actions: remove add_lib hack and use contents_directory PyInstaller feature instead

.github/workflows/build.yml

@@ -529,32 +529,31 @@ jobs:
       - name: Build GAM with PyInstaller
         if: matrix.goal != 'test'
         run: |
-          if [[ "${staticx}" == "yes" ]]; then
-            export distpath="./dist/gam"
-            export gampath="${distpath}"
-          else
-            export distpath="./dist"
-            export gampath="${distpath}/gam"
-          fi
+          export distpath="./dist/gam"
+          export gampath="$distpath"
           mkdir -p -v "${gampath}"
           if [[ "${RUNNER_OS}" == "macOS" ]]; then
-            # brew OpenSSL gets picked up by PyInstaller breaking our self-compiled version
+            # Tell our gam.spec to use our code sign certificate
+            export codesign_identity="Jay Lee"
+            # brew OpenSSL gets picked up by PyInstaller
+            # breaking our self-compiled version
             brew uninstall --ignore-dependencies openssl
-            export gampath=$($PYTHON -c "import os; print(os.path.realpath('$gampath'))")
+            export PYINSTALLER_BUILD_ONEDIR=yes
+            export gampath=$($PYTHON -c "import os; print(os.path.realpath('${gampath}/gam'))")
           elif [[ "${RUNNER_OS}" == "Windows" ]]; then
             # Work around issue where PyInstaller picks up python3.dll from other Python versions
             # https://github.com/pyinstaller/pyinstaller/issues/7102
             export PATH="$(dirname ${PYTHON}):/usr/bin"
+            export PYINSTALLER_BUILD_ONEDIR=no
           else
             export gampath=$(realpath "${gampath}")
+            export PYINSTALLER_BUILD_ONEDIR=no
           fi
           export gam="${gampath}/gam"
           echo "gampath=${gampath}" >> $GITHUB_ENV
-          # TEMP force everything back to one file.
-          export PYINSTALLER_BUILD_ONEFILE="yes"
-          export distpath="./dist/gam"
-          export gampath="${distpath}"
           "${PYTHON}" -m PyInstaller --clean --noconfirm --distpath="${distpath}" gam.spec
+          echo "dist results:"
+          ls -alRF "$distpath"
           echo "WARNINGS FROM build/gam/warn-gam.txt"
           cat build/gam/warn-gam.txt
           echo "Analysis FROM build/gam/Analysis-00.toc"
@@ -578,12 +577,12 @@ jobs:
       - name: Copy extra package files
         if: matrix.goal == 'build'
         run: |
-          cp -v cacerts.pem $gampath
-          cp -v LICENSE $gampath
-          cp -v GamCommands.txt $gampath
-          cp -v GamUpdate.txt $gampath
+          cp -v cacerts.pem "$gampath"
+          cp -v LICENSE "$gampath"
+          cp -v GamCommands.txt "$gampath"
+          cp -v GamUpdate.txt "$gampath"
           if [[ "${RUNNER_OS}" == "Windows" ]]; then
-              cp -v gam-setup.bat $gampath
+              cp -v gam-setup.bat "$gampath"
           fi
 
       - name: Install StaticX
@@ -608,13 +607,6 @@ jobs:
           rm -v "$gam"
           mv -v "${gam}-staticx" "$gam"
 
-      - name: MacOS sign GAM binary
-        if: runner.os == 'macOS'
-        run: |
-          security find-identity -v signing_temp.keychain
-          codesign --force --deep --sign "Jay Lee" --options=runtime --entitlements "${GITHUB_WORKSPACE}/.github/actions/entitlements.plist" --timestamp "$gam"
-          codesign -dv --verbose=4 "$gam"
-
       - name: MacOS send GAM binary for Apple notarization
         if: runner.os == 'macOS'
         env:
@@ -623,8 +615,9 @@ jobs:
           # Apple wants some kind of "package" submitted so just add gam to a .zip
           # name it something we can track and link in Apple's notarize process
           zipfilename="./gam-${RUNNER_ARCH}-${GITHUB_RUN_ID}-${GITHUB_RUN_NUMBER}.zip"
-          zip "$zipfilename" "$gam"
+          zip -r "$zipfilename" "$gampath"
           xcrun notarytool submit --apple-id "jay0lee@gmail.com" --password "$ASP_NOTARIZE" --team-id GZ85H2DRLM "$zipfilename"
+          rm -v "$zipfilename"
 
