Skip to content
This repository has been archived by the owner on Apr 18, 2024. It is now read-only.

Commit

Permalink
Add sign and notarize macOS x86_64 #35 (#53)
Browse files Browse the repository at this point in the history
* sign and notarize (wip)

* always run for now

* add install gon

* try fixing the rate limiting issue

* just always run on macos

* change gon invocation

* try again after updating env

* try again after updating env

* try again after updating env

* try again after updating env

* pass secrets to env

* import cert into keychain

* just pass the cert name (no secret)

* fix build id

* fix build id

* build on all darwin architectures

* add sign arm64

* fix hcl syntax

* undo debug changes

* clean up

* attach artifacts to workflow run

* run on push again

* clean up

* update bundle id

* use hooks instead of signs

* turn gon config into dotfile

* add zip output

* try "signs" again

* try mirroring mitchellh/gon setup

* update paths

* 🤔

* looks like username needs to be hardcoded

* clean up

* attach everything from `./dist`

* remove unnecessary dmg artifact

* undo some changes

* only archive macos

* undo some changes

* undo some changes

* undo some changes

* zip -> tar.gz

* add arch to macos artifact

* remove version from other builds too

* skip folder artifact upload

* Revert "zip -> tar.gz"

This reverts commit c49d051.

* docs

* keep previous artifact naming

* fix artifact name

* build all darwin archs

* sign macos archs independently

* refactor, fix redundant signs ids

* consistent naming

* fix signing source paths

* fix source path again

* arm signing issues

* clean up

* always run

* try manual arm script

* fix path

* fix paths

* wait, why is x86_64 failing now

* fix sign command

* switch back to gon, remove arm signing attempts again

* Update bundle_id

Co-authored-by: Miroslav Bajtoš <[email protected]>

Co-authored-by: Miroslav Bajtoš <[email protected]>
  • Loading branch information
juliangruber and bajtos authored Sep 27, 2022
1 parent d260b63 commit fe72d8e
Show file tree
Hide file tree
Showing 3 changed files with 82 additions and 10 deletions.
41 changes: 37 additions & 4 deletions .github/workflows/release.yml
Original file line number Diff line number Diff line change
Expand Up @@ -2,9 +2,6 @@ name: goreleaser

on:
push:
# run only against tags
tags:
- '*'

permissions:
contents: write
Expand All @@ -13,7 +10,7 @@ permissions:

jobs:
goreleaser:
runs-on: ubuntu-latest
runs-on: macos-latest
steps:
-
name: Checkout
Expand All @@ -29,6 +26,7 @@ jobs:
tag: v0.0.19
fileName: saturn-webui.tar.gz
out-file-path: resources/webui
token: ${{ secrets.GITHUB_TOKEN }}
-
name: Unpack web UI archive
run: |
Expand All @@ -43,6 +41,33 @@ jobs:
uses: actions/setup-go@v2
with:
go-version: 1.18
-
name: Install gon
run: |
brew tap mitchellh/gon
brew install mitchellh/gon/gon
-
name: Install the Apple certificate and provisioning profile
env:
BUILD_CERTIFICATE_BASE64: ${{ secrets.BUILD_CERTIFICATE_BASE64 }}
P12_PASSWORD: ${{ secrets.P12_PASSWORD }}
KEYCHAIN_PASSWORD: ${{ secrets.KEYCHAIN_PASSWORD }}
run: |
# create variables
CERTIFICATE_PATH=$RUNNER_TEMP/build_certificate.p12
KEYCHAIN_PATH=$RUNNER_TEMP/app-signing.keychain-db
# import certificate and provisioning profile from secrets
echo -n "$BUILD_CERTIFICATE_BASE64" | base64 --decode --output $CERTIFICATE_PATH
# create temporary keychain
security create-keychain -p "$KEYCHAIN_PASSWORD" $KEYCHAIN_PATH
security set-keychain-settings -lut 21600 $KEYCHAIN_PATH
security unlock-keychain -p "$KEYCHAIN_PASSWORD" $KEYCHAIN_PATH
# import certificate to keychain
security import $CERTIFICATE_PATH -P "$P12_PASSWORD" -A -t cert -f pkcs12 -k $KEYCHAIN_PATH
security list-keychain -d user -s $KEYCHAIN_PATH
-
name: Run GoReleaser
uses: goreleaser/goreleaser-action@v2
Expand All @@ -53,5 +78,13 @@ jobs:
args: release --rm-dist
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
AC_PASSWORD: ${{ secrets.AC_PASSWORD }}
# Your GoReleaser Pro key, if you are using the 'goreleaser-pro' distribution
# GORELEASER_KEY: ${{ secrets.GORELEASER_KEY }}
-
name: Attach produced packages to Github Action
uses: actions/upload-artifact@v2
with:
name: dist
path: dist/*.*
if-no-files-found: error
15 changes: 15 additions & 0 deletions .gon.hcl
Original file line number Diff line number Diff line change
@@ -0,0 +1,15 @@
source = ["./dist/macos-x86-64_darwin_amd64_v1/L2-node"]
bundle_id = "io.filecoin.saturn.l2-node"

apple_id {
username = "[email protected]"
password = "@env:AC_PASSWORD"
}

sign {
application_identity = "Developer ID Application: Protocol Labs, Inc."
}

zip {
output_path="./dist/L2-node_Darwin_x86_64.zip"
}
36 changes: 30 additions & 6 deletions .goreleaser.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -7,27 +7,52 @@ before:
# you may remove this if you don't need go generate
- go generate ./...
builds:
- env:
- id: saturn
env:
- CGO_ENABLED=0
goos:
- linux
- windows
- darwin
ignore:
- goos: windows
goarch: arm64
main: ./cmd/saturn-l2
binary: saturn-L2-node

- id: macos-x86-64
env:
- CGO_ENABLED=0
goos:
- darwin
goarch:
- amd64
main: ./cmd/saturn-l2
archives:
- replacements:
darwin: Darwin
- builds:
- saturn
name_template: "{{ .ProjectName }}_{{ .Os }}_{{ .Arch }}"
replacements:
linux: Linux
windows: Windows
386: i386
amd64: x86_64
- builds:
- macos-x86-64
id: macos-x86-64-zip
format: zip
name_template: "{{ .ProjectName }}_{{ .Os }}_{{ .Arch }}"
replacements:
darwin: Darwin
amd64: x86_64
checksum:
name_template: 'checksums.txt'
signs:
- id: macos-x86-64
ids:
- macos-x86-64-zip
cmd: gon
args:
- .gon.hcl
artifacts: all
snapshot:
name_template: "{{ incpatch .Version }}-next"
changelog:
Expand All @@ -45,4 +70,3 @@ changelog:
exclude:
- '^docs:'
- '^test:'

0 comments on commit fe72d8e

Please sign in to comment.