mirrors/insomnia
1
0
Fork 0
mirror of https://github.com/Kong/insomnia synced 2024-11-08 06:39:48 +00:00
Code Issues Packages Projects Releases Wiki Activity

Notarize raw binary (#4108)

Browse Source
This commit is contained in:
Opender Singh 2021-10-15 11:16:30 +13:00 committed by GitHub
parent cabaa7ebdf
commit 71f8393fba
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
4 changed files with 80 additions and 40 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

21
.github/workflows/release-core.yml vendored
View File

@ -133,12 +133,12 @@ jobs:
shell: bash shell: bash
run: | run: |
PKG_NAME="inso-${{ matrix.os }}-${{ needs.inso_release_info.outputs.inso-version }}" PKG_NAME="inso-${{ matrix.os }}-${{ needs.inso_release_info.outputs.inso-version }}"
BUNDLE_ID="com.insomnia.inso.app" BUNDLE_ID="com.insomnia.inso"
echo ::set-output name=pkg-name::$PKG_NAME echo ::set-output name=pkg-name::$PKG_NAME
echo ::set-output name=bundle-id::$BUNDLE_ID echo ::set-output name=bundle-id::$BUNDLE_ID
- name: Package Inso CLI - name: Package Inso CLI binary
run: npm run inso-package run: npm run inso-package
env: env:
VERSION: ${{ needs.inso_release_info.outputs.inso-version }} VERSION: ${{ needs.inso_release_info.outputs.inso-version }}
@ -146,14 +146,14 @@ jobs:
- name: Run CLI smoke tests - name: Run CLI smoke tests
run: npm run test:smoke:cli run: npm run test:smoke:cli
- name: Create macOS installer package - name: Codesign & create macOS installer
if: matrix.os == 'macos-latest' if: matrix.os == 'macos-latest'
run: | run: |
chmod +x ./src/scripts/macos-pkg.sh chmod +x ./src/scripts/macos-pkg.sh
./src/scripts/macos-pkg.sh ./src/scripts/macos-pkg.sh
shell: bash shell: bash
working-directory: packages/insomnia-inso working-directory: packages/insomnia-inso
continue-on-error: true continue-on-error: false
env: env:
MACOS_CERTIFICATE: ${{ secrets.DESIGNER_MAC_CSC_LINK }} MACOS_CERTIFICATE: ${{ secrets.DESIGNER_MAC_CSC_LINK }}
MACOS_CERTIFICATE_PWD: ${{ secrets.DESIGNER_MAC_CSC_KEY_PASSWORD }} MACOS_CERTIFICATE_PWD: ${{ secrets.DESIGNER_MAC_CSC_KEY_PASSWORD }}
@ -161,7 +161,7 @@ jobs:
BUNDLE_ID: ${{ steps.inso-variables.outputs.bundle-id }} BUNDLE_ID: ${{ steps.inso-variables.outputs.bundle-id }}
VERSION: ${{ needs.inso_release_info.outputs.inso-version }} VERSION: ${{ needs.inso_release_info.outputs.inso-version }}
- name: Notarize installer package - name: Notarize installer
if: matrix.os == 'macos-latest' if: matrix.os == 'macos-latest'
uses: devbotsxyz/xcode-notarize@v1 uses: devbotsxyz/xcode-notarize@v1
with: with:
@ -170,12 +170,21 @@ jobs:
appstore-connect-username: ${{ secrets.DESIGNER_APPLE_ID }} appstore-connect-username: ${{ secrets.DESIGNER_APPLE_ID }}
appstore-connect-password: ${{ secrets.DESIGNER_APPLE_ID_PASSWORD }} appstore-connect-password: ${{ secrets.DESIGNER_APPLE_ID_PASSWORD }}
- name: Staple installer package - name: Staple installer
if: matrix.os == 'macos-latest' if: matrix.os == 'macos-latest'
uses: devbotsxyz/xcode-staple@v1 uses: devbotsxyz/xcode-staple@v1
with: with:
product-path: packages/insomnia-inso/artifacts/${{ steps.inso-variables.outputs.pkg-name }}.pkg product-path: packages/insomnia-inso/artifacts/${{ steps.inso-variables.outputs.pkg-name }}.pkg
- name: Notarize binary
if: matrix.os == 'macos-latest'
uses: devbotsxyz/xcode-notarize@v1
with:
product-path: packages/insomnia-inso/binaries/inso
primary-bundle-id: ${{ steps.inso-variables.outputs.bundle-id }}-binary
appstore-connect-username: ${{ secrets.DESIGNER_APPLE_ID }}
appstore-connect-password: ${{ secrets.DESIGNER_APPLE_ID_PASSWORD }}
- name: Create Inso CLI artifacts - name: Create Inso CLI artifacts
run: npm run inso-package:artifacts run: npm run inso-package:artifacts
env: env:

