name: OSX on: workflow_call: inputs: override_git_describe: type: string git_ref: type: string skip_tests: type: string run_all: type: string workflow_dispatch: inputs: override_git_describe: type: string git_ref: type: string skip_tests: type: string run_all: type: string push: branches-ignore: - 'main' - 'feature' - 'v*.*-*' paths-ignore: - '**.md' - 'test/configs/**' - 'tools/**' - '!tools/shell/**' - '.github/patches/duckdb-wasm/**' - '.github/workflows/**' - '!.github/workflows/OSX.yml' concurrency: group: osx-${{ github.workflow }}-${{ github.ref }}-${{ github.head_ref || '' }}-${{ github.base_ref || '' }}-${{ github.ref != 'refs/heads/main' || github.sha }}-${{ inputs.override_git_describe }} cancel-in-progress: true env: GH_TOKEN: ${{ secrets.GH_TOKEN }} OVERRIDE_GIT_DESCRIBE: ${{ inputs.override_git_describe }} jobs: xcode-debug: name: OSX Debug runs-on: macos-14 env: TREAT_WARNINGS_AS_ERRORS: 1 CMAKE_CXX_FLAGS: '-DDEBUG' FORCE_ASSERT: 1 steps: - uses: actions/checkout@v4 with: fetch-depth: 0 ref: ${{ inputs.git_ref }} - uses: actions/setup-python@v5 with: python-version: '3.12' - name: Setup Ccache uses: hendrikmuhs/ccache-action@main with: key: ${{ github.job }} save: ${{ vars.BRANCHES_TO_BE_CACHED == '' || contains(vars.BRANCHES_TO_BE_CACHED, github.ref) }} - name: Install ninja shell: bash run: brew install ninja - name: Build shell: bash run: GEN=ninja make release - name: Set DUCKDB_INSTALL_LIB for ADBC tests shell: bash run: echo "DUCKDB_INSTALL_LIB=$(find `pwd` -name "libduck*.dylib" | head -n 1)" >> $GITHUB_ENV - name: Test DUCKDB_INSTALL_LIB variable run: echo $DUCKDB_INSTALL_LIB - name: Test if: ${{ inputs.skip_tests != 'true' }} shell: bash run: make unittest_release - name: Amalgamation if: ${{ inputs.skip_tests != 'true' }} shell: bash run: | python scripts/amalgamation.py --extended cd src/amalgamation clang++ -std=c++11 -O0 -Wall -Werror -emit-llvm -S duckdb.cpp clang++ -DNDEBUG -O0 -std=c++11 -Wall -Werror -emit-llvm -S duckdb.cpp clang++ -DDEBUG -O0 -std=c++11 -Wall -Werror -emit-llvm -S duckdb.cpp xcode-release: # Builds binaries for osx_arm64 and osx_amd64 name: OSX Release runs-on: macos-14 needs: xcode-debug env: EXTENSION_CONFIGS: '${GITHUB_WORKSPACE}/.github/config/bundled_extensions.cmake' ENABLE_EXTENSION_AUTOLOADING: 1 ENABLE_EXTENSION_AUTOINSTALL: 1 OSX_BUILD_UNIVERSAL: 1 GEN: ninja steps: - uses: actions/checkout@v4 with: fetch-depth: 0 ref: ${{ inputs.git_ref }} - uses: actions/setup-python@v5 with: python-version: '3.12' - name: Install Ninja run: brew install ninja - name: Setup Ccache uses: hendrikmuhs/ccache-action@main with: key: ${{ github.job }} save: ${{ vars.BRANCHES_TO_BE_CACHED == '' || contains(vars.BRANCHES_TO_BE_CACHED, github.ref) }} - name: Install pytest run: | python -m pip install pytest - name: Build shell: bash run: make - name: Print platform shell: bash run: ./build/release/duckdb -c "PRAGMA platform;" # from https://docs.github.com/en/actions/deployment/deploying-xcode-applications/installing-an-apple-certificate-on-macos-runners-for-xcode-development - name: Sign Binaries shell: bash env: BUILD_CERTIFICATE_BASE64: ${{ secrets.OSX_CODESIGN_BUILD_CERTIFICATE_BASE64 }} P12_PASSWORD: ${{ secrets.OSX_CODESIGN_P12_PASSWORD }} KEYCHAIN_PASSWORD: ${{ secrets.OSX_CODESIGN_KEYCHAIN_PASSWORD }} TEAM_ID : ${{ secrets.OSX_NOTARIZE_TEAM_ID }} APPLE_ID: ${{ secrets.OSX_NOTARIZE_APPLE_ID }} PASSWORD: ${{ secrets.OSX_NOTARIZE_PASSWORD }} run: | if [[ "$GITHUB_REPOSITORY" = "duckdb/duckdb" ]] ; then . scripts/osx_import_codesign_certificate.sh echo -e '\n\n\n\n com.apple.security.cs.disable-library-validation\n \n\n' > entitlements.plist codesign --options runtime --entitlements entitlements.plist --all-architectures --force --sign "Developer ID Application: Stichting DuckDB Foundation" build/release/duckdb codesign --options runtime --entitlements entitlements.plist --all-architectures --force --sign "Developer ID Application: Stichting DuckDB Foundation" build/release/src/libduckdb*.dylib zip -j notarize.zip build/release/duckdb build/release/src/libduckdb.dylib export XCRUN_RESPONSE=$(xcrun notarytool submit --progress --apple-id "$APPLE_ID" --password "$PASSWORD" --team-id "$TEAM_ID" --wait -f json notarize.zip) rm notarize.zip if [[ $(./build/release/duckdb -csv -noheader -c "SELECT (getenv('XCRUN_RESPONSE')::JSON)->>'status'") != "Accepted" ]] ; then echo "Notarization failed!" echo $XCRUN_RESPONSE exit 1 fi fi - name: Deploy shell: bash env: AWS_ACCESS_KEY_ID: ${{ secrets.S3_DUCKDB_STAGING_ID }} AWS_SECRET_ACCESS_KEY: ${{ secrets.S3_DUCKDB_STAGING_KEY }} run: | python scripts/amalgamation.py zip -j duckdb_cli-osx-universal.zip build/release/duckdb gzip -9 -k -n -c build/release/duckdb > duckdb_cli-osx-universal.gz zip -j libduckdb-osx-universal.zip build/release/src/libduckdb*.dylib src/amalgamation/duckdb.hpp src/include/duckdb.h ./scripts/upload-assets-to-staging.sh github_release libduckdb-osx-universal.zip duckdb_cli-osx-universal.zip duckdb_cli-osx-universal.gz - uses: actions/upload-artifact@v4 with: name: duckdb-binaries-osx path: | libduckdb-osx-universal.zip duckdb_cli-osx-universal.zip - name: Unit Test shell: bash if: ${{ inputs.skip_tests != 'true' }} run: make allunit - name: Tools Tests shell: bash if: ${{ inputs.skip_tests != 'true' }} run: | python -m pytest tools/shell/tests --shell-binary build/release/duckdb - name: Examples shell: bash if: ${{ inputs.skip_tests != 'true' }} run: | (cd examples/embedded-c; make) (cd examples/embedded-c++; make)