From 08b1011c7942496bdadaa3bab537d09c88fe2f96 Mon Sep 17 00:00:00 2001 From: Jason Rivers Date: Tue, 29 Aug 2023 16:27:52 +0100 Subject: [PATCH 1/6] Update Jenkins scripts to notarize on different mac from packaging. --- CI/packagescripts/osx/notarise.sh | 24 +++++++++++++++++++++++- CI/packagescripts/osx/packageOSX.sh | 7 ------- Jenkinsfile | 18 +++++++++++++++++- 3 files changed, 40 insertions(+), 9 deletions(-) diff --git a/CI/packagescripts/osx/notarise.sh b/CI/packagescripts/osx/notarise.sh index f5fa5385..6d4333a0 100644 --- a/CI/packagescripts/osx/notarise.sh +++ b/CI/packagescripts/osx/notarise.sh @@ -1,4 +1,7 @@ #!/bin/bash + +APPLE_TEAM="6LKE87V3BD" + # functions for notarising a file notarizefile() { # $1: path to file to notarize @@ -33,4 +36,23 @@ notarizefile() { # $1: path to file to notarize exit 1 fi -} \ No newline at end of file +} + +## This should be moved to a common script called by both notarise and package. + +PackageName=$(node -e "console.log($(cat package.json).productName)") # "Ride-4.0" or similar +SHIPDIRECTORY=ship +if [ -s _/version ]; then +RIDEVERSION=`cat _/version` +else +RIDEVERSION=9.9.9 +fi +REVISION_VERSION=`echo $RIDEVERSION | sed 's/[0-9]*\.[0-9]*\.\([0-9]*\)/\1/'` +ARCHIVENAME=`echo "${SHIPDIRECTORY}/${APPNAME}.${REVISION_VERSION}_mac.pkg" | tr '[:upper:]' '[:lower:]'` + +# upload for notarization + notarizefile "$ARCHIVENAME" + +# staple result +echo "## Stapling $ARCHIVENAME" +/usr/bin/xcrun stapler staple "$ARCHIVENAME" \ No newline at end of file diff --git a/CI/packagescripts/osx/packageOSX.sh b/CI/packagescripts/osx/packageOSX.sh index c2ed9686..0210cd71 100755 --- a/CI/packagescripts/osx/packageOSX.sh +++ b/CI/packagescripts/osx/packageOSX.sh @@ -1,5 +1,4 @@ #!/bin/bash -source "$(dirname "$0")/notarise.sh" set -x -e -o pipefail # The following variables must be set prior to invoking this script @@ -78,11 +77,5 @@ ARCHIVENAME=`echo "${SHIPDIRECTORY}/${APPNAME}.${REVISION_VERSION}_mac.pkg" | tr --sign "$APPLE_CERT_INSTALLER" \ "$ARCHIVENAME" -# upload for notarization -notarizefile "$ARCHIVENAME" - -# staple result -echo "## Stapling $ARCHIVENAME" -/usr/bin/xcrun stapler staple "$ARCHIVENAME" echo '## Done!' diff --git a/Jenkinsfile b/Jenkinsfile index 8ed617e8..ca1f3047 100644 --- a/Jenkinsfile +++ b/Jenkinsfile @@ -44,7 +44,7 @@ pipeline { } stage ('Mac Build and Packaging') { agent { - label 'Mac && x86 && Build && notarytool' + label 'Mac && x86 && Build' } steps { sh 'rm -Rf _ ship' @@ -80,6 +80,22 @@ pipeline { } } } + stage ('OSX Notorise') { + agent { + label 'notarytool' + } + steps { + unstash 'mac-ship' + withCredentials([usernamePassword(credentialsId: '868dda6c-aaec-4ee4-845a-57362dec695b', passwordVariable: 'APPLE_APP_PASS', usernameVariable: 'APPLE_ID')]) { + sh "CI/packagescripts/osx/notarise.sh" + } + } + when { + not { + branch 'PR-*' + } + } + } stage ('Copy install images') { agent { docker { From 73a7097b04ba8a03ff37f4ee437397b379018bc3 Mon Sep 17 00:00:00 2001 From: Jason Rivers Date: Tue, 29 Aug 2023 16:45:29 +0100 Subject: [PATCH 2/6] fix execute permissions on notarise script --- CI/packagescripts/osx/notarise.sh | 0 1 file changed, 0 insertions(+), 0 deletions(-) mode change 100644 => 100755 CI/packagescripts/osx/notarise.sh diff --git a/CI/packagescripts/osx/notarise.sh b/CI/packagescripts/osx/notarise.sh old mode 100644 new mode 100755 From 27ac42419215fef1e40670bff562a1e8b31f17ef Mon Sep 17 00:00:00 2001 From: Jason Rivers Date: Tue, 29 Aug 2023 16:52:49 +0100 Subject: [PATCH 3/6] Unstash version files --- Jenkinsfile | 1 + 1 file changed, 1 insertion(+) diff --git a/Jenkinsfile b/Jenkinsfile index ca1f3047..45dcfcbf 100644 --- a/Jenkinsfile +++ b/Jenkinsfile @@ -85,6 +85,7 @@ pipeline { label 'notarytool' } steps { + unstash 'ride-version' unstash 'mac-ship' withCredentials([usernamePassword(credentialsId: '868dda6c-aaec-4ee4-845a-57362dec695b', passwordVariable: 'APPLE_APP_PASS', usernameVariable: 'APPLE_ID')]) { sh "CI/packagescripts/osx/notarise.sh" From 665e46433c09a460cd3caa37e8669e7fa91985b8 Mon Sep 17 00:00:00 2001 From: Jason Rivers Date: Wed, 30 Aug 2023 09:06:47 +0100 Subject: [PATCH 4/6] fix missing APPNAME for notarising --- CI/packagescripts/osx/notarise.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/CI/packagescripts/osx/notarise.sh b/CI/packagescripts/osx/notarise.sh index 6d4333a0..60cd6af2 100755 --- a/CI/packagescripts/osx/notarise.sh +++ b/CI/packagescripts/osx/notarise.sh @@ -40,7 +40,7 @@ notarizefile() { # $1: path to file to notarize ## This should be moved to a common script called by both notarise and package. -PackageName=$(node -e "console.log($(cat package.json).productName)") # "Ride-4.0" or similar +APPNAME=$(node -e "console.log($(cat package.json).productName)") # "Ride-4.0" or similar SHIPDIRECTORY=ship if [ -s _/version ]; then RIDEVERSION=`cat _/version` From aae58d72cb189d45873c4082dd4647298adbb79b Mon Sep 17 00:00:00 2001 From: Jason Rivers Date: Wed, 30 Aug 2023 09:35:04 +0100 Subject: [PATCH 5/6] Re-Stash pkg file after it's been stapled --- Jenkinsfile | 1 + 1 file changed, 1 insertion(+) diff --git a/Jenkinsfile b/Jenkinsfile index 45dcfcbf..585a075d 100644 --- a/Jenkinsfile +++ b/Jenkinsfile @@ -90,6 +90,7 @@ pipeline { withCredentials([usernamePassword(credentialsId: '868dda6c-aaec-4ee4-845a-57362dec695b', passwordVariable: 'APPLE_APP_PASS', usernameVariable: 'APPLE_ID')]) { sh "CI/packagescripts/osx/notarise.sh" } + stash name: 'mac-ship', includes: 'ship/*' } when { not { From ea4d2b43066761128a9b752452f81ce78ba080e4 Mon Sep 17 00:00:00 2001 From: Jason Rivers Date: Wed, 30 Aug 2023 10:28:19 +0100 Subject: [PATCH 6/6] Clean directories before unstashing for notarize --- Jenkinsfile | 2 ++ 1 file changed, 2 insertions(+) diff --git a/Jenkinsfile b/Jenkinsfile index 585a075d..c2b2f5c5 100644 --- a/Jenkinsfile +++ b/Jenkinsfile @@ -85,6 +85,8 @@ pipeline { label 'notarytool' } steps { + sh 'rm -Rf ship' + sh 'rm -Rf _' unstash 'ride-version' unstash 'mac-ship' withCredentials([usernamePassword(credentialsId: '868dda6c-aaec-4ee4-845a-57362dec695b', passwordVariable: 'APPLE_APP_PASS', usernameVariable: 'APPLE_ID')]) {