Last active
April 26, 2025 03:06
-
-
Save meeech/8d8a7e1b07234d65afc52659c162d53e to your computer and use it in GitHub Desktop.
A CircleCI config for build and deploy Godot game to itch.io. (wip) Does codesign and notarize. Will update as I improve it.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| version: 2.1 | |
| # Porting over from barichello example gitlab config | |
| # Unsure about the cache benefit/setup? TBD | |
| # Probably have to put these all in one job, because it is slow to pull down godot-ci:4.3 each time | |
| # Codesign & Notarize | |
| # Great article on setting up all the bits you need to codesign and notarize: https://alicegg.tech/2024/09/12/godot-mac | |
| # Used this as a guide https://docs.github.com/en/actions/use-cases-and-examples/deploying/installing-an-apple-certificate-on-macos-runners-for-xcode-development | |
| # and https://github.com/appflowy/gpt4all/blob/main/.circleci/continue_config.yml#L112 | |
| executors: | |
| godot-executor: | |
| docker: | |
| - image: barichello/godot-ci:4.3 | |
| working_directory: ~/project | |
| jobs: | |
| import-assets: | |
| docker: | |
| - image: barichello/godot-ci:4.3 | |
| steps: | |
| - checkout | |
| - restore_cache: | |
| key: import-assets | |
| - run: | |
| name: Import Assets | |
| command: | | |
| godot --headless --verbose --editor --quit | |
| - save_cache: | |
| key: import-assets | |
| paths: | |
| - .godot/imported/ | |
| build: | |
| executor: godot-executor | |
| parameters: | |
| platform: | |
| type: enum | |
| enum: | |
| - linux | |
| - macos | |
| - windows | |
| - web | |
| steps: | |
| - checkout | |
| - restore_cache: | |
| key: import-assets | |
| - run: | |
| name: Install dependencies | |
| command: | | |
| apt-get update && apt-get install -y curl wget unzip zip | |
| - run: | |
| name: Export Build | |
| command: | | |
| if [ "<< parameters.platform >>" == "windows" ]; then | |
| mkdir -p ./builds/windows | |
| godot --headless --export-release "Windows Desktop" ./builds/windows/game.exe | |
| cd ./builds && zip -r windows_build-<<pipeline.git.revision>>.zip windows/ | |
| elif [ "<< parameters.platform >>" == "web" ]; then | |
| mkdir -p ./builds/web | |
| godot --headless --export-release "Web" "./builds/web/index.html" | |
| cd ./builds && zip -r web_build-<<pipeline.git.revision>>.zip ./web | |
| elif [ "<< parameters.platform >>" == "linux" ]; then | |
| mkdir -p ./builds/linux | |
| godot --headless --export-release "Linux" ./builds/linux/game.x86_64 | |
| cd ./builds && zip -r linux_build-<<pipeline.git.revision>>.zip linux/ | |
| elif [ "<< parameters.platform >>" == "macos" ]; then | |
| xcode-select --install || echo "Xcode command line tools already installed" | |
| mkdir -p ./builds/macos | |
| godot --headless --export-release "macOS" ./builds/macos/game.app | |
| cd ./builds/macos && zip -r ../macos_build-<<pipeline.git.revision>>.zip game.app/ | |
| fi | |
| - persist_to_workspace: | |
| root: . | |
| paths: | |
| - ./builds/<< parameters.platform >>_build-<<pipeline.git.revision>>.zip | |
| - store_artifacts: | |
| path: ./builds/<< parameters.platform >>_build-<<pipeline.git.revision>>.zip | |
| destination: << parameters.platform >>_build-<<pipeline.git.revision>>.zip | |
| build-complete: | |
| type: no-op | |
| codesign-and-notarize: | |
| macos: | |
| xcode: 16.2.0 | |
| parameters: | |
| bundle-identifier: | |
| type: string | |
| resource_class: macos.m1.medium.gen1 | |
| steps: | |
| - attach_workspace: | |
| at: . | |
| - run: | |
| name: Setup Keychain with the Cert | |
| command: | | |
| echo "$P12_CERTIFICATE_BASE64" | base64 --decode > Certificate.p12 | |
| pwd && ls -al . | |
| security create-keychain -p "$KEYCHAIN_PASSWORD" build.keychain-db | |