34
.github/workflows/test.yml vendored
View File

@ -51,30 +51,30 @@ jobs:
- name: Lint - name: Lint
run: npm run lint run: npm run lint
- name: Lint Markdown - name: Lint markdown
run: npm run lint:markdown run: npm run lint:markdown
- name: Run tests - name: Run tests
run: npm test run: npm test
- name: Set Inso Variables - name: Set Inso CLI variables
id: inso-variables id: inso-variables
shell: bash shell: bash
run: | run: |
INSO_VERSION="${{ needs.get_version.outputs.inso-version }}-run.${{ github.run_number }}" INSO_VERSION="${{ needs.get_version.outputs.inso-version }}-run.${{ github.run_number }}"
PKG_NAME="inso-${{ matrix.os }}-$INSO_VERSION" PKG_NAME="inso-${{ matrix.os }}-$INSO_VERSION"
BUNDLE_ID="com.insomnia.inso.app" BUNDLE_ID="com.insomnia.inso"
echo ::set-output name=pkg-name::$PKG_NAME echo ::set-output name=pkg-name::$PKG_NAME
echo ::set-output name=bundle-id::$BUNDLE_ID echo ::set-output name=bundle-id::$BUNDLE_ID
echo ::set-output name=inso-version::$INSO_VERSION echo ::set-output name=inso-version::$INSO_VERSION
- name: Package Inso CLI - name: Package Inso CLI binary
run: npm run inso-package run: npm run inso-package
env: env:
VERSION: ${{ steps.inso-variables.outputs.inso-version }} VERSION: ${{ steps.inso-variables.outputs.inso-version }}
- name: Create macOS installer package - name: Codesign & create macOS installer
if: matrix.os == 'macos-latest' if: matrix.os == 'macos-latest'
run: | run: |
chmod +x ./src/scripts/macos-pkg.sh chmod +x ./src/scripts/macos-pkg.sh
@ -90,7 +90,7 @@ jobs:
VERSION: ${{ steps.inso-variables.outputs.inso-version }} VERSION: ${{ steps.inso-variables.outputs.inso-version }}
# We don't need to notarize and staple on every commit # We don't need to notarize and staple on every commit
# - name: Notarize installer package # - name: Notarize installer
# if: matrix.os == 'macos-latest' # if: matrix.os == 'macos-latest'
# uses: devbotsxyz/xcode-notarize@v1 # uses: devbotsxyz/xcode-notarize@v1
# with: # with:
@ -99,14 +99,25 @@ jobs:
# appstore-connect-username: ${{ secrets.DESIGNER_APPLE_ID }} # appstore-connect-username: ${{ secrets.DESIGNER_APPLE_ID }}
# appstore-connect-password: ${{ secrets.DESIGNER_APPLE_ID_PASSWORD }} # appstore-connect-password: ${{ secrets.DESIGNER_APPLE_ID_PASSWORD }}
# - name: Staple installer package # - name: Staple installer
# if: matrix.os == 'macos-latest' # if: matrix.os == 'macos-latest'
# uses: devbotsxyz/xcode-staple@v1 # uses: devbotsxyz/xcode-staple@v1
# with: # with:
# product-path: packages/insomnia-inso/artifacts/${{ steps.inso-variables.outputs.pkg-name }}.pkg # product-path: packages/insomnia-inso/artifacts/${{ steps.inso-variables.outputs.pkg-name }}.pkg
# - name: Notarize binary
# if: matrix.os == 'macos-latest'
# uses: devbotsxyz/xcode-notarize@v1
# with:
# product-path: packages/insomnia-inso/binaries/inso
# primary-bundle-id: ${{ steps.inso-variables.outputs.bundle-id }}-binary
# appstore-connect-username: ${{ secrets.DESIGNER_APPLE_ID }}
# appstore-connect-password: ${{ secrets.DESIGNER_APPLE_ID_PASSWORD }}
- name: Create Inso CLI artifacts - name: Create Inso CLI artifacts
run: npm run inso-package:artifacts run: npm run inso-package:artifacts
env:
VERSION: ${{ steps.inso-variables.outputs.inso-version }}
- name: Upload Inso CLI artifacts - name: Upload Inso CLI artifacts
uses: actions/upload-artifact@v2 uses: actions/upload-artifact@v2
@ -115,16 +126,13 @@ jobs:
name: ${{ steps.inso-variables.outputs.pkg-name }} name: ${{ steps.inso-variables.outputs.pkg-name }}
path: packages/insomnia-inso/artifacts path: packages/insomnia-inso/artifacts
# - name: Run CLI smoke tests # - name: Run Inso CLI smoke tests
# run: npm run test:smoke:cli # run: npm run test:smoke:cli
# - name: Run CLI smoke tests # - name: Build app for smoke tests
# run: npm run test:smoke:cli
# - name: Build for smoke tests
# run: npm run app-build:smoke # run: npm run app-build:smoke
# - name: Run smoke tests # - name: Run app smoke tests
# timeout-minutes: 10 # sometimes jest fails to exit - https://github.com/facebook/jest/issues/6423#issuecomment-620407580 # timeout-minutes: 10 # sometimes jest fails to exit - https://github.com/facebook/jest/issues/6423#issuecomment-620407580
# run: npm run test:smoke:build # run: npm run test:smoke:build

56
packages/insomnia-inso/src/scripts/artifacts.ts
View File

@ -1,4 +1,4 @@
import { spawn } from 'child_process'; import { ProcessEnvOptions, spawn } from 'child_process';
import mkdirp from 'mkdirp'; import mkdirp from 'mkdirp';
import path from 'path'; import path from 'path';
@ -11,18 +11,52 @@ const isMac = () => platform === 'darwin';
const isLinux = () => platform === 'linux'; const isLinux = () => platform === 'linux';
const isWindows = () => platform === 'win32'; const isWindows = () => platform === 'win32';
const getTarArgs = () => { const getName = () => {
const version = getVersion(); const version = getVersion();
if (isMac()) { if (isMac()) {
return ['-czf', `inso-macos-${version}.zip`]; return `inso-macos-${version}.zip`;
} }
if (isLinux()) { if (isLinux()) {
return ['-cJf', `inso-linux-${version}.tar.xz`]; return `inso-linux-${version}.tar.xz`;
} }
if (isWindows()) { if (isWindows()) {
return ['-czf', `inso-windows-${version}.zip`]; return `inso-windows-${version}.zip`;
}
throw new Error(prefixPkgArtifacts(`Unsupported OS: ${platform}`));
};
const startProcess = (cwd: ProcessEnvOptions['cwd']) => {
const name = getName();
if (isMac()) {
return spawn('ditto',
[
'-c',
'-k',
'../binaries/inso',
name,
], {
cwd,
shell: true,
});
}
if (isWindows() || isLinux()) {
return spawn('tar',
[
'-C',
'../binaries',
isWindows() ? '-a -cf' : '-cjf',
name,
'.',
], {
cwd,
shell: true,
});
} }
throw new Error(prefixPkgArtifacts(`Unsupported OS: ${platform}`)); throw new Error(prefixPkgArtifacts(`Unsupported OS: ${platform}`));
@ -33,17 +67,7 @@ const artifacts = async () => {
const cwd = path.join(__dirname, '../../artifacts'); const cwd = path.join(__dirname, '../../artifacts');
mkdirp.sync(cwd); mkdirp.sync(cwd);
const tarName = isWindows() ? 'tar.exe' : 'tar'; const process = startProcess(cwd);
const process = spawn(tarName,
[
'-C',
'../binaries',
...getTarArgs(),
'.',
], {
cwd,
shell: true,
});
process.stdout.on('data', data => { process.stdout.on('data', data => {
console.log(data.toString()); console.log(data.toString());

9
packages/insomnia-inso/src/scripts/macos-pkg.sh
View File

@ -43,17 +43,16 @@ security import certificate.p12 -k "$KEYCHAIN" -P "$MACOS_CERTIFICATE_PWD" -T /u
# New requirement for MacOS 10.12+ # New requirement for MacOS 10.12+
security set-key-partition-list -S apple-tool:,apple:,codesign:,pkgbuild: -s -k "$KEYCHAIN_PASSWORD" "$KEYCHAIN" security set-key-partition-list -S apple-tool:,apple:,codesign:,pkgbuild: -s -k "$KEYCHAIN_PASSWORD" "$KEYCHAIN"
# Sign the binary
plutil -lint "$ENTITLEMENTS_PATH"
/usr/bin/codesign --force --options=runtime --entitlements "$ENTITLEMENTS_PATH" --timestamp --sign "$APP_IDENTITY" "$SOURCE_BINARY_DIR/$SOURCE_BINARY_NAME"
# Create a staging area for the installer package. # Create a staging area for the installer package.
mkdir -p "$STAGING_AREA" mkdir -p "$STAGING_AREA"
# Copy the binary into the staging area. # Copy the binary into the staging area.
cp "$SOURCE_BINARY_DIR/$SOURCE_BINARY_NAME" "$STAGING_AREA" cp "$SOURCE_BINARY_DIR/$SOURCE_BINARY_NAME" "$STAGING_AREA"
# Sign the binary
plutil -lint "$ENTITLEMENTS_PATH"
/usr/bin/codesign --force --options=runtime --entitlements "$ENTITLEMENTS_PATH" --timestamp --sign "$APP_IDENTITY" "$STAGING_AREA/$SOURCE_BINARY_NAME"
# Build and sign the package # Build and sign the package
mkdir $ARTIFACT_LOCATION mkdir $ARTIFACT_LOCATION
/usr/bin/pkgbuild --identifier "$BUNDLE_ID" --version "$VERSION" --sign "$INSTALL_IDENTITY" --keychain "$KEYCHAIN" --timestamp --root "$STAGING_AREA" --install-location "$INSTALL_LOCATION" "$ARTIFACT_LOCATION/$PKG_NAME.pkg" /usr/bin/pkgbuild --identifier "$BUNDLE_ID" --version "$VERSION" --sign "$INSTALL_IDENTITY" --keychain "$KEYCHAIN" --timestamp --root "$STAGING_AREA" --install-location "$INSTALL_LOCATION" "$ARTIFACT_LOCATION/$PKG_NAME.pkg"