From 304d91e806ef23e8d25bd89a6b10ea72139beb2e Mon Sep 17 00:00:00 2001 From: Max Fierke Date: Sun, 15 Oct 2023 22:58:30 -0500 Subject: [PATCH] Replace gon w/ direct codesign & notarytool usage --- .github/workflows/release.yml | 34 +++++++++++--------- Makefile | 58 +++++++++++++++++++++++++---------- gon.ci.hcl | 14 --------- gon.hcl | 14 --------- 4 files changed, 61 insertions(+), 59 deletions(-) delete mode 100644 gon.ci.hcl delete mode 100644 gon.hcl diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index a62014f..553965a 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -91,11 +91,6 @@ jobs: - name: Install crystal and tool dependencies run: brew install crystal meson openssl@3 - - name: Install gon via homebrew for code signing and app notarization - run: | - brew tap mitchellh/gon - brew install mitchellh/gon/gon - - name: Install dependencies run: shards install @@ -105,12 +100,20 @@ jobs: p12-file-base64: ${{ secrets.APPLE_DEVELOPER_CERTIFICATE_P12_BASE64 }} p12-password: ${{ secrets.APPLE_DEVELOPER_CERTIFICATE_PASSWORD }} - - name: Build signed & notorized release bundle + - name: Add notarytool credentials env: AC_USERNAME: ${{ secrets.AC_USERNAME }} AC_PASSWORD: ${{ secrets.AC_PASSWORD }} + AC_TEAM_ID: ${{ secrets.AC_TEAM_ID }} run: | - make release RELEASE=1 STATIC=1 GON_CONFIG=./gon.ci.hcl + xcrun notarytool store-credentials \ + --apple-id "$AC_USERNAME" \ + --team-id "$AC_TEAM_ID" \ + --password "$AC_PASSWORD" \ + mstrap + + - name: Build signed & notorized release bundle + run: make release RELEASE=1 STATIC=1 - name: Upload release bundle artifact uses: actions/upload-artifact@v3 @@ -127,11 +130,6 @@ jobs: - name: Install crystal and tool dependencies run: brew install crystal meson openssl@3 - - name: Install gon via homebrew for code signing and app notarization - run: | - brew tap mitchellh/gon - brew install mitchellh/gon/gon - - name: Install dependencies run: shards install @@ -141,12 +139,20 @@ jobs: p12-file-base64: ${{ secrets.APPLE_DEVELOPER_CERTIFICATE_P12_BASE64 }} p12-password: ${{ secrets.APPLE_DEVELOPER_CERTIFICATE_PASSWORD }} - - name: Build signed & notorized release bundle + - name: Add notarytool credentials env: AC_USERNAME: ${{ secrets.AC_USERNAME }} AC_PASSWORD: ${{ secrets.AC_PASSWORD }} + AC_TEAM_ID: ${{ secrets.AC_TEAM_ID }} run: | - make release RELEASE=1 STATIC=1 TARGET_ARCH=arm64 GON_CONFIG=./gon.ci.hcl + xcrun notarytool store-credentials \ + --apple-id "$AC_USERNAME" \ + --team-id "$AC_TEAM_ID" \ + --password "$AC_PASSWORD" \ + mstrap + + - name: Build signed & notorized release bundle + run: make release RELEASE=1 STATIC=1 TARGET_ARCH=arm64 - name: Upload release bundle artifact uses: actions/upload-artifact@v3 diff --git a/Makefile b/Makefile index 839f4e8..82293f2 100644 --- a/Makefile +++ b/Makefile @@ -5,27 +5,29 @@ SHELL := bash .DELETE_ON_ERROR: .SUFFIXES: +CODESIGN_IDENTITY ?= 66837B7A624EA4CDB507D40C6940C74A740EF5B1 CRFLAGS ?= CRYSTAL ?= $(shell which crystal) -SHARDS ?= $(shell which shards) -MESON ?= $(shell which meson) -GON_CONFIG ?= ./gon.hcl HOST_ARCH := $(shell uname -m) HOST_OS := $(shell uname -s | tr '[:upper:]' '[:lower:]') +MESON ?= $(shell which meson) PREFIX ?= /usr/local RELEASE ?= +SHARDS ?= $(shell which shards) +SKIP_CODESIGN ?= +SKIP_NOTARIZE ?= STATIC ?= STRIP_RPATH ?