mirrors/insomnia
1
0
Fork 0
mirror of https://github.com/Kong/insomnia synced 2024-11-07 22:30:15 +00:00
Code Issues Packages Projects Releases Wiki Activity

Notarize raw binary (#4108)

Browse Source
This commit is contained in:
Opender Singh 2021-10-15 11:16:30 +13:00 committed by GitHub
parent cabaa7ebdf
commit 71f8393fba
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
4 changed files with 80 additions and 40 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

21
.github/workflows/release-core.yml vendored
View File

@ -133,12 +133,12 @@ jobs:
shell: bash
run: |
PKG_NAME="inso-${{ matrix.os }}-${{ needs.inso_release_info.outputs.inso-version }}"
BUNDLE_ID="com.insomnia.inso.app"
BUNDLE_ID="com.insomnia.inso"
echo ::set-output name=pkg-name::$PKG_NAME
echo ::set-output name=bundle-id::$BUNDLE_ID
- name: Package Inso CLI
- name: Package Inso CLI binary
run: npm run inso-package
env:
VERSION: ${{ needs.inso_release_info.outputs.inso-version }}
@ -146,14 +146,14 @@ jobs:
- name: Run CLI smoke tests
run: npm run test:smoke:cli
- name: Create macOS installer package
- name: Codesign & create macOS installer
if: matrix.os == 'macos-latest'
run: |
chmod +x ./src/scripts/macos-pkg.sh
./src/scripts/macos-pkg.sh
shell: bash
working-directory: packages/insomnia-inso
continue-on-error: true
continue-on-error: false
env:
MACOS_CERTIFICATE: ${{ secrets.DESIGNER_MAC_CSC_LINK }}
MACOS_CERTIFICATE_PWD: ${{ secrets.DESIGNER_MAC_CSC_KEY_PASSWORD }}
@ -161,7 +161,7 @@ jobs:
BUNDLE_ID: ${{ steps.inso-variables.outputs.bundle-id }}
VERSION: ${{ needs.inso_release_info.outputs.inso-version }}
- name: Notarize installer package
- name: Notarize installer
if: matrix.os == 'macos-latest'
uses: devbotsxyz/xcode-notarize@v1
with:
@ -170,12 +170,21 @@ jobs:
appstore-connect-username: ${{ secrets.DESIGNER_APPLE_ID }}
appstore-connect-password: ${{ secrets.DESIGNER_APPLE_ID_PASSWORD }}
- name: Staple installer package
- name: Staple installer
if: matrix.os == 'macos-latest'
uses: devbotsxyz/xcode-staple@v1
with:
product-path: packages/insomnia-inso/artifacts/${{ steps.inso-variables.outputs.pkg-name }}.pkg
- name: Notarize binary
if: matrix.os == 'macos-latest'
uses: devbotsxyz/xcode-notarize@v1
with:
product-path: packages/insomnia-inso/binaries/inso
primary-bundle-id: ${{ steps.inso-variables.outputs.bundle-id }}-binary
appstore-connect-username: ${{ secrets.DESIGNER_APPLE_ID }}
appstore-connect-password: ${{ secrets.DESIGNER_APPLE_ID_PASSWORD }}
- name: Create Inso CLI artifacts
run: npm run inso-package:artifacts
env:

34
.github/workflows/test.yml vendored
View File

@ -51,30 +51,30 @@ jobs:
- name: Lint
run: npm run lint
- name: Lint Markdown
- name: Lint markdown
run: npm run lint:markdown
- name: Run tests
run: npm test
- name: Set Inso Variables
- name: Set Inso CLI variables
id: inso-variables
shell: bash
run: |
INSO_VERSION="${{ needs.get_version.outputs.inso-version }}-run.${{ github.run_number }}"
PKG_NAME="inso-${{ matrix.os }}-$INSO_VERSION"
BUNDLE_ID="com.insomnia.inso.app"
BUNDLE_ID="com.insomnia.inso"
echo ::set-output name=pkg-name::$PKG_NAME
echo ::set-output name=bundle-id::$BUNDLE_ID
echo ::set-output name=inso-version::$INSO_VERSION
- name: Package Inso CLI
- name: Package Inso CLI binary
run: npm run inso-package
env:
VERSION: ${{ steps.inso-variables.outputs.inso-version }}
- name: Create macOS installer package
- name: Codesign & create macOS installer
if: matrix.os == 'macos-latest'
run: |
chmod +x ./src/scripts/macos-pkg.sh
@ -90,7 +90,7 @@ jobs:
VERSION: ${{ steps.inso-variables.outputs.inso-version }}
# We don't need to notarize and staple on every commit
# - name: Notarize installer package
# - name: Notarize installer
# if: matrix.os == 'macos-latest'
# uses: devbotsxyz/xcode-notarize@v1
# with:
@ -99,14 +99,25 @@ jobs:
# appstore-connect-username: ${{ secrets.DESIGNER_APPLE_ID }}
# appstore-connect-password: ${{ secrets.DESIGNER_APPLE_ID_PASSWORD }}
# - name: Staple installer package
# - name: Staple installer
# if: matrix.os == 'macos-latest'
# uses: devbotsxyz/xcode-staple@v1
# with:
# product-path: packages/insomnia-inso/artifacts/${{ steps.inso-variables.outputs.pkg-name }}.pkg
# - name: Notarize binary
# if: matrix.os == 'macos-latest'
# uses: devbotsxyz/xcode-notarize@v1
# with:
# product-path: packages/insomnia-inso/binaries/inso
# primary-bundle-id: ${{ steps.inso-variables.outputs.bundle-id }}-binary
# appstore-connect-username: ${{ secrets.DESIGNER_APPLE_ID }}
# appstore-connect-password: ${{ secrets.DESIGNER_APPLE_ID_PASSWORD }}
- name: Create Inso CLI artifacts
run: npm run inso-package:artifacts
env:
VERSION: ${{ steps.inso-variables.outputs.inso-version }}
- name: Upload Inso CLI artifacts
uses: actions/upload-artifact@v2
@ -115,16 +126,13 @@ jobs:
name: ${{ steps.inso-variables.outputs.pkg-name }}
path: packages/insomnia-inso/artifacts
# - name: Run CLI smoke tests
# - name: Run Inso CLI smoke tests
# run: npm run test:smoke:cli
# - name: Run CLI smoke tests
# run: npm run test:smoke:cli
# - name: Build for smoke tests
# - name: Build app for smoke tests
# run: npm run app-build:smoke
# - name: Run smoke tests
# - name: Run app smoke tests
# timeout-minutes: 10 # sometimes jest fails to exit - https://github.com/facebook/jest/issues/6423#issuecomment-620407580
# run: npm run test:smoke:build

