chore: fail build if apple notarytool failed
This commit is contained in:
parent
afbb4580ae
commit
30b1c5f26d
|
@ -124,7 +124,7 @@ jobs:
|
||||||
runs-on: ${{ matrix.os }}
|
runs-on: ${{ matrix.os }}
|
||||||
steps:
|
steps:
|
||||||
- uses: emqx/self-hosted-cleanup-action@v1.0.3
|
- uses: emqx/self-hosted-cleanup-action@v1.0.3
|
||||||
if: matrix.os == macos-12-arm64
|
if: ${{ matrix.os == 'macos-12-arm64' }}
|
||||||
- uses: actions/checkout@v3
|
- uses: actions/checkout@v3
|
||||||
with:
|
with:
|
||||||
fetch-depth: 0 # clone full git history
|
fetch-depth: 0 # clone full git history
|
||||||
|
|
16
build
16
build
|
@ -236,10 +236,18 @@ make_zip() {
|
||||||
# --apple-id <apple id> \
|
# --apple-id <apple id> \
|
||||||
# --password <apple id password>
|
# --password <apple id password>
|
||||||
# --team-id <apple team id> <submission-id>
|
# --team-id <apple team id> <submission-id>
|
||||||
xcrun notarytool submit \
|
echo 'Submitting the package for notarization to Apple (normally takes about a minute)'
|
||||||
--apple-id "${APPLE_ID}" \
|
notarytool_output="$(xcrun notarytool submit \
|
||||||
--password "${APPLE_ID_PASSWORD}" \
|
--apple-id "${APPLE_ID}" \
|
||||||
--team-id "${APPLE_TEAM_ID}" "${target_zip}" --wait
|
--password "${APPLE_ID_PASSWORD}" \
|
||||||
|
--team-id "${APPLE_TEAM_ID}" "${target_zip}" \
|
||||||
|
--no-progress \
|
||||||
|
--wait)"
|
||||||
|
echo "$notarytool_output"
|
||||||
|
echo "$notarytool_output" | grep -q 'status: Accepted' || {
|
||||||
|
echo 'Notarization failed';
|
||||||
|
exit 1;
|
||||||
|
}
|
||||||
fi
|
fi
|
||||||
# sha256sum may not be available on macos
|
# sha256sum may not be available on macos
|
||||||
openssl dgst -sha256 "${target_zip}" | cut -d ' ' -f 2 > "${target_zip}.sha256"
|
openssl dgst -sha256 "${target_zip}" | cut -d ' ' -f 2 > "${target_zip}.sha256"
|
||||||
|
|
|
@ -43,10 +43,24 @@ done
|
||||||
security -v list-keychains -s "${keychain_names[@]}" "${KEYCHAIN}"
|
security -v list-keychains -s "${keychain_names[@]}" "${KEYCHAIN}"
|
||||||
|
|
||||||
# known runtime executables and binaries
|
# known runtime executables and binaries
|
||||||
codesign -s "${APPLE_DEVELOPER_IDENTITY}" -f --verbose=4 --timestamp --options=runtime "${REL_DIR}"/erts-*/bin/{beam.smp,dyn_erl,epmd,erl,erl_call,erl_child_setup,erlexec,escript,heart,inet_gethost,run_erl,to_erl}
|
codesign -s "${APPLE_DEVELOPER_IDENTITY}" -f --verbose=4 --timestamp --options=runtime \
|
||||||
codesign -s "${APPLE_DEVELOPER_IDENTITY}" -f --verbose=4 --timestamp --options=runtime "${REL_DIR}"/lib/runtime_tools-*/priv/lib/{dyntrace.so,trace_ip_drv.so,trace_file_drv.so}
|
"${REL_DIR}"/erts-*/bin/{beam.smp,dyn_erl,epmd,erl,erl_call,erl_child_setup,erlexec,escript,heart,inet_gethost,run_erl,to_erl}
|
||||||
codesign -s "${APPLE_DEVELOPER_IDENTITY}" -f --verbose=4 --timestamp --options=runtime "${REL_DIR}"/lib/os_mon-*/priv/bin/{cpu_sup,memsup}
|
codesign -s "${APPLE_DEVELOPER_IDENTITY}" -f --verbose=4 --timestamp --options=runtime \
|
||||||
|
"${REL_DIR}"/lib/runtime_tools-*/priv/lib/{dyntrace.so,trace_ip_drv.so,trace_file_drv.so}
|
||||||
|
codesign -s "${APPLE_DEVELOPER_IDENTITY}" -f --verbose=4 --timestamp --options=runtime \
|
||||||
|
"${REL_DIR}"/lib/os_mon-*/priv/bin/{cpu_sup,memsup}
|
||||||
# other files from runtime and dependencies
|
# other files from runtime and dependencies
|
||||||
for f in asn1rt_nif.so bcrypt_nif.so crypto.so otp_test_engine.so crypto_callback.so jiffy.so crc32cer_nif.so sasl_auth.so snappyer.so odbcserver; do
|
for f in \
|
||||||
|
asn1rt_nif.so \
|
||||||
|
bcrypt_nif.so \
|
||||||
|
crypto.so \
|
||||||
|
otp_test_engine.so \
|
||||||
|
crypto_callback.so \
|
||||||
|
jiffy.so \
|
||||||
|
crc32cer_nif.so \
|
||||||
|
sasl_auth.so \
|
||||||
|
snappyer.so \
|
||||||
|
odbcserver \
|
||||||
|
; do
|
||||||
find "${REL_DIR}"/lib/ -name "$f" -exec codesign -s "${APPLE_DEVELOPER_IDENTITY}" -f --verbose=4 --timestamp --options=runtime {} \;
|
find "${REL_DIR}"/lib/ -name "$f" -exec codesign -s "${APPLE_DEVELOPER_IDENTITY}" -f --verbose=4 --timestamp --options=runtime {} \;
|
||||||
done
|
done
|
||||||
|
|
Loading…
Reference in New Issue