Merge pull request #27 from Data-Tech-International/develop

New pipeline for Mac OS

.github/workflows/CI.yml

@@ -14,7 +14,7 @@ jobs:
 
     env:
       Solution_Name: SecureElementReader.sln                   
-      Test_Project_Path: test\SecureElementReader.App.Test\SecureElementReader.App.Test.csproj   
+      Test_Project_Path: test\SecureElementReader.Test\SecureElementReader.Test.csproj   
 
 
     steps:

.github/workflows/Publish.yml

@@ -5,8 +5,8 @@ on:
     branches: [ "main" ]  
 
 env:
-  PROJECT_PATH: src/SecureElementReader.App/SecureElementReader.App.csproj
-  MACOS_PATH: src/SecureElementReader.App/bin/Release/net6.0/osx-x64/publish
+  PROJECT_PATH: src/SecureElementReader/SecureElementReader.csproj
+  MACOS_PATH: src/SecureElementReader/bin/Release/net6.0/osx-x64/publish
 
 jobs:
   build:
@@ -20,11 +20,11 @@ jobs:
         os: [macos-latest, windows-latest, ubuntu-latest]
         include:
           - os: ubuntu-latest
-            zip_name: linux-x64         
+            os_name: linux-x64         
           - os: macos-latest
-            zip_name: osx-x64            
+            os_name: osx-x64            
           - os: windows-latest
-            zip_name: win-x64
+            os_name: win-x64
 
     steps:
       - uses: actions/checkout@v2
@@ -47,112 +47,110 @@ jobs:
           useConfigFile: true
           configFilePath: .github/workflows/GitVersion.yml
 
-      - name: Restore project 
-        if: matrix.os != 'macos-latest'
-        run: dotnet restore ${{ env.PROJECT_PATH }}
-
-      - name: Build project 
-        if: matrix.os != 'macos-latest'
-        run: dotnet build ${{ env.PROJECT_PATH }} -c Release --no-restore
-
-      - name: Publish project for ${{ matrix.os }}
-        if: matrix.os != 'macos-latest'
-        run: dotnet publish ${{ env.PROJECT_PATH }} -c Release -r ${{ matrix.zip_name }} -p:PublishSingleFile=true -p:AssemblyVersion=${{ steps.gitversion.outputs.semVer }}
-
-      - name: Publish project for OSx
-        if: matrix.os == 'macos-latest'        
+      - name: Linux
+        if: matrix.os == 'ubuntu-latest'
         run: |
-          cd src/SecureElementReader.App
+          dotnet restore ${{ env.PROJECT_PATH }}
+          dotnet build ${{ env.PROJECT_PATH }} -c Release --no-restore
+          dotnet publish ${{ env.PROJECT_PATH }} -c Release -r ${{ matrix.os_name }}  --self-contained -p:PublishSingleFile=true -p:AssemblyVersion=${{ steps.gitversion.outputs.semVer }}          
+          
+      - name: Windows
+        if: matrix.os == 'windows-latest'
+        run: |
+          dotnet restore ${{ env.PROJECT_PATH }} -r win-x64 
+          dotnet build ${{ env.PROJECT_PATH }} -c Release --no-restore  -p:PublishSingleFile=true
+          dotnet publish ${{ env.PROJECT_PATH }} -c Release -r win-x64 --self-contained -p:PublishSingleFile=true --no-build -p:AssemblyVersion=${{ steps.gitversion.outputs.semVer }}
+                  
+      - name: Publish project for mac
+        if: matrix.os == 'macos-latest'
+        run: |
+          cd src/SecureElementReader
           dotnet restore -r osx-x64
-          dotnet msbuild -t:BundleApp -p:RuntimeIdentifier=osx-x64 -property:Configuration=Release -p:AssemblyVersion=${{ steps.gitversion.outputs.semVer }} -p:UseAppHost=true
+          dotnet msbuild -t:BundleApp -p:TargetFramework=net6.0 -p:RuntimeIdentifier=osx-x64 -property:Configuration=Release -p:AssemblyVersion=${{ steps.gitversion.outputs.semVer }} -p:UseAppHost=true
+          dotnet publish -c Release -p:TargetFramework=net6.0 -p:RuntimeIdentifier=osx-x64  -p:AssemblyVersion=${{ steps.gitversion.outputs.semVer }} --self-contained true
           mkdir Assets/logo.iconset
           cp Assets/taxcore.png Assets/logo.iconset/icon_512x512.png
           iconutil -c icns Assets/logo.iconset
-          cp Assets/logo.icns bin/Release/net6.0/osx-x64/publish/SecureElementReader.App.app/Contents/Resources/logo.icns
+          cp Assets/logo.icns bin/Release/net6.0/osx-x64/publish/SecureElementReader.app/Contents/Resources/logo.icns
           rm Assets/logo.icns
           rm -rf Assets/logo.iconset
           
