try to use this fork (https://github.com/darkvertex/gon/tree/deep_sig…

…n_support) to use deep notarization, since this is not yet merged mitchellh/gon#42
arduino · May 12, 2022 · c100575 · c100575
1 parent 45efee1
commit c100575
Show file tree

Hide file tree

Showing 2 changed files with 20 additions and 4 deletions.
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
@@ -9,8 +9,10 @@ env:
   AWS_PLUGIN_TARGET: /tools/
   # See: https://github.com/actions/setup-python/tree/v3#available-versions-of-python
   PYTHON_VERSION: "3.7"
+  GO_VERSION: "1.17"
   MCUBOOT_PATH: ${{ github.workspace }}/mcuboot
   IMGTOOL_PACKING_PATH: ${{ github.workspace }}/imgtool-packing
+  GON_PATH: ${{ github.workspace }}/gon
 
 on:
   push:
@@ -215,18 +217,31 @@ jobs:
             -k "${{ env.KEYCHAIN_PASSWORD }}" \
             "${{ env.KEYCHAIN }}"
 
+      - name: Install Go
+        uses: actions/setup-go@v3
+        with:
+          go-version: ${{ env.GO_VERSION }}
+
       - name: Install gon for code signing and app notarization
+        uses: actions/checkout@v3
+        with:
+          repository: darkvertex/gon #this fork has support for --deep notarization
+          path: ${{ env.GON_PATH }}
+          ref: deep_sign_support
+
+      - name: Build gon
+        working-directory: ${{ env.GON_PATH }}/cmd/gon/
         run: |
-          wget -q https://github.com/mitchellh/gon/releases/download/v0.2.3/gon_macos.zip
-          unzip gon_macos.zip -d /usr/local/bin
+          ls -lah
+          go build
+          mv gon /usr/local/bin
 
       - name: Sign and notarize binary
         env:
           AC_USERNAME: ${{ secrets.AC_USERNAME }}
           AC_PASSWORD: ${{ secrets.AC_PASSWORD }}
         run: |
-          # gon gon.config.hcl
-          codesign -s "Developer ID Application: ARDUINO SA (7KT7ZWMCJT)" -v --deep --force --timestamp --entitlements entitlements.plist -o runtime dist/imgtool_macOS_64bit/imgtool
+          gon gon.config.hcl
 
       - name: Re-package binary
         # This step performs the following:

diff --git a/gon.config.hcl b/gon.config.hcl
@@ -6,6 +6,7 @@ bundle_id = "cc.arduino.imgtool"
 sign {
   application_identity = "Developer ID Application: ARDUINO SA (7KT7ZWMCJT)"
   entitlements_file = "entitlements.plist"
+  deep = true
 }
 
 # Ask Gon for zip output to force notarization process to take place.