Create a DMG for Mac Monoscopic

.github/workflows/build.yml

@@ -499,6 +499,8 @@ jobs:
  - name: Prepare for packaging (permissions and compression, OSX only)
  if: matrix.targetPlatform == 'StandaloneOSX'
  run: |
+ mv build/${{ matrix.vrsdk }}/${{ matrix.targetPlatform }}/Support "build/${{ matrix.vrsdk }}/${{ matrix.targetPlatform }}/${{ env.filename }}/Contents/"
+ find build -name 'UnityFbxSdkNative.bundle' -delete
  # Compress, but skip the top directories
  tar -c -v -z -f OpenBrush.tgz -C build/${{ matrix.vrsdk }} ${{ matrix.targetPlatform}}
  rm -rf build/${{ matrix.vrsdk }}/*
@@ -561,9 +563,107 @@ jobs:
  # Some platforms share a cache; it's not a 1:1 mapping of either targetPlatform or vrsdk, so we have a distinct variable for which cache to use
  key: Library_${{ matrix.cache }}_${{ env.UNITY_VERSION }}
 
+ createdmg:
+ name: Create and Notarize DMG
+ needs: [configuration, build]
+ if: |
+ github.event_name == 'push' &&
+ github.repository == 'icosa-foundation/open-brush' &&
+ (github.ref == 'refs/heads/main' || contains(github.ref, 'refs/tags/v'))
+
+ runs-on: macos-latest # the ovr-platform-util tool is only available for Mac and Windows
+ steps:
+ - name: Checkout repository
+ uses: actions/checkout@v4
+ with:
+ fetch-depth: 0
+ lfs: true # We don't use LFS, but it adds no time, and leave it here in case we do at some point later
+ sparse-checkout: |
+ Support/macos
+
+ - name: Download Build Artifacts
+ uses: actions/download-artifact@v4
+ with:
+ name: MacOS Monoscopic
+ path: build_macos_monoscopic
+
+ # See https://docs.github.com/en/actions/deployment/deploying-xcode-applications/installing-an-apple-certificate-on-macos-runners-for-xcode-development
+ - name: Install the Apple certificate and provisioning profile
+ env:
+ BUILD_CERTIFICATE_BASE64: ${{ secrets.APPLE_BUILD_CERTIFICATE_BASE64 }}
+ INSTALL_CERTIFICATE_BASE64: ${{ secrets.APPLE_INSTALL_CERTIFICATE_BASE64 }}
+ P12_PASSWORD: ${{ secrets.APPLE_P12_PASSWORD }}
+ BUILD_PROVISION_PROFILE_BASE64: ${{ secrets.APPLE_BUILD_PROVISION_PROFILE_BASE64 }}
+ KEYCHAIN_PASSWORD: ${{ secrets.APPLE_KEYCHAIN_PASSWORD }}
+ run: |
+ BUILD_CERTIFICATE_PATH=$RUNNER_TEMP/build_certificate.p12
+ INSTALL_CERTIFICATE_PATH=$RUNNER_TEMP/install_certificate.p12
+ PP_PATH=$RUNNER_TEMP/openbrushmac.provisionprofile
+ KEYCHAIN_PATH=$RUNNER_TEMP/app-signing.keychain-db
+
+ echo -n "$BUILD_CERTIFICATE_BASE64" | base64 --decode -o $BUILD_CERTIFICATE_PATH
+ echo -n "$INSTALL_CERTIFICATE_BASE64" | base64 --decode -o $INSTALL_CERTIFICATE_PATH
+ echo -n "$BUILD_PROVISION_PROFILE_BASE64" | base64 --decode -o $PP_PATH
+
+ # create temporary keychain
+ security create-keychain -p "$KEYCHAIN_PASSWORD" $KEYCHAIN_PATH
+ security set-keychain-settings -lut 21600 $KEYCHAIN_PATH
+ security unlock-keychain -p "$KEYCHAIN_PASSWORD" $KEYCHAIN_PATH
+
+ # import certificate to keychain
+ security import $BUILD_CERTIFICATE_PATH -P "$P12_PASSWORD" -A -t cert -f pkcs12 -k $KEYCHAIN_PATH
+ security import $INSTALL_CERTIFICATE_PATH -P "$P12_PASSWORD" -A -t cert -f pkcs12 -k $KEYCHAIN_PATH
+ security list-keychain -d user -s $KEYCHAIN_PATH
+
+ mkdir -p ~/Library/MobileDevice/Provisioning\ Profiles
+ cp $PP_PATH ~/Library/MobileDevice/Provisioning\ Profiles
+
+ - name: Sign the release
+ env:
+ VERSION: ${{ needs.configuration.outputs.version }}
+ run: |
+ tar xvfz build_macos_monoscopic/*tgz
+
+ export FILENAME=$(basename $(readlink -f StandaloneOSX/OpenBrush*.app))
+
+ cd StandaloneOSX/
+ codesign --deep --force --verify --verbose --timestamp --options runtime --entitlements ../Support/macos/OpenBrush.entitlements --sign "Developer ID Application: Icosa Gallery Ltd (${{ secrets.APPLE_TEAM_ID }})" $FILENAME/Contents/Support/ThirdParty/ffmpeg/bin/ffmpeg
+ codesign --deep --force --verify --verbose --timestamp --options runtime --entitlements ../Support/macos/OpenBrush.entitlements --sign "Developer ID Application: Icosa Gallery Ltd (${{ secrets.APPLE_TEAM_ID }})" $FILENAME
+
+ - name: Create a notarized DMG
+ env:
+ VERSION: ${{ needs.configuration.outputs.version }}
+ run: |
+ export FILENAME=$(basename $(readlink -f StandaloneOSX/OpenBrush*.app))
+ mkdir dist
+
+ cp Support/macos/background.png StandaloneOSX/
+ cp Support/macos/background@2x.png StandaloneOSX/
+ pip install jinjanator
+ jinjanate Support/macos/openbrush-dmg.json.j2 > StandaloneOSX/openbrush-dmg.json
+ pushd StandaloneOSX/
+ npx appdmg openbrush-dmg.json ../dist/OpenBrush.dmg
+ popd
+
+ xcrun notarytool submit \
+ --team-id ${{ secrets.APPLE_TEAM_ID }} \
+ --apple-id ${{ secrets.APPLE_ID }} \
+ --password ${{ secrets.APPLE_APPLICATION_SPECIFIC_PASSWORD }} \
+ --wait \
+ dist/OpenBrush.dmg
+
+ xcrun stapler staple dist/OpenBrush.dmg
+
+ - name: Upload notarized dmg
+ uses: actions/upload-artifact@v4
+ with:
+ name: MacOS Monoscopic (DMG)
+ path: |
+ dist/OpenBrush.dmg
+
  release:
  name: Create Github Release
- needs: [configuration, build]
+ needs: [configuration, build, createdmg]
  runs-on: ubuntu-latest
  if: |
  github.event_name == 'push' &&
@@ -645,6 +745,12 @@ jobs:
  name: Android Pico
  path: build_android_pico
 
