Skip to content

Sign MacOS binaries #132

Sign MacOS binaries

Sign MacOS binaries #132

Workflow file for this run

name: Build
on:
push:
branches:
- main
pull_request:
branches:
- "*"
jobs:
build:
runs-on: ubuntu-latest
timeout-minutes: 10
steps:
- name: Checkout
uses: actions/checkout@v3
- name: Set up Go
uses: actions/setup-go@v4
with:
go-version: 1.20.2
- name: Unit tests
run: |
go test -v -race ./... -covermode=atomic # Run all the tests with the race detector enabled
- name: Static analysis
run: |
go vet ./... # go vet is the official Go static analyzer
- name: Cyclomatic complexity
run: |
go install github.com/fzipp/gocyclo/cmd/gocyclo@latest
/home/runner/go/bin/gocyclo -over 19 main.go pkg # forbid code with huge/complex functions
- name: Dry Run GoReleaser
uses: goreleaser/goreleaser-action@v2
with:
version: latest
args: release --parallelism 1 --snapshot --clean
- name: Test Binary is Runnable
run: "dist/build_win_and_linux_linux_amd64_v1/komocli --help"
- uses: actions/upload-artifact@v3
with:
name: binaries
path: dist/
retention-days: 1
- name: golangci-lint
uses: golangci/[email protected]
with:
# version: latest
# skip-go-installation: true
skip-pkg-cache: true
skip-build-cache: true
# args: --timeout=15m
build_with_signing:
runs-on: macos-latest
timeout-minutes: 10
steps:
- name: Checkout
uses: actions/checkout@v3
- name: Set up Go
uses: actions/setup-go@v4
with:
go-version: 1.20.2
- name: Install gon
run: brew install mitchellh/gon/gon
- name: Prepare keys
env:
CERT: certificate.p12
CERT_PASSWORD: ""
MY_KEYCHAIN: build.keychain
MY_KEYCHAIN_PASSWORD: ${{ secrets.CERTIFICATE_ID }}
IDENTITY_CERTIFICATE: "Developer ID Application: Komodor Automation LTD (F584U99DLC)"
run: |
echo Decode the certificate
echo ${{ secrets.CERTIFICATE_BASE64 }} | base64 --decode > $CERT
# default again user login keychain
security list-keychains -d user -s login.keychain
# Create temp keychain
security create-keychain -p "$MY_KEYCHAIN_PASSWORD" "$MY_KEYCHAIN"
# Append temp keychain to the user domain
security list-keychains -d user -s "$MY_KEYCHAIN" $(security list-keychains -d user | sed s/\"//g)
# Remove relock timeout
security set-keychain-settings "$MY_KEYCHAIN"
# Unlock keychain
security unlock-keychain -p "$MY_KEYCHAIN_PASSWORD" "$MY_KEYCHAIN"
# Add certificate to keychain
security import $CERT -k "$MY_KEYCHAIN" -P "$CERT_PASSWORD" -A -T "/usr/bin/codesign"
# Enable codesigning from a non user interactive shell
security set-key-partition-list -S apple-tool:,apple:, -t private -s -k "$MY_KEYCHAIN_PASSWORD" -D "${IDENTITY_CERTIFICATE}" "$MY_KEYCHAIN"
- name: Dry Run GoReleaser
uses: goreleaser/goreleaser-action@v2
with:
version: latest
args: release --config .goreleaser-mac.yml --parallelism 1 --snapshot --clean
env:
USERNAME: ${{ secrets.APPLE_ID_USERNAME }}
PASSWORD: ${{ secrets.APP_SPECIFIC_PASSWORD }}
- name: Test Binary is Signed
run: |
codesign -dv dist/build_macos_darwin_amd64_v1/komocli
- uses: actions/upload-artifact@v3
with:
name: binaries-mac
path: dist/
retention-days: 1