Skip to content

Commit

Permalink
redo build script for PRs
Browse files Browse the repository at this point in the history
  • Loading branch information
@erikng
erikng committed Jul 23, 2024
1 parent 2671aa3 commit 32fa490
Show file tree
Hide file tree
Showing 2 changed files with 51 additions and 46 deletions.
4 changes: 2 additions & 2 deletions .github/workflows/build_nudge_pr.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -31,7 +31,7 @@ jobs:
p12-file-base64: ${{ secrets.PKG_CERTIFICATES_P12_MAOS }}
p12-password: ${{ secrets.PKG_CERTIFICATES_P12_PASSWORD_MAOS }}

- name: Run build package script
- name: Run build script
run: ./build_nudge.zsh

- name: get environment variables
Expand All @@ -40,7 +40,7 @@ jobs:
echo "NUDGE_VERSION=$(/bin/cat ./build_info.txt)" >> $GITHUB_ENV
echo "NUDGE_MAIN_VERSION=$(/bin/cat ./build_info_main.txt)" >> $GITHUB_ENV
- name: Upload packages
- name: Upload zip archive
uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # v3.1.2
with:
name: packages
Expand Down
93 changes: 49 additions & 44 deletions build_nudge.zsh
View file
Original file line number Diff line number Diff line change
Expand Up @@ -56,14 +56,6 @@ echo "Building Nudge"
$XCODE_BUILD -project "$TOOLSDIR/Nudge.xcodeproj" CODE_SIGN_IDENTITY=$APP_SIGNING_IDENTITY OTHER_CODE_SIGN_FLAGS="--timestamp"
check_exit_code "$?" "Error running xcodebuild"

# Setup notary item
$XCODE_NOTARY_PATH store-credentials --apple-id "opensource@macadmins.io" --team-id "T4SK8ZXCXG" --password "$2" nudge

# Zip application for notary
# /usr/bin/ditto -c -k --keepParent "${BUILDSDIR}/Release/Nudge.app" "${BUILDSDIR}/Release/Nudge.zip"
# Notarize nudge application
# $XCODE_NOTARY_PATH submit "${BUILDSDIR}/Release/Nudge.zip" --keychain-profile "nudge" --wait

# Create outputs folder
if [ -e $OUTPUTSDIR ]; then
/bin/rm -rf $OUTPUTSDIR
Expand All @@ -73,6 +65,7 @@ fi
if ! [ -n "$1" ]; then
echo "Did not pass option to create package"
# Move notarized zip to outputs folder
/usr/bin/ditto -c -k --keepParent "${BUILDSDIR}/Release/Nudge.app" "${BUILDSDIR}/Release/Nudge.zip"
/bin/mv "${BUILDSDIR}/Release/Nudge.zip" "$OUTPUTSDIR"
exit 0
fi
Expand Down Expand Up @@ -125,15 +118,7 @@ python3 "${MP_BINDIR}/munki-pkg-${MP_SHA}/munkipkg" "$NUDGE_PKG_PATH"
PKG_RESULT="$?"
check_exit_code "$?" "Could not sign package: Nudge-$AUTOMATED_NUDGE_BUILD.pkg"

# Notarize nudge package
$XCODE_NOTARY_PATH submit "$NUDGE_PKG_PATH/build/Nudge-$AUTOMATED_NUDGE_BUILD.pkg" --keychain-profile "nudge" --wait
check_exit_code "$?" "Could not notarize package: Nudge-$AUTOMATED_NUDGE_BUILD.pkg"
$XCODE_STAPLER_PATH staple "$NUDGE_PKG_PATH/build/Nudge-$AUTOMATED_NUDGE_BUILD.pkg"
check_exit_code "$?" "Could not staple package: Nudge-$AUTOMATED_NUDGE_BUILD.pkg"
# Move the signed pkg
/bin/mv "$NUDGE_PKG_PATH/build/Nudge-$AUTOMATED_NUDGE_BUILD.pkg" "$OUTPUTSDIR"

# move the la to the payload folder
# move the LaunchAgent to the payload folder
echo "Moving LaunchAgent to payload folder"
NUDGE_LA_PKG_PATH="$TOOLSDIR/NudgePkgLA"
if [ -e $NUDGE_LA_PKG_PATH ]; then
Expand Down Expand Up @@ -165,19 +150,11 @@ echo "Moving postinstall to scripts folder"
}
SIGNED_JSONFILE

# Create the signed pkg
# Create the LaunchAgent signed pkg
python3 "${MP_BINDIR}/munki-pkg-${MP_SHA}/munkipkg" "$NUDGE_LA_PKG_PATH"
check_exit_code "$?" "Could not sign package: Nudge_LaunchAgent-1.0.1.pkg"

