Skip to content
This repository has been archived by the owner on Apr 18, 2024. It is now read-only.

Add sign and notarize macOS x86_64 #35 #53

Merged
merged 66 commits into from
Sep 27, 2022
Merged
Show file tree
Hide file tree
Changes from 59 commits
Commits
Show all changes
66 commits
Select commit Hold shift + click to select a range
1469efd
sign and notarize (wip)
juliangruber Aug 23, 2022
961ce4f
always run for now
juliangruber Aug 23, 2022
339bce4
add install gon
juliangruber Aug 23, 2022
3ab35f5
try fixing the rate limiting issue
juliangruber Aug 23, 2022
ca45b57
just always run on macos
juliangruber Aug 29, 2022
51db4f7
change gon invocation
juliangruber Aug 29, 2022
b2f93da
try again after updating env
juliangruber Aug 29, 2022
8404587
try again after updating env
juliangruber Aug 29, 2022
44e8bc8
try again after updating env
juliangruber Aug 29, 2022
8a19a8b
try again after updating env
juliangruber Aug 29, 2022
9ac4fa7
pass secrets to env
juliangruber Aug 29, 2022
321ceb1
import cert into keychain
juliangruber Aug 29, 2022
b008d74
just pass the cert name (no secret)
juliangruber Aug 29, 2022
117c37d
fix build id
juliangruber Aug 29, 2022
5e25d28
fix build id
juliangruber Aug 29, 2022
0e475b3
build on all darwin architectures
juliangruber Aug 29, 2022
0a5b788
add sign arm64
juliangruber Aug 29, 2022
aacb545
fix hcl syntax
juliangruber Aug 29, 2022
6e1934f
undo debug changes
juliangruber Aug 29, 2022
17c7153
clean up
juliangruber Aug 29, 2022
32471d1
attach artifacts to workflow run
juliangruber Sep 1, 2022
fb557ad
run on push again
juliangruber Sep 1, 2022
8035f7f
Merge branch 'main' into add/sign-and-notarize
juliangruber Sep 5, 2022
4360fc6
clean up
juliangruber Sep 5, 2022
11d5ebe
update bundle id
juliangruber Sep 5, 2022
6ff3388
use hooks instead of signs
juliangruber Sep 5, 2022
ccc11b3
turn gon config into dotfile
juliangruber Sep 5, 2022
351edef
add zip output
juliangruber Sep 5, 2022
0377582
Merge branch 'main' into add/sign-and-notarize
juliangruber Sep 21, 2022
61862d5
try "signs" again
juliangruber Sep 21, 2022
17de71b
try mirroring mitchellh/gon setup
juliangruber Sep 21, 2022
07a1539
update paths
juliangruber Sep 21, 2022
326513d
:thinking:
juliangruber Sep 21, 2022
405b9d8
looks like username needs to be hardcoded
juliangruber Sep 21, 2022
57b46d4
clean up
juliangruber Sep 21, 2022
b412d64
attach everything from `./dist`
juliangruber Sep 21, 2022
1b389f8
remove unnecessary dmg artifact
juliangruber Sep 21, 2022
4c5a6aa
undo some changes
juliangruber Sep 21, 2022
245d4ff
only archive macos
juliangruber Sep 21, 2022
8505c29
undo some changes
juliangruber Sep 21, 2022
da949a9
undo some changes
juliangruber Sep 21, 2022
6367b92
undo some changes
juliangruber Sep 21, 2022
c49d051
zip -> tar.gz
juliangruber Sep 21, 2022
df9cef4
add arch to macos artifact
juliangruber Sep 21, 2022
2e109f5
remove version from other builds too
juliangruber Sep 21, 2022
2de2fc3
skip folder artifact upload
juliangruber Sep 21, 2022
0409e22
Revert "zip -> tar.gz"
juliangruber Sep 21, 2022
b5a70e2
docs
juliangruber Sep 21, 2022
1c63c02
keep previous artifact naming
juliangruber Sep 21, 2022
dbfb03e
fix artifact name
juliangruber Sep 21, 2022
4a770a4
build all darwin archs
juliangruber Sep 21, 2022
b60fa2b
sign macos archs independently
juliangruber Sep 21, 2022
e8f889a
refactor, fix redundant signs ids
juliangruber Sep 21, 2022
90dea70
consistent naming
juliangruber Sep 21, 2022
f53ca72
fix signing source paths
juliangruber Sep 21, 2022
9453b84
fix source path again
juliangruber Sep 21, 2022
cbadd41
arm signing issues
juliangruber Sep 21, 2022
ecf79b5
clean up
juliangruber Sep 21, 2022
e4a4cd8
always run
juliangruber Sep 21, 2022
f1a5441
try manual arm script
juliangruber Sep 23, 2022
274bd91
fix path
juliangruber Sep 23, 2022
abf2b9f
fix paths
juliangruber Sep 23, 2022
03e2ee2
wait, why is x86_64 failing now
juliangruber Sep 23, 2022
37e8ef7
fix sign command
juliangruber Sep 26, 2022
3827fb5
switch back to gon, remove arm signing attempts again
juliangruber Sep 26, 2022
abe05e2
Update bundle_id
juliangruber Sep 27, 2022
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
41 changes: 37 additions & 4 deletions .github/workflows/release.yml
Original file line number Diff line number Diff line change
Expand Up @@ -2,9 +2,6 @@ name: goreleaser

