Skip to content

Commit

Permalink
MacOS app signing (#63)
Browse files Browse the repository at this point in the history
* Add binary signing into build process

* Fix add-osx-cert script location

* Fix add-osx-cert script location

* Change CI machine to macos

* Fix gon

* Fix goreleaser

* Debug gon in goreleaser

* Debug gon in goreleaser

* Make goreleaser verbose

* Make goreleaser verbose

* Make gon verbose

* Change gon config

* Install gon in build

* Separate macos builds in two

* Fix gon config

* Fix gon config

* Add project name to goreleaser

* Add more logs to goreleaser

* Skip notarizing

* Skip notarizing

* Cleanup

* Revert changes in textile client
  • Loading branch information
dmerrill6 authored Jun 24, 2020
1 parent 6962060 commit d75671b
Show file tree
Hide file tree
Showing 7 changed files with 75 additions and 18 deletions.
11 changes: 10 additions & 1 deletion .github/workflows/release.yml
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,7 @@ on:
- v*.*.*
jobs:
build:
runs-on: ubuntu-latest
runs-on: macos-latest
name: goreleaser
steps:
- uses: actions/checkout@v2
Expand All @@ -14,6 +14,15 @@ jobs:
- uses: actions/setup-go@v2-beta
with:
go-version: '^1.14.0'
- name: Add MacOS certs
run: cp ./ci/add-osx-cert.sh /tmp/add-osx-cert.sh && chmod +x /tmp/add-osx-cert.sh && /tmp/add-osx-cert.sh
env:
CERTIFICATE_OSX_APPLICATION: ${{ secrets.CERTIFICATE_OSX_APPLICATION }}
CERTIFICATE_PASSWORD: ${{ secrets.CERTIFICATE_PASSWORD }}
- name: Install gon via HomeBrew for code signing and app notarization
run: |
brew tap mitchellh/gon
brew install mitchellh/gon/gon
- name: Release via goreleaser
uses: goreleaser/goreleaser-action@master
with:
Expand Down
4 changes: 3 additions & 1 deletion .gitignore
Original file line number Diff line number Diff line change
Expand Up @@ -21,4 +21,6 @@ debug/
space.json
bin

debug/
debug/
dist/
main
23 changes: 16 additions & 7 deletions .goreleaser.yml
Original file line number Diff line number Diff line change
Expand Up @@ -5,26 +5,35 @@ before:
- go mod download
# you may remove this if you don't need go generate
# - go generate ./...
project_name: space
builds:
- id: space-poc
# Builds everything except macos
- id: space
env:
- CGO_ENABLED=0
main: ./cmd/space-poc/main.go
binary: space-poc
binary: space
goos:
- darwin
- linux
- id: installer

- id: space-darwin
env:
- CGO_ENABLED=0
main: ./cmd/installer/main.go
binary: installer
main: ./cmd/space-poc/main.go
binary: space
goos:
- darwin
- linux
hooks:
post: gon -log-level debug ci/gon.hcl
archives:
- name_template: '{{ .Binary }}_{{ .Os }}_{{ .Arch }}'
format: binary
files:
- LICENSE*
- README*
- CHANGELOG*
- dist/space-macos-i386.dmg
- dist/space-macos-x86_64.dmg
replacements:
darwin: Darwin
linux: Linux
Expand Down
23 changes: 23 additions & 0 deletions ci/add-osx-cert.sh
Original file line number Diff line number Diff line change
@@ -0,0 +1,23 @@
#!/usr/bin/env sh

KEY_CHAIN=build.keychain
CERTIFICATE_P12=certificate.p12

# Recreate the certificate from the secure environment variable
echo $CERTIFICATE_OSX_APPLICATION | base64 --decode > $CERTIFICATE_P12

#create a keychain
security create-keychain -p actions $KEY_CHAIN

# Make the keychain the default so identities are found
security default-keychain -s $KEY_CHAIN

# Unlock the keychain
security unlock-keychain -p actions $KEY_CHAIN

security import $CERTIFICATE_P12 -k $KEY_CHAIN -P $CERTIFICATE_PASSWORD -T /usr/bin/codesign;

security set-key-partition-list -S apple-tool:,apple: -s -k actions $KEY_CHAIN

# remove certs
rm -fr *.p12
13 changes: 13 additions & 0 deletions ci/gon.hcl
Original file line number Diff line number Diff line change
@@ -0,0 +1,13 @@
# The path follows a pattern
# ./dist/BUILD-ID_TARGET/BINARY-NAME
source = ["./dist/space-darwin_darwin_amd64/space","./dist/space-darwin_darwin_386/space"]
bundle_id = "co.fleek.space"

apple_id {
username = "[email protected]"
password = "@env:APPLE_DEVELOPER_DANIEL_PASSWORD"
}

sign {
application_identity = "Mac Developer: Daniel Merrill (8257VLCFL7)"
}
9 changes: 5 additions & 4 deletions cmd/space-poc/main.go
Original file line number Diff line number Diff line change
Expand Up @@ -4,16 +4,17 @@ import (
"context"
"flag"
"fmt"
"github.com/FleekHQ/space-poc/app"
"github.com/FleekHQ/space-poc/config"
"github.com/FleekHQ/space-poc/core/env"
spacelog "github.com/FleekHQ/space-poc/log"
"log"
"net/http"
"os"
"runtime"
"runtime/pprof"

"github.com/FleekHQ/space-poc/app"
"github.com/FleekHQ/space-poc/config"
"github.com/FleekHQ/space-poc/core/env"
spacelog "github.com/FleekHQ/space-poc/log"

_ "net/http/pprof"
)

Expand Down
10 changes: 5 additions & 5 deletions core/textile/client.go
Original file line number Diff line number Diff line change
Expand Up @@ -4,12 +4,13 @@ import (
"context"
"encoding/hex"
"errors"
"github.com/FleekHQ/space-poc/config"
"github.com/libp2p/go-libp2p-core/crypto"
"os"
"sync"
"time"

"github.com/FleekHQ/space-poc/config"
"github.com/libp2p/go-libp2p-core/crypto"

"github.com/FleekHQ/space-poc/core/keychain"
db "github.com/FleekHQ/space-poc/core/store"
"github.com/FleekHQ/space-poc/log"
Expand All @@ -28,8 +29,8 @@ type textileClient struct {
isRunning bool
Ready chan bool

bucketsLock sync.RWMutex
buckets map[string]*bucket
bucketsLock sync.RWMutex
buckets map[string]*bucket
}

func (tc *textileClient) WaitForReady() chan bool {
Expand Down Expand Up @@ -244,4 +245,3 @@ func (tc *textileClient) StartAndBootstrap(ctx context.Context, cfg config.Confi
log.Debug("Textile Client initialized successfully")
return nil
}

0 comments on commit d75671b

Please sign in to comment.