# Notarize launchagent package
$XCODE_NOTARY_PATH submit "$NUDGE_LA_PKG_PATH/build/Nudge_LaunchAgent-1.0.1.pkg" --keychain-profile "nudge" --wait
check_exit_code "$?" "Could not notarize package: Nudge_LaunchAgent-1.0.1.pkg"
$XCODE_STAPLER_PATH staple "$NUDGE_LA_PKG_PATH/build/Nudge_LaunchAgent-1.0.1.pkg"
check_exit_code "$?" "Could not staple package: Nudge_LaunchAgent-1.0.1.pkg"
# Move the signed pkg
/bin/mv "$NUDGE_LA_PKG_PATH/build/Nudge_LaunchAgent-1.0.1.pkg" "$OUTPUTSDIR"

# move the ld to the payload folder
# move the Logger to the payload folder
echo "Moving LaunchDaemon to logging payload folder"
NUDGE_LD_PKG_PATH="$TOOLSDIR/NudgePkgLogger"
if [ -e $NUDGE_LD_PKG_PATH ]; then
Expand All @@ -191,7 +168,7 @@ echo "Moving LaunchDaemon to logging payload folder"
echo "Moving postinstall to scripts folder"
/bin/cp "${TOOLSDIR}/build_assets/postinstall-logger" "$NUDGE_LD_PKG_PATH/scripts/postinstall"

# Create the json file for the signed munkipkg LaunchAgent pkg
# Create the json file for the signed munkipkg Logger pkg
/bin/cat << SIGNED_JSONFILE > "$NUDGE_LD_PKG_PATH/build-info.json"
{
"distribution_style": true,
Expand All @@ -213,14 +190,6 @@ SIGNED_JSONFILE
python3 "${MP_BINDIR}/munki-pkg-${MP_SHA}/munkipkg" "$NUDGE_LD_PKG_PATH"
check_exit_code "$?" "Could not sign package: Nudge_Logger-1.0.1.pkg"

# Notarize logger package
$XCODE_NOTARY_PATH submit "$NUDGE_LD_PKG_PATH/build/Nudge_Logger-1.0.1.pkg" --keychain-profile "nudge" --wait
check_exit_code "$?" "Could not notarize package: Nudge_Logger-1.0.1.pkg"
$XCODE_STAPLER_PATH staple "$NUDGE_LD_PKG_PATH/build/Nudge_Logger-1.0.1.pkg"
check_exit_code "$?" "Could not staple package: Nudge_Logger-1.0.1.pkg"
# Move the signed pkg
/bin/mv "$NUDGE_LD_PKG_PATH/build/Nudge_Logger-1.0.1.pkg" "$OUTPUTSDIR"

# Create the Essentials package
echo "Moving Nudge.app to payload folder"
ESSENTIALS_PKG_PATH="$TOOLSDIR/NudgePkgEssentials"
Expand Down Expand Up @@ -259,14 +228,6 @@ SIGNED_JSONFILE
python3 "${MP_BINDIR}/munki-pkg-${MP_SHA}/munkipkg" "$ESSENTIALS_PKG_PATH"
check_exit_code "$?" "Could not sign package: Nudge_Essentials-$AUTOMATED_NUDGE_BUILD.pkg"

# Notarize Nudge Essentials package
$XCODE_NOTARY_PATH submit "$ESSENTIALS_PKG_PATH/build/Nudge_Essentials-$AUTOMATED_NUDGE_BUILD.pkg" --keychain-profile "nudge" --wait
check_exit_code "$?" "Could not notarize package: Nudge_Essentials-$AUTOMATED_NUDGE_BUILD.pkg"
$XCODE_STAPLER_PATH staple "$ESSENTIALS_PKG_PATH/build/Nudge_Essentials-$AUTOMATED_NUDGE_BUILD.pkg"
check_exit_code "$?" "Could not staple package: Nudge_Essentials-$AUTOMATED_NUDGE_BUILD.pkg"
# Move the Nudge Essentials signed/notarized pkg
/bin/mv "$ESSENTIALS_PKG_PATH/build/Nudge_Essentials-$AUTOMATED_NUDGE_BUILD.pkg" "$OUTPUTSDIR"

