-
Notifications
You must be signed in to change notification settings - Fork 4
95 lines (87 loc) · 3.98 KB
/
storage-advisor-release.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
name: Storage Advisor CLI Release
on:
release:
types: [created]
permissions:
contents: write
packages: write
jobs:
releases-matrix:
name: Release
runs-on: ubuntu-latest
strategy:
matrix:
# build and publish in parallel: linux/386, linux/amd64, linux/arm64, windows/386, windows/amd64, darwin/amd64, darwin/arm64
goos: [linux, windows, darwin]
goarch: ["386", amd64, arm64]
exclude:
- goarch: "386"
goos: darwin
- goarch: arm64
goos: windows
steps:
- uses: actions/checkout@v3
- uses: wangyoucao577/go-release-action@v1
with:
github_token: ${{ secrets.GITHUB_TOKEN }}
goos: ${{ matrix.goos }}
goarch: ${{ matrix.goarch }}
goversion: 1.20.13
project_path: "./tools/storage-advisor/src"
binary_name: "storage-advisor"
- name: Find build folder
id: build-folder
run: echo "BUILD_ARTIFACTS_FOLDER=build-artifacts-$(date +%s)" >> "$GITHUB_OUTPUT"
- name: Upload artifacts
uses: actions/upload-artifact@v4
with:
path: tools/storage-advisor/src/${{ steps.build-folder.outputs.BUILD_ARTIFACTS_FOLDER }}
notarize:
needs: releases-matrix
runs-on: macos-latest
steps:
- uses: actions/download-artifact@v4
- name: Obtain release name
id: release-id
run: echo "RELEASE_TAG=$(jq -r .release.tag_name ${GITHUB_EVENT_PATH})" >> "$GITHUB_OUTPUT"
- name: Download artifacts
uses: actions/download-artifact@v3
# with:
# pattern: storage-advisor-${{ steps.release-id.outputs.RELEASE_TAG }}-darwin-amd64.tar.gz
- name: List
run: ls -l
- uses: dsaltares/fetch-gh-release-asset@cdaf216b2a5baa0f20eecbf460912cc9947f2577
with:
version: tags/${{ steps.release-id.outputs.RELEASE_TAG }}
file: storage-advisor-${{ steps.release-id.outputs.RELEASE_TAG }}-darwin-amd64.tar.gz
- name: Sign
env: # Or as an environment variable
DEVELOPER_ID_APPLICATION_P12: ${{ secrets.DEVELOPER_ID_APPLICATION_P12 }}
DEVELOPER_ID_APPLICATION_P12_PWD: ${{ secrets.DEVELOPER_ID_APPLICATION_P12_PWD }}
run: |
tar -xzf storage-advisor-${{ steps.release-id.outputs.RELEASE_TAG }}-darwin-amd64.tar.gz
KEYCHAIN_NAME=\$(cat /dev/random | LC_CTYPE=C tr -dc "[:alpha:]" | head -c 16)
KEYCHAIN_PASSWORD=\$(cat /dev/random | LC_CTYPE=C tr -dc "[:alpha:]" | head -c 16)
security create-keychain -p "\${KEYCHAIN_PASSWORD}" "\${KEYCHAIN_NAME}"
security unlock-keychain -p "\${KEYCHAIN_PASSWORD}" "\${KEYCHAIN_NAME}"
curl -O https://www.apple.com/appleca/AppleIncRootCertificate.cer
security import AppleIncRootCertificate.cer -t cert -k "\${KEYCHAIN_NAME}" -T /usr/bin/codesign -T /usr/bin/xcodebuild
curl -O https://www.apple.com/certificateauthority/DeveloperIDCA.cer
security import DeveloperIDCA.cer -t cert -k "\${KEYCHAIN_NAME}" -T /usr/bin/codesign -T /usr/bin/xcodebuild
rm AppleIncRootCertificate.cer DeveloperIDC
echo "$DEVELOPER_ID_APPLICATION_P12" | base64 -d > signing_cert.p12
security import signing_cert.p12 -P "$DEVELOPER_ID_APPLICATION_P12_PWD" -k "\${KEYCHAIN_NAME}" -T /usr/bin/codesign -T /usr/bin/xcodebuild
rm signing_cer
security set-keychain-settings \$KEYCHAIN_NAME
security set-key-partition-list -S apple-tool:,apple: -s -k "\${KEYCHAIN_PASSWORD}" "\${KEYCHAIN_N
# we need to add our new keychain to user search list to use the certificate
keychainNames=();
for keychain in \$(security list-keychains -d user)
do
basename=\$(basename "\$keychain")
keychainName=\${basename::\${#basename}-4}
keychainNames+=("\$keychainName")
done
security -v list-keychains -s "\${keychainNames[@]}" \$KEYCHAIN_NAME
codesign -s 98A9FF12B0FCCCEEDE752C824A2A7E189B5AEEAE -o runtime -v storage-advisor
security -v delete-keychain \$KEYCHAIN_NAME