Build and release plugins (macOS) #21

Workflow file for this run

.github/workflows/release-plugins.yml at c0f5312

	# Build and release AceForge-Bridge AU + VST3 (macOS); manufacturer AudioHacking
	name: Build and release plugins (macOS)

	on:
	release:
	types: [published]
	workflow_dispatch:
	inputs:
	release_tag:
	description: 'Release tag to upload artifacts to (e.g., v1.0.0). Leave empty to skip upload.'
	required: false
	type: string

	permissions:
	contents: write # Required to upload release assets

	jobs:
	build-macos:
	runs-on: macos-latest
	steps:
	- name: Checkout
	uses: actions/checkout@v4

	- name: Setup Xcode
	run: \|
	sudo xcode-select -switch /Applications/Xcode.app/Contents/Developer
	xcodebuild -version

	- name: Set compiler environment
	run: \|
	echo "CC=/usr/bin/clang" >> $GITHUB_ENV
	echo "CXX=/usr/bin/clang++" >> $GITHUB_ENV

	- name: Configure CMake
	run: \|
	cmake -B build -G Xcode \
	-DCMAKE_OSX_ARCHITECTURES=arm64 \
	-DCMAKE_BUILD_TYPE=Release

	- name: Build
	run: \|
	cmake --build build --config Release -- -quiet

	- name: Locate plugin artefacts
	id: artefacts
	run: \|
	set -e
	AU=$(find build -name "AceForge-Bridge.component" -type d 2>/dev/null \| head -1)
	VST3=$(find build -name "AceForge-Bridge.vst3" -type d 2>/dev/null \| head -1)
	[ -n "$AU" ] \|\| AU=$(find build -name "*.component" -type d 2>/dev/null \| head -1)
	[ -n "$VST3" ] \|\| VST3=$(find build -name "*.vst3" -type d 2>/dev/null \| head -1)
	echo "au_path=$AU" >> $GITHUB_OUTPUT
	echo "vst3_path=$VST3" >> $GITHUB_OUTPUT
	echo "Found AU: $AU"
	echo "Found VST3: $VST3"
	if [ -z "$AU" ] \|\| [ -z "$VST3" ]; then
	echo "Plugin artefacts not found. Build tree:"
	find build -type d $ -name ".component" -o -name ".vst3" $ 2>/dev/null \|\| true
	exit 1
	fi

	- name: Create zip archives for release
	run: \|
	mkdir -p release-artefacts
	cp -R "${{ steps.artefacts.outputs.au_path }}" "release-artefacts/AceForge-Bridge.component"
	cp -R "${{ steps.artefacts.outputs.vst3_path }}" "release-artefacts/AceForge-Bridge.vst3"
	echo "zip_path=release-artefacts/AceForgeBridge-macOS-AU-VST3.zip" >> $GITHUB_ENV

	# Sign AU/VST3 (for zip and for pkg). Without secret: ad-hoc. With MACOS_SIGNING_IDENTITY (Developer ID Application): proper sign.
	- name: Codesign plugin bundles
	env:
	MACOS_SIGNING_IDENTITY: ${{ secrets.MACOS_SIGNING_IDENTITY }}
	run: \|
	IDENTITY="${MACOS_SIGNING_IDENTITY:--}"
	echo "Signing plugins with identity: $IDENTITY"
	if [ "$IDENTITY" = "-" ]; then
	xcrun codesign --force --sign - --deep "release-artefacts/AceForge-Bridge.component"
	xcrun codesign --force --sign - --deep "release-artefacts/AceForge-Bridge.vst3"
	else
	xcrun codesign --force --sign "$IDENTITY" --options runtime --timestamp --deep \
	"release-artefacts/AceForge-Bridge.component"
	xcrun codesign --force --sign "$IDENTITY" --options runtime --timestamp --deep \
	"release-artefacts/AceForge-Bridge.vst3"
	fi
	cd release-artefacts && zip -r "AceForgeBridge-macOS-AU-VST3.zip" "AceForge-Bridge.component" "AceForge-Bridge.vst3" && cd ..
	echo "Plugin bundles signed; zip created."

	- name: Prepare pkg payload
	run: \|
	mkdir -p payload/Library/Audio/Plug-Ins/Components
	mkdir -p payload/Library/Audio/Plug-Ins/VST3
	cp -R "release-artefacts/AceForge-Bridge.component" "payload/Library/Audio/Plug-Ins/Components/"
	cp -R "release-artefacts/AceForge-Bridge.vst3" "payload/Library/Audio/Plug-Ins/VST3/"

	- name: Build macOS installer (.pkg)
	run: \|
	pkgbuild \
	--root payload \
	--identifier com.audiohacking.aceforge-bridge \
	--version 0.1.0 \
	--install-location / \
	release-artefacts/AceForgeBridge-macOS-Installer.pkg
	echo "Installer places AU and VST3 in /Library/Audio/Plug-Ins/Components and /Library/Audio/Plug-Ins/VST3"

	# Sign the .pkg so macOS doesn't show "unidentified developer". Use Developer ID Installer cert.
	- name: Codesign installer (.pkg)
	env:
	MACOS_SIGNING_IDENTITY: ${{ secrets.MACOS_SIGNING_IDENTITY }}
	MACOS_INSTALLER_SIGNING_IDENTITY: ${{ secrets.MACOS_INSTALLER_SIGNING_IDENTITY }}
	run: \|
	IDENTITY="${MACOS_INSTALLER_SIGNING_IDENTITY:-$MACOS_SIGNING_IDENTITY}"
	IDENTITY="${IDENTITY:--}"
	if [ "$IDENTITY" != "-" ] && [ -n "$IDENTITY" ]; then
	echo "Signing installer pkg with identity: $IDENTITY"
	mv release-artefacts/AceForgeBridge-macOS-Installer.pkg release-artefacts/AceForgeBridge-macOS-Installer-unsigned.pkg
	productsign --sign "$IDENTITY" --timestamp \
	release-artefacts/AceForgeBridge-macOS-Installer-unsigned.pkg \
	release-artefacts/AceForgeBridge-macOS-Installer.pkg
	rm release-artefacts/AceForgeBridge-macOS-Installer-unsigned.pkg
	echo "Installer pkg signed."
	else
	echo "No signing identity secret; installer pkg is unsigned (plugins are ad-hoc signed)."
	fi

	- name: Upload release assets
	if: github.event_name == 'release' \|\| (github.event_name == 'workflow_dispatch' && inputs.release_tag != '')
	uses: softprops/action-gh-release@v2
	with:
	tag_name: ${{ (github.event_name == 'release' && github.event.release.tag_name) \|\| inputs.release_tag }}
	files: \|
	release-artefacts/AceForgeBridge-macOS-AU-VST3.zip
	release-artefacts/AceForgeBridge-macOS-Installer.pkg
	env:
	GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

	- name: Upload artefacts (push / workflow_dispatch or no release)
	if: github.event_name != 'release' \|\| github.event.release == null
	uses: actions/upload-artifact@v4
	with:
	name: AceForgeBridge-macOS-plugins
	path: release-artefacts/

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Build and release plugins (macOS) #21

Workflow file

Build and release plugins (macOS) #21

Uh oh!

Workflow file for this run