Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Codesign on macOS #727

Merged
merged 23 commits into from
Aug 29, 2024
Merged

Codesign on macOS #727

Show file tree
Hide file tree
Changes from 19 commits
Commits
Show all changes
23 commits
Select commit Hold shift + click to select a range
76ffef6
Disable all workflows, but the app build for mac, and make it upload …
jmarrec Aug 23, 2024
f8b8b0b
Setup codesigning & notarization of the DMG installer itself
jmarrec Aug 23, 2024
6ef322f
Codesign OpenStudioApp.app only (not the OpenStudio / EnergyPlus stuf…
jmarrec Aug 23, 2024
6353789
Setup GHA codesigning
jmarrec Aug 23, 2024
366c5bc
Need the arch variable to get qtifw + self hosted mac does not have a…
jmarrec Aug 23, 2024
088e796
Start codesigning inner libraries and exes
jmarrec Aug 23, 2024
97e71e2
Cannot sign RubyAPI files from top level CMakeLists
jmarrec Aug 23, 2024
0fc02c8
Verify signature: for the CPACK package + on a clean machine too
jmarrec Aug 23, 2024
c16559a
Add Path.is_relative_to for python 3.8...
jmarrec Aug 23, 2024
cd0af8a
Try to get correct artifact for testing
jmarrec Aug 24, 2024
03d5594
Forgot a step id... see you in 45min
jmarrec Aug 24, 2024
5434291
typo in path in test step
jmarrec Aug 24, 2024
5476037
Another typo
jmarrec Aug 26, 2024
4dd03b7
Can't use sudo on the self hosted runner
jmarrec Aug 26, 2024
dcd2323
K, put back the sudo
jmarrec Aug 26, 2024
45674eb
sudoers didn't appear to work...
jmarrec Aug 26, 2024
6558fc1
GRRRRRRRR
jmarrec Aug 26, 2024
e23b6c0
Disable test step on self hosted, can't figure out how to use sudo
jmarrec Aug 26, 2024
6b28918
geeez
jmarrec Aug 26, 2024
a32d25c
For the test step, use the GHA macos-14 (arm64)
jmarrec Aug 27, 2024
4ed3f1f
For the TGZ package, I was signing and resigning over and over again.…
jmarrec Aug 27, 2024
7510b06
Revert "Disable all workflows, but the app build for mac, and make it…
jmarrec Aug 27, 2024
5cfb71b
Don't try to upload otool info on non mac
jmarrec Aug 27, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
0 .github/workflows/check_osm_versions.yml → ...disabled_workflows/check_osm_versions.yml
View file
Open in desktop
File renamed without changes.
0 .github/workflows/cla.yml → .github/disabled_workflows/cla.yml
View file
Open in desktop
File renamed without changes.
0 .github/workflows/clangformat.yml → .github/disabled_workflows/clangformat.yml
View file
Open in desktop
File renamed without changes.
0 .github/workflows/cppcheck.yml → .github/disabled_workflows/cppcheck.yml
View file
Open in desktop
File renamed without changes.
0 .github/workflows/export_standards_data.yml → ...abled_workflows/export_standards_data.yml
View file
Open in desktop
File renamed without changes.
0 .github/workflows/manual_cli_test.yml → ...ub/disabled_workflows/manual_cli_test.yml
View file
Open in desktop
File renamed without changes.
0 .github/workflows/release_notes.yml → .github/disabled_workflows/release_notes.yml
View file
Open in desktop
File renamed without changes.
275 changes: 222 additions & 53 deletions .github/workflows/app_build.yml
View file
Open in desktop

Large diffs are not rendered by default.

53 changes: 53 additions & 0 deletions CMake/CPackSignAndNotarizeDmg.cmake
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,53 @@
#[=======================================================================[.rst:
CPackSignAndNotarizeDmg
-----------------------

This file is meant to be used up as a ``CPACK_POST_BUILD_SCRIPTS``

It will run only on ``APPLE`` when the generator is ``IFW`` to codesign the resulting .dmg and notarize it.

To do so, it uses the `CodeSigning`_ functions :cmake:command:`codesign_files_macos`

It requires that this be set: :cmake:variable:`CPACK_CODESIGNING_DEVELOPPER_ID_APPLICATION`

And it will only notarize if this is set: :cmake:variable:`CPACK_CODESIGNING_NOTARY_PROFILE_NAME`

#]=======================================================================]
message(STATUS "The message from ${CMAKE_CURRENT_LIST_FILE} and generator ${CPACK_GENERATOR}")
message(STATUS "Built packages: ${CPACK_PACKAGE_FILES}")

if(APPLE AND CPACK_GENERATOR STREQUAL "IFW")

message(DEBUG "CPACK_CODESIGNING_DEVELOPPER_ID_APPLICATION=${CPACK_CODESIGNING_DEVELOPPER_ID_APPLICATION}")
message(DEBUG "CPACK_CODESIGNING_NOTARY_PROFILE_NAME=${CPACK_CODESIGNING_NOTARY_PROFILE_NAME}")
message(DEBUG "CPACK_IFW_PACKAGE_SIGNING_IDENTITY=${CPACK_IFW_PACKAGE_SIGNING_IDENTITY}")
message(DEBUG "CPACK_CODESIGNING_MACOS_IDENTIFIER=${CPACK_CODESIGNING_MACOS_IDENTIFIER}")

include(${CMAKE_CURRENT_LIST_DIR}/CodeSigning.cmake)

if(NOT CPACK_CODESIGNING_DEVELOPPER_ID_APPLICATION)
message(FATAL_ERROR "CPACK_CODESIGNING_DEVELOPPER_ID_APPLICATION is required, this should not have happened")
endif()
if(NOT CPACK_CODESIGNING_MACOS_IDENTIFIER)
message(FATAL_ERROR "CPACK_CODESIGNING_MACOS_IDENTIFIER is required, this should not have happened")
endif()

codesign_files_macos(
FILES ${CPACK_PACKAGE_FILES}
SIGNING_IDENTITY ${CPACK_CODESIGNING_DEVELOPPER_ID_APPLICATION}
IDENTIFIER "${CPACK_CODESIGNING_MACOS_IDENTIFIER}.DmgInstaller"
FORCE
VERBOSE
)

if(CPACK_CODESIGNING_NOTARY_PROFILE_NAME)
notarize_files_macos(
FILES ${CPACK_PACKAGE_FILES}
NOTARY_PROFILE_NAME ${CPACK_CODESIGNING_NOTARY_PROFILE_NAME}
STAPLE
VERIFY
VERBOSE
)
endif()

endif()
Loading
Loading