caiyu/solvespace
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
5fa23189d9
solvespace/.github/scripts/sign-macos.sh
Maximilian Federle 5fa23189d9
CI: Replace Travis with GitHub Actions (#824) 
Travis's move away from providing unlimited build time to OSS and its
inferior developer experience are the reason for this change.

The workflows are simple and straightforward, and the build scripts
are mostly 1:1 the same we used on Travis. This avoids vendor lock-in
as much as possible in case we need to move somewhere else in the future.

We introduce two workflows:
1. CD (cd.yml)
  Runs on: Commits to master, GitHub releases.
  Does: Run tests, build release assets, update GitHub edge release  or
  release to developer created GitHub release. Builds & uploads snaps to
  the Snap Store.
2. Test (test.yml)
  Runs on: Every commit except those on master and v* tagged ones.
  I.e. PRs and other branches.
  Does: Run tests only.

Creating a release is now an explicit operation. On the Travis workflow,
pushing a tag that begins with "v" will lead to the automatic creation of
an associated GitHub release.
On GHA, creating a GitHub release by hand will trigger the CD-workflow
to build & upload the release assets.

Other differences to Travis:
- Windows builds on Visual Studio 16 2019 instead of Visual Studio 15 2017.
- Snap builds run in docker containers, not directly on the build host.
- Snap arm64 builds on amd64 via QEMU user emulation.
  This is slower than what Travis gave us and should be changed when/if
  GHA offers ARM64 build runners.
- GHA retains build artifacts for 90 days by default.

Required secrets:
- MACOS_CERTIFICATE_PASSWORD
- MACOS_CERTIFICATE_P12
- MACOS_APPSTORE_APP_PASSWORD
- MACOS_APPSTORE_USERNAME
- MACOS_DEVELOPER_ID
- SNAPSTORE_LOGIN

Discussion: https://github.com/solvespace/solvespace/issues/807
PR: https://github.com/solvespace/solvespace/pull/824

Fixes #807
2020-12-08 18:19:33 +01:00

70 lines
2.2 KiB
Bash
Executable File
Raw Blame History

#!/bin/bash -xe
cd build
openmp="bin/SolveSpace.app/Contents/Resources/lib/libomp.dylib"
app="bin/SolveSpace.app"
dmg="bin/SolveSpace.dmg"
bundle_id="com.solvespace.solvespace"
if [ "$CI" = "true" ]; then
# get the signing certificate (this is the Developer ID:Application: Your Name, exported to a p12 file, then converted to base64, e.g.: cat ~/Desktop/certificate.p12 | base64 | pbcopy)
echo $MACOS_CERTIFICATE_P12 | base64 --decode > certificate.p12
# create a keychain
security create-keychain -p secret build.keychain
security default-keychain -s build.keychain
security unlock-keychain -p secret build.keychain
# import the key
security import certificate.p12 -k build.keychain -P "${MACOS_CERTIFICATE_PASSWORD}" -T /usr/bin/codesign
security set-key-partition-list -S apple-tool:,apple: -s -k secret build.keychain
# check if all is good
security find-identity -v
fi
# sign openmp
codesign -s "${MACOS_DEVELOPER_ID}" --timestamp --options runtime -f --deep "${openmp}"
# sign the .app
codesign -s "${MACOS_DEVELOPER_ID}" --timestamp --options runtime -f --deep "${app}"
# create the .dmg from the signed .app
hdiutil create -srcfolder "${app}" "${dmg}"
# sign the .dmg
codesign -s "${MACOS_DEVELOPER_ID}" --timestamp --options runtime -f --deep "${dmg}"
# notarize and store request uuid in variable
notarize_uuid=$(xcrun altool --notarize-app --primary-bundle-id "${bundle_id}" --username "${MACOS_APPSTORE_USERNAME}" --password "${MACOS_APPSTORE_APP_PASSWORD}" --file "${dmg}" 2>&1 | grep RequestUUID | awk '{print $3'})
echo $notarize_uuid
# wait a bit so we don't get errors during checking
sleep 10
success=0
for (( ; ; ))
do
echo "Checking progress..."
progress=$(xcrun altool --notarization-info "${notarize_uuid}" -u "${MACOS_APPSTORE_USERNAME}" -p "${MACOS_APPSTORE_APP_PASSWORD}" 2>&1)
# echo "${progress}"
if [ $? -ne 0 ] || [[ "${progress}" =~ "Invalid" ]] ; then
echo "Error with notarization. Exiting"
break
fi
if [[ "${progress}" =~ "success" ]]; then
success=1
break
else
echo "Not completed yet. Sleeping for 10 seconds"
fi
sleep 10
done
# staple
xcrun stapler staple "${dmg}"
Reference in New Issue View Git Blame Copy Permalink