From 032912388be628464fbff54f83a773f26d599177 Mon Sep 17 00:00:00 2001
From: Arkadiusz Nitka <105845406+ArkadiuszNitkaSWI@users.noreply.github.com>
Date: Thu, 5 Sep 2024 08:28:27 +0200
Subject: [PATCH] NH-85695 Add signing binaries mac (#20)

* Add signing mac binaries
* Change golangci-lint
---
 .github/workflows/ci.yml      |  2 +-
 .github/workflows/release.yml |  7 +++++++
 .goreleaser.yaml              | 18 ++++++++++++++++++
 Makefile                      |  2 +-
 4 files changed, 27 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index cd5e866..fc88143 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -23,7 +23,7 @@ jobs:
       - name: golangci-lint
         uses: golangci/golangci-lint-action@v6
         with:
-          version: v1.59
+          version: v1.60.3
   build:
     runs-on: ubuntu-latest
     steps:
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index ef44cd3..595f4fb 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -14,6 +14,7 @@ permissions:
 jobs:
   goreleaser:
     runs-on: ubuntu-latest
+    environment: prod
     steps:
       - name: Checkout
         uses: actions/checkout@v4
@@ -37,3 +38,9 @@ jobs:
           SP_CI_USER_TOKEN: ${{ secrets.SP_CI_USER_TOKEN }}
           SP_ORGANIZATION_ID: ${{ secrets.SP_ORGANIZATION_ID }}
           SP_PROJECT: ${{ secrets.SP_PROJECT }}
+
+          SWO_ISSUER_ID: ${{ secrets.SWO_ISSUER_ID }}
+          SWO_KEY_ID: ${{ secrets.SWO_KEY_ID }}
+          SWO_MAC_P8_FILE: ${{ secrets.SWO_MAC_P8_FILE }}
+          SWO_MAC_P12_CERT: ${{ secrets.SWO_MAC_P12_CERT }}
+          SWO_P12_PASSWORD: ${{ secrets.SWO_P12_PASSWORD }}
diff --git a/.goreleaser.yaml b/.goreleaser.yaml
index 398fbd6..5a96fc9 100644
--- a/.goreleaser.yaml
+++ b/.goreleaser.yaml
@@ -2,6 +2,7 @@ env:
   - CGO_ENABLED=0
   - REPO_OWNER=solarwinds
   - REPO_NAME=swo-cli
+
 builds:
   - main: ./cmd/swo/main.go
     id: linux
@@ -27,6 +28,7 @@ builds:
             - SP_ARTIFACT_CONFIGURATION=exe
           cmd: pwsh -c "Submit-SigningRequest -ApiToken "$env:SP_CI_USER_TOKEN" -OrganizationId "$env:SP_ORGANIZATION_ID" -ProjectSlug "$env:SP_PROJECT" -SigningPolicySlug "$env:SP_SIGNING_POLICY" -ArtifactConfigurationSlug "$env:SP_ARTIFACT_CONFIGURATION" -InputArtifactPath '{{ .Path }}' -OutputArtifactPath '{{ .Path }}' -Force -WaitForCompletion"
           output: true
+
 archives:
   - builds:
       - win
@@ -42,6 +44,22 @@ universal_binaries:
     replace: true
     name_template: "swo"
 
+notarize:
+  macos:
+    - enabled: '{{ isEnvSet "SWO_MAC_P12_CERT" }}'
+      ids:
+        - mac
+      sign:
+        certificate: "{{.Env.SWO_MAC_P12_CERT}}"
+        password: "{{.Env.SWO_P12_PASSWORD}}"
+
+      notarize:
+        issuer_id: "{{.Env.SWO_ISSUER_ID}}"
+        key_id: "{{.Env.SWO_KEY_ID}}"
+        key: "{{.Env.SWO_MAC_P8_FILE}}"
+        wait: true
+        timeout: 20m
+
 changelog:
   disable: true
 
diff --git a/Makefile b/Makefile
index 8186bbc..6829c07 100644
--- a/Makefile
+++ b/Makefile
@@ -1,4 +1,4 @@
-golangci-lint-version = v1.56.1
+golangci-lint-version = v1.60.3
 
 .PHONY: install-golangci-lint
 install-golangci-lint: