From c55e8a62775890ffb69968762c38447442c1f922 Mon Sep 17 00:00:00 2001 From: delarea Date: Mon, 3 Jun 2024 10:27:53 +0300 Subject: [PATCH 001/222] Test sign --- .github/workflows/signBinaries.yml | 31 ++++++++++++++++++++++++++++++ 1 file changed, 31 insertions(+) create mode 100644 .github/workflows/signBinaries.yml diff --git a/.github/workflows/signBinaries.yml b/.github/workflows/signBinaries.yml new file mode 100644 index 000000000..d37f534a3 --- /dev/null +++ b/.github/workflows/signBinaries.yml @@ -0,0 +1,31 @@ +name: Sign Binaries + +on: [push] + +jobs: + SignMacOs: + name: Build + runs-on: macos-latest + steps: + - name: Setup Go + uses: actions/setup-go@v5 + with: + go-version: 1.22.x + cache: false + + - name: Checkout Source + uses: actions/checkout@v4 + + - name: Build + run: go build -v ./... + + - name: Sign binary + uses: lando/code-sign-action@v2 + with: + file: ./jfrog-cli + certificate-data: ${{ secrets.APPLE_CERT_DATA }} + certificate-password: ${{ secrets.APPLE_CERT_PASSWORD }} + apple-team-id: ${{ secrets.APPLE_TEAM_ID }} + + - name: check + run: codesign -vd ./jfrog-cli \ No newline at end of file From 75b2099642f46a6a8633fc0cd88fcfd083ab80e3 Mon Sep 17 00:00:00 2001 From: delarea Date: Mon, 3 Jun 2024 10:30:07 +0300 Subject: [PATCH 002/222] Test sign --- .github/workflows/signBinaries.yml | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/.github/workflows/signBinaries.yml b/.github/workflows/signBinaries.yml index d37f534a3..c56f7f00d 100644 --- a/.github/workflows/signBinaries.yml +++ b/.github/workflows/signBinaries.yml @@ -17,7 +17,10 @@ jobs: uses: actions/checkout@v4 - name: Build - run: go build -v ./... + run: go build -v . + + - name: Build + run: ls -la - name: Sign binary uses: lando/code-sign-action@v2 From 47d17ec06ff8e88321bb8b42c2b0fa9ed5d949e7 Mon Sep 17 00:00:00 2001 From: delarea Date: Mon, 3 Jun 2024 11:00:33 +0300 Subject: [PATCH 003/222] Test --- .github/workflows/signBinaries.yml | 12 ++-------- signscript.sh | 35 ++++++++++++++++++++++++++++++ 2 files changed, 37 insertions(+), 10 deletions(-) create mode 100644 signscript.sh diff --git a/.github/workflows/signBinaries.yml b/.github/workflows/signBinaries.yml index c56f7f00d..175145e74 100644 --- a/.github/workflows/signBinaries.yml +++ b/.github/workflows/signBinaries.yml @@ -22,13 +22,5 @@ jobs: - name: Build run: ls -la - - name: Sign binary - uses: lando/code-sign-action@v2 - with: - file: ./jfrog-cli - certificate-data: ${{ secrets.APPLE_CERT_DATA }} - certificate-password: ${{ secrets.APPLE_CERT_PASSWORD }} - apple-team-id: ${{ secrets.APPLE_TEAM_ID }} - - - name: check - run: codesign -vd ./jfrog-cli \ No newline at end of file + - name: Sign Binary + run: ./signscript.sh ${{ secrets.APPLE_CERT_DATA }} ${{ secrets.APPLE_CERT_PASSWORD }} ${{ secrets.APPLE_TEAM_ID }} \ No newline at end of file diff --git a/signscript.sh b/signscript.sh new file mode 100644 index 000000000..a4a663806 --- /dev/null +++ b/signscript.sh @@ -0,0 +1,35 @@ +#!/bin/bash + + +# The first argument is assigned to APPLE_CERT_DATA +APPLE_CERT_DATA=$1 + +# The second argument is assigned to APPLE_CERT_PASSWORD +APPLE_CERT_PASSWORD=$2 + +# The third argument is assigned to APPLE_TEAM_ID +APPLE_TEAM_ID=$3 + +# Export certs +echo "$APPLE_CERT_DATA" | base64 --decode > /tmp/certs.p12 + +# Create keychain +security create-keychain -p actions macos-build.keychain +security default-keychain -s macos-build.keychain +security unlock-keychain -p actions macos-build.keychain +security set-keychain-settings -t 3600 -u macos-build.keychain + +# Import certs to keychain +security import /tmp/certs.p12 -k ~/Library/Keychains/macos-build.keychain -P "$APPLE_CERT_PASSWORD" -T /usr/bin/codesign -T /usr/bin/productsign + +# Key signing +security set-key-partition-list -S apple-tool:,apple: -s -k actions macos-build.keychain + +# Verify keychain things +security find-identity -p codesigning -v + + +# Force the codesignature +codesign -s "$APPLE_TEAM_ID" -f jfrog-cli + +codesign -vd ./jfrog-cli \ No newline at end of file From 719a1441d6bb98351511925b12388bd85b66356e Mon Sep 17 00:00:00 2001 From: delarea Date: Mon, 3 Jun 2024 11:02:08 +0300 Subject: [PATCH 004/222] permissons --- signscript.sh | 0 1 file changed, 0 insertions(+), 0 deletions(-) mode change 100644 => 100755 signscript.sh diff --git a/signscript.sh b/signscript.sh old mode 100644 new mode 100755 From 0f2a042f50f27c04234353e57f11141654e55b4e Mon Sep 17 00:00:00 2001 From: delarea Date: Mon, 3 Jun 2024 11:10:55 +0300 Subject: [PATCH 005/222] Test --- signscript.sh | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/signscript.sh b/signscript.sh index a4a663806..5576de1b0 100755 --- a/signscript.sh +++ b/signscript.sh @@ -19,12 +19,12 @@ security default-keychain -s macos-build.keychain security unlock-keychain -p actions macos-build.keychain security set-keychain-settings -t 3600 -u macos-build.keychain +# Check keychain content +run ls -la ~/Library/Keychains + # Import certs to keychain security import /tmp/certs.p12 -k ~/Library/Keychains/macos-build.keychain -P "$APPLE_CERT_PASSWORD" -T /usr/bin/codesign -T /usr/bin/productsign -# Key signing -security set-key-partition-list -S apple-tool:,apple: -s -k actions macos-build.keychain - # Verify keychain things security find-identity -p codesigning -v From d69ea64b3901a9ea3725ac4748e38d5f89a72ddf Mon Sep 17 00:00:00 2001 From: delarea Date: Mon, 3 Jun 2024 11:12:46 +0300 Subject: [PATCH 006/222] Test --- signscript.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/signscript.sh b/signscript.sh index 5576de1b0..0c0b3ce38 100755 --- a/signscript.sh +++ b/signscript.sh @@ -20,7 +20,7 @@ security unlock-keychain -p actions macos-build.keychain security set-keychain-settings -t 3600 -u macos-build.keychain # Check keychain content -run ls -la ~/Library/Keychains +ls -la ~/Library/Keychains # Import certs to keychain security import /tmp/certs.p12 -k ~/Library/Keychains/macos-build.keychain -P "$APPLE_CERT_PASSWORD" -T /usr/bin/codesign -T /usr/bin/productsign From 18cf657c196883dbde1036eba358642383dcb3ca Mon Sep 17 00:00:00 2001 From: delarea Date: Mon, 3 Jun 2024 11:16:55 +0300 Subject: [PATCH 007/222] Test --- signscript.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/signscript.sh b/signscript.sh index 0c0b3ce38..b52058615 100755 --- a/signscript.sh +++ b/signscript.sh @@ -14,9 +14,9 @@ APPLE_TEAM_ID=$3 echo "$APPLE_CERT_DATA" | base64 --decode > /tmp/certs.p12 # Create keychain -security create-keychain -p actions macos-build.keychain +security create-keychain -p "$APPLE_CERT_PASSWORD" macos-build.keychain security default-keychain -s macos-build.keychain -security unlock-keychain -p actions macos-build.keychain +security unlock-keychain -p "$APPLE_CERT_PASSWORD" macos-build.keychain security set-keychain-settings -t 3600 -u macos-build.keychain # Check keychain content From a14f1b79188289e8b571e4c1c1568f58a8d8cf2c Mon Sep 17 00:00:00 2001 From: delarea Date: Mon, 3 Jun 2024 11:22:14 +0300 Subject: [PATCH 008/222] Test --- signscript.sh | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/signscript.sh b/signscript.sh index b52058615..dd7cf9f5c 100755 --- a/signscript.sh +++ b/signscript.sh @@ -11,19 +11,27 @@ APPLE_CERT_PASSWORD=$2 APPLE_TEAM_ID=$3 # Export certs +echo "saving cert data to /tmp/certs.p12" echo "$APPLE_CERT_DATA" | base64 --decode > /tmp/certs.p12 +echo "Creating keyhcains..." # Create keychain security create-keychain -p "$APPLE_CERT_PASSWORD" macos-build.keychain security default-keychain -s macos-build.keychain security unlock-keychain -p "$APPLE_CERT_PASSWORD" macos-build.keychain security set-keychain-settings -t 3600 -u macos-build.keychain +echo "check keychains content" # Check keychain content ls -la ~/Library/Keychains + +echo "checking p12" +ls -la /tmp | grep *.p12 + +echo "importing.." # Import certs to keychain -security import /tmp/certs.p12 -k ~/Library/Keychains/macos-build.keychain -P "$APPLE_CERT_PASSWORD" -T /usr/bin/codesign -T /usr/bin/productsign +security import /tmp/certs.p12 -k ~/Library/Keychains/macos-build.keychain -P "$APPLE_CERT_PASSWORD" -T /usr/bin/codesign # Verify keychain things security find-identity -p codesigning -v From bd27d321e66f1fdaf457a41c4cc994963493c672 Mon Sep 17 00:00:00 2001 From: delarea Date: Mon, 3 Jun 2024 11:32:27 +0300 Subject: [PATCH 009/222] Test --- .github/workflows/signBinaries.yml | 5 +---- signscript.sh | 1 - 2 files changed, 1 insertion(+), 5 deletions(-) diff --git a/.github/workflows/signBinaries.yml b/.github/workflows/signBinaries.yml index 175145e74..c1130e399 100644 --- a/.github/workflows/signBinaries.yml +++ b/.github/workflows/signBinaries.yml @@ -4,7 +4,7 @@ on: [push] jobs: SignMacOs: - name: Build + name: SignBinary runs-on: macos-latest steps: - name: Setup Go @@ -19,8 +19,5 @@ jobs: - name: Build run: go build -v . - - name: Build - run: ls -la - - name: Sign Binary run: ./signscript.sh ${{ secrets.APPLE_CERT_DATA }} ${{ secrets.APPLE_CERT_PASSWORD }} ${{ secrets.APPLE_TEAM_ID }} \ No newline at end of file diff --git a/signscript.sh b/signscript.sh index dd7cf9f5c..3bf5ff0a4 100755 --- a/signscript.sh +++ b/signscript.sh @@ -36,7 +36,6 @@ security import /tmp/certs.p12 -k ~/Library/Keychains/macos-build.keychain -P "$ # Verify keychain things security find-identity -p codesigning -v - # Force the codesignature codesign -s "$APPLE_TEAM_ID" -f jfrog-cli From 63c076fc7fdb4dcba8f103df55e0e2701bb34685 Mon Sep 17 00:00:00 2001 From: delarea Date: Mon, 3 Jun 2024 11:36:05 +0300 Subject: [PATCH 010/222] Test --- signscript.sh | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/signscript.sh b/signscript.sh index 3bf5ff0a4..a3e9c5dfa 100755 --- a/signscript.sh +++ b/signscript.sh @@ -12,7 +12,10 @@ APPLE_TEAM_ID=$3 # Export certs echo "saving cert data to /tmp/certs.p12" -echo "$APPLE_CERT_DATA" | base64 --decode > /tmp/certs.p12 +echo "$APPLE_CERT_DATA" | base64 --decode > ~/_tmp/certs.p12 + +echo "checking p12" +ls -la ~/_tmp | grep p12 echo "Creating keyhcains..." # Create keychain @@ -26,8 +29,7 @@ echo "check keychains content" ls -la ~/Library/Keychains -echo "checking p12" -ls -la /tmp | grep *.p12 + echo "importing.." # Import certs to keychain From 780fba29a7947cdb97cff2cba90bf0128851b859 Mon Sep 17 00:00:00 2001 From: delarea Date: Mon, 3 Jun 2024 11:39:32 +0300 Subject: [PATCH 011/222] Test --- signscript.sh | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/signscript.sh b/signscript.sh index a3e9c5dfa..398454dad 100755 --- a/signscript.sh +++ b/signscript.sh @@ -10,12 +10,15 @@ APPLE_CERT_PASSWORD=$2 # The third argument is assigned to APPLE_TEAM_ID APPLE_TEAM_ID=$3 +# shellcheck disable=SC2088 +RUNNER_TEMP="~/work/_temp" + # Export certs echo "saving cert data to /tmp/certs.p12" -echo "$APPLE_CERT_DATA" | base64 --decode > ~/_tmp/certs.p12 +echo "$APPLE_CERT_DATA" | base64 --decode > $RUNNER_TEMP/certs.p12 echo "checking p12" -ls -la ~/_tmp | grep p12 +ls -la $RUNNER_TEMP | grep p12 echo "Creating keyhcains..." # Create keychain From bdd0b117b31333ba05c22c0434d6d9589d2c1f23 Mon Sep 17 00:00:00 2001 From: delarea Date: Mon, 3 Jun 2024 11:40:57 +0300 Subject: [PATCH 012/222] Test --- signscript.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/signscript.sh b/signscript.sh index 398454dad..4f2022d7b 100755 --- a/signscript.sh +++ b/signscript.sh @@ -11,7 +11,7 @@ APPLE_CERT_PASSWORD=$2 APPLE_TEAM_ID=$3 # shellcheck disable=SC2088 -RUNNER_TEMP="~/work/_temp" +RUNNER_TEMP="/Users/runner/work/_temp" # Export certs echo "saving cert data to /tmp/certs.p12" From 69c3d249abfd9ba6b040bf6ab0b7af1efda55b7b Mon Sep 17 00:00:00 2001 From: delarea Date: Mon, 3 Jun 2024 11:42:18 +0300 Subject: [PATCH 013/222] Test --- signscript.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/signscript.sh b/signscript.sh index 4f2022d7b..3619c6c24 100755 --- a/signscript.sh +++ b/signscript.sh @@ -36,7 +36,7 @@ ls -la ~/Library/Keychains echo "importing.." # Import certs to keychain -security import /tmp/certs.p12 -k ~/Library/Keychains/macos-build.keychain -P "$APPLE_CERT_PASSWORD" -T /usr/bin/codesign +security import $RUNNER_TEMP/certs.p12 -k ~/Library/Keychains/macos-build.keychain -P "$APPLE_CERT_PASSWORD" -T /usr/bin/codesign # Verify keychain things security find-identity -p codesigning -v From a07db27cb65ee3f4ef39de2feb32f83427f00ffc Mon Sep 17 00:00:00 2001 From: delarea Date: Mon, 3 Jun 2024 11:49:02 +0300 Subject: [PATCH 014/222] Test --- signscript.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/signscript.sh b/signscript.sh index 3619c6c24..2048c4657 100755 --- a/signscript.sh +++ b/signscript.sh @@ -36,7 +36,7 @@ ls -la ~/Library/Keychains echo "importing.." # Import certs to keychain -security import $RUNNER_TEMP/certs.p12 -k ~/Library/Keychains/macos-build.keychain -P "$APPLE_CERT_PASSWORD" -T /usr/bin/codesign +security import /Users/runner/work/_temp/certs.p12 -k ~/Library/Keychains/macos-build.keychain -P "$APPLE_CERT_PASSWORD" -T /usr/bin/codesign # Verify keychain things security find-identity -p codesigning -v From 0d1d6fb9f42e3aa508fe87d58a4b6c598ef90ae2 Mon Sep 17 00:00:00 2001 From: delarea Date: Mon, 3 Jun 2024 11:53:52 +0300 Subject: [PATCH 015/222] Test --- signscript.sh | 15 ++++++++------- 1 file changed, 8 insertions(+), 7 deletions(-) diff --git a/signscript.sh b/signscript.sh index 2048c4657..770fae41f 100755 --- a/signscript.sh +++ b/signscript.sh @@ -10,6 +10,13 @@ APPLE_CERT_PASSWORD=$2 # The third argument is assigned to APPLE_TEAM_ID APPLE_TEAM_ID=$3 +# Validate input parameters +if [ -z "$APPLE_CERT_DATA" ] || [ -z "$APPLE_CERT_PASSWORD" ] || [ -z "$APPLE_TEAM_ID" ]; then + echo "Error: Missing input parameters." + echo "Usage: ./signscript.sh APPLE_CERT_DATA APPLE_CERT_PASSWORD APPLE_TEAM_ID" + exit 1 +fi + # shellcheck disable=SC2088 RUNNER_TEMP="/Users/runner/work/_temp" @@ -27,14 +34,8 @@ security default-keychain -s macos-build.keychain security unlock-keychain -p "$APPLE_CERT_PASSWORD" macos-build.keychain security set-keychain-settings -t 3600 -u macos-build.keychain -echo "check keychains content" -# Check keychain content -ls -la ~/Library/Keychains - - - -echo "importing.." +echo "importing /Users/runner/work/_temp/certs.p12.." # Import certs to keychain security import /Users/runner/work/_temp/certs.p12 -k ~/Library/Keychains/macos-build.keychain -P "$APPLE_CERT_PASSWORD" -T /usr/bin/codesign From 450eead816e0d62fad4f565a5ef685b07fd45367 Mon Sep 17 00:00:00 2001 From: delarea Date: Mon, 3 Jun 2024 11:59:13 +0300 Subject: [PATCH 016/222] Test --- .github/workflows/signBinaries.yml | 1 - signscript.sh | 14 ++++++++++++-- 2 files changed, 12 insertions(+), 3 deletions(-) diff --git a/.github/workflows/signBinaries.yml b/.github/workflows/signBinaries.yml index c1130e399..0f784b123 100644 --- a/.github/workflows/signBinaries.yml +++ b/.github/workflows/signBinaries.yml @@ -1,7 +1,6 @@ name: Sign Binaries on: [push] - jobs: SignMacOs: name: SignBinary diff --git a/signscript.sh b/signscript.sh index 770fae41f..a0061fca7 100755 --- a/signscript.sh +++ b/signscript.sh @@ -11,12 +11,22 @@ APPLE_CERT_PASSWORD=$2 APPLE_TEAM_ID=$3 # Validate input parameters -if [ -z "$APPLE_CERT_DATA" ] || [ -z "$APPLE_CERT_PASSWORD" ] || [ -z "$APPLE_TEAM_ID" ]; then - echo "Error: Missing input parameters." +if [ -z "$APPLE_CERT_DATA" ] ; then + echo "Error: Missing input APPLE_CERT_DATA parameters." echo "Usage: ./signscript.sh APPLE_CERT_DATA APPLE_CERT_PASSWORD APPLE_TEAM_ID" exit 1 fi +if [ -z "$APPLE_CERT_PASSWORD" ] ; then + echo "Error: Missing input APPLE_CERT_PASSWORD parameters." + echo "Usage: ./signscript.sh APPLE_CERT_DATA APPLE_CERT_PASSWORD APPLE_TEAM_ID" + exit 1 +fi +if [ -z "$APPLE_TEAM_ID" ]; then + echo "Error: Missing input APPLE_TEAM_ID parameters." + echo "Usage: ./signscript.sh APPLE_CERT_DATA APPLE_CERT_PASSWORD APPLE_TEAM_ID" + exit 1 +fi # shellcheck disable=SC2088 RUNNER_TEMP="/Users/runner/work/_temp" From 591339633a4afbe936edecf9dd3dc2e9ae4dadd6 Mon Sep 17 00:00:00 2001 From: delarea Date: Mon, 3 Jun 2024 12:05:32 +0300 Subject: [PATCH 017/222] Test --- .github/workflows/signBinaries.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/.github/workflows/signBinaries.yml b/.github/workflows/signBinaries.yml index 0f784b123..cd8165688 100644 --- a/.github/workflows/signBinaries.yml +++ b/.github/workflows/signBinaries.yml @@ -18,5 +18,8 @@ jobs: - name: Build run: go build -v . + - name: Debug + run: env | grep APPLE + - name: Sign Binary run: ./signscript.sh ${{ secrets.APPLE_CERT_DATA }} ${{ secrets.APPLE_CERT_PASSWORD }} ${{ secrets.APPLE_TEAM_ID }} \ No newline at end of file From 677133f5045df09b87da5b2b245e9e59ddcd5c95 Mon Sep 17 00:00:00 2001 From: delarea Date: Mon, 3 Jun 2024 12:10:40 +0300 Subject: [PATCH 018/222] Test --- .github/workflows/signBinaries.yml | 16 ++++++++++++++-- signscript.sh | 1 + 2 files changed, 15 insertions(+), 2 deletions(-) diff --git a/.github/workflows/signBinaries.yml b/.github/workflows/signBinaries.yml index cd8165688..38c40452f 100644 --- a/.github/workflows/signBinaries.yml +++ b/.github/workflows/signBinaries.yml @@ -18,8 +18,20 @@ jobs: - name: Build run: go build -v . - - name: Debug - run: env | grep APPLE + - name: Check Secrets + run: | + if [[ -z "${{ secrets.APPLE_CERT_DATA }}" ]]; then + echo "Error: Missing APPLE_CERT_DATA secret." + exit 1 + fi + if [[ -z "${{ secrets.APPLE_CERT_PASSWORD }}" ]]; then + echo "Error: Missing APPLE_CERT_PASSWORD secret." + exit 1 + fi + if [[ -z "${{ secrets.APPLE_TEAM_ID }}" ]]; then + echo "Error: Missing APPLE_TEAM_ID secret." + exit 1 + fi - name: Sign Binary run: ./signscript.sh ${{ secrets.APPLE_CERT_DATA }} ${{ secrets.APPLE_CERT_PASSWORD }} ${{ secrets.APPLE_TEAM_ID }} \ No newline at end of file diff --git a/signscript.sh b/signscript.sh index a0061fca7..12ff5b949 100755 --- a/signscript.sh +++ b/signscript.sh @@ -27,6 +27,7 @@ if [ -z "$APPLE_TEAM_ID" ]; then echo "Usage: ./signscript.sh APPLE_CERT_DATA APPLE_CERT_PASSWORD APPLE_TEAM_ID" exit 1 fi + # shellcheck disable=SC2088 RUNNER_TEMP="/Users/runner/work/_temp" From 161e1d66cf3096ff7659e5a618277329f9391e94 Mon Sep 17 00:00:00 2001 From: delarea Date: Mon, 3 Jun 2024 12:16:06 +0300 Subject: [PATCH 019/222] Test --- .github/workflows/signBinaries.yml | 21 +++++---------------- signscript.sh | 11 +++-------- 2 files changed, 8 insertions(+), 24 deletions(-) diff --git a/.github/workflows/signBinaries.yml b/.github/workflows/signBinaries.yml index 38c40452f..8d57cf245 100644 --- a/.github/workflows/signBinaries.yml +++ b/.github/workflows/signBinaries.yml @@ -18,20 +18,9 @@ jobs: - name: Build run: go build -v . - - name: Check Secrets - run: | - if [[ -z "${{ secrets.APPLE_CERT_DATA }}" ]]; then - echo "Error: Missing APPLE_CERT_DATA secret." - exit 1 - fi - if [[ -z "${{ secrets.APPLE_CERT_PASSWORD }}" ]]; then - echo "Error: Missing APPLE_CERT_PASSWORD secret." - exit 1 - fi - if [[ -z "${{ secrets.APPLE_TEAM_ID }}" ]]; then - echo "Error: Missing APPLE_TEAM_ID secret." - exit 1 - fi - - name: Sign Binary - run: ./signscript.sh ${{ secrets.APPLE_CERT_DATA }} ${{ secrets.APPLE_CERT_PASSWORD }} ${{ secrets.APPLE_TEAM_ID }} \ No newline at end of file + env: + APPLE_CERT_DATA: ${{ secrets.APPLE_CERT_DATA }} + APPLE_CERT_PASSWORD: ${{ secrets.APPLE_CERT_PASSWORD }} + APPLE_TEAM_ID: ${{ secrets.APPLE_TEAM_ID }} + run: ./signscript.sh \ No newline at end of file diff --git a/signscript.sh b/signscript.sh index 12ff5b949..0380a14ae 100755 --- a/signscript.sh +++ b/signscript.sh @@ -1,14 +1,9 @@ #!/bin/bash -# The first argument is assigned to APPLE_CERT_DATA -APPLE_CERT_DATA=$1 - -# The second argument is assigned to APPLE_CERT_PASSWORD -APPLE_CERT_PASSWORD=$2 - -# The third argument is assigned to APPLE_TEAM_ID -APPLE_TEAM_ID=$3 +APPLE_CERT_DATA=$APPLE_CERT_DATA +APPLE_CERT_PASSWORD=$APPLE_CERT_PASSWORD +APPLE_TEAM_ID=$APPLE_TEAM_ID # Validate input parameters if [ -z "$APPLE_CERT_DATA" ] ; then From 10952e881607f082d01dd9a206a63cee290e7131 Mon Sep 17 00:00:00 2001 From: delarea Date: Mon, 3 Jun 2024 12:21:01 +0300 Subject: [PATCH 020/222] Add comments --- signscript.sh | 21 ++++++++------------- 1 file changed, 8 insertions(+), 13 deletions(-) diff --git a/signscript.sh b/signscript.sh index 0380a14ae..7b4cb1a62 100755 --- a/signscript.sh +++ b/signscript.sh @@ -1,6 +1,6 @@ #!/bin/bash - +# Get input parameters from ENV APPLE_CERT_DATA=$APPLE_CERT_DATA APPLE_CERT_PASSWORD=$APPLE_CERT_PASSWORD APPLE_TEAM_ID=$APPLE_TEAM_ID @@ -8,47 +8,42 @@ APPLE_TEAM_ID=$APPLE_TEAM_ID # Validate input parameters if [ -z "$APPLE_CERT_DATA" ] ; then echo "Error: Missing input APPLE_CERT_DATA parameters." - echo "Usage: ./signscript.sh APPLE_CERT_DATA APPLE_CERT_PASSWORD APPLE_TEAM_ID" exit 1 fi if [ -z "$APPLE_CERT_PASSWORD" ] ; then echo "Error: Missing input APPLE_CERT_PASSWORD parameters." - echo "Usage: ./signscript.sh APPLE_CERT_DATA APPLE_CERT_PASSWORD APPLE_TEAM_ID" exit 1 fi if [ -z "$APPLE_TEAM_ID" ]; then echo "Error: Missing input APPLE_TEAM_ID parameters." - echo "Usage: ./signscript.sh APPLE_CERT_DATA APPLE_CERT_PASSWORD APPLE_TEAM_ID" exit 1 fi -# shellcheck disable=SC2088 +# Set temp directory RUNNER_TEMP="/Users/runner/work/_temp" -# Export certs -echo "saving cert data to /tmp/certs.p12" +echo "Saving Certificate to temp files" echo "$APPLE_CERT_DATA" | base64 --decode > $RUNNER_TEMP/certs.p12 -echo "checking p12" -ls -la $RUNNER_TEMP | grep p12 -echo "Creating keyhcains..." -# Create keychain +echo "Creating keychains..." security create-keychain -p "$APPLE_CERT_PASSWORD" macos-build.keychain security default-keychain -s macos-build.keychain security unlock-keychain -p "$APPLE_CERT_PASSWORD" macos-build.keychain security set-keychain-settings -t 3600 -u macos-build.keychain -echo "importing /Users/runner/work/_temp/certs.p12.." +echo "Certificate into keychain..." # Import certs to keychain security import /Users/runner/work/_temp/certs.p12 -k ~/Library/Keychains/macos-build.keychain -P "$APPLE_CERT_PASSWORD" -T /usr/bin/codesign +echo "verifying identity..." # Verify keychain things security find-identity -p codesigning -v -# Force the codesignature +echo "Sign the binary..." codesign -s "$APPLE_TEAM_ID" -f jfrog-cli +echo "Verify binary is signed" codesign -vd ./jfrog-cli \ No newline at end of file From cc97c00490eb31994e65f6312069d023491b330d Mon Sep 17 00:00:00 2001 From: delarea Date: Mon, 3 Jun 2024 12:42:43 +0300 Subject: [PATCH 021/222] TEST --- signscript.sh | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/signscript.sh b/signscript.sh index 7b4cb1a62..e712164a3 100755 --- a/signscript.sh +++ b/signscript.sh @@ -42,8 +42,13 @@ echo "verifying identity..." # Verify keychain things security find-identity -p codesigning -v +echo "unlocking the key" +security unlock-keychain -p "$APPLE_CERT_PASSWORD" macos-build.keychain +security set-key-partition-list -S apple-tool:,apple:, -s -k "$APPLE_CERT_PASSWORD" -D "$APPLE_TEAM_ID" -t private macos-build.keychain + + echo "Sign the binary..." -codesign -s "$APPLE_TEAM_ID" -f jfrog-cli +codesign -s "$APPLE_TEAM_ID" --force jfrog-cli echo "Verify binary is signed" codesign -vd ./jfrog-cli \ No newline at end of file From ca25bef7374dc01e2aa7eb312c1a007ca2a6704f Mon Sep 17 00:00:00 2001 From: delarea Date: Mon, 3 Jun 2024 12:48:36 +0300 Subject: [PATCH 022/222] TEST --- signscript.sh | 45 ++++++++++++++++++--------------------------- 1 file changed, 18 insertions(+), 27 deletions(-) diff --git a/signscript.sh b/signscript.sh index e712164a3..1328cf339 100755 --- a/signscript.sh +++ b/signscript.sh @@ -1,54 +1,45 @@ #!/bin/bash -# Get input parameters from ENV +# Assign environment variables to local variables APPLE_CERT_DATA=$APPLE_CERT_DATA APPLE_CERT_PASSWORD=$APPLE_CERT_PASSWORD APPLE_TEAM_ID=$APPLE_TEAM_ID +RUNNER_TEMP=$RUNNER_TEMP # Validate input parameters -if [ -z "$APPLE_CERT_DATA" ] ; then - echo "Error: Missing input APPLE_CERT_DATA parameters." +if [ -z "$APPLE_CERT_DATA" ] || [ -z "$APPLE_CERT_PASSWORD" ] || [ -z "$APPLE_TEAM_ID" ] ; then + echo "Error: Missing environment variable." exit 1 fi -if [ -z "$APPLE_CERT_PASSWORD" ] ; then - echo "Error: Missing input APPLE_CERT_PASSWORD parameters." - exit 1 -fi -if [ -z "$APPLE_TEAM_ID" ]; then - echo "Error: Missing input APPLE_TEAM_ID parameters." - exit 1 -fi - -# Set temp directory -RUNNER_TEMP="/Users/runner/work/_temp" - +# Save the decoded certificate data to a temporary file echo "Saving Certificate to temp files" -echo "$APPLE_CERT_DATA" | base64 --decode > $RUNNER_TEMP/certs.p12 - +echo "$APPLE_CERT_DATA" | base64 --decode > "$RUNNER_TEMP"/certs.p12 +# Create a new keychain and set it as the default echo "Creating keychains..." security create-keychain -p "$APPLE_CERT_PASSWORD" macos-build.keychain security default-keychain -s macos-build.keychain security unlock-keychain -p "$APPLE_CERT_PASSWORD" macos-build.keychain security set-keychain-settings -t 3600 -u macos-build.keychain +# Import the certificate into the keychain +echo "Importing certificate into keychain..." +security import "$RUNNER_TEMP"/certs.p12 -k ~/Library/Keychains/macos-build.keychain -P "$APPLE_CERT_PASSWORD" -T /usr/bin/codesign -echo "Certificate into keychain..." -# Import certs to keychain -security import /Users/runner/work/_temp/certs.p12 -k ~/Library/Keychains/macos-build.keychain -P "$APPLE_CERT_PASSWORD" -T /usr/bin/codesign - -echo "verifying identity..." -# Verify keychain things +# Verify the identity in the keychain +echo "Verifying identity..." security find-identity -p codesigning -v -echo "unlocking the key" +# Unlock the keychain to allow signing in terminal without asking for password +echo "Unlocking the keychain" security unlock-keychain -p "$APPLE_CERT_PASSWORD" macos-build.keychain security set-key-partition-list -S apple-tool:,apple:, -s -k "$APPLE_CERT_PASSWORD" -D "$APPLE_TEAM_ID" -t private macos-build.keychain - -echo "Sign the binary..." +# Sign the binary +echo "Signing the binary..." codesign -s "$APPLE_TEAM_ID" --force jfrog-cli -echo "Verify binary is signed" +# Verify the binary is signed +echo "Verifying binary is signed" codesign -vd ./jfrog-cli \ No newline at end of file From b6415a3aefb0432e419e9e773015f274fb64bf95 Mon Sep 17 00:00:00 2001 From: delarea Date: Mon, 3 Jun 2024 14:00:38 +0300 Subject: [PATCH 023/222] Update script --- .github/workflows/signBinaries.yml | 2 +- signscript.sh => build/macOsSign/signMacOsBinary.sh | 10 +++++++--- 2 files changed, 8 insertions(+), 4 deletions(-) rename signscript.sh => build/macOsSign/signMacOsBinary.sh (80%) diff --git a/.github/workflows/signBinaries.yml b/.github/workflows/signBinaries.yml index 8d57cf245..c35a3c548 100644 --- a/.github/workflows/signBinaries.yml +++ b/.github/workflows/signBinaries.yml @@ -23,4 +23,4 @@ jobs: APPLE_CERT_DATA: ${{ secrets.APPLE_CERT_DATA }} APPLE_CERT_PASSWORD: ${{ secrets.APPLE_CERT_PASSWORD }} APPLE_TEAM_ID: ${{ secrets.APPLE_TEAM_ID }} - run: ./signscript.sh \ No newline at end of file + run: ./signMacOsBinary.sh \ No newline at end of file diff --git a/signscript.sh b/build/macOsSign/signMacOsBinary.sh similarity index 80% rename from signscript.sh rename to build/macOsSign/signMacOsBinary.sh index 1328cf339..fada779da 100755 --- a/signscript.sh +++ b/build/macOsSign/signMacOsBinary.sh @@ -1,10 +1,14 @@ #!/bin/bash # Assign environment variables to local variables +# Base64 encoded certificate data APPLE_CERT_DATA=$APPLE_CERT_DATA +# Passphrase used to open the certificate APPLE_CERT_PASSWORD=$APPLE_CERT_PASSWORD +# Apple Developer Team ID APPLE_TEAM_ID=$APPLE_TEAM_ID -RUNNER_TEMP=$RUNNER_TEMP +# Set temp dir as runner temp dir +TEMP_DIR=$RUNNER_TEMP # Validate input parameters if [ -z "$APPLE_CERT_DATA" ] || [ -z "$APPLE_CERT_PASSWORD" ] || [ -z "$APPLE_TEAM_ID" ] ; then @@ -14,7 +18,7 @@ fi # Save the decoded certificate data to a temporary file echo "Saving Certificate to temp files" -echo "$APPLE_CERT_DATA" | base64 --decode > "$RUNNER_TEMP"/certs.p12 +echo "$APPLE_CERT_DATA" | base64 --decode > "$TEMP_DIR"/certs.p12 # Create a new keychain and set it as the default echo "Creating keychains..." @@ -25,7 +29,7 @@ security set-keychain-settings -t 3600 -u macos-build.keychain # Import the certificate into the keychain echo "Importing certificate into keychain..." -security import "$RUNNER_TEMP"/certs.p12 -k ~/Library/Keychains/macos-build.keychain -P "$APPLE_CERT_PASSWORD" -T /usr/bin/codesign +security import "$TEMP_DIR"/certs.p12 -k ~/Library/Keychains/macos-build.keychain -P "$APPLE_CERT_PASSWORD" -T /usr/bin/codesign # Verify the identity in the keychain echo "Verifying identity..." From 4d3e17dee82a6f3bb126e8893894b11eefd80119 Mon Sep 17 00:00:00 2001 From: delarea Date: Mon, 3 Jun 2024 14:05:40 +0300 Subject: [PATCH 024/222] Update script path --- .github/workflows/signBinaries.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/signBinaries.yml b/.github/workflows/signBinaries.yml index c35a3c548..c5cf08077 100644 --- a/.github/workflows/signBinaries.yml +++ b/.github/workflows/signBinaries.yml @@ -23,4 +23,4 @@ jobs: APPLE_CERT_DATA: ${{ secrets.APPLE_CERT_DATA }} APPLE_CERT_PASSWORD: ${{ secrets.APPLE_CERT_PASSWORD }} APPLE_TEAM_ID: ${{ secrets.APPLE_TEAM_ID }} - run: ./signMacOsBinary.sh \ No newline at end of file + run: ./build/macOsSign/signMacOsBinary.sh \ No newline at end of file From cc5d97990cdaddd0e7227ac59992d5eaf0a75fa3 Mon Sep 17 00:00:00 2001 From: delarea Date: Mon, 3 Jun 2024 14:09:13 +0300 Subject: [PATCH 025/222] Update --- .../workflows/{signBinaries.yml => signMacOsBinaries.yml} | 5 ++--- build/macOsSign/signMacOsBinary.sh | 6 ------ 2 files changed, 2 insertions(+), 9 deletions(-) rename .github/workflows/{signBinaries.yml => signMacOsBinaries.yml} (92%) diff --git a/.github/workflows/signBinaries.yml b/.github/workflows/signMacOsBinaries.yml similarity index 92% rename from .github/workflows/signBinaries.yml rename to .github/workflows/signMacOsBinaries.yml index c5cf08077..71936c176 100644 --- a/.github/workflows/signBinaries.yml +++ b/.github/workflows/signMacOsBinaries.yml @@ -1,6 +1,5 @@ -name: Sign Binaries - -on: [push] +name: Sign MacOS Binaries +on: workflow_dispatch jobs: SignMacOs: name: SignBinary diff --git a/build/macOsSign/signMacOsBinary.sh b/build/macOsSign/signMacOsBinary.sh index fada779da..7e27b0103 100755 --- a/build/macOsSign/signMacOsBinary.sh +++ b/build/macOsSign/signMacOsBinary.sh @@ -1,12 +1,6 @@ #!/bin/bash # Assign environment variables to local variables -# Base64 encoded certificate data -APPLE_CERT_DATA=$APPLE_CERT_DATA -# Passphrase used to open the certificate -APPLE_CERT_PASSWORD=$APPLE_CERT_PASSWORD -# Apple Developer Team ID -APPLE_TEAM_ID=$APPLE_TEAM_ID # Set temp dir as runner temp dir TEMP_DIR=$RUNNER_TEMP From 7a41d74f7db8715afa7e07e4f6e8a0b80bbbf2e9 Mon Sep 17 00:00:00 2001 From: delarea Date: Mon, 3 Jun 2024 14:12:37 +0300 Subject: [PATCH 026/222] Update --- .github/workflows/signMacOsBinaries.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/signMacOsBinaries.yml b/.github/workflows/signMacOsBinaries.yml index 71936c176..4e9b04a20 100644 --- a/.github/workflows/signMacOsBinaries.yml +++ b/.github/workflows/signMacOsBinaries.yml @@ -1,5 +1,5 @@ name: Sign MacOS Binaries -on: workflow_dispatch +on: [workflow_dispatch] jobs: SignMacOs: name: SignBinary From 6c0d359b76074538dd7f170443d0faee49217485 Mon Sep 17 00:00:00 2001 From: delarea Date: Mon, 3 Jun 2024 14:13:13 +0300 Subject: [PATCH 027/222] Update --- .github/workflows/signMacOsBinaries.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/signMacOsBinaries.yml b/.github/workflows/signMacOsBinaries.yml index 4e9b04a20..729702ae5 100644 --- a/.github/workflows/signMacOsBinaries.yml +++ b/.github/workflows/signMacOsBinaries.yml @@ -1,5 +1,5 @@ name: Sign MacOS Binaries -on: [workflow_dispatch] +on: [push] jobs: SignMacOs: name: SignBinary From 8fee265a0935868f4a19179e625764e8cf9a6105 Mon Sep 17 00:00:00 2001 From: delarea Date: Mon, 3 Jun 2024 14:19:59 +0300 Subject: [PATCH 028/222] Refactor --- build/macOsSign/signMacOsBinary.sh | 21 +++++++++++++-------- 1 file changed, 13 insertions(+), 8 deletions(-) diff --git a/build/macOsSign/signMacOsBinary.sh b/build/macOsSign/signMacOsBinary.sh index 7e27b0103..ed8d2946b 100755 --- a/build/macOsSign/signMacOsBinary.sh +++ b/build/macOsSign/signMacOsBinary.sh @@ -3,6 +3,7 @@ # Assign environment variables to local variables # Set temp dir as runner temp dir TEMP_DIR=$RUNNER_TEMP +KEYCHAIN_NAME="macos-build.keychain" # Validate input parameters if [ -z "$APPLE_CERT_DATA" ] || [ -z "$APPLE_CERT_PASSWORD" ] || [ -z "$APPLE_TEAM_ID" ] ; then @@ -16,14 +17,14 @@ echo "$APPLE_CERT_DATA" | base64 --decode > "$TEMP_DIR"/certs.p12 # Create a new keychain and set it as the default echo "Creating keychains..." -security create-keychain -p "$APPLE_CERT_PASSWORD" macos-build.keychain -security default-keychain -s macos-build.keychain -security unlock-keychain -p "$APPLE_CERT_PASSWORD" macos-build.keychain -security set-keychain-settings -t 3600 -u macos-build.keychain +security create-keychain -p "$APPLE_CERT_PASSWORD" $KEYCHAIN_NAME +security default-keychain -s $KEYCHAIN_NAME +security unlock-keychain -p "$APPLE_CERT_PASSWORD" $KEYCHAIN_NAME +security set-keychain-settings -t 3600 -u $KEYCHAIN_NAME # Import the certificate into the keychain echo "Importing certificate into keychain..." -security import "$TEMP_DIR"/certs.p12 -k ~/Library/Keychains/macos-build.keychain -P "$APPLE_CERT_PASSWORD" -T /usr/bin/codesign +security import "$TEMP_DIR"/certs.p12 -k ~/Library/Keychains/$KEYCHAIN_NAME -P "$APPLE_CERT_PASSWORD" -T /usr/bin/codesign # Verify the identity in the keychain echo "Verifying identity..." @@ -31,8 +32,8 @@ security find-identity -p codesigning -v # Unlock the keychain to allow signing in terminal without asking for password echo "Unlocking the keychain" -security unlock-keychain -p "$APPLE_CERT_PASSWORD" macos-build.keychain -security set-key-partition-list -S apple-tool:,apple:, -s -k "$APPLE_CERT_PASSWORD" -D "$APPLE_TEAM_ID" -t private macos-build.keychain +security unlock-keychain -p "$APPLE_CERT_PASSWORD" $KEYCHAIN_NAME +security set-key-partition-list -S apple-tool:,apple:, -s -k "$APPLE_CERT_PASSWORD" -D "$APPLE_TEAM_ID" -t private $KEYCHAIN_NAME # Sign the binary echo "Signing the binary..." @@ -40,4 +41,8 @@ codesign -s "$APPLE_TEAM_ID" --force jfrog-cli # Verify the binary is signed echo "Verifying binary is signed" -codesign -vd ./jfrog-cli \ No newline at end of file +codesign -vd ./jfrog-cli + +# Cleanup +security delete-keychain $KEYCHAIN_NAME +rm -rf "$TEMP_DIR"/certs.p12 From ed30c5dc59037a58bb9fb43df51220095668858a Mon Sep 17 00:00:00 2001 From: delarea Date: Mon, 3 Jun 2024 14:21:48 +0300 Subject: [PATCH 029/222] Change to manual trigger --- .github/workflows/signMacOsBinaries.yml | 7 ++++--- build/macOsSign/signMacOsBinary.sh | 2 ++ 2 files changed, 6 insertions(+), 3 deletions(-) diff --git a/.github/workflows/signMacOsBinaries.yml b/.github/workflows/signMacOsBinaries.yml index 729702ae5..52e3cc7aa 100644 --- a/.github/workflows/signMacOsBinaries.yml +++ b/.github/workflows/signMacOsBinaries.yml @@ -1,8 +1,9 @@ name: Sign MacOS Binaries -on: [push] +on: + workflow_dispatch: jobs: - SignMacOs: - name: SignBinary + SignBinary: + name: Sign-JFrog-CLI-MacOS-Binary runs-on: macos-latest steps: - name: Setup Go diff --git a/build/macOsSign/signMacOsBinary.sh b/build/macOsSign/signMacOsBinary.sh index ed8d2946b..77069a14d 100755 --- a/build/macOsSign/signMacOsBinary.sh +++ b/build/macOsSign/signMacOsBinary.sh @@ -44,5 +44,7 @@ echo "Verifying binary is signed" codesign -vd ./jfrog-cli # Cleanup +echo "Deleting keychain.." security delete-keychain $KEYCHAIN_NAME +echo "Delete Certificate..." rm -rf "$TEMP_DIR"/certs.p12 From f4f78e1aa630c57739b94602dfa29da022740c9d Mon Sep 17 00:00:00 2001 From: delarea Date: Mon, 3 Jun 2024 15:10:33 +0300 Subject: [PATCH 030/222] Upload artifact --- .github/workflows/signMacOsBinaries.yml | 19 +++++++++++++++---- 1 file changed, 15 insertions(+), 4 deletions(-) diff --git a/.github/workflows/signMacOsBinaries.yml b/.github/workflows/signMacOsBinaries.yml index 52e3cc7aa..0a1b82522 100644 --- a/.github/workflows/signMacOsBinaries.yml +++ b/.github/workflows/signMacOsBinaries.yml @@ -1,10 +1,12 @@ name: Sign MacOS Binaries -on: - workflow_dispatch: +on: [push] jobs: SignBinary: name: Sign-JFrog-CLI-MacOS-Binary - runs-on: macos-latest + runs-on: ${{ matrix.os }} + strategy: + matrix: + os: [macos-latest, macos-arm64] steps: - name: Setup Go uses: actions/setup-go@v5 @@ -23,4 +25,13 @@ jobs: APPLE_CERT_DATA: ${{ secrets.APPLE_CERT_DATA }} APPLE_CERT_PASSWORD: ${{ secrets.APPLE_CERT_PASSWORD }} APPLE_TEAM_ID: ${{ secrets.APPLE_TEAM_ID }} - run: ./build/macOsSign/signMacOsBinary.sh \ No newline at end of file + run: ./build/macOsSign/signMacOsBinary.sh + + - name: Upload Artifact + - uses: actions/upload-artifact@v4 + with: + name: jfrog-cli-${{ matrix.os }} + # A file, directory or wildcard pattern that describes what to upload + # Required. + path: ./jfrog-cli + retention-days: 1 From 8e3c73be053f8922a9214669173ad6c7793b2a2e Mon Sep 17 00:00:00 2001 From: delarea Date: Mon, 3 Jun 2024 15:11:31 +0300 Subject: [PATCH 031/222] Fix syntax --- .github/workflows/signMacOsBinaries.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/signMacOsBinaries.yml b/.github/workflows/signMacOsBinaries.yml index 0a1b82522..50e9b3bbf 100644 --- a/.github/workflows/signMacOsBinaries.yml +++ b/.github/workflows/signMacOsBinaries.yml @@ -28,7 +28,7 @@ jobs: run: ./build/macOsSign/signMacOsBinary.sh - name: Upload Artifact - - uses: actions/upload-artifact@v4 + uses: actions/upload-artifact@v4 with: name: jfrog-cli-${{ matrix.os }} # A file, directory or wildcard pattern that describes what to upload From 52700fa5b1c50c21fe254ec48d266c11284b9a6a Mon Sep 17 00:00:00 2001 From: delarea Date: Mon, 3 Jun 2024 15:40:46 +0300 Subject: [PATCH 032/222] Use build script --- .github/workflows/signMacOsBinaries.yml | 2 +- build/macOsSign/signMacOsBinary.sh | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/signMacOsBinaries.yml b/.github/workflows/signMacOsBinaries.yml index 50e9b3bbf..b5c299d0f 100644 --- a/.github/workflows/signMacOsBinaries.yml +++ b/.github/workflows/signMacOsBinaries.yml @@ -18,7 +18,7 @@ jobs: uses: actions/checkout@v4 - name: Build - run: go build -v . + run: ./build/build.sh - name: Sign Binary env: diff --git a/build/macOsSign/signMacOsBinary.sh b/build/macOsSign/signMacOsBinary.sh index 77069a14d..8eae17d67 100755 --- a/build/macOsSign/signMacOsBinary.sh +++ b/build/macOsSign/signMacOsBinary.sh @@ -37,11 +37,11 @@ security set-key-partition-list -S apple-tool:,apple:, -s -k "$APPLE_CERT_PASSWO # Sign the binary echo "Signing the binary..." -codesign -s "$APPLE_TEAM_ID" --force jfrog-cli +codesign -s "$APPLE_TEAM_ID" --force jf # Verify the binary is signed echo "Verifying binary is signed" -codesign -vd ./jfrog-cli +codesign -vd ./jf # Cleanup echo "Deleting keychain.." From 8b091d86cc1409e0f4db09ed0050f09193121827 Mon Sep 17 00:00:00 2001 From: delarea Date: Mon, 3 Jun 2024 15:44:18 +0300 Subject: [PATCH 033/222] Update builders --- .github/workflows/signMacOsBinaries.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/signMacOsBinaries.yml b/.github/workflows/signMacOsBinaries.yml index b5c299d0f..6b8a6ed74 100644 --- a/.github/workflows/signMacOsBinaries.yml +++ b/.github/workflows/signMacOsBinaries.yml @@ -6,7 +6,7 @@ jobs: runs-on: ${{ matrix.os }} strategy: matrix: - os: [macos-latest, macos-arm64] + os: [macos-latest, macos-14-large] steps: - name: Setup Go uses: actions/setup-go@v5 @@ -30,8 +30,8 @@ jobs: - name: Upload Artifact uses: actions/upload-artifact@v4 with: - name: jfrog-cli-${{ matrix.os }} + name: jf-${{ matrix.os }} # A file, directory or wildcard pattern that describes what to upload # Required. - path: ./jfrog-cli + path: ./jf retention-days: 1 From 456d5d3a177c33a16771c5b8da7599715462d724 Mon Sep 17 00:00:00 2001 From: delarea Date: Mon, 3 Jun 2024 15:56:50 +0300 Subject: [PATCH 034/222] Add commit constraint --- .github/workflows/signMacOsBinaries.yml | 25 ++++++++++++++++++++++--- 1 file changed, 22 insertions(+), 3 deletions(-) diff --git a/.github/workflows/signMacOsBinaries.yml b/.github/workflows/signMacOsBinaries.yml index 6b8a6ed74..a7abe44f7 100644 --- a/.github/workflows/signMacOsBinaries.yml +++ b/.github/workflows/signMacOsBinaries.yml @@ -1,7 +1,28 @@ name: Sign MacOS Binaries on: [push] jobs: + # Verify a commit message and extract the upgraded version number. + check_commit: + runs-on: ubuntu-latest + outputs: + match: ${{ steps.regex.outputs.match }} + version: ${{ steps.regex.outputs.version }} + steps: + - id: regex + uses: actions/github-script@v5 + with: + script: | + const message = context.payload.head_commit.message; + const regex = /^Bump version from \d+\.\d+\.\d+ to (\d+\.\d+\.\d+)$/; + const match = message.match(regex); + if (match) { + return { match: true, version: match[1] }; + } else { + return { match: false, version: '' }; + } + # Sign the JFrog CLI binary for macOS SignBinary: + needs: check_commit name: Sign-JFrog-CLI-MacOS-Binary runs-on: ${{ matrix.os }} strategy: @@ -30,8 +51,6 @@ jobs: - name: Upload Artifact uses: actions/upload-artifact@v4 with: - name: jf-${{ matrix.os }} - # A file, directory or wildcard pattern that describes what to upload - # Required. + name: jf-${{ matrix.os }}-${{ needs.check_commit.outputs.version }} path: ./jf retention-days: 1 From 235cf3c51105a41321928628391f22a6d2a7505b Mon Sep 17 00:00:00 2001 From: delarea Date: Mon, 3 Jun 2024 15:59:32 +0300 Subject: [PATCH 035/222] Add commit constraint --- .github/workflows/signMacOsBinaries.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/.github/workflows/signMacOsBinaries.yml b/.github/workflows/signMacOsBinaries.yml index a7abe44f7..f482b5130 100644 --- a/.github/workflows/signMacOsBinaries.yml +++ b/.github/workflows/signMacOsBinaries.yml @@ -2,7 +2,7 @@ name: Sign MacOS Binaries on: [push] jobs: # Verify a commit message and extract the upgraded version number. - check_commit: + is_version_upgrade: runs-on: ubuntu-latest outputs: match: ${{ steps.regex.outputs.match }} @@ -23,6 +23,7 @@ jobs: # Sign the JFrog CLI binary for macOS SignBinary: needs: check_commit + if: needs.check_commit.outputs.match == 'true' name: Sign-JFrog-CLI-MacOS-Binary runs-on: ${{ matrix.os }} strategy: From 94ad9cd09ee83cbec128b307de091856a519d78b Mon Sep 17 00:00:00 2001 From: delarea Date: Mon, 3 Jun 2024 16:00:02 +0300 Subject: [PATCH 036/222] Fix --- .github/workflows/signMacOsBinaries.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/signMacOsBinaries.yml b/.github/workflows/signMacOsBinaries.yml index f482b5130..905420457 100644 --- a/.github/workflows/signMacOsBinaries.yml +++ b/.github/workflows/signMacOsBinaries.yml @@ -22,8 +22,8 @@ jobs: } # Sign the JFrog CLI binary for macOS SignBinary: - needs: check_commit - if: needs.check_commit.outputs.match == 'true' + needs: is_version_upgrade + if: needs.is_version_upgrade.outputs.match == 'true' name: Sign-JFrog-CLI-MacOS-Binary runs-on: ${{ matrix.os }} strategy: From f3b46d63eb68e9648ee947a4264e6394686e7b8b Mon Sep 17 00:00:00 2001 From: delarea Date: Mon, 3 Jun 2024 16:01:57 +0300 Subject: [PATCH 037/222] update github script --- .github/workflows/signMacOsBinaries.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/signMacOsBinaries.yml b/.github/workflows/signMacOsBinaries.yml index 905420457..1c5c928e9 100644 --- a/.github/workflows/signMacOsBinaries.yml +++ b/.github/workflows/signMacOsBinaries.yml @@ -9,7 +9,7 @@ jobs: version: ${{ steps.regex.outputs.version }} steps: - id: regex - uses: actions/github-script@v5 + uses: actions/github-script@v7 with: script: | const message = context.payload.head_commit.message; From 14dac7eda2201dbb70694802b89af66cca983828 Mon Sep 17 00:00:00 2001 From: delarea Date: Mon, 3 Jun 2024 16:02:26 +0300 Subject: [PATCH 038/222] Bump version from 1.0.0 to 2.0.0 From eb7e99bfe3f2641c0a511392a6760702447cde55 Mon Sep 17 00:00:00 2001 From: delarea Date: Mon, 3 Jun 2024 16:06:06 +0300 Subject: [PATCH 039/222] Debug --- .github/workflows/signMacOsBinaries.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.github/workflows/signMacOsBinaries.yml b/.github/workflows/signMacOsBinaries.yml index 1c5c928e9..aa9635025 100644 --- a/.github/workflows/signMacOsBinaries.yml +++ b/.github/workflows/signMacOsBinaries.yml @@ -13,8 +13,10 @@ jobs: with: script: | const message = context.payload.head_commit.message; + console.log('Commit message:', message); const regex = /^Bump version from \d+\.\d+\.\d+ to (\d+\.\d+\.\d+)$/; const match = message.match(regex); + console.log('Match:', match); if (match) { return { match: true, version: match[1] }; } else { From 4165736e9345e7f6e360c84b8896ca6178d04dc0 Mon Sep 17 00:00:00 2001 From: delarea Date: Mon, 3 Jun 2024 16:06:48 +0300 Subject: [PATCH 040/222] Bump version from 1.0.0 to 2.0.0 From f3d3d9c2ac6868bfb9bb07c98394a1fcaf0ca766 Mon Sep 17 00:00:00 2001 From: delarea Date: Mon, 3 Jun 2024 16:09:47 +0300 Subject: [PATCH 041/222] Bump version 1.0.0 to 2.0.0 --- .github/workflows/signMacOsBinaries.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/signMacOsBinaries.yml b/.github/workflows/signMacOsBinaries.yml index aa9635025..19ff51e3c 100644 --- a/.github/workflows/signMacOsBinaries.yml +++ b/.github/workflows/signMacOsBinaries.yml @@ -25,7 +25,7 @@ jobs: # Sign the JFrog CLI binary for macOS SignBinary: needs: is_version_upgrade - if: needs.is_version_upgrade.outputs.match == 'true' + if: ${{needs.is_version_upgrade.outputs.match}} name: Sign-JFrog-CLI-MacOS-Binary runs-on: ${{ matrix.os }} strategy: From 1fec8ad7f5355c156b90ecc9fcca80472287a11f Mon Sep 17 00:00:00 2001 From: delarea Date: Mon, 3 Jun 2024 16:10:37 +0300 Subject: [PATCH 042/222] Bump version from 1.0.0 to 2.0.0 From d7a965a491942ca42c145e025a2fd4e35ac5bdfc Mon Sep 17 00:00:00 2001 From: delarea Date: Mon, 3 Jun 2024 16:11:37 +0300 Subject: [PATCH 043/222] Bump version from 1.0.0 to 2.0.0 --- .github/workflows/signMacOsBinaries.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/.github/workflows/signMacOsBinaries.yml b/.github/workflows/signMacOsBinaries.yml index 19ff51e3c..a778d37d1 100644 --- a/.github/workflows/signMacOsBinaries.yml +++ b/.github/workflows/signMacOsBinaries.yml @@ -25,7 +25,6 @@ jobs: # Sign the JFrog CLI binary for macOS SignBinary: needs: is_version_upgrade - if: ${{needs.is_version_upgrade.outputs.match}} name: Sign-JFrog-CLI-MacOS-Binary runs-on: ${{ matrix.os }} strategy: From df84972447a9dd44fa90068873f68e4fbb8d1c7a Mon Sep 17 00:00:00 2001 From: delarea Date: Mon, 3 Jun 2024 16:12:24 +0300 Subject: [PATCH 044/222] test commit From d4c1bf3f3798dccc964c62516a2b5523bddd9382 Mon Sep 17 00:00:00 2001 From: delarea Date: Mon, 3 Jun 2024 16:14:26 +0300 Subject: [PATCH 045/222] Bump version from 1.0.0 to 2.0.0 --- .github/workflows/signMacOsBinaries.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/signMacOsBinaries.yml b/.github/workflows/signMacOsBinaries.yml index a778d37d1..eb4a998a7 100644 --- a/.github/workflows/signMacOsBinaries.yml +++ b/.github/workflows/signMacOsBinaries.yml @@ -25,6 +25,7 @@ jobs: # Sign the JFrog CLI binary for macOS SignBinary: needs: is_version_upgrade + if: ${{needs.is_version_upgrade.outputs.match == 'true' }} name: Sign-JFrog-CLI-MacOS-Binary runs-on: ${{ matrix.os }} strategy: From f57d39203800cbcaed87b41ade563461b1cad824 Mon Sep 17 00:00:00 2001 From: delarea Date: Mon, 3 Jun 2024 16:16:02 +0300 Subject: [PATCH 046/222] Bump version from 1.0.0 to 2.0.0 --- .github/workflows/signMacOsBinaries.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/signMacOsBinaries.yml b/.github/workflows/signMacOsBinaries.yml index eb4a998a7..f8c803125 100644 --- a/.github/workflows/signMacOsBinaries.yml +++ b/.github/workflows/signMacOsBinaries.yml @@ -15,9 +15,9 @@ jobs: const message = context.payload.head_commit.message; console.log('Commit message:', message); const regex = /^Bump version from \d+\.\d+\.\d+ to (\d+\.\d+\.\d+)$/; - const match = message.match(regex); - console.log('Match:', match); - if (match) { + const regexMatch = message.match(regex); + console.log('Match:', regexMatch); + if (regexMatch) { return { match: true, version: match[1] }; } else { return { match: false, version: '' }; From bdf0e3cbdaf68cea2d5467e0e1e24a67bbf021b4 Mon Sep 17 00:00:00 2001 From: delarea Date: Mon, 3 Jun 2024 16:17:01 +0300 Subject: [PATCH 047/222] Bump version from 1.0.0 to 2.0.0 --- .github/workflows/signMacOsBinaries.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/signMacOsBinaries.yml b/.github/workflows/signMacOsBinaries.yml index f8c803125..c30a2b120 100644 --- a/.github/workflows/signMacOsBinaries.yml +++ b/.github/workflows/signMacOsBinaries.yml @@ -18,7 +18,7 @@ jobs: const regexMatch = message.match(regex); console.log('Match:', regexMatch); if (regexMatch) { - return { match: true, version: match[1] }; + return { match: true, version: regexMatch[1] }; } else { return { match: false, version: '' }; } From 819e49c0d985ba7c6dc4c0a9e78472b97b89a9b5 Mon Sep 17 00:00:00 2001 From: delarea Date: Mon, 3 Jun 2024 16:18:42 +0300 Subject: [PATCH 048/222] Bump version from 1.0.0 to 2.0.0 --- .github/workflows/signMacOsBinaries.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/signMacOsBinaries.yml b/.github/workflows/signMacOsBinaries.yml index c30a2b120..488736ee1 100644 --- a/.github/workflows/signMacOsBinaries.yml +++ b/.github/workflows/signMacOsBinaries.yml @@ -25,7 +25,7 @@ jobs: # Sign the JFrog CLI binary for macOS SignBinary: needs: is_version_upgrade - if: ${{needs.is_version_upgrade.outputs.match == 'true' }} + if: needs.is_version_upgrade.outputs.match name: Sign-JFrog-CLI-MacOS-Binary runs-on: ${{ matrix.os }} strategy: From 81bc53a8f9199cd6e5470e4f8cc1cf5c499ec637 Mon Sep 17 00:00:00 2001 From: delarea Date: Mon, 3 Jun 2024 16:20:07 +0300 Subject: [PATCH 049/222] Test --- .github/workflows/signMacOsBinaries.yml | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/.github/workflows/signMacOsBinaries.yml b/.github/workflows/signMacOsBinaries.yml index 488736ee1..cbecc49c2 100644 --- a/.github/workflows/signMacOsBinaries.yml +++ b/.github/workflows/signMacOsBinaries.yml @@ -22,6 +22,14 @@ jobs: } else { return { match: false, version: '' }; } + job2: + runs-on: ubuntu-latest + needs: is_version_upgrade + steps: + - env: + OUTPUT1: ${{needs.is_version_upgrade.outputs.match}} + OUTPUT2: ${{needs.is_version_upgrade.outputs.version}} + run: echo "$OUTPUT1 $OUTPUT2" # Sign the JFrog CLI binary for macOS SignBinary: needs: is_version_upgrade From f6165e68266c5c802186b4b45d51d6f52d2d9dfd Mon Sep 17 00:00:00 2001 From: delarea Date: Mon, 3 Jun 2024 16:27:04 +0300 Subject: [PATCH 050/222] Test vars --- .github/workflows/signMacOsBinaries.yml | 8 ++------ 1 file changed, 2 insertions(+), 6 deletions(-) diff --git a/.github/workflows/signMacOsBinaries.yml b/.github/workflows/signMacOsBinaries.yml index cbecc49c2..f21b6899e 100644 --- a/.github/workflows/signMacOsBinaries.yml +++ b/.github/workflows/signMacOsBinaries.yml @@ -5,7 +5,6 @@ jobs: is_version_upgrade: runs-on: ubuntu-latest outputs: - match: ${{ steps.regex.outputs.match }} version: ${{ steps.regex.outputs.version }} steps: - id: regex @@ -18,22 +17,19 @@ jobs: const regexMatch = message.match(regex); console.log('Match:', regexMatch); if (regexMatch) { - return { match: true, version: regexMatch[1] }; - } else { - return { match: false, version: '' }; + echo regexMatch[1] >> "$GITHUB_OUTPUT" } job2: runs-on: ubuntu-latest needs: is_version_upgrade steps: - env: - OUTPUT1: ${{needs.is_version_upgrade.outputs.match}} OUTPUT2: ${{needs.is_version_upgrade.outputs.version}} run: echo "$OUTPUT1 $OUTPUT2" # Sign the JFrog CLI binary for macOS SignBinary: needs: is_version_upgrade - if: needs.is_version_upgrade.outputs.match + if: needs.is_version_upgrade.outputs.version name: Sign-JFrog-CLI-MacOS-Binary runs-on: ${{ matrix.os }} strategy: From e1fe670ac7c092f1e85c6df145d3ae8d550b6906 Mon Sep 17 00:00:00 2001 From: delarea Date: Mon, 3 Jun 2024 16:33:36 +0300 Subject: [PATCH 051/222] Simplify --- .github/workflows/signMacOsBinaries.yml | 30 ++----------------------- 1 file changed, 2 insertions(+), 28 deletions(-) diff --git a/.github/workflows/signMacOsBinaries.yml b/.github/workflows/signMacOsBinaries.yml index f21b6899e..ccc4a0507 100644 --- a/.github/workflows/signMacOsBinaries.yml +++ b/.github/workflows/signMacOsBinaries.yml @@ -1,35 +1,9 @@ name: Sign MacOS Binaries on: [push] jobs: - # Verify a commit message and extract the upgraded version number. - is_version_upgrade: - runs-on: ubuntu-latest - outputs: - version: ${{ steps.regex.outputs.version }} - steps: - - id: regex - uses: actions/github-script@v7 - with: - script: | - const message = context.payload.head_commit.message; - console.log('Commit message:', message); - const regex = /^Bump version from \d+\.\d+\.\d+ to (\d+\.\d+\.\d+)$/; - const regexMatch = message.match(regex); - console.log('Match:', regexMatch); - if (regexMatch) { - echo regexMatch[1] >> "$GITHUB_OUTPUT" - } - job2: - runs-on: ubuntu-latest - needs: is_version_upgrade - steps: - - env: - OUTPUT2: ${{needs.is_version_upgrade.outputs.version}} - run: echo "$OUTPUT1 $OUTPUT2" # Sign the JFrog CLI binary for macOS SignBinary: - needs: is_version_upgrade - if: needs.is_version_upgrade.outputs.version + if: ${{ !contains(github.event.head_commit.message, 'Bump version from') }} name: Sign-JFrog-CLI-MacOS-Binary runs-on: ${{ matrix.os }} strategy: @@ -58,6 +32,6 @@ jobs: - name: Upload Artifact uses: actions/upload-artifact@v4 with: - name: jf-${{ matrix.os }}-${{ needs.check_commit.outputs.version }} + name: jf-${{ matrix.os }} path: ./jf retention-days: 1 From 2d140657768384971118c13963d7a2c0daf9c0f6 Mon Sep 17 00:00:00 2001 From: Eyal Delarea Date: Tue, 4 Jun 2024 10:40:24 +0300 Subject: [PATCH 052/222] Update signMacOsBinaries.yml --- .github/workflows/signMacOsBinaries.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/signMacOsBinaries.yml b/.github/workflows/signMacOsBinaries.yml index ccc4a0507..92d485dfc 100644 --- a/.github/workflows/signMacOsBinaries.yml +++ b/.github/workflows/signMacOsBinaries.yml @@ -5,10 +5,10 @@ jobs: SignBinary: if: ${{ !contains(github.event.head_commit.message, 'Bump version from') }} name: Sign-JFrog-CLI-MacOS-Binary - runs-on: ${{ matrix.os }} + runs-on: macos-latest strategy: matrix: - os: [macos-latest, macos-14-large] + goarch: [arm64,amd64] steps: - name: Setup Go uses: actions/setup-go@v5 @@ -32,6 +32,6 @@ jobs: - name: Upload Artifact uses: actions/upload-artifact@v4 with: - name: jf-${{ matrix.os }} + name: jf-darwin-${{ matrix.goarch }} path: ./jf retention-days: 1 From c874f15c4d4d9e0735d1e47ef68b8275e0c8ecb4 Mon Sep 17 00:00:00 2001 From: delarea Date: Tue, 4 Jun 2024 12:14:54 +0300 Subject: [PATCH 053/222] Export env --- .github/workflows/signMacOsBinaries.yml | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/.github/workflows/signMacOsBinaries.yml b/.github/workflows/signMacOsBinaries.yml index 92d485dfc..f5d3b10cf 100644 --- a/.github/workflows/signMacOsBinaries.yml +++ b/.github/workflows/signMacOsBinaries.yml @@ -3,7 +3,7 @@ on: [push] jobs: # Sign the JFrog CLI binary for macOS SignBinary: - if: ${{ !contains(github.event.head_commit.message, 'Bump version from') }} + if: ${{ contains(github.event.head_commit.message, 'Bump version from') }} name: Sign-JFrog-CLI-MacOS-Binary runs-on: macos-latest strategy: @@ -16,6 +16,9 @@ jobs: go-version: 1.22.x cache: false + - name: Set Environment Variable + run: echo "goarch=${{ matrix.goarch }}" >> $GITHUB_ENV + - name: Checkout Source uses: actions/checkout@v4 From 089e03a77fde26a390024bcbaeb8e13e69c39478 Mon Sep 17 00:00:00 2001 From: delarea Date: Tue, 4 Jun 2024 12:44:32 +0300 Subject: [PATCH 054/222] Test Delete old artifacts --- .github/workflows/signMacOsBinaries.yml | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/.github/workflows/signMacOsBinaries.yml b/.github/workflows/signMacOsBinaries.yml index f5d3b10cf..27d92ed09 100644 --- a/.github/workflows/signMacOsBinaries.yml +++ b/.github/workflows/signMacOsBinaries.yml @@ -2,8 +2,13 @@ name: Sign MacOS Binaries on: [push] jobs: # Sign the JFrog CLI binary for macOS + DeleteOldArtifacts: + - uses: kolpav/purge-artifacts-action@v1 + with: + token: ${{ secrets.JF_GIT_TOKEN }} + expire-in: 0 # Setting this to 0 will delete all artifacts SignBinary: - if: ${{ contains(github.event.head_commit.message, 'Bump version from') }} + # if: ${{ contains(github.event.head_commit.message, 'Bump version from') }} name: Sign-JFrog-CLI-MacOS-Binary runs-on: macos-latest strategy: From 85cb329198c4ccbc68038ea8baca9ea39f8e647f Mon Sep 17 00:00:00 2001 From: delarea Date: Tue, 4 Jun 2024 12:45:45 +0300 Subject: [PATCH 055/222] Test Delete old artifacts --- .github/workflows/signMacOsBinaries.yml | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) diff --git a/.github/workflows/signMacOsBinaries.yml b/.github/workflows/signMacOsBinaries.yml index 27d92ed09..ea3980082 100644 --- a/.github/workflows/signMacOsBinaries.yml +++ b/.github/workflows/signMacOsBinaries.yml @@ -3,12 +3,16 @@ on: [push] jobs: # Sign the JFrog CLI binary for macOS DeleteOldArtifacts: - - uses: kolpav/purge-artifacts-action@v1 - with: - token: ${{ secrets.JF_GIT_TOKEN }} - expire-in: 0 # Setting this to 0 will delete all artifacts + - name: Delete-Old-Artifacts + runs-on: ubuntu-latest + steps: + - uses: kolpav/purge-artifacts-action@v1 + with: + token: ${{ secrets.JF_GIT_TOKEN }} + expire-in: 0 # Setting this to 0 will delete all artifacts SignBinary: # if: ${{ contains(github.event.head_commit.message, 'Bump version from') }} + needs: DeleteOldArtifacts name: Sign-JFrog-CLI-MacOS-Binary runs-on: macos-latest strategy: From 9f3b55c6cf211628556c8944af2b805528ad9242 Mon Sep 17 00:00:00 2001 From: delarea Date: Tue, 4 Jun 2024 12:46:23 +0300 Subject: [PATCH 056/222] Fix syntax --- .github/workflows/signMacOsBinaries.yml | 13 ++++++------- 1 file changed, 6 insertions(+), 7 deletions(-) diff --git a/.github/workflows/signMacOsBinaries.yml b/.github/workflows/signMacOsBinaries.yml index ea3980082..7f08a1204 100644 --- a/.github/workflows/signMacOsBinaries.yml +++ b/.github/workflows/signMacOsBinaries.yml @@ -1,15 +1,14 @@ name: Sign MacOS Binaries -on: [push] +on: [ push ] jobs: - # Sign the JFrog CLI binary for macOS DeleteOldArtifacts: - name: Delete-Old-Artifacts runs-on: ubuntu-latest steps: - - uses: kolpav/purge-artifacts-action@v1 - with: - token: ${{ secrets.JF_GIT_TOKEN }} - expire-in: 0 # Setting this to 0 will delete all artifacts + - uses: kolpav/purge-artifacts-action@v1 + with: + token: ${{ secrets.JF_GIT_TOKEN }} + expire-in: 0 # Setting this to 0 will delete all artifacts SignBinary: # if: ${{ contains(github.event.head_commit.message, 'Bump version from') }} needs: DeleteOldArtifacts @@ -17,7 +16,7 @@ jobs: runs-on: macos-latest strategy: matrix: - goarch: [arm64,amd64] + goarch: [ arm64,amd64 ] steps: - name: Setup Go uses: actions/setup-go@v5 From 42a3494bdad0803104b25aa815ae67c083cf6bea Mon Sep 17 00:00:00 2001 From: delarea Date: Tue, 4 Jun 2024 12:46:44 +0300 Subject: [PATCH 057/222] Fix syntax --- .github/workflows/signMacOsBinaries.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/signMacOsBinaries.yml b/.github/workflows/signMacOsBinaries.yml index 7f08a1204..e3cb06bfa 100644 --- a/.github/workflows/signMacOsBinaries.yml +++ b/.github/workflows/signMacOsBinaries.yml @@ -2,7 +2,7 @@ name: Sign MacOS Binaries on: [ push ] jobs: DeleteOldArtifacts: - - name: Delete-Old-Artifacts + name: Delete-Old-Artifacts runs-on: ubuntu-latest steps: - uses: kolpav/purge-artifacts-action@v1 From a219287bc5633a541713ac61d7169cd969deac9b Mon Sep 17 00:00:00 2001 From: delarea Date: Tue, 4 Jun 2024 14:33:25 +0300 Subject: [PATCH 058/222] Refactor --- ...gnMacOsBinaries.yml => createMacOSBinaries.yml} | 14 ++++++++++---- 1 file changed, 10 insertions(+), 4 deletions(-) rename .github/workflows/{signMacOsBinaries.yml => createMacOSBinaries.yml} (77%) diff --git a/.github/workflows/signMacOsBinaries.yml b/.github/workflows/createMacOSBinaries.yml similarity index 77% rename from .github/workflows/signMacOsBinaries.yml rename to .github/workflows/createMacOSBinaries.yml index e3cb06bfa..499b3d867 100644 --- a/.github/workflows/signMacOsBinaries.yml +++ b/.github/workflows/createMacOSBinaries.yml @@ -1,6 +1,10 @@ -name: Sign MacOS Binaries +# This workflow is responsible for building and signing and uploading macOS CLI binaries. +# The CLI release job will consume the produced binaries. +name: Prepare MacOS binaries for CLI release on: [ push ] jobs: + # Delete old artifacts before signing new binaries + # To allow the release job to better find the signed binaries DeleteOldArtifacts: name: Delete-Old-Artifacts runs-on: ubuntu-latest @@ -9,7 +13,7 @@ jobs: with: token: ${{ secrets.JF_GIT_TOKEN }} expire-in: 0 # Setting this to 0 will delete all artifacts - SignBinary: + prepareBinary: # if: ${{ contains(github.event.head_commit.message, 'Bump version from') }} needs: DeleteOldArtifacts name: Sign-JFrog-CLI-MacOS-Binary @@ -18,6 +22,7 @@ jobs: matrix: goarch: [ arm64,amd64 ] steps: + # Setup - name: Setup Go uses: actions/setup-go@v5 with: @@ -27,12 +32,12 @@ jobs: - name: Set Environment Variable run: echo "goarch=${{ matrix.goarch }}" >> $GITHUB_ENV + # Build - name: Checkout Source uses: actions/checkout@v4 - - - name: Build run: ./build/build.sh + # Sign - name: Sign Binary env: APPLE_CERT_DATA: ${{ secrets.APPLE_CERT_DATA }} @@ -40,6 +45,7 @@ jobs: APPLE_TEAM_ID: ${{ secrets.APPLE_TEAM_ID }} run: ./build/macOsSign/signMacOsBinary.sh + # Upload - name: Upload Artifact uses: actions/upload-artifact@v4 with: From 852b7bfc5cf32f86252aee2e2eba5cd5243d9c1a Mon Sep 17 00:00:00 2001 From: delarea Date: Tue, 4 Jun 2024 14:33:47 +0300 Subject: [PATCH 059/222] Refactor --- .github/workflows/createMacOSBinaries.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/createMacOSBinaries.yml b/.github/workflows/createMacOSBinaries.yml index 499b3d867..cc39f3cb9 100644 --- a/.github/workflows/createMacOSBinaries.yml +++ b/.github/workflows/createMacOSBinaries.yml @@ -35,6 +35,7 @@ jobs: # Build - name: Checkout Source uses: actions/checkout@v4 + - name: Build run: ./build/build.sh # Sign From 0ba3e2d8bb38c23f836508b76ee91b357c7f5ab4 Mon Sep 17 00:00:00 2001 From: delarea Date: Tue, 4 Jun 2024 15:27:39 +0300 Subject: [PATCH 060/222] Refactor --- .github/workflows/createMacOSBinaries.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/createMacOSBinaries.yml b/.github/workflows/createMacOSBinaries.yml index cc39f3cb9..54e81bcd4 100644 --- a/.github/workflows/createMacOSBinaries.yml +++ b/.github/workflows/createMacOSBinaries.yml @@ -16,7 +16,7 @@ jobs: prepareBinary: # if: ${{ contains(github.event.head_commit.message, 'Bump version from') }} needs: DeleteOldArtifacts - name: Sign-JFrog-CLI-MacOS-Binary + name: Prepare-MacOS-Binary runs-on: macos-latest strategy: matrix: From 4c40e2ec0c52cbbfb4d115948da5b316cf108759 Mon Sep 17 00:00:00 2001 From: delarea Date: Tue, 4 Jun 2024 15:37:15 +0300 Subject: [PATCH 061/222] Test --- .github/workflows/createMacOSBinaries.yml | 35 +++++++++++++++-------- 1 file changed, 23 insertions(+), 12 deletions(-) diff --git a/.github/workflows/createMacOSBinaries.yml b/.github/workflows/createMacOSBinaries.yml index 54e81bcd4..e90a207d3 100644 --- a/.github/workflows/createMacOSBinaries.yml +++ b/.github/workflows/createMacOSBinaries.yml @@ -5,19 +5,30 @@ on: [ push ] jobs: # Delete old artifacts before signing new binaries # To allow the release job to better find the signed binaries - DeleteOldArtifacts: - name: Delete-Old-Artifacts - runs-on: ubuntu-latest - steps: - - uses: kolpav/purge-artifacts-action@v1 - with: - token: ${{ secrets.JF_GIT_TOKEN }} - expire-in: 0 # Setting this to 0 will delete all artifacts + Test: + name: test extract version + runs-on: ubuntu-latest + steps: + - name: Extract version + id: extract_version + run: | + VERSION=$(echo "${{ github.event.head_commit.message }}" | awk -F'to ' '{print $2}' | sed 's/[^0-9.]*//g') + echo "::set-output name=version::$VERSION" + run: echo "releaseVersion=VERSION" >> $GITHUB_ENV + +# DeleteOldArtifacts: +# name: Delete-Old-Artifacts +# runs-on: ubuntu-latest +# steps: +# - uses: kolpav/purge-artifacts-action@v1 +# with: +# token: ${{ secrets.JF_GIT_TOKEN }} +# expire-in: 0 # Setting this to 0 will delete all artifacts prepareBinary: - # if: ${{ contains(github.event.head_commit.message, 'Bump version from') }} - needs: DeleteOldArtifacts - name: Prepare-MacOS-Binary +# needs: DeleteOldArtifacts + name: Prepare-Binary runs-on: macos-latest + if: ${{ contains(github.event.head_commit.message, 'Bump version from') }} strategy: matrix: goarch: [ arm64,amd64 ] @@ -50,6 +61,6 @@ jobs: - name: Upload Artifact uses: actions/upload-artifact@v4 with: - name: jf-darwin-${{ matrix.goarch }} + name: jf-darwin-v${{ releaseVersion }}-${{ matrix.goarch }} path: ./jf retention-days: 1 From 7cc9cfd4cb6d4986c50d434341b4e74882e50acd Mon Sep 17 00:00:00 2001 From: delarea Date: Tue, 4 Jun 2024 15:37:47 +0300 Subject: [PATCH 062/222] Test --- .github/workflows/createMacOSBinaries.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/createMacOSBinaries.yml b/.github/workflows/createMacOSBinaries.yml index e90a207d3..4273c61f5 100644 --- a/.github/workflows/createMacOSBinaries.yml +++ b/.github/workflows/createMacOSBinaries.yml @@ -61,6 +61,6 @@ jobs: - name: Upload Artifact uses: actions/upload-artifact@v4 with: - name: jf-darwin-v${{ releaseVersion }}-${{ matrix.goarch }} + name: jf-darwin-v${{ env.releaseVersion }}-${{ matrix.goarch }} path: ./jf retention-days: 1 From 6ab6ffd4c7d59434fbc24b43d483872e77ea9118 Mon Sep 17 00:00:00 2001 From: delarea Date: Tue, 4 Jun 2024 15:38:37 +0300 Subject: [PATCH 063/222] bump version from 1.2.3 to 4.5.6 --- .github/workflows/createMacOSBinaries.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/createMacOSBinaries.yml b/.github/workflows/createMacOSBinaries.yml index 4273c61f5..bfe6171b2 100644 --- a/.github/workflows/createMacOSBinaries.yml +++ b/.github/workflows/createMacOSBinaries.yml @@ -13,7 +13,7 @@ jobs: id: extract_version run: | VERSION=$(echo "${{ github.event.head_commit.message }}" | awk -F'to ' '{print $2}' | sed 's/[^0-9.]*//g') - echo "::set-output name=version::$VERSION" + echo $VERSION run: echo "releaseVersion=VERSION" >> $GITHUB_ENV # DeleteOldArtifacts: From d9772f839f67f57fbd0bfd0b3fef9783bbffb303 Mon Sep 17 00:00:00 2001 From: delarea Date: Tue, 4 Jun 2024 15:39:16 +0300 Subject: [PATCH 064/222] bump version from 1.2.3 to 4.5.7 --- .github/workflows/createMacOSBinaries.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/createMacOSBinaries.yml b/.github/workflows/createMacOSBinaries.yml index bfe6171b2..62aea3360 100644 --- a/.github/workflows/createMacOSBinaries.yml +++ b/.github/workflows/createMacOSBinaries.yml @@ -14,7 +14,7 @@ jobs: run: | VERSION=$(echo "${{ github.event.head_commit.message }}" | awk -F'to ' '{print $2}' | sed 's/[^0-9.]*//g') echo $VERSION - run: echo "releaseVersion=VERSION" >> $GITHUB_ENV + echo "releaseVersion=VERSION" >> $GITHUB_ENV # DeleteOldArtifacts: # name: Delete-Old-Artifacts From 0f42530dc9c085649862e5b891a8ac071a255f8a Mon Sep 17 00:00:00 2001 From: delarea Date: Tue, 4 Jun 2024 15:44:53 +0300 Subject: [PATCH 065/222] Bump version from 0.0.0 to 1.2.2 --- .github/workflows/createMacOSBinaries.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.github/workflows/createMacOSBinaries.yml b/.github/workflows/createMacOSBinaries.yml index 62aea3360..47b0f7a38 100644 --- a/.github/workflows/createMacOSBinaries.yml +++ b/.github/workflows/createMacOSBinaries.yml @@ -2,6 +2,8 @@ # The CLI release job will consume the produced binaries. name: Prepare MacOS binaries for CLI release on: [ push ] +env: + releaseVersion: "" jobs: # Delete old artifacts before signing new binaries # To allow the release job to better find the signed binaries From 6c0cb072a9c7bfafcdf687bdb3df35ebf70829f3 Mon Sep 17 00:00:00 2001 From: delarea Date: Tue, 4 Jun 2024 15:47:57 +0300 Subject: [PATCH 066/222] Bump version from 0.0.0 to 1.2.3 --- .github/workflows/createMacOSBinaries.yml | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/.github/workflows/createMacOSBinaries.yml b/.github/workflows/createMacOSBinaries.yml index 47b0f7a38..c73cb0fed 100644 --- a/.github/workflows/createMacOSBinaries.yml +++ b/.github/workflows/createMacOSBinaries.yml @@ -10,13 +10,14 @@ jobs: Test: name: test extract version runs-on: ubuntu-latest + outputs: + version: ${{ steps.extract_version.outputs.releaseVersion }} steps: - name: Extract version id: extract_version run: | VERSION=$(echo "${{ github.event.head_commit.message }}" | awk -F'to ' '{print $2}' | sed 's/[^0-9.]*//g') - echo $VERSION - echo "releaseVersion=VERSION" >> $GITHUB_ENV + echo "releaseVersion=$VERSION" >> $GITHUB_OUTPUT # DeleteOldArtifacts: # name: Delete-Old-Artifacts From d3bbcf7155436f291efded611abf526be0fa340a Mon Sep 17 00:00:00 2001 From: delarea Date: Tue, 4 Jun 2024 15:50:06 +0300 Subject: [PATCH 067/222] Bump version from 0.0.0 to 1.5.3 --- .github/workflows/createMacOSBinaries.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/createMacOSBinaries.yml b/.github/workflows/createMacOSBinaries.yml index c73cb0fed..debc85803 100644 --- a/.github/workflows/createMacOSBinaries.yml +++ b/.github/workflows/createMacOSBinaries.yml @@ -2,8 +2,6 @@ # The CLI release job will consume the produced binaries. name: Prepare MacOS binaries for CLI release on: [ push ] -env: - releaseVersion: "" jobs: # Delete old artifacts before signing new binaries # To allow the release job to better find the signed binaries @@ -28,7 +26,7 @@ jobs: # token: ${{ secrets.JF_GIT_TOKEN }} # expire-in: 0 # Setting this to 0 will delete all artifacts prepareBinary: -# needs: DeleteOldArtifacts + needs: extract_version name: Prepare-Binary runs-on: macos-latest if: ${{ contains(github.event.head_commit.message, 'Bump version from') }} @@ -36,6 +34,8 @@ jobs: matrix: goarch: [ arm64,amd64 ] steps: + - env: + releaseVersion: ${{needs.extract_version.outputs.releaseVersion}} # Setup - name: Setup Go uses: actions/setup-go@v5 From efabc1ca3d5b7dcb6ec66c3afe0769f673fa8c0a Mon Sep 17 00:00:00 2001 From: delarea Date: Tue, 4 Jun 2024 15:51:38 +0300 Subject: [PATCH 068/222] Bump version from 0.0.0 to 1.5.3 --- .github/workflows/createMacOSBinaries.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/createMacOSBinaries.yml b/.github/workflows/createMacOSBinaries.yml index debc85803..b479990f7 100644 --- a/.github/workflows/createMacOSBinaries.yml +++ b/.github/workflows/createMacOSBinaries.yml @@ -26,16 +26,16 @@ jobs: # token: ${{ secrets.JF_GIT_TOKEN }} # expire-in: 0 # Setting this to 0 will delete all artifacts prepareBinary: - needs: extract_version name: Prepare-Binary + needs: extract_version runs-on: macos-latest if: ${{ contains(github.event.head_commit.message, 'Bump version from') }} strategy: matrix: goarch: [ arm64,amd64 ] + env: + releaseVersion: ${{ needs.extract_version.outputs.releaseVersion }} steps: - - env: - releaseVersion: ${{needs.extract_version.outputs.releaseVersion}} # Setup - name: Setup Go uses: actions/setup-go@v5 From 56f11a33259d7f97b60f4c21a9633446a3ac02ed Mon Sep 17 00:00:00 2001 From: delarea Date: Tue, 4 Jun 2024 15:52:46 +0300 Subject: [PATCH 069/222] Bump version from 1.0.0 to 1.5.3 --- .github/workflows/createMacOSBinaries.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/createMacOSBinaries.yml b/.github/workflows/createMacOSBinaries.yml index b479990f7..7f8502649 100644 --- a/.github/workflows/createMacOSBinaries.yml +++ b/.github/workflows/createMacOSBinaries.yml @@ -5,7 +5,7 @@ on: [ push ] jobs: # Delete old artifacts before signing new binaries # To allow the release job to better find the signed binaries - Test: + Extract_Release_Version: name: test extract version runs-on: ubuntu-latest outputs: @@ -27,7 +27,7 @@ jobs: # expire-in: 0 # Setting this to 0 will delete all artifacts prepareBinary: name: Prepare-Binary - needs: extract_version + needs: Extract_Release_Version runs-on: macos-latest if: ${{ contains(github.event.head_commit.message, 'Bump version from') }} strategy: From e9b1163b7a7f919b16ad885e3ae77097ea543253 Mon Sep 17 00:00:00 2001 From: delarea Date: Tue, 4 Jun 2024 15:55:20 +0300 Subject: [PATCH 070/222] Bump version from 1.4.0 to 1.5.3 --- .github/workflows/createMacOSBinaries.yml | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/.github/workflows/createMacOSBinaries.yml b/.github/workflows/createMacOSBinaries.yml index 7f8502649..22fe4264f 100644 --- a/.github/workflows/createMacOSBinaries.yml +++ b/.github/workflows/createMacOSBinaries.yml @@ -33,9 +33,10 @@ jobs: strategy: matrix: goarch: [ arm64,amd64 ] - env: - releaseVersion: ${{ needs.extract_version.outputs.releaseVersion }} steps: + - env: + releaseVersion: ${{ needs.extract_version.outputs.releaseVersion }} + run: echo "$OUTPUT1 $OUTPUT2" # Setup - name: Setup Go uses: actions/setup-go@v5 From ce65eb812bf88821f3ceba32654558e2d5e65205 Mon Sep 17 00:00:00 2001 From: delarea Date: Tue, 4 Jun 2024 15:56:15 +0300 Subject: [PATCH 071/222] Bump version from 1.4.0 to 1.5.3 --- .github/workflows/createMacOSBinaries.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/createMacOSBinaries.yml b/.github/workflows/createMacOSBinaries.yml index 22fe4264f..3d7e27518 100644 --- a/.github/workflows/createMacOSBinaries.yml +++ b/.github/workflows/createMacOSBinaries.yml @@ -35,7 +35,7 @@ jobs: goarch: [ arm64,amd64 ] steps: - env: - releaseVersion: ${{ needs.extract_version.outputs.releaseVersion }} + releaseVersion: ${{ needs.Extract_Release_Version.outputs.releaseVersion }} run: echo "$OUTPUT1 $OUTPUT2" # Setup - name: Setup Go From 7df4d90b3e9d6e5e18c9fbe52f788d3e6d9dd8ec Mon Sep 17 00:00:00 2001 From: delarea Date: Tue, 4 Jun 2024 16:09:14 +0300 Subject: [PATCH 072/222] Bump version from 1.4.0 to 1.5.3 --- .github/workflows/createMacOSBinaries.yml | 44 +++++++++++------------ 1 file changed, 21 insertions(+), 23 deletions(-) diff --git a/.github/workflows/createMacOSBinaries.yml b/.github/workflows/createMacOSBinaries.yml index 3d7e27518..c387d953c 100644 --- a/.github/workflows/createMacOSBinaries.yml +++ b/.github/workflows/createMacOSBinaries.yml @@ -1,42 +1,41 @@ -# This workflow is responsible for building and signing and uploading macOS CLI binaries. -# The CLI release job will consume the produced binaries. name: Prepare MacOS binaries for CLI release on: [ push ] jobs: - # Delete old artifacts before signing new binaries - # To allow the release job to better find the signed binaries Extract_Release_Version: - name: test extract version + name: Extract Release Version + if: ${{ contains(github.event.head_commit.message, 'Bump version from') }} runs-on: ubuntu-latest outputs: - version: ${{ steps.extract_version.outputs.releaseVersion }} + version: ${{ steps.extract_version.outputs.version }} steps: - name: Extract version id: extract_version run: | - VERSION=$(echo "${{ github.event.head_commit.message }}" | awk -F'to ' '{print $2}' | sed 's/[^0-9.]*//g') - echo "releaseVersion=$VERSION" >> $GITHUB_OUTPUT + VERSION=$(echo "${{ github.event.head_commit.message }}" | awk -F'to ' '{print $2}' | sed 's/[^0-9.]*//g') + echo "version=$VERSION" >> $GITHUB_OUTPUT -# DeleteOldArtifacts: -# name: Delete-Old-Artifacts -# runs-on: ubuntu-latest -# steps: -# - uses: kolpav/purge-artifacts-action@v1 -# with: -# token: ${{ secrets.JF_GIT_TOKEN }} -# expire-in: 0 # Setting this to 0 will delete all artifacts prepareBinary: name: Prepare-Binary needs: Extract_Release_Version runs-on: macos-latest - if: ${{ contains(github.event.head_commit.message, 'Bump version from') }} strategy: matrix: goarch: [ arm64,amd64 ] steps: - - env: - releaseVersion: ${{ needs.Extract_Release_Version.outputs.releaseVersion }} - run: echo "$OUTPUT1 $OUTPUT2" + - name: Delete-Old-Artifacts + runs-on: ubuntu-latest + steps: + - uses: kolpav/purge-artifacts-action@v1 + with: + token: ${{ secrets.JF_GIT_TOKEN }} + expire-in: 0 # Setting this to 0 will delete all artifacts + onlyPrefix: jf- + + - name: Set Environment Variable + run: | + echo "releaseVersion=${{ needs.Extract_Release_Version.outputs.version }}" >> $GITHUB_ENV + echo "goarch=${{ matrix.goarch }}" >> $GITHUB_ENV + # Setup - name: Setup Go uses: actions/setup-go@v5 @@ -44,9 +43,6 @@ jobs: go-version: 1.22.x cache: false - - name: Set Environment Variable - run: echo "goarch=${{ matrix.goarch }}" >> $GITHUB_ENV - # Build - name: Checkout Source uses: actions/checkout@v4 @@ -68,3 +64,5 @@ jobs: name: jf-darwin-v${{ env.releaseVersion }}-${{ matrix.goarch }} path: ./jf retention-days: 1 + + From 42664c0d586bfd85aecfe33362eef4c4f5d9c6e1 Mon Sep 17 00:00:00 2001 From: delarea Date: Tue, 4 Jun 2024 16:10:41 +0300 Subject: [PATCH 073/222] Bump version from 1.4.0 to 1.5.3 --- .github/workflows/createMacOSBinaries.yml | 16 +++++++--------- 1 file changed, 7 insertions(+), 9 deletions(-) diff --git a/.github/workflows/createMacOSBinaries.yml b/.github/workflows/createMacOSBinaries.yml index c387d953c..e5f1eeecc 100644 --- a/.github/workflows/createMacOSBinaries.yml +++ b/.github/workflows/createMacOSBinaries.yml @@ -11,8 +11,8 @@ jobs: - name: Extract version id: extract_version run: | - VERSION=$(echo "${{ github.event.head_commit.message }}" | awk -F'to ' '{print $2}' | sed 's/[^0-9.]*//g') - echo "version=$VERSION" >> $GITHUB_OUTPUT + VERSION=$(echo "${{ github.event.head_commit.message }}" | awk -F'to ' '{print $2}' | sed 's/[^0-9.]*//g') + echo "version=$VERSION" >> $GITHUB_OUTPUT prepareBinary: name: Prepare-Binary @@ -23,13 +23,11 @@ jobs: goarch: [ arm64,amd64 ] steps: - name: Delete-Old-Artifacts - runs-on: ubuntu-latest - steps: - - uses: kolpav/purge-artifacts-action@v1 - with: - token: ${{ secrets.JF_GIT_TOKEN }} - expire-in: 0 # Setting this to 0 will delete all artifacts - onlyPrefix: jf- + uses: kolpav/purge-artifacts-action@v1 + with: + token: ${{ secrets.JF_GIT_TOKEN }} + expire-in: 0 # Setting this to 0 will delete all artifacts + onlyPrefix: jf- - name: Set Environment Variable run: | From cb8e65f2ff3daf6ff8cf9bbc801b93e300b4f8b5 Mon Sep 17 00:00:00 2001 From: delarea Date: Tue, 4 Jun 2024 16:11:47 +0300 Subject: [PATCH 074/222] Bump version from 0.0.0 to 5.5.5 --- .github/workflows/createMacOSBinaries.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/.github/workflows/createMacOSBinaries.yml b/.github/workflows/createMacOSBinaries.yml index e5f1eeecc..32a073d31 100644 --- a/.github/workflows/createMacOSBinaries.yml +++ b/.github/workflows/createMacOSBinaries.yml @@ -27,7 +27,6 @@ jobs: with: token: ${{ secrets.JF_GIT_TOKEN }} expire-in: 0 # Setting this to 0 will delete all artifacts - onlyPrefix: jf- - name: Set Environment Variable run: | From 01e882a9822d4cb6511af2c26dcdfd5e28380352 Mon Sep 17 00:00:00 2001 From: delarea Date: Tue, 4 Jun 2024 16:13:46 +0300 Subject: [PATCH 075/222] Bump version from 0.0.0 to 5.5.5 --- .github/workflows/createMacOSBinaries.yml | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/.github/workflows/createMacOSBinaries.yml b/.github/workflows/createMacOSBinaries.yml index 32a073d31..c4da9eb9c 100644 --- a/.github/workflows/createMacOSBinaries.yml +++ b/.github/workflows/createMacOSBinaries.yml @@ -14,6 +14,12 @@ jobs: VERSION=$(echo "${{ github.event.head_commit.message }}" | awk -F'to ' '{print $2}' | sed 's/[^0-9.]*//g') echo "version=$VERSION" >> $GITHUB_OUTPUT + - name: Delete-Old-Artifacts + uses: kolpav/purge-artifacts-action@v1 + with: + token: ${{ secrets.JF_GIT_TOKEN }} + expire-in: 0 # Setting this to 0 will delete all artifacts + prepareBinary: name: Prepare-Binary needs: Extract_Release_Version @@ -22,12 +28,6 @@ jobs: matrix: goarch: [ arm64,amd64 ] steps: - - name: Delete-Old-Artifacts - uses: kolpav/purge-artifacts-action@v1 - with: - token: ${{ secrets.JF_GIT_TOKEN }} - expire-in: 0 # Setting this to 0 will delete all artifacts - - name: Set Environment Variable run: | echo "releaseVersion=${{ needs.Extract_Release_Version.outputs.version }}" >> $GITHUB_ENV From 7c9650f9d90da6bf8e7983594ca60891583b56af Mon Sep 17 00:00:00 2001 From: delarea Date: Tue, 4 Jun 2024 16:29:24 +0300 Subject: [PATCH 076/222] Bump version from 0.0.0 to 5.54.5 --- .github/workflows/createMacOSBinaries.yml | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/.github/workflows/createMacOSBinaries.yml b/.github/workflows/createMacOSBinaries.yml index c4da9eb9c..037c09f30 100644 --- a/.github/workflows/createMacOSBinaries.yml +++ b/.github/workflows/createMacOSBinaries.yml @@ -55,11 +55,14 @@ jobs: run: ./build/macOsSign/signMacOsBinary.sh # Upload + - name: Rename + run: | + mv ./jf/jfrog ./jf-darwin-v${{ env.releaseVersion }}-${{ matrix.goarch }} - name: Upload Artifact uses: actions/upload-artifact@v4 with: name: jf-darwin-v${{ env.releaseVersion }}-${{ matrix.goarch }} - path: ./jf + path: ./jf-darwin-v${{ env.releaseVersion }}-${{ matrix.goarch }} retention-days: 1 From 51bcf4750f6dcac1137baedebce19cd57a11e338 Mon Sep 17 00:00:00 2001 From: delarea Date: Tue, 4 Jun 2024 16:30:57 +0300 Subject: [PATCH 077/222] Bump version from 0.0.0 to 5.54.5 --- .github/workflows/createMacOSBinaries.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/createMacOSBinaries.yml b/.github/workflows/createMacOSBinaries.yml index 037c09f30..2aae2a9e7 100644 --- a/.github/workflows/createMacOSBinaries.yml +++ b/.github/workflows/createMacOSBinaries.yml @@ -57,7 +57,7 @@ jobs: # Upload - name: Rename run: | - mv ./jf/jfrog ./jf-darwin-v${{ env.releaseVersion }}-${{ matrix.goarch }} + mv ./jf ./jf-darwin-v${{ env.releaseVersion }}-${{ matrix.goarch }} - name: Upload Artifact uses: actions/upload-artifact@v4 with: From de619ff05bed016d6b248754c297a41f312560b5 Mon Sep 17 00:00:00 2001 From: delarea Date: Tue, 4 Jun 2024 16:52:23 +0300 Subject: [PATCH 078/222] Add jenkinsfile --- .github/workflows/createMacOSBinaries.yml | 5 +-- Jenkinsfile | 51 ++++++++++++++++++++++- 2 files changed, 50 insertions(+), 6 deletions(-) diff --git a/.github/workflows/createMacOSBinaries.yml b/.github/workflows/createMacOSBinaries.yml index 2aae2a9e7..c4da9eb9c 100644 --- a/.github/workflows/createMacOSBinaries.yml +++ b/.github/workflows/createMacOSBinaries.yml @@ -55,14 +55,11 @@ jobs: run: ./build/macOsSign/signMacOsBinary.sh # Upload - - name: Rename - run: | - mv ./jf ./jf-darwin-v${{ env.releaseVersion }}-${{ matrix.goarch }} - name: Upload Artifact uses: actions/upload-artifact@v4 with: name: jf-darwin-v${{ env.releaseVersion }}-${{ matrix.goarch }} - path: ./jf-darwin-v${{ env.releaseVersion }}-${{ matrix.goarch }} + path: ./jf retention-days: 1 diff --git a/Jenkinsfile b/Jenkinsfile index a496129a8..a0b330495 100644 --- a/Jenkinsfile +++ b/Jenkinsfile @@ -1,7 +1,7 @@ node("docker") { cleanWs() // Subtract repo name from the repo url (https://REPO_NAME/ -> REPO_NAME/) - withCredentials([string(credentialsId: 'repo21-url', variable: 'REPO21_URL')]) { + withCredentials([string(credentialsId: 'repo21-url', variable: 'REPO21_URL',variable: "GITHUB_ACCESS_TOKEN")]) { echo "${REPO21_URL}" def repo21Name = "${REPO21_URL}".substring(8, "${REPO21_URL}".length()) env.REPO_NAME_21="$repo21Name" @@ -314,7 +314,13 @@ def uploadCli(architectures) { for (int i = 0; i < architectures.size(); i++) { def currentBuild = architectures[i] stage("Build and upload ${currentBuild.pkg}") { - buildAndUpload(currentBuild.goos, currentBuild.goarch, currentBuild.pkg, currentBuild.fileExtension) + // MacOS binaries should be downloaded from GitHub packages, as they are signed there. + if (currentBuild.goos == 'darwin') { + downloadSignedMacOSBinaries(currentBuild.goarch)() + uploadBinaryToJfrogRepo21(currentBuild.pkg, "jf.exe") + } else { + buildAndUpload(currentBuild.goos, currentBuild.goarch, currentBuild.pkg, currentBuild.fileExtension) + } } } } @@ -511,3 +517,44 @@ def dockerLogin(){ sh "echo $REPO21_PASSWORD | docker login $REPO_NAME_21 -u=$REPO21_USER --password-stdin" } } + + +// Will download the signed MacOS binary according to goarch. +def downloadSignedMacOSBinaries(goarch) { + sh """#!/bin/bash + # Query all artifacts + baseUrl="https://api.github.com/repos/eyaldelarea/jfrog-cli/actions/artifacts" + response=$(curl -s $baseUrl) + + # Get specific goarch artifact and version + artifactUrl=$(echo $response | jq -r ".artifacts[] | select(.name | contains(\"v$releaseVersion-$goarch\")) | .archive_download_url") + + # Validate the URL + if [[ -z "$artifactUrl" || ! "$artifactUrl" =~ ^https?://.+ ]]; then + echo "URL does not exist or is not valid, please validate the release version artifacts exists! $releaseVersion" + exit 1 + fi + + # download artifact + curl -L \ + -H "Accept: application/vnd.github+json" \ + -H "Authorization: Bearer $GITHUB_ACCESS_TOKEN" \ + -H "X-GitHub-Api-Version: 2022-11-28" \ + $artifactUrl -O + + # unzip + tar -xvf zip + + # delete zip + rm -rf zip + + # Make executable + chmod +x jf + mv ./jf ./jf.exe + + # Validate + ./jf --version + + """ + +} \ No newline at end of file From 6c57c90b5618e9098ce30c7dc41673f96dd0d97a Mon Sep 17 00:00:00 2001 From: delarea Date: Tue, 4 Jun 2024 17:09:22 +0300 Subject: [PATCH 079/222] Add comments --- .github/workflows/createMacOSBinaries.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/.github/workflows/createMacOSBinaries.yml b/.github/workflows/createMacOSBinaries.yml index c4da9eb9c..9553703c7 100644 --- a/.github/workflows/createMacOSBinaries.yml +++ b/.github/workflows/createMacOSBinaries.yml @@ -1,6 +1,7 @@ name: Prepare MacOS binaries for CLI release on: [ push ] jobs: + # If the commit message contains 'Bump version from', extract the release version number Extract_Release_Version: name: Extract Release Version if: ${{ contains(github.event.head_commit.message, 'Bump version from') }} @@ -19,7 +20,7 @@ jobs: with: token: ${{ secrets.JF_GIT_TOKEN }} expire-in: 0 # Setting this to 0 will delete all artifacts - + # Builds, signs and uploads the macOS binaries prepareBinary: name: Prepare-Binary needs: Extract_Release_Version From a96e5e1df5eeaf04a773dcf1be226289b907e2ac Mon Sep 17 00:00:00 2001 From: delarea Date: Tue, 4 Jun 2024 17:16:35 +0300 Subject: [PATCH 080/222] Add a warning message --- build/bump-version.sh | 3 +++ 1 file changed, 3 insertions(+) diff --git a/build/bump-version.sh b/build/bump-version.sh index a26781f96..9351d7a8f 100755 --- a/build/bump-version.sh +++ b/build/bump-version.sh @@ -111,5 +111,8 @@ replaceVersion "build/npm/v2-jf/package.json" "\"version\": \"$fromVersion\"," " echo "Version bumped successfully." ## Push the new branch, with the version bump +## Important Note! +## If changing this commit message, you must edit the createMacOsBinaries.yml workflow. +## As it triggers by the commit message format. git commit -m "Bump version from $fromVersion to $toVersion" git push --set-upstream origin "$branchName" From bc5c49e8ce45697c50add0e97bd9da14fae327d2 Mon Sep 17 00:00:00 2001 From: delarea Date: Tue, 4 Jun 2024 17:24:01 +0300 Subject: [PATCH 081/222] filter on v2 branch --- .github/workflows/createMacOSBinaries.yml | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/.github/workflows/createMacOSBinaries.yml b/.github/workflows/createMacOSBinaries.yml index 9553703c7..d6c0ff7d9 100644 --- a/.github/workflows/createMacOSBinaries.yml +++ b/.github/workflows/createMacOSBinaries.yml @@ -1,7 +1,11 @@ name: Prepare MacOS binaries for CLI release -on: [ push ] +on: + push: + branches: + - v2 jobs: - # If the commit message contains 'Bump version from', extract the release version number + # If the commit message contains 'Bump version from' + # extract the release version number and clear previous artifacts Extract_Release_Version: name: Extract Release Version if: ${{ contains(github.event.head_commit.message, 'Bump version from') }} @@ -20,6 +24,7 @@ jobs: with: token: ${{ secrets.JF_GIT_TOKEN }} expire-in: 0 # Setting this to 0 will delete all artifacts + # Builds, signs and uploads the macOS binaries prepareBinary: name: Prepare-Binary From 905937cf394ed37ab1f0484ed3740a03dfff795c Mon Sep 17 00:00:00 2001 From: delarea Date: Tue, 4 Jun 2024 17:33:11 +0300 Subject: [PATCH 082/222] add v2 ref --- .github/workflows/createMacOSBinaries.