Skip to content

Remove installbuilder from macos release artifact #785

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 16 commits into from
May 19, 2023
Merged

Remove installbuilder from macos release artifact #785

Changes from 1 commit
Commits
Show all changes
16 commits
Select commit Hold shift + click to select a range
a976fe9
let gon generate the dmg installer and upload it
umbynos May 5, 2023
eb6b8e9
package step does not need notarization anymore
umbynos May 5, 2023
214e0bd
remove installbuilder env vars related to macos
umbynos May 5, 2023
95321d6
remove macos from matrix
umbynos May 5, 2023
41e3181
remove macos related steps from package job
umbynos May 5, 2023
a8ab2eb
remove `executable-path` and `artifact-name` vars, they are redundant
umbynos May 5, 2023
bfcfbd6
remove `code-sign-mac-installers` job: we already have a notarized dmg
umbynos May 5, 2023
745e93e
adapt last `create-release` job
umbynos May 5, 2023
d057a01
Revert "let gon generate the dmg installer and upload it"
umbynos May 9, 2023
b05a2f9
add step to generate and sign the dmg installer
umbynos May 9, 2023
e9f318b
fix `create-release` job
umbynos May 9, 2023
a1ae0a9
Partially Revert "adapt last `create-release` job"
umbynos May 9, 2023
f822d9c
test new version of the installer config
umbynos May 9, 2023
2e1306b
Warn the user if a previous installation exists in `$HOME/Applications/`
umbynos May 16, 2023
8bf558d
Revert "test new version of the installer config"
umbynos May 9, 2023
fc49266
if the running binary is the old running one we don't do anything
umbynos May 18, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Prev Previous commit
Next Next commit
add step to generate and sign the dmg installer
  • Loading branch information
@umbynos
umbynos committed May 19, 2023
commit b05a2f964d8c41a108396bf7387e7cd13cfcad0c
102 changes: 102 additions & 0 deletions .github/workflows/release.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -407,6 +407,108 @@ jobs:
path: ArduinoCreateAgent*
if-no-files-found: error

# This job will generate a dmg mac installer, sign/notarize it.
generate-sign-dmg:
needs: notarize-macos
strategy:
matrix:
arch: [amd64]

runs-on: macos-12
steps:
- name: Checkout repo with icons/background
uses: actions/checkout@v3
with:
repository: 'bcmi-labs/arduino-create-agent-installer' # the repo which contains the icons/background
token: ${{ secrets.ARDUINO_CREATE_AGENT_CI_PAT }}

- name: Download artifact
uses: actions/download-artifact@v3
with:
name: ArduinoCreateAgent.app_${{ matrix.arch }}_notarized
path: ArduinoCreateAgent.app

- name: unzip artifact
working-directory: ArduinoCreateAgent.app
run: |
unzip ArduinoCreateAgent.app_${{ matrix.arch }}_notarized.zip
rm ArduinoCreateAgent.app_${{ matrix.arch }}_notarized.zip

- name: Install create-dmg
run: brew install create-dmg

- name: Genarate DMG
run: |
create-dmg \
--volname "ArduinoCreateAgent" \
--background "installer_icons/background.tiff" \
--window-pos 200 120 \
--window-size 500 320 \
--icon-size 80 \
--icon "ArduinoCreateAgent.app" 125 150 \
--app-drop-link 375 150 \
"ArduinoCreateAgent-${GITHUB_REF##*/}-osx-${{ matrix.arch }}-installer.dmg" \
"ArduinoCreateAgent.app"

- name: Import Code-Signing Certificates
run: |
echo "${{ secrets.INSTALLER_CERT_MAC_P12 }}" | base64 --decode > "${{ env.INSTALLER_CERT_MAC_PATH }}"
security create-keychain -p "${{ env.KEYCHAIN_PASSWORD }}" "${{ env.KEYCHAIN }}"
security default-keychain -s "${{ env.KEYCHAIN }}"
security unlock-keychain -p "${{ env.KEYCHAIN_PASSWORD }}" "${{ env.KEYCHAIN }}"
security import \
"${{ env.INSTALLER_CERT_MAC_PATH }}" \
-k "${{ env.KEYCHAIN }}" \
-f pkcs12 \
-A \
-T "/usr/bin/codesign" \
-P "${{ secrets.INSTALLER_CERT_MAC_PASSWORD }}"
security set-key-partition-list \
-S apple-tool:,apple: \
-s \
-k "${{ env.KEYCHAIN_PASSWORD }}" \
"${{ env.KEYCHAIN }}"

- name: Install gon for code signing and app notarization
run: |
wget -q https://github.com/mitchellh/gon/releases/download/v0.2.5/gon_macos.zip
unzip gon_macos.zip -d /usr/local/bin

- name: Write gon config to file
# gon does not allow env variables in config file (https://github.com/mitchellh/gon/issues/20)
run: |
cat > gon.config_installer.hcl <<EOF
source = ["ArduinoCreateAgent-${GITHUB_REF##*/}-osx-${{ matrix.arch }}-installer.dmg"]
bundle_id = "cc.arduino.${{ env.PROJECT_NAME }}-installer"

sign {
application_identity = "Developer ID Application: ARDUINO SA (7KT7ZWMCJT)"
}

# Ask Gon for zip output to force notarization process to take place.
# The CI will not upload the zip output
zip {
output_path = "ArduinoCreateAgent.app_${{ matrix.arch }}_notarized.zip"
}
EOF

- name: Code sign and notarize app
run: |
echo "gon will notarize executable in ArduinoCreateAgent-osx/ArduinoCreateAgent-${GITHUB_REF##*/}-osx-${{ matrix.arch }}-installer.dmg"
gon -log-level=debug -log-json gon.config_installer.hcl
timeout-minutes: 30

# tar dmg file to keep executable permission
- name: Tar files to keep permissions
run: tar -cvf ArduinoCreateAgent-${GITHUB_REF##*/}-osx-${{ matrix.arch }}-installer.tar ArduinoCreateAgent-${GITHUB_REF##*/}-osx-${{ matrix.arch }}-installer.dmg

- name: Upload artifacts
uses: actions/upload-artifact@v3
with:
name: ArduinoCreateAgent-osx-${{ matrix.arch }}
path: ArduinoCreateAgent*.tar
if-no-files-found: error

create-release:
runs-on: ubuntu-20.04
needs: [build, package]
Expand Down