-      - name: Codesign app bundle
+      - name: Setup Keychain
         if: matrix.os == 'macos-latest'
-        env: 
-          MACOS_CERTIFICATE: ${{ secrets.PROD_MACOS_CERTIFICATE }}
-          MACOS_CERTIFICATE_PWD: ${{ secrets.PROD_MACOS_CERTIFICATE_PWD }}
-          MACOS_CERTIFICATE_NAME: ${{ secrets.PROD_MACOS_CERTIFICATE_NAME }}
-          MACOS_CI_KEYCHAIN_PWD: ${{ secrets.PROD_MACOS_CI_KEYCHAIN_PWD }}
-        run: |          
-          echo $MACOS_CERTIFICATE | base64 --decode > certificate.p12
+        run: |
           
-          security create-keychain -p "$MACOS_CI_KEYCHAIN_PWD" build.keychain 
+          security create-keychain -p "${{ secrets.PROD_MACOS_CI_KEYCHAIN_PWD }}" build.keychain
           security default-keychain -s build.keychain
-          security unlock-keychain -p "$MACOS_CI_KEYCHAIN_PWD" build.keychain
-          security import certificate.p12 -k build.keychain -P "$MACOS_CERTIFICATE_PWD" -T /usr/bin/codesign
-          security set-key-partition-list -S apple-tool:,apple:,codesign: -s -k "$MACOS_CI_KEYCHAIN_PWD" build.keychain
+          security unlock-keychain -p "${{ secrets.PROD_MACOS_CI_KEYCHAIN_PWD }}" build.keychain      
+          echo "${{ secrets.PROD_MACOS_CERTIFICATE }}" | base64 --decode > certificate.p12
+          security import certificate.p12 -k build.keychain -P "${{ secrets.PROD_MACOS_CERTIFICATE_PWD }}" -T /usr/bin/codesign          
+          security set-key-partition-list -S apple-tool:,apple:,codesign: -s -k "${{ secrets.PROD_MACOS_CI_KEYCHAIN_PWD }}" build.keychain          
           xcrun notarytool store-credentials "AC_PASSWORD" --apple-id "${{ secrets.PROD_MACOS_NOTARIZATION_APPLE_ID }}" --team-id ${{ secrets.PROD_MACOS_NOTARIZATION_TEAM_ID }} --password "${{ secrets.PROD_MACOS_NOTARIZATION_PWD }}"
-    
+        
       - name: Codesign app
-        if: matrix.os == 'macos-latest'
+        if: matrix.os == 'macos-latest'      
         run: |
-          find "${{ env.MACOS_PATH }}/SecureElementReader.App.app/Contents/MacOS"|while read fname; do
+          find "${{ env.MACOS_PATH }}/SecureElementReader.app/Contents/MacOS"|while read fname; do
             if [ -f "$fname" ]
-              then
+            then
                 echo "[INFO] Signing $fname"
-                codesign --force --deep --timestamp --options=runtime --entitlements SEReader.entitlements --sign "${{ secrets.PROD_MACOS_CERTIFICATE_NAME }}" "$fname"
+                codesign --force --deep --timestamp --options=runtime --entitlements SecureElementReader.entitlements --sign "${{ secrets.PROD_MACOS_CERTIFICATE_NAME }}" "$fname"
             fi
           done
-          #codesign --force --timestamp --options=runtime --entitlements SEReader.entitlements --sign "${{ secrets.PROD_MACOS_CERTIFICATE_NAME }}" "$RUNNER_TEMP/SEReader.app"
-        
-      - name: chmod
-        if: matrix.os == 'macos-latest'
-        run: |
-          cd ${{ env.MACOS_PATH }}/SecureElementReader.App.app/Contents/MacOS
-          chmod +x SecureElementReader.App
-          chmod 755 SecureElementReader.App
+          codesign --force --timestamp --options=runtime --entitlements SecureElementReader.entitlements --sign "${{ secrets.PROD_MACOS_CERTIFICATE_NAME }}" "${{ env.MACOS_PATH }}/SecureElementReader.app"  
           
