| tar -xf - -C Install/OpenFX/include/openfx
mkdir -p Install/OpenFX/include/openfx/Support
tar -C Support/include/ --exclude='*.png' --exclude='*.doxy' --exclude='*.dtd' \
--exclude='DocSrc' \
-cf - . \
| tar -xf - -C Install/OpenFX/include/openfx/Support/
mkdir -p Install/OpenFX/include/openfx/HostSupport
tar -C HostSupport/include/ --exclude='*.png' --exclude='*.doxy' --exclude='*.dtd' \
--exclude='DocSrc' \
-cf - . \
| tar -xf - -C Install/OpenFX/include/openfx/HostSupport/
mkdir -p Install/OpenFX/lib
find build -name 'lib*' -type f -exec cp {} Install/OpenFX/lib/ \;
# Artifacts for build & release:
# - Header files, doc, and support libs, for use when developing hosts & plugins
# - Built/installed example plugins, for testing in a host
# Create and sign headers/libs tarball
- name: Create headers/libs tarball
run: |
tar -czf openfx-$RELEASE_NAME.tar.gz -C Install OpenFX
- name: Sign header/libs tarball with Sigstore
uses: sigstore/gh-action-sigstore-python@f514d46b907ebcd5bedc05145c03b69c1edd8b46 # v3.0.0
# if: github.event_name == 'release'
with:
inputs: openfx-${{ env.RELEASE_NAME }}.tar.gz
upload-signing-artifacts: false
release-signing-artifacts: false
- name: Upload header/libs tarball and signatures
uses: actions/upload-artifact@v4
with:
name: "openfx-${{ env.RELEASE_NAME }}"
path: |
openfx-${{ env.RELEASE_NAME }}.tar.gz
openfx-${{ env.RELEASE_NAME }}.tar.gz.sigstore.json
# Now the same, for the plugins
- name: Create built/installed plugins tarball
run: |
tar -czf openfx_plugins-$RELEASE_NAME.tar.gz -C build/Install .
- name: Sign plugins tarball with Sigstore
uses: sigstore/gh-action-sigstore-python@f514d46b907ebcd5bedc05145c03b69c1edd8b46 # v3.0.0
with:
inputs: openfx_plugins-${{ env.RELEASE_NAME }}.tar.gz
upload-signing-artifacts: false
release-signing-artifacts: false
- name: Upload plugins tarball and signatures
uses: actions/upload-artifact@v4
with:
name: "openfx_plugins-${{ env.RELEASE_NAME }}"
path: |
openfx_plugins-${{ env.RELEASE_NAME }}.tar.gz
openfx_plugins-${{ env.RELEASE_NAME }}.tar.gz.sigstore.json
- name: Upload artifacts to release
if: github.event_name == 'release'
env:
GH_TOKEN: ${{ github.token }}
TAG: ${{ github.ref_name }}
run: |
gh release upload ${TAG} \
openfx-${{ env.RELEASE_NAME }}.tar.gz \
openfx-${{ env.RELEASE_NAME }}.tar.gz.sigstore.json \
openfx_plugins-${{ env.RELEASE_NAME }}.tar.gz \
openfx_plugins-${{ env.RELEASE_NAME }}.tar.gz.sigstore.json