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.github/workflows/createMacOSBinaries.yml b/.github/workflows/createMacOSBinaries.yml index d6c0ff7d9..4991fbd9b 100644 --- a/.github/workflows/createMacOSBinaries.yml +++ b/.github/workflows/createMacOSBinaries.yml @@ -49,6 +49,8 @@ jobs: # Build - name: Checkout Source uses: actions/checkout@v4 + with: + ref: v2 - name: Build run: ./build/build.sh From dbdd2e679f98630b5b156d8dcf22ad9fa5a66a80 Mon Sep 17 00:00:00 2001 From: delarea Date: Tue, 2 Jul 2024 11:24:39 +0300 Subject: [PATCH 083/222] Extract signed binary to var --- .github/workflows/createMacOSBinaries.yml | 2 +- .../signMacOsBinary.sh => darwin-binary-sign.sh} | 8 ++++---- 2 files changed, 5 insertions(+), 5 deletions(-) rename build/{macOsSign/signMacOsBinary.sh => darwin-binary-sign.sh} (91%) diff --git a/.github/workflows/createMacOSBinaries.yml b/.github/workflows/createMacOSBinaries.yml index 4991fbd9b..b96b7bd5e 100644 --- a/.github/workflows/createMacOSBinaries.yml +++ b/.github/workflows/createMacOSBinaries.yml @@ -60,7 +60,7 @@ jobs: APPLE_CERT_DATA: ${{ secrets.APPLE_CERT_DATA }} APPLE_CERT_PASSWORD: ${{ secrets.APPLE_CERT_PASSWORD }} APPLE_TEAM_ID: ${{ secrets.APPLE_TEAM_ID }} - run: ./build/macOsSign/signMacOsBinary.sh + run: ./build/macOsSign/darwin-binary-sign.sh # Upload - name: Upload Artifact diff --git a/build/macOsSign/signMacOsBinary.sh b/build/darwin-binary-sign.sh similarity index 91% rename from build/macOsSign/signMacOsBinary.sh rename to build/darwin-binary-sign.sh index 8eae17d67..a89ada826 100755 --- a/build/macOsSign/signMacOsBinary.sh +++ b/build/darwin-binary-sign.sh @@ -4,6 +4,7 @@ # Set temp dir as runner temp dir TEMP_DIR=$RUNNER_TEMP KEYCHAIN_NAME="macos-build.keychain" +BINARY_NAME="jf" # Validate input parameters if [ -z "$APPLE_CERT_DATA" ] || [ -z "$APPLE_CERT_PASSWORD" ] || [ -z "$APPLE_TEAM_ID" ] ; then @@ -14,7 +15,6 @@ fi # Save the decoded certificate data to a temporary file echo "Saving Certificate to temp files" echo "$APPLE_CERT_DATA" | base64 --decode > "$TEMP_DIR"/certs.p12 - # Create a new keychain and set it as the default echo "Creating keychains..." security create-keychain -p "$APPLE_CERT_PASSWORD" $KEYCHAIN_NAME @@ -37,14 +37,14 @@ security set-key-partition-list -S apple-tool:,apple:, -s -k "$APPLE_CERT_PASSWO # Sign the binary echo "Signing the binary..." -codesign -s "$APPLE_TEAM_ID" --force jf +codesign -s "$APPLE_TEAM_ID" --force $BINARY_NAME # Modify this line # Verify the binary is signed echo "Verifying binary is signed" -codesign -vd ./jf +codesign -vd ./$BINARY_NAME # Modify this line # Cleanup echo "Deleting keychain.." security delete-keychain $KEYCHAIN_NAME echo "Delete Certificate..." -rm -rf "$TEMP_DIR"/certs.p12 +rm -rf "$TEMP_DIR"/certs.p12 \ No newline at end of file From 8377e1519b1414d1e7bbe875380a3f65bc7dde21 Mon Sep 17 00:00:00 2001 From: delarea Date: Tue, 2 Jul 2024 14:09:26 +0300 Subject: [PATCH 084/222] Extract binary name --- .github/workflows/createMacOSBinaries.yml | 6 +++++- Jenkinsfile | 17 +++++++++++------ build/darwin-binary-sign.sh | 7 +++---- 3 files changed, 19 insertions(+), 11 deletions(-) diff --git a/.github/workflows/createMacOSBinaries.yml b/.github/workflows/createMacOSBinaries.yml index b96b7bd5e..84a4876d0 100644 --- a/.github/workflows/createMacOSBinaries.yml +++ b/.github/workflows/createMacOSBinaries.yml @@ -3,6 +3,9 @@ on: push: branches: - v2 +env: + # Name of the binary file that will be singed and uploaded + binaryFileName: jf jobs: # If the commit message contains 'Bump version from' # extract the release version number and clear previous artifacts @@ -60,6 +63,7 @@ jobs: APPLE_CERT_DATA: ${{ secrets.APPLE_CERT_DATA }} APPLE_CERT_PASSWORD: ${{ secrets.APPLE_CERT_PASSWORD }} APPLE_TEAM_ID: ${{ secrets.APPLE_TEAM_ID }} + BINARY_FILE_NAME: ${{ env.binaryFileName }} run: ./build/macOsSign/darwin-binary-sign.sh # Upload @@ -67,7 +71,7 @@ jobs: uses: actions/upload-artifact@v4 with: name: jf-darwin-v${{ env.releaseVersion }}-${{ matrix.goarch }} - path: ./jf + path: ./${{binaryFileName}} retention-days: 1 diff --git a/Jenkinsfile b/Jenkinsfile index 8fb1d956d..3f5d74678 100644 --- a/Jenkinsfile +++ b/Jenkinsfile @@ -316,8 +316,7 @@ def uploadCli(architectures) { stage("Build and upload ${currentBuild.pkg}") { // MacOS binaries should be downloaded from GitHub packages, as they are signed there. if (currentBuild.goos == 'darwin') { - downloadSignedMacOSBinaries(currentBuild.goarch)() - uploadBinaryToJfrogRepo21(currentBuild.pkg, "jf.exe") + buildAndUploadDarwin(currentBuild.goarch,currentBuild.fileExtension)() } else { buildAndUpload(currentBuild.goos, currentBuild.goarch, currentBuild.pkg, currentBuild.fileExtension) } @@ -519,8 +518,10 @@ def dockerLogin(){ } -// Will download the signed MacOS binary according to goarch. -def downloadSignedMacOSBinaries(goarch) { +// The Darwin build requires a unique process because it is signed during the GitHub actions workflow. +// Subsequently, we must download the signed build and upload it to repo21. +def buildAndUploadDarwin(goarch) { + def BINARY_NAME = "jf.exe" sh """#!/bin/bash # Query all artifacts baseUrl="https://api.github.com/repos/eyaldelarea/jfrog-cli/actions/artifacts" @@ -550,11 +551,15 @@ def downloadSignedMacOSBinaries(goarch) { # Make executable chmod +x jf - mv ./jf ./jf.exe + mv ./jf ./$BINARY_NAME # Validate - ./jf --version + ./$BINARY_NAME --version """ + uploadBinaryToJfrogRepo21(currentBuild.pkg, BINARY_NAME) // Modify this line + +} + } \ No newline at end of file diff --git a/build/darwin-binary-sign.sh b/build/darwin-binary-sign.sh index a89ada826..3dfa00664 100755 --- a/build/darwin-binary-sign.sh +++ b/build/darwin-binary-sign.sh @@ -4,10 +4,9 @@ # Set temp dir as runner temp dir TEMP_DIR=$RUNNER_TEMP KEYCHAIN_NAME="macos-build.keychain" -BINARY_NAME="jf" # Validate input parameters -if [ -z "$APPLE_CERT_DATA" ] || [ -z "$APPLE_CERT_PASSWORD" ] || [ -z "$APPLE_TEAM_ID" ] ; then +if [ -z "$APPLE_CERT_DATA" ] || [ -z "$APPLE_CERT_PASSWORD" ] || [ -z "$APPLE_TEAM_ID" ] || [ -z "$BINARY_FILE_NAME" ] ; then echo "Error: Missing environment variable." exit 1 fi @@ -37,11 +36,11 @@ security set-key-partition-list -S apple-tool:,apple:, -s -k "$APPLE_CERT_PASSWO # Sign the binary echo "Signing the binary..." -codesign -s "$APPLE_TEAM_ID" --force $BINARY_NAME # Modify this line +codesign -s "$APPLE_TEAM_ID" --force "$BINARY_FILE_NAME" # Modify this line # Verify the binary is signed echo "Verifying binary is signed" -codesign -vd ./$BINARY_NAME # Modify this line +codesign -vd ./"$BINARY_FILE_NAME" # Modify this line # Cleanup echo "Deleting keychain.." From d4a00d0048b5155a383a451c675db33e4a4fddfa Mon Sep 17 00:00:00 2001 From: delarea Date: Tue, 2 Jul 2024 14:12:52 +0300 Subject: [PATCH 085/222] Bump version from 1.0.0 to 2.0.0 From 3f136c73ebf47d7962dd3e83411051b9471aa9a5 Mon Sep 17 00:00:00 2001 From: delarea Date: Tue, 2 Jul 2024 14:17:39 +0300 Subject: [PATCH 086/222] Enable debugging workflow --- .github/workflows/createMacOSBinaries.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/.github/workflows/createMacOSBinaries.yml b/.github/workflows/createMacOSBinaries.yml index 84a4876d0..48a32154b 100644 --- a/.github/workflows/createMacOSBinaries.yml +++ b/.github/workflows/createMacOSBinaries.yml @@ -2,7 +2,8 @@ name: Prepare MacOS binaries for CLI release on: push: branches: - - v2 + - v2 # TODO remove after testings + - * env: # Name of the binary file that will be singed and uploaded binaryFileName: jf From 37946dad95db92dc7936da4792ed87e681a8e608 Mon Sep 17 00:00:00 2001 From: delarea Date: Tue, 2 Jul 2024 14:18:58 +0300 Subject: [PATCH 087/222] Enable debugging workflow --- .github/workflows/createMacOSBinaries.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/createMacOSBinaries.yml b/.github/workflows/createMacOSBinaries.yml index 48a32154b..b63860621 100644 --- a/.github/workflows/createMacOSBinaries.yml +++ b/.github/workflows/createMacOSBinaries.yml @@ -3,7 +3,7 @@ on: push: branches: - v2 # TODO remove after testings - - * + - '**' env: # Name of the binary file that will be singed and uploaded binaryFileName: jf From f4cb601e94e4cefab497ad4681e7d87a5cf608d5 Mon Sep 17 00:00:00 2001 From: delarea Date: Tue, 2 Jul 2024 14:20:42 +0300 Subject: [PATCH 088/222] Test --- .github/workflows/createMacOSBinaries.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/createMacOSBinaries.yml b/.github/workflows/createMacOSBinaries.yml index b63860621..0f991b3cc 100644 --- a/.github/workflows/createMacOSBinaries.yml +++ b/.github/workflows/createMacOSBinaries.yml @@ -64,7 +64,7 @@ jobs: APPLE_CERT_DATA: ${{ secrets.APPLE_CERT_DATA }} APPLE_CERT_PASSWORD: ${{ secrets.APPLE_CERT_PASSWORD }} APPLE_TEAM_ID: ${{ secrets.APPLE_TEAM_ID }} - BINARY_FILE_NAME: ${{ env.binaryFileName }} + BINARY_FILE_NAME: $binaryFileName run: ./build/macOsSign/darwin-binary-sign.sh # Upload @@ -72,7 +72,7 @@ jobs: uses: actions/upload-artifact@v4 with: name: jf-darwin-v${{ env.releaseVersion }}-${{ matrix.goarch }} - path: ./${{binaryFileName}} + path: ./$binaryFileName retention-days: 1 From 66182f2a8795075de1dbbd5b0347a3c2ff7831cf Mon Sep 17 00:00:00 2001 From: delarea Date: Tue, 2 Jul 2024 14:20:55 +0300 Subject: [PATCH 089/222] Bump version from 1.0.0 to 2.0.0 From ccb6dbfed90bd3b19d5764f66dc5a9f07cad32b6 Mon Sep 17 00:00:00 2001 From: delarea Date: Tue, 2 Jul 2024 14:34:45 +0300 Subject: [PATCH 090/222] Bump version from 1.0.0 to 2.0.0 --- .github/workflows/createMacOSBinaries.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/createMacOSBinaries.yml b/.github/workflows/createMacOSBinaries.yml index 0f991b3cc..dd42698d0 100644 --- a/.github/workflows/createMacOSBinaries.yml +++ b/.github/workflows/createMacOSBinaries.yml @@ -65,7 +65,7 @@ jobs: APPLE_CERT_PASSWORD: ${{ secrets.APPLE_CERT_PASSWORD }} APPLE_TEAM_ID: ${{ secrets.APPLE_TEAM_ID }} BINARY_FILE_NAME: $binaryFileName - run: ./build/macOsSign/darwin-binary-sign.sh + run: ./build/darwin-binary-sign.sh # Upload - name: Upload Artifact From 29706fb8a317904c3de4373b0cacd988b2f6e8ba Mon Sep 17 00:00:00 2001 From: delarea Date: Tue, 2 Jul 2024 14:37:43 +0300 Subject: [PATCH 091/222] Bump version from 1.0.0 to 2.0.0 --- .github/workflows/createMacOSBinaries.yml | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/.github/workflows/createMacOSBinaries.yml b/.github/workflows/createMacOSBinaries.yml index dd42698d0..f46b3fd9c 100644 --- a/.github/workflows/createMacOSBinaries.yml +++ b/.github/workflows/createMacOSBinaries.yml @@ -53,8 +53,9 @@ jobs: # Build - name: Checkout Source uses: actions/checkout@v4 - with: - ref: v2 +# TODO uncomment this after tests +# with: +# ref: v2 - name: Build run: ./build/build.sh From d6955c1ab20d0950a4bb6c1eea4ba035b015cad6 Mon Sep 17 00:00:00 2001 From: delarea Date: Tue, 2 Jul 2024 15:07:12 +0300 Subject: [PATCH 092/222] Bump version from 1.0.0 to 2.0.0 --- .github/workflows/createMacOSBinaries.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/createMacOSBinaries.yml b/.github/workflows/createMacOSBinaries.yml index f46b3fd9c..b96c240fc 100644 --- a/.github/workflows/createMacOSBinaries.yml +++ b/.github/workflows/createMacOSBinaries.yml @@ -65,15 +65,15 @@ jobs: APPLE_CERT_DATA: ${{ secrets.APPLE_CERT_DATA }} APPLE_CERT_PASSWORD: ${{ secrets.APPLE_CERT_PASSWORD }} APPLE_TEAM_ID: ${{ secrets.APPLE_TEAM_ID }} - BINARY_FILE_NAME: $binaryFileName + BINARY_FILE_NAME: ${{ env.binaryFileName }} run: ./build/darwin-binary-sign.sh # Upload - name: Upload Artifact uses: actions/upload-artifact@v4 with: - name: jf-darwin-v${{ env.releaseVersion }}-${{ matrix.goarch }} - path: ./$binaryFileName + name: j${{ env.binaryFileName }}-darwin-v${{ env.releaseVersion }}-${{ matrix.goarch }} + path: ./${{ env.binaryFileName }} retention-days: 1 From feb77c5bd5aa6c0ce980eef509ef98d60060e1bd Mon Sep 17 00:00:00 2001 From: delarea Date: Tue, 2 Jul 2024 15:09:21 +0300 Subject: [PATCH 093/222] Bump version from 1.0.0 to 2.1.2 --- .github/workflows/createMacOSBinaries.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/createMacOSBinaries.yml b/.github/workflows/createMacOSBinaries.yml index b96c240fc..c46ca1759 100644 --- a/.github/workflows/createMacOSBinaries.yml +++ b/.github/workflows/createMacOSBinaries.yml @@ -72,7 +72,7 @@ jobs: - name: Upload Artifact uses: actions/upload-artifact@v4 with: - name: j${{ env.binaryFileName }}-darwin-v${{ env.releaseVersion }}-${{ matrix.goarch }} + name: ${{ env.binaryFileName }}-darwin-v${{ env.releaseVersion }}-${{ matrix.goarch }} path: ./${{ env.binaryFileName }} retention-days: 1 From b213b8e8af48576838a51d37c6b9dd31289acaa3 Mon Sep 17 00:00:00 2001 From: delarea Date: Tue, 2 Jul 2024 15:27:09 +0300 Subject: [PATCH 094/222] Bump version from 1.0.0 to 2.1.3 --- build/darwin-binary-sign.sh | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/build/darwin-binary-sign.sh b/build/darwin-binary-sign.sh index 3dfa00664..f5ff935a1 100755 --- a/build/darwin-binary-sign.sh +++ b/build/darwin-binary-sign.sh @@ -40,7 +40,10 @@ codesign -s "$APPLE_TEAM_ID" --force "$BINARY_FILE_NAME" # Modify this line # Verify the binary is signed echo "Verifying binary is signed" -codesign -vd ./"$BINARY_FILE_NAME" # Modify this line +codesign -vd ./"$BINARY_FILE_NAME" + +# Remove the quarantine attribute +xattr -dr com.apple.quarantine /"$BINARY_FILE_NAME" # Cleanup echo "Deleting keychain.." From e48ede3483d3ab5e8fad036087b4b8e606b65e5c Mon Sep 17 00:00:00 2001 From: delarea Date: Thu, 4 Jul 2024 13:02:41 +0300 Subject: [PATCH 095/222] Bump version from 1.0.0 to 3.1.3 --- .github/workflows/createMacOSBinaries.yml | 4 +++- build/darwin-binary-sign.sh | 20 ++++++++++++++------ 2 files changed, 17 insertions(+), 7 deletions(-) diff --git a/.github/workflows/createMacOSBinaries.yml b/.github/workflows/createMacOSBinaries.yml index c46ca1759..b391bb908 100644 --- a/.github/workflows/createMacOSBinaries.yml +++ b/.github/workflows/createMacOSBinaries.yml @@ -65,6 +65,8 @@ jobs: APPLE_CERT_DATA: ${{ secrets.APPLE_CERT_DATA }} APPLE_CERT_PASSWORD: ${{ secrets.APPLE_CERT_PASSWORD }} APPLE_TEAM_ID: ${{ secrets.APPLE_TEAM_ID }} + APPLE_ACCOUNT_ID: ${{ secrets.APPLE_ACCOUNT_ID }} + APPLE_APP_SPECIFIC_PASSWORD: ${{ secrets.APPLE_APP_SPECIFIC_PASSWORD }} BINARY_FILE_NAME: ${{ env.binaryFileName }} run: ./build/darwin-binary-sign.sh @@ -73,7 +75,7 @@ jobs: uses: actions/upload-artifact@v4 with: name: ${{ env.binaryFileName }}-darwin-v${{ env.releaseVersion }}-${{ matrix.goarch }} - path: ./${{ env.binaryFileName }} + path: ./jf-zipped retention-days: 1 diff --git a/build/darwin-binary-sign.sh b/build/darwin-binary-sign.sh index f5ff935a1..3078532e3 100755 --- a/build/darwin-binary-sign.sh +++ b/build/darwin-binary-sign.sh @@ -34,16 +34,24 @@ echo "Unlocking the keychain" security unlock-keychain -p "$APPLE_CERT_PASSWORD" $KEYCHAIN_NAME security set-key-partition-list -S apple-tool:,apple:, -s -k "$APPLE_CERT_PASSWORD" -D "$APPLE_TEAM_ID" -t private $KEYCHAIN_NAME +# Move the binary into the app template +mv jf ./build/jf.app/Contents/MacOS/ + # Sign the binary echo "Signing the binary..." -codesign -s "$APPLE_TEAM_ID" --force "$BINARY_FILE_NAME" # Modify this line +codesign -s "$APPLE_TEAM_ID" --timestamp --deep --options runtime --force ./build/jf.app/Contents/MacOS/"$BINARY_FILE_NAME" + + +# Zip it using ditto +ditto -c -k --keepParent ./jf.app ./jf-zipped + +# Notarize it +xcrun notarytool submit jf-zipped --apple-id "$APPLE_ACCOUNT_ID" --team-id "$APPLE_TEAM_ID" --password "$APPLE_APP_SPECIFIC_PASSWORD" --force --wait -# Verify the binary is signed -echo "Verifying binary is signed" -codesign -vd ./"$BINARY_FILE_NAME" +# Staple ticket +unzip -o jf-zipped +xcrun stapler staple -v jf.app -# Remove the quarantine attribute -xattr -dr com.apple.quarantine /"$BINARY_FILE_NAME" # Cleanup echo "Deleting keychain.." From eaf0878c265bb85280e447b0d6f0eb7615d8bd75 Mon Sep 17 00:00:00 2001 From: delarea Date: Thu, 4 Jul 2024 13:03:21 +0300 Subject: [PATCH 096/222] add bundle template --- build/jf.app/Contents/Info.plist | 14 ++++++++++++++ 1 file changed, 14 insertions(+) create mode 100644 build/jf.app/Contents/Info.plist diff --git a/build/jf.app/Contents/Info.plist b/build/jf.app/Contents/Info.plist new file mode 100644 index 000000000..cb965d74d --- /dev/null +++ b/build/jf.app/Contents/Info.plist @@ -0,0 +1,14 @@ + + + + + CFBundleDevelopmentRegion + en + CFBundleName + JFrog-CLI + CFBundleDisplayName + JFrog-CLI + CFBundleIdentifier + com.jfrog.jfrog-cli + + \ No newline at end of file From 0721add65c416c62c3835668d8c0197f22139558 Mon Sep 17 00:00:00 2001 From: delarea Date: Thu, 4 Jul 2024 13:03:46 +0300 Subject: [PATCH 097/222] Bump version from 1.0.0 to 2.0.0 From e81dd61e9643d3386b32ad167603ffb6cc2266a8 Mon Sep 17 00:00:00 2001 From: delarea Date: Thu, 4 Jul 2024 13:08:32 +0300 Subject: [PATCH 098/222] Bump version from 1.0.0 to 5.1.3 --- build/darwin-binary-sign.sh | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/build/darwin-binary-sign.sh b/build/darwin-binary-sign.sh index 3078532e3..431a2b587 100755 --- a/build/darwin-binary-sign.sh +++ b/build/darwin-binary-sign.sh @@ -34,8 +34,11 @@ echo "Unlocking the keychain" security unlock-keychain -p "$APPLE_CERT_PASSWORD" $KEYCHAIN_NAME security set-key-partition-list -S apple-tool:,apple:, -s -k "$APPLE_CERT_PASSWORD" -D "$APPLE_TEAM_ID" -t private $KEYCHAIN_NAME +# Check for location +pwd +ls -la # Move the binary into the app template -mv jf ./build/jf.app/Contents/MacOS/ +mv ../jf ./build/jf.app/Contents/MacOS # Sign the binary echo "Signing the binary..." From 25151e02e6978fc2dec9547e6d54f75217b6d54a Mon Sep 17 00:00:00 2001 From: delarea Date: Thu, 4 Jul 2024 13:11:47 +0300 Subject: [PATCH 099/222] Bump version from 1.0.0 to 4.1.3 --- .github/workflows/createMacOSBinaries.yml | 3 ++- build/darwin-binary-sign.sh | 2 +- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/.github/workflows/createMacOSBinaries.yml b/.github/workflows/createMacOSBinaries.yml index b391bb908..27ea0a3d7 100644 --- a/.github/workflows/createMacOSBinaries.yml +++ b/.github/workflows/createMacOSBinaries.yml @@ -36,7 +36,8 @@ jobs: runs-on: macos-latest strategy: matrix: - goarch: [ arm64,amd64 ] + # goarch: [ arm64,amd64 ] + goarch: [ arm64 ] steps: - name: Set Environment Variable run: | diff --git a/build/darwin-binary-sign.sh b/build/darwin-binary-sign.sh index 431a2b587..68d6da74f 100755 --- a/build/darwin-binary-sign.sh +++ b/build/darwin-binary-sign.sh @@ -38,7 +38,7 @@ security set-key-partition-list -S apple-tool:,apple:, -s -k "$APPLE_CERT_PASSWO pwd ls -la # Move the binary into the app template -mv ../jf ./build/jf.app/Contents/MacOS +mv jf ./build/jf.app/Contents/MacOS # Sign the binary echo "Signing the binary..." From 7ba8d6367cad098b85ec8a1a948183e711576a1d Mon Sep 17 00:00:00 2001 From: delarea Date: Thu, 4 Jul 2024 13:14:41 +0300 Subject: [PATCH 100/222] Bump version from 1.0.0 to 3.1.3 --- build/darwin-binary-sign.sh | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/build/darwin-binary-sign.sh b/build/darwin-binary-sign.sh index 68d6da74f..94fefd08f 100755 --- a/build/darwin-binary-sign.sh +++ b/build/darwin-binary-sign.sh @@ -38,11 +38,12 @@ security set-key-partition-list -S apple-tool:,apple:, -s -k "$APPLE_CERT_PASSWO pwd ls -la # Move the binary into the app template -mv jf ./build/jf.app/Contents/MacOS +echo "Coping the binary inside the template ..." +mv jf ./build/jf.app/Contents/MacOS/ # Sign the binary echo "Signing the binary..." -codesign -s "$APPLE_TEAM_ID" --timestamp --deep --options runtime --force ./build/jf.app/Contents/MacOS/"$BINARY_FILE_NAME" +codesign -s -v "$APPLE_TEAM_ID" --timestamp --deep --options runtime --force ./build/jf.app/Contents/MacOS/"$BINARY_FILE_NAME" # Zip it using ditto From ff3aad10384d5f76662ed369e664366c41135a46 Mon Sep 17 00:00:00 2001 From: delarea Date: Thu, 4 Jul 2024 13:21:31 +0300 Subject: [PATCH 101/222] Bump version from 1.0.0 to 1.1.3 --- build/jf.app/Contents/MacOs/.gitignore | 0 1 file changed, 0 insertions(+), 0 deletions(-) create mode 100644 build/jf.app/Contents/MacOs/.gitignore diff --git a/build/jf.app/Contents/MacOs/.gitignore b/build/jf.app/Contents/MacOs/.gitignore new file mode 100644 index 000000000..e69de29bb From 97bd15818014bd88b401f6cceb24d6cb60ffcadb Mon Sep 17 00:00:00 2001 From: delarea Date: Thu, 4 Jul 2024 13:25:06 +0300 Subject: [PATCH 102/222] Bump version from 1.0.0 to 1.1.5 --- build/darwin-binary-sign.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/build/darwin-binary-sign.sh b/build/darwin-binary-sign.sh index 94fefd08f..315e3f94d 100755 --- a/build/darwin-binary-sign.sh +++ b/build/darwin-binary-sign.sh @@ -43,11 +43,11 @@ mv jf ./build/jf.app/Contents/MacOS/ # Sign the binary echo "Signing the binary..." -codesign -s -v "$APPLE_TEAM_ID" --timestamp --deep --options runtime --force ./build/jf.app/Contents/MacOS/"$BINARY_FILE_NAME" +codesign -s "$APPLE_TEAM_ID" --timestamp --deep --options runtime --force ./build/jf.app/Contents/MacOS/"$BINARY_FILE_NAME" # Zip it using ditto -ditto -c -k --keepParent ./jf.app ./jf-zipped +ditto -c -k --keepParent ./build/jf.app ./jf-zipped # Notarize it xcrun notarytool submit jf-zipped --apple-id "$APPLE_ACCOUNT_ID" --team-id "$APPLE_TEAM_ID" --password "$APPLE_APP_SPECIFIC_PASSWORD" --force --wait From 61e31bf39eab083b5730d8fd29259b736df424cf Mon Sep 17 00:00:00 2001 From: delarea Date: Thu, 4 Jul 2024 13:28:44 +0300 Subject: [PATCH 103/222] Bump version from 1.0.0 to 1.1.8 --- .github/workflows/createMacOSBinaries.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/createMacOSBinaries.yml b/.github/workflows/createMacOSBinaries.yml index 27ea0a3d7..3ef9066b4 100644 --- a/.github/workflows/createMacOSBinaries.yml +++ b/.github/workflows/createMacOSBinaries.yml @@ -76,7 +76,7 @@ jobs: uses: actions/upload-artifact@v4 with: name: ${{ env.binaryFileName }}-darwin-v${{ env.releaseVersion }}-${{ matrix.goarch }} - path: ./jf-zipped + path: ./build/jf.app/Contents/MacOS/${{ env.binaryFileName }} retention-days: 1 From 1862e9d292d3bb6a6e843618dec34dd964a8d184 Mon Sep 17 00:00:00 2001 From: delarea Date: Thu, 4 Jul 2024 13:33:51 +0300 Subject: [PATCH 104/222] Bump version from 1.0.0 to 2.60.0 --- build/darwin-binary-sign.sh | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/build/darwin-binary-sign.sh b/build/darwin-binary-sign.sh index 315e3f94d..bee0fc2d9 100755 --- a/build/darwin-binary-sign.sh +++ b/build/darwin-binary-sign.sh @@ -34,11 +34,9 @@ echo "Unlocking the keychain" security unlock-keychain -p "$APPLE_CERT_PASSWORD" $KEYCHAIN_NAME security set-key-partition-list -S apple-tool:,apple:, -s -k "$APPLE_CERT_PASSWORD" -D "$APPLE_TEAM_ID" -t private $KEYCHAIN_NAME -# Check for location -pwd -ls -la + # Move the binary into the app template -echo "Coping the binary inside the template ..." +chmod +x jf mv jf ./build/jf.app/Contents/MacOS/ # Sign the binary From 9f727c18bf6df38a672c82f720c7756a7e3f5253 Mon Sep 17 00:00:00 2001 From: delarea Date: Thu, 4 Jul 2024 15:53:03 +0300 Subject: [PATCH 105/222] Bump version from 1.0.0 to 2.61.0 --- build/darwin-binary-sign.sh | 108 +++++++++++++++++++++--------------- 1 file changed, 63 insertions(+), 45 deletions(-) diff --git a/build/darwin-binary-sign.sh b/build/darwin-binary-sign.sh index bee0fc2d9..1112b0dc2 100755 --- a/build/darwin-binary-sign.sh +++ b/build/darwin-binary-sign.sh @@ -1,62 +1,80 @@ #!/bin/bash -# Assign environment variables to local variables -# Set temp dir as runner temp dir -TEMP_DIR=$RUNNER_TEMP -KEYCHAIN_NAME="macos-build.keychain" -# Validate input parameters -if [ -z "$APPLE_CERT_DATA" ] || [ -z "$APPLE_CERT_PASSWORD" ] || [ -z "$APPLE_TEAM_ID" ] || [ -z "$BINARY_FILE_NAME" ] ; then - echo "Error: Missing environment variable." - exit 1 -fi +validateInputs(){ + # Validate input parameters + if [ -z "$APPLE_CERT_DATA" ] || [ -z "$APPLE_CERT_PASSWORD" ] || [ -z "$APPLE_TEAM_ID" ] || [ -z "$BINARY_FILE_NAME" ] ; then + echo "Error: Missing environment variable." + exit 1 + fi +} -# Save the decoded certificate data to a temporary file -echo "Saving Certificate to temp files" -echo "$APPLE_CERT_DATA" | base64 --decode > "$TEMP_DIR"/certs.p12 -# Create a new keychain and set it as the default -echo "Creating keychains..." -security create-keychain -p "$APPLE_CERT_PASSWORD" $KEYCHAIN_NAME -security default-keychain -s $KEYCHAIN_NAME -security unlock-keychain -p "$APPLE_CERT_PASSWORD" $KEYCHAIN_NAME -security set-keychain-settings -t 3600 -u $KEYCHAIN_NAME +prepare_keychain_and_certificate() { + # Assign environment variables to local variables + # Set temp dir as runner temp dir + TEMP_DIR=$RUNNER_TEMP + KEYCHAIN_NAME="macos-build.keychain" + # Save the decoded certificate data to a temporary file + echo "Saving Certificate to temp files" + echo "$APPLE_CERT_DATA" | base64 --decode > "$TEMP_DIR"/certs.p12 + # Create a new keychain and set it as the default + echo "Creating keychains..." + security create-keychain -p "$APPLE_CERT_PASSWORD" $KEYCHAIN_NAME + security default-keychain -s $KEYCHAIN_NAME + security unlock-keychain -p "$APPLE_CERT_PASSWORD" $KEYCHAIN_NAME + security set-keychain-settings -t 3600 -u $KEYCHAIN_NAME -# Import the certificate into the keychain -echo "Importing certificate into keychain..." -security import "$TEMP_DIR"/certs.p12 -k ~/Library/Keychains/$KEYCHAIN_NAME -P "$APPLE_CERT_PASSWORD" -T /usr/bin/codesign + # Import the certificate into the keychain + echo "Importing certificate into keychain..." + security import "$TEMP_DIR"/certs.p12 -k ~/Library/Keychains/$KEYCHAIN_NAME -P "$APPLE_CERT_PASSWORD" -T /usr/bin/codesign -# Verify the identity in the keychain -echo "Verifying identity..." -security find-identity -p codesigning -v + # Verify the identity in the keychain + echo "Verifying identity..." + security find-identity -p codesigning -v -# Unlock the keychain to allow signing in terminal without asking for password -echo "Unlocking the keychain" -security unlock-keychain -p "$APPLE_CERT_PASSWORD" $KEYCHAIN_NAME -security set-key-partition-list -S apple-tool:,apple:, -s -k "$APPLE_CERT_PASSWORD" -D "$APPLE_TEAM_ID" -t private $KEYCHAIN_NAME + # Unlock the keychain to allow signing in terminal without asking for password + echo "Unlocking the keychain" + security unlock-keychain -p "$APPLE_CERT_PASSWORD" $KEYCHAIN_NAME + security set-key-partition-list -S apple-tool:,apple:, -s -k "$APPLE_CERT_PASSWORD" -D "$APPLE_TEAM_ID" -t private $KEYCHAIN_NAME +} +sign_binary(){ + # Move the binary into the app template + chmod +x jf + mv jf ./build/jf.app/Contents/MacOS/ + # Sign the binary + echo "Signing the binary..." + codesign -s "$APPLE_TEAM_ID" --timestamp --deep --options runtime --force ./build/jf.app/Contents/MacOS/"$BINARY_FILE_NAME" +} -# Move the binary into the app template -chmod +x jf -mv jf ./build/jf.app/Contents/MacOS/ +notarize_app(){ + # Zip it using ditto + ditto -c -k --keepParent ./build/jf.app ./jf-zipped -# Sign the binary -echo "Signing the binary..." -codesign -s "$APPLE_TEAM_ID" --timestamp --deep --options runtime --force ./build/jf.app/Contents/MacOS/"$BINARY_FILE_NAME" + # Notarize App + xcrun notarytool submit jf-zipped --apple-id "$APPLE_ACCOUNT_ID" --team-id "$APPLE_TEAM_ID" --password "$APPLE_APP_SPECIFIC_PASSWORD" --force --wait + # Staple ticket + unzip -o jf-zipped + xcrun stapler staple jf.app -# Zip it using ditto -ditto -c -k --keepParent ./build/jf.app ./jf-zipped +} -# Notarize it -xcrun notarytool submit jf-zipped --apple-id "$APPLE_ACCOUNT_ID" --team-id "$APPLE_TEAM_ID" --password "$APPLE_APP_SPECIFIC_PASSWORD" --force --wait +cleanup(){ + echo "Deleting keychain.." + security delete-keychain "$KEYCHAIN_NAME" + echo "Delete Certificate..." + rm -rf "$TEMP_DIR"/certs.p12 +} -# Staple ticket -unzip -o jf-zipped -xcrun stapler staple -v jf.app + +# Setup +prepare_keychain_and_certificate +# Sign & Notarize +sign_binary +notarize_app # Cleanup -echo "Deleting keychain.." -security delete-keychain $KEYCHAIN_NAME -echo "Delete Certificate..." -rm -rf "$TEMP_DIR"/certs.p12 \ No newline at end of file +cleanup + From 6389c2a6344ef356a25866625f67ac93c4936a58 Mon Sep 17 00:00:00 2001 From: delarea Date: Thu, 4 Jul 2024 16:19:56 +0300 Subject: [PATCH 106/222] Bump version from 1.0.0 to 2.63.0 --- .github/workflows/createMacOSBinaries.yml | 5 +- build/darwin-binary-sign.sh | 80 ------------ build/darwin-sign-and-notarize.sh | 151 ++++++++++++++++++++++ 3 files changed, 154 insertions(+), 82 deletions(-) delete mode 100755 build/darwin-binary-sign.sh create mode 100755 build/darwin-sign-and-notarize.sh diff --git a/.github/workflows/createMacOSBinaries.yml b/.github/workflows/createMacOSBinaries.yml index 3ef9066b4..d1b80e63c 100644 --- a/.github/workflows/createMacOSBinaries.yml +++ b/.github/workflows/createMacOSBinaries.yml @@ -61,7 +61,7 @@ jobs: run: ./build/build.sh # Sign - - name: Sign Binary + - name: Sign & Notarize env: APPLE_CERT_DATA: ${{ secrets.APPLE_CERT_DATA }} APPLE_CERT_PASSWORD: ${{ secrets.APPLE_CERT_PASSWORD }} @@ -69,7 +69,8 @@ jobs: APPLE_ACCOUNT_ID: ${{ secrets.APPLE_ACCOUNT_ID }} APPLE_APP_SPECIFIC_PASSWORD: ${{ secrets.APPLE_APP_SPECIFIC_PASSWORD }} BINARY_FILE_NAME: ${{ env.binaryFileName }} - run: ./build/darwin-binary-sign.sh + APP_TEMPLATE_PATH: ./build/jf.app + run: ./build/darwin-sign-and-notarize.sh # Upload - name: Upload Artifact diff --git a/build/darwin-binary-sign.sh b/build/darwin-binary-sign.sh deleted file mode 100755 index 1112b0dc2..000000000 --- a/build/darwin-binary-sign.sh +++ /dev/null @@ -1,80 +0,0 @@ -#!/bin/bash - - -validateInputs(){ - # Validate input parameters - if [ -z "$APPLE_CERT_DATA" ] || [ -z "$APPLE_CERT_PASSWORD" ] || [ -z "$APPLE_TEAM_ID" ] || [ -z "$BINARY_FILE_NAME" ] ; then - echo "Error: Missing environment variable." - exit 1 - fi -} - -prepare_keychain_and_certificate() { - # Assign environment variables to local variables - # Set temp dir as runner temp dir - TEMP_DIR=$RUNNER_TEMP - KEYCHAIN_NAME="macos-build.keychain" - # Save the decoded certificate data to a temporary file - echo "Saving Certificate to temp files" - echo "$APPLE_CERT_DATA" | base64 --decode > "$TEMP_DIR"/certs.p12 - # Create a new keychain and set it as the default - echo "Creating keychains..." - security create-keychain -p "$APPLE_CERT_PASSWORD" $KEYCHAIN_NAME - security default-keychain -s $KEYCHAIN_NAME - security unlock-keychain -p "$APPLE_CERT_PASSWORD" $KEYCHAIN_NAME - security set-keychain-settings -t 3600 -u $KEYCHAIN_NAME - - # Import the certificate into the keychain - echo "Importing certificate into keychain..." - security import "$TEMP_DIR"/certs.p12 -k ~/Library/Keychains/$KEYCHAIN_NAME -P "$APPLE_CERT_PASSWORD" -T /usr/bin/codesign - - # Verify the identity in the keychain - echo "Verifying identity..." - security find-identity -p codesigning -v - - # Unlock the keychain to allow signing in terminal without asking for password - echo "Unlocking the keychain" - security unlock-keychain -p "$APPLE_CERT_PASSWORD" $KEYCHAIN_NAME - security set-key-partition-list -S apple-tool:,apple:, -s -k "$APPLE_CERT_PASSWORD" -D "$APPLE_TEAM_ID" -t private $KEYCHAIN_NAME -} - -sign_binary(){ - # Move the binary into the app template - chmod +x jf - mv jf ./build/jf.app/Contents/MacOS/ - # Sign the binary - echo "Signing the binary..." - codesign -s "$APPLE_TEAM_ID" --timestamp --deep --options runtime --force ./build/jf.app/Contents/MacOS/"$BINARY_FILE_NAME" -} - -notarize_app(){ - # Zip it using ditto - ditto -c -k --keepParent ./build/jf.app ./jf-zipped - - # Notarize App - xcrun notarytool submit jf-zipped --apple-id "$APPLE_ACCOUNT_ID" --team-id "$APPLE_TEAM_ID" --password "$APPLE_APP_SPECIFIC_PASSWORD" --force --wait - - # Staple ticket - unzip -o jf-zipped - xcrun stapler staple jf.app - -} - -cleanup(){ - echo "Deleting keychain.." - security delete-keychain "$KEYCHAIN_NAME" - echo "Delete Certificate..." - rm -rf "$TEMP_DIR"/certs.p12 -} - - - - -# Setup -prepare_keychain_and_certificate -# Sign & Notarize -sign_binary -notarize_app -# Cleanup -cleanup - diff --git a/build/darwin-sign-and-notarize.sh b/build/darwin-sign-and-notarize.sh new file mode 100755 index 000000000..ddfd204fd --- /dev/null +++ b/build/darwin-sign-and-notarize.sh @@ -0,0 +1,151 @@ +#!/bin/bash + +# This script is used to sign and notarize a binary for MacOS. It consumes the following environment variables: +# +# APPLE_CERT_DATA: The base64 encoded Apple certificate data. +# APPLE_CERT_PASSWORD: The password for the Apple certificate. +# APPLE_TEAM_ID: The Apple Team ID. +# APPLE_ACCOUNT_ID: The Apple Account ID. +# APPLE_APP_SPECIFIC_PASSWORD: The app-specific password for the Apple account. +# BINARY_FILE_NAME: The name of the binary file to be signed and notarized. +# +# APP_TEMPLATE_PATH: The path to the .app template used for notarization. It should have a specific structure: +# - A Contents directory +# - A MacOS directory inside the Contents directory which has to be empty +# - An info.plist file inside the Contents directory +# The name of the executable file should match the name of the .app folder. +# +# All of these environment variables should be currently in order for the process to work. + +validate_app_template_structure() { + if [ -z "$APP_TEMPLATE_PATH" ]; then + echo "Error: APP_TEMPLATE_PATH is not set." + return 1 + fi + + if [ ! -d "$APP_TEMPLATE_PATH" ]; then + echo "Error: $APP_TEMPLATE_PATH is not a directory." + return 1 + fi + + if [ ! -d "$APP_TEMPLATE_PATH/Contents" ]; then + echo "Error: Contents directory does not exist in $APP_TEMPLATE_PATH." + return 1 + fi + + if [ ! -d "$APP_TEMPLATE_PATH/Contents/MacOS" ]; then + echo "Error: MacOS directory does not exist in $APP_TEMPLATE_PATH/Contents." + return 1 + fi + + if [ ! -f "$APP_TEMPLATE_PATH/Contents/info.plist" ]; then + echo "Error: info.plist file does not exist in $APP_TEMPLATE_PATH/Contents." + return 1 + fi + + return 0 + } +validate_binary_name_and_app_template_path() { + # Extract the .app folder name from the APP_TEMPLATE_PATH + app_folder_name=$(basename "$APP_TEMPLATE_PATH" .app) + + # Check if the BINARY_FILE_NAME is the same as the .app folder name + if [ "$BINARY_FILE_NAME" != "$app_folder_name" ]; then + echo "Error: The BINARY_FILE_NAME must match the .app folder name in APP_TEMPLATE_PATH." + return 1 + fi + + return 0 +} + +validateInputs(){ + # Validate input parameters + if [ -z "$APPLE_CERT_DATA" ] || [ -z "$APPLE_CERT_PASSWORD" ] || [ -z "$APPLE_TEAM_ID" ] || [ -z "$BINARY_FILE_NAME" ] ; then + echo "Error: Missing environment variable." + exit 1 + fi + # Validate the APP_TEMPLATE_PATH and BINARY_FILE_NAME has the same name. + validate_binary_name_and_app_template_path + # Validate app template structure + if ! validate_app_template_structure; then + echo "Error: The structure of APP_TEMPLATE_PATH is invalid. Please ensure it contains the following:" + echo "- ├── YOUR_APP.app + └── Contents + └── MacOS + └── info.plist" + echo "- A valid .app structure is needed in order to sign & notarize the binary" + exit 1 + fi +} + +# This function will prepare the keychain and certificate on the machine, needed for signing. +prepare_keychain_and_certificate() { + # Assign environment variables to local variables + # Set temp dir as runner temp dir + TEMP_DIR=$RUNNER_TEMP + KEYCHAIN_NAME="macos-build.keychain" + # Save the decoded certificate data to a temporary file + echo "Saving Certificate to temp files" + echo "$APPLE_CERT_DATA" | base64 --decode > "$TEMP_DIR"/certs.p12 + # Create a new keychain and set it as the default + echo "Creating keychains..." + security create-keychain -p "$APPLE_CERT_PASSWORD" $KEYCHAIN_NAME + security default-keychain -s $KEYCHAIN_NAME + security unlock-keychain -p "$APPLE_CERT_PASSWORD" $KEYCHAIN_NAME + security set-keychain-settings -t 3600 -u $KEYCHAIN_NAME + + # Import the certificate into the keychain + echo "Importing certificate into keychain..." + security import "$TEMP_DIR"/certs.p12 -k ~/Library/Keychains/$KEYCHAIN_NAME -P "$APPLE_CERT_PASSWORD" -T /usr/bin/codesign + + # Verify the identity in the keychain + echo "Verifying identity..." + security find-identity -p codesigning -v + + # Unlock the keychain to allow signing in terminal without asking for password + echo "Unlocking the keychain" + security unlock-keychain -p "$APPLE_CERT_PASSWORD" $KEYCHAIN_NAME + security set-key-partition-list -S apple-tool:,apple:, -s -k "$APPLE_CERT_PASSWORD" -D "$APPLE_TEAM_ID" -t private $KEYCHAIN_NAME +} + +# Signs the binary file copies into the apple bundle template +# The template is needed for notarizing the app +sign_binary(){ + # Sign the binary + echo "Signing the binary..." + codesign -s "$APPLE_TEAM_ID" --timestamp --deep --options runtime --force "$BINARY_FILE_NAME" +} + +# Sends the app for notarization and staples the certificate to the app. +# Binary files cannot be notarized as standalone files, they must be zipped and unzipped later on. +notarize_app(){ + # Move binary inside the app bundle template + mv "$BINARY_FILE_NAME" "$APP_TEMPLATE_PATH"/Contents/MacOS/"$BINARY_FILE_NAME" + # Zip it using ditto + ditto -c -k --keepParent ./build/jf.app ./jf-zipped + # Notarize the zipped app + xcrun notarytool submit jf-zipped --apple-id "$APPLE_ACCOUNT_ID" --team-id "$APPLE_TEAM_ID" --password "$APPLE_APP_SPECIFIC_PASSWORD" --force --wait + # Staple ticket + xcrun stapler staple jf.app + # Unzip the extract the single binary file + unzip -o jf-zipped +} + +cleanup(){ + echo "Deleting keychain.." + security delete-keychain "$KEYCHAIN_NAME" + echo "Delete Certificate..." + rm -rf "$TEMP_DIR"/certs.p12 +} + + + + +# Setup +prepare_keychain_and_certificate +# Sign & Notarize +sign_binary +notarize_app +# Cleanup +cleanup + From 3ca807019b9b2900617adf14378248901b009374 Mon Sep 17 00:00:00 2001 From: delarea Date: Thu, 4 Jul 2024 16:22:52 +0300 Subject: [PATCH 107/222] Bump version from 1.0.0 to 2.64.0 --- .github/workflows/createMacOSBinaries.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/createMacOSBinaries.yml b/.github/workflows/createMacOSBinaries.yml index d1b80e63c..992ff12ac 100644 --- a/.github/workflows/createMacOSBinaries.yml +++ b/.github/workflows/createMacOSBinaries.yml @@ -6,7 +6,7 @@ on: - '**' env: # Name of the binary file that will be singed and uploaded - binaryFileName: jf + binaryFileName: jfa jobs: # If the commit message contains 'Bump version from' # extract the release version number and clear previous artifacts From 083d6a15be413478b03f9308f0c1336be25c6a55 Mon Sep 17 00:00:00 2001 From: delarea Date: Thu, 4 Jul 2024 16:25:42 +0300 Subject: [PATCH 108/222] Bump version from 1.0.0 to 2.64.0 --- build/darwin-sign-and-notarize.sh | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) diff --git a/build/darwin-sign-and-notarize.sh b/build/darwin-sign-and-notarize.sh index ddfd204fd..1fcd81353 100755 --- a/build/darwin-sign-and-notarize.sh +++ b/build/darwin-sign-and-notarize.sh @@ -46,12 +46,15 @@ validate_app_template_structure() { return 0 } validate_binary_name_and_app_template_path() { - # Extract the .app folder name from the APP_TEMPLATE_PATH - app_folder_name=$(basename "$APP_TEMPLATE_PATH" .app) + # Extract the last path from the APP_TEMPLATE_PATH + last_path=$(basename "$APP_TEMPLATE_PATH") - # Check if the BINARY_FILE_NAME is the same as the .app folder name + # Remove the .app extension from the last path + app_folder_name=${last_path%.app} + + # Check if the BINARY_FILE_NAME is the same as the last path without the .app extension if [ "$BINARY_FILE_NAME" != "$app_folder_name" ]; then - echo "Error: The BINARY_FILE_NAME must match the .app folder name in APP_TEMPLATE_PATH." + echo "Error: The BINARY_FILE_NAME must match the last path in APP_TEMPLATE_PATH without the .app extension." return 1 fi From 49f92a183985e3e04950c70d8fa0e9e7cac0fcac Mon Sep 17 00:00:00 2001 From: delarea Date: Thu, 4 Jul 2024 16:31:17 +0300 Subject: [PATCH 109/222] Bump version from 1.0.0 to 2.64.0 --- build/darwin-sign-and-notarize.sh | 25 ++++++++++++++++++++----- 1 file changed, 20 insertions(+), 5 deletions(-) diff --git a/build/darwin-sign-and-notarize.sh b/build/darwin-sign-and-notarize.sh index 1fcd81353..426d98ac4 100755 --- a/build/darwin-sign-and-notarize.sh +++ b/build/darwin-sign-and-notarize.sh @@ -68,7 +68,10 @@ validateInputs(){ exit 1 fi # Validate the APP_TEMPLATE_PATH and BINARY_FILE_NAME has the same name. - validate_binary_name_and_app_template_path + if ! validate_binary_name_and_app_template_path; then + echo "Error: The BINARY_FILE_NAME must match the last path in APP_TEMPLATE_PATH without the .app extension." + exit 1 + fi # Validate app template structure if ! validate_app_template_structure; then echo "Error: The structure of APP_TEMPLATE_PATH is invalid. Please ensure it contains the following:" @@ -99,7 +102,10 @@ prepare_keychain_and_certificate() { # Import the certificate into the keychain echo "Importing certificate into keychain..." - security import "$TEMP_DIR"/certs.p12 -k ~/Library/Keychains/$KEYCHAIN_NAME -P "$APPLE_CERT_PASSWORD" -T /usr/bin/codesign + if ! security import "$TEMP_DIR"/certs.p12 -k ~/Library/Keychains/$KEYCHAIN_NAME -P "$APPLE_CERT_PASSWORD" -T /usr/bin/codesign; then + echo "Error: Failed to import certificate into keychain." + exit 1 + fi # Verify the identity in the keychain echo "Verifying identity..." @@ -116,18 +122,27 @@ prepare_keychain_and_certificate() { sign_binary(){ # Sign the binary echo "Signing the binary..." - codesign -s "$APPLE_TEAM_ID" --timestamp --deep --options runtime --force "$BINARY_FILE_NAME" + if ! codesign -s "$APPLE_TEAM_ID" --timestamp --deep --options runtime --force "$BINARY_FILE_NAME"; then + echo "Error: Failed to sign the binary." + exit 1 + fi } # Sends the app for notarization and staples the certificate to the app. # Binary files cannot be notarized as standalone files, they must be zipped and unzipped later on. notarize_app(){ # Move binary inside the app bundle template - mv "$BINARY_FILE_NAME" "$APP_TEMPLATE_PATH"/Contents/MacOS/"$BINARY_FILE_NAME" + if ! mv "$BINARY_FILE_NAME" "$APP_TEMPLATE_PATH"/Contents/MacOS/"$BINARY_FILE_NAME" ; then + echo "Error: Failed to move the binary to the app template. Please check files exists" + exit 1 + fi # Zip it using ditto ditto -c -k --keepParent ./build/jf.app ./jf-zipped # Notarize the zipped app - xcrun notarytool submit jf-zipped --apple-id "$APPLE_ACCOUNT_ID" --team-id "$APPLE_TEAM_ID" --password "$APPLE_APP_SPECIFIC_PASSWORD" --force --wait + if ! xcrun notarytool submit jf-zipped --apple-id "$APPLE_ACCOUNT_ID" --team-id "$APPLE_TEAM_ID" --password "$APPLE_APP_SPECIFIC_PASSWORD" --force --wait; then + echo "Error: Failed to notarize the app." + exit 1 + fi # Staple ticket xcrun stapler staple jf.app # Unzip the extract the single binary file From 11f17656a1af8870a47f12d5d501a04310d6def2 Mon Sep 17 00:00:00 2001 From: delarea Date: Thu, 4 Jul 2024 16:39:35 +0300 Subject: [PATCH 110/222] Bump version from 1.0.0 to 2.64.0 --- build/darwin-sign-and-notarize.sh | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/build/darwin-sign-and-notarize.sh b/build/darwin-sign-and-notarize.sh index 426d98ac4..e90055109 100755 --- a/build/darwin-sign-and-notarize.sh +++ b/build/darwin-sign-and-notarize.sh @@ -52,6 +52,10 @@ validate_binary_name_and_app_template_path() { # Remove the .app extension from the last path app_folder_name=${last_path%.app} + echo "Binary name comparison to app folder name:" + echo "BINARY_FILE_NAME: $BINARY_FILE_NAME" + echo "app_folder_name: $app_folder_name" + echo "------------------------------------" # Check if the BINARY_FILE_NAME is the same as the last path without the .app extension if [ "$BINARY_FILE_NAME" != "$app_folder_name" ]; then echo "Error: The BINARY_FILE_NAME must match the last path in APP_TEMPLATE_PATH without the .app extension." From a498b9a015de479ef748c3b9962751f5fb20c5ae Mon Sep 17 00:00:00 2001 From: delarea Date: Thu, 4 Jul 2024 16:42:26 +0300 Subject: [PATCH 111/222] Bump version from 1.0.0 to 2.64.0 --- build/darwin-sign-and-notarize.