Merge pull request #41 from jimeh/improve-multi-arch-builds

feat(builds): improve build speeds and use free arm64 runners
2026-02-19 08:26:40 +00:00 · 2024-12-01 01:44:06 +00:00 · 2024-12-01 01:42:50 +00:00 · 2024-11-30 18:11:24 +00:00 · 2024-11-25 02:50:28 +00:00 · 2024-11-25 02:50:27 +00:00
8 changed files with 479 additions and 479 deletions
--- a/.github/workflows/_build.yml
+++ b/.github/workflows/_build.yml
@@ -1,281 +1,145 @@
 ---
-# Requires _prepare.yml re-usable workflow to have run.
 name: _build
 on:
  workflow_call:
    inputs:
-      artifact_prefix:
-        description: Artifact prefix
-        type: string
-        required: false
-      os:
-        description: GitHub Actions runner OS
-        type: string
-        required: false
-        default: "macos-12"
-      build_os:
-        description: Target OS to build for
-        type: string
-        required: false
-        default: "macos-12"
      git_ref:
-        description: Git ref to build
-        type: string
+        description: Emacs git ref to build
        required: true
+        type: string
      git_sha:
-        description: Override git SHA to build
-        type: string
+        description: Override Emacs git commit SHA to build
        required: false
-      build_args:
+        type: string
+      builder_ref:
+        description: "Git ref to checkout of build-emacs-for-macos"
+        required: true
+        type: string
+      builder_args:
        description: Custom arguments passed to build script
-        type: string
        required: false
+        default: ""
+        type: string
      test_build_name:
        description: "Test build name"
-        type: string
        required: false
+        default: ""
+        type: string
      test_release_type:
        description: "prerelease or draft"
-        type: string
        required: false
-        default: "prerelease"
-    secrets:
-      APPLE_DEVELOPER_CERTIFICATE_P12_BASE64:
-        description: Base64 encoded Apple Developer Certificate
-        required: true
-      APPLE_DEVELOPER_CERTIFICATE_PASSWORD:
-        description: Password for Apple Developer Certificate
-        required: true
-      KEYCHAIN_PASSWORD:
-        description: Password to use for temporary local keychain on runner
-        required: true
-      AC_USERNAME:
-        description: Apple Connect Username
-        required: true
-      AC_PASSWORD:
-        description: Apple Connect Password
-        required: true
-      AC_PROVIDER:
-        description: Apple Connect Provider
-        required: true
-      AC_SIGN_IDENTITY:
-        description: Apple Connect Signing Identify
-        required: true
-      TAP_REPO_TOKEN:
-        description: Homebrew Tap Token
-        required: true
-    outputs:
-      package_created:
-        description: "Whether or not a package was created"
-        value: ${{ jobs.package.result == 'success' }}
+        default: ""
+        type: string
+      x86_64:
+        description: "Build x86_64 version of Emacs"
+        required: false
+        default: true
+        type: boolean
+      arm64:
+        description: "Build arm64 version of Emacs"
+        required: false
+        default: true
+        type: boolean

 jobs:
  prepare:
-    runs-on: ${{ inputs.os }}
-    outputs:
-      builder_sha: ${{ steps.builder_sha.outputs.sha }}
-      emacs_sha_override: ${{ steps.emacs_sha.outputs.sha }}
-      test_plan_args: ${{ steps.test_plan_args.outputs.args }}
-    steps:
-      - name: Download emacs-builder git SHA artifact
-        uses: actions/download-artifact@v4
-        with:
-          name: emacs-builder-git-sha
-          path: ./
-      - name: Store builder Git SHA
-        id: builder_sha
-        run: >-
-          echo "sha=$(cat emacs-builder-git-sha.txt)" >> $GITHUB_OUTPUT
-      - name: Prepare plan test args
-        id: test_plan_args
-        if: ${{ inputs.test_build_name != '' }}
-        run: >-
-          echo "args=--test-build '${{ inputs.test_build_name }}' --test-release-type '${{ inputs.test_release_type }}'" >> $GITHUB_OUTPUT
-      - name: Set git SHA override
-        id: emacs_sha
-        if: ${{ inputs.git_sha != '' }}
-        run: >-
-          echo "sha=--sha '${{ inputs.git_sha }}'" >> $GITHUB_OUTPUT
-  plan:
+    name: Prepare
+    uses: ./.github/workflows/_prepare.yml
+    with:
+      builder_ref: ${{ inputs.builder_ref }}
+
+  # ----------------------------------------------------------------------------
+  # Build x86_64 version of Emacs
+  # ----------------------------------------------------------------------------
+
+  build_x86_64:
+    name: Build (x86_64)
+    if: inputs.x86_64
+    uses: ./.github/workflows/_build_emacs.yml
    needs: [prepare]
-    runs-on: ${{ inputs.build_os }}
-    outputs:
-      check: ${{ steps.check.outputs.result }}
-    steps:
-      - name: Checkout build-emacs-for-macos repo
-        if: ${{ inputs.os != inputs.build_os }}
-        uses: actions/checkout@v4
-        with:
-          repository: jimeh/build-emacs-for-macos
-          ref: ${{ needs.prepare.outputs.builder_sha }}
-      - uses: actions/setup-go@v5
-        if: ${{ inputs.os != inputs.build_os }}
-        with:
-          go-version: "1.21"
-      - name: Build emacs-builder tool
-        if: ${{ inputs.os != inputs.build_os }}
-        run: make build
-      - name: Download pre-built emacs-builder artifact
-        if: ${{ inputs.os == inputs.build_os }}
-        uses: actions/download-artifact@v4
-        with:
-          name: emacs-builder
-          path: bin
-      - name: Ensure emacs-builder is executable
-        if: ${{ inputs.os == inputs.build_os }}
-        run: chmod +x bin/emacs-builder
-      - name: Plan build
-        run: >-
-          bin/emacs-builder -l debug plan --output build-plan.yml
-          --output-dir '${{ github.workspace }}/builds'
-          ${{ needs.prepare.outputs.test_plan_args }}
-          ${{ needs.prepare.outputs.emacs_sha_override }}
-          '${{ inputs.git_ref }}'
-        env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-      - name: Show plan
-        run: cat build-plan.yml
-      - name: Upload build-plan artifact
-        uses: actions/upload-artifact@v4
-        with:
-          name: ${{ inputs.artifact_prefix }}build-plan
-          path: build-plan.yml
-          if-no-files-found: error
-      - name: Check if planned release and asset already exist
-        id: check
-        continue-on-error: true
-        run: |
-          echo "result=$((bin/emacs-builder -l debug release --plan build-plan.yml check && echo 'ok') || echo 'fail')" >> $GITHUB_OUTPUT
-        env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-      - run: echo 'Planned release already seems to exist.'