+ - name: Download Build Artifacts (Mac)
+ uses: actions/download-artifact@v4
+ with:
+ name: MacOS Monoscopic (DMG)
+ path: build_monoscopic_macos
+
  - name: Package Artifacts for release
  env:
  VERSION: ${{ needs.configuration.outputs.version }}
@@ -656,6 +762,7 @@ jobs:
  mv build_windows_openxr/StandaloneWindows64/ releases/OpenBrush_Desktop_$VERSION/
  mv build_windows_rift/StandaloneWindows64/ releases/OpenBrush_Rift_$VERSION/
  mv build_windows_mono/StandaloneWindows64/ releases/OpenBrush_Mono_$VERSION/
+ mv build_monoscopic_macos/*.dmg releases/OpenBrush_Mac_Mono_$VERSION.dmg
  cd releases
  zip -r OpenBrush_Desktop_$VERSION.zip OpenBrush_Desktop_$VERSION/
  zip -r OpenBrush_Rift_$VERSION.zip OpenBrush_Rift_$VERSION/
@@ -740,7 +847,7 @@ jobs:
 
  publish_steam:
  name: Publish Steam Release
- needs: [configuration, build]
+ needs: [configuration, build, createdmg]
  if: |
  github.event_name == 'push' &&
  github.repository == 'icosa-foundation/open-brush' &&

Assets/Scripts/Rendering/FfmpegPipe.cs

@@ -141,14 +141,10 @@ class FfmpegPipe
 
  public static string GetFfmpegExe()
  {
- // Editor, Mac builds and Windows builds have different paths
+ // Editor and Windows builds have different paths
  // between Application.dataPath and the actual executable
  string traverseToApp = "";
- if (Application.platform == RuntimePlatform.OSXPlayer)
- {
- traverseToApp = "../../";
- }
- else if (Application.platform == RuntimePlatform.WindowsPlayer || Application.isEditor)
+ if (Application.platform == RuntimePlatform.WindowsPlayer || Application.isEditor)
  {
  traverseToApp = "../";
  }

Support/macos/OpenBrush.entitlements

@@ -0,0 +1,10 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
+<plist version="1.0">
+ <dict>
+ <key>com.apple.security.cs.disable-library-validation</key>
+ <true/>
+ <key>com.apple.security.cs.disable-executable-page-protection</key>
+ <true/>
+ </dict>
+</plist>

Support/macos/openbrush-dmg.json.j2

@@ -0,0 +1,28 @@
+{
+ "title": "Open Brush {{ VERSION }}",
+ "icon": "{{ FILENAME }}/Contents/Resources/PlayerIcon.icns",
+ "background": "background.png",
+ "icon-size": 160,
+ "format": "ULFO",
+ "filesystem": "APFS",
+ "window": {
+ "size": {
+ "width": 620,
+ "height": 349
+ }
+ },
+ "contents": [
+ {
+ "x": 160,
+ "y": 160,
+ "type": "file",
+ "path": "{{ FILENAME }}"
+ },
+ {
+ "x": 460,
+ "y": 160,
+ "type": "link",
+ "path": "/Applications"
+ }
+ ]
+}