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/build/darwin-sign-and-notarize.sh b/build/darwin-sign-and-notarize.sh index e90055109..4de726a08 100755 --- a/build/darwin-sign-and-notarize.sh +++ b/build/darwin-sign-and-notarize.sh @@ -162,7 +162,7 @@ cleanup(){ - +validateInputs # Setup prepare_keychain_and_certificate # Sign & Notarize From b100e980d6c8a51053e44f79a30abeba7f0cf51f Mon Sep 17 00:00:00 2001 From: delarea Date: Thu, 4 Jul 2024 16:49:12 +0300 Subject: [PATCH 112/222] Add comments --- build/darwin-sign-and-notarize.sh | 17 ++++++++--------- 1 file changed, 8 insertions(+), 9 deletions(-) diff --git a/build/darwin-sign-and-notarize.sh b/build/darwin-sign-and-notarize.sh index 4de726a08..94f7cccb5 100755 --- a/build/darwin-sign-and-notarize.sh +++ b/build/darwin-sign-and-notarize.sh @@ -9,11 +9,14 @@ # APPLE_APP_SPECIFIC_PASSWORD: The app-specific password for the Apple account. # BINARY_FILE_NAME: The name of the binary file to be signed and notarized. # -# APP_TEMPLATE_PATH: The path to the .app template used for notarization. It should have a specific structure: -# - A Contents directory -# - A MacOS directory inside the Contents directory which has to be empty -# - An info.plist file inside the Contents directory -# The name of the executable file should match the name of the .app folder. +# APP_TEMPLATE_PATH: The path to the .app template folder used for notarization. It should have a specific structure: +# Create a folder containing the following structure: +# ├── YOUR_APP.app +# └── Contents +# └── MacOS +# └── Info.plist +# Info.plist file contains apple specific app information which should be filled by the user. +# The name of the executable file should match the name of the YOUR_APP.app folder, i.e YOUR_APP. # # All of these environment variables should be currently in order for the process to work. @@ -52,10 +55,6 @@ validate_binary_name_and_app_template_path() { # Remove the .app extension from the last path app_folder_name=${last_path%.app} - echo "Binary name comparison to app folder name:" - echo "BINARY_FILE_NAME: $BINARY_FILE_NAME" - echo "app_folder_name: $app_folder_name" - echo "------------------------------------" # Check if the BINARY_FILE_NAME is the same as the last path without the .app extension if [ "$BINARY_FILE_NAME" != "$app_folder_name" ]; then echo "Error: The BINARY_FILE_NAME must match the last path in APP_TEMPLATE_PATH without the .app extension." From 70d380197b36482d66b4837b5de8c05ab0e2343e Mon Sep 17 00:00:00 2001 From: delarea Date: Thu, 4 Jul 2024 16:51:02 +0300 Subject: [PATCH 113/222] Bump version from 1.0.0 to 1.0.1 --- .github/workflows/createMacOSBinaries.yml | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/.github/workflows/createMacOSBinaries.yml b/.github/workflows/createMacOSBinaries.yml index 992ff12ac..53e745712 100644 --- a/.github/workflows/createMacOSBinaries.yml +++ b/.github/workflows/createMacOSBinaries.yml @@ -6,7 +6,7 @@ on: - '**' env: # Name of the binary file that will be singed and uploaded - binaryFileName: jfa + binaryFileName: jf jobs: # If the commit message contains 'Bump version from' # extract the release version number and clear previous artifacts @@ -29,7 +29,7 @@ jobs: token: ${{ secrets.JF_GIT_TOKEN }} expire-in: 0 # Setting this to 0 will delete all artifacts - # Builds, signs and uploads the macOS binaries + # Builds, signs, notarize and uploads the macOS binaries prepareBinary: name: Prepare-Binary needs: Extract_Release_Version @@ -60,7 +60,6 @@ jobs: - name: Build run: ./build/build.sh - # Sign - name: Sign & Notarize env: APPLE_CERT_DATA: ${{ secrets.APPLE_CERT_DATA }} From 8ce0d2e5194da2112d6961751d3c86b8ed821388 Mon Sep 17 00:00:00 2001 From: delarea Date: Thu, 4 Jul 2024 17:00:27 +0300 Subject: [PATCH 114/222] Bump version from 1.0.0 to 1.0.2 --- build/darwin-sign-and-notarize.sh | 20 ++++++++++++++------ 1 file changed, 14 insertions(+), 6 deletions(-) diff --git a/build/darwin-sign-and-notarize.sh b/build/darwin-sign-and-notarize.sh index 94f7cccb5..adacc58f9 100755 --- a/build/darwin-sign-and-notarize.sh +++ b/build/darwin-sign-and-notarize.sh @@ -54,6 +54,8 @@ validate_binary_name_and_app_template_path() { # Remove the .app extension from the last path app_folder_name=${last_path%.app} + # Export app_folder_name as an environment variable + export APP_FOLDER_NAME=$app_folder_name # Check if the BINARY_FILE_NAME is the same as the last path without the .app extension if [ "$BINARY_FILE_NAME" != "$app_folder_name" ]; then @@ -140,16 +142,22 @@ notarize_app(){ exit 1 fi # Zip it using ditto - ditto -c -k --keepParent ./build/jf.app ./jf-zipped + temp_zipped_name="$BINARY_FILE_NAME"-zipped + + ditto -c -k --keepParent "$APP_TEMPLATE_PATH" ./temp_zipped_name + # Notarize the zipped app - if ! xcrun notarytool submit jf-zipped --apple-id "$APPLE_ACCOUNT_ID" --team-id "$APPLE_TEAM_ID" --password "$APPLE_APP_SPECIFIC_PASSWORD" --force --wait; then + if ! xcrun notarytool submit temp_zipped_name --apple-id "$APPLE_ACCOUNT_ID" --team-id "$APPLE_TEAM_ID" --password "$APPLE_APP_SPECIFIC_PASSWORD" --force --wait; then echo "Error: Failed to notarize the app." exit 1 fi - # Staple ticket - xcrun stapler staple jf.app - # Unzip the extract the single binary file - unzip -o jf-zipped + # Staple ticket to the app + if ! xcrun stapler staple jf.app; then + echo "Error: Failed to staple the ticket to the app." + exit 1 + fi + # Unzip the single binary file + unzip -o temp_zipped_name /Contents/MacOs ./ } cleanup(){ From ead16c055a8e62be2dc098cc2ca66d8b1a22059a Mon Sep 17 00:00:00 2001 From: delarea Date: Thu, 4 Jul 2024 17:02:28 +0300 Subject: [PATCH 115/222] Bump version from 1.0.0 to 1.0.3 --- build/darwin-sign-and-notarize.sh | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/build/darwin-sign-and-notarize.sh b/build/darwin-sign-and-notarize.sh index adacc58f9..f125dc887 100755 --- a/build/darwin-sign-and-notarize.sh +++ b/build/darwin-sign-and-notarize.sh @@ -144,10 +144,10 @@ notarize_app(){ # Zip it using ditto temp_zipped_name="$BINARY_FILE_NAME"-zipped - ditto -c -k --keepParent "$APP_TEMPLATE_PATH" ./temp_zipped_name + ditto -c -k --keepParent "$APP_TEMPLATE_PATH" ./"$temp_zipped_name" # Notarize the zipped app - if ! xcrun notarytool submit temp_zipped_name --apple-id "$APPLE_ACCOUNT_ID" --team-id "$APPLE_TEAM_ID" --password "$APPLE_APP_SPECIFIC_PASSWORD" --force --wait; then + if ! xcrun notarytool submit "$temp_zipped_name" --apple-id "$APPLE_ACCOUNT_ID" --team-id "$APPLE_TEAM_ID" --password "$APPLE_APP_SPECIFIC_PASSWORD" --force --wait; then echo "Error: Failed to notarize the app." exit 1 fi @@ -157,7 +157,7 @@ notarize_app(){ exit 1 fi # Unzip the single binary file - unzip -o temp_zipped_name /Contents/MacOs ./ + unzip -o "$temp_zipped_name" /Contents/MacOs ./ } cleanup(){ From 706cd5f5ea9969f44c8c82c158a11a4db622f986 Mon Sep 17 00:00:00 2001 From: delarea Date: Thu, 4 Jul 2024 17:06:48 +0300 Subject: [PATCH 116/222] Bump version from 1.0.0 to 1.0.3 --- build/darwin-sign-and-notarize.sh | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/build/darwin-sign-and-notarize.sh b/build/darwin-sign-and-notarize.sh index f125dc887..7e1c20bdb 100755 --- a/build/darwin-sign-and-notarize.sh +++ b/build/darwin-sign-and-notarize.sh @@ -152,8 +152,8 @@ notarize_app(){ exit 1 fi # Staple ticket to the app - if ! xcrun stapler staple jf.app; then - echo "Error: Failed to staple the ticket to the app." + if ! xcrun stapler staple "$temp_zipped_name"; then + echo "Error: Failed to staple the ticket to the app" exit 1 fi # Unzip the single binary file @@ -168,9 +168,8 @@ cleanup(){ } - -validateInputs # Setup +validateInputs prepare_keychain_and_certificate # Sign & Notarize sign_binary From 3f5cec0e15cd37de6fdc0ffd81107e98bb993308 Mon Sep 17 00:00:00 2001 From: delarea Date: Thu, 4 Jul 2024 17:17:54 +0300 Subject: [PATCH 117/222] Bump version from 1.0.0 to 1.0.3 --- build/darwin-sign-and-notarize.sh | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/build/darwin-sign-and-notarize.sh b/build/darwin-sign-and-notarize.sh index 7e1c20bdb..a2cc6ab79 100755 --- a/build/darwin-sign-and-notarize.sh +++ b/build/darwin-sign-and-notarize.sh @@ -144,18 +144,25 @@ notarize_app(){ # Zip it using ditto temp_zipped_name="$BINARY_FILE_NAME"-zipped - ditto -c -k --keepParent "$APP_TEMPLATE_PATH" ./"$temp_zipped_name" + if ! ditto -c -k --keepParent "$APP_TEMPLATE_PATH" ./"$temp_zipped_name"; then + echo "Error: Failed to zip the app." + exit 1 + fi # Notarize the zipped app if ! xcrun notarytool submit "$temp_zipped_name" --apple-id "$APPLE_ACCOUNT_ID" --team-id "$APPLE_TEAM_ID" --password "$APPLE_APP_SPECIFIC_PASSWORD" --force --wait; then echo "Error: Failed to notarize the app." exit 1 fi + echo "Notarization successful." + # Staple ticket to the app if ! xcrun stapler staple "$temp_zipped_name"; then echo "Error: Failed to staple the ticket to the app" exit 1 fi + echo "Stapling successful." + # Unzip the single binary file unzip -o "$temp_zipped_name" /Contents/MacOs ./ } From 8d56246f0674353891dfb34935fd2cb462c1aff9 Mon Sep 17 00:00:00 2001 From: delarea Date: Thu, 4 Jul 2024 17:20:50 +0300 Subject: [PATCH 118/222] Bump version from 1.0.0 to 1.0.3 --- build/darwin-sign-and-notarize.sh | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/build/darwin-sign-and-notarize.sh b/build/darwin-sign-and-notarize.sh index a2cc6ab79..2a8ef6fee 100755 --- a/build/darwin-sign-and-notarize.sh +++ b/build/darwin-sign-and-notarize.sh @@ -156,6 +156,9 @@ notarize_app(){ fi echo "Notarization successful." + # Unzip the notarized app + unzip -o "$temp_zipped_name" + # Staple ticket to the app if ! xcrun stapler staple "$temp_zipped_name"; then echo "Error: Failed to staple the ticket to the app" @@ -163,8 +166,7 @@ notarize_app(){ fi echo "Stapling successful." - # Unzip the single binary file - unzip -o "$temp_zipped_name" /Contents/MacOs ./ + } cleanup(){ From 1484404df07fc968477bed449c2ab64e49a3c91e Mon Sep 17 00:00:00 2001 From: delarea Date: Thu, 4 Jul 2024 17:22:44 +0300 Subject: [PATCH 119/222] Bump version from 1.0.0 to 1.0.3 --- build/darwin-sign-and-notarize.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/build/darwin-sign-and-notarize.sh b/build/darwin-sign-and-notarize.sh index 2a8ef6fee..323a43aa7 100755 --- a/build/darwin-sign-and-notarize.sh +++ b/build/darwin-sign-and-notarize.sh @@ -160,7 +160,7 @@ notarize_app(){ unzip -o "$temp_zipped_name" # Staple ticket to the app - if ! xcrun stapler staple "$temp_zipped_name"; then + if ! xcrun stapler staple "$BINARY_FILE_NAME".app; then echo "Error: Failed to staple the ticket to the app" exit 1 fi From 52e3b206fc6e5963abb3a535133720539f8bf2f5 Mon Sep 17 00:00:00 2001 From: delarea Date: Sun, 7 Jul 2024 10:53:15 +0300 Subject: [PATCH 120/222] Remove deletion of old artifacts --- ...SBinaries.yml => prepareDarwinBinariesForRelease.yml} | 9 +-------- 1 file changed, 1 insertion(+), 8 deletions(-) rename .github/workflows/{createMacOSBinaries.yml => prepareDarwinBinariesForRelease.yml} (89%) diff --git a/.github/workflows/createMacOSBinaries.yml b/.github/workflows/prepareDarwinBinariesForRelease.yml similarity index 89% rename from .github/workflows/createMacOSBinaries.yml rename to .github/workflows/prepareDarwinBinariesForRelease.yml index 53e745712..8b6dae463 100644 --- a/.github/workflows/createMacOSBinaries.yml +++ b/.github/workflows/prepareDarwinBinariesForRelease.yml @@ -23,12 +23,6 @@ jobs: VERSION=$(echo "${{ github.event.head_commit.message }}" | awk -F'to ' '{print $2}' | sed 's/[^0-9.]*//g') echo "version=$VERSION" >> $GITHUB_OUTPUT - - name: Delete-Old-Artifacts - uses: kolpav/purge-artifacts-action@v1 - with: - token: ${{ secrets.JF_GIT_TOKEN }} - expire-in: 0 # Setting this to 0 will delete all artifacts - # Builds, signs, notarize and uploads the macOS binaries prepareBinary: name: Prepare-Binary @@ -36,8 +30,7 @@ jobs: runs-on: macos-latest strategy: matrix: - # goarch: [ arm64,amd64 ] - goarch: [ arm64 ] + goarch: [ arm64,amd64 ] steps: - name: Set Environment Variable run: | From 83284ea4676c23bf2b346c629b81da299cb10c97 Mon Sep 17 00:00:00 2001 From: delarea Date: Sun, 7 Jul 2024 10:59:49 +0300 Subject: [PATCH 121/222] Bump version from 1.0.0 to 2.0.0 From d5a6101e33b53e1d7926e742febc78d226e58879 Mon Sep 17 00:00:00 2001 From: delarea Date: Sun, 7 Jul 2024 11:50:12 +0300 Subject: [PATCH 122/222] Change to workflow dispatch --- .../prepareDarwinBinariesForRelease.yml | 39 +++++++------------ build/bump-version.sh | 3 -- 2 files changed, 13 insertions(+), 29 deletions(-) diff --git a/.github/workflows/prepareDarwinBinariesForRelease.yml b/.github/workflows/prepareDarwinBinariesForRelease.yml index 8b6dae463..b3a02baa4 100644 --- a/.github/workflows/prepareDarwinBinariesForRelease.yml +++ b/.github/workflows/prepareDarwinBinariesForRelease.yml @@ -1,28 +1,20 @@ name: Prepare MacOS binaries for CLI release +# This should be triggered on release by the Jenkins on: - push: - branches: - - v2 # TODO remove after testings - - '**' + workflow_dispatch: + inputs: + releaseVersion: + description: 'Release version' + required: true + default: '0.0.0' + binaryFileName: + description: 'Binary file name' + required: true + default: 'jf' env: - # Name of the binary file that will be singed and uploaded - binaryFileName: jf + binaryFileName: ${{ github.event.inputs.releaseVersion }} + releaseVersion: ${{ github.event.inputs.releaseVersion }} jobs: - # If the commit message contains 'Bump version from' - # extract the release version number and clear previous artifacts - Extract_Release_Version: - name: Extract Release Version - if: ${{ contains(github.event.head_commit.message, 'Bump version from') }} - runs-on: ubuntu-latest - outputs: - version: ${{ steps.extract_version.outputs.version }} - steps: - - name: Extract version - id: extract_version - run: | - VERSION=$(echo "${{ github.event.head_commit.message }}" | awk -F'to ' '{print $2}' | sed 's/[^0-9.]*//g') - echo "version=$VERSION" >> $GITHUB_OUTPUT - # Builds, signs, notarize and uploads the macOS binaries prepareBinary: name: Prepare-Binary @@ -32,11 +24,6 @@ jobs: matrix: goarch: [ arm64,amd64 ] steps: - - name: Set Environment Variable - run: | - echo "releaseVersion=${{ needs.Extract_Release_Version.outputs.version }}" >> $GITHUB_ENV - echo "goarch=${{ matrix.goarch }}" >> $GITHUB_ENV - # Setup - name: Setup Go uses: actions/setup-go@v5 diff --git a/build/bump-version.sh b/build/bump-version.sh index 9351d7a8f..a26781f96 100755 --- a/build/bump-version.sh +++ b/build/bump-version.sh @@ -111,8 +111,5 @@ replaceVersion "build/npm/v2-jf/package.json" "\"version\": \"$fromVersion\"," " echo "Version bumped successfully." ## Push the new branch, with the version bump -## Important Note! -## If changing this commit message, you must edit the createMacOsBinaries.yml workflow. -## As it triggers by the commit message format. git commit -m "Bump version from $fromVersion to $toVersion" git push --set-upstream origin "$branchName" From 24bc7985ae13e6e6d90a1289f68d9da8addabb3c Mon Sep 17 00:00:00 2001 From: delarea Date: Sun, 7 Jul 2024 11:56:40 +0300 Subject: [PATCH 123/222] Change name --- .github/workflows/prepareDarwinBinariesForRelease.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/prepareDarwinBinariesForRelease.yml b/.github/workflows/prepareDarwinBinariesForRelease.yml index b3a02baa4..3ef26f6cb 100644 --- a/.github/workflows/prepareDarwinBinariesForRelease.yml +++ b/.github/workflows/prepareDarwinBinariesForRelease.yml @@ -1,4 +1,4 @@ -name: Prepare MacOS binaries for CLI release +name: Sign Dawrin Binaries for Release # This should be triggered on release by the Jenkins on: workflow_dispatch: From bd3bc8f4ac0225edc7695219e0b28e6a27ce9e48 Mon Sep 17 00:00:00 2001 From: delarea Date: Sun, 7 Jul 2024 12:07:32 +0300 Subject: [PATCH 124/222] Validate Script --- .github/workflows/prepareDarwinBinariesForRelease.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/.github/workflows/prepareDarwinBinariesForRelease.yml b/.github/workflows/prepareDarwinBinariesForRelease.yml index 3ef26f6cb..468eb82bf 100644 --- a/.github/workflows/prepareDarwinBinariesForRelease.yml +++ b/.github/workflows/prepareDarwinBinariesForRelease.yml @@ -1,5 +1,4 @@ name: Sign Dawrin Binaries for Release -# This should be triggered on release by the Jenkins on: workflow_dispatch: inputs: From 51318d4f675dc1462e58c5d15cab86139898efeb Mon Sep 17 00:00:00 2001 From: delarea Date: Sun, 7 Jul 2024 12:08:52 +0300 Subject: [PATCH 125/222] Test init --- .github/workflows/prepareDarwinBinariesForRelease.yml | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/.github/workflows/prepareDarwinBinariesForRelease.yml b/.github/workflows/prepareDarwinBinariesForRelease.yml index 468eb82bf..569306b6b 100644 --- a/.github/workflows/prepareDarwinBinariesForRelease.yml +++ b/.github/workflows/prepareDarwinBinariesForRelease.yml @@ -1,5 +1,10 @@ name: Sign Dawrin Binaries for Release on: + push: + branches: + - '**' + tags-ignore: + - '**' workflow_dispatch: inputs: releaseVersion: From 9334e4d32c48ac7e4bcc1fd1ab045465953b667d Mon Sep 17 00:00:00 2001 From: delarea Date: Sun, 7 Jul 2024 12:09:57 +0300 Subject: [PATCH 126/222] fix workflow --- .github/workflows/prepareDarwinBinariesForRelease.yml | 6 ------ 1 file changed, 6 deletions(-) diff --git a/.github/workflows/prepareDarwinBinariesForRelease.yml b/.github/workflows/prepareDarwinBinariesForRelease.yml index 569306b6b..ffdc7b7c5 100644 --- a/.github/workflows/prepareDarwinBinariesForRelease.yml +++ b/.github/workflows/prepareDarwinBinariesForRelease.yml @@ -1,10 +1,5 @@ name: Sign Dawrin Binaries for Release on: - push: - branches: - - '**' - tags-ignore: - - '**' workflow_dispatch: inputs: releaseVersion: @@ -22,7 +17,6 @@ jobs: # Builds, signs, notarize and uploads the macOS binaries prepareBinary: name: Prepare-Binary - needs: Extract_Release_Version runs-on: macos-latest strategy: matrix: From 5a3bef3f5dd655cf96628fb91185e2854fbbf5ba Mon Sep 17 00:00:00 2001 From: delarea Date: Sun, 7 Jul 2024 12:12:34 +0300 Subject: [PATCH 127/222] fix workflow --- .github/workflows/prepareDarwinBinariesForRelease.yml | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/.github/workflows/prepareDarwinBinariesForRelease.yml b/.github/workflows/prepareDarwinBinariesForRelease.yml index ffdc7b7c5..6a1932b4d 100644 --- a/.github/workflows/prepareDarwinBinariesForRelease.yml +++ b/.github/workflows/prepareDarwinBinariesForRelease.yml @@ -1,5 +1,10 @@ name: Sign Dawrin Binaries for Release on: + push: + branches: + - '**' + tags-ignore: + - '**' workflow_dispatch: inputs: releaseVersion: From 92d878b94e29b766f238e3b5f0b41383f76ffabc Mon Sep 17 00:00:00 2001 From: delarea Date: Sun, 7 Jul 2024 12:13:19 +0300 Subject: [PATCH 128/222] fix workflow --- .../workflows/prepareDarwinBinariesForRelease.yml | 14 -------------- 1 file changed, 14 deletions(-) diff --git a/.github/workflows/prepareDarwinBinariesForRelease.yml b/.github/workflows/prepareDarwinBinariesForRelease.yml index 6a1932b4d..0810b1d0d 100644 --- a/.github/workflows/prepareDarwinBinariesForRelease.yml +++ b/.github/workflows/prepareDarwinBinariesForRelease.yml @@ -1,20 +1,6 @@ name: Sign Dawrin Binaries for Release on: - push: - branches: - - '**' - tags-ignore: - - '**' workflow_dispatch: - inputs: - releaseVersion: - description: 'Release version' - required: true - default: '0.0.0' - binaryFileName: - description: 'Binary file name' - required: true - default: 'jf' env: binaryFileName: ${{ github.event.inputs.releaseVersion }} releaseVersion: ${{ github.event.inputs.releaseVersion }} From 4fd11a9909da33718f7170537bf03ab053cadea1 Mon Sep 17 00:00:00 2001 From: delarea Date: Sun, 7 Jul 2024 12:15:32 +0300 Subject: [PATCH 129/222] fix workflow --- .../workflows/prepareDarwinBinariesForRelease.yml | 15 ++++++++++++--- 1 file changed, 12 insertions(+), 3 deletions(-) diff --git a/.github/workflows/prepareDarwinBinariesForRelease.yml b/.github/workflows/prepareDarwinBinariesForRelease.yml index 0810b1d0d..217d23dda 100644 --- a/.github/workflows/prepareDarwinBinariesForRelease.yml +++ b/.github/workflows/prepareDarwinBinariesForRelease.yml @@ -1,9 +1,18 @@ name: Sign Dawrin Binaries for Release on: workflow_dispatch: -env: - binaryFileName: ${{ github.event.inputs.releaseVersion }} - releaseVersion: ${{ github.event.inputs.releaseVersion }} + inputs: + releaseVersion: + description: 'Release version' + required: true + default: '0.0.0' + binaryFileName: + description: 'Binary file name' + required: true + default: 'jf' +#env: +# binaryFileName: ${{ github.event.inputs.releaseVersion }} +# releaseVersion: ${{ github.event.inputs.releaseVersion }} jobs: # Builds, signs, notarize and uploads the macOS binaries prepareBinary: From 3723ab7959be5d5d24d530a19561dd1a81fcacfb Mon Sep 17 00:00:00 2001 From: delarea Date: Sun, 7 Jul 2024 12:17:48 +0300 Subject: [PATCH 130/222] fix workflow --- .github/workflows/prepareDarwinBinariesForRelease.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/prepareDarwinBinariesForRelease.yml b/.github/workflows/prepareDarwinBinariesForRelease.yml index 217d23dda..ffdc7b7c5 100644 --- a/.github/workflows/prepareDarwinBinariesForRelease.yml +++ b/.github/workflows/prepareDarwinBinariesForRelease.yml @@ -10,9 +10,9 @@ on: description: 'Binary file name' required: true default: 'jf' -#env: -# binaryFileName: ${{ github.event.inputs.releaseVersion }} -# releaseVersion: ${{ github.event.inputs.releaseVersion }} +env: + binaryFileName: ${{ github.event.inputs.releaseVersion }} + releaseVersion: ${{ github.event.inputs.releaseVersion }} jobs: # Builds, signs, notarize and uploads the macOS binaries prepareBinary: From bb743b2024dac0dbd1acd837ae8ac882b0314eea Mon Sep 17 00:00:00 2001 From: delarea Date: Sun, 7 Jul 2024 12:19:56 +0300 Subject: [PATCH 131/222] Fix binary file name --- .github/workflows/prepareDarwinBinariesForRelease.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/prepareDarwinBinariesForRelease.yml b/.github/workflows/prepareDarwinBinariesForRelease.yml index ffdc7b7c5..7de6f9f97 100644 --- a/.github/workflows/prepareDarwinBinariesForRelease.yml +++ b/.github/workflows/prepareDarwinBinariesForRelease.yml @@ -11,7 +11,7 @@ on: required: true default: 'jf' env: - binaryFileName: ${{ github.event.inputs.releaseVersion }} + binaryFileName: ${{ github.event.inputs.binaryFileName }} releaseVersion: ${{ github.event.inputs.releaseVersion }} jobs: # Builds, signs, notarize and uploads the macOS binaries From ad98ce0c85013fda6099e38b368921075525bf0c Mon Sep 17 00:00:00 2001 From: delarea Date: Sun, 7 Jul 2024 14:34:47 +0300 Subject: [PATCH 132/222] Fix jenkins file --- Jenkinsfile | 61 +++++++++++++++++++++++++++++++++++++++-------------- 1 file changed, 45 insertions(+), 16 deletions(-) diff --git a/Jenkinsfile b/Jenkinsfile index 3f5d74678..32af9bb92 100644 --- a/Jenkinsfile +++ b/Jenkinsfile @@ -523,19 +523,47 @@ def dockerLogin(){ def buildAndUploadDarwin(goarch) { def BINARY_NAME = "jf.exe" sh """#!/bin/bash - # Query all artifacts - baseUrl="https://api.github.com/repos/eyaldelarea/jfrog-cli/actions/artifacts" - response=$(curl -s $baseUrl) - # Get specific goarch artifact and version - artifactUrl=$(echo $response | jq -r ".artifacts[] | select(.name | contains(\"v$releaseVersion-$goarch\")) | .archive_download_url") + # Get specific URL with retries for cases where the upload of the artifact takes some time. + get_specific_artifact_url_with_retries() { + local max_retries=5 + local cooldown=15 # Cooldown in seconds + local retry_count=0 + while [ $retry_count -lt $max_retries ]; do + response=$(curl -L \ + -H "Accept: application/vnd.github+json" \ + -H "Authorization: Bearer $GITHUB_ACCESS_TOKEN" \ + -H "X-GitHub-Api-Version: 2022-11-28" \ + -s https://api.github.com/repos/eyaldelarea/jfrog-cli/actions/artifacts) + + artifactUrl=$(echo $response | jq -r ".artifacts[] | select(.name | contains(\"v$releaseVersion-$goarch\")) | .archive_download_url") + + # Check for a valid response, if not try again. + if [[ -z !"$artifactUrl" || "$artifactUrl" =~ ^https?://.+ ]]; then + echo $artifactUrl + return 0 + else + retry_count=$((retry_count+1)) + sleep $cooldown + fi + done + + # If this point is reached, max retries were exceeded + echo "Curl request failed after $max_retries attempts." + return 1 + } - # Validate the URL + downloadSignedMacOSBinaries() { + echo "Downloading Singed MacOS Binaries for goarch: $goarch, release version: $releaseVersion" + # Get specific artifact URL + artifactUrl=$(get_specific_artifact_url_with_retries) + + # Validate the URL if [[ -z "$artifactUrl" || ! "$artifactUrl" =~ ^https?://.+ ]]; then - echo "URL does not exist or is not valid, please validate the release version artifacts exists! $releaseVersion" + echo "$artifactUrl" + echo "Failed to find uploaded artifact for version:$releaseVersion and goarch:$goarch, please validate the artifacts were successfuly uploaded" exit 1 fi - # download artifact curl -L \ -H "Accept: application/vnd.github+json" \ @@ -545,21 +573,22 @@ def buildAndUploadDarwin(goarch) { # unzip tar -xvf zip - # delete zip rm -rf zip - # Make executable chmod +x jf - mv ./jf ./$BINARY_NAME # Validate - ./$BINARY_NAME --version + ./jf --version - """ + } - uploadBinaryToJfrogRepo21(currentBuild.pkg, BINARY_NAME) // Modify this line + # Call the function + downloadSignedMacOSBinaries -} + """ + + uploadBinaryToJfrogRepo21(currentBuild.pkg, BINARY_NAME) -} \ No newline at end of file + } + } \ No newline at end of file From cfbe901b32cf6b6f8208e5df77c17e81f660bf04 Mon Sep 17 00:00:00 2001 From: delarea Date: Sun, 7 Jul 2024 16:55:06 +0300 Subject: [PATCH 133/222] Split by binary name --- .../workflows/prepareDarwinBinariesForRelease.yml | 2 +- .../{ => appleBundles}/jf.app/Contents/Info.plist | 0 .../jf.app/Contents/MacOs/.gitignore | 0 build/appleBundles/jfrog.app/Contents/Info.plist | 14 ++++++++++++++ .../jfrog.app/Contents/MacOs/.gitignore | 0 5 files changed, 15 insertions(+), 1 deletion(-) rename build/{ => appleBundles}/jf.app/Contents/Info.plist (100%) rename build/{ => appleBundles}/jf.app/Contents/MacOs/.gitignore (100%) create mode 100644 build/appleBundles/jfrog.app/Contents/Info.plist create mode 100644 build/appleBundles/jfrog.app/Contents/MacOs/.gitignore diff --git a/.github/workflows/prepareDarwinBinariesForRelease.yml b/.github/workflows/prepareDarwinBinariesForRelease.yml index 7de6f9f97..7b03fe179 100644 --- a/.github/workflows/prepareDarwinBinariesForRelease.yml +++ b/.github/workflows/prepareDarwinBinariesForRelease.yml @@ -46,7 +46,7 @@ jobs: APPLE_ACCOUNT_ID: ${{ secrets.APPLE_ACCOUNT_ID }} APPLE_APP_SPECIFIC_PASSWORD: ${{ secrets.APPLE_APP_SPECIFIC_PASSWORD }} BINARY_FILE_NAME: ${{ env.binaryFileName }} - APP_TEMPLATE_PATH: ./build/jf.app + APP_TEMPLATE_PATH: ./build/appleBundles/${{ env.binaryFileName }}.app run: ./build/darwin-sign-and-notarize.sh # Upload diff --git a/build/jf.app/Contents/Info.plist b/build/appleBundles/jf.app/Contents/Info.plist similarity index 100% rename from build/jf.app/Contents/Info.plist rename to build/appleBundles/jf.app/Contents/Info.plist diff --git a/build/jf.app/Contents/MacOs/.gitignore b/build/appleBundles/jf.app/Contents/MacOs/.gitignore similarity index 100% rename from build/jf.app/Contents/MacOs/.gitignore rename to build/appleBundles/jf.app/Contents/MacOs/.gitignore diff --git a/build/appleBundles/jfrog.app/Contents/Info.plist b/build/appleBundles/jfrog.app/Contents/Info.plist new file mode 100644 index 000000000..cb965d74d --- /dev/null +++ b/build/appleBundles/jfrog.app/Contents/Info.plist @@ -0,0 +1,14 @@ + + + + + CFBundleDevelopmentRegion + en + CFBundleName + JFrog-CLI + CFBundleDisplayName + JFrog-CLI + CFBundleIdentifier + com.jfrog.jfrog-cli + + \ No newline at end of file diff --git a/build/appleBundles/jfrog.app/Contents/MacOs/.gitignore b/build/appleBundles/jfrog.app/Contents/MacOs/.gitignore new file mode 100644 index 000000000..e69de29bb From e5ab4ba124c033f1e4ce1cef0a67b85ef2adaada Mon Sep 17 00:00:00 2001 From: delarea Date: Sun, 7 Jul 2024 16:57:53 +0300 Subject: [PATCH 134/222] Add binary name to build --- .github/workflows/prepareDarwinBinariesForRelease.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/prepareDarwinBinariesForRelease.yml b/.github/workflows/prepareDarwinBinariesForRelease.yml index 7b03fe179..8b7293efb 100644 --- a/.github/workflows/prepareDarwinBinariesForRelease.yml +++ b/.github/workflows/prepareDarwinBinariesForRelease.yml @@ -36,7 +36,7 @@ jobs: # with: # ref: v2 - name: Build - run: ./build/build.sh + run: ./build/build.sh ${{ env.binaryFileName }} - name: Sign & Notarize env: From 27fac9e2d415439aed292296dc68d0915adb437e Mon Sep 17 00:00:00 2001 From: delarea Date: Sun, 7 Jul 2024 17:00:00 +0300 Subject: [PATCH 135/222] Add binary name to build --- .github/workflows/prepareDarwinBinariesForRelease.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/prepareDarwinBinariesForRelease.yml b/.github/workflows/prepareDarwinBinariesForRelease.yml index 8b7293efb..9d7c02b5d 100644 --- a/.github/workflows/prepareDarwinBinariesForRelease.yml +++ b/.github/workflows/prepareDarwinBinariesForRelease.yml @@ -54,7 +54,7 @@ jobs: uses: actions/upload-artifact@v4 with: name: ${{ env.binaryFileName }}-darwin-v${{ env.releaseVersion }}-${{ matrix.goarch }} - path: ./build/jf.app/Contents/MacOS/${{ env.binaryFileName }} + path: ./build/${{ env.binaryFileName }}.app/Contents/MacOS/${{ env.binaryFileName }} retention-days: 1 From 182c4b18d5e4dfa6db8dde82f713ab1bcd8feda2 Mon Sep 17 00:00:00 2001 From: delarea Date: Sun, 7 Jul 2024 17:00:00 +0300 Subject: [PATCH 136/222] Fail if no artifacts were uploaded --- .github/workflows/prepareDarwinBinariesForRelease.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/.github/workflows/prepareDarwinBinariesForRelease.yml b/.github/workflows/prepareDarwinBinariesForRelease.yml index 8b7293efb..58c6c0be3 100644 --- a/.github/workflows/prepareDarwinBinariesForRelease.yml +++ b/.github/workflows/prepareDarwinBinariesForRelease.yml @@ -54,7 +54,8 @@ jobs: uses: actions/upload-artifact@v4 with: name: ${{ env.binaryFileName }}-darwin-v${{ env.releaseVersion }}-${{ matrix.goarch }} - path: ./build/jf.app/Contents/MacOS/${{ env.binaryFileName }} + path: ./build/test.app/Contents/MacOS/${{ env.binaryFileName }} retention-days: 1 + if-no-files-found: error From 688b69649959fedd08e5511085e0f76f6c0ae098 Mon Sep 17 00:00:00 2001 From: delarea Date: Sun, 7 Jul 2024 17:01:57 +0300 Subject: [PATCH 137/222] Fix name --- .github/workflows/prepareDarwinBinariesForRelease.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/prepareDarwinBinariesForRelease.yml b/.github/workflows/prepareDarwinBinariesForRelease.yml index 58c6c0be3..6cd64dd6b 100644 --- a/.github/workflows/prepareDarwinBinariesForRelease.yml +++ b/.github/workflows/prepareDarwinBinariesForRelease.yml @@ -54,7 +54,7 @@ jobs: uses: actions/upload-artifact@v4 with: name: ${{ env.binaryFileName }}-darwin-v${{ env.releaseVersion }}-${{ matrix.goarch }} - path: ./build/test.app/Contents/MacOS/${{ env.binaryFileName }} + path: ./build/${{ env.binaryFileName }}.app/Contents/MacOS/${{ env.binaryFileName }} retention-days: 1 if-no-files-found: error From 887d372a72e4b7ed11e199b8bb4d2316210155ba Mon Sep 17 00:00:00 2001 From: delarea Date: Sun, 7 Jul 2024 17:04:40 +0300 Subject: [PATCH 138/222] Test --- .github/workflows/prepareDarwinBinariesForRelease.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/prepareDarwinBinariesForRelease.yml b/.github/workflows/prepareDarwinBinariesForRelease.yml index 6cd64dd6b..a7160bf7e 100644 --- a/.github/workflows/prepareDarwinBinariesForRelease.yml +++ b/.github/workflows/prepareDarwinBinariesForRelease.yml @@ -54,7 +54,7 @@ jobs: uses: actions/upload-artifact@v4 with: name: ${{ env.binaryFileName }}-darwin-v${{ env.releaseVersion }}-${{ matrix.goarch }} - path: ./build/${{ env.binaryFileName }}.app/Contents/MacOS/${{ env.binaryFileName }} + path: ./build/wrongName.app/Contents/MacOS/${{ env.binaryFileName }} retention-days: 1 if-no-files-found: error From ace821f3246faea9e4ecae28d1dcf31b3b36ef5e Mon Sep 17 00:00:00 2001 From: delarea Date: Sun, 7 Jul 2024 17:06:22 +0300 Subject: [PATCH 139/222] Fix app name --- .github/workflows/prepareDarwinBinariesForRelease.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/prepareDarwinBinariesForRelease.yml b/.github/workflows/prepareDarwinBinariesForRelease.yml index a7160bf7e..6cd64dd6b 100644 --- a/.github/workflows/prepareDarwinBinariesForRelease.yml +++ b/.github/workflows/prepareDarwinBinariesForRelease.yml @@ -54,7 +54,7 @@ jobs: uses: actions/upload-artifact@v4 with: name: ${{ env.binaryFileName }}-darwin-v${{ env.releaseVersion }}-${{ matrix.goarch }} - path: ./build/wrongName.app/Contents/MacOS/${{ env.binaryFileName }} + path: ./build/${{ env.binaryFileName }}.app/Contents/MacOS/${{ env.binaryFileName }} retention-days: 1 if-no-files-found: error From 1c50c2f20b2c62536803f2fcfe5ad56eba67acce Mon Sep 17 00:00:00 2001 From: delarea Date: Sun, 7 Jul 2024 17:12:18 +0300 Subject: [PATCH 140/222] add sign macos binaries to Jenkinsfile --- .../prepareDarwinBinariesForRelease.yml | 5 ++--- Jenkinsfile | 20 +++++++++++++++++-- 2 files changed, 20 insertions(+), 5 deletions(-) diff --git a/.github/workflows/prepareDarwinBinariesForRelease.yml b/.github/workflows/prepareDarwinBinariesForRelease.yml index 6cd64dd6b..b06618588 100644 --- a/.github/workflows/prepareDarwinBinariesForRelease.yml +++ b/.github/workflows/prepareDarwinBinariesForRelease.yml @@ -32,9 +32,8 @@ jobs: # Build - name: Checkout Source uses: actions/checkout@v4 -# TODO uncomment this after tests -# with: -# ref: v2 + with: + ref: dev - name: Build run: ./build/build.sh ${{ env.binaryFileName }} diff --git a/Jenkinsfile b/Jenkinsfile index 32af9bb92..ea4c5f94a 100644 --- a/Jenkinsfile +++ b/Jenkinsfile @@ -120,6 +120,8 @@ def runRelease(architectures) { // We sign the binary also for the standalone Windows executable, and not just for Windows executable packaged inside Chocolaty. downloadToolsCert() + // Prepare Signed MacOS binaries + triggerDarwinBinariesSigning() print "Uploading version $version to Repo21" uploadCli(architectures) stage("Distribute executables") { @@ -517,6 +519,22 @@ def dockerLogin(){ } } +// This will trigger the github action that will sign and notarize the MacOS binaries. +// The artifacts will be uploaded to Github artifacts +// and then will passed to the release process. +def triggerDarwinBinariesSigning(){ + stage("Sign MacOS binaries"){ + sh """#!/bin/bash + curl -L \ + -X POST \ + -H "Accept: application/vnd.github+json" \ + -H "Authorization: Bearer $GITHUB_ACCESS_TOKEN" \ + -H "X-GitHub-Api-Version: 2022-11-28" \ + https://api.github.com/repos/jfrog/jfrog-cli/actions/workflows/prepareDarwinBinariesForRelease.yml/dispatches \ + -d '{"ref":"v2","inputs":{"releaseVersion":$releaseVersion,"binaryFileName":$cliExecutableName"}}' + """ + } +} // The Darwin build requires a unique process because it is signed during the GitHub actions workflow. // Subsequently, we must download the signed build and upload it to repo21. @@ -589,6 +607,4 @@ def buildAndUploadDarwin(goarch) { """ uploadBinaryToJfrogRepo21(currentBuild.pkg, BINARY_NAME) - - } } \ No newline at end of file From 22a7acada9b2d5fd175c2edd4a98d010b6d315f9 Mon Sep 17 00:00:00 2001 From: delarea Date: Sun, 7 Jul 2024 17:15:54 +0300 Subject: [PATCH 141/222] Fix upload path --- .github/workflows/prepareDarwinBinariesForRelease.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/prepareDarwinBinariesForRelease.yml b/.github/workflows/prepareDarwinBinariesForRelease.yml index b06618588..2cfd60b3d 100644 --- a/.github/workflows/prepareDarwinBinariesForRelease.yml +++ b/.github/workflows/prepareDarwinBinariesForRelease.yml @@ -53,7 +53,7 @@ jobs: uses: actions/upload-artifact@v4 with: name: ${{ env.binaryFileName }}-darwin-v${{ env.releaseVersion }}-${{ matrix.goarch }} - path: ./build/${{ env.binaryFileName }}.app/Contents/MacOS/${{ env.binaryFileName }} + path: ./build/appleBundles/${{ env.binaryFileName }}.app/Contents/MacOS/${{ env.binaryFileName }} retention-days: 1 if-no-files-found: error From 0874203ca60c2e48e916ebd28b976405d06159f8 Mon Sep 17 00:00:00 2001 From: delarea Date: Sun, 7 Jul 2024 17:59:14 +0300 Subject: [PATCH 142/222] Move the stage to start of release --- Jenkinsfile | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/Jenkinsfile b/Jenkinsfile index ea4c5f94a..281b4e6ba 100644 --- a/Jenkinsfile +++ b/Jenkinsfile @@ -87,6 +87,14 @@ def getCliVersion(exePath) { } def runRelease(architectures) { + + stage('Sign MacOS binaries') { + // Prepare Signed MacOS binaries + // This happens at the start of the release process, so the binaries will be ready + // for the release process later on. + triggerDarwinBinariesSigning() + } + stage('Build JFrog CLI') { sh "echo Running release for executable name: '$cliExecutableName'" @@ -120,8 +128,6 @@ def runRelease(architectures) { // We sign the binary also for the standalone Windows executable, and not just for Windows executable packaged inside Chocolaty. downloadToolsCert() - // Prepare Signed MacOS binaries - triggerDarwinBinariesSigning() print "Uploading version $version to Repo21" uploadCli(architectures) stage("Distribute executables") { From a941b6f659ba11dc03dfd1db86045cf57b11e74f Mon Sep 17 00:00:00 2001 From: delarea Date: Sun, 7 Jul 2024 18:02:23 +0300 Subject: [PATCH 143/222] Fix executable name --- Jenkinsfile | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) diff --git a/Jenkinsfile b/Jenkinsfile index 281b4e6ba..32f4df2ac 100644 --- a/Jenkinsfile +++ b/Jenkinsfile @@ -545,9 +545,8 @@ def triggerDarwinBinariesSigning(){ // The Darwin build requires a unique process because it is signed during the GitHub actions workflow. // Subsequently, we must download the signed build and upload it to repo21. def buildAndUploadDarwin(goarch) { - def BINARY_NAME = "jf.exe" - sh """#!/bin/bash + sh """#!/bin/bash # Get specific URL with retries for cases where the upload of the artifact takes some time. get_specific_artifact_url_with_retries() { local max_retries=5 @@ -585,7 +584,7 @@ def buildAndUploadDarwin(goarch) { # Validate the URL if [[ -z "$artifactUrl" || ! "$artifactUrl" =~ ^https?://.+ ]]; then echo "$artifactUrl" - echo "Failed to find uploaded artifact for version:$releaseVersion and goarch:$goarch, please validate the artifacts were successfuly uploaded" + echo "Failed to find uploaded artifact for version:$releaseVersion and goarch:$goarch, please validate the artifacts were successfully uploaded" exit 1 fi # download artifact @@ -600,10 +599,10 @@ def buildAndUploadDarwin(goarch) { # delete zip rm -rf zip - chmod +x jf + chmod +x $cliExecutableName # Validate - ./jf --version + ./$cliExecutableName --version } From a7c9bffc851bdd50b10b8190fa75e3448cd29c8f Mon Sep 17 00:00:00 2001 From: delarea Date: Sun, 7 Jul 2024 18:07:19 +0300 Subject: [PATCH 144/222] Download by executable name as well --- Jenkinsfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Jenkinsfile b/Jenkinsfile index 32f4df2ac..b8c9f6027 100644 --- a/Jenkinsfile +++ b/Jenkinsfile @@ -559,7 +559,7 @@ def buildAndUploadDarwin(goarch) { -H "X-GitHub-Api-Version: 2022-11-28" \ -s https://api.github.com/repos/eyaldelarea/jfrog-cli/actions/artifacts) - artifactUrl=$(echo $response | jq -r ".artifacts[] | select(.name | contains(\"v$releaseVersion-$goarch\")) | .archive_download_url") + artifactUrl=$(echo $response | jq -r ".artifacts[] | select(.name | contains(\"$cliExecutableName-darwin-v$releaseVersion-$goarch\")) | .archive_download_url") # Check for a valid response, if not try again. if [[ -z !"$artifactUrl" || "$artifactUrl" =~ ^https?://.+ ]]; then From 546c44a2d99f61ea48e5327e5b3206db2b775556 Mon Sep 17 00:00:00 2001 From: delarea Date: Mon, 8 Jul 2024 16:10:57 +0300 Subject: [PATCH 145/222] Rename --- Jenkinsfile | 21 ++++++++++++--------- 1 file changed, 12 insertions(+), 9 deletions(-) diff --git a/Jenkinsfile b/Jenkinsfile index b8c9f6027..948ffe162 100644 --- a/Jenkinsfile +++ b/Jenkinsfile @@ -92,7 +92,7 @@ def runRelease(architectures) { // Prepare Signed MacOS binaries // This happens at the start of the release process, so the binaries will be ready // for the release process later on. - triggerDarwinBinariesSigning() + triggerDarwinBinariesSigningWorkflow() } stage('Build JFrog CLI') { @@ -324,7 +324,7 @@ def uploadCli(architectures) { stage("Build and upload ${currentBuild.pkg}") { // MacOS binaries should be downloaded from GitHub packages, as they are signed there. if (currentBuild.goos == 'darwin') { - buildAndUploadDarwin(currentBuild.goarch,currentBuild.fileExtension)() + downloadDarwinSignedBinaries(currentBuild.goarch,currentBuild.fileExtension)() } else { buildAndUpload(currentBuild.goos, currentBuild.goarch, currentBuild.pkg, currentBuild.fileExtension) } @@ -525,10 +525,9 @@ def dockerLogin(){ } } -// This will trigger the github action that will sign and notarize the MacOS binaries. +// This will trigger the Github action that will sign and notarize the MacOS binaries. // The artifacts will be uploaded to Github artifacts -// and then will passed to the release process. -def triggerDarwinBinariesSigning(){ +def triggerDarwinBinariesSigningWorkflow(){ stage("Sign MacOS binaries"){ sh """#!/bin/bash curl -L \ @@ -542,12 +541,15 @@ def triggerDarwinBinariesSigning(){ } } -// The Darwin build requires a unique process because it is signed during the GitHub actions workflow. -// Subsequently, we must download the signed build and upload it to repo21. -def buildAndUploadDarwin(goarch) { +// The Darwin binaries are signed in GitHub actions. +// This function will make sure to download the specific artifact according to +// executable name and release version. +// As the GitHub action may take some time, we will retry to download the artifact with timeout. +def downloadDarwinSignedBinaries(goarch) { sh """#!/bin/bash - # Get specific URL with retries for cases where the upload of the artifact takes some time. + + # List all artifacts under the repository and filter the current artifact by version, executable and goarch. get_specific_artifact_url_with_retries() { local max_retries=5 local cooldown=15 # Cooldown in seconds @@ -578,6 +580,7 @@ def buildAndUploadDarwin(goarch) { downloadSignedMacOSBinaries() { echo "Downloading Singed MacOS Binaries for goarch: $goarch, release version: $releaseVersion" + # Get specific artifact URL artifactUrl=$(get_specific_artifact_url_with_retries) From e3667a039b5aa275e8d4ea1f0fdf70fd6a9075a4 Mon Sep 17 00:00:00 2001 From: delarea Date: Mon, 8 Jul 2024 16:13:21 +0300 Subject: [PATCH 146/222] Fix var name --- Jenkinsfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Jenkinsfile b/Jenkinsfile index 948ffe162..751afa9ac 100644 --- a/Jenkinsfile +++ b/Jenkinsfile @@ -614,5 +614,5 @@ def downloadDarwinSignedBinaries(goarch) { """ - uploadBinaryToJfrogRepo21(currentBuild.pkg, BINARY_NAME) + uploadBinaryToJfrogRepo21(currentBuild.pkg, $cliExecutableName) } \ No newline at end of file From adfef6eab0bb40f0cc58a3d87ab0ae261fc12267 Mon Sep 17 00:00:00 2001 From: delarea Date: Tue, 9 Jul 2024 16:10:00 +0300 Subject: [PATCH 147/222] Don't modify app_template path & remove binary_name var --- build/darwin-sign-and-notarize.sh | 63 +++++++++++++++---------------- 1 file changed, 31 insertions(+), 32 deletions(-) diff --git a/build/darwin-sign-and-notarize.sh b/build/darwin-sign-and-notarize.sh index 323a43aa7..539fc2a3c 100755 --- a/build/darwin-sign-and-notarize.sh +++ b/build/darwin-sign-and-notarize.sh @@ -7,13 +7,13 @@ # APPLE_TEAM_ID: The Apple Team ID. # APPLE_ACCOUNT_ID: The Apple Account ID. # APPLE_APP_SPECIFIC_PASSWORD: The app-specific password for the Apple account. -# BINARY_FILE_NAME: The name of the binary file to be signed and notarized. # # APP_TEMPLATE_PATH: The path to the .app template folder used for notarization. It should have a specific structure: # Create a folder containing the following structure: # ├── YOUR_APP.app # └── Contents # └── MacOS +# └── YOUR_APP (executable file) # └── Info.plist # Info.plist file contains apple specific app information which should be filled by the user. # The name of the executable file should match the name of the YOUR_APP.app folder, i.e YOUR_APP. @@ -46,43 +46,36 @@ validate_app_template_structure() { return 1 fi + + # Extract the last path from the APP_TEMPLATE_PATH + last_path=$(basename "$APP_TEMPLATE_PATH") + # Remove the .app extension from the last path + executableName=${last_path%.app} + # Export executableName as an environment variable + export EXECUTABLE_NAME=$executableName + # Check if the executableName is the same as the last path without the .app extension + if [ ! -f "$APP_TEMPLATE_PATH/Contents/MacOS/$executableName" ]; then + echo "Error: The executable name must match the APP_TEMPLATE_PATH name without the .app extension." + return 1 + fi + return 0 } -validate_binary_name_and_app_template_path() { - # Extract the last path from the APP_TEMPLATE_PATH - last_path=$(basename "$APP_TEMPLATE_PATH") - - # Remove the .app extension from the last path - app_folder_name=${last_path%.app} - # Export app_folder_name as an environment variable - export APP_FOLDER_NAME=$app_folder_name - - # Check if the BINARY_FILE_NAME is the same as the last path without the .app extension - if [ "$BINARY_FILE_NAME" != "$app_folder_name" ]; then - echo "Error: The BINARY_FILE_NAME must match the last path in APP_TEMPLATE_PATH without the .app extension." - return 1 - fi - - return 0 -} validateInputs(){ # Validate input parameters - if [ -z "$APPLE_CERT_DATA" ] || [ -z "$APPLE_CERT_PASSWORD" ] || [ -z "$APPLE_TEAM_ID" ] || [ -z "$BINARY_FILE_NAME" ] ; then + if [ -z "$APPLE_CERT_DATA" ] || [ -z "$APPLE_CERT_PASSWORD" ] || [ -z "$APPLE_TEAM_ID" ] ; then echo "Error: Missing environment variable." exit 1 fi - # Validate the APP_TEMPLATE_PATH and BINARY_FILE_NAME has the same name. - if ! validate_binary_name_and_app_template_path; then - echo "Error: The BINARY_FILE_NAME must match the last path in APP_TEMPLATE_PATH without the .app extension." - exit 1 - fi + # Validate app template structure if ! validate_app_template_structure; then echo "Error: The structure of APP_TEMPLATE_PATH is invalid. Please ensure it contains the following:" echo "- ├── YOUR_APP.app └── Contents └── MacOS + └── YOUR_APP (executable file) └── info.plist" echo "- A valid .app structure is needed in order to sign & notarize the binary" exit 1 @@ -127,7 +120,7 @@ prepare_keychain_and_certificate() { sign_binary(){ # Sign the binary echo "Signing the binary..." - if ! codesign -s "$APPLE_TEAM_ID" --timestamp --deep --options runtime --force "$BINARY_FILE_NAME"; then + if ! codesign -s "$APPLE_TEAM_ID" --timestamp --deep --options runtime --force "$EXECUTABLE_NAME"; then echo "Error: Failed to sign the binary." exit 1 fi @@ -136,13 +129,15 @@ sign_binary(){ # Sends the app for notarization and staples the certificate to the app. # Binary files cannot be notarized as standalone files, they must be zipped and unzipped later on. notarize_app(){ - # Move binary inside the app bundle template - if ! mv "$BINARY_FILE_NAME" "$APP_TEMPLATE_PATH"/Contents/MacOS/"$BINARY_FILE_NAME" ; then - echo "Error: Failed to move the binary to the app template. Please check files exists" - exit 1 - fi + # Create a temporary directory and change into it + temp_dir=$(mktemp -d) + pushd "$temp_dir" || exit + + # Copy the APP_TEMPLATE_PATH directory to the current temporary directory + cp -r "$APP_TEMPLATE_PATH" . + # Zip it using ditto - temp_zipped_name="$BINARY_FILE_NAME"-zipped + temp_zipped_name="$EXECUTABLE_NAME"-zipped if ! ditto -c -k --keepParent "$APP_TEMPLATE_PATH" ./"$temp_zipped_name"; then echo "Error: Failed to zip the app." @@ -160,13 +155,17 @@ notarize_app(){ unzip -o "$temp_zipped_name" # Staple ticket to the app - if ! xcrun stapler staple "$BINARY_FILE_NAME".app; then + if ! xcrun stapler staple "$EXECUTABLE_NAME".app; then echo "Error: Failed to staple the ticket to the app" exit 1 fi echo "Stapling successful." + # Return to the previous directory and remove the temporary directory + popd || exit + rm -rf "$temp_dir" + } cleanup(){ From fd39bdb6efec23fcf393e014152d087124dc3b53 Mon Sep 17 00:00:00 2001 From: delarea Date: Tue, 9 Jul 2024 16:13:21 +0300 Subject: [PATCH 148/222] Move binary to template --- .github/workflows/prepareDarwinBinariesForRelease.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/.github/workflows/prepareDarwinBinariesForRelease.yml b/.github/workflows/prepareDarwinBinariesForRelease.yml index 2cfd60b3d..0b18e2946 100644 --- a/.github/workflows/prepareDarwinBinariesForRelease.yml +++ b/.github/workflows/prepareDarwinBinariesForRelease.yml @@ -36,6 +36,8 @@ jobs: ref: dev - name: Build run: ./build/build.sh ${{ env.binaryFileName }} + - name: Copy binary to macOS bundle + run: cp ./${{ env.binaryFileName }} ./build/appleBundles/${{ env.binaryFileName }}.app/Contents/MacOS/${{ env.binaryFileName }} - name: Sign & Notarize env: @@ -44,7 +46,6 @@ jobs: APPLE_TEAM_ID: ${{ secrets.APPLE_TEAM_ID }} APPLE_ACCOUNT_ID: ${{ secrets.APPLE_ACCOUNT_ID }} APPLE_APP_SPECIFIC_PASSWORD: ${{ secrets.APPLE_APP_SPECIFIC_PASSWORD }} - BINARY_FILE_NAME: ${{ env.binaryFileName }} APP_TEMPLATE_PATH: ./build/appleBundles/${{ env.binaryFileName }}.app run: ./build/darwin-sign-and-notarize.sh From 063ef54a9f3c433755651288f2ab6e62fd9268b3 Mon Sep 17 00:00:00 2001 From: delarea Date: Wed, 10 Jul 2024 12:18:22 +0300 Subject: [PATCH 149/222] Remove Binary file name input Remove binary file name input --- build/darwin-sign-and-notarize.sh | 53 ++++++++++++++----------------- 1 file changed, 23 insertions(+), 30 deletions(-) diff --git a/build/darwin-sign-and-notarize.sh b/build/darwin-sign-and-notarize.sh index 323a43aa7..424926b32 100755 --- a/build/darwin-sign-and-notarize.sh +++ b/build/darwin-sign-and-notarize.sh @@ -7,14 +7,14 @@ # APPLE_TEAM_ID: The Apple Team ID. # APPLE_ACCOUNT_ID: The Apple Account ID. # APPLE_APP_SPECIFIC_PASSWORD: The app-specific password for the Apple account. -# BINARY_FILE_NAME: The name of the binary file to be signed and notarized. # # APP_TEMPLATE_PATH: The path to the .app template folder used for notarization. It should have a specific structure: # Create a folder containing the following structure: -# ├── YOUR_APP.app -# └── Contents -# └── MacOS -# └── Info.plist +# YOUR_APP.app +# ├── Contents +# ├── MacOS +# │ └── YOUR_APP (executable file) +# └── Info.plist # Info.plist file contains apple specific app information which should be filled by the user. # The name of the executable file should match the name of the YOUR_APP.app folder, i.e YOUR_APP. # @@ -46,25 +46,22 @@ validate_app_template_structure() { return 1 fi + # Extract the last path from the APP_TEMPLATE_PATH + last_path=$(basename "$APP_TEMPLATE_PATH") + # Remove the .app extension from the last path + app_name_without_extension=${last_path%.app} + # Export app_name_without_extension as an environment variable + export BINARY_FILE_NAME=$app_name_without_extension + + # Check if the executable file exists in the MacOS folder + if [ ! -f "$APP_TEMPLATE_PATH/Contents/MacOS/$EXECUTABLE_NAME" ]; then + echo "Error: $EXECUTABLE_NAME not found inside the MacOS folder." + return 1 + fi + return 0 } -validate_binary_name_and_app_template_path() { - # Extract the last path from the APP_TEMPLATE_PATH - last_path=$(basename "$APP_TEMPLATE_PATH") - - # Remove the .app extension from the last path - app_folder_name=${last_path%.app} - # Export app_folder_name as an environment variable - export APP_FOLDER_NAME=$app_folder_name - - # Check if the BINARY_FILE_NAME is the same as the last path without the .app extension - if [ "$BINARY_FILE_NAME" != "$app_folder_name" ]; then - echo "Error: The BINARY_FILE_NAME must match the last path in APP_TEMPLATE_PATH without the .app extension." - return 1 - fi - return 0 -} validateInputs(){ # Validate input parameters @@ -72,18 +69,14 @@ validateInputs(){ echo "Error: Missing environment variable." exit 1 fi - # Validate the APP_TEMPLATE_PATH and BINARY_FILE_NAME has the same name. - if ! validate_binary_name_and_app_template_path; then - echo "Error: The BINARY_FILE_NAME must match the last path in APP_TEMPLATE_PATH without the .app extension." - exit 1 - fi # Validate app template structure if ! validate_app_template_structure; then echo "Error: The structure of APP_TEMPLATE_PATH is invalid. Please ensure it contains the following:" - echo "- ├── YOUR_APP.app - └── Contents - └── MacOS - └── info.plist" + echo "- YOUR_APP.app + ├── Contents + ├── MacOS + │ └── YOUR_APP (executable file) + └── Info.plist" echo "- A valid .app structure is needed in order to sign & notarize the binary" exit 1 fi From b4f52ca8c273bd0c5b2c369ede3c0aea388d79aa Mon Sep 17 00:00:00 2001 From: delarea Date: Wed, 10 Jul 2024 13:09:06 +0300 Subject: [PATCH 150/222] Make use of temp dir --- build/darwin-sign-and-notarize.sh | 47 ++++++++++++++++++++++--------- 1 file changed, 33 insertions(+), 14 deletions(-) diff --git a/build/darwin-sign-and-notarize.sh b/build/darwin-sign-and-notarize.sh index 424926b32..bf86d8764 100755 --- a/build/darwin-sign-and-notarize.sh +++ b/build/darwin-sign-and-notarize.sh @@ -48,14 +48,16 @@ validate_app_template_structure() { # Extract the last path from the APP_TEMPLATE_PATH last_path=$(basename "$APP_TEMPLATE_PATH") + echo "$last_path" # Remove the .app extension from the last path app_name_without_extension=${last_path%.app} + echo "$app_name_without_extension" # Export app_name_without_extension as an environment variable export BINARY_FILE_NAME=$app_name_without_extension # Check if the executable file exists in the MacOS folder - if [ ! -f "$APP_TEMPLATE_PATH/Contents/MacOS/$EXECUTABLE_NAME" ]; then - echo "Error: $EXECUTABLE_NAME not found inside the MacOS folder." + if [ ! -f "$APP_TEMPLATE_PATH/Contents/MacOS/$BINARY_FILE_NAME" ]; then + echo "Error: $BINARY_FILE_NAME not found inside the MacOS folder." return 1 fi @@ -65,8 +67,16 @@ validate_app_template_structure() { validateInputs(){ # Validate input parameters - if [ -z "$APPLE_CERT_DATA" ] || [ -z "$APPLE_CERT_PASSWORD" ] || [ -z "$APPLE_TEAM_ID" ] || [ -z "$BINARY_FILE_NAME" ] ; then - echo "Error: Missing environment variable." + if [ -z "$APPLE_CERT_DATA" ]; then + echo "Error: Missing APPLE_CERT_DATA environment variable." + exit 1 + fi + if [ -z "$APPLE_CERT_PASSWORD" ]; then + echo "Error: Missing APPLE_CERT_PASSWORD environment variable." + exit 1 + fi + if [ -z "$APPLE_TEAM_ID" ]; then + echo "Error: Missing APPLE_TEAM_ID environment variable." exit 1 fi # Validate app template structure @@ -120,24 +130,28 @@ prepare_keychain_and_certificate() { sign_binary(){ # Sign the binary echo "Signing the binary..." - if ! codesign -s "$APPLE_TEAM_ID" --timestamp --deep --options runtime --force "$BINARY_FILE_NAME"; then + if ! codesign -s "$APPLE_TEAM_ID" --timestamp --deep --options runtime --force "$APP_TEMPLATE_PATH"/Contents/MacOS/"$BINARY_FILE_NAME"; then echo "Error: Failed to sign the binary." exit 1 fi + echo "Successfully signed the binary." } # Sends the app for notarization and staples the certificate to the app. # Binary files cannot be notarized as standalone files, they must be zipped and unzipped later on. notarize_app(){ - # Move binary inside the app bundle template - if ! mv "$BINARY_FILE_NAME" "$APP_TEMPLATE_PATH"/Contents/MacOS/"$BINARY_FILE_NAME" ; then - echo "Error: Failed to move the binary to the app template. Please check files exists" - exit 1 - fi + # Create a new temporary directory and store its path + temp_dir=$(mktemp -d) + # Remember the current directory + current_dir=$(pwd) + # Copy contents of the app template to the temporary directory + cp -r "$APP_TEMPLATE_PATH" "$temp_dir" + # Change into the temporary directory + cd "$temp_dir" || exit + # Zip it using ditto temp_zipped_name="$BINARY_FILE_NAME"-zipped - - if ! ditto -c -k --keepParent "$APP_TEMPLATE_PATH" ./"$temp_zipped_name"; then + if ! ditto -c -k --keepParent "$BINARY_FILE_NAME".app "./$temp_zipped_name"; then echo "Error: Failed to zip the app." exit 1 fi @@ -159,7 +173,12 @@ notarize_app(){ fi echo "Stapling successful." + cp "$BINARY_FILE_NAME" "$current_dir" + # Change back to the original directory + cd "$current_dir" || exit + Delete the temporary directory + rm -rf "$temp_dir" } cleanup(){ @@ -172,10 +191,10 @@ cleanup(){ # Setup validateInputs -prepare_keychain_and_certificate +#prepare_keychain_and_certificate # Sign & Notarize sign_binary notarize_app # Cleanup -cleanup +#cleanup From bbf165a78e0cbb580c034a3548375eed6f6167c3 Mon Sep 17 00:00:00 2001 From: delarea Date: Wed, 10 Jul 2024 13:12:59 +0300 Subject: [PATCH 151/222] Move binary to template --- .github/workflows/prepareDarwinBinariesForRelease.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/.github/workflows/prepareDarwinBinariesForRelease.yml b/.github/workflows/prepareDarwinBinariesForRelease.yml index 2cfd60b3d..c54fa5373 100644 --- a/.github/workflows/prepareDarwinBinariesForRelease.yml +++ b/.github/workflows/prepareDarwinBinariesForRelease.yml @@ -36,6 +36,8 @@ jobs: ref: dev - name: Build run: ./build/build.sh ${{ env.binaryFileName }} + - name: Move to app bundle + run: mv ${{ env.binaryFileName }} ./build/appleBundles/${{ env.binaryFileName }}.app/Contents/MacOS - name: Sign & Notarize env: @@ -44,7 +46,6 @@ jobs: APPLE_TEAM_ID: ${{ secrets.APPLE_TEAM_ID }} APPLE_ACCOUNT_ID: ${{ secrets.APPLE_ACCOUNT_ID }} APPLE_APP_SPECIFIC_PASSWORD: ${{ secrets.APPLE_APP_SPECIFIC_PASSWORD }} - BINARY_FILE_NAME: ${{ env.binaryFileName }} APP_TEMPLATE_PATH: ./build/appleBundles/${{ env.binaryFileName }}.app run: ./build/darwin-sign-and-notarize.sh From 9ec0abcaaf641afed315ffbf62eb69e2973b7354 Mon Sep 17 00:00:00 2001 From: delarea Date: Wed, 10 Jul 2024 13:14:14 +0300 Subject: [PATCH 152/222] Remove echos --- build/darwin-sign-and-notarize.sh | 2 -- 1 file changed, 2 deletions(-) diff --git a/build/darwin-sign-and-notarize.sh b/build/darwin-sign-and-notarize.sh index bf86d8764..2385e1f17 100755 --- a/build/darwin-sign-and-notarize.sh +++ b/build/darwin-sign-and-notarize.sh @@ -48,10 +48,8 @@ validate_app_template_structure() { # Extract the last path from the APP_TEMPLATE_PATH last_path=$(basename "$APP_TEMPLATE_PATH") - echo "$last_path" # Remove the .app extension from the last path app_name_without_extension=${last_path%.app} - echo "$app_name_without_extension" # Export app_name_without_extension as an environment variable export BINARY_FILE_NAME=$app_name_without_extension From 91965bacc010e87b5123b420987afc976790a499 Mon Sep 17 00:00:00 2001 From: delarea Date: Wed, 10 Jul 2024 13:15:52 +0300 Subject: [PATCH 153/222] Setup --- build/darwin-sign-and-notarize.sh | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/build/darwin-sign-and-notarize.sh b/build/darwin-sign-and-notarize.sh index 2385e1f17..23957e7f1 100755 --- a/build/darwin-sign-and-notarize.sh +++ b/build/darwin-sign-and-notarize.sh @@ -189,10 +189,10 @@ cleanup(){ # Setup validateInputs -#prepare_keychain_and_certificate -# Sign & Notarize +prepare_keychain_and_certificate +#Sign & Notarize sign_binary notarize_app # Cleanup -#cleanup +cleanup From 303d6041a454d390a5a394a4c4bc189b41d26015 Mon Sep 17 00:00:00 2001 From: delarea Date: Wed, 10 Jul 2024 13:18:45 +0300 Subject: [PATCH 154/222] Fix copy signed binary --- build/darwin-sign-and-notarize.sh | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/build/darwin-sign-and-notarize.sh b/build/darwin-sign-and-notarize.sh index 23957e7f1..6faa3d6cd 100755 --- a/build/darwin-sign-and-notarize.sh +++ b/build/darwin-sign-and-notarize.sh @@ -171,11 +171,11 @@ notarize_app(){ fi echo "Stapling successful." - cp "$BINARY_FILE_NAME" "$current_dir" + cp ./"$BINARY_FILE_NAME" "$current_dir" # Change back to the original directory cd "$current_dir" || exit - Delete the temporary directory + # Delete the temporary directory rm -rf "$temp_dir" } @@ -189,10 +189,10 @@ cleanup(){ # Setup validateInputs -prepare_keychain_and_certificate +#prepare_keychain_and_certificate #Sign & Notarize sign_binary notarize_app # Cleanup -cleanup +#cleanup From 9805f647dbdb6b84f5c8d287823c4a91e27e6262 Mon Sep 17 00:00:00 2001 From: delarea Date: Wed, 10 Jul 2024 13:52:38 +0300 Subject: [PATCH 155/222] prepare --- build/darwin-sign-and-notarize.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/build/darwin-sign-and-notarize.sh b/build/darwin-sign-and-notarize.sh index 6faa3d6cd..1213d0568 100755 --- a/build/darwin-sign-and-notarize.sh +++ b/build/darwin-sign-and-notarize.sh @@ -189,10 +189,10 @@ cleanup(){ # Setup validateInputs -#prepare_keychain_and_certificate +prepare_keychain_and_certificate #Sign & Notarize sign_binary notarize_app # Cleanup -#cleanup +cleanup From 090016a8b32402413e8ea2a864e28a924f1498f3 Mon Sep 17 00:00:00 2001 From: delarea Date: Wed, 10 Jul 2024 13:55:39 +0300 Subject: [PATCH 156/222] extract binary --- build/darwin-sign-and-notarize.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/build/darwin-sign-and-notarize.sh b/build/darwin-sign-and-notarize.sh index 1213d0568..89583c568 100755 --- a/build/darwin-sign-and-notarize.sh +++ b/build/darwin-sign-and-notarize.sh @@ -171,7 +171,7 @@ notarize_app(){ fi echo "Stapling successful." - cp ./"$BINARY_FILE_NAME" "$current_dir" + cp ./"$BINARY_FILE_NAME".app/Contents/MacOS/"$BINARY_FILE_NAME" "$current_dir" # Change back to the original directory cd "$current_dir" || exit From 27df1cf53c35cc6edf1275261dac70055d63c3c4 Mon Sep 17 00:00:00 2001 From: Eyal Delarea Date: Wed, 10 Jul 2024 14:01:36 +0300 Subject: [PATCH 157/222] Update prepareDarwinBinariesForRelease.yml --- .github/workflows/prepareDarwinBinariesForRelease.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/prepareDarwinBinariesForRelease.yml b/.github/workflows/prepareDarwinBinariesForRelease.yml index c54fa5373..67c51adcc 100644 --- a/.github/workflows/prepareDarwinBinariesForRelease.yml +++ b/.github/workflows/prepareDarwinBinariesForRelease.yml @@ -54,7 +54,7 @@ jobs: uses: actions/upload-artifact@v4 with: name: ${{ env.binaryFileName }}-darwin-v${{ env.releaseVersion }}-${{ matrix.goarch }} - path: ./build/appleBundles/${{ env.binaryFileName }}.app/Contents/MacOS/${{ env.binaryFileName }} + path: ./{{ env.binaryFileName }} retention-days: 1 if-no-files-found: error From c83b4162971456267d72e315a2a2f7e88e096e30 Mon Sep 17 00:00:00 2001 From: delarea Date: Wed, 10 Jul 2024 14:39:39 +0300 Subject: [PATCH 158/222] logs --- build/darwin-sign-and-notarize.sh | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/build/darwin-sign-and-notarize.sh b/build/darwin-sign-and-notarize.sh index 89583c568..bb253e588 100755 --- a/build/darwin-sign-and-notarize.sh +++ b/build/darwin-sign-and-notarize.sh @@ -7,7 +7,6 @@ # APPLE_TEAM_ID: The Apple Team ID. # APPLE_ACCOUNT_ID: The Apple Account ID. # APPLE_APP_SPECIFIC_PASSWORD: The app-specific password for the Apple account. -# # APP_TEMPLATE_PATH: The path to the .app template folder used for notarization. It should have a specific structure: # Create a folder containing the following structure: # YOUR_APP.app @@ -17,8 +16,7 @@ # └── Info.plist # Info.plist file contains apple specific app information which should be filled by the user. # The name of the executable file should match the name of the YOUR_APP.app folder, i.e YOUR_APP. -# -# All of these environment variables should be currently in order for the process to work. + validate_app_template_structure() { if [ -z "$APP_TEMPLATE_PATH" ]; then @@ -171,10 +169,13 @@ notarize_app(){ fi echo "Stapling successful." + echo "Coping binary to the current directory.." cp ./"$BINARY_FILE_NAME".app/Contents/MacOS/"$BINARY_FILE_NAME" "$current_dir" # Change back to the original directory cd "$current_dir" || exit + ls -la + # Delete the temporary directory rm -rf "$temp_dir" } From e0c15c17d3ed6d3daa23cd1c4471a4f824aa32ce Mon Sep 17 00:00:00 2001 From: delarea Date: Wed, 10 Jul 2024 14:43:27 +0300 Subject: [PATCH 159/222] test --- .github/workflows/prepareDarwinBinariesForRelease.yml | 6 +++++- build/darwin-sign-and-notarize.sh | 5 ++++- 2 files changed, 9 insertions(+), 2 deletions(-) diff --git a/.github/workflows/prepareDarwinBinariesForRelease.yml b/.github/workflows/prepareDarwinBinariesForRelease.yml index 67c51adcc..ed3addb70 100644 --- a/.github/workflows/prepareDarwinBinariesForRelease.yml +++ b/.github/workflows/prepareDarwinBinariesForRelease.yml @@ -20,7 +20,8 @@ jobs: runs-on: macos-latest strategy: matrix: - goarch: [ arm64,amd64 ] +# goarch: [ arm64,amd64 ] + goarch: [ arm64 ] steps: # Setup - name: Setup Go @@ -49,6 +50,9 @@ jobs: APP_TEMPLATE_PATH: ./build/appleBundles/${{ env.binaryFileName }}.app run: ./build/darwin-sign-and-notarize.sh + - name: pwd + run: pwd + # Upload - name: Upload Artifact uses: actions/upload-artifact@v4 diff --git a/build/darwin-sign-and-notarize.sh b/build/darwin-sign-and-notarize.sh index bb253e588..29c0a1bde 100755 --- a/build/darwin-sign-and-notarize.sh +++ b/build/darwin-sign-and-notarize.sh @@ -171,9 +171,12 @@ notarize_app(){ echo "Coping binary to the current directory.." cp ./"$BINARY_FILE_NAME".app/Contents/MacOS/"$BINARY_FILE_NAME" "$current_dir" + pwd + ls -ls + # Change back to the original directory cd "$current_dir" || exit - + pwd ls -la # Delete the temporary directory From bafd3b84d43cc774b3c89e8a63cc14b5b16cacbd Mon Sep 17 00:00:00 2001 From: delarea Date: Wed, 10 Jul 2024 14:47:54 +0300 Subject: [PATCH 160/222] test --- .github/workflows/prepareDarwinBinariesForRelease.yml | 5 +---- build/darwin-sign-and-notarize.sh | 6 ++---- 2 files changed, 3 insertions(+), 8 deletions(-) diff --git a/.github/workflows/prepareDarwinBinariesForRelease.yml b/.github/workflows/prepareDarwinBinariesForRelease.yml index ed3addb70..c0d0e2110 100644 --- a/.github/workflows/prepareDarwinBinariesForRelease.yml +++ b/.github/workflows/prepareDarwinBinariesForRelease.yml @@ -50,15 +50,12 @@ jobs: APP_TEMPLATE_PATH: ./build/appleBundles/${{ env.binaryFileName }}.app run: ./build/darwin-sign-and-notarize.sh - - name: pwd - run: pwd - # Upload - name: Upload Artifact uses: actions/upload-artifact@v4 with: name: ${{ env.binaryFileName }}-darwin-v${{ env.releaseVersion }}-${{ matrix.goarch }} - path: ./{{ env.binaryFileName }} + path: ./${{ env.binaryFileName }} retention-days: 1 if-no-files-found: error diff --git a/build/darwin-sign-and-notarize.sh b/build/darwin-sign-and-notarize.sh index 29c0a1bde..dfe048f0f 100755 --- a/build/darwin-sign-and-notarize.sh +++ b/build/darwin-sign-and-notarize.sh @@ -171,13 +171,11 @@ notarize_app(){ echo "Coping binary to the current directory.." cp ./"$BINARY_FILE_NAME".app/Contents/MacOS/"$BINARY_FILE_NAME" "$current_dir" - pwd - ls -ls + # Change back to the original directory cd "$current_dir" || exit - pwd - ls -la + # Delete the temporary directory rm -rf "$temp_dir" From 13fdd11adfce0fd01e63185d494b1d359ae8e185 Mon Sep 17 00:00:00 2001 From: delarea Date: Wed, 10 Jul 2024 17:22:00 +0300 Subject: [PATCH 161/222] Refactor --- build/darwin-sign-and-notarize.sh | 219 +++++++++++++----------------- 1 file changed, 92 insertions(+), 127 deletions(-) diff --git a/build/darwin-sign-and-notarize.sh b/build/darwin-sign-and-notarize.sh index dfe048f0f..a5646c898 100755 --- a/build/darwin-sign-and-notarize.sh +++ b/build/darwin-sign-and-notarize.sh @@ -16,49 +16,44 @@ # └── Info.plist # Info.plist file contains apple specific app information which should be filled by the user. # The name of the executable file should match the name of the YOUR_APP.app folder, i.e YOUR_APP. +# +# The output of the script is the signed and notarized binary file into the current directory. +# Validates the structure of the app template directory. validate_app_template_structure() { - if [ -z "$APP_TEMPLATE_PATH" ]; then - echo "Error: APP_TEMPLATE_PATH is not set." - return 1 - fi - - if [ ! -d "$APP_TEMPLATE_PATH" ]; then - echo "Error: $APP_TEMPLATE_PATH is not a directory." - return 1 - fi - - if [ ! -d "$APP_TEMPLATE_PATH/Contents" ]; then - echo "Error: Contents directory does not exist in $APP_TEMPLATE_PATH." - return 1 - fi - - if [ ! -d "$APP_TEMPLATE_PATH/Contents/MacOS" ]; then - echo "Error: MacOS directory does not exist in $APP_TEMPLATE_PATH/Contents." - return 1 - fi - - if [ ! -f "$APP_TEMPLATE_PATH/Contents/info.plist" ]; then - echo "Error: info.plist file does not exist in $APP_TEMPLATE_PATH/Contents." - return 1 - fi - - # Extract the last path from the APP_TEMPLATE_PATH - last_path=$(basename "$APP_TEMPLATE_PATH") - # Remove the .app extension from the last path - app_name_without_extension=${last_path%.app} - # Export app_name_without_extension as an environment variable - export BINARY_FILE_NAME=$app_name_without_extension - - # Check if the executable file exists in the MacOS folder - if [ ! -f "$APP_TEMPLATE_PATH/Contents/MacOS/$BINARY_FILE_NAME" ]; then - echo "Error: $BINARY_FILE_NAME not found inside the MacOS folder." - return 1 - fi - - return 0 - } + if [ ! -d "$APP_TEMPLATE_PATH" ]; then + echo "Error: $APP_TEMPLATE_PATH directory does not exist." + return 1 + fi + + if [ ! -d "$APP_TEMPLATE_PATH/Contents" ]; then + echo "Error: Contents directory does not exist in $APP_TEMPLATE_PATH." + return 1 + fi + + if [ ! -d "$APP_TEMPLATE_PATH/Contents/MacOS" ]; then + echo "Error: MacOS directory does not exist in $APP_TEMPLATE_PATH/Contents." + return 1 + fi + + if [ ! -f "$APP_TEMPLATE_PATH/Contents/info.plist" ]; then + echo "Error: info.plist file does not exist in $APP_TEMPLATE_PATH/Contents." + return 1 + fi + + local last_path + last_path=$(basename "$APP_TEMPLATE_PATH") + local app_name_without_extension=${last_path%.app} + export BINARY_FILE_NAME=$app_name_without_extension + + if [ ! -f "$APP_TEMPLATE_PATH/Contents/MacOS/$BINARY_FILE_NAME" ]; then + echo "Error: $BINARY_FILE_NAME not found inside the MacOS folder." + return 1 + fi + + return 0 +} validateInputs(){ @@ -88,113 +83,83 @@ validateInputs(){ fi } -# This function will prepare the keychain and certificate on the machine, needed for signing. +# Prepares the keychain and certificate for signing. prepare_keychain_and_certificate() { - # Assign environment variables to local variables - # Set temp dir as runner temp dir - TEMP_DIR=$RUNNER_TEMP - KEYCHAIN_NAME="macos-build.keychain" - # Save the decoded certificate data to a temporary file - echo "Saving Certificate to temp files" - echo "$APPLE_CERT_DATA" | base64 --decode > "$TEMP_DIR"/certs.p12 - # Create a new keychain and set it as the default - echo "Creating keychains..." - security create-keychain -p "$APPLE_CERT_PASSWORD" $KEYCHAIN_NAME - security default-keychain -s $KEYCHAIN_NAME - security unlock-keychain -p "$APPLE_CERT_PASSWORD" $KEYCHAIN_NAME - security set-keychain-settings -t 3600 -u $KEYCHAIN_NAME - - # Import the certificate into the keychain - echo "Importing certificate into keychain..." - if ! security import "$TEMP_DIR"/certs.p12 -k ~/Library/Keychains/$KEYCHAIN_NAME -P "$APPLE_CERT_PASSWORD" -T /usr/bin/codesign; then + local temp_dir=$RUNNER_TEMP + local keychain_name="macos-build.keychain" + + echo "$APPLE_CERT_DATA" | base64 --decode > "$temp_dir"/certs.p12 + + security create-keychain -p "$APPLE_CERT_PASSWORD" $keychain_name + security default-keychain -s $keychain_name + security unlock-keychain -p "$APPLE_CERT_PASSWORD" $keychain_name + security set-keychain-settings -t 3600 -u $keychain_name + + if ! security import "$temp_dir"/certs.p12 -k ~/Library/Keychains/$keychain_name -P "$APPLE_CERT_PASSWORD" -T /usr/bin/codesign; then echo "Error: Failed to import certificate into keychain." exit 1 fi - # Verify the identity in the keychain - echo "Verifying identity..." security find-identity -p codesigning -v - - # Unlock the keychain to allow signing in terminal without asking for password - echo "Unlocking the keychain" - security unlock-keychain -p "$APPLE_CERT_PASSWORD" $KEYCHAIN_NAME - security set-key-partition-list -S apple-tool:,apple:, -s -k "$APPLE_CERT_PASSWORD" -D "$APPLE_TEAM_ID" -t private $KEYCHAIN_NAME + security unlock-keychain -p "$APPLE_CERT_PASSWORD" $keychain_name + security set-key-partition-list -S apple-tool:,apple:, -s -k "$APPLE_CERT_PASSWORD" -D "$APPLE_TEAM_ID" -t private $keychain_name } -# Signs the binary file copies into the apple bundle template -# The template is needed for notarizing the app -sign_binary(){ - # Sign the binary - echo "Signing the binary..." - if ! codesign -s "$APPLE_TEAM_ID" --timestamp --deep --options runtime --force "$APP_TEMPLATE_PATH"/Contents/MacOS/"$BINARY_FILE_NAME"; then - echo "Error: Failed to sign the binary." - exit 1 - fi - echo "Successfully signed the binary." +# Signs the binary file +sign_binary() { + if ! codesign -s "$APPLE_TEAM_ID" --timestamp --deep --options runtime --force "$APP_TEMPLATE_PATH"/Contents/MacOS/"$BINARY_FILE_NAME"; then + echo "Error: Failed to sign the binary." + exit 1 + fi + echo "Successfully signed the binary." } -# Sends the app for notarization and staples the certificate to the app. -# Binary files cannot be notarized as standalone files, they must be zipped and unzipped later on. -notarize_app(){ - # Create a new temporary directory and store its path - temp_dir=$(mktemp -d) - # Remember the current directory - current_dir=$(pwd) - # Copy contents of the app template to the temporary directory - cp -r "$APP_TEMPLATE_PATH" "$temp_dir" - # Change into the temporary directory - cd "$temp_dir" || exit - - # Zip it using ditto - temp_zipped_name="$BINARY_FILE_NAME"-zipped - if ! ditto -c -k --keepParent "$BINARY_FILE_NAME".app "./$temp_zipped_name"; then - echo "Error: Failed to zip the app." - exit 1 - fi - - # Notarize the zipped app - if ! xcrun notarytool submit "$temp_zipped_name" --apple-id "$APPLE_ACCOUNT_ID" --team-id "$APPLE_TEAM_ID" --password "$APPLE_APP_SPECIFIC_PASSWORD" --force --wait; then - echo "Error: Failed to notarize the app." - exit 1 - fi - echo "Notarization successful." - - # Unzip the notarized app - unzip -o "$temp_zipped_name" - - # Staple ticket to the app - if ! xcrun stapler staple "$BINARY_FILE_NAME".app; then - echo "Error: Failed to staple the ticket to the app" - exit 1 - fi - echo "Stapling successful." +# Notarizes the app and staples the certificate. +notarize_app() { + local temp_dir + temp_dir=$(mktemp -d) + local current_dir + current_dir=$(pwd) - echo "Coping binary to the current directory.." - cp ./"$BINARY_FILE_NAME".app/Contents/MacOS/"$BINARY_FILE_NAME" "$current_dir" + cp -r "$APP_TEMPLATE_PATH" "$temp_dir" + cd "$temp_dir" || exit + local temp_zipped_name="$BINARY_FILE_NAME"-zipped + if ! ditto -c -k --keepParent "$BINARY_FILE_NAME".app "./$temp_zipped_name"; then + echo "Error: Failed to zip the app." + exit 1 + fi - # Change back to the original directory - cd "$current_dir" || exit + if ! xcrun notarytool submit "$temp_zipped_name" --apple-id "$APPLE_ACCOUNT_ID" --team-id "$APPLE_TEAM_ID" --password "$APPLE_APP_SPECIFIC_PASSWORD" --force --wait; then + echo "Error: Failed to notarize the app." + exit 1 + fi + echo "Notarization successful." + unzip -o "$temp_zipped_name" + if ! xcrun stapler staple "$BINARY_FILE_NAME".app; then + echo "Error: Failed to staple the ticket to the app" + exit 1 + fi + echo "Stapling successful." - # Delete the temporary directory - rm -rf "$temp_dir" + cp ./"$BINARY_FILE_NAME".app/Contents/MacOS/"$BINARY_FILE_NAME" "$current_dir" + cd "$current_dir" || exit + rm -rf "$temp_dir" } -cleanup(){ - echo "Deleting keychain.." - security delete-keychain "$KEYCHAIN_NAME" - echo "Delete Certificate..." - rm -rf "$TEMP_DIR"/certs.p12 +# Cleans up resources used during the process. +cleanup() { + echo "Deleting keychain.." + security delete-keychain "$keychain_name" + echo "Delete Certificate..." + rm -rf "$temp_dir"/certs.p12 } -# Setup -validateInputs +# Main execution flow +validate_inputs prepare_keychain_and_certificate -#Sign & Notarize sign_binary notarize_app -# Cleanup -cleanup - +cleanup \ No newline at end of file From 5d092cbae5ef57bb7252a048016d720a38b1edfb Mon Sep 17 00:00:00 2001 From: delarea Date: Wed, 10 Jul 2024 17:27:00 +0300 Subject: [PATCH 162/222] Checkout branch --- .github/workflows/prepareDarwinBinariesForRelease.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/prepareDarwinBinariesForRelease.yml b/.github/workflows/prepareDarwinBinariesForRelease.yml index c0d0e2110..512aea898 100644 --- a/.github/workflows/prepareDarwinBinariesForRelease.yml +++ b/.github/workflows/prepareDarwinBinariesForRelease.yml @@ -34,7 +34,7 @@ jobs: - name: Checkout Source uses: actions/checkout@v4 with: - ref: dev + ref: apple_sign_binary - name: Build run: ./build/build.sh ${{ env.binaryFileName }} - name: Move to app bundle From 313c28804032e3d6bfbf6e84a9907b729bf725aa Mon Sep 17 00:00:00 2001 From: delarea Date: Wed, 10 Jul 2024 17:28:37 +0300 Subject: [PATCH 163/222] Checkout branch --- .github/workflows/prepareDarwinBinariesForRelease.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/prepareDarwinBinariesForRelease.yml b/.github/workflows/prepareDarwinBinariesForRelease.yml index 512aea898..709a43c84 100644 --- a/.github/workflows/prepareDarwinBinariesForRelease.yml +++ b/.github/workflows/prepareDarwinBinariesForRelease.yml @@ -34,7 +34,7 @@ jobs: - name: Checkout Source uses: actions/checkout@v4 with: - ref: apple_sign_binary + ref: sign_apple_binary - name: Build run: ./build/build.sh ${{ env.binaryFileName }} - name: Move to app bundle From 628cb1e6e01b296af6dc16dc36da5542747d8b42 Mon Sep 17 00:00:00 2001 From: delarea Date: Wed, 10 Jul 2024 17:31:10 +0300 Subject: [PATCH 164/222] Remove git ignores --- build/appleBundles/jf.app/Contents/MacOs/.gitignore | 0 build/appleBundles/jfrog.app/Contents/MacOs/.gitignore | 0 2 files changed, 0 insertions(+), 0 deletions(-) delete mode 100644 build/appleBundles/jf.app/Contents/MacOs/.gitignore delete mode 100644 build/appleBundles/jfrog.app/Contents/MacOs/.gitignore diff --git a/build/appleBundles/jf.app/Contents/MacOs/.gitignore b/build/appleBundles/jf.app/Contents/MacOs/.gitignore deleted file mode 100644 index e69de29bb..000000000 diff --git a/build/appleBundles/jfrog.app/Contents/MacOs/.gitignore b/build/appleBundles/jfrog.app/Contents/MacOs/.gitignore deleted file mode 100644 index e69de29bb..000000000 From fb7aaa17948c8976bc25f2a0e2f0cc3a0395da86 Mon Sep 17 00:00:00 2001 From: delarea Date: Wed, 10 Jul 2024 17:32:19 +0300 Subject: [PATCH 165/222] Fix function call --- build/darwin-sign-and-notarize.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/build/darwin-sign-and-notarize.sh b/build/darwin-sign-and-notarize.sh index a5646c898..3428c871f 100755 --- a/build/darwin-sign-and-notarize.sh +++ b/build/darwin-sign-and-notarize.sh @@ -56,7 +56,7 @@ validate_app_template_structure() { } -validateInputs(){ +validate_inputs(){ # Validate input parameters if [ -z "$APPLE_CERT_DATA" ]; then echo "Error: Missing APPLE_CERT_DATA environment variable." From bb98ee6c7e03924b84cf5c2a6e172d470c05fce5 Mon Sep 17 00:00:00 2001 From: delarea Date: Wed, 10 Jul 2024 17:40:09 +0300 Subject: [PATCH 166/222] Add README.md files --- .../jf.app/Contents/MacOs/README.md | 32 +++++++++++++++++++ .../jfrog.app/Contents/MacOs/README.md | 32 +++++++++++++++++++ 2 files changed, 64 insertions(+) create mode 100644 build/appleBundles/jf.app/Contents/MacOs/README.md create mode 100644 build/appleBundles/jfrog.app/Contents/MacOs/README.md diff --git a/build/appleBundles/jf.app/Contents/MacOs/README.md b/build/appleBundles/jf.app/Contents/MacOs/README.md new file mode 100644 index 000000000..587b84285 --- /dev/null +++ b/build/appleBundles/jf.app/Contents/MacOs/README.md @@ -0,0 +1,32 @@ +# Apple Bundle Structure README + +This README file serves as a guide to maintaining the integrity of the Apple bundle structure required for macOS applications. It is crucial to keep this file and adhere to the outlined structure to ensure the application functions correctly on macOS. + +## Structure Overview + +The Apple bundle for a macOS application typically has the following directory structure:### Key Components +``` + YOUR_APP.app + ├── Contents + ├── MacOS + │ └── YOUR_APP (executable file) + └── Info.plist + +``` +- **YOUR_APP.app**: This is the root directory of your application bundle. Replace `YOUR_APP` with the name of your application. + +- **Contents**: A mandatory directory that contains all the files needed by the application. + +- **MacOS**: This directory should contain the executable file for your application. The name of the executable should match the `YOUR_APP` part of your application bundle's name. + +- **Info.plist**: A required file that contains configuration and permissions for your application. It informs the macOS about how your app should be treated and what capabilities it has. + +### Important Notes + +- **Do Not Delete**: This README file and the structure it describes are essential for the application's deployment and functionality on macOS. Removing or altering the structure may result in application failures. + +- **Executable File**: Ensure your application's executable file is placed inside the `MacOS` directory. The executable's name must match the `YOUR_APP` portion of your application bundle's name for macOS to recognize and launch it correctly. + +- **Info.plist Configuration**: Properly configure the `Info.plist` file according to your application's needs. This file includes critical information such as the app version, display name, permissions, and more. + +By adhering to this structure and guidelines, you ensure that your macOS application is packaged correctly for distribution and use. \ No newline at end of file diff --git a/build/appleBundles/jfrog.app/Contents/MacOs/README.md b/build/appleBundles/jfrog.app/Contents/MacOs/README.md new file mode 100644 index 000000000..587b84285 --- /dev/null +++ b/build/appleBundles/jfrog.app/Contents/MacOs/README.md @@ -0,0 +1,32 @@ +# Apple Bundle Structure README + +This README file serves as a guide to maintaining the integrity of the Apple bundle structure required for macOS applications. It is crucial to keep this file and adhere to the outlined structure to ensure the application functions correctly on macOS. + +## Structure Overview + +The Apple bundle for a macOS application typically has the following directory structure:### Key Components +``` + YOUR_APP.app + ├── Contents + ├── MacOS + │ └── YOUR_APP (executable file) + └── Info.plist + +``` +- **YOUR_APP.app**: This is the root directory of your application bundle. Replace `YOUR_APP` with the name of your application. + +- **Contents**: A mandatory directory that contains all the files needed by the application. + +- **MacOS**: This directory should contain the executable file for your application. The name of the executable should match the `YOUR_APP` part of your application bundle's name. + +- **Info.plist**: A required file that contains configuration and permissions for your application. It informs the macOS about how your app should be treated and what capabilities it has. + +### Important Notes + +- **Do Not Delete**: This README file and the structure it describes are essential for the application's deployment and functionality on macOS. Removing or altering the structure may result in application failures. + +- **Executable File**: Ensure your application's executable file is placed inside the `MacOS` directory. The executable's name must match the `YOUR_APP` portion of your application bundle's name for macOS to recognize and launch it correctly. + +- **Info.plist Configuration**: Properly configure the `Info.plist` file according to your application's needs. This file includes critical information such as the app version, display name, permissions, and more. + +By adhering to this structure and guidelines, you ensure that your macOS application is packaged correctly for distribution and use. \ No newline at end of file From 72376cee70d3ce0f79990e86d30217f4854692d8 Mon Sep 17 00:00:00 2001 From: delarea Date: Wed, 10 Jul 2024 17:52:51 +0300 Subject: [PATCH 167/222] Refactor --- build/darwin-sign-and-notarize.sh | 51 +++++++++++++++++++------------ 1 file changed, 31 insertions(+), 20 deletions(-) diff --git a/build/darwin-sign-and-notarize.sh b/build/darwin-sign-and-notarize.sh index 3428c871f..eafa6b651 100755 --- a/build/darwin-sign-and-notarize.sh +++ b/build/darwin-sign-and-notarize.sh @@ -1,24 +1,30 @@ #!/bin/bash -# This script is used to sign and notarize a binary for MacOS. It consumes the following environment variables: +# Script Purpose: This script automates the process of signing and notarizing a macOS binary. +# It leverages specific environment variables to access necessary Apple credentials and the app template path. +# The script ensures the binary conforms to Apple's requirements for notarization, +# including correct placement within the app bundle and proper signing with a developer certificate. # -# APPLE_CERT_DATA: The base64 encoded Apple certificate data. -# APPLE_CERT_PASSWORD: The password for the Apple certificate. -# APPLE_TEAM_ID: The Apple Team ID. -# APPLE_ACCOUNT_ID: The Apple Account ID. -# APPLE_APP_SPECIFIC_PASSWORD: The app-specific password for the Apple account. -# APP_TEMPLATE_PATH: The path to the .app template folder used for notarization. It should have a specific structure: -# Create a folder containing the following structure: -# YOUR_APP.app -# ├── Contents -# ├── MacOS -# │ └── YOUR_APP (executable file) -# └── Info.plist -# Info.plist file contains apple specific app information which should be filled by the user. -# The name of the executable file should match the name of the YOUR_APP.app folder, i.e YOUR_APP. +# Prerequisites: +# App Bundle Structure Requirement: +# The .app bundle must have a specific structure for the script to successfully sign and notarize the binary. +# This structure is crucial for the app's acceptance by macOS and includes: +# YOUR_APP.app/ +# ├── Contents/ +# │ ├── MacOS/ +# │ │ └── YOUR_APP (This is the executable file that will be signed and notarized) +# │ └── Info.plist (Contains metadata and configurations for the app) # -# The output of the script is the signed and notarized binary file into the current directory. - +# Input: +# - APPLE_CERT_DATA: Base64 encoded data of the Apple Developer certificate. +# - APPLE_CERT_PASSWORD: Password for the Apple Developer certificate. +# - APPLE_TEAM_ID: Identifier for the Apple Developer Team. +# - APPLE_ACCOUNT_ID: Apple Developer Account ID. +# - APPLE_APP_SPECIFIC_PASSWORD: Password for app-specific services on the Apple Developer Account. +# - APP_TEMPLATE_PATH: Path to the .app bundle template, you created in the App Bundle Structure Requirement prerequisite. +# +# Output: +# Upon successful execution, the script outputs a signed and notarized binary file in the current directory, ready for distribution. # Validates the structure of the app template directory. validate_app_template_structure() { @@ -41,12 +47,13 @@ validate_app_template_structure() { echo "Error: info.plist file does not exist in $APP_TEMPLATE_PATH/Contents." return 1 fi - + # Extract the binary name from the app template path local last_path last_path=$(basename "$APP_TEMPLATE_PATH") local app_name_without_extension=${last_path%.app} export BINARY_FILE_NAME=$app_name_without_extension + # Validate the binary file is the same name as the app ( apple constraint ) if [ ! -f "$APP_TEMPLATE_PATH/Contents/MacOS/$BINARY_FILE_NAME" ]; then echo "Error: $BINARY_FILE_NAME not found inside the MacOS folder." return 1 @@ -55,7 +62,6 @@ validate_app_template_structure() { return 0 } - validate_inputs(){ # Validate input parameters if [ -z "$APPLE_CERT_DATA" ]; then @@ -116,6 +122,8 @@ sign_binary() { # Notarizes the app and staples the certificate. notarize_app() { + # Prepare temp dir to zip and unzip the app. + # This is needed because notarization requires a zipped file. local temp_dir temp_dir=$(mktemp -d) local current_dir @@ -129,13 +137,14 @@ notarize_app() { echo "Error: Failed to zip the app." exit 1 fi - + # Send the zipped app for notarization if ! xcrun notarytool submit "$temp_zipped_name" --apple-id "$APPLE_ACCOUNT_ID" --team-id "$APPLE_TEAM_ID" --password "$APPLE_APP_SPECIFIC_PASSWORD" --force --wait; then echo "Error: Failed to notarize the app." exit 1 fi echo "Notarization successful." + # Unzip the app and staple the ticket unzip -o "$temp_zipped_name" if ! xcrun stapler staple "$BINARY_FILE_NAME".app; then echo "Error: Failed to staple the ticket to the app" @@ -143,6 +152,8 @@ notarize_app() { fi echo "Stapling successful." + # Copy the signed and notarized binary to the base directory + # Clear the temp directory cp ./"$BINARY_FILE_NAME".app/Contents/MacOS/"$BINARY_FILE_NAME" "$current_dir" cd "$current_dir" || exit rm -rf "$temp_dir" From 92c94312a36105ab95c34772925a1057bbe58a4a Mon Sep 17 00:00:00 2001 From: delarea Date: Wed, 10 Jul 2024 17:53:45 +0300 Subject: [PATCH 168/222] Matrix --- .github/workflows/prepareDarwinBinariesForRelease.yml | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/.github/workflows/prepareDarwinBinariesForRelease.yml b/.github/workflows/prepareDarwinBinariesForRelease.yml index 709a43c84..42a0366d2 100644 --- a/.github/workflows/prepareDarwinBinariesForRelease.yml +++ b/.github/workflows/prepareDarwinBinariesForRelease.yml @@ -20,8 +20,7 @@ jobs: runs-on: macos-latest strategy: matrix: -# goarch: [ arm64,amd64 ] - goarch: [ arm64 ] + goarch: [ arm64,amd64 ] steps: # Setup - name: Setup Go @@ -30,7 +29,7 @@ jobs: go-version: 1.22.x cache: false - # Build + # Build And move executable inside the app template - name: Checkout Source uses: actions/checkout@v4 with: From c34f0556b1b74e9b00750d786a2fccf74ada0ea6 Mon Sep 17 00:00:00 2001 From: delarea Date: Wed, 10 Jul 2024 17:55:22 +0300 Subject: [PATCH 169/222] Move script --- .github/workflows/prepareDarwinBinariesForRelease.yml | 2 +- build/{ => appleBundles/scripts}/darwin-sign-and-notarize.sh | 0 2 files changed, 1 insertion(+), 1 deletion(-) rename build/{ => appleBundles/scripts}/darwin-sign-and-notarize.sh (100%) diff --git a/.github/workflows/prepareDarwinBinariesForRelease.yml b/.github/workflows/prepareDarwinBinariesForRelease.yml index 42a0366d2..16eb99884 100644 --- a/.github/workflows/prepareDarwinBinariesForRelease.yml +++ b/.github/workflows/prepareDarwinBinariesForRelease.yml @@ -47,7 +47,7 @@ jobs: APPLE_ACCOUNT_ID: ${{ secrets.APPLE_ACCOUNT_ID }} APPLE_APP_SPECIFIC_PASSWORD: ${{ secrets.APPLE_APP_SPECIFIC_PASSWORD }} APP_TEMPLATE_PATH: ./build/appleBundles/${{ env.binaryFileName }}.app - run: ./build/darwin-sign-and-notarize.sh + run: ./build/appleBundles/darwin-sign-and-notarize.sh # Upload - name: Upload Artifact diff --git a/build/darwin-sign-and-notarize.sh b/build/appleBundles/scripts/darwin-sign-and-notarize.sh similarity index 100% rename from build/darwin-sign-and-notarize.sh rename to build/appleBundles/scripts/darwin-sign-and-notarize.sh From e8c32ade8cb8adb199f82c9c4c59b24b1ea72b2a Mon Sep 17 00:00:00 2001 From: delarea Date: Wed, 10 Jul 2024 18:10:55 +0300 Subject: [PATCH 170/222] Extract scripts and refactor --- .../prepareDarwinBinariesForRelease.yml | 6 +- Jenkinsfile | 83 ++----------------- .../jf.app/Contents/Info.plist | 0 .../jf.app/Contents/MacOs/README.md | 0 .../jfrog.app/Contents/Info.plist | 0 .../jfrog.app/Contents/MacOs/README.md | 0 .../scripts/darwin-sign-and-notarize.sh | 0 .../scripts/downloadSignedMacOSBinaries.sh | 74 +++++++++++++++++ .../scripts/triggerSignMacOsWorkflow.sh | 16 ++++ 9 files changed, 100 insertions(+), 79 deletions(-) rename build/{appleBundles => appleRelease}/jf.app/Contents/Info.plist (100%) rename build/{appleBundles => appleRelease}/jf.app/Contents/MacOs/README.md (100%) rename build/{appleBundles => appleRelease}/jfrog.app/Contents/Info.plist (100%) rename build/{appleBundles => appleRelease}/jfrog.app/Contents/MacOs/README.md (100%) rename build/{appleBundles => appleRelease}/scripts/darwin-sign-and-notarize.sh (100%) create mode 100644 build/appleRelease/scripts/downloadSignedMacOSBinaries.sh create mode 100644 build/appleRelease/scripts/triggerSignMacOsWorkflow.sh diff --git a/.github/workflows/prepareDarwinBinariesForRelease.yml b/.github/workflows/prepareDarwinBinariesForRelease.yml index 16eb99884..1a557fe13 100644 --- a/.github/workflows/prepareDarwinBinariesForRelease.yml +++ b/.github/workflows/prepareDarwinBinariesForRelease.yml @@ -37,7 +37,7 @@ jobs: - name: Build run: ./build/build.sh ${{ env.binaryFileName }} - name: Move to app bundle - run: mv ${{ env.binaryFileName }} ./build/appleBundles/${{ env.binaryFileName }}.app/Contents/MacOS + run: mv ${{ env.binaryFileName }} ./build/appleRelease/${{ env.binaryFileName }}.app/Contents/MacOS - name: Sign & Notarize env: @@ -46,8 +46,8 @@ jobs: APPLE_TEAM_ID: ${{ secrets.APPLE_TEAM_ID }} APPLE_ACCOUNT_ID: ${{ secrets.APPLE_ACCOUNT_ID }} APPLE_APP_SPECIFIC_PASSWORD: ${{ secrets.APPLE_APP_SPECIFIC_PASSWORD }} - APP_TEMPLATE_PATH: ./build/appleBundles/${{ env.binaryFileName }}.app - run: ./build/appleBundles/darwin-sign-and-notarize.sh + APP_TEMPLATE_PATH: ./build/appleRelease/${{ env.binaryFileName }}.app + run: ./build/appleRelease/darwin-sign-and-notarize.sh # Upload - name: Upload Artifact diff --git a/Jenkinsfile b/Jenkinsfile index 751afa9ac..d9c566fb1 100644 --- a/Jenkinsfile +++ b/Jenkinsfile @@ -528,16 +528,12 @@ def dockerLogin(){ // This will trigger the Github action that will sign and notarize the MacOS binaries. // The artifacts will be uploaded to Github artifacts def triggerDarwinBinariesSigningWorkflow(){ + withCredentials([string(credentialsId: 'github-access-token',variable: "GITHUB_ACCESS_TOKEN")]) { stage("Sign MacOS binaries"){ - sh """#!/bin/bash - curl -L \ - -X POST \ - -H "Accept: application/vnd.github+json" \ - -H "Authorization: Bearer $GITHUB_ACCESS_TOKEN" \ - -H "X-GitHub-Api-Version: 2022-11-28" \ - https://api.github.com/repos/jfrog/jfrog-cli/actions/workflows/prepareDarwinBinariesForRelease.yml/dispatches \ - -d '{"ref":"v2","inputs":{"releaseVersion":$releaseVersion,"binaryFileName":$cliExecutableName"}}' - """ + sh """ + ./build/appleRelease/scripts/triggerDarwinBinariesSigningWorkflow.sh $cliExecutableName $releaseVersion $GITHUB_ACCESS_TOKEN + """ + } } } @@ -546,73 +542,8 @@ def triggerDarwinBinariesSigningWorkflow(){ // executable name and release version. // As the GitHub action may take some time, we will retry to download the artifact with timeout. def downloadDarwinSignedBinaries(goarch) { - sh """#!/bin/bash - - # List all artifacts under the repository and filter the current artifact by version, executable and goarch. - get_specific_artifact_url_with_retries() { - local max_retries=5 - local cooldown=15 # Cooldown in seconds - local retry_count=0 - while [ $retry_count -lt $max_retries ]; do - response=$(curl -L \ - -H "Accept: application/vnd.github+json" \ - -H "Authorization: Bearer $GITHUB_ACCESS_TOKEN" \ - -H "X-GitHub-Api-Version: 2022-11-28" \ - -s https://api.github.com/repos/eyaldelarea/jfrog-cli/actions/artifacts) - - artifactUrl=$(echo $response | jq -r ".artifacts[] | select(.name | contains(\"$cliExecutableName-darwin-v$releaseVersion-$goarch\")) | .archive_download_url") - - # Check for a valid response, if not try again. - if [[ -z !"$artifactUrl" || "$artifactUrl" =~ ^https?://.+ ]]; then - echo $artifactUrl - return 0 - else - retry_count=$((retry_count+1)) - sleep $cooldown - fi - done - - # If this point is reached, max retries were exceeded - echo "Curl request failed after $max_retries attempts." - return 1 - } - - downloadSignedMacOSBinaries() { - echo "Downloading Singed MacOS Binaries for goarch: $goarch, release version: $releaseVersion" - - # Get specific artifact URL - artifactUrl=$(get_specific_artifact_url_with_retries) - - # Validate the URL - if [[ -z "$artifactUrl" || ! "$artifactUrl" =~ ^https?://.+ ]]; then - echo "$artifactUrl" - echo "Failed to find uploaded artifact for version:$releaseVersion and goarch:$goarch, please validate the artifacts were successfully uploaded" - exit 1 - fi - # download artifact - curl -L \ - -H "Accept: application/vnd.github+json" \ - -H "Authorization: Bearer $GITHUB_ACCESS_TOKEN" \ - -H "X-GitHub-Api-Version: 2022-11-28" \ - $artifactUrl -O - - # unzip - tar -xvf zip - # delete zip - rm -rf zip - - chmod +x $cliExecutableName - - # Validate - ./$cliExecutableName --version - - } - - # Call the function - downloadSignedMacOSBinaries - + ./build/appleRelease/scripts/downloadDarwinSignedBinaries.sh $cliExecutableName $releaseVersion $goarch """ - uploadBinaryToJfrogRepo21(currentBuild.pkg, $cliExecutableName) - } \ No newline at end of file +} \ No newline at end of file diff --git a/build/appleBundles/jf.app/Contents/Info.plist b/build/appleRelease/jf.app/Contents/Info.plist similarity index 100% rename from build/appleBundles/jf.app/Contents/Info.plist rename to build/appleRelease/jf.app/Contents/Info.plist diff --git a/build/appleBundles/jf.app/Contents/MacOs/README.md b/build/appleRelease/jf.app/Contents/MacOs/README.md similarity index 100% rename from build/appleBundles/jf.app/Contents/MacOs/README.md rename to build/appleRelease/jf.app/Contents/MacOs/README.md diff --git a/build/appleBundles/jfrog.app/Contents/Info.plist b/build/appleRelease/jfrog.app/Contents/Info.plist similarity index 100% rename from build/appleBundles/jfrog.app/Contents/Info.plist rename to build/appleRelease/jfrog.app/Contents/Info.plist diff --git a/build/appleBundles/jfrog.app/Contents/MacOs/README.md b/build/appleRelease/jfrog.app/Contents/MacOs/README.md similarity index 100% rename from build/appleBundles/jfrog.app/Contents/MacOs/README.md rename to build/appleRelease/jfrog.app/Contents/MacOs/README.md diff --git a/build/appleBundles/scripts/darwin-sign-and-notarize.sh b/build/appleRelease/scripts/darwin-sign-and-notarize.sh similarity index 100% rename from build/appleBundles/scripts/darwin-sign-and-notarize.sh rename to build/appleRelease/scripts/darwin-sign-and-notarize.sh diff --git a/build/appleRelease/scripts/downloadSignedMacOSBinaries.sh b/build/appleRelease/scripts/downloadSignedMacOSBinaries.sh new file mode 100644 index 000000000..b18d465a7 --- /dev/null +++ b/build/appleRelease/scripts/downloadSignedMacOSBinaries.sh @@ -0,0 +1,74 @@ +#!/bin/bash + +cliExecutableName=$1 +releaseVersion=$2 +goarch=$3 + +# This script downloads signed macOS binaries for a specific version and architecture. + +# Function to retrieve the specific artifact URL with retries +get_specific_artifact_url_with_retries() { + local max_retries=5 + local cooldown=15 # Cooldown in seconds between retries + local retry_count=0 + + while [ $retry_count -lt $max_retries ]; do + # Fetch the list of artifacts from GitHub + response=$(curl -L \ + -H "Accept: application/vnd.github+json" \ + -H "Authorization: Bearer $GITHUB_ACCESS_TOKEN" \ + -H "X-GitHub-Api-Version: 2022-11-28" \ + -s https://api.github.com/repos/eyaldelarea/jfrog-cli/actions/artifacts) + + # Parse the response to find the URL of the desired artifact + artifactUrl=$(echo "$response" | jq -r ".artifacts[] | select(.name | contains(\"$cliExecutableName-darwin-v$releaseVersion-$goarch\")) | .archive_download_url") + + # If a valid URL is found, return it + if [[ -n "$artifactUrl" && "$artifactUrl" =~ ^https?://.+ ]]; then + echo "$artifactUrl" + return 0 + else + # If not found, retry after a cooldown period + retry_count=$((retry_count+1)) + sleep $cooldown + fi + done + + # If the maximum number of retries is exceeded, report failure + echo "Curl request failed after $max_retries attempts." + return 1 +} + +# Function to download and extract the signed macOS binaries +downloadSignedMacOSBinaries() { + echo "Downloading Signed macOS Binaries for goarch: $goarch, release version: $releaseVersion" + + # Attempt to get the specific artifact URL + artifactUrl=$(get_specific_artifact_url_with_retries) + + # Validate the URL + if [[ -z "$artifactUrl" || ! "$artifactUrl" =~ ^https?://.+ ]]; then + echo "Failed to find uploaded artifact for version: $releaseVersion and goarch: $goarch. Please validate the artifacts were successfully uploaded." + exit 1 + fi + + # Download the artifact + curl -L \ + -H "Accept: application/vnd.github+json" \ + -H "Authorization: Bearer $GITHUB_ACCESS_TOKEN" \ + -H "X-GitHub-Api-Version: 2022-11-28" \ + "$artifactUrl" -o artifact.zip + + # Extract the artifact and clean up + tar -xvf artifact.zip + rm -rf artifact.zip + + # Make the binary executable + chmod +x "$cliExecutableName" + + # Validate the binary by checking its version + ./"$cliExecutableName" --version +} + +# Start the process +downloadSignedMacOSBinaries \ No newline at end of file diff --git a/build/appleRelease/scripts/triggerSignMacOsWorkflow.sh b/build/appleRelease/scripts/triggerSignMacOsWorkflow.sh new file mode 100644 index 000000000..787a5de70 --- /dev/null +++ b/build/appleRelease/scripts/triggerSignMacOsWorkflow.sh @@ -0,0 +1,16 @@ +#!/bin/bash + + +# This script triggers a GitHub Actions workflow to sign and notarize macOS binaries. +cliExecutableName=$1 # The name of the CLI executable to be processed +releaseVersion=$2 # The version of the release being processed +GITHUB_ACCESS_TOKEN=$3 # GitHub Access Token for authentication + +# Trigger +curl -L \ + -X POST \ + -H "Accept: application/vnd.github+json" \ + -H "Authorization: Bearer $GITHUB_ACCESS_TOKEN" \ + -H "X-GitHub-Api-Version: 2022-11-28" \ + https://api.github.com/repos/jfrog/jfrog-cli/actions/workflows/prepareDarwinBinariesForRelease.yml/dispatches \ + -d "{\"ref\":\"v2\",\"inputs\":{\"releaseVersion\":\"$releaseVersion\",\"binaryFileName\":\"$cliExecutableName\"}}" \ No newline at end of file From ab4231cf5a10d0a67c789e2eb39da7cc239b6aeb Mon Sep 17 00:00:00 2001 From: delarea Date: Wed, 10 Jul 2024 18:13:30 +0300 Subject: [PATCH 171/222] Fix script path calling --- .github/workflows/prepareDarwinBinariesForRelease.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/prepareDarwinBinariesForRelease.yml b/.github/workflows/prepareDarwinBinariesForRelease.yml index 1a557fe13..aa3bea763 100644 --- a/.github/workflows/prepareDarwinBinariesForRelease.yml +++ b/.github/workflows/prepareDarwinBinariesForRelease.yml @@ -47,7 +47,7 @@ jobs: APPLE_ACCOUNT_ID: ${{ secrets.APPLE_ACCOUNT_ID }} APPLE_APP_SPECIFIC_PASSWORD: ${{ secrets.APPLE_APP_SPECIFIC_PASSWORD }} APP_TEMPLATE_PATH: ./build/appleRelease/${{ env.binaryFileName }}.app - run: ./build/appleRelease/darwin-sign-and-notarize.sh + run: ./build/appleRelease/scripts/darwin-sign-and-notarize.sh # Upload - name: Upload Artifact From 727a8c6d31fab15ee26b384baea0efed81b7acc4 Mon Sep 17 00:00:00 2001 From: delarea Date: Thu, 11 Jul 2024 11:00:32 +0300 Subject: [PATCH 172/222] Refactor --- .../workflows/prepareDarwinBinariesForRelease.yml | 12 ++++++------ .../scripts/downloadSignedMacOSBinaries.sh | 7 ++++--- 2 files changed, 10 insertions(+), 9 deletions(-) mode change 100644 => 100755 build/appleRelease/scripts/downloadSignedMacOSBinaries.sh diff --git a/.github/workflows/prepareDarwinBinariesForRelease.yml b/.github/workflows/prepareDarwinBinariesForRelease.yml index aa3bea763..870b11738 100644 --- a/.github/workflows/prepareDarwinBinariesForRelease.yml +++ b/.github/workflows/prepareDarwinBinariesForRelease.yml @@ -29,15 +29,16 @@ jobs: go-version: 1.22.x cache: false - # Build And move executable inside the app template - name: Checkout Source uses: actions/checkout@v4 with: ref: sign_apple_binary - - name: Build - run: ./build/build.sh ${{ env.binaryFileName }} - - name: Move to app bundle - run: mv ${{ env.binaryFileName }} ./build/appleRelease/${{ env.binaryFileName }}.app/Contents/MacOS + + # Builds the executable and moves it inside the app template + - name: Build and Move Executable + run: | + ./build/build.sh ${{ env.binaryFileName }} + mv ${{ env.binaryFileName }} ./build/appleRelease/${{ env.binaryFileName }}.app/Contents/MacOS - name: Sign & Notarize env: @@ -49,7 +50,6 @@ jobs: APP_TEMPLATE_PATH: ./build/appleRelease/${{ env.binaryFileName }}.app run: ./build/appleRelease/scripts/darwin-sign-and-notarize.sh - # Upload - name: Upload Artifact uses: actions/upload-artifact@v4 with: diff --git a/build/appleRelease/scripts/downloadSignedMacOSBinaries.sh b/build/appleRelease/scripts/downloadSignedMacOSBinaries.sh old mode 100644 new mode 100755 index b18d465a7..d5bcf96ed --- a/build/appleRelease/scripts/downloadSignedMacOSBinaries.sh +++ b/build/appleRelease/scripts/downloadSignedMacOSBinaries.sh @@ -3,12 +3,13 @@ cliExecutableName=$1 releaseVersion=$2 goarch=$3 +GITHUB_ACCESS_TOKEN=$4 # This script downloads signed macOS binaries for a specific version and architecture. # Function to retrieve the specific artifact URL with retries get_specific_artifact_url_with_retries() { - local max_retries=5 + local max_retries=4 local cooldown=15 # Cooldown in seconds between retries local retry_count=0 @@ -24,7 +25,7 @@ get_specific_artifact_url_with_retries() { artifactUrl=$(echo "$response" | jq -r ".artifacts[] | select(.name | contains(\"$cliExecutableName-darwin-v$releaseVersion-$goarch\")) | .archive_download_url") # If a valid URL is found, return it - if [[ -n "$artifactUrl" && "$artifactUrl" =~ ^https?://.+ ]]; then + if [[ "$artifactUrl" =~ ^https?://.+ ]]; then echo "$artifactUrl" return 0 else @@ -48,7 +49,7 @@ downloadSignedMacOSBinaries() { # Validate the URL if [[ -z "$artifactUrl" || ! "$artifactUrl" =~ ^https?://.+ ]]; then - echo "Failed to find uploaded artifact for version: $releaseVersion and goarch: $goarch. Please validate the artifacts were successfully uploaded." + echo "$artifactUrl Failed to find download artifact for version: $releaseVersion and goarch: $goarch. Please validate the artifacts were successfully uploaded." exit 1 fi From 35579689d024d4a32ae440d800c2617d09c92b2f Mon Sep 17 00:00:00 2001 From: delarea Date: Sun, 14 Jul 2024 10:43:26 +0300 Subject: [PATCH 173/222] CR --- .../prepareDarwinBinariesForRelease.yml | 12 ++++------ build/appleRelease/jf.app/Contents/Info.plist | 22 +++++++++---------- .../jfrog.app/Contents/Info.plist | 22 +++++++++---------- .../scripts/darwin-sign-and-notarize.sh | 3 ++- 4 files changed, 28 insertions(+), 31 deletions(-) diff --git a/.github/workflows/prepareDarwinBinariesForRelease.yml b/.github/workflows/prepareDarwinBinariesForRelease.yml index 870b11738..fe23f3344 100644 --- a/.github/workflows/prepareDarwinBinariesForRelease.yml +++ b/.github/workflows/prepareDarwinBinariesForRelease.yml @@ -3,16 +3,14 @@ on: workflow_dispatch: inputs: releaseVersion: - description: 'Release version' + description: "Release version" required: true - default: '0.0.0' binaryFileName: description: 'Binary file name' required: true - default: 'jf' env: - binaryFileName: ${{ github.event.inputs.binaryFileName }} - releaseVersion: ${{ github.event.inputs.releaseVersion }} + binaryFileName: ${{ github.event.inputs.binaryFileName }} + releaseVersion: ${{ github.event.inputs.releaseVersion }} jobs: # Builds, signs, notarize and uploads the macOS binaries prepareBinary: @@ -56,6 +54,4 @@ jobs: name: ${{ env.binaryFileName }}-darwin-v${{ env.releaseVersion }}-${{ matrix.goarch }} path: ./${{ env.binaryFileName }} retention-days: 1 - if-no-files-found: error - - + if-no-files-found: error \ No newline at end of file diff --git a/build/appleRelease/jf.app/Contents/Info.plist b/build/appleRelease/jf.app/Contents/Info.plist index cb965d74d..d7bfe9283 100644 --- a/build/appleRelease/jf.app/Contents/Info.plist +++ b/build/appleRelease/jf.app/Contents/Info.plist @@ -1,14 +1,14 @@ - - - CFBundleDevelopmentRegion - en - CFBundleName - JFrog-CLI - CFBundleDisplayName - JFrog-CLI - CFBundleIdentifier - com.jfrog.jfrog-cli - + + + CFBundleDevelopmentRegion + en-US + CFBundleName + JFrog-CLI + CFBundleDisplayName + JFrog-CLI + CFBundleIdentifier + com.jfrog.jfrog-cli + \ No newline at end of file diff --git a/build/appleRelease/jfrog.app/Contents/Info.plist b/build/appleRelease/jfrog.app/Contents/Info.plist index cb965d74d..d7bfe9283 100644 --- a/build/appleRelease/jfrog.app/Contents/Info.plist +++ b/build/appleRelease/jfrog.app/Contents/Info.plist @@ -1,14 +1,14 @@ - - - CFBundleDevelopmentRegion - en - CFBundleName - JFrog-CLI - CFBundleDisplayName - JFrog-CLI - CFBundleIdentifier - com.jfrog.jfrog-cli - + + + CFBundleDevelopmentRegion + en-US + CFBundleName + JFrog-CLI + CFBundleDisplayName + JFrog-CLI + CFBundleIdentifier + com.jfrog.jfrog-cli + \ No newline at end of file diff --git a/build/appleRelease/scripts/darwin-sign-and-notarize.sh b/build/appleRelease/scripts/darwin-sign-and-notarize.sh index eafa6b651..f44109c64 100755 --- a/build/appleRelease/scripts/darwin-sign-and-notarize.sh +++ b/build/appleRelease/scripts/darwin-sign-and-notarize.sh @@ -91,7 +91,8 @@ validate_inputs(){ # Prepares the keychain and certificate for signing. prepare_keychain_and_certificate() { - local temp_dir=$RUNNER_TEMP + local temp_dir + temp_dir=$(mktemp -d) local keychain_name="macos-build.keychain" echo "$APPLE_CERT_DATA" | base64 --decode > "$temp_dir"/certs.p12 From 48f1f0cc043227241019dbb3e683d0f13386a7e6 Mon Sep 17 00:00:00 2001 From: delarea Date: Sun, 14 Jul 2024 10:45:44 +0300 Subject: [PATCH 174/222] Renames --- Jenkinsfile | 4 ++-- ...nedMacOSBinaries.sh => download-signed-mac-OS-binaries.sh} | 0 ...erSignMacOsWorkflow.sh => trigger-sign-mac-OS-workflow.sh} | 0 3 files changed, 2 insertions(+), 2 deletions(-) rename build/appleRelease/scripts/{downloadSignedMacOSBinaries.sh => download-signed-mac-OS-binaries.sh} (100%) rename build/appleRelease/scripts/{triggerSignMacOsWorkflow.sh => trigger-sign-mac-OS-workflow.sh} (100%) diff --git a/Jenkinsfile b/Jenkinsfile index d9c566fb1..7446ce90f 100644 --- a/Jenkinsfile +++ b/Jenkinsfile @@ -531,7 +531,7 @@ def triggerDarwinBinariesSigningWorkflow(){ withCredentials([string(credentialsId: 'github-access-token',variable: "GITHUB_ACCESS_TOKEN")]) { stage("Sign MacOS binaries"){ sh """ - ./build/appleRelease/scripts/triggerDarwinBinariesSigningWorkflow.sh $cliExecutableName $releaseVersion $GITHUB_ACCESS_TOKEN + ./build/appleRelease/scripts/trigger-sign-mac-OS-workflow.sh $cliExecutableName $releaseVersion $GITHUB_ACCESS_TOKEN """ } } @@ -543,7 +543,7 @@ def triggerDarwinBinariesSigningWorkflow(){ // As the GitHub action may take some time, we will retry to download the artifact with timeout. def downloadDarwinSignedBinaries(goarch) { sh """#!/bin/bash - ./build/appleRelease/scripts/downloadDarwinSignedBinaries.sh $cliExecutableName $releaseVersion $goarch + ./build/appleRelease/scripts/download-signed-mac-OS-binaries.sh $cliExecutableName $releaseVersion $goarch """ uploadBinaryToJfrogRepo21(currentBuild.pkg, $cliExecutableName) } \ No newline at end of file diff --git a/build/appleRelease/scripts/downloadSignedMacOSBinaries.sh b/build/appleRelease/scripts/download-signed-mac-OS-binaries.sh similarity index 100% rename from build/appleRelease/scripts/downloadSignedMacOSBinaries.sh rename to build/appleRelease/scripts/download-signed-mac-OS-binaries.sh diff --git a/build/appleRelease/scripts/triggerSignMacOsWorkflow.sh b/build/appleRelease/scripts/trigger-sign-mac-OS-workflow.sh similarity index 100% rename from build/appleRelease/scripts/triggerSignMacOsWorkflow.sh rename to build/appleRelease/scripts/trigger-sign-mac-OS-workflow.sh From dbed47988208769f232bcc18b6c41ed30c2557d3 Mon Sep 17 00:00:00 2001 From: delarea Date: Sun, 14 Jul 2024 11:01:48 +0300 Subject: [PATCH 175/222] Refactor script --- .../scripts/darwin-sign-and-notarize.sh | 147 ++++++++---------- 1 file changed, 67 insertions(+), 80 deletions(-) diff --git a/build/appleRelease/scripts/darwin-sign-and-notarize.sh b/build/appleRelease/scripts/darwin-sign-and-notarize.sh index f44109c64..659d7ef77 100755 --- a/build/appleRelease/scripts/darwin-sign-and-notarize.sh +++ b/build/appleRelease/scripts/darwin-sign-and-notarize.sh @@ -1,120 +1,113 @@ #!/bin/bash -# Script Purpose: This script automates the process of signing and notarizing a macOS binary. -# It leverages specific environment variables to access necessary Apple credentials and the app template path. -# The script ensures the binary conforms to Apple's requirements for notarization, -# including correct placement within the app bundle and proper signing with a developer certificate. -# +# Script Purpose: Automate the process of signing and notarizing a macOS binary. + # Prerequisites: -# App Bundle Structure Requirement: -# The .app bundle must have a specific structure for the script to successfully sign and notarize the binary. -# This structure is crucial for the app's acceptance by macOS and includes: +# The .app bundle must have the following structure: # YOUR_APP.app/ # ├── Contents/ # │ ├── MacOS/ -# │ │ └── YOUR_APP (This is the executable file that will be signed and notarized) -# │ └── Info.plist (Contains metadata and configurations for the app) -# +# │ │ └── YOUR_APP (The executable file to be signed and notarized) +# │ └── Info.plist (Metadata and configurations for the app) + # Input: # - APPLE_CERT_DATA: Base64 encoded data of the Apple Developer certificate. # - APPLE_CERT_PASSWORD: Password for the Apple Developer certificate. # - APPLE_TEAM_ID: Identifier for the Apple Developer Team. # - APPLE_ACCOUNT_ID: Apple Developer Account ID. # - APPLE_APP_SPECIFIC_PASSWORD: Password for app-specific services on the Apple Developer Account. -# - APP_TEMPLATE_PATH: Path to the .app bundle template, you created in the App Bundle Structure Requirement prerequisite. -# +# - APP_TEMPLATE_PATH: Path to the .app bundle template. + # Output: -# Upon successful execution, the script outputs a signed and notarized binary file in the current directory, ready for distribution. +# A signed and notarized binary file in the current directory, ready for distribution. + +set -e # Validates the structure of the app template directory. validate_app_template_structure() { if [ ! -d "$APP_TEMPLATE_PATH" ]; then echo "Error: $APP_TEMPLATE_PATH directory does not exist." - return 1 + exit 1 fi if [ ! -d "$APP_TEMPLATE_PATH/Contents" ]; then echo "Error: Contents directory does not exist in $APP_TEMPLATE_PATH." - return 1 + exit 1 fi if [ ! -d "$APP_TEMPLATE_PATH/Contents/MacOS" ]; then echo "Error: MacOS directory does not exist in $APP_TEMPLATE_PATH/Contents." - return 1 + exit 1 fi - if [ ! -f "$APP_TEMPLATE_PATH/Contents/info.plist" ]; then - echo "Error: info.plist file does not exist in $APP_TEMPLATE_PATH/Contents." - return 1 + if [ ! -f "$APP_TEMPLATE_PATH/Contents/Info.plist" ]; then + echo "Error: Info.plist file does not exist in $APP_TEMPLATE_PATH/Contents." + exit 1 fi - # Extract the binary name from the app template path - local last_path - last_path=$(basename "$APP_TEMPLATE_PATH") - local app_name_without_extension=${last_path%.app} + + local app_name_without_extension + app_name_without_extension=$(basename "$APP_TEMPLATE_PATH" .app) export BINARY_FILE_NAME=$app_name_without_extension - # Validate the binary file is the same name as the app ( apple constraint ) if [ ! -f "$APP_TEMPLATE_PATH/Contents/MacOS/$BINARY_FILE_NAME" ]; then echo "Error: $BINARY_FILE_NAME not found inside the MacOS folder." - return 1 + exit 1 fi - - return 0 } -validate_inputs(){ - # Validate input parameters - if [ -z "$APPLE_CERT_DATA" ]; then - echo "Error: Missing APPLE_CERT_DATA environment variable." - exit 1 - fi - if [ -z "$APPLE_CERT_PASSWORD" ]; then - echo "Error: Missing APPLE_CERT_PASSWORD environment variable." - exit 1 - fi - if [ -z "$APPLE_TEAM_ID" ]; then - echo "Error: Missing APPLE_TEAM_ID environment variable." - exit 1 - fi - # Validate app template structure - if ! validate_app_template_structure; then - echo "Error: The structure of APP_TEMPLATE_PATH is invalid. Please ensure it contains the following:" - echo "- YOUR_APP.app - ├── Contents - ├── MacOS - │ └── YOUR_APP (executable file) - └── Info.plist" - echo "- A valid .app structure is needed in order to sign & notarize the binary" - exit 1 - fi +# Validates input environment variables. +validate_inputs() { + if [ -z "$APPLE_CERT_DATA" ]; then + echo "Error: Missing APPLE_CERT_DATA environment variable." + exit 1 + fi + + if [ -z "$APPLE_CERT_PASSWORD" ]; then + echo "Error: Missing APPLE_CERT_PASSWORD environment variable." + exit 1 + fi + + if [ -z "$APPLE_TEAM_ID" ]; then + echo "Error: Missing APPLE_TEAM_ID environment variable." + exit 1 + fi + + if ! validate_app_template_structure; then + echo "Error: The structure of APP_TEMPLATE_PATH is invalid. Please ensure it contains the following:" + echo "- YOUR_APP.app + ├── Contents + ├── MacOS + │ └── YOUR_APP (executable file) + └── Info.plist" + echo "- A valid .app structure is needed in order to sign & notarize the binary" + exit 1 + fi } -# Prepares the keychain and certificate for signing. +# Prepares the keychain and imports the certificate for signing. prepare_keychain_and_certificate() { local temp_dir temp_dir=$(mktemp -d) local keychain_name="macos-build.keychain" - echo "$APPLE_CERT_DATA" | base64 --decode > "$temp_dir"/certs.p12 + echo "$APPLE_CERT_DATA" | base64 --decode > "$temp_dir/certs.p12" security create-keychain -p "$APPLE_CERT_PASSWORD" $keychain_name security default-keychain -s $keychain_name security unlock-keychain -p "$APPLE_CERT_PASSWORD" $keychain_name security set-keychain-settings -t 3600 -u $keychain_name - if ! security import "$temp_dir"/certs.p12 -k ~/Library/Keychains/$keychain_name -P "$APPLE_CERT_PASSWORD" -T /usr/bin/codesign; then + if ! security import "$temp_dir/certs.p12" -k ~/Library/Keychains/$keychain_name -P "$APPLE_CERT_PASSWORD" -T /usr/bin/codesign; then echo "Error: Failed to import certificate into keychain." exit 1 fi - security find-identity -p codesigning -v - security unlock-keychain -p "$APPLE_CERT_PASSWORD" $keychain_name - security set-key-partition-list -S apple-tool:,apple:, -s -k "$APPLE_CERT_PASSWORD" -D "$APPLE_TEAM_ID" -t private $keychain_name + security set-key-partition-list -S apple-tool:,apple: -s -k "$APPLE_CERT_PASSWORD" -D "$APPLE_TEAM_ID" -t private $keychain_name } -# Signs the binary file +# Signs the binary file. sign_binary() { - if ! codesign -s "$APPLE_TEAM_ID" --timestamp --deep --options runtime --force "$APP_TEMPLATE_PATH"/Contents/MacOS/"$BINARY_FILE_NAME"; then + if ! codesign -s "$APPLE_TEAM_ID" --timestamp --deep --options runtime --force "$APP_TEMPLATE_PATH/Contents/MacOS/$BINARY_FILE_NAME"; then echo "Error: Failed to sign the binary." exit 1 fi @@ -123,52 +116,46 @@ sign_binary() { # Notarizes the app and staples the certificate. notarize_app() { - # Prepare temp dir to zip and unzip the app. - # This is needed because notarization requires a zipped file. local temp_dir temp_dir=$(mktemp -d) local current_dir current_dir=$(pwd) cp -r "$APP_TEMPLATE_PATH" "$temp_dir" - cd "$temp_dir" || exit + cd "$temp_dir" - local temp_zipped_name="$BINARY_FILE_NAME"-zipped - if ! ditto -c -k --keepParent "$BINARY_FILE_NAME".app "./$temp_zipped_name"; then + local temp_zipped_name="${BINARY_FILE_NAME}-zipped.zip" + if ! ditto -c -k --keepParent "$BINARY_FILE_NAME.app" "./$temp_zipped_name"; then echo "Error: Failed to zip the app." exit 1 fi - # Send the zipped app for notarization - if ! xcrun notarytool submit "$temp_zipped_name" --apple-id "$APPLE_ACCOUNT_ID" --team-id "$APPLE_TEAM_ID" --password "$APPLE_APP_SPECIFIC_PASSWORD" --force --wait; then + + if ! xcrun notarytool submit "$temp_zipped_name" --apple-id "$APPLE_ACCOUNT_ID" --team-id "$APPLE_TEAM_ID" --password "$APPLE_APP_SPECIFIC_PASSWORD" --wait; then echo "Error: Failed to notarize the app." exit 1 fi echo "Notarization successful." - # Unzip the app and staple the ticket unzip -o "$temp_zipped_name" - if ! xcrun stapler staple "$BINARY_FILE_NAME".app; then - echo "Error: Failed to staple the ticket to the app" + if ! xcrun stapler staple "$BINARY_FILE_NAME.app"; then + echo "Error: Failed to staple the ticket to the app." exit 1 fi echo "Stapling successful." - # Copy the signed and notarized binary to the base directory - # Clear the temp directory - cp ./"$BINARY_FILE_NAME".app/Contents/MacOS/"$BINARY_FILE_NAME" "$current_dir" - cd "$current_dir" || exit + cp "./$BINARY_FILE_NAME.app/Contents/MacOS/$BINARY_FILE_NAME" "$current_dir" + cd "$current_dir" rm -rf "$temp_dir" } # Cleans up resources used during the process. cleanup() { - echo "Deleting keychain.." - security delete-keychain "$keychain_name" - echo "Delete Certificate..." - rm -rf "$temp_dir"/certs.p12 + echo "Deleting keychain..." + security delete-keychain "macos-build.keychain" + echo "Deleting temporary certificate files..." + rm -rf "$temp_dir/certs.p12" } - # Main execution flow validate_inputs prepare_keychain_and_certificate From 24f4838b82d634d4625264eb04fc61f8ef5ec069 Mon Sep 17 00:00:00 2001 From: delarea Date: Sun, 14 Jul 2024 13:39:32 +0300 Subject: [PATCH 176/222] Rename folder --- .github/workflows/prepareDarwinBinariesForRelease.yml | 6 +++--- Jenkinsfile | 4 ++-- .../jf.app/Contents/Info.plist | 0 .../jf.app/Contents/MacOs/README.md | 0 .../jfrog.app/Contents/Info.plist | 0 .../jfrog.app/Contents/MacOs/README.md | 0 .../scripts/darwin-sign-and-notarize.sh | 0 .../scripts/download-signed-mac-OS-binaries.sh | 0 .../scripts/trigger-sign-mac-OS-workflow.sh | 0 9 files changed, 5 insertions(+), 5 deletions(-) rename build/{appleRelease => apple_release}/jf.app/Contents/Info.plist (100%) rename build/{appleRelease => apple_release}/jf.app/Contents/MacOs/README.md (100%) rename build/{appleRelease => apple_release}/jfrog.app/Contents/Info.plist (100%) rename build/{appleRelease => apple_release}/jfrog.app/Contents/MacOs/README.md (100%) rename build/{appleRelease => apple_release}/scripts/darwin-sign-and-notarize.sh (100%) rename build/{appleRelease => apple_release}/scripts/download-signed-mac-OS-binaries.sh (100%) rename build/{appleRelease => apple_release}/scripts/trigger-sign-mac-OS-workflow.sh (100%) diff --git a/.github/workflows/prepareDarwinBinariesForRelease.yml b/.github/workflows/prepareDarwinBinariesForRelease.yml index fe23f3344..6a52a177e 100644 --- a/.github/workflows/prepareDarwinBinariesForRelease.yml +++ b/.github/workflows/prepareDarwinBinariesForRelease.yml @@ -36,7 +36,7 @@ jobs: - name: Build and Move Executable run: | ./build/build.sh ${{ env.binaryFileName }} - mv ${{ env.binaryFileName }} ./build/appleRelease/${{ env.binaryFileName }}.app/Contents/MacOS + mv ${{ env.binaryFileName }} ./build/apple_release/${{ env.binaryFileName }}.app/Contents/MacOS - name: Sign & Notarize env: @@ -45,8 +45,8 @@ jobs: APPLE_TEAM_ID: ${{ secrets.APPLE_TEAM_ID }} APPLE_ACCOUNT_ID: ${{ secrets.APPLE_ACCOUNT_ID }} APPLE_APP_SPECIFIC_PASSWORD: ${{ secrets.APPLE_APP_SPECIFIC_PASSWORD }} - APP_TEMPLATE_PATH: ./build/appleRelease/${{ env.binaryFileName }}.app - run: ./build/appleRelease/scripts/darwin-sign-and-notarize.sh + APP_TEMPLATE_PATH: ./build/apple_release/${{ env.binaryFileName }}.app + run: ./build/apple_release/scripts/darwin-sign-and-notarize.sh - name: Upload Artifact uses: actions/upload-artifact@v4 diff --git a/Jenkinsfile b/Jenkinsfile index 7446ce90f..4b0210af2 100644 --- a/Jenkinsfile +++ b/Jenkinsfile @@ -531,7 +531,7 @@ def triggerDarwinBinariesSigningWorkflow(){ withCredentials([string(credentialsId: 'github-access-token',variable: "GITHUB_ACCESS_TOKEN")]) { stage("Sign MacOS binaries"){ sh """ - ./build/appleRelease/scripts/trigger-sign-mac-OS-workflow.sh $cliExecutableName $releaseVersion $GITHUB_ACCESS_TOKEN + ./build/apple_release/scripts/trigger-sign-mac-OS-workflow.sh $cliExecutableName $releaseVersion $GITHUB_ACCESS_TOKEN """ } } @@ -543,7 +543,7 @@ def triggerDarwinBinariesSigningWorkflow(){ // As the GitHub action may take some time, we will retry to download the artifact with timeout. def downloadDarwinSignedBinaries(goarch) { sh """#!/bin/bash - ./build/appleRelease/scripts/download-signed-mac-OS-binaries.sh $cliExecutableName $releaseVersion $goarch + ./build/apple_release/scripts/download-signed-mac-OS-binaries.sh $cliExecutableName $releaseVersion $goarch """ uploadBinaryToJfrogRepo21(currentBuild.pkg, $cliExecutableName) } \ No newline at end of file diff --git a/build/appleRelease/jf.app/Contents/Info.plist b/build/apple_release/jf.app/Contents/Info.plist similarity index 100% rename from build/appleRelease/jf.app/Contents/Info.plist rename to build/apple_release/jf.app/Contents/Info.plist diff --git a/build/appleRelease/jf.app/Contents/MacOs/README.md b/build/apple_release/jf.app/Contents/MacOs/README.md similarity index 100% rename from build/appleRelease/jf.app/Contents/MacOs/README.md rename to build/apple_release/jf.app/Contents/MacOs/README.md diff --git a/build/appleRelease/jfrog.app/Contents/Info.plist b/build/apple_release/jfrog.app/Contents/Info.plist similarity index 100% rename from build/appleRelease/jfrog.app/Contents/Info.plist rename to build/apple_release/jfrog.app/Contents/Info.plist diff --git a/build/appleRelease/jfrog.app/Contents/MacOs/README.md b/build/apple_release/jfrog.app/Contents/MacOs/README.md similarity index 100% rename from build/appleRelease/jfrog.app/Contents/MacOs/README.md rename to build/apple_release/jfrog.app/Contents/MacOs/README.md diff --git a/build/appleRelease/scripts/darwin-sign-and-notarize.sh b/build/apple_release/scripts/darwin-sign-and-notarize.sh similarity index 100% rename from build/appleRelease/scripts/darwin-sign-and-notarize.sh rename to build/apple_release/scripts/darwin-sign-and-notarize.sh diff --git a/build/appleRelease/scripts/download-signed-mac-OS-binaries.sh b/build/apple_release/scripts/download-signed-mac-OS-binaries.sh similarity index 100% rename from build/appleRelease/scripts/download-signed-mac-OS-binaries.sh rename to build/apple_release/scripts/download-signed-mac-OS-binaries.sh diff --git a/build/appleRelease/scripts/trigger-sign-mac-OS-workflow.sh b/build/apple_release/scripts/trigger-sign-mac-OS-workflow.sh similarity index 100% rename from build/appleRelease/scripts/trigger-sign-mac-OS-workflow.sh rename to build/apple_release/scripts/trigger-sign-mac-OS-workflow.sh From b16d2ec2c96762920ade94e559a5d3ed0710b107 Mon Sep 17 00:00:00 2001 From: delarea Date: Sun, 14 Jul 2024 13:42:35 +0300 Subject: [PATCH 177/222] Refactor script --- .../prepareDarwinBinariesForRelease.yml | 2 +- .../scripts/darwin-sign-and-notarize.sh | 114 ++++-------------- 2 files changed, 26 insertions(+), 90 deletions(-) diff --git a/.github/workflows/prepareDarwinBinariesForRelease.yml b/.github/workflows/prepareDarwinBinariesForRelease.yml index 6a52a177e..cea3985b5 100644 --- a/.github/workflows/prepareDarwinBinariesForRelease.yml +++ b/.github/workflows/prepareDarwinBinariesForRelease.yml @@ -18,7 +18,7 @@ jobs: runs-on: macos-latest strategy: matrix: - goarch: [ arm64,amd64 ] + goarch: [ arm64, amd64 ] steps: # Setup - name: Setup Go diff --git a/build/apple_release/scripts/darwin-sign-and-notarize.sh b/build/apple_release/scripts/darwin-sign-and-notarize.sh index 659d7ef77..b6f320b2c 100755 --- a/build/apple_release/scripts/darwin-sign-and-notarize.sh +++ b/build/apple_release/scripts/darwin-sign-and-notarize.sh @@ -2,14 +2,6 @@ # Script Purpose: Automate the process of signing and notarizing a macOS binary. -# Prerequisites: -# The .app bundle must have the following structure: -# YOUR_APP.app/ -# ├── Contents/ -# │ ├── MacOS/ -# │ │ └── YOUR_APP (The executable file to be signed and notarized) -# │ └── Info.plist (Metadata and configurations for the app) - # Input: # - APPLE_CERT_DATA: Base64 encoded data of the Apple Developer certificate. # - APPLE_CERT_PASSWORD: Password for the Apple Developer certificate. @@ -23,68 +15,27 @@ set -e -# Validates the structure of the app template directory. validate_app_template_structure() { - if [ ! -d "$APP_TEMPLATE_PATH" ]; then - echo "Error: $APP_TEMPLATE_PATH directory does not exist." - exit 1 - fi - - if [ ! -d "$APP_TEMPLATE_PATH/Contents" ]; then - echo "Error: Contents directory does not exist in $APP_TEMPLATE_PATH." - exit 1 - fi - - if [ ! -d "$APP_TEMPLATE_PATH/Contents/MacOS" ]; then - echo "Error: MacOS directory does not exist in $APP_TEMPLATE_PATH/Contents." - exit 1 - fi - - if [ ! -f "$APP_TEMPLATE_PATH/Contents/Info.plist" ]; then - echo "Error: Info.plist file does not exist in $APP_TEMPLATE_PATH/Contents." - exit 1 - fi + [ ! -d "$APP_TEMPLATE_PATH" ] && { echo "Error: $APP_TEMPLATE_PATH directory does not exist."; exit 1; } + [ ! -d "$APP_TEMPLATE_PATH/Contents" ] && { echo "Error: Contents directory does not exist in $APP_TEMPLATE_PATH."; exit 1; } + [ ! -d "$APP_TEMPLATE_PATH/Contents/MacOS" ] && { echo "Error: MacOS directory does not exist in $APP_TEMPLATE_PATH/Contents."; exit 1; } + [ ! -f "$APP_TEMPLATE_PATH/Contents/Info.plist" ] && { echo "Error: Info.plist file does not exist in $APP_TEMPLATE_PATH/Contents."; exit 1; } local app_name_without_extension app_name_without_extension=$(basename "$APP_TEMPLATE_PATH" .app) export BINARY_FILE_NAME=$app_name_without_extension - if [ ! -f "$APP_TEMPLATE_PATH/Contents/MacOS/$BINARY_FILE_NAME" ]; then - echo "Error: $BINARY_FILE_NAME not found inside the MacOS folder." - exit 1 - fi + [ ! -f "$APP_TEMPLATE_PATH/Contents/MacOS/$BINARY_FILE_NAME" ] && { echo "Error: $BINARY_FILE_NAME not found inside the MacOS folder."; exit 1; } } -# Validates input environment variables. validate_inputs() { - if [ -z "$APPLE_CERT_DATA" ]; then - echo "Error: Missing APPLE_CERT_DATA environment variable." - exit 1 - fi - - if [ -z "$APPLE_CERT_PASSWORD" ]; then - echo "Error: Missing APPLE_CERT_PASSWORD environment variable." - exit 1 - fi - - if [ -z "$APPLE_TEAM_ID" ]; then - echo "Error: Missing APPLE_TEAM_ID environment variable." - exit 1 - fi - - if ! validate_app_template_structure; then - echo "Error: The structure of APP_TEMPLATE_PATH is invalid. Please ensure it contains the following:" - echo "- YOUR_APP.app - ├── Contents - ├── MacOS - │ └── YOUR_APP (executable file) - └── Info.plist" - echo "- A valid .app structure is needed in order to sign & notarize the binary" - exit 1 - fi + [ -z "$APPLE_CERT_DATA" ] && { echo "Error: Missing APPLE_CERT_DATA environment variable."; exit 1; } + [ -z "$APPLE_CERT_PASSWORD" ] && { echo "Error: Missing APPLE_CERT_PASSWORD environment variable."; exit 1; } + [ -z "$APPLE_TEAM_ID" ] && { echo "Error: Missing APPLE_TEAM_ID environment variable."; exit 1; } + + validate_app_template_structure } -# Prepares the keychain and imports the certificate for signing. prepare_keychain_and_certificate() { local temp_dir temp_dir=$(mktemp -d) @@ -97,24 +48,16 @@ prepare_keychain_and_certificate() { security unlock-keychain -p "$APPLE_CERT_PASSWORD" $keychain_name security set-keychain-settings -t 3600 -u $keychain_name - if ! security import "$temp_dir/certs.p12" -k ~/Library/Keychains/$keychain_name -P "$APPLE_CERT_PASSWORD" -T /usr/bin/codesign; then - echo "Error: Failed to import certificate into keychain." - exit 1 - fi + security import "$temp_dir/certs.p12" -k ~/Library/Keychains/$keychain_name -P "$APPLE_CERT_PASSWORD" -T /usr/bin/codesign || { echo "Error: Failed to import certificate into keychain."; exit 1; } security set-key-partition-list -S apple-tool:,apple: -s -k "$APPLE_CERT_PASSWORD" -D "$APPLE_TEAM_ID" -t private $keychain_name } -# Signs the binary file. sign_binary() { - if ! codesign -s "$APPLE_TEAM_ID" --timestamp --deep --options runtime --force "$APP_TEMPLATE_PATH/Contents/MacOS/$BINARY_FILE_NAME"; then - echo "Error: Failed to sign the binary." - exit 1 - fi + codesign -s "$APPLE_TEAM_ID" --timestamp --deep --options runtime --force "$APP_TEMPLATE_PATH/Contents/MacOS/$BINARY_FILE_NAME" || { echo "Error: Failed to sign the binary."; exit 1; } echo "Successfully signed the binary." } -# Notarizes the app and staples the certificate. notarize_app() { local temp_dir temp_dir=$(mktemp -d) @@ -125,22 +68,13 @@ notarize_app() { cd "$temp_dir" local temp_zipped_name="${BINARY_FILE_NAME}-zipped.zip" - if ! ditto -c -k --keepParent "$BINARY_FILE_NAME.app" "./$temp_zipped_name"; then - echo "Error: Failed to zip the app." - exit 1 - fi - - if ! xcrun notarytool submit "$temp_zipped_name" --apple-id "$APPLE_ACCOUNT_ID" --team-id "$APPLE_TEAM_ID" --password "$APPLE_APP_SPECIFIC_PASSWORD" --wait; then - echo "Error: Failed to notarize the app." - exit 1 - fi + ditto -c -k --keepParent "$BINARY_FILE_NAME.app" "./$temp_zipped_name" || { echo "Error: Failed to zip the app."; exit 1; } + + xcrun notarytool submit "$temp_zipped_name" --apple-id "$APPLE_ACCOUNT_ID" --team-id "$APPLE_TEAM_ID" --password "$APPLE_APP_SPECIFIC_PASSWORD" --wait || { echo "Error: Failed to notarize the app."; exit 1; } echo "Notarization successful." unzip -o "$temp_zipped_name" - if ! xcrun stapler staple "$BINARY_FILE_NAME.app"; then - echo "Error: Failed to staple the ticket to the app." - exit 1 - fi + xcrun stapler staple "$BINARY_FILE_NAME.app" || { echo "Error: Failed to staple the ticket to the app."; exit 1; } echo "Stapling successful." cp "./$BINARY_FILE_NAME.app/Contents/MacOS/$BINARY_FILE_NAME" "$current_dir" @@ -148,7 +82,6 @@ notarize_app() { rm -rf "$temp_dir" } -# Cleans up resources used during the process. cleanup() { echo "Deleting keychain..." security delete-keychain "macos-build.keychain" @@ -156,9 +89,12 @@ cleanup() { rm -rf "$temp_dir/certs.p12" } -# Main execution flow -validate_inputs -prepare_keychain_and_certificate -sign_binary -notarize_app -cleanup \ No newline at end of file +main() { + validate_inputs + prepare_keychain_and_certificate + sign_binary + notarize_app + cleanup +} + +main From c4cb494351046755050d0774ddbf776dc28546ce Mon Sep 17 00:00:00 2001 From: delarea Date: Sun, 14 Jul 2024 13:44:19 +0300 Subject: [PATCH 178/222] CR --- Jenkinsfile | 32 ++++++++++++++++++-------------- 1 file changed, 18 insertions(+), 14 deletions(-) diff --git a/Jenkinsfile b/Jenkinsfile index 4b0210af2..27a9a5723 100644 --- a/Jenkinsfile +++ b/Jenkinsfile @@ -87,14 +87,6 @@ def getCliVersion(exePath) { } def runRelease(architectures) { - - stage('Sign MacOS binaries') { - // Prepare Signed MacOS binaries - // This happens at the start of the release process, so the binaries will be ready - // for the release process later on. - triggerDarwinBinariesSigningWorkflow() - } - stage('Build JFrog CLI') { sh "echo Running release for executable name: '$cliExecutableName'" @@ -113,6 +105,14 @@ def runRelease(architectures) { version = getCliVersion(builderPath) print "CLI version: $version" } + /** + * Prepare Signed MacOS binaries + * This happens at the start of the release process, so the binaries will be ready + * for the release process later on. + */ + stage('Sign MacOS binaries') { + triggerDarwinBinariesSigningWorkflow() + } configRepo21() try { @@ -525,8 +525,10 @@ def dockerLogin(){ } } -// This will trigger the Github action that will sign and notarize the MacOS binaries. -// The artifacts will be uploaded to Github artifacts +/** +* This will trigger the Github action that will sign and notarize the MacOS binaries. +* The artifacts will be uploaded to Github artifacts +*/ def triggerDarwinBinariesSigningWorkflow(){ withCredentials([string(credentialsId: 'github-access-token',variable: "GITHUB_ACCESS_TOKEN")]) { stage("Sign MacOS binaries"){ @@ -537,10 +539,12 @@ def triggerDarwinBinariesSigningWorkflow(){ } } -// The Darwin binaries are signed in GitHub actions. -// This function will make sure to download the specific artifact according to -// executable name and release version. -// As the GitHub action may take some time, we will retry to download the artifact with timeout. +/** +* The Darwin binaries are signed in GitHub actions. +* This function will make sure to download the specific artifact according to +* executable name and release version. +* As the GitHub action may take some time, we will retry to download the artifact with timeout. +*/ def downloadDarwinSignedBinaries(goarch) { sh """#!