-        if: ${{ steps.check.outputs.result == 'ok' }}
+    with:
+      builder_ref: ${{ needs.prepare.outputs.builder_sha }}
+      os: "macos-13"
+      build_os: "macos-13" # Only macos-13 and earlier are x86_64.
+      artifact_prefix: "x86_64-"
+      git_ref: ${{ inputs.git_ref }}
+      git_sha: ${{ inputs.git_sha }}
+      build_args: ${{ inputs.builder_args }}
+      test_build_name: ${{ inputs.test_build_name }}
+      test_release_type: ${{ inputs.test_release_type }}
+    secrets: inherit

-  build:
-    runs-on: ${{ inputs.build_os }}
-    needs: [prepare, plan]
-    # Only run if check for existing release and asset failed.
-    if: ${{ needs.plan.outputs.check == 'fail' }}
-    steps:
-      - name: Checkout build-emacs-for-macos repo
-        uses: actions/checkout@v4
-        with:
-          repository: jimeh/build-emacs-for-macos
-          ref: ${{ needs.prepare.outputs.builder_sha }}
-          path: builder
-      - uses: ruby/setup-ruby@v1
-        with:
-          ruby-version: "3.2"
-      - name: Update homebrew
-        run: brew update
-      - name: Fix system python breaking homebrew
-        run: >-
-          find "$(brew --prefix)/bin" -type l
-          -ilname '*/Library/Frameworks/Python.framework/*'
-          -delete
-      - name: Install dependencies
-        run: make bootstrap
-        working-directory: builder
-        env:
-          BUNDLE_WITHOUT: "development"
-      - name: Download build-plan artifact
-        uses: actions/download-artifact@v4
-        with:
-          name: ${{ inputs.artifact_prefix }}build-plan
-          path: ./
-      - name: Build Emacs
-        run: >-
-          ./builder/build-emacs-for-macos
-          --log-level debug
-          --plan build-plan.yml
-          --native-full-aot
-          --no-self-sign
-          ${{ inputs.build_args }}
-        env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-      - name: Upload unsigned app artifact
-        uses: actions/upload-artifact@v4
-        with:
-          name: ${{ inputs.artifact_prefix }}unsigned-app
-          path: builds/*.tbz
-          if-no-files-found: error
-      - name: Upload Emacs source artifact
-        uses: actions/upload-artifact@v4
-        with:
-          name: ${{ inputs.artifact_prefix }}emacs-source
-          path: builder/tarballs/*.tgz
+  release_x86_64:
+    name: Release (x86_64)
+    uses: ./.github/workflows/_release.yml
+    # Depend on both build_x86_64 and build_arm64, but only run if build_x86_64
+    # was successful and a package was created. This ensure wait for all builds
+    # to complete before running any release jobs.
+    needs: [prepare, build_x86_64, build_arm64]
+    if: |
+      always() &&
+      needs.build_x86_64.result == 'success' &&
+      needs.build_x86_64.outputs.package_created &&
+      needs.build_arm64.result != 'failure'
+    with:
+      builder_ref: ${{ needs.prepare.outputs.builder_sha }}
+      os: "macos-13" # Only macos-13 and earlier are x86_64.
+      plan_artifact: x86_64-build-plan
+      dmg_artifact: x86_64-dmg

-  package:
-    runs-on: ${{ inputs.os }}
-    needs: [prepare, plan, build]
-    steps:
-      - uses: actions/setup-python@v5
-        with:
-          python-version: "3.11"
-      - name: Install dmgbuild
-        run: |
-          $(command -v pip3 || command -v pip) install --upgrade dmgbuild
-      - name: Download pre-built emacs-builder artifact
-        uses: actions/download-artifact@v4
-        with:
-          name: emacs-builder
-          path: bin
-      - name: Ensure emacs-builder is executable
-        run: chmod +x bin/emacs-builder
-      - name: Download build-plan artifact
-        uses: actions/download-artifact@v4
-        with:
-          name: ${{ inputs.artifact_prefix }}build-plan
-          path: ./
-      - name: Download unsigned app artifact
-        uses: actions/download-artifact@v4
-        with:
-          name: ${{ inputs.artifact_prefix }}unsigned-app
-          path: builds
-      - name: Extract unsigned app archive
-        run: |
-          find * -name '*.tbz' -exec tar xvjf "{}" \;
-        working-directory: builds
-      - name: Install the Apple signing certificate
-        run: |
-          # create variables
-          CERTIFICATE_PATH="$RUNNER_TEMP/build_certificate.p12"
-          KEYCHAIN_PATH="$RUNNER_TEMP/app-signing.keychain-db"
+  # ----------------------------------------------------------------------------
+  # Build arm64 version of Emacs
+  # ----------------------------------------------------------------------------

-          # import certificate and provisioning profile from secrets
-          echo -n "$CERT_BASE64" | base64 --decode --output "$CERTIFICATE_PATH"
+  build_arm64:
+    name: Build (arm64)
+    if: inputs.arm64
+    uses: ./.github/workflows/_build_emacs.yml
+    needs: [prepare]
+    with:
+      builder_ref: ${{ needs.prepare.outputs.builder_sha }}
+      os: "macos-14"
+      build_os: "macos-14" # Only macos-14 and later are ARM64.
+      artifact_prefix: "arm64-"
+      git_ref: ${{ inputs.git_ref }}
+      git_sha: ${{ inputs.git_sha }}
+      build_args: ${{ inputs.builder_args }}
+      test_build_name: ${{ inputs.test_build_name }}
+      test_release_type: ${{ inputs.test_release_type }}
+    secrets: inherit

-          # create temporary keychain
-          security create-keychain -p "$KEYCHAIN_PASSWORD" "$KEYCHAIN_PATH"
-          security set-keychain-settings -lut 21600 "$KEYCHAIN_PATH"
-          security unlock-keychain -p "$KEYCHAIN_PASSWORD" "$KEYCHAIN_PATH"
+  release_arm64:
+    name: Release (arm64)
+    uses: ./.github/workflows/_release.yml
+    # Depend on both build_arm64 and build_x86_64, but only run if build_arm64
+    # was successful and a package was created. This ensure wait for all builds
+    # to complete before running any release jobs.
+    needs: [prepare, build_arm64, build_x86_64]
+    if: |
+      always() &&
+      needs.build_arm64.result == 'success' &&
+      needs.build_arm64.outputs.package_created &&
+      needs.build_x86_64.result != 'failure'
+    with:
+      builder_ref: ${{ needs.prepare.outputs.builder_sha }}
+      os: "macos-14" # Only macos-14 and later are ARM64.
+      plan_artifact: arm64-build-plan
+      dmg_artifact: arm64-dmg

-          # import certificate to keychain
-          security import "$CERTIFICATE_PATH" -P "$CERT_PASSWORD" -A \
-            -t cert -f pkcs12 -k "$KEYCHAIN_PATH"
-          security list-keychain -d user -s "$KEYCHAIN_PATH"
-        env:
-          CERT_BASE64: ${{ secrets.APPLE_DEVELOPER_CERTIFICATE_P12_BASE64 }}
-          CERT_PASSWORD: ${{ secrets.APPLE_DEVELOPER_CERTIFICATE_PASSWORD }}
-          KEYCHAIN_PASSWORD: ${{ secrets.KEYCHAIN_PASSWORD }}
-      - name: Sign, package and notarize build
-        run: >-
-          bin/emacs-builder package -v --plan build-plan.yml
-          --sign --remove-source-dir
-        env:
-          AC_USERNAME: ${{ secrets.AC_USERNAME }}
-          AC_PASSWORD: ${{ secrets.AC_PASSWORD }}
-          AC_PROVIDER: ${{ secrets.AC_PROVIDER }}
-          AC_SIGN_IDENTITY: ${{ secrets.AC_SIGN_IDENTITY }}
-      - name: Upload disk image artifacts
-        uses: actions/upload-artifact@v4
-        with:
-          name: ${{ inputs.artifact_prefix }}dmg
-          path: |
-            builds/*.dmg
-            builds/*.sha*
-          if-no-files-found: error
-      - name: Clean up keychain used for signing certificate
-        if: ${{ always() }}
-        run: |
-          security delete-keychain "$RUNNER_TEMP/app-signing.keychain-db"
+  # ----------------------------------------------------------------------------
+  # Trigger update casks workflow in homebrew tap
+  # ----------------------------------------------------------------------------
+
+  update_casks:
+    name: Update Casks
+    uses: ./.github/workflows/_update-casks.yml
+    # Depend on both release jobs, but only run if either of them was
+    # successful. This ensures we only run this job once all release jobs have
+    # been completed.
+    needs: [release_x86_64, release_arm64]
+    if: >-
+      always() &&
+      inputs.test_build_name == '' &&
+      contains(needs.*.result, 'success') &&
+      !contains(needs.*.result, 'failure')
+    secrets: inherit
--- a/.github/workflows/_build_emacs.yml
+++ b/.github/workflows/_build_emacs.yml
@@ -0,0 +1,240 @@
+---
+# Requires _prepare.yml re-usable workflow to have run.
+name: _build_emacs
+on:
+  workflow_call:
+    inputs:
+      builder_ref:
+        description: Git ref of build-emacs-for-macos to use
+        type: string
+        required: true
+      os:
+        description: GitHub Actions runner OS
+        type: string
+        required: false
+        default: "macos-13"
+      build_os:
+        description: Target OS to build for
+        type: string
+        required: false
+        default: "macos-13"
+      artifact_prefix:
+        description: Artifact prefix for build_os
+        type: string
+        required: false
+      git_ref:
+        description: Git ref to build
+        type: string
+        required: true
+      git_sha:
+        description: Override git SHA to build
+        type: string
+        required: false
+      build_args:
+        description: Custom arguments passed to build script
+        type: string
+        required: false
+      test_build_name:
+        description: "Test build name"
+        type: string
+        required: false
+      test_release_type:
+        description: "prerelease or draft"
+        type: string
+        required: false
+        default: "prerelease"
+    outputs:
+      package_created:
+        description: "Whether or not a package was created"
+        value: ${{ jobs.package.result == 'success' }}
+
+jobs:
+  plan:
+    runs-on: ${{ inputs.build_os }}
+    outputs:
+      check: ${{ steps.check.outputs.result }}
+    steps:
+      - name: Checkout build-emacs-for-macos repo
+        uses: actions/checkout@v4
+        with:
+          repository: jimeh/build-emacs-for-macos
+          ref: ${{ inputs.builder_ref }}
+      - name: Download pre-built emacs-builder artifact
+        uses: actions/download-artifact@v4
+        with:
+          name: emacs-builder-${{ runner.arch }}
+          path: bin
+      - name: Ensure emacs-builder is executable
+        run: chmod +x bin/emacs-builder
+      - uses: nixbuild/nix-quick-install-action@v29
+      - uses: nix-community/cache-nix-action@v5
+        with:
+          primary-key: nix-${{ runner.arch }}-${{ hashFiles('**/flake.*') }}
+      - name: Install dependencies
+        run: nix develop --command nix flake metadata
+      - name: Prepare plan test args
+        id: test_plan_args
+        if: inputs.test_build_name != ''
+        run: >-
+          echo "args=--test-build '${{ inputs.test_build_name }}' --test-release-type '${{ inputs.test_release_type }}'" >> "$GITHUB_OUTPUT"
+      - name: Set git SHA override
+        id: emacs_sha
+        if: inputs.git_sha != ''
+        run: >-
+          echo "sha=--sha '${{ inputs.git_sha }}'" >> "$GITHUB_OUTPUT"
+      - name: Plan build
+        run: >-
+          nix develop --command
+          bin/emacs-builder -l debug plan --output build-plan.yml
+          --output-dir '${{ github.workspace }}/builds'
+          ${{ steps.test_plan_args.outputs.args }}
+          ${{ steps.emacs_sha.outputs.sha }}
+          '${{ inputs.git_ref }}'
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+      - name: Show plan
+        run: cat build-plan.yml
+      - name: Upload build-plan artifact
+        uses: actions/upload-artifact@v4
+        with:
+          name: ${{ inputs.artifact_prefix }}build-plan
+          path: build-plan.yml
+          if-no-files-found: error
+      - name: Check if planned release and asset already exist
+        id: check
+        continue-on-error: true
+        run: |
+          echo "result=$((bin/emacs-builder -l debug release --plan build-plan.yml check && echo 'ok') || echo 'fail')" >> "$GITHUB_OUTPUT"
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+      - run: echo 'Planned release already seems to exist.'
+        if: steps.check.outputs.result == 'ok'
+
+  build:
+    runs-on: ${{ inputs.build_os }}
+    needs: [plan]
+    # Only run if check for existing release and asset failed.
+    if: needs.plan.outputs.check == 'fail'
+    steps:
+      - name: Checkout build-emacs-for-macos repo
+        uses: actions/checkout@v4
+        with:
+          repository: jimeh/build-emacs-for-macos
+          ref: ${{ inputs.builder_ref }}
+          path: builder
+      - uses: nixbuild/nix-quick-install-action@v29
+      - uses: nix-community/cache-nix-action@v5
+        with:
+          primary-key: nix-${{ runner.arch }}-${{ hashFiles('**/flake.*') }}
+      - name: Download build-plan artifact
+        uses: actions/download-artifact@v4
+        with:
+          name: ${{ inputs.artifact_prefix }}build-plan
+          path: ./builder/
+      - name: Install dependencies
+        run: nix develop --command nix flake metadata
+        working-directory: builder
+      - name: Install Ruby dependencies
+        run: >-
+          nix develop --command make bootstrap-ruby
+        working-directory: builder
+        env:
+          BUNDLE_WITHOUT: "development"
+      - name: Build Emacs
+        run: >-
+          nix develop
+          --command ./build-emacs-for-macos
+          --log-level debug
+          --plan build-plan.yml
+          --native-full-aot
+          --no-self-sign
+          ${{ inputs.build_args }}
+        working-directory: builder
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+      - name: Upload unsigned app artifact
+        uses: actions/upload-artifact@v4
+        with:
+          name: ${{ inputs.artifact_prefix }}unsigned-app
+          path: builds/*.tbz
+          if-no-files-found: error
+      - name: Upload Emacs source artifact
+        uses: actions/upload-artifact@v4
+        with:
+          name: ${{ inputs.artifact_prefix }}emacs-source
+          path: builder/tarballs/*.tgz
+
+  package:
+    runs-on: ${{ inputs.os }}
+    needs: [plan, build]
+    steps:
+      - name: Download pre-built emacs-builder artifact
+        uses: actions/download-artifact@v4
+        with:
+          name: emacs-builder-${{ runner.arch }}
+          path: bin
+      - name: Ensure emacs-builder is executable
+        run: chmod +x bin/emacs-builder
+      - uses: actions/setup-python@v5
+        with:
+          python-version: "3.11"
+      - name: Install dmgbuild
+        run: |
+          $(command -v pip3 || command -v pip) install --upgrade dmgbuild
+      - name: Download build-plan artifact
+        uses: actions/download-artifact@v4
+        with:
+          name: ${{ inputs.artifact_prefix }}build-plan
+          path: ./
+      - name: Download unsigned app artifact
+        uses: actions/download-artifact@v4
+        with:
+          name: ${{ inputs.artifact_prefix }}unsigned-app
+          path: builds
+      - name: Extract unsigned app archive
+        run: |
+          find * -name '*.tbz' -exec tar xvjf "{}" \;
+        working-directory: builds
+      - name: Install the Apple signing certificate
+        run: |
+          # create variables
+          CERTIFICATE_PATH="$RUNNER_TEMP/build_certificate.p12"
+          KEYCHAIN_PATH="$RUNNER_TEMP/app-signing.keychain-db"
+
+          # import certificate and provisioning profile from secrets
+          echo -n "$CERT_BASE64" | base64 --decode > "$CERTIFICATE_PATH"
+
+          # create temporary keychain
+          security create-keychain -p "$KEYCHAIN_PASSWORD" "$KEYCHAIN_PATH"
+          security set-keychain-settings -lut 21600 "$KEYCHAIN_PATH"
+          security unlock-keychain -p "$KEYCHAIN_PASSWORD" "$KEYCHAIN_PATH"
+
+          # import certificate to keychain
+          security import "$CERTIFICATE_PATH" -P "$CERT_PASSWORD" -A \
+            -t cert -f pkcs12 -k "$KEYCHAIN_PATH"
+          security list-keychain -d user -s "$KEYCHAIN_PATH"
+        env:
+          CERT_BASE64: ${{ secrets.APPLE_DEVELOPER_CERTIFICATE_P12_BASE64 }}
+          CERT_PASSWORD: ${{ secrets.APPLE_DEVELOPER_CERTIFICATE_PASSWORD }}
+          KEYCHAIN_PASSWORD: ${{ secrets.KEYCHAIN_PASSWORD }}
+      - name: Sign, package and notarize build
+        run: >-
+          bin/emacs-builder package -v --plan build-plan.yml
+          --sign --remove-source-dir
+        env:
+          AC_USERNAME: ${{ secrets.AC_USERNAME }}
+          AC_PASSWORD: ${{ secrets.AC_PASSWORD }}
+          AC_PROVIDER: ${{ secrets.AC_PROVIDER }}
+          AC_SIGN_IDENTITY: ${{ secrets.AC_SIGN_IDENTITY }}
+      - name: Upload disk image artifacts
+        uses: actions/upload-artifact@v4
+        with:
+          name: ${{ inputs.artifact_prefix }}dmg
+          path: |
+            builds/*.dmg
+            builds/*.sha*
+          if-no-files-found: error
+      - name: Clean up keychain used for signing certificate
+        if: always()
+        run: |
+          security delete-keychain "$RUNNER_TEMP/app-signing.keychain-db"
--- a/.github/workflows/_prepare.yml
+++ b/.github/workflows/_prepare.yml
@@ -3,24 +3,20 @@ name: _prepare
 on:
  workflow_call:
    inputs:
-      os:
-        description: GitHub Actions runner OS
-        type: string
-        required: false
-        default: "macos-12"
      builder_ref:
        description: Git ref to checkout of build-emacs-for-macos
-        required: false
-        type: string
-        default: "v0.6.48"
-    secrets:
-      TAP_REPO_TOKEN:
-        description: Personal Access Token for Homebrew Tap repo
        required: true
+        type: string
+    outputs:
+      builder_sha:
+        description: Git SHA of build-emacs-for-macos at builder_ref
+        value: ${{ jobs.builder-sha.outputs.sha }}

 jobs:
-  emacs-builder:
-    runs-on: ${{ inputs.os }}
+  builder-sha:
+    runs-on: "macos-13"
+    outputs:
+      sha: ${{ steps.builder_sha.outputs.sha }}
    steps:
      - name: Checkout build-emacs-for-macos repo
        uses: actions/checkout@v4
@@ -28,22 +24,57 @@ jobs:
          repository: jimeh/build-emacs-for-macos
          ref: ${{ inputs.builder_ref }}
      - name: Store builder Git SHA
+        id: builder_sha
        run: |
-          git rev-parse HEAD > emacs-builder-git-sha.txt
+          BUILDER_SHA="$(git rev-parse HEAD)"
+          echo "$BUILDER_SHA" > build-emacs-for-macos-git-sha.txt
+          echo "sha=$BUILDER_SHA" >> $GITHUB_OUTPUT
+          echo "Builder ref ${{ inputs.builder_ref }} resolved to" \
+               "commit SHA: $BUILDER_SHA"
      - name: Upload builder git SHA artifact
        uses: actions/upload-artifact@v4
        with:
-          name: emacs-builder-git-sha
-          path: emacs-builder-git-sha.txt
+          name: build-emacs-for-macos-git-sha
+          path: build-emacs-for-macos-git-sha.txt
          if-no-files-found: error
-      - uses: actions/setup-go@v5
+
+  emacs-builder:
+    needs: [builder-sha]
+    strategy:
+      matrix:
+        os:
+          - macos-13 # Only macos-13 and earlier are x86_64.
+          - macos-14 # Only macos-14 and later are ARM64.
+    runs-on: ${{ matrix.os }}
+    steps:
+      - name: Cache emacs-builder (${{ runner.arch }})
+        id: cache
+        uses: actions/cache@v4
        with:
-          go-version: "1.21"
+          path: bin/emacs-builder
+          key: emacs-builder-${{ runner.arch }}-${{ needs.builder-sha.outputs.sha }}-bin
+      - name: Checkout build-emacs-for-macos repo
+        if: steps.cache.outputs.cache-hit != 'true'
+        uses: actions/checkout@v4
+        with:
+          repository: jimeh/build-emacs-for-macos
+          ref: ${{ inputs.builder_ref }}
+          fetch-depth: 0
+      - name: Setup Go
+        if: steps.cache.outputs.cache-hit != 'true'
+        uses: actions/setup-go@v5
+        with:
+          go-version: "1.23"
      - name: Build emacs-builder tool
+        if: steps.cache.outputs.cache-hit != 'true'
        run: make build
+      - name: Ensure emacs-builder is executable
+        if: steps.cache.outputs.cache-hit != 'true'
+        run: chmod +x bin/emacs-builder
+      - run: bin/emacs-builder --version
      - name: Upload emacs-builder artifact
        uses: actions/upload-artifact@v4
        with:
-          name: emacs-builder
+          name: emacs-builder-${{ runner.arch }}
          path: bin/emacs-builder
          if-no-files-found: error
--- a/.github/workflows/_release.yml
+++ b/.github/workflows/_release.yml
@@ -1,14 +1,21 @@
 ---
 # Requires _prepare.yml and _build.yml re-usable workflows to have run.
 name: _release
+concurrency:
+  group: _release
+  cancel-in-progress: false
 on:
  workflow_call:
    inputs:
+      builder_ref:
+        description: Git ref of build-emacs-for-macos to use
+        type: string
+        required: true
      os:
        description: GitHub Actions runner OS
        type: string
        required: false
-        default: "macos-12"
+        default: "macos-13"
      plan_artifact:
        description: Name of artifact containing a emacs-builder plan yaml file
        type: string
@@ -17,19 +24,6 @@ on:
        description: Name of artifact containing a *.dmg files to release
        type: string
        required: true
-      test_build_name:
-        description: "Test build name"
-        type: string
-        required: false
-      update_casks:
-        description: "Update casks in homebrew tap?"
-        type: boolean
-        required: true
-        default: true
-    secrets:
-      TAP_REPO_TOKEN:
-        description: Personal Access Token for Homebrew Tap repo
-        required: true

 jobs:
  github:
@@ -38,7 +32,7 @@ jobs:
      - name: Download pre-built emacs-builder artifact
        uses: actions/download-artifact@v4
        with:
-          name: emacs-builder
+          name: emacs-builder-${{ runner.arch }}
          path: bin
      - name: Ensure emacs-builder is executable
        run: chmod +x bin/emacs-builder
@@ -55,20 +49,11 @@ jobs:
          name: ${{ inputs.dmg_artifact }}
          path: builds
      - name: Publish disk images to a GitHub Release
-        if: ${{ steps.dmg.outputs.result != 'fail' }}
+        if: steps.dmg.outputs.result != 'fail'
        run: >-
          bin/emacs-builder -l debug release --plan build-plan.yml publish
          $(find builds -name '*.dmg' -or -name '*.sha256')
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-      - name: Trigger update casks workflow in homebrew tap
-        if: >-
-          steps.dmg.outputs.result != 'fail' &&
-          inputs.test_build_name == '' &&
-          inputs.update_casks
-        run: >-
-          gh workflow run --repo jimeh/homebrew-emacs-builds update-casks.yml
-        env:
-          GITHUB_TOKEN: ${{ secrets.TAP_REPO_TOKEN }}
      - run: echo 'No DMG artifact available, was there a new commit to build?'
-        if: ${{ steps.dmg.outputs.result == 'fail' }}
+        if: steps.dmg.outputs.result == 'fail'
--- a/.github/workflows/_update-casks.yml
+++ b/.github/workflows/_update-casks.yml
@@ -0,0 +1,23 @@
+---
+name: _update-casks
+concurrency:
+  group: _update-casks
+  cancel-in-progress: false
+on:
+  workflow_call:
+    inputs:
+      os:
+        description: GitHub Actions runner OS
+        type: string
+        required: false
+        default: "ubuntu-latest"
+
+jobs:
+  emacs-builds:
+    runs-on: ${{ inputs.os }}
+    steps:
+      - name: Trigger update casks workflow in homebrew tap
+        run: >-
+          gh workflow run --repo jimeh/homebrew-emacs-builds update-casks.yml
+        env:
+          GITHUB_TOKEN: ${{ secrets.TAP_REPO_TOKEN }}
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -13,15 +13,11 @@ on:
      builder_ref:
        description: "Git ref to checkout of build-emacs-for-macos"
        required: true
-        default: "v0.6.48"
+        default: "v0.6.52"
      builder_args:
        description: Custom arguments passed to build script
        required: false
        default: ""
-      os:
-        description: 'Runner OS ("macos-12", "macos-13", or "macos-latest")'
-        required: true
-        default: "macos-12"
      test_build_name:
        description: "Test build name"
        required: false
@@ -38,99 +34,20 @@ on:
      arm64:
        description: "Build arm64 version of Emacs"
        required: false
-        default: false
+        default: true
        type: boolean

 jobs:
-  prepare:
-    name: Prepare
-    uses: ./.github/workflows/_prepare.yml
-    with:
-      os: ${{ github.event.inputs.os }}
-      builder_ref: ${{ github.event.inputs.builder_ref }}
-    secrets:
-      TAP_REPO_TOKEN: ${{ secrets.TAP_REPO_TOKEN }}
-
-  # ----------------------------------------------------------------------------
-  # Build x86_64 version of Emacs
-  # ----------------------------------------------------------------------------
-
-  build_x86_64:
-    name: Build (x86_64)
-    if: ${{ github.event.inputs.x86_64 == 'true' }}
+  build:
+    name: Build
    uses: ./.github/workflows/_build.yml
-    needs: [prepare]
    with:
-      os: ${{ github.event.inputs.os }}
-      build_os: "macos-12"
-      artifact_prefix: "x86_64-"
-      git_ref: ${{ github.event.inputs.git_ref }}
-      git_sha: ${{ github.event.inputs.git_sha }}
-      build_args: ${{ github.event.inputs.builder_args }}
-      test_build_name: ${{ github.event.inputs.test_build_name }}
-      test_release_type: ${{ github.event.inputs.test_release_type }}
-    secrets:
-      APPLE_DEVELOPER_CERTIFICATE_P12_BASE64: ${{ secrets.APPLE_DEVELOPER_CERTIFICATE_P12_BASE64 }}
-      APPLE_DEVELOPER_CERTIFICATE_PASSWORD: ${{ secrets.APPLE_DEVELOPER_CERTIFICATE_PASSWORD }}
-      KEYCHAIN_PASSWORD: ${{ secrets.KEYCHAIN_PASSWORD }}
-      AC_USERNAME: ${{ secrets.AC_USERNAME }}
-      AC_PASSWORD: ${{ secrets.AC_PASSWORD }}
-      AC_PROVIDER: ${{ secrets.AC_PROVIDER }}
-      AC_SIGN_IDENTITY: ${{ secrets.AC_SIGN_IDENTITY }}
-      TAP_REPO_TOKEN: ${{ secrets.TAP_REPO_TOKEN }}
-
-  release_x86_64:
-    name: Release (x86_64)
-    uses: ./.github/workflows/_release.yml
-    needs: [build_x86_64]
-    if: ${{ needs.build_x86_64.outputs.package_created }}
-    with:
-      os: ${{ github.event.inputs.os }}
-      plan_artifact: x86_64-build-plan
-      dmg_artifact: x86_64-dmg
-      test_build_name: ${{ github.event.inputs.test_build_name }}
-      update_casks: true
-    secrets:
-      TAP_REPO_TOKEN: ${{ secrets.TAP_REPO_TOKEN }}
-
-  # ----------------------------------------------------------------------------
-  # Build arm64 version of Emacs
-  # ----------------------------------------------------------------------------
-
-  build_arm64:
-    name: Build (arm64)
-    if: ${{ github.event.inputs.arm64 == 'true' }}
-    uses: ./.github/workflows/_build.yml
-    needs: [prepare]
-    with:
-      os: ${{ github.event.inputs.os }}
-      build_os: "macos-13-xlarge" # Only macos-13-xlarge has arm64 support.
-      artifact_prefix: "arm64-"
-      git_ref: ${{ github.event.inputs.git_ref }}
-      git_sha: ${{ github.event.inputs.git_sha }}
-      build_args: ${{ github.event.inputs.builder_args }}
-      test_build_name: ${{ github.event.inputs.test_build_name }}
-      test_release_type: ${{ github.event.inputs.test_release_type }}
-    secrets:
-      APPLE_DEVELOPER_CERTIFICATE_P12_BASE64: ${{ secrets.APPLE_DEVELOPER_CERTIFICATE_P12_BASE64 }}
-      APPLE_DEVELOPER_CERTIFICATE_PASSWORD: ${{ secrets.APPLE_DEVELOPER_CERTIFICATE_PASSWORD }}
-      KEYCHAIN_PASSWORD: ${{ secrets.KEYCHAIN_PASSWORD }}
-      AC_USERNAME: ${{ secrets.AC_USERNAME }}
-      AC_PASSWORD: ${{ secrets.AC_PASSWORD }}
-      AC_PROVIDER: ${{ secrets.AC_PROVIDER }}
-      AC_SIGN_IDENTITY: ${{ secrets.AC_SIGN_IDENTITY }}
-      TAP_REPO_TOKEN: ${{ secrets.TAP_REPO_TOKEN }}
-
-  release_arm64:
-    name: Release (arm64)
-    uses: ./.github/workflows/_release.yml
-    needs: [build_arm64]
-    if: ${{ needs.build_arm64.outputs.package_created }}
-    with:
-      os: ${{ github.event.inputs.os }}
-      plan_artifact: arm64-build-plan
-      dmg_artifact: arm64-dmg
-      test_build_name: ${{ github.event.inputs.test_build_name }}
-      update_casks: false
-    secrets:
-      TAP_REPO_TOKEN: ${{ secrets.TAP_REPO_TOKEN }}
+      git_ref: ${{ inputs.git_ref }}
+      git_sha: ${{ inputs.git_sha }}
+      builder_ref: ${{ inputs.builder_ref }}
+      builder_args: ${{ inputs.builder_args }}
+      test_build_name: ${{ inputs.test_build_name }}
+      test_release_type: ${{ inputs.test_release_type }}
+      x86_64: ${{ inputs.x86_64 }}
+      arm64: ${{ inputs.arm64 }}
+    secrets: inherit
--- a/.github/workflows/nightly-master.yml
+++ b/.github/workflows/nightly-master.yml
@@ -2,95 +2,35 @@
 name: Nightly (master)
 on:
  schedule:
-    - cron: "0 23 1 * *"
-    - cron: "0 23 2-31 * *"
+    - cron: "0 23 * * *"
  workflow_dispatch:
    inputs:
      git_sha:
        description: Override Emacs git commit SHA to build
        required: false
-      arm64:
-        description: "Build arm64 version of Emacs?"
+      builder_ref:
+        description: "Git ref to checkout of build-emacs-for-macos"
+        required: true
+        default: "v0.6.52"
+      x86_64:
+        description: "Build x86_64 version of Emacs"
        required: false
-        default: false
+        default: true
+        type: boolean
+      arm64:
+        description: "Build arm64 version of Emacs"
+        required: false
+        default: true
        type: boolean

 jobs:
-  prepare:
-    name: Prepare
-    uses: ./.github/workflows/_prepare.yml
-    secrets:
-      TAP_REPO_TOKEN: ${{ secrets.TAP_REPO_TOKEN }}
-
-  # ----------------------------------------------------------------------------
-  # Build x86_64 version of Emacs
-  # ----------------------------------------------------------------------------
-
-  build_x86_64:
-    name: Build (x86_64)
+  build:
+    name: Build
    uses: ./.github/workflows/_build.yml
-    needs: [prepare]
    with:
-      build_os: "macos-12"
-      artifact_prefix: "x86_64-"
      git_ref: "master"
-      git_sha: ${{ github.event.inputs.git_sha }}
-    secrets:
-      APPLE_DEVELOPER_CERTIFICATE_P12_BASE64: ${{ secrets.APPLE_DEVELOPER_CERTIFICATE_P12_BASE64 }}
-      APPLE_DEVELOPER_CERTIFICATE_PASSWORD: ${{ secrets.APPLE_DEVELOPER_CERTIFICATE_PASSWORD }}
-      KEYCHAIN_PASSWORD: ${{ secrets.KEYCHAIN_PASSWORD }}
-      AC_USERNAME: ${{ secrets.AC_USERNAME }}
-      AC_PASSWORD: ${{ secrets.AC_PASSWORD }}
-      AC_PROVIDER: ${{ secrets.AC_PROVIDER }}
-      AC_SIGN_IDENTITY: ${{ secrets.AC_SIGN_IDENTITY }}
-      TAP_REPO_TOKEN: ${{ secrets.TAP_REPO_TOKEN }}
-
-  release_x86_64:
-    name: Release (x86_64)
-    uses: ./.github/workflows/_release.yml
-    needs: [build_x86_64]
-    if: ${{ needs.build_x86_64.outputs.package_created }}
-    with:
-      plan_artifact: x86_64-build-plan
-      dmg_artifact: x86_64-dmg
-      update_casks: true
-    secrets:
-      TAP_REPO_TOKEN: ${{ secrets.TAP_REPO_TOKEN }}
-
-  # ----------------------------------------------------------------------------
-  # Build arm64 version of Emacs
-  # ----------------------------------------------------------------------------
-
-  build_arm64:
-    name: Build (arm64)
-    if: >-
-      github.event.inputs.arm64 == 'true' ||
-      github.event.schedule == '0 23 1 * *'
-    uses: ./.github/workflows/_build.yml
-    needs: [prepare]
-    with:
-      build_os: "macos-13-xlarge" # Only macos-13-xlarge has arm64 support.
-      artifact_prefix: "arm64-"
-      git_ref: "master"
-      git_sha: ${{ github.event.inputs.git_sha }}
-    secrets:
-      APPLE_DEVELOPER_CERTIFICATE_P12_BASE64: ${{ secrets.APPLE_DEVELOPER_CERTIFICATE_P12_BASE64 }}
-      APPLE_DEVELOPER_CERTIFICATE_PASSWORD: ${{ secrets.APPLE_DEVELOPER_CERTIFICATE_PASSWORD }}
-      KEYCHAIN_PASSWORD: ${{ secrets.KEYCHAIN_PASSWORD }}
-      AC_USERNAME: ${{ secrets.AC_USERNAME }}
-      AC_PASSWORD: ${{ secrets.AC_PASSWORD }}
-      AC_PROVIDER: ${{ secrets.AC_PROVIDER }}
-      AC_SIGN_IDENTITY: ${{ secrets.AC_SIGN_IDENTITY }}
-      TAP_REPO_TOKEN: ${{ secrets.TAP_REPO_TOKEN }}
-
-  release_arm64:
-    name: Release (arm64)
-    uses: ./.github/workflows/_release.yml
-    needs: [build_arm64]
-    if: ${{ needs.build_arm64.outputs.package_created }}
-    with:
-      plan_artifact: arm64-build-plan
-      dmg_artifact: arm64-dmg
-      update_casks: false
-    secrets:
-      TAP_REPO_TOKEN: ${{ secrets.TAP_REPO_TOKEN }}
+      git_sha: ${{ inputs.git_sha }}
+      builder_ref: ${{ inputs.builder_ref }}
+      x86_64: ${{ inputs.x86_64 }}
+      arm64: ${{ inputs.arm64 }}
+    secrets: inherit
--- a/.github/workflows/update-metadata.yml
+++ b/.github/workflows/update-metadata.yml
@@ -11,12 +11,12 @@ jobs:
    runs-on: ubuntu-latest
    steps:
      - name: Checkout meta branch
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
        with:
          ref: meta
      - uses: actions/setup-go@v5
        with:
-          go-version: "1.21"
+          go-version: "1.23"
      - name: update total downloads shield JSON
        run: >-
          go run . badges downloads
@@ -25,7 +25,7 @@ jobs:
        env:
          GITHUB_TOKEN: ${{ github.token }}
      - name: commit and push changes to meta branch
-        uses: stefanzweifel/git-auto-commit-action@v4
+        uses: stefanzweifel/git-auto-commit-action@v5
        with:
          commit_message: "chore(meta): update metadata files"
          commit_user_name: github-actions[bot]
Author	SHA1	Message	Date
Jim Myhrberg	6ef0736067	Merge pull request #41 from jimeh/improve-multi-arch-builds feat(builds): improve build speeds and use free arm64 runners	2024-12-01 01:44:06 +00:00
Jim Myhrberg	d52095babb	feat(builds): improve build speeds and use free arm64 runners Improves a few things: - Use the free macos-14 runners for arm64 builds. They are not as fast the macos-13-xlarge runners used before, but they are free for public repositories, meaning we can start doing nightly arm64 builds. - Use different nix install and cache actions which are faster, and uses a single action cache key, which avoids cache rate limit errors which was slowing down cache create/restore times. - Generally refactor and tidy up various bits and pieces in workflows.	2024-12-01 01:42:50 +00:00
Jim Myhrberg	bc0082e4a8	Merge pull request #39 from jimeh/use-nix feat(build/deps): switch from Homebrew to Nix for build dependencies	2024-11-30 18:11:24 +00:00
Jim Myhrberg	099c10776a	refactor(build): avoid release publishing race conditions Only run release jobs after all build jobs have completed, ensure only one release job runs at a time, and also ensure update casks only runs once after all release jobs have completed.	2024-11-25 02:50:28 +00:00
Jim Myhrberg	e0c0d92424	feat(build/deps): switch from Homebrew to Nix for build dependencies	2024-11-25 02:50:27 +00:00