test: add test for code signing on macOS #52
Conversation
RaisinTen
requested review from
dsanders11,
jviotti and
robertgzr
as code owners
test/cli.mjs
Outdated
| } else if (process.platform === "win32") { | ||
| let signtoolFound = false; | ||
| try { | ||
| execSync("where signtool"); |
There was a problem hiding this comment.
Apparently, signtool isn't globally accessible on the Windows CI runner:
https://app.circleci.com/pipelines/github/postmanlabs/postject/177/workflows/cfb21c18-92b3-48db-b143-4f2f6d016ed8/jobs/1368/steps?invite=true#step-104-7
INFO: Could not find files for the given pattern(s).
Command failed: where signtoolI can think of 2 solutions:
- Use Talaria, that contains signtool (that's how I verified locally that codesigning works for the Node.js binary)
- Use
circleci/[email protected]as described in https://circleci.com/blog/code-signing-with-runner and https://circleci.com/developer/orbs/orb/circleci/microsoft-msix
Preferences or better options anyone?
There was a problem hiding this comment.
This tool (and others from the Windows SDK) should be on the PATH by default when running on a Visual Studio Developer Prompt (which I believe CircleCI does by default).
Can you access it from outside of this script? i.e. as a standalone step in the CircleCI definition or by SSHing into the worker?
If so, the problem might be in the way you are running this test file or spawning the specific command (without inheriting the outer Visual Studio Developer Prompt environment or something like that).
There was a problem hiding this comment.
Can you access it from outside of this script? i.e. as a standalone step in the CircleCI definition or by SSHing into the worker?
Doesn't seem to be happening in the CircleCI SSH session:
Microsoft Windows [Version 10.0.17763.3287]
(c) 2018 Microsoft Corporation. All rights reserved.
C:\Users\circleci>signtool
'signtool' is not recognized as an internal or external command,
operable program or batch file.FWIW, it isn't present globally on my Windows 10 either when I run the regular cmd prompt.
There was a problem hiding this comment.
FWIW, it isn't present globally on my Windows 10 either when I run the regular cmd prompt.
Yeah, I don't think that will work. That's why I meant the Visual Studio Command Prompt rather than the default one.
There was a problem hiding this comment.
Maybe just find and use the full path to signtool.exe on CircleCI rather than rely on it being on the PATH?
There was a problem hiding this comment.
I think that's acceptable for now until we open-source Talaria and then make use of it on this public repo.
There was a problem hiding this comment.
I have turned this into a macOS specific change for now because this is an improvement already. We can add a code signing test for Windows in a separate PR. PTAL!
RaisinTen
force-pushed
the
test/add-test-for-code-signing
branch
from
323a4af
to
9123103
Compare
Signed-off-by: Darshan Sen <[email protected]>
RaisinTen
force-pushed
the
test/add-test-for-code-signing
branch
from
9123103
to
38d8c12
Compare
RaisinTen
changed the title
Signed-off-by: Darshan Sen [email protected]