       - name: Notarise app
-        if: matrix.os == 'macos-latest'
+        if: matrix.os == 'macos-latest'      
         run: |
-          ditto -c -k --sequesterRsrc --keepParent "${{ env.MACOS_PATH }}/SecureElementReader.App.app" "SEReader.zip"
-          xcrun notarytool submit "SEReader.zip" --wait --keychain-profile "AC_PASSWORD"
-          xcrun stapler staple ${{ env.MACOS_PATH }}/SecureElementReader.App.app
-          
+          ditto -c -k --sequesterRsrc --keepParent "${{ env.MACOS_PATH }}/SecureElementReader.app" "${{ steps.gitversion.outputs.semVer }}.${{ matrix.os_name }}.zip"
+          xcrun notarytool submit "${{ steps.gitversion.outputs.semVer }}.${{ matrix.os_name }}.zip" --wait --keychain-profile "AC_PASSWORD"
+          xcrun stapler staple "${{ env.MACOS_PATH }}/SecureElementReader.app" 
+                         
       - name: Windows code signing
         if: matrix.os == 'windows-latest'
         uses: neoz-technologies/code-sign-action@v3
         with:        
           certificate: ${{ secrets.CERT_FOR_SIGN }}
           password: ${{ secrets.CERT_PW }}
-          folder: 'src\SecureElementReader.App\bin\Release\net6.0\win-x64\publish\'
-          recursive: true        
+          folder: 'src\SecureElementReader\bin\Release\net6.0\win-x64\publish\'
+          recursive: true                                        
 
-      - name: Zip ${{ matrix.zip_name }} releases 
-        if: matrix.os != 'macos-latest'
+      - name: Zip Linux releases 
+        if: matrix.os == 'ubuntu-latest'
         uses: vimtor/action-zip@v1
         with:   
-          files: src/SecureElementReader.App/bin/Release/net6.0/${{ matrix.zip_name }}/publish/
-          dest: ${{ steps.gitversion.outputs.semVer }}.${{ matrix.zip_name }}.zip
-
-      - name: Upload ${{ matrix.zip_name }} artifacts 
-        uses: actions/upload-artifact@v2
-        if: matrix.os != 'macos-latest'
-        with:
-          name: ${{ steps.gitversion.outputs.semVer }}.${{ matrix.zip_name }}.zip
-          path: ${{ steps.gitversion.outputs.semVer }}.${{ matrix.zip_name }}.zip   
+          files: src/SecureElementReader/bin/Release/net6.0/linux-x64/publish/
+          dest: ${{ steps.gitversion.outputs.semVer }}.${{ matrix.os_name }}.zip
 
-      - name: Zip OSx release
-        if: matrix.os == 'macos-latest'
-        run: |
-          cd ${{ env.MACOS_PATH }}
-          zip -r SecureElementReader.App.app.zip SecureElementReader.App.app
-    
-      - name: Upload OSx artifacts
+      - name: Zip Win releases 
+        if: matrix.os == 'windows-latest'
+        uses: vimtor/action-zip@v1
+        with:   
+          files: src/SecureElementReader/bin/Release/net6.0/win-x64/publish/
+          dest: ${{ steps.gitversion.outputs.semVer }}.${{ matrix.os_name }}.zip   
+
+      - name: Upload macos artifacts 
         uses: actions/upload-artifact@v2
         if: matrix.os == 'macos-latest'
         with:
-          name: ${{ steps.gitversion.outputs.semVer }}.osx-x64.zip
-          path: ${{ env.MACOS_PATH }}/SecureElementReader.App.app.zip   
-
+          name: ${{ steps.gitversion.outputs.semVer }}.${{ matrix.os_name }}.zip
+          path: /Users/runner/work/Secure-Element-Reader/Secure-Element-Reader/${{ steps.gitversion.outputs.semVer }}.${{ matrix.os_name }}.zip           
+
+      - name: Upload ${{ matrix.name }} artifacts 
+        uses: actions/upload-artifact@v2
+        if: matrix.os == 'ubuntu-latest'
+        with:
+          name: ${{ steps.gitversion.outputs.semVer }}.${{ matrix.os_name }}.zip
+          path: ${{ steps.gitversion.outputs.semVer }}.${{ matrix.os_name }}.zip  
 