| ls -al . | |
| security set-keychain-settings -lut 3600 build.keychain-db | |
| security unlock-keychain -p "$KEYCHAIN_PASSWORD" build.keychain-db | |
| security import Certificate.p12 -P "$P12_CERTIFICATE_PASSWORD" -A -t cert -f pkcs12 -k build.keychain-db | |
| security set-key-partition-list -S apple-tool:,apple: -k "$KEYCHAIN_PASSWORD" build.keychain-db | |
| security default-keychain -s build.keychain-db | |
| rm Certificate.p12 | |
| ls -al . | |
| - run: | |
| name: Unzip the .app | |
| command: | | |
| pwd && ls -al ./** | |
| unzip -o ./builds/macos_build-<<pipeline.git.revision>>.zip | |
| - run: | |
| name: Codesign the .app | |
| command: | | |
| pwd && ls -la . | |
| mv game.app faster-thank-friends.app | |
| codesign -v --timestamp --options runtime -s "$CODESIGN_IDENTITY" -i "<< parameters.bundle-identifier >>" -f ./faster-thank-friends.app | |
| - run: | |
| name: Make the .dmg | |
| command: | | |
| hdiutil create ftf-signed.dmg -volname faster-thank-friends -fs HFS+ -srcfolder faster-thank-friends.app | |
| - run: | |
| name: Restore the .p8 key | |
| command: | | |
| echo $NOTARIZATION_API_KEY_BASE64 | base64 --decode > AuthKey_R9M3U4MXA5.p8 | |
| - run: | |
| name: Notarize the .dmg | |
| command: | | |
| pwd && ls -la . | |
| xcrun notarytool submit ftf-signed.dmg --issuer "$NOTARIZATION_API_UUID" --key ./AuthKey_R9M3U4MXA5.p8 --key-id "$NOTARIZATION_API_KEY_ID" --wait --team-id "$CODESIGN_APPLE_TEAM_ID" | |
| - run: | |
| name: Staple the notarization to artifacts | |
| command: | | |
| pwd && ls -la . | |
| xcrun stapler staple ftf-signed.dmg | |
| xcrun stapler staple faster-thank-friends.app | |
| - run: | |
| name: Delete Keychain | |
| command: security delete-keychain build.keychain-db | |
| - run: | |
| name: Zip Signed and Notarized .app | |
| command: zip -r faster-thank-friends.app.zip faster-thank-friends.app | |
| - store_artifacts: | |
| path: ./faster-thank-friends.app.zip | |
| - store_artifacts: | |
| path: ./ftf-signed.dmg | |
| - persist_to_workspace: | |
| root: . | |
| paths: | |
| - ./faster-thank-friends.app | |
| - ./faster-thank-friends.app.zip | |
| - ./ftf-signed.dmg | |
| deploy-itch: | |
| docker: | |
| - image: cimg/base:stable | |
| parameters: | |
| platform: | |
| type: enum | |
| enum: | |
| - windows | |
| - linux | |
| - macos | |
| - web | |
| steps: | |
| - attach_workspace: | |
| at: . | |
| - run: | |
| name: Prep game build for delivery | |
| command: | | |
| mkdir -p ./extracted | |
| if [ "<< parameters.platform >>" == "macos" ]; then | |
| mv ./faster-thank-friends.app ./extracted/ | |
| else | |
| unzip -o ./builds/<< parameters.platform >>_build-<<pipeline.git.revision>>.zip -d ./extracted | |
| fi | |
| ls -al ./extracted/** | |
| - run: | |
| name: Deploy to itch.io | |
| command: | | |
| curl -L -o butler.zip https://broth.itch.ovh/butler/linux-amd64/LATEST/archive/default | |
| unzip butler.zip | |
| chmod +x butler | |
| ./butler push ./extracted $ITCH_USERNAME/$ITCH_GAME:<< parameters.platform >> --userversion <<pipeline.git.revision>> | |
| workflows: | |
| build-deploy: | |
| jobs: | |
| - import-assets | |
| - build: | |
| matrix: | |
| parameters: | |
| platform: ["windows", "linux", "macos", "web"] | |
| requires: | |
| - import-assets | |
| - codesign-and-notarize: | |
| bundle-identifier: "com.meeech.faster-thank-friends" | |
| context: | |
| - mac_export | |
| requires: | |
| - build | |
| - build-complete: | |
| requires: | |
| - codesign-and-notarize | |
| - deploy-itch: | |
| filters: | |
| branches: | |
| only: main | |
| matrix: | |
| parameters: | |
| platform: ["windows", "linux", "macos", "web"] | |
| requires: | |
| - build-complete |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment