Index: /trunk/.github/workflows/ant.yml =================================================================== --- /trunk/.github/workflows/ant.yml (revision 17486) +++ /trunk/.github/workflows/ant.yml (revision 17487) @@ -24,9 +24,10 @@ josm_revision: ${{ steps.create_revision.outputs.josm_revision }} josm_prerelease: ${{ steps.create_revision.outputs.josm_prerelease }} + josm_release_tag: ${{ steps.create_revision.outputs.josm_release_tag }} steps: - name: Checkout uses: actions/checkout@v2 with: - fetch-depth: 32 + fetch-depth: 256 - name: Set revision env variable id: create_revision @@ -35,15 +36,16 @@ josm_revision="$(git log -1 --grep 'git-svn-id: https://josm.openstreetmap.de/svn/trunk@' --pretty=format:%B | tail -1 | sed -n 's%git-svn-id: https://josm.openstreetmap.de/svn/trunk@\([0-9]*\) [-0-9a-f]*%\1%p')" if [[ "$josm_revision" == "$(curl --silent https://josm.openstreetmap.de/tested)" ]]; then - sed -i '/Is-Local-Build/d' resources/REVISION echo "josm_prerelease=false" >> $GITHUB_ENV echo "::set-output name=josm_prerelease::false" - echo "josm_release=$josm_revision-tested" >> $GITHUB_ENV + josm_release_tag=$josm_revision-tested else echo "josm_prerelease=true" >> $GITHUB_ENV echo "::set-output name=josm_prerelease::true" - echo "josm_release=$josm_revision" >> $GITHUB_ENV + josm_release_tag=$josm_revision fi echo "josm_revision=$josm_revision" >> $GITHUB_ENV echo "::set-output name=josm_revision::$josm_revision" + echo "josm_release_tag=$josm_release_tag" >> $GITHUB_ENV + echo "::set-output name=josm_release_tag::$josm_release_tag" - name: Create release id: create_release @@ -52,8 +54,8 @@ GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # This token is provided by Actions, you do not need to create your own token with: - tag_name: ${{ env.josm_release }} - release_name: JOSM.app release ${{ env.josm_release }} + tag_name: ${{ env.josm_release_tag }} + release_name: JOSM.app release ${{ env.josm_release_tag }} body: | - JOSM.app release ${{ env.josm_release }} + JOSM.app release ${{ env.josm_release_tag }} draft: false prerelease: ${{ env.josm_prerelease }} @@ -84,5 +86,5 @@ uses: actions/checkout@v2 with: - fetch-depth: 32 + fetch-depth: 256 - name: Cache uses: actions/cache@v2.0.0 @@ -120,4 +122,9 @@ defaults write net.pornel.ImageOptim PngOutEnabled 1 /Applications/ImageOptim.app/Contents/MacOS/ImageOptim resources/images + - name: Set Is-Local-Build + if: ${{ ! needs.createrelease.outputs.josm_prerelease }} + run: | + ant create-revision + sed -i.bak '/Is-Local-Build/d' resources/REVISION - name: Build with Ant # Disables errorprone for Java 16 @@ -130,9 +137,11 @@ fi - name: Upload jar - if: ${{ always() && matrix.headless }} + # Only run on matrix.headless to avoid double jars. They should be the same jars. + # uses `gh release upload` to avoid https://github.com/actions/upload-release-asset/issues/69 + if: ${{ always() && matrix.headless == 'true' }} id: upload-jar + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} uses: actions/upload-release-asset@v1 - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} with: upload_url: ${{ needs.createrelease.outputs.upload_url }} # This pulls from the CREATE RELEASE job above, referencing its ID to get its outputs object, which include a `upload_url`. @@ -140,4 +149,7 @@ asset_name: JOSM-${{ runner.os}}-java${{ matrix.java }}-${{ needs.createrelease.outputs.josm_revision }}.jar asset_content_type: application/java-archive + # run: | + # cp dist/josm-custom.jar JOSM-${{ runner.os}}-java${{ matrix.java }}-${{ needs.createrelease.outputs.josm_revision }}.jar + # gh release upload ${{ needs.createrelease.outputs.josm_release_tag }} JOSM-${{ runner.os}}-java${{ matrix.java }}-${{ needs.createrelease.outputs.josm_revision }}.jar - name: Test with Ant, headless ${{ matrix.headless }} if: ${{ needs.createrelease.outputs.josm_prerelease }} @@ -158,4 +170,16 @@ name: Ant reports for JOSM ${{ needs.createrelease.outputs.josm_revision }} on java ${{ matrix.java }} on ${{ matrix.os }} with headless=${{ matrix.headless }} path: test/report/*.txt + - name: Publish Test Report with junit-report-annotations-action + uses: ashley-taylor/junit-report-annotations-action@1.3 + if: always() + with: + access-token: ${{ secrets.GITHUB_TOKEN }} + path: 'test/report/TEST*.xml' + - name: Publish Test Report with action-junit-report + if: always() + uses: mikepenz/action-junit-report@v1 + with: + report_paths: 'test/report/TEST*.xml' + github_token: ${{ secrets.GITHUB_TOKEN }} - name: Build and package for macOS if: ${{ runner.os == 'macos' && always() }} Index: /trunk/.github/workflows/codeql-analysis.yml =================================================================== --- /trunk/.github/workflows/codeql-analysis.yml (revision 17487) +++ /trunk/.github/workflows/codeql-analysis.yml (revision 17487) @@ -0,0 +1,64 @@ +# For most projects, this workflow file will not need changing; you simply need +# to commit it to your repository. +# +# You may wish to alter this file to override the set of languages analyzed, +# or to provide custom queries or build logic. +# +# ******** NOTE ******** +# We have attempted to detect the languages in your repository. Please check +# the `language` matrix defined below to confirm you have the correct set of +# supported CodeQL languages. +# +name: "CodeQL" + +on: + push: + branches: [ master ] + pull_request: + # The branches below must be a subset of the branches above + branches: [ master ] + schedule: + - cron: '45 4 * * 1' + +jobs: + analyze: + name: Analyze + runs-on: ubuntu-latest + + strategy: + fail-fast: false + matrix: + language: [ 'java' ] + # CodeQL supports [ 'cpp', 'csharp', 'go', 'java', 'javascript', 'python' ] + # Learn more: + # https://docs.github.com/en/free-pro-team@latest/github/finding-security-vulnerabilities-and-errors-in-your-code/configuring-code-scanning#changing-the-languages-that-are-analyzed + + steps: + - name: Checkout repository + uses: actions/checkout@v2 + with: + fetch-depth: 256 + + # Initializes the CodeQL tools for scanning. + - name: Initialize CodeQL + uses: github/codeql-action/init@v1 + with: + languages: ${{ matrix.language }} + + # Autobuild attempts to build any compiled languages (C/C++, C#, or Java). + # If this step fails, then you should remove it and run the build manually (see below) + # - name: Autobuild + # uses: github/codeql-action/autobuild@v1 + + # ℹ️ Command-line programs to run using the OS shell. + # 📚 https://git.io/JvXDl + + # ✏️ If the Autobuild fails above, remove it and uncomment the following three lines + # and modify them (or add more) to build your code if your project + # uses a compiled language + - name: Build with Ant + run: | + ant + + - name: Perform CodeQL Analysis + uses: github/codeql-action/analyze@v1 Index: /trunk/native/macosx/macos-jpackage.sh =================================================================== --- /trunk/native/macosx/macos-jpackage.sh (revision 17486) +++ /trunk/native/macosx/macos-jpackage.sh (revision 17487) @@ -1,3 +1,9 @@ #!/bin/bash + +## Expected environment, passed from GitHub secrets: +# https://docs.github.com/en/free-pro-team@latest/actions/reference/encrypted-secrets +# APPLE_ID_PW Password for the Apple ID +# CERT_MACOS_P12 Certificate used for code signing, base64 encoded +# CERT_MACOS_PW Password for that certificate set -Eeou pipefail @@ -6,5 +12,5 @@ set +x -SIGNING_KEY_NAME="Developer ID Application: FOSSGIS e.V. (P8AAAGN2AM)" +APPLE_ID="thomas.skowron@fossgis.de" IMPORT_AND_UNLOCK_KEYCHAIN=${IMPORT_AND_UNLOCK_KEYCHAIN:-1} @@ -19,43 +25,40 @@ mkdir app -if [[ $IMPORT_AND_UNLOCK_KEYCHAIN == 1 ]]; then - if [ -z "$CERT_MACOS_P12" ] - then - echo "CERT_MACOS_P12 must be set in the environment. Won't sign app." - exit 1 - fi - - - if [ -z "$CERT_MACOS_PW" ] - then - echo "CERT_MACOS_P12 must be set in the environment. Won't sign app." - exit 1 - fi - +if [ -z "$CERT_MACOS_P12" ] || [ -z "$CERT_MACOS_PW" ] || [ -z "$APPLE_ID_PW" ] +then + echo "CERT_MACOS_P12, CERT_MACOS_PW and APPLE_ID_PW are not set in the environment." + echo "I will create a JOSM.app but I won't attempt to sign and notarize it." + SIGNAPP=false +else echo "Preparing certificates/keychain for signing…" KEYCHAIN=build.keychain KEYCHAINPATH=~/Library/Keychains/$KEYCHAIN-db - KEYCHAIN_PW=`head /dev/urandom | base64 | head -c 20` + KEYCHAIN_PW=$(head /dev/urandom | base64 | head -c 20) CERTIFICATE_P12=certificate.p12 - echo $CERT_MACOS_P12 | base64 --decode > $CERTIFICATE_P12 - security create-keychain -p $KEYCHAIN_PW $KEYCHAIN + echo "$CERT_MACOS_P12" | base64 --decode > $CERTIFICATE_P12 + security create-keychain -p "$KEYCHAIN_PW" $KEYCHAIN security default-keychain -s $KEYCHAIN - security unlock-keychain -p $KEYCHAIN_PW $KEYCHAIN - security import $CERTIFICATE_P12 -k $KEYCHAIN -P $CERT_MACOS_PW -T /usr/bin/codesign - security set-key-partition-list -S apple-tool:,apple: -s -k $KEYCHAIN_PW $KEYCHAIN + security unlock-keychain -p "$KEYCHAIN_PW" $KEYCHAIN + security import $CERTIFICATE_P12 -k $KEYCHAIN -P "$CERT_MACOS_PW" -T /usr/bin/codesign + security set-key-partition-list -S apple-tool:,apple: -s -k "$KEYCHAIN_PW" $KEYCHAIN rm $CERTIFICATE_P12 - + SIGNAPP=true echo "Signing preparation done." fi +if $SIGNAPP; then + JPACKAGEOPTIONS="--mac-sign --mac-signing-keychain $KEYCHAINPATH" +else + JPACKAGEOPTIONS="" +fi + echo "Building and signin app" - jpackage -n "JOSM" --input dist --main-jar josm-custom.jar \ + jpackage $JPACKAGEOPTIONS -n "JOSM" --input dist --main-jar josm-custom.jar \ --main-class org.openstreetmap.josm.gui.MainApplication \ --icon ./native/macosx/JOSM.icns --type app-image --dest app \ --java-options "-Xmx8192m" \ - --java-options "-Dapple.awt.application.appearance=system" \ - --app-version $1 \ + --app-version "$1" \ --copyright "JOSM, and all its integral parts, are released under the GNU General Public License v2 or later" \ --vendor "https://josm.openstreetmap.de" \ @@ -76,7 +79,9 @@ echo "Building done." -echo "Preparing for notarization" -ditto -c -k --zlibCompressionLevel 9 --keepParent app/JOSM.app app/JOSM.zip +if $SIGNAPP; then + echo "Preparing for notarization" + ditto -c -k --zlibCompressionLevel 9 --keepParent app/JOSM.app app/JOSM.zip -echo "Uploading to Apple" -xcrun altool --notarize-app -f app/JOSM.zip -p "$APPLE_ID_PW" -u "thomas.skowron@fossgis.de" --primary-bundle-id de.openstreetmap.josm + echo "Uploading to Apple" + xcrun altool --notarize-app -f app/JOSM.zip -p "$APPLE_ID_PW" -u "$APPLE_ID" --primary-bundle-id de.openstreetmap.josm +fi Index: /trunk/src/org/openstreetmap/josm/gui/MainApplication.java =================================================================== --- /trunk/src/org/openstreetmap/josm/gui/MainApplication.java (revision 17486) +++ /trunk/src/org/openstreetmap/josm/gui/MainApplication.java (revision 17487) @@ -7,4 +7,5 @@ import java.awt.AWTError; +import java.awt.Color; import java.awt.Container; import java.awt.Dimension; @@ -1042,4 +1043,14 @@ Logging.log(Logging.LEVEL_ERROR, null, e); } + } + // Workaround for JDK-8251377: JTabPanel active tab is unreadable in Big Sur, see #20075 + // os.version will return 10.16, or 11.0 depending on environment variable + // https://twitter.com/BriceDutheil/status/1330926649269956612 + else { + final String laf = UIManager.getLookAndFeel().getID(); + final String macOSVersion = getSystemProperty("os.version"); + if(PlatformManager.isPlatformOsx() && (laf.contains("Mac") || laf.contains("Aqua")) && (macOSVersion.startsWith("10.16") || macOSVersion.startsWith("11"))){ + UIManager.put("TabbedPane.foreground", Color.BLACK); + } } } Index: /trunk/src/org/openstreetmap/josm/tools/PlatformHookOsx.java =================================================================== --- /trunk/src/org/openstreetmap/josm/tools/PlatformHookOsx.java (revision 17486) +++ /trunk/src/org/openstreetmap/josm/tools/PlatformHookOsx.java (revision 17487) @@ -26,4 +26,5 @@ import java.util.List; import java.util.Objects; +import java.util.Optional; import java.util.concurrent.ExecutionException; @@ -31,4 +32,6 @@ import org.openstreetmap.josm.gui.MainApplication; import org.openstreetmap.josm.io.CertificateAmendment.NativeCertAmend; +import org.openstreetmap.josm.spi.preferences.Config; + /** @@ -81,6 +84,13 @@ } // setup the dock icon. It is automatically set with application bundle and Web start but we need - // to do it manually if run with `java -jar`` - eawtApplication.getDeclaredMethod("setDockIconImage", Image.class).invoke(appli, ImageProvider.get("logo").getImage()); + // to do it manually if run with `java -jar``. + eawtApplication.getDeclaredMethod("setDockIconImage", Image.class).invoke( + appli, + Optional.ofNullable( + new ImageProvider(Config.getUrls().getJOSMWebsite()+"/logo-macos.png").setOptional(true).get() + ).orElse( // Fall back to default icon + ImageProvider.get("logo")).getImage() + ); + // enable full screen enableOSXFullscreen(MainApplication.getMainFrame());