56
packages/insomnia-inso/src/scripts/artifacts.ts
View File

@ -1,4 +1,4 @@
import { spawn } from 'child_process';
import { ProcessEnvOptions, spawn } from 'child_process';
import mkdirp from 'mkdirp';
import path from 'path';
@ -11,18 +11,52 @@ const isMac = () => platform === 'darwin';
const isLinux = () => platform === 'linux';
const isWindows = () => platform === 'win32';
const getTarArgs = () => {
const getName = () => {
const version = getVersion();
if (isMac()) {
return ['-czf', `inso-macos-${version}.zip`];
return `inso-macos-${version}.zip`;
}
if (isLinux()) {
return ['-cJf', `inso-linux-${version}.tar.xz`];
return `inso-linux-${version}.tar.xz`;
}
if (isWindows()) {
return ['-czf', `inso-windows-${version}.zip`];
return `inso-windows-${version}.zip`;
}
throw new Error(prefixPkgArtifacts(`Unsupported OS: ${platform}`));
};
const startProcess = (cwd: ProcessEnvOptions['cwd']) => {
const name = getName();
if (isMac()) {
return spawn('ditto',
[
'-c',
'-k',
'../binaries/inso',
name,
], {
cwd,
shell: true,
});
}
if (isWindows() || isLinux()) {
return spawn('tar',
[
'-C',
'../binaries',
isWindows() ? '-a -cf' : '-cjf',
name,
'.',
], {
cwd,
shell: true,
});
}
throw new Error(prefixPkgArtifacts(`Unsupported OS: ${platform}`));
@ -33,17 +67,7 @@ const artifacts = async () => {
const cwd = path.join(__dirname, '../../artifacts');
mkdirp.sync(cwd);
const tarName = isWindows() ? 'tar.exe' : 'tar';
const process = spawn(tarName,
[
'-C',
'../binaries',
...getTarArgs(),
'.',
], {
cwd,
shell: true,
});
const process = startProcess(cwd);
process.stdout.on('data', data => {
console.log(data.toString());

9
packages/insomnia-inso/src/scripts/macos-pkg.sh
View File

@ -43,17 +43,16 @@ security import certificate.p12 -k "$KEYCHAIN" -P "$MACOS_CERTIFICATE_PWD" -T /u
# New requirement for MacOS 10.12+
security set-key-partition-list -S apple-tool:,apple:,codesign:,pkgbuild: -s -k "$KEYCHAIN_PASSWORD" "$KEYCHAIN"
# Sign the binary
plutil -lint "$ENTITLEMENTS_PATH"
/usr/bin/codesign --force --options=runtime --entitlements "$ENTITLEMENTS_PATH" --timestamp --sign "$APP_IDENTITY" "$SOURCE_BINARY_DIR/$SOURCE_BINARY_NAME"
# Create a staging area for the installer package.
mkdir -p "$STAGING_AREA"
# Copy the binary into the staging area.
cp "$SOURCE_BINARY_DIR/$SOURCE_BINARY_NAME" "$STAGING_AREA"
# Sign the binary
plutil -lint "$ENTITLEMENTS_PATH"
/usr/bin/codesign --force --options=runtime --entitlements "$ENTITLEMENTS_PATH" --timestamp --sign "$APP_IDENTITY" "$STAGING_AREA/$SOURCE_BINARY_NAME"
# Build and sign the package
mkdir $ARTIFACT_LOCATION
/usr/bin/pkgbuild --identifier "$BUNDLE_ID" --version "$VERSION" --sign "$INSTALL_IDENTITY" --keychain "$KEYCHAIN" --timestamp --root "$STAGING_AREA" --install-location "$INSTALL_LOCATION" "$ARTIFACT_LOCATION/$PKG_NAME.pkg"