scottk/UltraGrid
1
0
Fork 0
mirror of https://github.com/outbackdingo/UltraGrid.git synced 2026-03-20 11:40:08 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
2ff0bd5c199dc25ad3cd213feea7293b2b85f14c
UltraGrid/.github/workflows
History
Martin Pulec 193c8d5ab1 minor fixes 
- coverity-scan.yml: typo
- configure.ac: misleading message if SDL not found -> do not mention
version at all, it was perhaps meant "didn't found any version" but it
might have also been that did't found specified version...
- configure.ac: removed sdl_mixer from summary
2025-09-04 10:40:22 +02:00
..
arm-build.yml
GH arm+coverity builds: add -f to curl
2025-07-15 09:20:42 +02:00
ccpp.yml
CI Linux: fix wrong token name for cache
2025-09-01 08:45:24 +02:00
coverity-scan.yml
minor fixes
2025-09-04 10:40:22 +02:00
README.md
CI macos: re-enable DELTACAST
2024-10-24 16:14:34 +02:00

README.md

UltraGrid GitHub workflows

Table of contents

Dependencies

Further are described external dependencies needed to build proprietary parts of UltraGrid. The dependencies are not required - UltraGrid would build also without.

These additional dependencies must be provided at URL specified by a secret SDK_URL.

Further subsection briefly describe individual assets and how to obtain them. All assets are unmodified files downloaded from vendor website. However, rename may be required.

macOS

  • videomaster-macos-dev.tar.gz - VideoMaster SDK for Mac from DELTACAST

Windows

  • videomaster-win.x64-dev.zip - VideoMaster SDK from DELTACAST for Windows

Linux

Note: VideoMaster SDK is not used because DELTACAST doesn't provide redistributable libraries for Linux (as does for macOS and Windows).

Secrets

  • NOTARYTOOL_CREDENTIALS - Apple developer credentials to be used with notarytool for macOS build (username:password:teamid) notarization in format "user:password" (app-specific password is strongly recommended)
  • APPLE_KEY_P12_B64 - base64-encoded signing Apple key in P12 (see below)
  • APPIMAGE_KEY - GPG exported (armored) private key to sign AppImage
  • COVERITY_TOKEN - Coverity token to be used for build upload
  • NDI_REMOTE_SSH_KEY - SSH key to upload NDI builds over SSH (see Workflows for additional details)
  • SDK_URL - URL where are located the Dependencies assets

Note: not all secrets are used by all workflows (see Workflows for details)

Generating Apple keys to sign the image

This section contains a procedure to get and process keys to be used as APPLE_KEY_P12_B64 above.

  • first generate signing request (replace subject if needed):

    openssl genrsa -out mykey.key 2048 openssl req -new -key mykey.key -out CertificateSigningRequest.certSigningRequest -subj "/emailAddress=ultragrid-dev@cesnet.cz, CN=CESNET, C=CZ"

  • then login to Apple developer and generate a certificate from the above signing request for "Developer ID Application" and download developerID_application.cer

  • convert certificate to to PEM:

    openssl x509 -inform DER -outform PEM -text -in developerID_application.cer -out developerID_application.pem

  • export private key with password "dummy":

    openssl pkcs12 -export -out signing_key.p12 -in developerID_application.pem -inkey mykey.key -passout pass:dummy

  • add GitHub action secret APPLE_KEY_P12_B64 from output of:

    base64 signing_key.p12

Workflows

Currently all workflows are triggered by push to the respective branch. There are 3 workflows:

ARM builds

Creates ARM AppImages. Trigerred by push to branch arm-build. In CESNET/UltraGrid repo creates a release asset, otherwise a build artifact. No secret are used.

Coverity

Sends build for analysis to Coverity service. Trigerred by push to coverity_scan - requires COVERITY_TOKEN, useful is also SDK_URL to increase code coverage.

C/C++ CI

This is the basic workflow, has multiple modes depending on which branch is pushed to. Whether or not triggered from official repository influences where will the build be uploaded:

  • push to official repository (branches master or release/*) - triggers rebuild of release asset (continuous for master) and uploads to release assets.
  • push to other repositories (branches master or release/*) - creates build artifacts
  • push to branch ndi-build - builds with NDI support - requires NDI SDKs to be present in SDK_URL, otherwise the NDI support won't be enabled.

    • reads NDI_REMOTE_SSH_KEY, if found, uploads the builds to predefined location (defined in upload-ndi-build.sh). For non-official repositiry you would also need to set environment variables NDI_REMOTE_SSH and NDI_REMOTE_SSH_HOST_KEY_URL to override defaults in the script - add following lines to ccpp.yml:

      env:
  NDI_REMOTE_SSH: <user>@<host>:<path>
  NDI_REMOTE_SSH_HOST_KEY_URL: https://<path_to_host_key>

    • If the secret NDI_REMOTE_SSH_KEY is not defined, builds are uploaded as a build artifact.

This worflow utilizes ALTOOL_CREDENTIALS, APPLE_KEY_P12_B64, APPIMAGE_KEY, SDK_URL and SSH_KEY (NDI only).

Reference in New Issue View Git Blame Copy Permalink