on:
push:
# run only against tags
tags:
- '*'
juliangruber marked this conversation as resolved.
Show resolved Hide resolved

permissions:
contents: write
Expand All @@ -13,7 +10,7 @@ permissions:

jobs:
goreleaser:
runs-on: ubuntu-latest
runs-on: macos-latest
juliangruber marked this conversation as resolved.
Show resolved Hide resolved
steps:
-
name: Checkout
Expand All @@ -29,6 +26,7 @@ jobs:
tag: v0.0.19
fileName: saturn-webui.tar.gz
out-file-path: resources/webui
token: ${{ secrets.GITHUB_TOKEN }}
bajtos marked this conversation as resolved.
Show resolved Hide resolved
-
name: Unpack web UI archive
run: |
Expand All @@ -43,6 +41,33 @@ jobs:
uses: actions/setup-go@v2
with:
go-version: 1.18
-
name: Install gon
run: |
brew tap mitchellh/gon
brew install mitchellh/gon/gon
bajtos marked this conversation as resolved.
Show resolved Hide resolved
-
name: Install the Apple certificate and provisioning profile
env:
BUILD_CERTIFICATE_BASE64: ${{ secrets.BUILD_CERTIFICATE_BASE64 }}
P12_PASSWORD: ${{ secrets.P12_PASSWORD }}
KEYCHAIN_PASSWORD: ${{ secrets.KEYCHAIN_PASSWORD }}
run: |
# create variables
CERTIFICATE_PATH=$RUNNER_TEMP/build_certificate.p12
KEYCHAIN_PATH=$RUNNER_TEMP/app-signing.keychain-db

# import certificate and provisioning profile from secrets
echo -n "$BUILD_CERTIFICATE_BASE64" | base64 --decode --output $CERTIFICATE_PATH

# create temporary keychain
security create-keychain -p "$KEYCHAIN_PASSWORD" $KEYCHAIN_PATH
security set-keychain-settings -lut 21600 $KEYCHAIN_PATH
security unlock-keychain -p "$KEYCHAIN_PASSWORD" $KEYCHAIN_PATH