/bin/bash ./build/apple_release/scripts/download-signed-mac-OS-binaries.sh $cliExecutableName $releaseVersion $goarch From b0d4ea150b52f6687344f597ed01a8fa15a6780e Mon Sep 17 00:00:00 2001 From: delarea Date: Sun, 14 Jul 2024 13:46:19 +0300 Subject: [PATCH 179/222] test script --- build/apple_release/scripts/darwin-sign-and-notarize.sh | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/build/apple_release/scripts/darwin-sign-and-notarize.sh b/build/apple_release/scripts/darwin-sign-and-notarize.sh index b6f320b2c..00324c7d6 100755 --- a/build/apple_release/scripts/darwin-sign-and-notarize.sh +++ b/build/apple_release/scripts/darwin-sign-and-notarize.sh @@ -54,7 +54,10 @@ prepare_keychain_and_certificate() { } sign_binary() { - codesign -s "$APPLE_TEAM_ID" --timestamp --deep --options runtime --force "$APP_TEMPLATE_PATH/Contents/MacOS/$BINARY_FILE_NAME" || { echo "Error: Failed to sign the binary."; exit 1; } + if ! codesign -s "$APPLE_TEAM_ID" --timestamp --deep --options runtime --force "$APP_TEMPLATE_PATH/Contents/MacOS/$BINARY_FILE_NAME"; then + echo "Error: Failed to sign the binary." + exit 1 + fi echo "Successfully signed the binary." } From b50bef1126ce7c747d44989a9d01048445148f84 Mon Sep 17 00:00:00 2001 From: delarea Date: Sun, 14 Jul 2024 13:50:11 +0300 Subject: [PATCH 180/222] test script --- .../scripts/darwin-sign-and-notarize.sh | 73 +++++++++++++++---- 1 file changed, 60 insertions(+), 13 deletions(-) diff --git a/build/apple_release/scripts/darwin-sign-and-notarize.sh b/build/apple_release/scripts/darwin-sign-and-notarize.sh index 00324c7d6..0e9cb346f 100755 --- a/build/apple_release/scripts/darwin-sign-and-notarize.sh +++ b/build/apple_release/scripts/darwin-sign-and-notarize.sh @@ -15,27 +15,59 @@ set -e +# Validates the structure of the app template directory. validate_app_template_structure() { - [ ! -d "$APP_TEMPLATE_PATH" ] && { echo "Error: $APP_TEMPLATE_PATH directory does not exist."; exit 1; } - [ ! -d "$APP_TEMPLATE_PATH/Contents" ] && { echo "Error: Contents directory does not exist in $APP_TEMPLATE_PATH."; exit 1; } - [ ! -d "$APP_TEMPLATE_PATH/Contents/MacOS" ] && { echo "Error: MacOS directory does not exist in $APP_TEMPLATE_PATH/Contents."; exit 1; } - [ ! -f "$APP_TEMPLATE_PATH/Contents/Info.plist" ] && { echo "Error: Info.plist file does not exist in $APP_TEMPLATE_PATH/Contents."; exit 1; } + if [ ! -d "$APP_TEMPLATE_PATH" ]; then + echo "Error: $APP_TEMPLATE_PATH directory does not exist." + exit 1 + fi + + if [ ! -d "$APP_TEMPLATE_PATH/Contents" ]; then + echo "Error: Contents directory does not exist in $APP_TEMPLATE_PATH." + exit 1 + fi + + if [ ! -d "$APP_TEMPLATE_PATH/Contents/MacOS" ]; then + echo "Error: MacOS directory does not exist in $APP_TEMPLATE_PATH/Contents." + exit 1 + fi + + if [ ! -f "$APP_TEMPLATE_PATH/Contents/Info.plist" ]; then + echo "Error: Info.plist file does not exist in $APP_TEMPLATE_PATH/Contents." + exit 1 + fi local app_name_without_extension app_name_without_extension=$(basename "$APP_TEMPLATE_PATH" .app) export BINARY_FILE_NAME=$app_name_without_extension - [ ! -f "$APP_TEMPLATE_PATH/Contents/MacOS/$BINARY_FILE_NAME" ] && { echo "Error: $BINARY_FILE_NAME not found inside the MacOS folder."; exit 1; } + if [ ! -f "$APP_TEMPLATE_PATH/Contents/MacOS/$BINARY_FILE_NAME" ]; then + echo "Error: $BINARY_FILE_NAME not found inside the MacOS folder." + exit 1 + fi } +# Validates input environment variables. validate_inputs() { - [ -z "$APPLE_CERT_DATA" ] && { echo "Error: Missing APPLE_CERT_DATA environment variable."; exit 1; } - [ -z "$APPLE_CERT_PASSWORD" ] && { echo "Error: Missing APPLE_CERT_PASSWORD environment variable."; exit 1; } - [ -z "$APPLE_TEAM_ID" ] && { echo "Error: Missing APPLE_TEAM_ID environment variable."; exit 1; } + if [ -z "$APPLE_CERT_DATA" ]; then + echo "Error: Missing APPLE_CERT_DATA environment variable." + exit 1 + fi + + if [ -z "$APPLE_CERT_PASSWORD" ]; then + echo "Error: Missing APPLE_CERT_PASSWORD environment variable." + exit 1 + fi + + if [ -z "$APPLE_TEAM_ID" ]; then + echo "Error: Missing APPLE_TEAM_ID environment variable." + exit 1 + fi validate_app_template_structure } +# Prepares the keychain and imports the certificate for signing. prepare_keychain_and_certificate() { local temp_dir temp_dir=$(mktemp -d) @@ -48,11 +80,15 @@ prepare_keychain_and_certificate() { security unlock-keychain -p "$APPLE_CERT_PASSWORD" $keychain_name security set-keychain-settings -t 3600 -u $keychain_name - security import "$temp_dir/certs.p12" -k ~/Library/Keychains/$keychain_name -P "$APPLE_CERT_PASSWORD" -T /usr/bin/codesign || { echo "Error: Failed to import certificate into keychain."; exit 1; } + if ! security import "$temp_dir/certs.p12" -k ~/Library/Keychains/$keychain_name -P "$APPLE_CERT_PASSWORD" -T /usr/bin/codesign; then + echo "Error: Failed to import certificate into keychain." + exit 1 + fi security set-key-partition-list -S apple-tool:,apple: -s -k "$APPLE_CERT_PASSWORD" -D "$APPLE_TEAM_ID" -t private $keychain_name } +# Signs the binary file. sign_binary() { if ! codesign -s "$APPLE_TEAM_ID" --timestamp --deep --options runtime --force "$APP_TEMPLATE_PATH/Contents/MacOS/$BINARY_FILE_NAME"; then echo "Error: Failed to sign the binary." @@ -61,6 +97,7 @@ sign_binary() { echo "Successfully signed the binary." } +# Notarizes the app and staples the certificate. notarize_app() { local temp_dir temp_dir=$(mktemp -d) @@ -71,13 +108,22 @@ notarize_app() { cd "$temp_dir" local temp_zipped_name="${BINARY_FILE_NAME}-zipped.zip" - ditto -c -k --keepParent "$BINARY_FILE_NAME.app" "./$temp_zipped_name" || { echo "Error: Failed to zip the app."; exit 1; } + if ! ditto -c -k --keepParent "$BINARY_FILE_NAME.app" "./$temp_zipped_name"; then + echo "Error: Failed to zip the app." + exit 1 + fi - xcrun notarytool submit "$temp_zipped_name" --apple-id "$APPLE_ACCOUNT_ID" --team-id "$APPLE_TEAM_ID" --password "$APPLE_APP_SPECIFIC_PASSWORD" --wait || { echo "Error: Failed to notarize the app."; exit 1; } + if ! xcrun notarytool submit "$temp_zipped_name" --apple-id "$APPLE_ACCOUNT_ID" --team-id "$APPLE_TEAM_ID" --password "$APPLE_APP_SPECIFIC_PASSWORD" --wait; then + echo "Error: Failed to notarize the app." + exit 1 + fi echo "Notarization successful." unzip -o "$temp_zipped_name" - xcrun stapler staple "$BINARY_FILE_NAME.app" || { echo "Error: Failed to staple the ticket to the app."; exit 1; } + if ! xcrun stapler staple "$BINARY_FILE_NAME.app"; then + echo "Error: Failed to staple the ticket to the app." + exit 1 + fi echo "Stapling successful." cp "./$BINARY_FILE_NAME.app/Contents/MacOS/$BINARY_FILE_NAME" "$current_dir" @@ -85,6 +131,7 @@ notarize_app() { rm -rf "$temp_dir" } +# Cleans up resources used during the process. cleanup() { echo "Deleting keychain..." security delete-keychain "macos-build.keychain" @@ -100,4 +147,4 @@ main() { cleanup } -main +main \ No newline at end of file From d616c5ff89a0d8b5e0708ce7deab42a50a330d70 Mon Sep 17 00:00:00 2001 From: delarea Date: Sun, 14 Jul 2024 13:52:36 +0300 Subject: [PATCH 181/222] Refactor functions --- .../scripts/darwin-sign-and-notarize.sh | 12 ++---------- 1 file changed, 2 insertions(+), 10 deletions(-) diff --git a/build/apple_release/scripts/darwin-sign-and-notarize.sh b/build/apple_release/scripts/darwin-sign-and-notarize.sh index 0e9cb346f..29e069863 100755 --- a/build/apple_release/scripts/darwin-sign-and-notarize.sh +++ b/build/apple_release/scripts/darwin-sign-and-notarize.sh @@ -67,7 +67,6 @@ validate_inputs() { validate_app_template_structure } -# Prepares the keychain and imports the certificate for signing. prepare_keychain_and_certificate() { local temp_dir temp_dir=$(mktemp -d) @@ -80,20 +79,13 @@ prepare_keychain_and_certificate() { security unlock-keychain -p "$APPLE_CERT_PASSWORD" $keychain_name security set-keychain-settings -t 3600 -u $keychain_name - if ! security import "$temp_dir/certs.p12" -k ~/Library/Keychains/$keychain_name -P "$APPLE_CERT_PASSWORD" -T /usr/bin/codesign; then - echo "Error: Failed to import certificate into keychain." - exit 1 - fi + security import "$temp_dir/certs.p12" -k ~/Library/Keychains/$keychain_name -P "$APPLE_CERT_PASSWORD" -T /usr/bin/codesign || { echo "Error: Failed to import certificate into keychain."; exit 1; } security set-key-partition-list -S apple-tool:,apple: -s -k "$APPLE_CERT_PASSWORD" -D "$APPLE_TEAM_ID" -t private $keychain_name } -# Signs the binary file. sign_binary() { - if ! codesign -s "$APPLE_TEAM_ID" --timestamp --deep --options runtime --force "$APP_TEMPLATE_PATH/Contents/MacOS/$BINARY_FILE_NAME"; then - echo "Error: Failed to sign the binary." - exit 1 - fi + codesign -s "$APPLE_TEAM_ID" --timestamp --deep --options runtime --force "$APP_TEMPLATE_PATH/Contents/MacOS/$BINARY_FILE_NAME" || { echo "Error: Failed to sign the binary."; exit 1; } echo "Successfully signed the binary." } From 4342c49d2a0abca77e0fbbdd87e50c885e873d64 Mon Sep 17 00:00:00 2001 From: delarea Date: Sun, 14 Jul 2024 14:00:16 +0300 Subject: [PATCH 182/222] Remove token unused --- Jenkinsfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Jenkinsfile b/Jenkinsfile index 27a9a5723..75e3d6c32 100644 --- a/Jenkinsfile +++ b/Jenkinsfile @@ -1,7 +1,7 @@ node("docker") { cleanWs() // Subtract repo name from the repo url (https://REPO_NAME/ -> REPO_NAME/) - withCredentials([string(credentialsId: 'repo21-url', variable: 'REPO21_URL',variable: "GITHUB_ACCESS_TOKEN")]) { + withCredentials([string(credentialsId: 'repo21-url', variable: 'REPO21_URL')]) { echo "${REPO21_URL}" def repo21Name = "${REPO21_URL}".substring(8, "${REPO21_URL}".length()) env.REPO_NAME_21="$repo21Name" From 4ae3ad3a60940ee1ce7b6fb4b0cc26fa4563af24 Mon Sep 17 00:00:00 2001 From: delarea Date: Sun, 14 Jul 2024 14:18:35 +0300 Subject: [PATCH 183/222] Test script --- .../scripts/darwin-sign-and-notarize.sh | 53 ++++--------------- 1 file changed, 10 insertions(+), 43 deletions(-) diff --git a/build/apple_release/scripts/darwin-sign-and-notarize.sh b/build/apple_release/scripts/darwin-sign-and-notarize.sh index 29e069863..0b197c9fd 100755 --- a/build/apple_release/scripts/darwin-sign-and-notarize.sh +++ b/build/apple_release/scripts/darwin-sign-and-notarize.sh @@ -13,56 +13,23 @@ # Output: # A signed and notarized binary file in the current directory, ready for distribution. -set -e - -# Validates the structure of the app template directory. validate_app_template_structure() { - if [ ! -d "$APP_TEMPLATE_PATH" ]; then - echo "Error: $APP_TEMPLATE_PATH directory does not exist." - exit 1 - fi - - if [ ! -d "$APP_TEMPLATE_PATH/Contents" ]; then - echo "Error: Contents directory does not exist in $APP_TEMPLATE_PATH." - exit 1 - fi - - if [ ! -d "$APP_TEMPLATE_PATH/Contents/MacOS" ]; then - echo "Error: MacOS directory does not exist in $APP_TEMPLATE_PATH/Contents." - exit 1 - fi - - if [ ! -f "$APP_TEMPLATE_PATH/Contents/Info.plist" ]; then - echo "Error: Info.plist file does not exist in $APP_TEMPLATE_PATH/Contents." - exit 1 - fi + [ ! -d "$APP_TEMPLATE_PATH" ] && { echo "Error: $APP_TEMPLATE_PATH directory does not exist."; exit 1; } + [ ! -d "$APP_TEMPLATE_PATH/Contents" ] && { echo "Error: Contents directory does not exist in $APP_TEMPLATE_PATH."; exit 1; } + [ ! -d "$APP_TEMPLATE_PATH/Contents/MacOS" ] && { echo "Error: MacOS directory does not exist in $APP_TEMPLATE_PATH/Contents."; exit 1; } + [ ! -f "$APP_TEMPLATE_PATH/Contents/Info.plist" ] && { echo "Error: Info.plist file does not exist in $APP_TEMPLATE_PATH/Contents."; exit 1; } local app_name_without_extension app_name_without_extension=$(basename "$APP_TEMPLATE_PATH" .app) export BINARY_FILE_NAME=$app_name_without_extension - if [ ! -f "$APP_TEMPLATE_PATH/Contents/MacOS/$BINARY_FILE_NAME" ]; then - echo "Error: $BINARY_FILE_NAME not found inside the MacOS folder." - exit 1 - fi + [ ! -f "$APP_TEMPLATE_PATH/Contents/MacOS/$BINARY_FILE_NAME" ] && { echo "Error: $BINARY_FILE_NAME executable not found inside the MacOS folder."; exit 1; } } -# Validates input environment variables. validate_inputs() { - if [ -z "$APPLE_CERT_DATA" ]; then - echo "Error: Missing APPLE_CERT_DATA environment variable." - exit 1 - fi - - if [ -z "$APPLE_CERT_PASSWORD" ]; then - echo "Error: Missing APPLE_CERT_PASSWORD environment variable." - exit 1 - fi - - if [ -z "$APPLE_TEAM_ID" ]; then - echo "Error: Missing APPLE_TEAM_ID environment variable." - exit 1 - fi + [ -z "$APPLE_CERT_DATA" ] && { echo "Error: Missing APPLE_CERT_DATA environment variable."; exit 1; } + [ -z "$APPLE_CERT_PASSWORD" ] && { echo "Error: Missing APPLE_CERT_PASSWORD environment variable."; exit 1; } + [ -z "$APPLE_TEAM_ID" ] && { echo "Error: Missing APPLE_TEAM_ID environment variable."; exit 1; } validate_app_template_structure } @@ -133,10 +100,10 @@ cleanup() { main() { validate_inputs - prepare_keychain_and_certificate + # prepare_keychain_and_certificate sign_binary notarize_app - cleanup + # cleanup } main \ No newline at end of file From f108e009afc132bff977e4f191e511f8e3d65405 Mon Sep 17 00:00:00 2001 From: delarea Date: Sun, 14 Jul 2024 14:20:02 +0300 Subject: [PATCH 184/222] test --- .../scripts/darwin-sign-and-notarize.sh | 26 ++++++------------- 1 file changed, 8 insertions(+), 18 deletions(-) diff --git a/build/apple_release/scripts/darwin-sign-and-notarize.sh b/build/apple_release/scripts/darwin-sign-and-notarize.sh index 0b197c9fd..bc21fc3da 100755 --- a/build/apple_release/scripts/darwin-sign-and-notarize.sh +++ b/build/apple_release/scripts/darwin-sign-and-notarize.sh @@ -56,7 +56,6 @@ sign_binary() { echo "Successfully signed the binary." } -# Notarizes the app and staples the certificate. notarize_app() { local temp_dir temp_dir=$(mktemp -d) @@ -64,29 +63,20 @@ notarize_app() { current_dir=$(pwd) cp -r "$APP_TEMPLATE_PATH" "$temp_dir" - cd "$temp_dir" + cd "$temp_dir" || exit local temp_zipped_name="${BINARY_FILE_NAME}-zipped.zip" - if ! ditto -c -k --keepParent "$BINARY_FILE_NAME.app" "./$temp_zipped_name"; then - echo "Error: Failed to zip the app." - exit 1 - fi - - if ! xcrun notarytool submit "$temp_zipped_name" --apple-id "$APPLE_ACCOUNT_ID" --team-id "$APPLE_TEAM_ID" --password "$APPLE_APP_SPECIFIC_PASSWORD" --wait; then - echo "Error: Failed to notarize the app." - exit 1 - fi + ditto -c -k --keepParent "$BINARY_FILE_NAME.app" "./$temp_zipped_name" || { echo "Error: Failed to zip the app."; exit 1; } + + xcrun notarytool submit "$temp_zipped_name" --apple-id "$APPLE_ACCOUNT_ID" --team-id "$APPLE_TEAM_ID" --password "$APPLE_APP_SPECIFIC_PASSWORD" --wait || { echo "Error: Failed to notarize the app."; exit 1; } echo "Notarization successful." unzip -o "$temp_zipped_name" - if ! xcrun stapler staple "$BINARY_FILE_NAME.app"; then - echo "Error: Failed to staple the ticket to the app." - exit 1 - fi + xcrun stapler staple "$BINARY_FILE_NAME.app" || { echo "Error: Failed to staple the ticket to the app."; exit 1; } echo "Stapling successful." cp "./$BINARY_FILE_NAME.app/Contents/MacOS/$BINARY_FILE_NAME" "$current_dir" - cd "$current_dir" + cd "$current_dir" || exit rm -rf "$temp_dir" } @@ -100,10 +90,10 @@ cleanup() { main() { validate_inputs - # prepare_keychain_and_certificate + prepare_keychain_and_certificate sign_binary notarize_app - # cleanup + cleanup } main \ No newline at end of file From 1c9a20d7a21b0333d88fab03a174e571a6ba3718 Mon Sep 17 00:00:00 2001 From: delarea Date: Sun, 14 Jul 2024 14:22:37 +0300 Subject: [PATCH 185/222] Update Jenkinsfile --- Jenkinsfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Jenkinsfile b/Jenkinsfile index 75e3d6c32..064751877 100644 --- a/Jenkinsfile +++ b/Jenkinsfile @@ -325,6 +325,7 @@ def uploadCli(architectures) { // MacOS binaries should be downloaded from GitHub packages, as they are signed there. if (currentBuild.goos == 'darwin') { downloadDarwinSignedBinaries(currentBuild.goarch,currentBuild.fileExtension)() + uploadBinaryToJfrogRepo21(currentBuild.pkg, $cliExecutableName) } else { buildAndUpload(currentBuild.goos, currentBuild.goarch, currentBuild.pkg, currentBuild.fileExtension) } @@ -549,5 +550,4 @@ def downloadDarwinSignedBinaries(goarch) { sh """#!/bin/bash ./build/apple_release/scripts/download-signed-mac-OS-binaries.sh $cliExecutableName $releaseVersion $goarch """ - uploadBinaryToJfrogRepo21(currentBuild.pkg, $cliExecutableName) } \ No newline at end of file From 3316d0031ad6aa6def50dbca915ee8dac9971b53 Mon Sep 17 00:00:00 2001 From: delarea Date: Sun, 14 Jul 2024 14:52:19 +0300 Subject: [PATCH 186/222] Update Jenkinsfile --- Jenkinsfile | 35 +++++++++++++++++++---------------- 1 file changed, 19 insertions(+), 16 deletions(-) diff --git a/Jenkinsfile b/Jenkinsfile index 064751877..caa481899 100644 --- a/Jenkinsfile +++ b/Jenkinsfile @@ -113,6 +113,7 @@ def runRelease(architectures) { stage('Sign MacOS binaries') { triggerDarwinBinariesSigningWorkflow() } + configRepo21() try { @@ -527,27 +528,29 @@ def dockerLogin(){ } /** -* This will trigger the Github action that will sign and notarize the MacOS binaries. -* The artifacts will be uploaded to Github artifacts -*/ -def triggerDarwinBinariesSigningWorkflow(){ - withCredentials([string(credentialsId: 'github-access-token',variable: "GITHUB_ACCESS_TOKEN")]) { - stage("Sign MacOS binaries"){ + * This will trigger the Github action that will sign and notarize the MacOS binaries. + * The artifacts will be uploaded to Github artifacts + */ +def triggerDarwinBinariesSigningWorkflow() { + withCredentials([string(credentialsId: 'github-access-token', variable: "GITHUB_ACCESS_TOKEN")]) { + stage("Sign MacOS binaries") { sh """ - ./build/apple_release/scripts/trigger-sign-mac-OS-workflow.sh $cliExecutableName $releaseVersion $GITHUB_ACCESS_TOKEN - """ + ./build/apple_release/scripts/trigger-sign-mac-OS-workflow.sh $cliExecutableName $releaseVersion $GITHUB_ACCESS_TOKEN + """ } } } /** -* The Darwin binaries are signed in GitHub actions. -* This function will make sure to download the specific artifact according to -* executable name and release version. -* As the GitHub action may take some time, we will retry to download the artifact with timeout. -*/ + * The Darwin binaries are signed in GitHub actions. + * This function will make sure to download the specific artifact according to + * executable name and release version. + * As the GitHub action may take some time, we will retry to download the artifact with timeout. + */ def downloadDarwinSignedBinaries(goarch) { - sh """#!/bin/bash - ./build/apple_release/scripts/download-signed-mac-OS-binaries.sh $cliExecutableName $releaseVersion $goarch - """ + withCredentials([string(credentialsId: 'github-access-token', variable: "GITHUB_ACCESS_TOKEN")]) { + sh """ + ./build/apple_release/scripts/download-signed-mac-OS-binaries.sh $cliExecutableName $releaseVersion $goarch $GITHUB_ACCESS_TOKEN + """ + } } \ No newline at end of file From 5af95fea7959d09461d2cc2ad60756c21d8a36ce Mon Sep 17 00:00:00 2001 From: delarea Date: Wed, 20 Nov 2024 10:07:27 +0200 Subject: [PATCH 187/222] CR --- .github/workflows/prepareDarwinBinariesForRelease.yml | 4 ++-- Jenkinsfile | 3 ++- .../apple_release/scripts/download-signed-mac-OS-binaries.sh | 3 ++- build/apple_release/scripts/trigger-sign-mac-OS-workflow.sh | 3 +++ 4 files changed, 9 insertions(+), 4 deletions(-) diff --git a/.github/workflows/prepareDarwinBinariesForRelease.yml b/.github/workflows/prepareDarwinBinariesForRelease.yml index cea3985b5..71d02be5d 100644 --- a/.github/workflows/prepareDarwinBinariesForRelease.yml +++ b/.github/workflows/prepareDarwinBinariesForRelease.yml @@ -1,4 +1,4 @@ -name: Sign Dawrin Binaries for Release +name: Sign Darwin Binaries for Release on: workflow_dispatch: inputs: @@ -24,7 +24,7 @@ jobs: - name: Setup Go uses: actions/setup-go@v5 with: - go-version: 1.22.x + go-version: 1.23.x cache: false - name: Checkout Source diff --git a/Jenkinsfile b/Jenkinsfile index 3698aec74..969454a4a 100644 --- a/Jenkinsfile +++ b/Jenkinsfile @@ -105,7 +105,8 @@ def runRelease(architectures) { version = getCliVersion(builderPath) print "CLI version: $version" } - /** + + /* * Prepare Signed MacOS binaries * This happens at the start of the release process, so the binaries will be ready * for the release process later on. diff --git a/build/apple_release/scripts/download-signed-mac-OS-binaries.sh b/build/apple_release/scripts/download-signed-mac-OS-binaries.sh index d5bcf96ed..d4c454150 100755 --- a/build/apple_release/scripts/download-signed-mac-OS-binaries.sh +++ b/build/apple_release/scripts/download-signed-mac-OS-binaries.sh @@ -10,7 +10,8 @@ GITHUB_ACCESS_TOKEN=$4 # Function to retrieve the specific artifact URL with retries get_specific_artifact_url_with_retries() { local max_retries=4 - local cooldown=15 # Cooldown in seconds between retries + # Cooldown in seconds between retries + local cooldown=15 local retry_count=0 while [ $retry_count -lt $max_retries ]; do diff --git a/build/apple_release/scripts/trigger-sign-mac-OS-workflow.sh b/build/apple_release/scripts/trigger-sign-mac-OS-workflow.sh index 787a5de70..8c6f6b430 100644 --- a/build/apple_release/scripts/trigger-sign-mac-OS-workflow.sh +++ b/build/apple_release/scripts/trigger-sign-mac-OS-workflow.sh @@ -2,8 +2,11 @@ # This script triggers a GitHub Actions workflow to sign and notarize macOS binaries. + cliExecutableName=$1 # The name of the CLI executable to be processed + releaseVersion=$2 # The version of the release being processed + GITHUB_ACCESS_TOKEN=$3 # GitHub Access Token for authentication # Trigger From fae20789b5d47b71f65f2c6d5b162c0b9fbae310 Mon Sep 17 00:00:00 2001 From: delarea Date: Wed, 20 Nov 2024 10:10:45 +0200 Subject: [PATCH 188/222] CR --- .../scripts/download-signed-mac-OS-binaries.sh | 9 ++++++--- .../scripts/trigger-sign-mac-OS-workflow.sh | 1 + 2 files changed, 7 insertions(+), 3 deletions(-) diff --git a/build/apple_release/scripts/download-signed-mac-OS-binaries.sh b/build/apple_release/scripts/download-signed-mac-OS-binaries.sh index d4c454150..fcaf219cc 100755 --- a/build/apple_release/scripts/download-signed-mac-OS-binaries.sh +++ b/build/apple_release/scripts/download-signed-mac-OS-binaries.sh @@ -1,12 +1,15 @@ #!/bin/bash +# Script Purpose: Download signed macOS binaries for a specific version and architecture. +# The name of the CLI executable to be processed - jfrog or jf cliExecutableName=$1 +# The version of the release being processed releaseVersion=$2 +# The architecture of the macOS binary to be downloaded - amd64 or arm64 goarch=$3 +# GitHub Access Token for authentication GITHUB_ACCESS_TOKEN=$4 -# This script downloads signed macOS binaries for a specific version and architecture. - # Function to retrieve the specific artifact URL with retries get_specific_artifact_url_with_retries() { local max_retries=4 @@ -16,7 +19,7 @@ get_specific_artifact_url_with_retries() { while [ $retry_count -lt $max_retries ]; do # Fetch the list of artifacts from GitHub - response=$(curl -L \ + response=$(curl -L --retry 3 \ -H "Accept: application/vnd.github+json" \ -H "Authorization: Bearer $GITHUB_ACCESS_TOKEN" \ -H "X-GitHub-Api-Version: 2022-11-28" \ diff --git a/build/apple_release/scripts/trigger-sign-mac-OS-workflow.sh b/build/apple_release/scripts/trigger-sign-mac-OS-workflow.sh index 8c6f6b430..977ce8003 100644 --- a/build/apple_release/scripts/trigger-sign-mac-OS-workflow.sh +++ b/build/apple_release/scripts/trigger-sign-mac-OS-workflow.sh @@ -11,6 +11,7 @@ GITHUB_ACCESS_TOKEN=$3 # GitHub Access Token for authentication # Trigger curl -L \ + --retry 3 \ -X POST \ -H "Accept: application/vnd.github+json" \ -H "Authorization: Bearer $GITHUB_ACCESS_TOKEN" \ From 76832411d7bb6011d2c17131aaa8302b4c69d948 Mon Sep 17 00:00:00 2001 From: delarea Date: Wed, 8 Jan 2025 14:29:48 +0200 Subject: [PATCH 189/222] Change to my repo for testings --- build/apple_release/scripts/trigger-sign-mac-OS-workflow.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/build/apple_release/scripts/trigger-sign-mac-OS-workflow.sh b/build/apple_release/scripts/trigger-sign-mac-OS-workflow.sh index 977ce8003..279a3809c 100644 --- a/build/apple_release/scripts/trigger-sign-mac-OS-workflow.sh +++ b/build/apple_release/scripts/trigger-sign-mac-OS-workflow.sh @@ -16,5 +16,5 @@ curl -L \ -H "Accept: application/vnd.github+json" \ -H "Authorization: Bearer $GITHUB_ACCESS_TOKEN" \ -H "X-GitHub-Api-Version: 2022-11-28" \ - https://api.github.com/repos/jfrog/jfrog-cli/actions/workflows/prepareDarwinBinariesForRelease.yml/dispatches \ - -d "{\"ref\":\"v2\",\"inputs\":{\"releaseVersion\":\"$releaseVersion\",\"binaryFileName\":\"$cliExecutableName\"}}" \ No newline at end of file + https://api.github.com/repos/eyalDelarea/jfrog-cli/actions/workflows/prepareDarwinBinariesForRelease.yml/dispatches \ + -d "{\"ref\":\"apple_sign_binary\",\"inputs\":{\"releaseVersion\":\"$releaseVersion\",\"binaryFileName\":\"$cliExecutableName\"}}" \ No newline at end of file From 794bcbea6b48954db388a828766b6f1a297fe847 Mon Sep 17 00:00:00 2001 From: delarea Date: Wed, 8 Jan 2025 15:25:37 +0200 Subject: [PATCH 190/222] fix pointer --- build/apple_release/scripts/trigger-sign-mac-OS-workflow.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/build/apple_release/scripts/trigger-sign-mac-OS-workflow.sh b/build/apple_release/scripts/trigger-sign-mac-OS-workflow.sh index 279a3809c..f89c253d1 100644 --- a/build/apple_release/scripts/trigger-sign-mac-OS-workflow.sh +++ b/build/apple_release/scripts/trigger-sign-mac-OS-workflow.sh @@ -17,4 +17,4 @@ curl -L \ -H "Authorization: Bearer $GITHUB_ACCESS_TOKEN" \ -H "X-GitHub-Api-Version: 2022-11-28" \ https://api.github.com/repos/eyalDelarea/jfrog-cli/actions/workflows/prepareDarwinBinariesForRelease.yml/dispatches \ - -d "{\"ref\":\"apple_sign_binary\",\"inputs\":{\"releaseVersion\":\"$releaseVersion\",\"binaryFileName\":\"$cliExecutableName\"}}" \ No newline at end of file + -d "{\"ref\":\"sign_apple_binary\",\"inputs\":{\"releaseVersion\":\"$releaseVersion\",\"binaryFileName\":\"$cliExecutableName\"}}" \ No newline at end of file From 0ff919851041bc1cc365bd48bd14455484ca687b Mon Sep 17 00:00:00 2001 From: delarea Date: Wed, 8 Jan 2025 15:43:26 +0200 Subject: [PATCH 191/222] remove bad validation --- .../scripts/download-signed-mac-OS-binaries.sh | 6 ------ 1 file changed, 6 deletions(-) diff --git a/build/apple_release/scripts/download-signed-mac-OS-binaries.sh b/build/apple_release/scripts/download-signed-mac-OS-binaries.sh index fcaf219cc..271e17b61 100755 --- a/build/apple_release/scripts/download-signed-mac-OS-binaries.sh +++ b/build/apple_release/scripts/download-signed-mac-OS-binaries.sh @@ -51,12 +51,6 @@ downloadSignedMacOSBinaries() { # Attempt to get the specific artifact URL artifactUrl=$(get_specific_artifact_url_with_retries) - # Validate the URL - if [[ -z "$artifactUrl" || ! "$artifactUrl" =~ ^https?://.+ ]]; then - echo "$artifactUrl Failed to find download artifact for version: $releaseVersion and goarch: $goarch. Please validate the artifacts were successfully uploaded." - exit 1 - fi - # Download the artifact curl -L \ -H "Accept: application/vnd.github+json" \ From b27bfd96aafc20053add4b94656a9f94331ebf91 Mon Sep 17 00:00:00 2001 From: delarea Date: Wed, 8 Jan 2025 15:50:17 +0200 Subject: [PATCH 192/222] debug --- .../apple_release/scripts/download-signed-mac-OS-binaries.sh | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/build/apple_release/scripts/download-signed-mac-OS-binaries.sh b/build/apple_release/scripts/download-signed-mac-OS-binaries.sh index 271e17b61..309dd86ee 100755 --- a/build/apple_release/scripts/download-signed-mac-OS-binaries.sh +++ b/build/apple_release/scripts/download-signed-mac-OS-binaries.sh @@ -51,6 +51,7 @@ downloadSignedMacOSBinaries() { # Attempt to get the specific artifact URL artifactUrl=$(get_specific_artifact_url_with_retries) + echo "Downloading signed executable from $artifactUrl" # Download the artifact curl -L \ -H "Accept: application/vnd.github+json" \ @@ -58,6 +59,9 @@ downloadSignedMacOSBinaries() { -H "X-GitHub-Api-Version: 2022-11-28" \ "$artifactUrl" -o artifact.zip + echo "extracting..." + ls -la + # Extract the artifact and clean up tar -xvf artifact.zip rm -rf artifact.zip From 4cf8e28669e6db3b0968c73529754d0dcbd873fe Mon Sep 17 00:00:00 2001 From: delarea Date: Wed, 8 Jan 2025 15:57:30 +0200 Subject: [PATCH 193/222] install zip --- build/apple_release/scripts/download-signed-mac-OS-binaries.sh | 3 +++ 1 file changed, 3 insertions(+) diff --git a/build/apple_release/scripts/download-signed-mac-OS-binaries.sh b/build/apple_release/scripts/download-signed-mac-OS-binaries.sh index 309dd86ee..4262aaf3c 100755 --- a/build/apple_release/scripts/download-signed-mac-OS-binaries.sh +++ b/build/apple_release/scripts/download-signed-mac-OS-binaries.sh @@ -61,6 +61,9 @@ downloadSignedMacOSBinaries() { echo "extracting..." ls -la + echo "installing zip..." + sudo apt-get update + sudo apt-get install unzip # Extract the artifact and clean up tar -xvf artifact.zip From 68be11e7b8e6c35f898027c17b9eea1845de8463 Mon Sep 17 00:00:00 2001 From: delarea Date: Wed, 8 Jan 2025 16:08:45 +0200 Subject: [PATCH 194/222] delete old artifacts --- .github/workflows/prepareDarwinBinariesForRelease.yml | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/.github/workflows/prepareDarwinBinariesForRelease.yml b/.github/workflows/prepareDarwinBinariesForRelease.yml index 71d02be5d..8977e454d 100644 --- a/.github/workflows/prepareDarwinBinariesForRelease.yml +++ b/.github/workflows/prepareDarwinBinariesForRelease.yml @@ -20,6 +20,12 @@ jobs: matrix: goarch: [ arm64, amd64 ] steps: + # Delete old artifacts + - name: Remove old artifacts + uses: c-hive/gha-remove-artifacts@v1 + with: + # TODO change this + age: "10 seconds" # Setup - name: Setup Go uses: actions/setup-go@v5 From d759d59fab3df9b980b73e54a648a928e0b5e3ca Mon Sep 17 00:00:00 2001 From: delarea Date: Wed, 8 Jan 2025 16:11:34 +0200 Subject: [PATCH 195/222] unzip --- .../scripts/download-signed-mac-OS-binaries.sh | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/build/apple_release/scripts/download-signed-mac-OS-binaries.sh b/build/apple_release/scripts/download-signed-mac-OS-binaries.sh index 4262aaf3c..8c4fd8167 100755 --- a/build/apple_release/scripts/download-signed-mac-OS-binaries.sh +++ b/build/apple_release/scripts/download-signed-mac-OS-binaries.sh @@ -62,11 +62,11 @@ downloadSignedMacOSBinaries() { echo "extracting..." ls -la echo "installing zip..." - sudo apt-get update - sudo apt-get install unzip + apt-get update + apt-get install unzip # Extract the artifact and clean up - tar -xvf artifact.zip + unzip -xvf artifact.zip rm -rf artifact.zip # Make the binary executable From 4eefb81d554495ed2af35a96ac05203b3fb9c55d Mon Sep 17 00:00:00 2001 From: delarea Date: Wed, 8 Jan 2025 16:13:25 +0200 Subject: [PATCH 196/222] debug --- build/apple_release/scripts/download-signed-mac-OS-binaries.sh | 3 +++ 1 file changed, 3 insertions(+) diff --git a/build/apple_release/scripts/download-signed-mac-OS-binaries.sh b/build/apple_release/scripts/download-signed-mac-OS-binaries.sh index 8c4fd8167..868112c4a 100755 --- a/build/apple_release/scripts/download-signed-mac-OS-binaries.sh +++ b/build/apple_release/scripts/download-signed-mac-OS-binaries.sh @@ -67,6 +67,9 @@ downloadSignedMacOSBinaries() { # Extract the artifact and clean up unzip -xvf artifact.zip + + ls -la + rm -rf artifact.zip # Make the binary executable From 3ac3a78c6c2bd3b7fee00cf716387d96c8e1c708 Mon Sep 17 00:00:00 2001 From: delarea Date: Wed, 8 Jan 2025 16:17:29 +0200 Subject: [PATCH 197/222] fix unzip --- build/apple_release/scripts/download-signed-mac-OS-binaries.