Skip to content

Commit

Permalink
Merge pull request #6739 from brave/pr3725_issue_5177_0.71.x
Browse files Browse the repository at this point in the history
Add MacOS notarization (Uplift of #5485 to 0.71.x)
  • Loading branch information
bsclifton authored Nov 4, 2019
2 parents cab072d + ffb873c commit 7fb055f
Show file tree
Hide file tree
Showing 4 changed files with 57 additions and 24 deletions.
64 changes: 40 additions & 24 deletions Jenkinsfile
Original file line number Diff line number Diff line change
Expand Up @@ -18,8 +18,9 @@ pipeline {
}
environment {
REFERRAL_API_KEY = credentials("REFERRAL_API_KEY")
BRAVE_GOOGLE_API_KEY = credentials("npm_config_brave_google_api_key")
BRAVE_SERVICES_KEY = credentials("brave-services-key")
BRAVE_INFURA_PROJECT_ID = credentials("brave-infura-project-id")
BRAVE_GOOGLE_API_KEY = credentials("npm_config_brave_google_api_key")
BRAVE_ARTIFACTS_S3_BUCKET = credentials("brave-jenkins-artifacts-s3-bucket")
SLACK_USERNAME_MAP = credentials("github-to-slack-username-map")
SIGN_WIDEVINE_PASSPHRASE = credentials("447b2fa7-c989-43af-9047-8ae158fad0a3")
Expand Down Expand Up @@ -129,8 +130,9 @@ pipeline {
}
}
steps {
echo "Enabling sccache"
sh "npm config --userconfig=.npmrc set sccache sccache"
script {
sccache()
}
}
}
stage("build") {
Expand Down Expand Up @@ -342,8 +344,9 @@ pipeline {
}
}
steps {
echo "Enabling sccache"
sh "npm config --userconfig=.npmrc set sccache sccache"
script {
sccache()
}
}
}
stage("build") {
Expand All @@ -365,7 +368,7 @@ pipeline {
}
stage("test-unit") {
steps {
timeout(time: 20, unit: "MINUTES") {
timeout(time: 60, unit: "MINUTES") {
catchError(buildResult: 'UNSTABLE', stageResult: 'FAILURE') {
script {
sh "npm run test -- brave_unit_tests ${BUILD_TYPE} --output brave_unit_tests.xml"
Expand Down Expand Up @@ -493,8 +496,9 @@ pipeline {
}
}
steps {
echo "Enabling sccache"
sh "npm config --userconfig=.npmrc set sccache sccache"
script {
sccache()
}
}
}
stage("build") {
Expand All @@ -520,7 +524,7 @@ pipeline {
}
stage("test-unit") {
steps {
timeout(time: 20, unit: "MINUTES") {
timeout(time: 60, unit: "MINUTES") {
catchError(buildResult: 'UNSTABLE', stageResult: 'FAILURE') {
script {
sh "npm run test -- brave_unit_tests ${BUILD_TYPE} --output brave_unit_tests.xml"
Expand Down Expand Up @@ -586,7 +590,7 @@ pipeline {
environment {
GIT_CACHE_PATH = "C:\\Users\\Administrator\\cache"
SCCACHE_BUCKET = credentials("brave-browser-sccache-win-s3-bucket")
SCCACHE_ERROR_LOG = "${WORKSPACE}/sccache.log"
SCCACHE_ERROR_LOG = "${WORKSPACE}\\sccache.log"
PATH = "C:\\Program Files (x86)\\Windows Kits\\10\\bin\\10.0.18362.0\\x64\\;C:\\Program Files (x86)\\Microsoft Visual Studio\\2017\\Community\\Common7\\IDE\\Remote Debugger\\x64;${PATH}"
SIGNTOOL_ARGS = "sign /t http://timestamp.digicert.com /fd sha256 /sm"
CERT = "Brave"
Expand Down Expand Up @@ -676,17 +680,20 @@ pipeline {
}
}
}
// stage("sccache") {
// when {
// allOf {
// expression { !DISABLE_SCCACHE }
// }
// }
// steps {
// echo "Enabling sccache"
// powershell "npm config --userconfig=.npmrc set sccache sccache"
// }
// }
stage("sccache") {
when {
allOf {
expression { !DISABLE_SCCACHE }
}
}
steps {
echo "Enabling sccache"
powershell """
\$ErrorActionPreference = "Stop"
npm config --userconfig=.npmrc set sccache sccache
"""
}
}
stage("build") {
environment {
SIGN_WIDEVINE_CERT = credentials("widevine_brave_prod_cert.der")
Expand All @@ -696,9 +703,10 @@ pipeline {
powershell """
\$ErrorActionPreference = "Stop"
npm config --userconfig=.npmrc set brave_referrals_api_key ${REFERRAL_API_KEY}
npm config --userconfig=.npmrc set brave_services_key ${BRAVE_SERVICES_KEY}
npm config --userconfig=.npmrc set brave_infura_project_id ${BRAVE_INFURA_PROJECT_ID}
npm config --userconfig=.npmrc set brave_google_api_endpoint https://location.services.mozilla.com/v1/geolocate?key=
npm config --userconfig=.npmrc set brave_google_api_key ${BRAVE_GOOGLE_API_KEY}
npm config --userconfig=.npmrc set brave_infura_project_id ${BRAVE_INFURA_PROJECT_ID}
npm config --userconfig=.npmrc set google_api_endpoint safebrowsing.brave.com
npm config --userconfig=.npmrc set google_api_key dummytoken
npm run build -- ${BUILD_TYPE} --channel=${CHANNEL} ${OFFICIAL_BUILD} ${SKIP_SIGNING}
Expand All @@ -719,7 +727,7 @@ pipeline {
}
stage("test-unit") {
steps {
timeout(time: 20, unit: "MINUTES") {
timeout(time: 60, unit: "MINUTES") {
catchError(buildResult: 'UNSTABLE', stageResult: 'FAILURE') {
powershell """
\$ErrorActionPreference = "Stop"
Expand Down Expand Up @@ -811,6 +819,7 @@ def setEnv() {
GITHUB_CREDENTIAL_ID = "brave-builds-github-token-for-pr-builder"
RUST_LOG = "sccache=warn"
RUST_BACKTRACE = "1"
SCCACHE_IDLE_TIMEOUT = 0
SKIP = false
SKIP_ANDROID = false
SKIP_IOS = false
Expand Down Expand Up @@ -992,12 +1001,18 @@ def lint() {
"""
}

