Add basic Macos signing workflow #2319
Conversation
johnwparent
force-pushed
the
macos/cloud-signing-workflow
branch
2 times, most recently
from
d43525f
to
ec9ff31
Compare
johnwparent
force-pushed
the
macos/cloud-signing-workflow
branch
2 times, most recently
from
24a081b
to
35b2acb
Compare
|
Applied suggestions + refactored to avoid the use of the |
Adds basic CircleCI workflow to sign, notarize, and staple MacOS app bundle and associated DMG, then publishes signed binary in CircleCI artifacts Signed-off-by: John Parent <john.parent@kitware.com> Signed-off-by: Adam Treat <treat.adam@gmail.com>
![ellipsis-dev[bot]](https://avatars.githubusercontent.com/in/64358?s=60&v=4){kind=small}
There was a problem hiding this comment.
👍 Looks good to me! Reviewed everything up to 04b918c in 57 seconds
More details
- Looked at
134lines of code in2files - Skipped
0files when reviewing. - Skipped posting
1drafted comments based on config settings.
1. .circleci/grab_notary_id.py:14
- Draft comment:
Consider processing the log file line by line instead of reading it entirely into memory to handle potentially large log files more efficiently. - Reason this comment was not posted:
Confidence changes required:33%
The scriptgrab_notary_id.pyis used to extract the notarization ID from the log file generated during the notarization process. The regular expressionID_REGis designed to capture the ID following the pattern "id: <id_value>". The script reads the entire log file into memory, which could be optimized for large log files by processing line by line instead. However, this is not a critical issue unless the log files are expected to be very large. The script correctly handles the case where the ID is not found by raising a RuntimeError, which is appropriate for a script used in a CI/CD pipeline where clear error reporting is crucial.
Workflow ID: wflow_l3EuSUIT92WOWEIk
You can customize Ellipsis with 👍 / 👎 feedback, review rules, user-specific overrides, quiet mode, and more.
⌛ 8 days left in your free trial, upgrade for $20/seat/month or contact us.
johnwparent
force-pushed
the
macos/cloud-signing-workflow
branch
from
04b918c
to
bfc4579
Compare
There was a problem hiding this comment.
❌ Changes requested. Incremental review on bfc4579 in 1 minute and 20 seconds
More details
- Looked at
134lines of code in2files - Skipped
0files when reviewing. - Skipped posting
0drafted comments based on config settings.
Workflow ID: wflow_K6wXn7sqPvfzbIGF
Want Ellipsis to fix these issues? Tag @ellipsis-dev in a comment. You can customize Ellipsis with 👍 / 👎 feedback, review rules, user-specific overrides, quiet mode, and more.
⌛ 8 days left in your free trial, upgrade for $20/seat/month or contact us.
MacOs Cloud Signing Workflow
Adds basic support for current signing workflow implemented in a headless fashion relying on circleci cloud runners.
Signs app bundle and DMG archive and then notarizes and staples same, with verbose error reporting in the case of a notarization failure.
Summary:
Added macOS signing workflow to CircleCI configuration, including steps for signing, notarizing, and stapling the app bundle and DMG archive.
Key points:
.circleci/continue_config.yml.sign-offline-chat-installer-macosandnotarize-offline-chat-installer-macosjobs.sign-offline-chat-installer-macossets up keychain, signs app bundle and DMG.notarize-offline-chat-installer-macosnotarizes and staples the signed DMG..circleci/grab_notary_id.pyto extract notarization ID from logs.Generated with ❤️ by ellipsis.dev