epic/OpenRA
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Update notarisation to XCode 13 tooling.

Browse Source
This commit is contained in:
Matthias Mailänder
2022-11-27 18:58:10 +01:00
committed by abcdefg30
parent c82b8244e8
commit 435c999abf
2 changed files with 66 additions and 52 deletions
Download Patch File Download Diff File Expand all files Collapse all files

46
.github/workflows/packaging.yml vendored
View File

@@ -61,8 +61,8 @@ jobs:
file_glob: true file_glob: true
file: build/linux/* file: build/linux/*
macos: macos-net:
name: macOS Disk Images name: macOS .NET
runs-on: macos-11 runs-on: macos-11
steps: steps:
- name: Clone Repository - name: Clone Repository
@@ -76,7 +76,7 @@ jobs:
- name: Prepare Environment - name: Prepare Environment
run: echo "GIT_TAG=${GITHUB_REF#refs/tags/}" >> ${GITHUB_ENV} run: echo "GIT_TAG=${GITHUB_REF#refs/tags/}" >> ${GITHUB_ENV}
- name: Package Disk Images - name: Package Disk Image
env: env:
MACOS_DEVELOPER_IDENTITY: ${{ secrets.MACOS_DEVELOPER_IDENTITY }} MACOS_DEVELOPER_IDENTITY: ${{ secrets.MACOS_DEVELOPER_IDENTITY }}
MACOS_DEVELOPER_CERTIFICATE_BASE64: ${{ secrets.MACOS_DEVELOPER_CERTIFICATE_BASE64 }} MACOS_DEVELOPER_CERTIFICATE_BASE64: ${{ secrets.MACOS_DEVELOPER_CERTIFICATE_BASE64 }}
@@ -85,9 +85,45 @@ jobs:
MACOS_DEVELOPER_PASSWORD: ${{ secrets.MACOS_DEVELOPER_PASSWORD }} MACOS_DEVELOPER_PASSWORD: ${{ secrets.MACOS_DEVELOPER_PASSWORD }}
run: | run: |
mkdir -p build/macos mkdir -p build/macos
./packaging/macos/buildpackage.sh "${GIT_TAG}" "${PWD}/build/macos" ./packaging/macos/buildpackage.sh "${GIT_TAG}" "${PWD}/build/macos" "standard" "build.dmg"
- name: Upload Packages - name: Upload Package
uses: svenstaro/upload-release-action@v2
with:
repo_token: ${{ secrets.GITHUB_TOKEN }}
tag: ${{ github.ref }}
overwrite: true
file_glob: true
file: build/macos/*
macos-mono:
name: macOS Mono
runs-on: macos-11
steps:
- name: Clone Repository
uses: actions/checkout@v3
- name: Install .NET 6
uses: actions/setup-dotnet@v1
with:
dotnet-version: '6.0.x'
- name: Prepare Environment
run: echo "GIT_TAG=${GITHUB_REF#refs/tags/}" >> ${GITHUB_ENV}
- name: Package Disk Image
env:
MACOS_DEVELOPER_IDENTITY: ${{ secrets.MACOS_DEVELOPER_IDENTITY }}
MACOS_DEVELOPER_CERTIFICATE_BASE64: ${{ secrets.MACOS_DEVELOPER_CERTIFICATE_BASE64 }}
MACOS_DEVELOPER_CERTIFICATE_PASSWORD: ${{ secrets.MACOS_DEVELOPER_CERTIFICATE_PASSWORD }}
MACOS_DEVELOPER_USERNAME: ${{ secrets.MACOS_DEVELOPER_USERNAME }}
MACOS_DEVELOPER_PASSWORD: ${{ secrets.MACOS_DEVELOPER_PASSWORD }}
run: |
mkdir -p build/macos
./packaging/macos/buildpackage.sh "${GIT_TAG}" "${PWD}/build/macos" "mono" "build-mono.dmg"
- name: Upload Package
uses: svenstaro/upload-release-action@v2 uses: svenstaro/upload-release-action@v2
with: with:
repo_token: ${{ secrets.GITHUB_TOKEN }} repo_token: ${{ secrets.GITHUB_TOKEN }}