# Create the Suite package
echo "Moving Nudge.app to payload folder"
SUITE_PKG_PATH="$TOOLSDIR/NudgePkgSuite"
Expand Down Expand Up @@ -308,6 +269,50 @@ SIGNED_JSONFILE
python3 "${MP_BINDIR}/munki-pkg-${MP_SHA}/munkipkg" "$SUITE_PKG_PATH"
check_exit_code "$?" "Could not sign package: Nudge_Suite-$AUTOMATED_NUDGE_BUILD.pkg"


# Notarize packages
if ! [ -n "$2" ]; then
echo "Did not pass option to notarize packages"
# Move notarized zip to outputs folder
/bin/mv "${BUILDSDIR}/Release/Nudge.zip" "$OUTPUTSDIR"
exit 0
fi

# Setup notary item
$XCODE_NOTARY_PATH store-credentials --apple-id "opensource@macadmins.io" --team-id "T4SK8ZXCXG" --password "$2" nudge

# Notarize Nudge package
$XCODE_NOTARY_PATH submit "$NUDGE_PKG_PATH/build/Nudge-$AUTOMATED_NUDGE_BUILD.pkg" --keychain-profile "nudge" --wait
check_exit_code "$?" "Could not notarize package: Nudge-$AUTOMATED_NUDGE_BUILD.pkg"
$XCODE_STAPLER_PATH staple "$NUDGE_PKG_PATH/build/Nudge-$AUTOMATED_NUDGE_BUILD.pkg"
check_exit_code "$?" "Could not staple package: Nudge-$AUTOMATED_NUDGE_BUILD.pkg"
# Move the Nudge signed/notarized pkg
/bin/mv "$NUDGE_PKG_PATH/build/Nudge-$AUTOMATED_NUDGE_BUILD.pkg" "$OUTPUTSDIR"

# Notarize Nudge LaunchAgent package
$XCODE_NOTARY_PATH submit "$NUDGE_LA_PKG_PATH/build/Nudge_LaunchAgent-1.0.1.pkg" --keychain-profile "nudge" --wait
check_exit_code "$?" "Could not notarize package: Nudge_LaunchAgent-1.0.1.pkg"
$XCODE_STAPLER_PATH staple "$NUDGE_LA_PKG_PATH/build/Nudge_LaunchAgent-1.0.1.pkg"
check_exit_code "$?" "Could not staple package: Nudge_LaunchAgent-1.0.1.pkg"
# Move the Nudge LaunchAgent signed/notarized pkg
/bin/mv "$NUDGE_LA_PKG_PATH/build/Nudge_LaunchAgent-1.0.1.pkg" "$OUTPUTSDIR"

# Notarize Nudge Logger package
$XCODE_NOTARY_PATH submit "$NUDGE_LD_PKG_PATH/build/Nudge_Logger-1.0.1.pkg" --keychain-profile "nudge" --wait
check_exit_code "$?" "Could not notarize package: Nudge_Logger-1.0.1.pkg"
$XCODE_STAPLER_PATH staple "$NUDGE_LD_PKG_PATH/build/Nudge_Logger-1.0.1.pkg"
check_exit_code "$?" "Could not staple package: Nudge_Logger-1.0.1.pkg"
# Move the Nudge Logger signed/notarized pkg
/bin/mv "$NUDGE_LD_PKG_PATH/build/Nudge_Logger-1.0.1.pkg" "$OUTPUTSDIR"

# Notarize Nudge Essentials package
$XCODE_NOTARY_PATH submit "$ESSENTIALS_PKG_PATH/build/Nudge_Essentials-$AUTOMATED_NUDGE_BUILD.pkg" --keychain-profile "nudge" --wait
check_exit_code "$?" "Could not notarize package: Nudge_Essentials-$AUTOMATED_NUDGE_BUILD.pkg"
$XCODE_STAPLER_PATH staple "$ESSENTIALS_PKG_PATH/build/Nudge_Essentials-$AUTOMATED_NUDGE_BUILD.pkg"
check_exit_code "$?" "Could not staple package: Nudge_Essentials-$AUTOMATED_NUDGE_BUILD.pkg"
# Move the Nudge Essentials signed/notarized pkg
/bin/mv "$ESSENTIALS_PKG_PATH/build/Nudge_Essentials-$AUTOMATED_NUDGE_BUILD.pkg" "$OUTPUTSDIR"

# Notarize Nudge Suite package
$XCODE_NOTARY_PATH submit "$SUITE_PKG_PATH/build/Nudge_Suite-$AUTOMATED_NUDGE_BUILD.pkg" --keychain-profile "nudge" --wait
check_exit_code "$?" "Could not notarize package: Nudge_Suite-$AUTOMATED_NUDGE_BUILD.pkg"
Expand Down

0 comments on commit 32fa490

Please sign in to comment.