-
Notifications
You must be signed in to change notification settings - Fork 248
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Added Windows & macOS Codesigning to Snapshot Build (#258)
* Added Windows & macOS Codesigning & notarization to Snapshot Build Co-Authored-By: Nazar Mokrynskyi <[email protected]>
- Loading branch information
Showing
2 changed files
with
80 additions
and
22 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -49,17 +49,17 @@ jobs: | |
- name: Generate testnet chain specifications | ||
run: | | ||
docker run --rm -u root ${{ steps.build.outputs.digest }} build-spec --chain testnet > chain-spec.json | ||
docker run --rm -u root ${{ steps.build.outputs.digest }} build-spec --chain testnet --raw > chain-spec-raw.json | ||
docker run --rm -u root ${{ steps.build.outputs.digest }} build-spec --chain testnet > chain-spec-${{ github.ref_name }}.json | ||
docker run --rm -u root ${{ steps.build.outputs.digest }} build-spec --chain testnet --raw > chain-spec-raw-${{ github.ref_name }}.json | ||
if: matrix.image == 'node' | ||
|
||
- name: Upload testnet chain specifications to artifacts | ||
uses: actions/upload-artifact@v2 | ||
with: | ||
name: chain-specifications | ||
path: | | ||
chain-spec.json | ||
chain-spec-raw.json | ||
chain-spec-${{ github.ref_name }}.json | ||
chain-spec-raw-${{ github.ref_name }}.json | ||
if-no-files-found: error | ||
if: matrix.image == 'node' | ||
|
||
|
@@ -68,7 +68,7 @@ jobs: | |
env: | ||
GITHUB_TOKEN: ${{ github.token }} | ||
with: | ||
asset_paths: '["chain-spec.json", "chain-spec-raw.json"]' | ||
asset_paths: '["chain-spec-${{ github.ref_name }}.json", "chain-spec-raw-${{ github.ref_name }}.json"]' | ||
if: matrix.image == 'node' | ||
|
||
executables: | ||
|
@@ -77,13 +77,15 @@ jobs: | |
|
||
strategy: | ||
matrix: | ||
os: | ||
- ubuntu-20.04 | ||
- macos-11 | ||
- windows-2019 | ||
- windows-2022 | ||
build: | ||
- os: ubuntu-20.04 | ||
suffix: ubuntu-x86_64-${{ github.ref_name }} | ||
- os: macos-11 | ||
suffix: macos-x86_64-${{ github.ref_name }} | ||
- os: windows-2022 | ||
suffix: windows-x86_64-${{ github.ref_name }} | ||
|
||
runs-on: ${{ matrix.os }} | ||
runs-on: ${{ matrix.build.os }} | ||
|
||
steps: | ||
- name: Checkout | ||
|
@@ -94,14 +96,24 @@ jobs: | |
uses: ilammy/msvc-dev-cmd@v1 | ||
with: | ||
toolset: 14.29 | ||
if: matrix.os == 'windows-2022' | ||
if: matrix.build.os == 'windows-2022' | ||
|
||
- name: Download testnet chain specifications from artifacts | ||
uses: actions/download-artifact@v2 | ||
with: | ||
name: chain-specifications | ||
path: . | ||
|
||
- name: Rename chain spec file (Linux or macOS) | ||
run: | | ||
mv chain-spec-${{ github.ref_name }}.json chain-spec.json | ||
if: runner.os == 'Linux' || runner.os == 'macOS' | ||
|
||
- name: Rename chain spec file (Windows) | ||
run: | | ||
move chain-spec-${{ github.ref_name }}.json chain-spec.json | ||
if: runner.os == 'Windows' | ||
|
||
- name: Rust toolchain | ||
uses: actions-rs/toolchain@v1 | ||
# TODO: Below can be removed when https://github.com/actions-rs/toolchain/issues/126 is resolved | ||
|
@@ -123,28 +135,76 @@ jobs: | |
uses: actions-rs/cargo@v1 | ||
with: | ||
command: build | ||
args: --profile production --bins --features=subspace-node/json-chain-spec,subspace-farmer/cuda | ||
args: --profile production --bin subspace-node --bin subspace-farmer --features=subspace-node/json-chain-spec,subspace-farmer/cuda | ||
if: runner.os == 'Linux' || runner.os == 'Windows' | ||
|
||
- name: Build (macOS without CUDA) | ||
uses: actions-rs/cargo@v1 | ||
with: | ||
command: build | ||
args: --profile production --bins --features=subspace-node/json-chain-spec | ||
args: --profile production --bin subspace-node --bin subspace-farmer --features=subspace-node/json-chain-spec | ||
if: runner.os == 'macOS' | ||
|
||
- name: Prepare executables for uploading (Linux or macOS) | ||
- name: Sign Application (macOS) | ||
run: | | ||
echo "Importing certificate" | ||
echo "${{ secrets.MACOS_CERTIFICATE }}" | base64 --decode > certificate.p12 | ||
security create-keychain -p "${{ secrets.MACOS_CERTIFICATE_PW }}" build.keychain | ||
security default-keychain -s build.keychain | ||
security unlock-keychain -p "${{ secrets.MACOS_CERTIFICATE_PW }}" build.keychain | ||
security import certificate.p12 -k build.keychain -P "${{ secrets.MACOS_CERTIFICATE_PW }}" -T /usr/bin/codesign | ||
security set-key-partition-list -S apple-tool:,apple:,codesign: -s -k "${{ secrets.MACOS_CERTIFICATE_PW }}" build.keychain | ||
echo "Signing farmer" | ||
codesign --force --options=runtime -s "${{ secrets.MACOS_IDENTITY }}" --timestamp target/production/subspace-farmer | ||
echo "Signing node" | ||
codesign --force --options=runtime -s "${{ secrets.MACOS_IDENTITY }}" --timestamp target/production/subspace-node | ||
echo "Creating an archive" | ||
mkdir target/production/macos-binaries | ||
cp target/production/subspace-farmer target/production/subspace-node target/production/macos-binaries | ||
ditto -c -k --rsrc target/production/macos-binaries subspace-binaries.zip | ||
echo "Notarizing" | ||
xcrun altool --notarize-app --primary-bundle-id binaries-${{ github.ref_name }} --username "${{ secrets.MACOS_APPLE_ID}}" --password "${{ secrets.MACOS_APP_PW }}" --file subspace-binaries.zip | ||
# TODO: Wait for notarization before stapling | ||
# echo "Stapling farmer" | ||
# xcrun stapler staple target/production/subspace-farmer | ||
# echo "Stapling node" | ||
# xcrun stapler staple target/production/subspace-node | ||
echo "Done!" | ||
if: runner.os == 'macOS' | ||
|
||
- name: Sign Application (Windows) | ||
uses: skymatic/[email protected] | ||
with: | ||
certificate: '${{ secrets.WINDOWS_CERTIFICATE }}' | ||
password: '${{ secrets.WINDOWS_CERTIFICATE_PW }}' | ||
certificatesha1: '00A427587B911908F59B6C42BA2863109C599C1C' | ||
folder: 'target/production' | ||
if: runner.os == 'Windows' | ||
|
||
- name: Prepare executables for uploading Linux | ||
run: | | ||
mkdir executables | ||
mv target/production/subspace-node executables/subspace-node-x86_64-${{ matrix.os }}-${{ github.ref_name }} | ||
mv target/production/subspace-farmer executables/subspace-farmer-x86_64-${{ matrix.os }}-${{ github.ref_name }} | ||
if: runner.os == 'Linux' || runner.os == 'macOS' | ||
mv target/production/subspace-farmer executables/subspace-farmer-${{ matrix.build.suffix }} | ||
mv target/production/subspace-node executables/subspace-node-${{ matrix.build.suffix }} | ||
if: runner.os == 'Linux' | ||
|
||
- name: Prepare executables for uploading macOS | ||
run: | | ||
mkdir executables | ||
mv target/production/subspace-farmer executables/subspace-farmer-${{ matrix.build.suffix }} | ||
mv target/production/subspace-node executables/subspace-node-${{ matrix.build.suffix }} | ||
# Zip it so that signature is not lost | ||
ditto -c -k --rsrc executables/subspace-farmer-${{ matrix.build.suffix }} executables/subspace-farmer-${{ matrix.build.suffix }}.zip | ||
ditto -c -k --rsrc executables/subspace-node-${{ matrix.build.suffix }} executables/subspace-node-${{ matrix.build.suffix }}.zip | ||
rm executables/subspace-farmer-${{ matrix.build.suffix }} | ||
rm executables/subspace-node-${{ matrix.build.suffix }} | ||
if: runner.os == 'macOS' | ||
|
||
- name: Prepare executables for uploading (Windows) | ||
run: | | ||
mkdir executables | ||
move target/production/subspace-node.exe executables/subspace-node-x86_64-${{ matrix.os }}-${{ github.ref_name }}.exe | ||
move target/production/subspace-farmer.exe executables/subspace-farmer-x86_64-${{ matrix.os }}-${{ github.ref_name }}.exe | ||
move target/production/subspace-farmer.exe executables/subspace-farmer-${{ matrix.build.suffix }}.exe | ||
move target/production/subspace-node.exe executables/subspace-node-${{ matrix.build.suffix }}.exe | ||
if: runner.os == 'Windows' | ||
|
||
- name: Upload node and farmer executables to assets | ||
|