From cc52c7086d6a7a469ab2cd611a6a0f34f9c223c3 Mon Sep 17 00:00:00 2001 From: Hien To Date: Wed, 15 May 2024 16:45:39 +0700 Subject: [PATCH] Add codesign for cortex cpp --- .../{build.yml => cortex-cpp-build.yml} | 34 +++++++++++++++- ...y-gate.yml => cortex-cpp-quality-gate.yml} | 7 +++- cortex-cpp/Makefile | 39 ++++++++++++++++--- 3 files changed, 72 insertions(+), 8 deletions(-) rename .github/workflows/{build.yml => cortex-cpp-build.yml} (83%) rename .github/workflows/{quality-gate.yml => cortex-cpp-quality-gate.yml} (97%) diff --git a/.github/workflows/build.yml b/.github/workflows/cortex-cpp-build.yml similarity index 83% rename from .github/workflows/build.yml rename to .github/workflows/cortex-cpp-build.yml index 716dfd679..ac2d3236f 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/cortex-cpp-build.yml @@ -1,4 +1,4 @@ -name: CI +name: CI Cortex CPP on: push: @@ -25,7 +25,8 @@ jobs: steps: - name: Extract tag name without v prefix id: get_version - run: echo "VERSION=${GITHUB_REF#refs/tags/v}" >> $GITHUB_ENV && echo "::set-output name=version::${GITHUB_REF#refs/tags/v}" + run: | + echo "VERSION=${GITHUB_REF#refs/tags/v}" >> $GITHUB_ENV && echo "::set-output name=version::${GITHUB_REF#refs/tags/v}" env: GITHUB_REF: ${{ github.ref }} - name: Create Draft Release @@ -166,11 +167,40 @@ jobs: run: | choco install make -y + - name: Get Cer for code signing + if: ${{ matrix.runs-on }} == 'macos-13' + run: base64 -d <<< "$CODE_SIGN_P12_BASE64" > /tmp/codesign.p12 + shell: bash + env: + CODE_SIGN_P12_BASE64: ${{ secrets.CODE_SIGN_P12_BASE64 }} + + - uses: apple-actions/import-codesign-certs@v2 + if: ${{ matrix.runs-on }} == 'macos-13' + with: + p12-file-base64: ${{ secrets.CODE_SIGN_P12_BASE64 }} + p12-password: ${{ secrets.CODE_SIGN_P12_PASSWORD }} + + - name: Unblock keychain + if: ${{ matrix.runs-on }} == 'mac-silicon' + run: | + security unlock-keychain -p ${{ secrets.KEYCHAIN_PASSWORD }} ~/Library/Keychains/login.keychain-db + - name: Build run: | cd cortex-cpp make build CMAKE_EXTRA_FLAGS="${{ matrix.cmake-flags }}" + - name: Pre-package + run: | + cd cortex-cpp + make pre-package + + - name: Code Signing + run: | + cd cortex-cpp + make codesign AZURE_KEY_VAULT_URI="${{ secrets.AZURE_KEY_VAULT_URI }}" AZURE_CLIENT_ID="${{ secrets.AZURE_CLIENT_ID }}" AZURE_TENANT_ID="${{ secrets.AZURE_TENANT_ID }}" AZURE_CLIENT_SECRET="${{ secrets.AZURE_CLIENT_SECRET }}" AZURE_CERT_NAME="${{ secrets.AZURE_CERT_NAME }}" DEVELOPER_ID="${{ secrets.DEVELOPER_ID }}" + + - name: Package run: | cd cortex-cpp diff --git a/.github/workflows/quality-gate.yml b/.github/workflows/cortex-cpp-quality-gate.yml similarity index 97% rename from .github/workflows/quality-gate.yml rename to .github/workflows/cortex-cpp-quality-gate.yml index 909ab7e77..33c8a4533 100644 --- a/.github/workflows/quality-gate.yml +++ b/.github/workflows/cortex-cpp-quality-gate.yml @@ -1,4 +1,4 @@ -name: CI Quality Gate +name: CI Quality Gate Cortex CPP on: pull_request: @@ -145,6 +145,11 @@ jobs: cd cortex-cpp make build CMAKE_EXTRA_FLAGS="${{ matrix.cmake-flags }}" + - name: Pre-package + run: | + cd cortex-cpp + make pre-package + - name: Package run: | cd cortex-cpp diff --git a/cortex-cpp/Makefile b/cortex-cpp/Makefile index e9f1d85b0..d21dd67b6 100644 --- a/cortex-cpp/Makefile +++ b/cortex-cpp/Makefile @@ -6,6 +6,13 @@ CMAKE_EXTRA_FLAGS ?