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/build/apple_release/scripts/download-signed-mac-OS-binaries.sh b/build/apple_release/scripts/download-signed-mac-OS-binaries.sh index 868112c4a..aedbb5504 100755 --- a/build/apple_release/scripts/download-signed-mac-OS-binaries.sh +++ b/build/apple_release/scripts/download-signed-mac-OS-binaries.sh @@ -66,7 +66,7 @@ downloadSignedMacOSBinaries() { apt-get install unzip # Extract the artifact and clean up - unzip -xvf artifact.zip + unzip artifact.zip ls -la From 753e5e2c42deefc3d83dba143ae6ed088e27a3f5 Mon Sep 17 00:00:00 2001 From: delarea Date: Wed, 8 Jan 2025 16:23:32 +0200 Subject: [PATCH 198/222] add executable check --- .../scripts/download-signed-mac-OS-binaries.sh | 15 +++++---------- 1 file changed, 5 insertions(+), 10 deletions(-) diff --git a/build/apple_release/scripts/download-signed-mac-OS-binaries.sh b/build/apple_release/scripts/download-signed-mac-OS-binaries.sh index aedbb5504..da0fff8d4 100755 --- a/build/apple_release/scripts/download-signed-mac-OS-binaries.sh +++ b/build/apple_release/scripts/download-signed-mac-OS-binaries.sh @@ -59,24 +59,19 @@ downloadSignedMacOSBinaries() { -H "X-GitHub-Api-Version: 2022-11-28" \ "$artifactUrl" -o artifact.zip - echo "extracting..." - ls -la echo "installing zip..." apt-get update apt-get install unzip # Extract the artifact and clean up unzip artifact.zip - - ls -la - rm -rf artifact.zip - # Make the binary executable - chmod +x "$cliExecutableName" - - # Validate the binary by checking its version - ./"$cliExecutableName" --version + # Check if the executable exists + if [ ! -f "$cliExecutableName" ]; then + echo "Error: Executable $cliExecutableName not found." + exit 1 + fi } # Start the process From 0455ec1204a1356f896b930f26dec08fd1fb8543 Mon Sep 17 00:00:00 2001 From: delarea Date: Wed, 8 Jan 2025 16:41:36 +0200 Subject: [PATCH 199/222] remove delete --- .github/workflows/prepareDarwinBinariesForRelease.yml | 6 ------ 1 file changed, 6 deletions(-) diff --git a/.github/workflows/prepareDarwinBinariesForRelease.yml b/.github/workflows/prepareDarwinBinariesForRelease.yml index 8977e454d..71d02be5d 100644 --- a/.github/workflows/prepareDarwinBinariesForRelease.yml +++ b/.github/workflows/prepareDarwinBinariesForRelease.yml @@ -20,12 +20,6 @@ jobs: matrix: goarch: [ arm64, amd64 ] steps: - # Delete old artifacts - - name: Remove old artifacts - uses: c-hive/gha-remove-artifacts@v1 - with: - # TODO change this - age: "10 seconds" # Setup - name: Setup Go uses: actions/setup-go@v5 From e9cd72b4c7ba7b4805e108211bee5a3dcc4f6c3a Mon Sep 17 00:00:00 2001 From: delarea Date: Wed, 8 Jan 2025 17:06:33 +0200 Subject: [PATCH 200/222] pass github env via stdin --- Jenkinsfile | 11 +++++++---- .../scripts/download-signed-mac-OS-binaries.sh | 4 ++-- .../scripts/trigger-sign-mac-OS-workflow.sh | 3 ++- 3 files changed, 11 insertions(+), 7 deletions(-) diff --git a/Jenkinsfile b/Jenkinsfile index 22e600473..f972f4a34 100644 --- a/Jenkinsfile +++ b/Jenkinsfile @@ -528,15 +528,17 @@ def dockerLogin(){ } } + /** * This will trigger the Github action that will sign and notarize the MacOS binaries. * The artifacts will be uploaded to Github artifacts */ def triggerDarwinBinariesSigningWorkflow() { - withCredentials([string(credentialsId: 'github-access-token', variable: "GITHUB_ACCESS_TOKEN")]) { + withCredentials([string(credentialsId: 'eyalde-github-access-token', variable: "GITHUB_ACCESS_TOKEN")]) { stage("Sign MacOS binaries") { sh """ - ./build/apple_release/scripts/trigger-sign-mac-OS-workflow.sh $cliExecutableName $releaseVersion $GITHUB_ACCESS_TOKEN + chmod +x jfrog-cli/build/apple_release/scripts/trigger-sign-mac-OS-workflow.sh + $repo/build/apple_release/scripts/trigger-sign-mac-OS-workflow.sh $cliExecutableName $releaseVersion <<< $GITHUB_ACCESS_TOKEN """ } } @@ -549,9 +551,10 @@ def triggerDarwinBinariesSigningWorkflow() { * As the GitHub action may take some time, we will retry to download the artifact with timeout. */ def downloadDarwinSignedBinaries(goarch) { - withCredentials([string(credentialsId: 'github-access-token', variable: "GITHUB_ACCESS_TOKEN")]) { + withCredentials([string(credentialsId: 'eyalde-github-access-token', variable: "GITHUB_ACCESS_TOKEN")]) { sh """ - ./build/apple_release/scripts/download-signed-mac-OS-binaries.sh $cliExecutableName $releaseVersion $goarch $GITHUB_ACCESS_TOKEN + chmod +x $repo/build/apple_release/scripts/download-signed-mac-OS-binaries.sh + $repo/build/apple_release/scripts/download-signed-mac-OS-binaries.sh $cliExecutableName $releaseVersion $goarch <<< $GITHUB_ACCESS_TOKEN """ } } \ No newline at end of file diff --git a/build/apple_release/scripts/download-signed-mac-OS-binaries.sh b/build/apple_release/scripts/download-signed-mac-OS-binaries.sh index da0fff8d4..fdd990553 100755 --- a/build/apple_release/scripts/download-signed-mac-OS-binaries.sh +++ b/build/apple_release/scripts/download-signed-mac-OS-binaries.sh @@ -7,8 +7,8 @@ cliExecutableName=$1 releaseVersion=$2 # The architecture of the macOS binary to be downloaded - amd64 or arm64 goarch=$3 -# GitHub Access Token for authentication -GITHUB_ACCESS_TOKEN=$4 +# GitHub Access Token for authentication from stdin +read -r GITHUB_ACCESS_TOKEN # Function to retrieve the specific artifact URL with retries get_specific_artifact_url_with_retries() { diff --git a/build/apple_release/scripts/trigger-sign-mac-OS-workflow.sh b/build/apple_release/scripts/trigger-sign-mac-OS-workflow.sh index f89c253d1..93025520b 100644 --- a/build/apple_release/scripts/trigger-sign-mac-OS-workflow.sh +++ b/build/apple_release/scripts/trigger-sign-mac-OS-workflow.sh @@ -7,7 +7,8 @@ cliExecutableName=$1 # The name of the CLI executable to be processed releaseVersion=$2 # The version of the release being processed -GITHUB_ACCESS_TOKEN=$3 # GitHub Access Token for authentication +# GitHub Access Token for authentication from stdin +read -r GITHUB_ACCESS_TOKEN # Trigger curl -L \ From f6c9a31cbc8a4821ea6d7923768d82d4204928e6 Mon Sep 17 00:00:00 2001 From: delarea Date: Wed, 8 Jan 2025 17:26:31 +0200 Subject: [PATCH 201/222] Update scripts to get token from env --- Jenkinsfile | 3 +++ .../apple_release/scripts/download-signed-mac-OS-binaries.sh | 5 +++-- build/apple_release/scripts/trigger-sign-mac-OS-workflow.sh | 5 +++-- 3 files changed, 9 insertions(+), 4 deletions(-) diff --git a/Jenkinsfile b/Jenkinsfile index f972f4a34..43e8efb3a 100644 --- a/Jenkinsfile +++ b/Jenkinsfile @@ -6,6 +6,9 @@ node("docker-ubuntu20-xlarge") { def repo21Name = "${REPO21_URL}".substring(8, "${REPO21_URL}".length()) env.REPO_NAME_21="$repo21Name" } + environment { + GITHUB_ACCESS_TOKEN = credentials('eyalde-github-access-token') + } def architectures = [ [pkg: 'jfrog-cli-windows-amd64', goos: 'windows', goarch: 'amd64', fileExtension: '.exe', chocoImage: '${REPO_NAME_21}/jfrog-docker/linuturk/mono-choco'], [pkg: 'jfrog-cli-linux-386', goos: 'linux', goarch: '386', fileExtension: '', debianImage: '${REPO_NAME_21}/jfrog-docker/i386/ubuntu:20.04', debianArch: 'i386'], diff --git a/build/apple_release/scripts/download-signed-mac-OS-binaries.sh b/build/apple_release/scripts/download-signed-mac-OS-binaries.sh index fdd990553..fc21da66d 100755 --- a/build/apple_release/scripts/download-signed-mac-OS-binaries.sh +++ b/build/apple_release/scripts/download-signed-mac-OS-binaries.sh @@ -7,8 +7,9 @@ cliExecutableName=$1 releaseVersion=$2 # The architecture of the macOS binary to be downloaded - amd64 or arm64 goarch=$3 -# GitHub Access Token for authentication from stdin -read -r GITHUB_ACCESS_TOKEN + +# Notice that the GITHUB_ACCESS_TOKEN is not defined in this script. +# It should be set as an environment variable before running the script. # Function to retrieve the specific artifact URL with retries get_specific_artifact_url_with_retries() { diff --git a/build/apple_release/scripts/trigger-sign-mac-OS-workflow.sh b/build/apple_release/scripts/trigger-sign-mac-OS-workflow.sh index 93025520b..69109795e 100644 --- a/build/apple_release/scripts/trigger-sign-mac-OS-workflow.sh +++ b/build/apple_release/scripts/trigger-sign-mac-OS-workflow.sh @@ -7,8 +7,9 @@ cliExecutableName=$1 # The name of the CLI executable to be processed releaseVersion=$2 # The version of the release being processed -# GitHub Access Token for authentication from stdin -read -r GITHUB_ACCESS_TOKEN +# Notice that the GITHUB_ACCESS_TOKEN is not defined in this script. +# It should be set as an environment variable before running the script. + # Trigger curl -L \ From ff710b2ff1b54e0e7c5187055c808a033698d195 Mon Sep 17 00:00:00 2001 From: delarea Date: Thu, 9 Jan 2025 11:20:30 +0200 Subject: [PATCH 202/222] Pass Token as argument --- Jenkinsfile | 15 ++++----------- .../scripts/download-signed-mac-OS-binaries.sh | 6 ++++-- .../scripts/trigger-sign-mac-OS-workflow.sh | 10 ++++++---- 3 files changed, 14 insertions(+), 17 deletions(-) diff --git a/Jenkinsfile b/Jenkinsfile index 43e8efb3a..9d7b17273 100644 --- a/Jenkinsfile +++ b/Jenkinsfile @@ -6,9 +6,6 @@ node("docker-ubuntu20-xlarge") { def repo21Name = "${REPO21_URL}".substring(8, "${REPO21_URL}".length()) env.REPO_NAME_21="$repo21Name" } - environment { - GITHUB_ACCESS_TOKEN = credentials('eyalde-github-access-token') - } def architectures = [ [pkg: 'jfrog-cli-windows-amd64', goos: 'windows', goarch: 'amd64', fileExtension: '.exe', chocoImage: '${REPO_NAME_21}/jfrog-docker/linuturk/mono-choco'], [pkg: 'jfrog-cli-linux-386', goos: 'linux', goarch: '386', fileExtension: '', debianImage: '${REPO_NAME_21}/jfrog-docker/i386/ubuntu:20.04', debianArch: 'i386'], @@ -539,10 +536,8 @@ def dockerLogin(){ def triggerDarwinBinariesSigningWorkflow() { withCredentials([string(credentialsId: 'eyalde-github-access-token', variable: "GITHUB_ACCESS_TOKEN")]) { stage("Sign MacOS binaries") { - sh """ - chmod +x jfrog-cli/build/apple_release/scripts/trigger-sign-mac-OS-workflow.sh - $repo/build/apple_release/scripts/trigger-sign-mac-OS-workflow.sh $cliExecutableName $releaseVersion <<< $GITHUB_ACCESS_TOKEN - """ + sh('chmod +x jfrog-cli/build/apple_release/scripts/trigger-sign-mac-OS-workflow.sh') + sh('$repo/build/apple_release/scripts/trigger-sign-mac-OS-workflow.sh $cliExecutableName $releaseVersion $GITHUB_ACCESS_TOKEN') } } } @@ -555,9 +550,7 @@ def triggerDarwinBinariesSigningWorkflow() { */ def downloadDarwinSignedBinaries(goarch) { withCredentials([string(credentialsId: 'eyalde-github-access-token', variable: "GITHUB_ACCESS_TOKEN")]) { - sh """ - chmod +x $repo/build/apple_release/scripts/download-signed-mac-OS-binaries.sh - $repo/build/apple_release/scripts/download-signed-mac-OS-binaries.sh $cliExecutableName $releaseVersion $goarch <<< $GITHUB_ACCESS_TOKEN - """ + sh ('chmod +x $repo/build/apple_release/scripts/download-signed-mac-OS-binaries.sh') + sh ('$repo/build/apple_release/scripts/download-signed-mac-OS-binaries.sh $cliExecutableName $releaseVersion $goarch $GITHUB_ACCESS_TOKEN') } } \ No newline at end of file diff --git a/build/apple_release/scripts/download-signed-mac-OS-binaries.sh b/build/apple_release/scripts/download-signed-mac-OS-binaries.sh index fc21da66d..51bc982b3 100755 --- a/build/apple_release/scripts/download-signed-mac-OS-binaries.sh +++ b/build/apple_release/scripts/download-signed-mac-OS-binaries.sh @@ -3,13 +3,15 @@ # Script Purpose: Download signed macOS binaries for a specific version and architecture. # The name of the CLI executable to be processed - jfrog or jf cliExecutableName=$1 + # The version of the release being processed releaseVersion=$2 + # The architecture of the macOS binary to be downloaded - amd64 or arm64 goarch=$3 -# Notice that the GITHUB_ACCESS_TOKEN is not defined in this script. -# It should be set as an environment variable before running the script. +# GitHub Access Token for authentication +GITHUB_ACCESS_TOKEN=$3 # Function to retrieve the specific artifact URL with retries get_specific_artifact_url_with_retries() { diff --git a/build/apple_release/scripts/trigger-sign-mac-OS-workflow.sh b/build/apple_release/scripts/trigger-sign-mac-OS-workflow.sh index 69109795e..4ffbc4030 100644 --- a/build/apple_release/scripts/trigger-sign-mac-OS-workflow.sh +++ b/build/apple_release/scripts/trigger-sign-mac-OS-workflow.sh @@ -3,12 +3,14 @@ # This script triggers a GitHub Actions workflow to sign and notarize macOS binaries. -cliExecutableName=$1 # The name of the CLI executable to be processed +# The name of the CLI executable to be processed +cliExecutableName=$1 -releaseVersion=$2 # The version of the release being processed +# The version of the release being processed +releaseVersion=$2 -# Notice that the GITHUB_ACCESS_TOKEN is not defined in this script. -# It should be set as an environment variable before running the script. +# GitHub Access Token for authentication +GITHUB_ACCESS_TOKEN=$3 # Trigger From ff288fea5a0ddff56802829906efe357f7d74a3a Mon Sep 17 00:00:00 2001 From: delarea Date: Thu, 9 Jan 2025 11:37:37 +0200 Subject: [PATCH 203/222] Fix --- Jenkinsfile | 2 +- .../scripts/download-signed-mac-OS-binaries.sh | 14 +++++++++----- 2 files changed, 10 insertions(+), 6 deletions(-) diff --git a/Jenkinsfile b/Jenkinsfile index 9d7b17273..a091ba047 100644 --- a/Jenkinsfile +++ b/Jenkinsfile @@ -536,7 +536,7 @@ def dockerLogin(){ def triggerDarwinBinariesSigningWorkflow() { withCredentials([string(credentialsId: 'eyalde-github-access-token', variable: "GITHUB_ACCESS_TOKEN")]) { stage("Sign MacOS binaries") { - sh('chmod +x jfrog-cli/build/apple_release/scripts/trigger-sign-mac-OS-workflow.sh') + sh('chmod +x $repo/build/apple_release/scripts/trigger-sign-mac-OS-workflow.sh') sh('$repo/build/apple_release/scripts/trigger-sign-mac-OS-workflow.sh $cliExecutableName $releaseVersion $GITHUB_ACCESS_TOKEN') } } diff --git a/build/apple_release/scripts/download-signed-mac-OS-binaries.sh b/build/apple_release/scripts/download-signed-mac-OS-binaries.sh index 51bc982b3..c6780cb25 100755 --- a/build/apple_release/scripts/download-signed-mac-OS-binaries.sh +++ b/build/apple_release/scripts/download-signed-mac-OS-binaries.sh @@ -15,9 +15,9 @@ GITHUB_ACCESS_TOKEN=$3 # Function to retrieve the specific artifact URL with retries get_specific_artifact_url_with_retries() { - local max_retries=4 + local max_retries=10 # Cooldown in seconds between retries - local cooldown=15 + local cooldown=20 local retry_count=0 while [ $retry_count -lt $max_retries ]; do @@ -29,7 +29,9 @@ get_specific_artifact_url_with_retries() { -s https://api.github.com/repos/eyaldelarea/jfrog-cli/actions/artifacts) # Parse the response to find the URL of the desired artifact - artifactUrl=$(echo "$response" | jq -r ".artifacts[] | select(.name | contains(\"$cliExecutableName-darwin-v$releaseVersion-$goarch\")) | .archive_download_url") + if ! artifactUrl=$(echo "$response" | jq -r ".artifacts[] | select(.name | contains(\"$cliExecutableName-darwin-v$releaseVersion-$goarch\")) | .archive_download_url"); then + artifactUrl="" + fi # If a valid URL is found, return it if [[ "$artifactUrl" =~ ^https?://.+ ]]; then @@ -52,10 +54,12 @@ downloadSignedMacOSBinaries() { echo "Downloading Signed macOS Binaries for goarch: $goarch, release version: $releaseVersion" # Attempt to get the specific artifact URL - artifactUrl=$(get_specific_artifact_url_with_retries) + if ! artifactUrl=$(get_specific_artifact_url_with_retries); then + echo "Failed to retrieve the artifact URL after multiple attempts." + exit 1 + fi echo "Downloading signed executable from $artifactUrl" - # Download the artifact curl -L \ -H "Accept: application/vnd.github+json" \ -H "Authorization: Bearer $GITHUB_ACCESS_TOKEN" \ From e740f23e3a5dfdbf0babdaed27364f52452f9d00 Mon Sep 17 00:00:00 2001 From: delarea Date: Thu, 9 Jan 2025 11:42:02 +0200 Subject: [PATCH 204/222] Move to env --- Jenkinsfile | 14 ++++++++++---- .../scripts/download-signed-mac-OS-binaries.sh | 3 +-- .../scripts/trigger-sign-mac-OS-workflow.sh | 4 ++-- 3 files changed, 13 insertions(+), 8 deletions(-) diff --git a/Jenkinsfile b/Jenkinsfile index a091ba047..2ac5dd801 100644 --- a/Jenkinsfile +++ b/Jenkinsfile @@ -536,8 +536,11 @@ def dockerLogin(){ def triggerDarwinBinariesSigningWorkflow() { withCredentials([string(credentialsId: 'eyalde-github-access-token', variable: "GITHUB_ACCESS_TOKEN")]) { stage("Sign MacOS binaries") { - sh('chmod +x $repo/build/apple_release/scripts/trigger-sign-mac-OS-workflow.sh') - sh('$repo/build/apple_release/scripts/trigger-sign-mac-OS-workflow.sh $cliExecutableName $releaseVersion $GITHUB_ACCESS_TOKEN') + sh 'chmod +x $repo/build/apple_release/scripts/trigger-sign-mac-OS-workflow.sh' + sh """ + export GITHUB_ACCESS_TOKEN=${GITHUB_ACCESS_TOKEN} + $repo/build/apple_release/scripts/trigger-sign-mac-OS-workflow.sh $cliExecutableName $releaseVersion $goarch + """ } } } @@ -550,7 +553,10 @@ def triggerDarwinBinariesSigningWorkflow() { */ def downloadDarwinSignedBinaries(goarch) { withCredentials([string(credentialsId: 'eyalde-github-access-token', variable: "GITHUB_ACCESS_TOKEN")]) { - sh ('chmod +x $repo/build/apple_release/scripts/download-signed-mac-OS-binaries.sh') - sh ('$repo/build/apple_release/scripts/download-signed-mac-OS-binaries.sh $cliExecutableName $releaseVersion $goarch $GITHUB_ACCESS_TOKEN') + sh 'chmod +x $repo/build/apple_release/scripts/download-signed-mac-OS-binaries.sh' + sh """ + export GITHUB_ACCESS_TOKEN=${GITHUB_ACCESS_TOKEN} + $repo/build/apple_release/scripts/download-signed-mac-OS-binaries.sh $cliExecutableName $releaseVersion $goarch + """ } } \ No newline at end of file diff --git a/build/apple_release/scripts/download-signed-mac-OS-binaries.sh b/build/apple_release/scripts/download-signed-mac-OS-binaries.sh index c6780cb25..029cd2861 100755 --- a/build/apple_release/scripts/download-signed-mac-OS-binaries.sh +++ b/build/apple_release/scripts/download-signed-mac-OS-binaries.sh @@ -10,8 +10,7 @@ releaseVersion=$2 # The architecture of the macOS binary to be downloaded - amd64 or arm64 goarch=$3 -# GitHub Access Token for authentication -GITHUB_ACCESS_TOKEN=$3 +# GitHub Access Token for authentication from ENV # Function to retrieve the specific artifact URL with retries get_specific_artifact_url_with_retries() { diff --git a/build/apple_release/scripts/trigger-sign-mac-OS-workflow.sh b/build/apple_release/scripts/trigger-sign-mac-OS-workflow.sh index 4ffbc4030..4e621399e 100644 --- a/build/apple_release/scripts/trigger-sign-mac-OS-workflow.sh +++ b/build/apple_release/scripts/trigger-sign-mac-OS-workflow.sh @@ -9,8 +9,8 @@ cliExecutableName=$1 # The version of the release being processed releaseVersion=$2 -# GitHub Access Token for authentication -GITHUB_ACCESS_TOKEN=$3 +# GitHub Access Token for authentication from ENV + # Trigger From e968e623ccacfc11b9e1d22161f91684d4960138 Mon Sep 17 00:00:00 2001 From: delarea Date: Thu, 9 Jan 2025 11:49:59 +0200 Subject: [PATCH 205/222] Fix script to choose only one artifact --- build/apple_release/scripts/download-signed-mac-OS-binaries.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/build/apple_release/scripts/download-signed-mac-OS-binaries.sh b/build/apple_release/scripts/download-signed-mac-OS-binaries.sh index 029cd2861..077f4603e 100755 --- a/build/apple_release/scripts/download-signed-mac-OS-binaries.sh +++ b/build/apple_release/scripts/download-signed-mac-OS-binaries.sh @@ -28,7 +28,7 @@ get_specific_artifact_url_with_retries() { -s https://api.github.com/repos/eyaldelarea/jfrog-cli/actions/artifacts) # Parse the response to find the URL of the desired artifact - if ! artifactUrl=$(echo "$response" | jq -r ".artifacts[] | select(.name | contains(\"$cliExecutableName-darwin-v$releaseVersion-$goarch\")) | .archive_download_url"); then + if ! artifactUrl=$(echo "$response" | jq -r "first(.artifacts[] | select(.name | contains(\"$cliExecutableName-darwin-v$releaseVersion-$goarch\")) | .archive_download_url)"); then artifactUrl="" fi From 5a2c6973d27ec33070bacf3be3a18d6c3fd8010a Mon Sep 17 00:00:00 2001 From: delarea Date: Thu, 9 Jan 2025 12:01:31 +0200 Subject: [PATCH 206/222] Handle interpolation --- Jenkinsfile | 20 ++++++++------------ 1 file changed, 8 insertions(+), 12 deletions(-) diff --git a/Jenkinsfile b/Jenkinsfile index 2ac5dd801..eb4aaac7b 100644 --- a/Jenkinsfile +++ b/Jenkinsfile @@ -326,7 +326,7 @@ def uploadCli(architectures) { stage("Build and upload ${currentBuild.pkg}") { // MacOS binaries should be downloaded from GitHub packages, as they are signed there. if (currentBuild.goos == 'darwin') { - downloadDarwinSignedBinaries(currentBuild.goarch,currentBuild.fileExtension)() + buildDarwinSignedBinaries(currentBuild.goarch,currentBuild.fileExtension)() uploadBinaryToJfrogRepo21(currentBuild.pkg, $cliExecutableName) } else { buildAndUpload(currentBuild.goos, currentBuild.goarch, currentBuild.pkg, currentBuild.fileExtension) @@ -536,11 +536,9 @@ def dockerLogin(){ def triggerDarwinBinariesSigningWorkflow() { withCredentials([string(credentialsId: 'eyalde-github-access-token', variable: "GITHUB_ACCESS_TOKEN")]) { stage("Sign MacOS binaries") { - sh 'chmod +x $repo/build/apple_release/scripts/trigger-sign-mac-OS-workflow.sh' - sh """ - export GITHUB_ACCESS_TOKEN=${GITHUB_ACCESS_TOKEN} - $repo/build/apple_release/scripts/trigger-sign-mac-OS-workflow.sh $cliExecutableName $releaseVersion $goarch - """ + sh """chmod +x $repo/build/apple_release/scripts/trigger-sign-mac-OS-workflow.sh""" + sh ('export GITHUB_ACCESS_TOKEN=$GITHUB_ACCESS_TOKEN') + sh ("""bash ${repo}/build/apple_release/scripts/trigger-sign-mac-OS-workflow.sh ${cliExecutableName} ${releaseVersion}""") } } } @@ -551,12 +549,10 @@ def triggerDarwinBinariesSigningWorkflow() { * executable name and release version. * As the GitHub action may take some time, we will retry to download the artifact with timeout. */ -def downloadDarwinSignedBinaries(goarch) { +def buildDarwinSignedBinaries(goarch) { withCredentials([string(credentialsId: 'eyalde-github-access-token', variable: "GITHUB_ACCESS_TOKEN")]) { - sh 'chmod +x $repo/build/apple_release/scripts/download-signed-mac-OS-binaries.sh' - sh """ - export GITHUB_ACCESS_TOKEN=${GITHUB_ACCESS_TOKEN} - $repo/build/apple_release/scripts/download-signed-mac-OS-binaries.sh $cliExecutableName $releaseVersion $goarch - """ + sh("""chmod +x $repo/build/apple_release/scripts/download-signed-mac-OS-binaries.sh""") + sh('export GITHUB_ACCESS_TOKEN=$GITHUB_ACCESS_TOKEN') + sh("""bash ${repo}/build/apple_release/scripts/download-signed-mac-OS-binaries.sh ${cliExecutableName} ${releaseVersion} ${goarch}""") } } \ No newline at end of file From 0f76cc5984b8bcf225659bdf9fca9329c77cbc21 Mon Sep 17 00:00:00 2001 From: delarea Date: Thu, 9 Jan 2025 12:38:19 +0200 Subject: [PATCH 207/222] Update paths --- .github/workflows/prepareDarwinBinariesForRelease.yml | 2 +- .../apple_release/scripts/download-signed-mac-OS-binaries.sh | 2 +- build/apple_release/scripts/trigger-sign-mac-OS-workflow.sh | 4 ++-- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/prepareDarwinBinariesForRelease.yml b/.github/workflows/prepareDarwinBinariesForRelease.yml index 71d02be5d..7a977bdbc 100644 --- a/.github/workflows/prepareDarwinBinariesForRelease.yml +++ b/.github/workflows/prepareDarwinBinariesForRelease.yml @@ -30,7 +30,7 @@ jobs: - name: Checkout Source uses: actions/checkout@v4 with: - ref: sign_apple_binary + ref: v2 # Builds the executable and moves it inside the app template - name: Build and Move Executable diff --git a/build/apple_release/scripts/download-signed-mac-OS-binaries.sh b/build/apple_release/scripts/download-signed-mac-OS-binaries.sh index 077f4603e..1c1d22f38 100755 --- a/build/apple_release/scripts/download-signed-mac-OS-binaries.sh +++ b/build/apple_release/scripts/download-signed-mac-OS-binaries.sh @@ -25,7 +25,7 @@ get_specific_artifact_url_with_retries() { -H "Accept: application/vnd.github+json" \ -H "Authorization: Bearer $GITHUB_ACCESS_TOKEN" \ -H "X-GitHub-Api-Version: 2022-11-28" \ - -s https://api.github.com/repos/eyaldelarea/jfrog-cli/actions/artifacts) + -s https://api.github.com/repos/jfrog/jfrog-cli/actions/artifacts) # Parse the response to find the URL of the desired artifact if ! artifactUrl=$(echo "$response" | jq -r "first(.artifacts[] | select(.name | contains(\"$cliExecutableName-darwin-v$releaseVersion-$goarch\")) | .archive_download_url)"); then diff --git a/build/apple_release/scripts/trigger-sign-mac-OS-workflow.sh b/build/apple_release/scripts/trigger-sign-mac-OS-workflow.sh index 4e621399e..40d5e14c3 100644 --- a/build/apple_release/scripts/trigger-sign-mac-OS-workflow.sh +++ b/build/apple_release/scripts/trigger-sign-mac-OS-workflow.sh @@ -20,5 +20,5 @@ curl -L \ -H "Accept: application/vnd.github+json" \ -H "Authorization: Bearer $GITHUB_ACCESS_TOKEN" \ -H "X-GitHub-Api-Version: 2022-11-28" \ - https://api.github.com/repos/eyalDelarea/jfrog-cli/actions/workflows/prepareDarwinBinariesForRelease.yml/dispatches \ - -d "{\"ref\":\"sign_apple_binary\",\"inputs\":{\"releaseVersion\":\"$releaseVersion\",\"binaryFileName\":\"$cliExecutableName\"}}" \ No newline at end of file + https://api.github.com/repos/jfrog/jfrog-cli/actions/workflows/prepareDarwinBinariesForRelease.yml/dispatches \ + -d "{\"ref\":\"v2\",\"inputs\":{\"releaseVersion\":\"$releaseVersion\",\"binaryFileName\":\"$cliExecutableName\"}}" \ No newline at end of file From 39ae31f4c05fd3f563e1277c5b937569ad33bf41 Mon Sep 17 00:00:00 2001 From: delarea Date: Thu, 16 Jan 2025 10:11:35 +0200 Subject: [PATCH 208/222] Update credentialsId --- Jenkinsfile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Jenkinsfile b/Jenkinsfile index eb4aaac7b..d33cb7c82 100644 --- a/Jenkinsfile +++ b/Jenkinsfile @@ -534,7 +534,7 @@ def dockerLogin(){ * The artifacts will be uploaded to Github artifacts */ def triggerDarwinBinariesSigningWorkflow() { - withCredentials([string(credentialsId: 'eyalde-github-access-token', variable: "GITHUB_ACCESS_TOKEN")]) { + withCredentials([string(credentialsId: 'jfrog-cli-packages-github-token', variable: "GITHUB_ACCESS_TOKEN")]) { stage("Sign MacOS binaries") { sh """chmod +x $repo/build/apple_release/scripts/trigger-sign-mac-OS-workflow.sh""" sh ('export GITHUB_ACCESS_TOKEN=$GITHUB_ACCESS_TOKEN') @@ -550,7 +550,7 @@ def triggerDarwinBinariesSigningWorkflow() { * As the GitHub action may take some time, we will retry to download the artifact with timeout. */ def buildDarwinSignedBinaries(goarch) { - withCredentials([string(credentialsId: 'eyalde-github-access-token', variable: "GITHUB_ACCESS_TOKEN")]) { + withCredentials([string(credentialsId: 'jfrog-cli-packages-github-token', variable: "GITHUB_ACCESS_TOKEN")]) { sh("""chmod +x $repo/build/apple_release/scripts/download-signed-mac-OS-binaries.sh""") sh('export GITHUB_ACCESS_TOKEN=$GITHUB_ACCESS_TOKEN') sh("""bash ${repo}/build/apple_release/scripts/download-signed-mac-OS-binaries.sh ${cliExecutableName} ${releaseVersion} ${goarch}""") From e991b584f094607eea02d9a73b351435befdb7b2 Mon Sep 17 00:00:00 2001 From: delarea Date: Sun, 19 Jan 2025 14:26:12 +0200 Subject: [PATCH 209/222] Change comments on functions --- Jenkinsfile | 26 ++++++++++---------------- 1 file changed, 10 insertions(+), 16 deletions(-) diff --git a/Jenkinsfile b/Jenkinsfile index d33cb7c82..84d6ac147 100644 --- a/Jenkinsfile +++ b/Jenkinsfile @@ -106,15 +106,6 @@ def runRelease(architectures) { print "CLI version: $version" } - /* - * Prepare Signed MacOS binaries - * This happens at the start of the release process, so the binaries will be ready - * for the release process later on. - */ - stage('Sign MacOS binaries') { - triggerDarwinBinariesSigningWorkflow() - } - configRepo21() try { @@ -128,6 +119,12 @@ def runRelease(architectures) { } } + // We sign darwin binaries throughout GitHub actions to use MacOS machine, + // the binaries will be uploaded to GitHub packages + stage('Prepare Signed MacOS binaries') { + triggerDarwinBinariesSigningWorkflow() + } + // We sign the binary also for the standalone Windows executable, and not just for Windows executable packaged inside Chocolaty. downloadToolsCert() print "Uploading version $version to Repo21" @@ -326,7 +323,7 @@ def uploadCli(architectures) { stage("Build and upload ${currentBuild.pkg}") { // MacOS binaries should be downloaded from GitHub packages, as they are signed there. if (currentBuild.goos == 'darwin') { - buildDarwinSignedBinaries(currentBuild.goarch,currentBuild.fileExtension)() + downloadSignedDarwinBinaries(currentBuild.goarch,currentBuild.fileExtension)() uploadBinaryToJfrogRepo21(currentBuild.pkg, $cliExecutableName) } else { buildAndUpload(currentBuild.goos, currentBuild.goarch, currentBuild.pkg, currentBuild.fileExtension) @@ -530,7 +527,7 @@ def dockerLogin(){ /** - * This will trigger the Github action that will sign and notarize the MacOS binaries. + * Triggers Github action that signs and notarize the MacOS binaries. * The artifacts will be uploaded to Github artifacts */ def triggerDarwinBinariesSigningWorkflow() { @@ -544,12 +541,9 @@ def triggerDarwinBinariesSigningWorkflow() { } /** - * The Darwin binaries are signed in GitHub actions. - * This function will make sure to download the specific artifact according to - * executable name and release version. - * As the GitHub action may take some time, we will retry to download the artifact with timeout. + * Downloads binaries signed darwin binaries from Github artifacts */ -def buildDarwinSignedBinaries(goarch) { +def downloadSignedDarwinBinaries(goarch) { withCredentials([string(credentialsId: 'jfrog-cli-packages-github-token', variable: "GITHUB_ACCESS_TOKEN")]) { sh("""chmod +x $repo/build/apple_release/scripts/download-signed-mac-OS-binaries.sh""") sh('export GITHUB_ACCESS_TOKEN=$GITHUB_ACCESS_TOKEN') From aa655b7000612e8dc1987751e9651ed4e94165c0 Mon Sep 17 00:00:00 2001 From: delarea Date: Sun, 19 Jan 2025 14:27:53 +0200 Subject: [PATCH 210/222] fix comment --- Jenkinsfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Jenkinsfile b/Jenkinsfile index 84d6ac147..b4df484f8 100644 --- a/Jenkinsfile +++ b/Jenkinsfile @@ -541,7 +541,7 @@ def triggerDarwinBinariesSigningWorkflow() { } /** - * Downloads binaries signed darwin binaries from Github artifacts + * Downloads signed darwin binaries from Github artifacts */ def downloadSignedDarwinBinaries(goarch) { withCredentials([string(credentialsId: 'jfrog-cli-packages-github-token', variable: "GITHUB_ACCESS_TOKEN")]) { From 9e3fa5a4da5a8f5874575e28e1b208aee45e8048 Mon Sep 17 00:00:00 2001 From: delarea Date: Mon, 20 Jan 2025 15:59:46 +0200 Subject: [PATCH 211/222] move to forked repo for testings --- .../apple_release/scripts/download-signed-mac-OS-binaries.sh | 2 +- build/apple_release/scripts/trigger-sign-mac-OS-workflow.sh | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/build/apple_release/scripts/download-signed-mac-OS-binaries.sh b/build/apple_release/scripts/download-signed-mac-OS-binaries.sh index 1c1d22f38..043df749b 100755 --- a/build/apple_release/scripts/download-signed-mac-OS-binaries.sh +++ b/build/apple_release/scripts/download-signed-mac-OS-binaries.sh @@ -25,7 +25,7 @@ get_specific_artifact_url_with_retries() { -H "Accept: application/vnd.github+json" \ -H "Authorization: Bearer $GITHUB_ACCESS_TOKEN" \ -H "X-GitHub-Api-Version: 2022-11-28" \ - -s https://api.github.com/repos/jfrog/jfrog-cli/actions/artifacts) + -s https://api.github.com/repos/eyalDelarea/jfrog-cli/actions/artifacts) # Parse the response to find the URL of the desired artifact if ! artifactUrl=$(echo "$response" | jq -r "first(.artifacts[] | select(.name | contains(\"$cliExecutableName-darwin-v$releaseVersion-$goarch\")) | .archive_download_url)"); then diff --git a/build/apple_release/scripts/trigger-sign-mac-OS-workflow.sh b/build/apple_release/scripts/trigger-sign-mac-OS-workflow.sh index 40d5e14c3..a835bf183 100644 --- a/build/apple_release/scripts/trigger-sign-mac-OS-workflow.sh +++ b/build/apple_release/scripts/trigger-sign-mac-OS-workflow.sh @@ -20,5 +20,5 @@ curl -L \ -H "Accept: application/vnd.github+json" \ -H "Authorization: Bearer $GITHUB_ACCESS_TOKEN" \ -H "X-GitHub-Api-Version: 2022-11-28" \ - https://api.github.com/repos/jfrog/jfrog-cli/actions/workflows/prepareDarwinBinariesForRelease.yml/dispatches \ - -d "{\"ref\":\"v2\",\"inputs\":{\"releaseVersion\":\"$releaseVersion\",\"binaryFileName\":\"$cliExecutableName\"}}" \ No newline at end of file + https://api.github.com/repos/eyalDelarea/jfrog-cli/actions/workflows/prepareDarwinBinariesForRelease.yml/dispatches \ + -d "{\"ref\":\"apple_sign_binary\",\"inputs\":{\"releaseVersion\":\"$releaseVersion\",\"binaryFileName\":\"$cliExecutableName\"}}" \ No newline at end of file From 60132eecee31bf3e11a2ded7ea4788c7abf6cd5b Mon Sep 17 00:00:00 2001 From: delarea Date: Mon, 20 Jan 2025 16:12:06 +0200 Subject: [PATCH 212/222] test --- Jenkinsfile | 2 +- build/apple_release/scripts/download-signed-mac-OS-binaries.sh | 2 +- build/apple_release/scripts/trigger-sign-mac-OS-workflow.sh | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/Jenkinsfile b/Jenkinsfile index 9f45891e0..b90c1f648 100644 --- a/Jenkinsfile +++ b/Jenkinsfile @@ -323,7 +323,7 @@ def uploadCli(architectures) { stage("Build and upload ${currentBuild.pkg}") { // MacOS binaries should be downloaded from GitHub packages, as they are signed there. if (currentBuild.goos == 'darwin') { - downloadSignedDarwinBinaries(currentBuild.goarch,currentBuild.fileExtension)() + downloadSignedDarwinBinaries(currentBuild.goarch)() uploadBinaryToJfrogRepo21(currentBuild.pkg, $cliExecutableName) } else { buildAndUpload(currentBuild.goos, currentBuild.goarch, currentBuild.pkg, currentBuild.fileExtension) diff --git a/build/apple_release/scripts/download-signed-mac-OS-binaries.sh b/build/apple_release/scripts/download-signed-mac-OS-binaries.sh index 043df749b..46e84b0a6 100755 --- a/build/apple_release/scripts/download-signed-mac-OS-binaries.sh +++ b/build/apple_release/scripts/download-signed-mac-OS-binaries.sh @@ -25,7 +25,7 @@ get_specific_artifact_url_with_retries() { -H "Accept: application/vnd.github+json" \ -H "Authorization: Bearer $GITHUB_ACCESS_TOKEN" \ -H "X-GitHub-Api-Version: 2022-11-28" \ - -s https://api.github.com/repos/eyalDelarea/jfrog-cli/actions/artifacts) + -s https://api.github.com/repos/EyalDelarea/jfrog-cli/actions/artifacts) # Parse the response to find the URL of the desired artifact if ! artifactUrl=$(echo "$response" | jq -r "first(.artifacts[] | select(.name | contains(\"$cliExecutableName-darwin-v$releaseVersion-$goarch\")) | .archive_download_url)"); then diff --git a/build/apple_release/scripts/trigger-sign-mac-OS-workflow.sh b/build/apple_release/scripts/trigger-sign-mac-OS-workflow.sh index a835bf183..f0a0f3e5e 100644 --- a/build/apple_release/scripts/trigger-sign-mac-OS-workflow.sh +++ b/build/apple_release/scripts/trigger-sign-mac-OS-workflow.sh @@ -20,5 +20,5 @@ curl -L \ -H "Accept: application/vnd.github+json" \ -H "Authorization: Bearer $GITHUB_ACCESS_TOKEN" \ -H "X-GitHub-Api-Version: 2022-11-28" \ - https://api.github.com/repos/eyalDelarea/jfrog-cli/actions/workflows/prepareDarwinBinariesForRelease.yml/dispatches \ + https://api.github.com/repos/EyalDelarea/jfrog-cli/actions/workflows/prepareDarwinBinariesForRelease.yml/dispatches \ -d "{\"ref\":\"apple_sign_binary\",\"inputs\":{\"releaseVersion\":\"$releaseVersion\",\"binaryFileName\":\"$cliExecutableName\"}}" \ No newline at end of file From 751c1a9769e3ab885a68ae21bbb1254faa6d3d27 Mon Sep 17 00:00:00 2001 From: delarea Date: Mon, 20 Jan 2025 16:23:27 +0200 Subject: [PATCH 213/222] test --- build/apple_release/scripts/trigger-sign-mac-OS-workflow.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/build/apple_release/scripts/trigger-sign-mac-OS-workflow.sh b/build/apple_release/scripts/trigger-sign-mac-OS-workflow.sh index f0a0f3e5e..560f77626 100644 --- a/build/apple_release/scripts/trigger-sign-mac-OS-workflow.sh +++ b/build/apple_release/scripts/trigger-sign-mac-OS-workflow.sh @@ -21,4 +21,4 @@ curl -L \ -H "Authorization: Bearer $GITHUB_ACCESS_TOKEN" \ -H "X-GitHub-Api-Version: 2022-11-28" \ https://api.github.com/repos/EyalDelarea/jfrog-cli/actions/workflows/prepareDarwinBinariesForRelease.yml/dispatches \ - -d "{\"ref\":\"apple_sign_binary\",\"inputs\":{\"releaseVersion\":\"$releaseVersion\",\"binaryFileName\":\"$cliExecutableName\"}}" \ No newline at end of file + -d "{\"ref\":\"sign_apple_binary\",\"inputs\":{\"releaseVersion\":\"$releaseVersion\",\"binaryFileName\":\"$cliExecutableName\"}}" \ No newline at end of file From 16f5e20df342526ba8afd285f0b7c3be5027eef3 Mon Sep 17 00:00:00 2001 From: delarea Date: Mon, 20 Jan 2025 16:31:02 +0200 Subject: [PATCH 214/222] test --- .github/workflows/prepareDarwinBinariesForRelease.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/.github/workflows/prepareDarwinBinariesForRelease.yml b/.github/workflows/prepareDarwinBinariesForRelease.yml index 7a977bdbc..98cadc017 100644 --- a/.github/workflows/prepareDarwinBinariesForRelease.yml +++ b/.github/workflows/prepareDarwinBinariesForRelease.yml @@ -30,7 +30,8 @@ jobs: - name: Checkout Source uses: actions/checkout@v4 with: - ref: v2 + # TODO move to v2 + ref: sign_apple_binary # Builds the executable and moves it inside the app template - name: Build and Move Executable From db5938dae750db033e767614ee013967b66e0687 Mon Sep 17 00:00:00 2001 From: delarea Date: Mon, 20 Jan 2025 17:41:16 +0200 Subject: [PATCH 215/222] Update jenkins file --- Jenkinsfile | 16 ++++++++++------ 1 file changed, 10 insertions(+), 6 deletions(-) diff --git a/Jenkinsfile b/Jenkinsfile index b90c1f648..38d187305 100644 --- a/Jenkinsfile +++ b/Jenkinsfile @@ -323,8 +323,7 @@ def uploadCli(architectures) { stage("Build and upload ${currentBuild.pkg}") { // MacOS binaries should be downloaded from GitHub packages, as they are signed there. if (currentBuild.goos == 'darwin') { - downloadSignedDarwinBinaries(currentBuild.goarch)() - uploadBinaryToJfrogRepo21(currentBuild.pkg, $cliExecutableName) + uploadSignedDarwinBinaries(currentBuild.goarch) } else { buildAndUpload(currentBuild.goos, currentBuild.goarch, currentBuild.pkg, currentBuild.fileExtension) } @@ -531,7 +530,7 @@ def dockerLogin(){ * The artifacts will be uploaded to Github artifacts */ def triggerDarwinBinariesSigningWorkflow() { - withCredentials([string(credentialsId: 'jfrog-cli-packages-github-token', variable: "GITHUB_ACCESS_TOKEN")]) { + withCredentials([string(credentialsId: 'eyalde-github-access-token', variable: "GITHUB_ACCESS_TOKEN")]) { stage("Sign MacOS binaries") { sh """chmod +x $repo/build/apple_release/scripts/trigger-sign-mac-OS-workflow.sh""" sh ('export GITHUB_ACCESS_TOKEN=$GITHUB_ACCESS_TOKEN') @@ -541,12 +540,17 @@ def triggerDarwinBinariesSigningWorkflow() { } /** - * Downloads signed darwin binaries from Github artifacts + * Uploads signed darwin binaries from Github artifacts and uploads to releases */ -def downloadSignedDarwinBinaries(goarch) { - withCredentials([string(credentialsId: 'jfrog-cli-packages-github-token', variable: "GITHUB_ACCESS_TOKEN")]) { +def uploadSignedDarwinBinaries(goarch) { + withCredentials([string(credentialsId: 'eyalde-github-access-token', variable: "GITHUB_ACCESS_TOKEN")]) { + // Download from GitHub sh("""chmod +x $repo/build/apple_release/scripts/download-signed-mac-OS-binaries.sh""") sh('export GITHUB_ACCESS_TOKEN=$GITHUB_ACCESS_TOKEN') sh("""bash ${repo}/build/apple_release/scripts/download-signed-mac-OS-binaries.sh ${cliExecutableName} ${releaseVersion} ${goarch}""") + // Upload to releases + sh """#!/bin/bash + $builderPath rt u ./${cliExecutableName} ecosys-jfrog-cli/$identifier/$version/$currentBuild.pkg/ --flat + """ } } \ No newline at end of file From 9c403701c6aaf79711781bf0f6e2e00b0b861810 Mon Sep 17 00:00:00 2001 From: delarea Date: Mon, 20 Jan 2025 17:42:28 +0200 Subject: [PATCH 216/222] Update credential id --- Jenkinsfile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Jenkinsfile b/Jenkinsfile index 38d187305..dcc1f47d2 100644 --- a/Jenkinsfile +++ b/Jenkinsfile @@ -530,7 +530,7 @@ def dockerLogin(){ * The artifacts will be uploaded to Github artifacts */ def triggerDarwinBinariesSigningWorkflow() { - withCredentials([string(credentialsId: 'eyalde-github-access-token', variable: "GITHUB_ACCESS_TOKEN")]) { + withCredentials([string(credentialsId: 'jfrog-cli-packages-github-token', variable: "GITHUB_ACCESS_TOKEN")]) { stage("Sign MacOS binaries") { sh """chmod +x $repo/build/apple_release/scripts/trigger-sign-mac-OS-workflow.sh""" sh ('export GITHUB_ACCESS_TOKEN=$GITHUB_ACCESS_TOKEN') @@ -543,7 +543,7 @@ def triggerDarwinBinariesSigningWorkflow() { * Uploads signed darwin binaries from Github artifacts and uploads to releases */ def uploadSignedDarwinBinaries(goarch) { - withCredentials([string(credentialsId: 'eyalde-github-access-token', variable: "GITHUB_ACCESS_TOKEN")]) { + withCredentials([string(credentialsId: 'jfrog-cli-packages-github-token', variable: "GITHUB_ACCESS_TOKEN")]) { // Download from GitHub sh("""chmod +x $repo/build/apple_release/scripts/download-signed-mac-OS-binaries.sh""") sh('export GITHUB_ACCESS_TOKEN=$GITHUB_ACCESS_TOKEN') From 8c1953f3b462732ccd9f71396f0e5e32b765e557 Mon Sep 17 00:00:00 2001 From: delarea Date: Tue, 21 Jan 2025 11:50:49 +0200 Subject: [PATCH 217/222] Update script --- Jenkinsfile | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/Jenkinsfile b/Jenkinsfile index dcc1f47d2..afb4bcc02 100644 --- a/Jenkinsfile +++ b/Jenkinsfile @@ -65,6 +65,12 @@ node("docker-ubuntu20-xlarge") { synchronizeBranches() } + // We sign darwin binaries throughout GitHub actions to use MacOS machine, + // the binaries will be uploaded to GitHub packages + stage('Prepare Signed MacOS binaries') { + triggerDarwinBinariesSigningWorkflow() + } + stage('Install npm') { installNpm(nodeVersion) } @@ -119,12 +125,6 @@ def runRelease(architectures) { } } - // We sign darwin binaries throughout GitHub actions to use MacOS machine, - // the binaries will be uploaded to GitHub packages - stage('Prepare Signed MacOS binaries') { - triggerDarwinBinariesSigningWorkflow() - } - // We sign the binary also for the standalone Windows executable, and not just for Windows executable packaged inside Chocolaty. downloadToolsCert() print "Uploading version $version to Repo21" @@ -323,7 +323,7 @@ def uploadCli(architectures) { stage("Build and upload ${currentBuild.pkg}") { // MacOS binaries should be downloaded from GitHub packages, as they are signed there. if (currentBuild.goos == 'darwin') { - uploadSignedDarwinBinaries(currentBuild.goarch) + uploadSignedDarwinBinaries(currentBuild.goarch,currentBuild.pkg) } else { buildAndUpload(currentBuild.goos, currentBuild.goarch, currentBuild.pkg, currentBuild.fileExtension) } @@ -542,7 +542,7 @@ def triggerDarwinBinariesSigningWorkflow() { /** * Uploads signed darwin binaries from Github artifacts and uploads to releases */ -def uploadSignedDarwinBinaries(goarch) { +def uploadSignedDarwinBinaries(goarch,pkg) { withCredentials([string(credentialsId: 'jfrog-cli-packages-github-token', variable: "GITHUB_ACCESS_TOKEN")]) { // Download from GitHub sh("""chmod +x $repo/build/apple_release/scripts/download-signed-mac-OS-binaries.sh""") @@ -550,7 +550,7 @@ def uploadSignedDarwinBinaries(goarch) { sh("""bash ${repo}/build/apple_release/scripts/download-signed-mac-OS-binaries.sh ${cliExecutableName} ${releaseVersion} ${goarch}""") // Upload to releases sh """#!/bin/bash - $builderPath rt u ./${cliExecutableName} ecosys-jfrog-cli/$identifier/$version/$currentBuild.pkg/ --flat + $builderPath rt u ./${cliExecutableName} ecosys-jfrog-cli/$identifier/$version/${pkg}/ --flat """ - } + } } \ No newline at end of file From fac812151e237a0d2a3d319b2755c86680599233 Mon Sep 17 00:00:00 2001 From: delarea Date: Tue, 21 Jan 2025 12:00:33 +0200 Subject: [PATCH 218/222] Update script --- Jenkinsfile | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/Jenkinsfile b/Jenkinsfile index afb4bcc02..af1a7e6af 100644 --- a/Jenkinsfile +++ b/Jenkinsfile @@ -65,12 +65,6 @@ node("docker-ubuntu20-xlarge") { synchronizeBranches() } - // We sign darwin binaries throughout GitHub actions to use MacOS machine, - // the binaries will be uploaded to GitHub packages - stage('Prepare Signed MacOS binaries') { - triggerDarwinBinariesSigningWorkflow() - } - stage('Install npm') { installNpm(nodeVersion) } @@ -125,6 +119,12 @@ def runRelease(architectures) { } } + // We sign darwin binaries throughout GitHub actions to use MacOS machine, + // the binaries will be uploaded to GitHub packages + stage('Prepare Signed MacOS binaries') { + triggerDarwinBinariesSigningWorkflow() + } + // We sign the binary also for the standalone Windows executable, and not just for Windows executable packaged inside Chocolaty. downloadToolsCert() print "Uploading version $version to Repo21" From 5e1c541ea8ddc2dc03155f6c2c48944d83a573b1 Mon Sep 17 00:00:00 2001 From: delarea Date: Tue, 21 Jan 2025 12:13:33 +0200 Subject: [PATCH 219/222] Update script --- Jenkinsfile | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/Jenkinsfile b/Jenkinsfile index af1a7e6af..b82092ab0 100644 --- a/Jenkinsfile +++ b/Jenkinsfile @@ -532,9 +532,11 @@ def dockerLogin(){ def triggerDarwinBinariesSigningWorkflow() { withCredentials([string(credentialsId: 'jfrog-cli-packages-github-token', variable: "GITHUB_ACCESS_TOKEN")]) { stage("Sign MacOS binaries") { - sh """chmod +x $repo/build/apple_release/scripts/trigger-sign-mac-OS-workflow.sh""" sh ('export GITHUB_ACCESS_TOKEN=$GITHUB_ACCESS_TOKEN') - sh ("""bash ${repo}/build/apple_release/scripts/trigger-sign-mac-OS-workflow.sh ${cliExecutableName} ${releaseVersion}""") + sh """#!/bin/bash + chmod +x ${repo}/build/apple_release/scripts/trigger-sign-mac-OS-workflow.sh + bash ${repo}/build/apple_release/scripts/trigger-sign-mac-OS-workflow.sh ${cliExecutableName} ${releaseVersion} + """ } } } @@ -544,13 +546,11 @@ def triggerDarwinBinariesSigningWorkflow() { */ def uploadSignedDarwinBinaries(goarch,pkg) { withCredentials([string(credentialsId: 'jfrog-cli-packages-github-token', variable: "GITHUB_ACCESS_TOKEN")]) { - // Download from GitHub - sh("""chmod +x $repo/build/apple_release/scripts/download-signed-mac-OS-binaries.sh""") sh('export GITHUB_ACCESS_TOKEN=$GITHUB_ACCESS_TOKEN') - sh("""bash ${repo}/build/apple_release/scripts/download-signed-mac-OS-binaries.sh ${cliExecutableName} ${releaseVersion} ${goarch}""") - // Upload to releases sh """#!/bin/bash - $builderPath rt u ./${cliExecutableName} ecosys-jfrog-cli/$identifier/$version/${pkg}/ --flat + chmod +x ${repo}/build/apple_release/scripts/download-signed-mac-OS-binaries.sh + ${repo}/build/apple_release/scripts/download-signed-mac-OS-binaries.sh ${cliExecutableName} ${releaseVersion} ${goarch} + $builderPath rt u ./${cliExecutableName} ecosys-jfrog-cli/$identifier/$version/${pkg}/ --flat """ - } + } } \ No newline at end of file From 8cbae134d63c714a5a9c74c0fe41d5c33f1e9532 Mon Sep 17 00:00:00 2001 From: delarea Date: Tue, 21 Jan 2025 12:23:56 +0200 Subject: [PATCH 220/222] update branch --- .github/workflows/prepareDarwinBinariesForRelease.yml | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/.github/workflows/prepareDarwinBinariesForRelease.yml b/.github/workflows/prepareDarwinBinariesForRelease.yml index 98cadc017..7a977bdbc 100644 --- a/.github/workflows/prepareDarwinBinariesForRelease.yml +++ b/.github/workflows/prepareDarwinBinariesForRelease.yml @@ -30,8 +30,7 @@ jobs: - name: Checkout Source uses: actions/checkout@v4 with: - # TODO move to v2 - ref: sign_apple_binary + ref: v2 # Builds the executable and moves it inside the app template - name: Build and Move Executable From 7ceba04f885e5f3d5f4ca6df19a3ab35f4a4606a Mon Sep 17 00:00:00 2001 From: delarea Date: Tue, 21 Jan 2025 12:41:19 +0200 Subject: [PATCH 221/222] replace own repo --- build/apple_release/scripts/trigger-sign-mac-OS-workflow.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/build/apple_release/scripts/trigger-sign-mac-OS-workflow.sh b/build/apple_release/scripts/trigger-sign-mac-OS-workflow.sh index 560f77626..40d5e14c3 100644 --- a/build/apple_release/scripts/trigger-sign-mac-OS-workflow.sh +++ b/build/apple_release/scripts/trigger-sign-mac-OS-workflow.sh @@ -20,5 +20,5 @@ curl -L \ -H "Accept: application/vnd.github+json" \ -H "Authorization: Bearer $GITHUB_ACCESS_TOKEN" \ -H "X-GitHub-Api-Version: 2022-11-28" \ - https://api.github.com/repos/EyalDelarea/jfrog-cli/actions/workflows/prepareDarwinBinariesForRelease.yml/dispatches \ - -d "{\"ref\":\"sign_apple_binary\",\"inputs\":{\"releaseVersion\":\"$releaseVersion\",\"binaryFileName\":\"$cliExecutableName\"}}" \ No newline at end of file + https://api.github.com/repos/jfrog/jfrog-cli/actions/workflows/prepareDarwinBinariesForRelease.yml/dispatches \ + -d "{\"ref\":\"v2\",\"inputs\":{\"releaseVersion\":\"$releaseVersion\",\"binaryFileName\":\"$cliExecutableName\"}}" \ No newline at end of file From fa223005bedbbe597532ebb0d97b03da88e20d9f Mon Sep 17 00:00:00 2001 From: delarea Date: Tue, 21 Jan 2025 12:42:01 +0200 Subject: [PATCH 222/222] replace own repo --- build/apple_release/scripts/download-signed-mac-OS-binaries.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/build/apple_release/scripts/download-signed-mac-OS-binaries.sh b/build/apple_release/scripts/download-signed-mac-OS-binaries.sh index 46e84b0a6..1c1d22f38 100755 --- a/build/apple_release/scripts/download-signed-mac-OS-binaries.sh +++ b/build/apple_release/scripts/download-signed-mac-OS-binaries.sh @@ -25,7 +25,7 @@ get_specific_artifact_url_with_retries() { -H "Accept: application/vnd.github+json" \ -H "Authorization: Bearer $GITHUB_ACCESS_TOKEN" \ -H "X-GitHub-Api-Version: 2022-11-28" \ - -s https://api.github.com/repos/EyalDelarea/jfrog-cli/actions/artifacts) + -s https://api.github.com/repos/jfrog/jfrog-cli/actions/artifacts) # Parse the response to find the URL of the desired artifact if ! artifactUrl=$(echo "$response" | jq -r "first(.artifacts[] | select(.name | contains(\"$cliExecutableName-darwin-v$releaseVersion-$goarch\")) | .archive_download_url)"); then