From 276d8a826516f56043585667545c26b6254c8252 Mon Sep 17 00:00:00 2001 From: Michal Checinski Date: Wed, 31 Jan 2024 12:55:36 +0100 Subject: [PATCH] Change way of signing universal binary --- .github/workflows/build-cli.yml | 44 ++++++++++++++++----------------- 1 file changed, 22 insertions(+), 22 deletions(-) diff --git a/.github/workflows/build-cli.yml b/.github/workflows/build-cli.yml index 20580082a..e3cd4eefb 100644 --- a/.github/workflows/build-cli.yml +++ b/.github/workflows/build-cli.yml @@ -393,22 +393,22 @@ jobs: - name: Sign binary env: MACOS_CERTIFICATE_NAME: ${{ steps.retrieve-secrets-macos.outputs.macos-bws-certificate-name }} - run: /usr/bin/codesign --force -s "$MACOS_CERTIFICATE_NAME" --options runtime ./bws-aarch64-apple-darwin/bws -v + run: codesign -s "$MACOS_NOTARIZATION_TEAM_ID" -f --timestamp -o runtime -i "com.bitwarden.bws" --entitlements "./crates/bws/entitlements.plist" ./bws-aarch64-apple-darwin/bws-v # - name: Create pkg # env: # MACOS_CERTIFICATE_NAME: ${{ steps.retrieve-secrets-macos.outputs.macos-bws-certificate-name }} # run: pkgbuild --root ./bws-aarch64-apple-darwin --identifier "com.bitwarden.bws.pkg" --install-location "/" --sign $MACOS_CERTIFICATE_NAME --version "${{ env._PACKAGE_VERSION }}" "./bws-aarch64-apple-darwin/bws-${{ env._PACKAGE_VERSION }}.pkg" - - name: Create dmg - run: | - hdiutil create ./tmp.dmg -volname "Bitwarden Secrets Manager CLI" -srcfolder ./bws-aarch64-apple-darwin -ov -fs HFS+ - hdiutil convert ./tmp.dmg -format UDZO -o ./bws-macos-universal-pkg-${{ env._PACKAGE_VERSION }}.dmg + # - name: Create dmg + # run: | + # hdiutil create ./tmp.dmg -volname "Bitwarden Secrets Manager CLI" -srcfolder ./bws-aarch64-apple-darwin -ov -fs HFS+ + # hdiutil convert ./tmp.dmg -format UDZO -o ./bws-macos-universal-pkg-${{ env._PACKAGE_VERSION }}.dmg - - name: Sign dmg - env: - MACOS_CERTIFICATE_NAME: ${{ steps.retrieve-secrets-macos.outputs.macos-bws-certificate-name }} - run: /usr/bin/codesign --force -s "$MACOS_CERTIFICATE_NAME" --options runtime ./bws-macos-universal-pkg-${{ env._PACKAGE_VERSION }}.dmg -v + # - name: Sign dmg + # env: + # MACOS_CERTIFICATE_NAME: ${{ steps.retrieve-secrets-macos.outputs.macos-bws-certificate-name }} + # run: /usr/bin/codesign --force -s "$MACOS_CERTIFICATE_NAME" --options runtime ./bws-macos-universal-pkg-${{ env._PACKAGE_VERSION }}.dmg -v - name: Notarize app env: @@ -426,20 +426,20 @@ jobs: echo "Notarize app" xcrun notarytool submit "notarization.zip" --keychain-profile "notarytool-profile" --wait - rm notarization.zip + # rm notarization.zip - echo "Creating temp notarization archive" - ditto -c -k --keepParent "./bws-macos-universal-pkg-${{ env._PACKAGE_VERSION }}.dmg" "notarization.zip" + # echo "Creating temp notarization archive" + # ditto -c -k --keepParent "./bws-macos-universal-pkg-${{ env._PACKAGE_VERSION }}.dmg" "notarization.zip" - echo "Notarize dmg" - xcrun notarytool submit "notarization.zip" --keychain-profile "notarytool-profile" --wait + # echo "Notarize dmg" + # xcrun notarytool submit "notarization.zip" --keychain-profile "notarytool-profile" --wait - xcrun stapler staple "./bws-macos-universal-pkg-${{ env._PACKAGE_VERSION }}.dmg" + # xcrun stapler staple "./bws-macos-universal-pkg-${{ env._PACKAGE_VERSION }}.dmg" - name: Zip universal artifact run: | zip ./bws-macos-universal-${{ env._PACKAGE_VERSION }}.zip ./bws-macos-universal/bws - zip ./bws-macos-universal-dmg-${{ env._PACKAGE_VERSION }}.zip ./bws-macos-universal-pkg-${{ env._PACKAGE_VERSION }}.dmg + # zip ./bws-macos-universal-dmg-${{ env._PACKAGE_VERSION }}.zip ./bws-macos-universal-pkg-${{ env._PACKAGE_VERSION }}.dmg - name: Upload artifact uses: actions/upload-artifact@694cdabd8bdb0f10b2cea11669e1bf5453eed0a6 # v4.2.0 @@ -448,12 +448,12 @@ jobs: path: ./bws-macos-universal-${{ env._PACKAGE_VERSION }}.zip if-no-files-found: error - - name: Upload pkg artifact - uses: actions/upload-artifact@694cdabd8bdb0f10b2cea11669e1bf5453eed0a6 # v4.2.0 - with: - name: bws-macos-universal-dmg-${{ env._PACKAGE_VERSION }}.zip - path: ./bws-macos-universal-dmg-${{ env._PACKAGE_VERSION }}.zip - if-no-files-found: error + # - name: Upload pkg artifact + # uses: actions/upload-artifact@694cdabd8bdb0f10b2cea11669e1bf5453eed0a6 # v4.2.0 + # with: + # name: bws-macos-universal-dmg-${{ env._PACKAGE_VERSION }}.zip + # path: ./bws-macos-universal-dmg-${{ env._PACKAGE_VERSION }}.zip + # if-no-files-found: error third_party: name: Generate THIRDPARTY.html