-  publis:
+      - name: Upload ${{ matrix.name }} artifacts 
+        uses: actions/upload-artifact@v2
+        if: matrix.os == 'windows-latest'
+        with:
+          name: ${{ steps.gitversion.outputs.semVer }}.${{ matrix.os_name }}.zip
+          path: ${{ steps.gitversion.outputs.semVer }}.${{ matrix.os_name }}.zip            
+
+  publish:
     name: Publish
     runs-on: ubuntu-latest
     needs: build
@@ -169,10 +167,7 @@ jobs:
 
       - uses: actions/download-artifact@v2
         with:
-          name: ${{ needs.build.outputs.semVer }}.linux-x64.zip     
-
-      - name: Rename file
-        run: mv SecureElementReader.App.app.zip ${{ needs.build.outputs.semVer }}.osx-x64.zip
+          name: ${{ needs.build.outputs.semVer }}.linux-x64.zip         
 
       - name: Create Tag
         uses: Yanjingzhu/FirstJSAction@v1.3
@@ -203,4 +198,3 @@ jobs:
 
       - name: Delete Build Artifact
         uses: joutvhu/delete-artifact@v1.0.1
-

SecureElementReader.entitlements

@@ -0,0 +1,27 @@
+<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
+<plist version="1.0">
+<dict>
+    <key>com.apple.security.automation.apple-events</key>
+    <true/>
+    <key>com.apple.security.cs.allow-jit</key>
+    <true/>
+    <key>com.apple.security.cs.allow-dyld-environment-variables</key>
+    <true/>
+    <key>com.apple.security.cs.allow-unsigned-executable-memory</key>
+    <true/>
+    <key>com.apple.security.cs.disable-library-validation</key>
+    <true/>    
+    <key>com.apple.security.files.bookmarks.document-scope</key>
+    <true/>      
+    <key>com.apple.security.files.downloads.read-write</key>
+    <true/> 
+    <key>com.apple.security.cs.disable-executable-page-protection</key>
+    <true/>
+    <key>com.apple.security.cs.debugger</key>
+    <true/>
+    <key>com.apple.security.get-task-allow</key>
+    <true/>
+    <key>com.apple.security.hypervisor</key>
+    <true/>    
+</dict>
+</plist>

SecureElementReader.sln

@@ -7,9 +7,9 @@ Project("{2150E333-8FDC-42A3-9474-1A3956D46DE8}") = "src", "src", "{FC9C1549-F1A
 EndProject
 Project("{2150E333-8FDC-42A3-9474-1A3956D46DE8}") = "test", "test", "{4D690E19-6ACF-42CF-B2EF-61F5C03D96B4}"
 EndProject
-Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "SecureElementReader.App", "src\SecureElementReader.App\SecureElementReader.App.csproj", "{F3BC73AD-F3C1-4285-9832-E6F34A3C8038}"
+Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "SecureElementReader", "src\SecureElementReader\SecureElementReader.csproj", "{F3BC73AD-F3C1-4285-9832-E6F34A3C8038}"
 EndProject
-Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "SecureElementReader.App.Test", "test\SecureElementReader.App.Test\SecureElementReader.App.Test.csproj", "{EF356EC5-3637-4673-9A4D-8B4F8170BBA8}"
+Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "SecureElementReader.Test", "test\SecureElementReader.Test\SecureElementReader.Test.csproj", "{EF356EC5-3637-4673-9A4D-8B4F8170BBA8}"
 EndProject
 Global
 	GlobalSection(SolutionConfigurationPlatforms) = preSolution