= SOURCES := src/*.cr src/**/*.cr -SKIP_NOTARIZE ?= TAG_NAME ?= $(shell git describe --tags) TARGET_ARCH ?= $(HOST_ARCH) TARGET_CABI ?= TARGET_OS ?= $(HOST_OS) - TARGET_TRIPLE ?= $(TARGET_OS)-$(TARGET_ARCH)$(if $(TARGET_CABI),-$(TARGET_CABI),) + TARGET_BUILD_DIR ?= .build/$(TARGET_TRIPLE) TARGET_CROSS_FILE ?= config/$(TARGET_TRIPLE).ini +TARGET_DIST_PATH ?= dist/mstrap-$(TAG_NAME)-$(subst -,_,$(TARGET_TRIPLE)).zip # Force static compilation on musl ifeq ($(TARGET_CABI),musl) @@ -98,9 +100,32 @@ bin/mstrap: $(TARGET_BUILD_DIR)/mstrap patchelf --set-interpreter /lib64/ld-linux-x86-64.so.2 bin/mstrap; \ fi +dist/mstrap.zip: bin/mstrap codesign + @mkdir -p dist + zip --junk-paths dist/mstrap.zip bin/mstrap + .PHONY: build build: bin/mstrap +.PHONY: codesign +codesign: bin/mstrap + @if [ "$(TARGET_OS)" == "darwin" ] && [ -z "$(SKIP_CODESIGN)" ]; then \ + codesign -f -v \ + --timestamp \ + --options runtime \ + -s "$(CODESIGN_IDENTITY)" \ + bin/mstrap; \ + fi + +.PHONY: notarize +notarize: dist/mstrap.zip + @if [ "$(TARGET_OS)" == "darwin" ] && [ -z "$(SKIP_NOTARIZE)" ]; then \ + xcrun notarytool submit \ + --keychain-profile "mstrap" \ + --wait \ + dist/mstrap.zip; \ + fi + .PHONY: deps deps: shard.yml shard.lock $(SHARDS) check || $(SHARDS) install @@ -108,9 +133,11 @@ deps: shard.yml shard.lock docs: $(SOURCES) $(CRYSTAL) docs +.PHONY: format format: $(CRYSTAL) tool format +.PHONY: lint lint: deps $(CRYSTAL) run $(CRFLAGS) bin/ameba.cr @@ -123,9 +150,12 @@ clean: .PHONY: spec spec: deps $(SOURCES) - $(CRYSTAL) tool format --check $(CRYSTAL) spec $(CRFLAGS) -Dmt_no_expectations --error-trace +.PHONY: check-formatting +check-formatting: $(SOURCES) + $(CRYSTAL) tool format --check + .PHONY: check-libraries check-libraries: bin/mstrap @if [ ! -z "$(STATIC)" ] && [ "$(TARGET_OS)" == "darwin" ] && [ "$$(otool -LX bin/mstrap | awk '{print $$1}')" != "$$(cat expected.libs.darwin)" ]; then \ @@ -143,18 +173,12 @@ check-provisioning: bundle exec rspec .PHONY: test -test: spec check-libraries +test: check-formatting spec check-libraries -release: gon.hcl bin/mstrap - mkdir -p ./dist - @if [ "$(TARGET_OS)" == "darwin" ] && [ -z "$(SKIP_NOTARIZE)" ]; then \ - gon -log-level=debug $(GON_CONFIG); \ - else \ - zip --junk-paths dist/mstrap.zip bin/mstrap; \ - fi - @if [ ! -z "$(TAG_NAME)" ]; then \ - mv dist/mstrap.zip dist/mstrap-$(TAG_NAME)-$(subst -,_,$(TARGET_TRIPLE)).zip; \ - fi +.PHONY: release +release: dist/mstrap.zip notarize + @mv dist/mstrap.zip $(TARGET_DIST_PATH) + echo "Release zip saved to $(TARGET_DIST_PATH)" .PHONY: smoke-test smoke-test: $(TARGET_BUILD_DIR)/mstrap diff --git a/gon.ci.hcl b/gon.ci.hcl deleted file mode 100644 index 1162f65..0000000 --- a/gon.ci.hcl +++ /dev/null @@ -1,14 +0,0 @@ -source = ["./bin/mstrap"] -bundle_id = "com.maxfierke.mstrap" - -apple_id { - password = "@env:AC_PASSWORD" -} - -sign { - application_identity = "66837B7A624EA4CDB507D40C6940C74A740EF5B1" -} - -zip { - output_path = "dist/mstrap.zip" -} diff --git a/gon.hcl b/gon.hcl deleted file mode 100644 index 7173518..0000000 --- a/gon.hcl +++ /dev/null @@ -1,14 +0,0 @@ -source = ["./bin/mstrap"] -bundle_id = "com.maxfierke.mstrap" - -apple_id { - password = "@keychain:gon" -} - -sign { - application_identity = "66837B7A624EA4CDB507D40C6940C74A740EF5B1" -} - -zip { - output_path = "dist/mstrap.zip" -}