= "" RUN_TESTS ?= false LLM_MODEL_URL ?= "https://delta.jan.ai/tinyllama-1.1b-chat-v0.3.Q2_K.gguf" EMBEDDING_MODEL_URL ?= "https://catalog.jan.ai/dist/models/embeds/nomic-embed-text-v1.5.f16.gguf" +CODE_SIGN ?= false +AZURE_KEY_VAULT_URI ?= xxxx +AZURE_CLIENT_ID ?= xxxx +AZURE_TENANT_ID ?= xxxx +AZURE_CLIENT_SECRET ?= xxxx +AZURE_CERT_NAME ?= xxxx +DEVELOPER_ID ?= xxxx # Default target, does nothing all: @@ -29,7 +36,7 @@ else make -j4; endif -package: +pre-package: ifeq ($(OS),Windows_NT) @powershell -Command "mkdir -p cortex-cpp\engines\cortex.llamacpp\; cp -r build\engines\cortex.llamacpp\engine.dll cortex-cpp\engines\cortex.llamacpp\;" @powershell -Command "cp -r build\Release\cortex-cpp.exe .\cortex-cpp\;" @@ -37,16 +44,38 @@ ifeq ($(OS),Windows_NT) @powershell -Command "cp -r ..\.github\patches\windows\msvcp140.dll .\cortex-cpp\;" @powershell -Command "cp -r ..\.github\patches\windows\vcruntime140_1.dll .\cortex-cpp\;" @powershell -Command "cp -r ..\.github\patches\windows\vcruntime140.dll .\cortex-cpp\;" - @powershell -Command "7z a -ttar temp.tar cortex-cpp\*; 7z a -tgzip cortex-cpp.tar.gz temp.tar;" else ifeq ($(shell uname -s),Linux) @mkdir -p cortex-cpp/engines/cortex.llamacpp; \ cp build/engines/cortex.llamacpp/libengine.so cortex-cpp/engines/cortex.llamacpp/; \ - cp build/cortex-cpp cortex-cpp/; \ - tar -czvf cortex-cpp.tar.gz cortex-cpp; + cp build/cortex-cpp cortex-cpp/; else @mkdir -p cortex-cpp/engines/cortex.llamacpp; \ cp build/engines/cortex.llamacpp/libengine.dylib cortex-cpp/engines/cortex.llamacpp/; \ - cp build/cortex-cpp cortex-cpp/; \ + cp build/cortex-cpp cortex-cpp/; +endif + +codesign: +ifeq ($(CODE_SIGN),false) + @echo "Skipping Code Sign" + @exit 0 +endif + +ifeq ($(OS),Windows_NT) + @powershell -Command "dotnet tool install --global AzureSignTool;" + @powershell -Command "Get-ChildItem -Path .\cortex-cpp -Recurse | ForEach-Object { & '%USERPROFILE%\.dotnet\tools\azuresigntool.exe' sign -kvu '$(AZURE_KEY_VAULT_URI)' -kvi '$(AZURE_CLIENT_ID)' -kvt '$(AZURE_TENANT_ID)' -kvs '$(AZURE_CLIENT_SECRET)' -kvc '$(AZURE_CERT_NAME)' -tr http://timestamp.globalsign.com/tsa/r6advanced1 -v '$_.FullName' };" +else ifeq ($(shell uname -s),Linux) + @echo "Skipping Code Sign for linux" + @exit 0 +else + find "cortex-cpp" -type f -exec codesign --force -s "$(DEVELOPER_ID)" --options=runtime {} \; +endif + +package: +ifeq ($(OS),Windows_NT) + @powershell -Command "7z a -ttar temp.tar cortex-cpp\*; 7z a -tgzip cortex-cpp.tar.gz temp.tar;" +else ifeq ($(shell uname -s),Linux) + tar -czvf cortex-cpp.tar.gz cortex-cpp; +else tar -czvf cortex-cpp.tar.gz cortex-cpp; endif