       - name: Basic Tests all jobs
         id: basictests

src/add_lib.py

@@ -0,0 +1,12 @@
+import os
+import sys
+
+'''
+for onedir, add_lib.py allows moving many
+library files into a lib/ directory to make
+onedir cleaner. Thanks to:
+https://medium.com/@philipp.h/reduce-clutter-when-using-pyinstaller-in    -one-directory-mode-b631b9f7f89b
+'''
+
+sys.path.append(os.path.join(os.getcwd(), 'lib'))
+sys._MEIPASS=os.path.join(sys._MEIPASS, 'lib')

src/gam.spec

@@ -21,7 +21,7 @@ hiddenimports = [
      'gam.gamlib.yubikey',
      ]
 
-print(f"datas before analysis:\n{datas}")
+runtime_hooks = []
 a = Analysis(
     ['gam/__main__.py'],
     pathex=[],
@@ -30,7 +30,7 @@ a = Analysis(
     hiddenimports=hiddenimports,
     hookspath=[],
     hooksconfig={},
-    runtime_hooks=[],
+    runtime_hooks=runtime_hooks,
     excludes=[],
     win_no_prefer_redirects=False,
     win_private_assemblies=False,
@@ -48,12 +48,17 @@ pyz = PYZ(a.pure,
           cipher=None)
 # requires Python 3.10+ but no one should be compiling
 # GAM with older versions anyway
+target_arch = None
+codesign_identity = None
+entitlements_file = None
 match platform:
     case "darwin":
         if getenv('arch') == 'universal2':
             target_arch = "universal2"
-        else:
-            target_arch = None
+
+        codesign_identity = getenv('codesign_identity')
+        if codesign_identity:
+            entitlements_file = '../.github/actions/entitlements.plist'
         strip = True
     case "win32":
         target_arch = None
@@ -68,9 +73,38 @@ upx = False
 console = True
 disable_windowed_traceback = False
 argv_emulation = False
-codesign_identity = None
-entitlements_file = None
-if not getenv('PYINSTALLER_BUILD_ONEDIR') == 'yes':
+if getenv('PYINSTALLER_BUILD_ONEDIR') == 'yes':
+    # Build one directory
+    exe = EXE(
+              pyz,
+              a.scripts,
+              [],
+              exclude_binaries=True,
+              name=name,
+              debug=debug,
+              bootloader_ignore_signals=bootloader_ignore_signals,
+              strip=strip,
+              upx=upx,
+              console=console,
+              # put most everyting under a lib/ subfolder
+              contents_directory='lib',
+              disable_windowed_traceback=disable_windowed_traceback,
+              argv_emulation=argv_emulation,
+              target_arch=target_arch,
+              codesign_identity=codesign_identity,
+              entitlements_file=entitlements_file,
+              )
+    coll = COLLECT(
+        exe,
+        a.binaries,
+        a.zipfiles,
+        a.datas,
+        strip=strip,
+        upx=upx,
+        upx_exclude=[],
+        name=name,
+        )
+else:
     # Build one file
     exe = EXE(
               pyz,
@@ -91,32 +125,4 @@ if not getenv('PYINSTALLER_BUILD_ONEDIR') == 'yes':
               codesign_identity=codesign_identity,
               entitlements_file=entitlements_file,
               )
-else:
-    # Build one folder
-    exe = EXE(
-              pyz,
-              a.scripts,
-              [],
-              exclude_binaries=True,
-              name=name,
-              debug=debug,
-              bootloader_ignore_signals=bootloader_ignore_signals,
-              strip=strip,
-              upx=upx,
-              console=console,
-              disable_windowed_traceback=disable_windowed_traceback,
-              argv_emulation=argv_emulation,
-              target_arch=target_arch,
-              codesign_identity=codesign_identity,
-              entitlements_file=entitlements_file,
-              )
-    coll = COLLECT(
-        exe,
-        a.binaries,
-        a.zipfiles,
-        a.datas,
-        strip=strip,
-        upx=upx,
-        upx_exclude=[],
-        name=name,
-        )
+