52
packaging/macos/buildpackage.sh
View File

@@ -16,13 +16,13 @@
set -o errexit -o pipefail || exit $? set -o errexit -o pipefail || exit $?
if [ $# -ne "2" ]; then if [[ "${OSTYPE}" != "darwin"* ]]; then
echo "Usage: $(basename "$0") tag outputdir" echo >&2 "macOS packaging requires a macOS host"
exit 1 exit 1
fi fi
if [[ "${OSTYPE}" != "darwin"* ]]; then if [ $# -ne "4" ]; then
echo >&2 "macOS packaging requires a macOS host" echo "Usage: $(basename "$0") tag outputdir platform dmg"
exit 1 exit 1
fi fi
@@ -106,7 +106,7 @@ build_app() {
# Sign binaries with developer certificate # Sign binaries with developer certificate
if [ -n "${MACOS_DEVELOPER_IDENTITY}" ]; then if [ -n "${MACOS_DEVELOPER_IDENTITY}" ]; then
codesign -s "${MACOS_DEVELOPER_IDENTITY}" --timestamp --options runtime -f --entitlements entitlements.plist --deep "${LAUNCHER_DIR}" codesign --sign "${MACOS_DEVELOPER_IDENTITY}" --timestamp --options runtime -f --entitlements entitlements.plist --deep "${LAUNCHER_DIR}"
fi fi
} }
@@ -216,28 +216,10 @@ notarize_package() {
# Create a temporary read-only dmg for submission (notarization service rejects read/write images) # Create a temporary read-only dmg for submission (notarization service rejects read/write images)
hdiutil convert "${DMG_PATH}" -format ULFO -ov -o "${NOTARIZE_DMG_PATH}" hdiutil convert "${DMG_PATH}" -format ULFO -ov -o "${NOTARIZE_DMG_PATH}"
NOTARIZATION_UUID=$(xcrun altool --notarize-app --primary-bundle-id "net.openra.packaging" -u "${MACOS_DEVELOPER_USERNAME}" -p "${MACOS_DEVELOPER_PASSWORD}" --file "${NOTARIZE_DMG_PATH}" 2>&1 | awk -F' = ' '/RequestUUID/ { print $2; exit }') xcrun notarytool submit "${NOTARIZE_DMG_PATH}" --wait --apple-id "${MACOS_DEVELOPER_USERNAME}" --password "${MACOS_DEVELOPER_PASSWORD}" --team-id "${MACOS_DEVELOPER_IDENTITY}"
if [ -z "${NOTARIZATION_UUID}" ]; then
echo "Submission failed"
exit 1
fi
echo "${DMG_PATH} submission UUID is ${NOTARIZATION_UUID}"
rm "${NOTARIZE_DMG_PATH}" rm "${NOTARIZE_DMG_PATH}"
while :; do
sleep 30
NOTARIZATION_RESULT=$(xcrun altool --notarization-info "${NOTARIZATION_UUID}" -u "${MACOS_DEVELOPER_USERNAME}" -p "${MACOS_DEVELOPER_PASSWORD}" 2>&1 | awk -F': ' '/Status/ { print $2; exit }')
echo "${DMG_PATH}: ${NOTARIZATION_RESULT}"
if [ "${NOTARIZATION_RESULT}" == "invalid" ]; then
NOTARIZATION_LOG_URL=$(xcrun altool --notarization-info "${NOTARIZATION_UUID}" -u "${MACOS_DEVELOPER_USERNAME}" -p "${MACOS_DEVELOPER_PASSWORD}" 2>&1 | awk -F': ' '/LogFileURL/ { print $2; exit }')
echo "${NOTARIZATION_UUID} failed notarization with error:"
curl -s "${NOTARIZATION_LOG_URL}" -w "\n"
exit 1
fi
if [ "${NOTARIZATION_RESULT}" == "success" ]; then
echo "${DMG_PATH}: Stapling tickets" echo "${DMG_PATH}: Stapling tickets"
DMG_DEVICE=$(hdiutil attach -readwrite -noverify -noautoopen "${DMG_PATH}" | egrep '^/dev/' | sed 1q | awk '{print $1}') DMG_DEVICE=$(hdiutil attach -readwrite -noverify -noautoopen "${DMG_PATH}" | egrep '^/dev/' | sed 1q | awk '{print $1}')
sleep 2 sleep 2
@@ -251,8 +233,6 @@ notarize_package() {
hdiutil detach "${DMG_DEVICE}" hdiutil detach "${DMG_DEVICE}"
break break
fi
done
} }
finalize_package() { finalize_package() {
@@ -261,28 +241,26 @@ finalize_package() {
OUTPUT_PATH="${3}" OUTPUT_PATH="${3}"
if [ "${PLATFORM}" = "mono" ]; then if [ "${PLATFORM}" = "mono" ]; then
hdiutil convert "${INPUT_PATH}" -format UDZO -imagekey zlib-level=9 -ov -o "${OUTPUT_PATH}" hdiutil convert "${INPUT_PATH}" -format UDZO -imagekey zlib-level=9 -ov -o "${OUTPUT_PATH}-mono.dmg"
else else
# ULFO offers better compression and faster decompression speeds, but is only supported by 10.11+ # ULFO offers better compression and faster decompression speeds, but is only supported by 10.11+
hdiutil convert "${INPUT_PATH}" -format ULFO -ov -o "${OUTPUT_PATH}" hdiutil convert "${INPUT_PATH}" -format ULFO -ov -o "${OUTPUT_PATH}.dmg"
fi fi
rm "${INPUT_PATH}" rm "${INPUT_PATH}"
} }
build_platform "standard" "build.dmg" PLATFORM="$3"
build_platform "mono" "build-mono.dmg" DISK_IMAGE="$4"
build_platform "${PLATFORM}" "${DISK_IMAGE}"
if [ -n "${MACOS_DEVELOPER_CERTIFICATE_BASE64}" ] && [ -n "${MACOS_DEVELOPER_CERTIFICATE_PASSWORD}" ] && [ -n "${MACOS_DEVELOPER_IDENTITY}" ]; then if [ -n "${MACOS_DEVELOPER_CERTIFICATE_BASE64}" ] && [ -n "${MACOS_DEVELOPER_CERTIFICATE_PASSWORD}" ] && [ -n "${MACOS_DEVELOPER_IDENTITY}" ]; then
security delete-keychain build.keychain security delete-keychain build.keychain
fi fi
if [ -n "${MACOS_DEVELOPER_USERNAME}" ] && [ -n "${MACOS_DEVELOPER_PASSWORD}" ]; then if [ -n "${MACOS_DEVELOPER_USERNAME}" ] && [ -n "${MACOS_DEVELOPER_PASSWORD}" ] && [ -n "${MACOS_DEVELOPER_IDENTITY}" ]; then
# Parallelize processing notarize_package "${DISK_IMAGE}"
(notarize_package "build.dmg") &
(notarize_package "build-mono.dmg") &
wait
fi fi
finalize_package "standard" "build.dmg" "${OUTPUTDIR}/OpenRA-${TAG}.dmg" finalize_package "${PLATFORM}" "${DISK_IMAGE}" "${OUTPUTDIR}/OpenRA-${TAG}"
finalize_package "mono" "build-mono.dmg" "${OUTPUTDIR}/OpenRA-${TAG}-mono.dmg"