def sccache() {
echo "Enabling sccache"
sh "npm config --userconfig=.npmrc set sccache sccache"
}

def config() {
sh """
npm config --userconfig=.npmrc set brave_referrals_api_key ${REFERRAL_API_KEY}
npm config --userconfig=.npmrc set brave_services_key ${BRAVE_SERVICES_KEY}
npm config --userconfig=.npmrc set brave_infura_project_id ${BRAVE_INFURA_PROJECT_ID}
npm config --userconfig=.npmrc set brave_google_api_endpoint https://location.services.mozilla.com/v1/geolocate?key=
npm config --userconfig=.npmrc set brave_google_api_key ${BRAVE_GOOGLE_API_KEY}
npm config --userconfig=.npmrc set brave_infura_project_id ${BRAVE_INFURA_PROJECT_ID}
npm config --userconfig=.npmrc set google_api_endpoint safebrowsing.brave.com
npm config --userconfig=.npmrc set google_api_key dummytoken
"""
Expand All @@ -1006,6 +1021,7 @@ def config() {
def installWindows() {
powershell """
Remove-Item -Recurse -Force ${GIT_CACHE_PATH}/*.lock
Get-ChildItem "Cert:\\LocalMachine\\My" | Remove-Item
\$ErrorActionPreference = "Stop"
npm install --no-optional
Copy-Item "${SOURCE_KEY_CER_PATH}" -Destination "${KEY_CER_PATH}"
Expand Down
10 changes: 10 additions & 0 deletions lib/config.js
Original file line number Diff line number Diff line change
Expand Up @@ -64,6 +64,8 @@ const Config = function () {
this.mac_installer_signing_identifier = getNPMConfig(['mac_installer_signing_identifier']) || ''
this.mac_signing_keychain = getNPMConfig(['mac_signing_keychain']) || 'login'
this.mac_signing_output_prefix = 'signing'
this.notary_user = getNPMConfig(['notary_user']) || ''
this.notary_password = getNPMConfig(['notary_password']) || ''
this.channel = ''
this.sccache = getNPMConfig(['sccache'])
this.braveReferralsApiKey = getNPMConfig(['brave_referrals_api_key']) || ''
Expand Down Expand Up @@ -129,6 +131,11 @@ Config.prototype.buildArgs = function () {
args.mac_installer_signing_identifier = this.mac_installer_signing_identifier
args.mac_signing_keychain = this.mac_signing_keychain
args.mac_signing_output_prefix = this.mac_signing_output_prefix
if (this.notarize) {
args.notarize = true
args.notary_user = this.notary_user
args.notary_password = this.notary_password
}
}

if (process.platform === 'win32' && this.build_omaha) {
Expand Down Expand Up @@ -425,6 +432,9 @@ Config.prototype.update = function (options) {
if (options.mac_signing_keychain)
this.mac_signing_keychain = options.mac_signing_keychain

if (options.notarize)
this.notarize = true

if (options.gclient_verbose)
this.gClientVerbose = options.gclient_verbose

Expand Down
6 changes: 6 additions & 0 deletions lib/createDist.js
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,12 @@ const createDist = (buildConfig = config.defaultBuildConfig, options) => {
config.buildConfig = buildConfig
config.update(options)

if (config.notarize) {
notarize = config.notarize
notary_user = config.notary_user
notary_password = config.notary_password
}

util.updateBranding()
fs.removeSync(path.join(config.outputDir, 'dist'))
config.buildTarget = 'create_dist'
Expand Down
1 change: 1 addition & 0 deletions scripts/commands.js
Original file line number Diff line number Diff line change
Expand Up @@ -71,6 +71,7 @@ program
.option('--build_omaha', 'build omaha stub/standalone installer')
.option('--tag_ap <ap>', 'ap for stub/standalone installer')
.option('--skip_signing', 'skip signing dmg/brave_installer.exe')
.option('--notarize', 'notarize the macOS app with Apple')
.arguments('[build_config]')
.action(createDist)

Expand Down

0 comments on commit 7fb055f

Please sign in to comment.