# import certificate to keychain
security import $CERTIFICATE_PATH -P "$P12_PASSWORD" -A -t cert -f pkcs12 -k $KEYCHAIN_PATH
security list-keychain -d user -s $KEYCHAIN_PATH
bajtos marked this conversation as resolved.
Show resolved Hide resolved
-
name: Run GoReleaser
uses: goreleaser/goreleaser-action@v2
Expand All @@ -53,5 +78,13 @@ jobs:
args: release --rm-dist
juliangruber marked this conversation as resolved.
Show resolved Hide resolved
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
AC_PASSWORD: ${{ secrets.AC_PASSWORD }}
bajtos marked this conversation as resolved.
Show resolved Hide resolved
# Your GoReleaser Pro key, if you are using the 'goreleaser-pro' distribution
# GORELEASER_KEY: ${{ secrets.GORELEASER_KEY }}
-
name: Attach produced packages to Github Action
uses: actions/upload-artifact@v2
with:
name: dist
path: dist/*.*
if-no-files-found: error
15 changes: 15 additions & 0 deletions .gon.arm64.hcl
Original file line number Diff line number Diff line change
@@ -0,0 +1,15 @@
source = ["./dist/macos-arm64_darwin_arm64/L2-node"]
juliangruber marked this conversation as resolved.
Show resolved Hide resolved
bundle_id = "saturn.filecoin.l2-node"

apple_id {
username = "[email protected]"
password = "@env:AC_PASSWORD"
}

sign {
application_identity = "Developer ID Application: Protocol Labs, Inc."
}

zip {
output_path="./dist/L2-node_Darwin_arm64.zip"
}
15 changes: 15 additions & 0 deletions .gon.x86_64.hcl
Original file line number Diff line number Diff line change
@@ -0,0 +1,15 @@
source = ["./dist/macos-x86-64_darwin_amd64_v1/L2-node"]
bundle_id = "saturn.filecoin.l2-node"

apple_id {
username = "[email protected]"
password = "@env:AC_PASSWORD"
}

sign {
application_identity = "Developer ID Application: Protocol Labs, Inc."
}

zip {
output_path="./dist/L2-node_Darwin_x86_64.zip"
}
57 changes: 52 additions & 5 deletions .goreleaser.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -7,27 +7,75 @@ before:
# you may remove this if you don't need go generate
- go generate ./...
builds:
- env:
- id: saturn
env:
- CGO_ENABLED=0
goos:
- linux
- windows
- darwin
ignore:
- goos: windows
goarch: arm64
main: ./cmd/saturn-l2
binary: saturn-L2-node
- id: macos-x86-64
env:
- CGO_ENABLED=0
goos:
- darwin
goarch:
- amd64
main: ./cmd/saturn-l2
- id: macos-arm64
env:
- CGO_ENABLED=0
goos:
- darwin
goarch:
- arm64
main: ./cmd/saturn-l2

archives:
- replacements:
darwin: Darwin
- builds:
- saturn
name_template: "{{ .ProjectName }}_{{ .Os }}_{{ .Arch }}"
replacements:
linux: Linux
windows: Windows
386: i386
amd64: x86_64
- builds:
- macos-x86-64
id: macos-x86-64-zip
format: zip
name_template: "{{ .ProjectName }}_{{ .Os }}_{{ .Arch }}"
replacements:
darwin: Darwin
amd64: x86_64
- builds:
- macos-arm64
id: macos-arm64-zip
format: zip
name_template: "{{ .ProjectName }}_{{ .Os }}_{{ .Arch }}"
replacements:
darwin: Darwin
checksum:
name_template: 'checksums.txt'
signs:
- id: macos-x86-64
ids:
- macos-x86-64-zip
cmd: gon
args:
- .gon.x86_64.hcl
artifacts: all
# - id: macos-arm64
# ids:
# - macos-arm64-zip
# cmd: gon
# args:
# - .gon.arm64.hcl
# artifacts: all
snapshot:
name_template: "{{ incpatch .Version }}-next"
changelog:
Expand All @@ -45,4 +93,3 @@ changelog:
exclude:
- '^docs:'
- '^test:'